Project

General

Profile

Student Lab Setup

User documentation
09/13/2017

  • Last Updated: 06/26/2019

Cisco Switch Configuration:

The goal of this exercise is to set up the kvm servers for usage in the following semester and labs so that they can talk to each other. In order to do that we need to connect the servers to an ethernet switch. In this lab we will use the Cisco switch to create some virtual lans that will carry the traffic between the servers on isolated, segmented VLANs. You should review VLAN basics before continuing if you are not sure what a VLAN is.

The documentation found below will also serve as a tutorial for a user at the base level and requires no prior experience or knowledge. Links may be provided to learn required skills for this lab. The direct follow-up to this setup is the Cisco lab which will make use of the configuration done here.

By the end of this lab setup, the user will be able to:
  • Set up basic configuration for a switch (hostname, domain name)
  • Configure switch interfaces (Portfast, trunking vs. access, ) *

First the user will configure their Cisco switch.

Basic switch configuration

Step 1.1: Connecting to the switch

If the user's server is running linux, follow this Minicom guide to learn how to enter the switch's command line:
https://neatrack.globalweb.net/documents/24

otherwise, if the user's server is running on Windows, reference the puTTY guide found here:
https://neatrack.globalweb.net/documents/30

Enter the switch's command line now. The following should appear:

Switch>

This is the terminal for the Cisco Switch.

Type "enable" into the prompt. You should now see a "#" next to the name instead of ">". This allows you to access and change switch settings. You cannot configure the switch in this mode. However, you can utilize certain "show" commands to see details about the switch. For example, typing "show run" will show you the current configuration that is set up on the switch.

Type "configure terminal" into the Cisco switch. This allows you to type console commands directly into the switch and configure what you want.

(Side note: Know that you do not need to type in an entire command for it to register. "conf t" is the same as the command above. You can press "?" while typing to see all available commands, and <tab> to autocomplete a word you are currently typing)

Now that you are in configuration mode, the terminal should look like this:

switch(config)#

In conf mode, you can still use the "show" commands from before, however you will need to include the word "do" before the command. For example, before you might have typed "show run", and now you will need to type "do show run"

Step 1.2: Configure the global switch options

Before configuring the ports on the switch, there are a few commands to enter to configure the global options on the switch. Enter these:

switch(config)# hostname trainswitch                
trainswitch(config)# ip domain name train.local
trainswitch(config)# clock timezone est -5 0
trainswitch(config)# clock summer-time est recurring
trainswitch(config)# no ip http server      
trainswitch(config)# no ip http secure-server
trainswitch(config)# no ip domain-lookup

(Side note: Cisco equipment comes in many shapes and sizes. For instance, "domain name" shown above sometimes is "domain-name" and varies from machine to machine. If you get stuck, make ample use of "?" to problem solve)

Stating "no" before a command shuts it off. In this instance, "ip http server" allows remote access of our switch from the internet, (which we don't want) and so we are shutting it off. Similarly- the "no ip domain-lookup" command prevents our switch from attempting to find a domain when we enter a typo, saving us a few seconds in the future.

You may wish to disable messages being logged to console as they can be annoying while typing commands. To do this, you utilize the 'no' keyword you just learned to disable logging to console:

trainswitch(config)# no logging console

You can follow these same steps when configuring the router. Just make sure to change the hostname from "trainswitch" to "trainrtr".

Step 1.3: Configuring switch ports

Now that we are in the switch, we want to configure each port to a vlan. We'll use vlan60 from here on. This will isolate all lab traffic on the switch that it cant impact vlans on the switch This will hold all the traffic for everyone in the server (for now at least). Type "_interface FastEthernet 0/1 - *?*_" where ? is the last port on your switch.

For example, if your switch's last port was 24 (as in there are 24 ports on the switch), you would do the following:

Switch(config)#interface range FastEthernet 0/1 - 24                       
Switch(config-if-range)#

(Side note: the ports may be numbered 1/0/x instead of 0/x. Use "*show ip interface brief*" to check the names and status of every port on the switch. If they are named as 1/0/x, simply change the command above to "interface range FastEthernet 1/0/1 - 24")

Yours may not look identical. As long as you see the "_(config-if-range)_", you are in good shape. This command has selected all the ports on the switch (ports 1-24) and entered configuration mode for them. Any commands you enter from here on will apply to each port within your specified range.

Enter the following two commands. They will change the port to vlan60 and increase the connection speed of the port.

Switch(config-if-range)#switchport access vlan 60
Switch(config-if-range)#spanning-tree portfast

The second command is nonessential and only makes connecting to the ports faster. It is often turned off for debugging purposes.

All ports are now configured to access vlan 60. Type "exit" to deselect all the ports.

