In networking, switches play a critical role in connecting devices and managing network traffic within a local area network (LAN). When you deploy a new switch, it's important to configure it properly to ensure optimal performance, security, and functionality. This guide will walk you through the essential steps for setting up a base configuration for a network switch.
Why Configure a Switch?
Switches come with factory settings that allow for basic functionality, but to leverage their full potential, you need to apply custom configurations. Proper configuration ensures:
Step 1: Access the Switch
Before diving into the configuration, you need to connect to the switch. The most common methods of accessing the switch are:
Step 2: Basic Switch Configuration
Now that you have access to the switch, let's start with some basic configuration steps.
2.1. Set the Hostname
The hostname is used to identify the switch in the network. To set the hostname:
Switch> enable
Switch# configure terminal
Switch(config)# hostname Core-Switch
Core-Switch(config)#
This sets the switch's name to "Core-Switch," making it easier to identify in your network. Pick something that makes sense for you or create a naming convention if you have multiple switches and multiple sites. Example SFO-SW-01 or NYC-SW-01.
2.2. Set the Enable Password
The enable password is used to access privileged commands. Required for SSH. Set a strong password to secure the device.
Core-Switch(config)# enable secret your_password_here
2.3. Set Console Password
To prevent unauthorized access via the console port, set a password for console access:
Core-Switch(config)# line con 0
Core-Switch(config-line)# password console_password_here
Core-Switch(config-line)# login
Core-Switch(config-line)# exit
Note: No user has been assigned.
2.4. Set Virtual Terminal (VTY) Password
If you're accessing the switch remotely via Telnet or SSH, set a password for the virtual terminal lines:
Core-Switch(config)# line vty 0 4
Core-Switch(config-line)# password vty_password_here
Core-Switch(config-line)# login
Core-Switch(config-line)# exit
Note: No user has been assigned.
2.5. Set an IP Address on a VLAN Interface
To enable remote management of the switch, assign an IP address to the VLAN interface (usually VLAN 1 by default). VLAN 1 is not recommended, but is used in this scenario. You also need to configure a subnet mask and default gateway.
Core-Switch(config)# interface vlan 1
Core-Switch(config-if)# ip address 192.168.1.10 255.255.255.0
Core-Switch(config-if)# no shutdown
Core-Switch(config-if)# exit
Next, set the default gateway:
Core-Switch(config)# ip default-gateway 192.168.1.1
This ensures the switch can communicate with devices outside of its subnet.
Step 3: Secure Remote Access (SSH)
For secure remote management, it's recommended to configure SSH instead of Telnet. To enable SSH:
3.1. Generate RSA Key Pair
Core-Switch(config)# crypto key generate rsa
When prompted, choose a modulus size (e.g., 1024 bits). This will generate the RSA keys for SSH encryption.
3.2. Enable SSH on the VTY Lines
Core-Switch(config)# line vty 0 15
Core-Switch(config-line)# transport input ssh
Core-Switch(config-line)# login local
Core-Switch(config-line)# exit
Note: Local User account is required.
3.3. Create a Local User for SSH Access
Create a local username and password for SSH login:
Core-Switch(config)# username admin privilege 15 secret admin_password_here
This creates a user named "admin" with full administrative privileges.
Step 4: Configure VLANs
Virtual Local Area Networks (VLANs) are essential for segmenting your network. By default, all ports on a switch belong to VLAN 1. You can create additional VLANs as needed.
4.1. Create a New VLAN
Core-Switch(config)# vlan 10
Core-Switch(config-vlan)# name Guest
Core-Switch(config-vlan)# exit
This creates VLAN 10 and names it "Guest." You can create more VLANs as required.
4.2. Assign Ports to VLANs
Assign switch ports to specific VLANs:
Core-Switch(config)# interface range Gi1/0/1 - 24
Core-Switch(config-if-range)# switchport mode access
Core-Switch(config-if-range)# switchport access vlan 10
Core-Switch(config-if-range)# exit
This configuration assigns ports 1 to 24 to VLAN 10 (Guest).
Step 5: Save the Configuration
After making the necessary changes, save the configuration to avoid losing them after a reboot:
Core-Switch# write memory
Alternatively, you can use:
Core-Switch# copy running-config startup-config
This command ensures that the current configuration is saved to the startup configuration file.
Step 6: Verify Your Configuration
Once your configuration is complete, verify that the changes are applied successfully.
6.1. Verify the Hostname
Core-Switch# show running-config | include hostname
6.2. Verify VLAN Configuration
Core-Switch# show vlan brief
6.3. Verify Interface Status
Core-Switch# show ip interface brief
6.4. Verify SSH Configuration
Core-Switch# show ip ssh
These commands will help you check the status of your configuration and troubleshoot if necessary.
Conclusion
Setting up a base configuration for a network switch is a fundamental skill for network administrators. By following these steps, you can ensure that your switch is properly configured with a hostname, passwords for security, IP addressing, remote access, and VLANs. This basic setup can serve as a foundation for more advanced configurations such as IP routing, access-list, port security, QoS, or network monitoring.
Always remember to back up your configuration and periodically review it to ensure the switch is operating securely and efficiently. Note: Remember your passwords.
As always if you have any questions on your network security and would like to schedule a free consultation with us, please reach out to us at sales@lookingpoint.com and we’ll be happy to help!