Now, throughout the lab you will probably find it useful to connect to the actual internet from your server. The easiest way to do this is to set one vlan to be your "Internet Vlan". For now, we will just use vlan 10 for this.
Figure out whatever port on the switch is plugged directly into the internet. This is most likely a ethernet port that connects to the building's network, like a wall port. Once you know what number port that is, run these commands to change its vlan to 10, replacing X with the port number:

Switch(config)# interface FastEthernet 0/X
Switch(config-if)# switchport access vlan 10

This creates a new vlan that won't interfere with the lab network we are creating on vlan 60, which we can access through the server after we configure it.

Step 1.4: Configuring switch ports connected to the servers

Your servers are each attached to the switch via an ethernet port. We need to trunk these ports. Trunking is the alternative to access, and is used to send multiple vlans through a single port as opposed to a single vlan. Trunking will be used so that our servers can access different vlans through one wired connection (instead of having individual connections for each vlan). This isn't needed right now since we're only working with one vlan, but we will need it in the future.

Again, to find the status of our interfaces we can use the "show ip interface brief" (don't forget the "do" if you're in configuration mode). The protocol column will show whether or not an interface is plugged in. Alternatively, follow the ethernet connections physically and check their labeled ports to find which interfaces you want to configure.

(Side note: If the status of an interface/port is set to "_administratively down_", type "no shutdown" when configuring them, which will resume their operation.)

ONLY FOR THE PORTS CONNECTED FROM THE SWITCH TO THE SERVERS:
Select the port via a variation of the earlier command: "interface FastEthernet 0/*?*" where ? is the ethernet port number of your server. This allows us to configure one port as opposed to a range of interfaces.
Enter each of the following commands:

switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
load-interval 30
spanning-tree portfast trunk

The "_nonegotiate_" command prevents a connection if either side of an ethernet cable is set to a different mode (trunk and access being the two modes).

That specific port indicated by the "?" is now set up for trunking. Make sure to do that for both server ports and ONLY the server ports.

Make sure each server is connected via ethernet to the correct ports before continuing.

Once you have finished the configuration, enter "Ctrl+c" to go to the base configuration mode, and then enter this command to save your changes:

trainswitch# write mem

Step 2: Configuring the server

Now, enter the "Ctrl+a x" to exit minicom. You can find more information on this command and others like it in the minicom guide.

Step 2.1: Configuring vlans on the servers

Perform the following for each server. Make sure to give each a different IP address.
You can find more information on IP addresses here: https://neatrack.globalweb.net/documents/5

Enter the server using the monitor and keyboard in the rack. Use nano to edit the interfaces file. Enter:

root@labsrv1 16:20:46 
 > ~ # nano /etc/network/interfaces

Remove everything below the loopback line and replace it with this:

Note: depending on the hardware your server is using, the primary physical interface might be called something different from eth0. Use the command "ip a" to list your interfaces. It probably looks like "enp2s0", "eno1" or "ens2". If that is the case, everywhere that "eth0" is used in the configuration below, replace it with whatever your interface is

auto eth0
iface eth0 inet manual
    up /sbin/ifconfig $IFACE up

## srv lan
auto vlan60
iface vlan60 inet manual
    vlan-raw-device eth0

auto vmbr60
iface vmbr60 inet static
    address 172.30.60.5
    netmask 255.255.255.0
    bridge_ports vlan60
    bridge_hello 2
    bridge_maxage 12
    bridge_stp off
    bridge_fd 9
    up /sbin/ifconfig $IFACE up || /bin/true

#Internet Connection
auto vlan10
iface vlan10 inet manual
    vlan-raw-device eth0

auto vmbr10
iface vmbr10 inet dhcp
    bridge_ports vlan10
    bridge_hello 2
    bridge_maxage 12
    bridge_stp off
    bridge_fd 9
    up /sbin/ifconfig $IFACE up || /bin/true

Now, type this to restart networking so that vmbr60 and vmbr10 can be used:

root@labsrv1 16:20:46 
 > ~ # service networking restart

If you have your switch connected to an ethernet port that has access to the internet and you followed the above steps, you should now have internet access. You can test this by checking that you have an IP address on vmbr10 with the "ship" command, then running "ping 1.1.1.1". If you see responses coming in, then it is working. In the event that this doesn't work, Internet access is nonessential, so see if you can figure out how to fix it, but don't worry if you can't. Hopefully, as we progress through the labs you'll get a better understanding of what these steps do so you can troubleshoot.

***NOTE:

Make sure if do this to both servers, you change the IP addresses. Don't leave them the same IP. These will be the IPs you can use to ssh into the server. Read about that in Intro to Linux found here:
https://neatrack.globalweb.net/documents/4

Backing up the configuration

Backing up the configurations is a tool that allows multiple students/groups to independently work on a single rack. If you only plan to have on group running their labs at a time, there is no need to back anything up the way described, but if you want groups to take turns on a rack without interfering with each other, these tools allow that.

View the Backing Up document on how to backup everything.
https://neatrack.globalweb.net/documents/25

Files