•Instructor Materials Chapter 5: Switch Configuration CCNA Routing and Switching Routing and Switching Essentials v6.0 Cisco Networking Academy Program Routing and Switching Essentials v6.0 Chapter 5: Switch Configuration ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential §This PowerPoint deck is divided in two parts: §Instructor Planning Guide •Information to help you become familiar with the chapter •Teaching aids §Instructor Class Presentation •Optional slides that you can use in the classroom •Begins on slide # 16 § §Note: Remove the Planning Guide from this presentation before sharing with anyone. Instructor Materials – Chapter 5 Planning Guide ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Chapter 5: Switch Configuration Routing and Switching Essentials 6.0 Planning Guide Cisco Networking Academy Program Routing and Switching Essentials v6.0 Chapter 5: Switch Configuration ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential •What activities are associated with this chapter? • • • Chapter 5: Activities Page # Activity Type Activity Name Optional? 5.0.1.2 Class Activity Stand By Me Optional 5.1.1.6 Lab Basic Switch Configuration Recommended 5.1.2.2 Syntax Checker Configure Switch Port Duplex and Speed Settings Recommended 5.1.2.3 Syntax Checker Configure the MDIX Auto Feature Recommended 5.2.1.2 Syntax Checker Configure SSH on VTY Lines Recommended 5.2.1.4 Packet Tracer Configuring SSH Recommended 5.2.2.7 Packet Tracer Configuring Switch Port Security Recommended 5.2.2.8 Packet Tracer Troubleshooting Switch Port Security Recommended 5.2.2.9 Lab Configuring Switch Security Features Optional 5.3.1.1 Class Activity Switch Trio Optional 5.3.1.2 Packet Tracer Skills Integration Challenge Recommended The password used in the Packet Tracer activities in this chapter is: PT_ccna5 ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential §Students should complete Chapter 5, “Assessment” after completing Chapter 5. §Quizzes, labs, Packet Tracers and other activities can be used to informally assess student progress. Chapter 5: Assessment ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential •Prior to teaching Chapter 5, the instructor should: §Complete Chapter 5, “Assessment.” §The objectives of this chapter are: •Configure initial settings on a Cisco switch. •Configure switch ports to meet network requirements. •Configure the management virtual interface on a switch. •Configure the port security feature to restrict network access. § Chapter 5: Best Practices ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential §Have a Packet Tracer topology with a switch with two or three PCs connected so the demonstration can be used throughout the chapter. §? is a KEY to IOS survival. Remind students that ? is their friend in any Cisco device and they should constantly practice it when doing the activities and labs in class and at home. §Remind students how important switches are to any company. Even if they are an entry level technician, there is a good chance they may be required to cable and configure a switch. §Write the following terms on the board and remind students where different information is kept: •ROM – contains POST and the boot loader software that contains code that tests the hardware and locates an operating system that is allowed to load. •Flash – holds the operating system •RAM – contains the running configuration (commands that you type and enter into the switch) •NVRAM – holds the saved configuration when you type copy running-config startup-config from a Cisco router or switch command prompt. Chapter 5: Best Practices (Cont.) ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential §Have a switch at the front of the room where you can remind students that the console connection goes to the back of a switch into a port labeled Console and that an Ethernet connection goes from the PC or IP Phone Ethernet port to the front of the switch. §Use the show boot command on the Packet Tracer switch to show the students what IOS is loaded. §Write the three switch prompts on the board and ask the students the difference between them: •Switch> (User EXEC mode that is shown when a switch first boots) •Switch# (Privileged EXEC mode that is shown after someone types enable) •switch: (Boot loader mode shown when a switch does not have, or cannot find, an operating system) §Explain how a switch needs an IP address to participate on the network just like any TCP/IP-based device (e.g., a PC) § Chapter 5: Best Practices (Cont.) ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential §Draw three Ethernet networks on the board that are not connected (switch with a couple of PCs attached). Under each network, write Network 1, Network 2, and Network 3. Explain that when dealing with switches, a new term is introduced—VLAN or virtual local area network. A VLAN is just another name for a network except it is given a number. Under each network, write the words VLAN 1 under the words Network 1, VLAN 2 under the words Network 2, and VLAN 3 under the words Network 3. Then state that each VLAN or network has a different number. §Explain that a special VLAN is used just for network devices and no users are normally wired into this network even though in some labs they do just to show the students other concepts. This VLAN is called a management VLAN or management network. §Describe how a switch has the IP address assigned to a virtual interface instead of a physical Ethernet port like a PC. § Chapter 5: Best Practices (Cont.) ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential §Write the following commands on the board or input into the switch within Packet Tracer. Explain that it is best practice to assign an IP address, default gateway, and to name the VLAN. When a switch is reachable on the network, then it can be configured from a remote device. Note that the vlan 99 and name Management commands are covered in the next chapter, but are commonly input when configuring the switch IP address. •config t interface vlan 99 ip address 172.17.99.11 255.255.255.0 no shutdown ip default-gateway 172.16.99.1 (address on the router that is on the same 172.17.99.0 network) vlan 99 name Management exit §Describe how a very important connection such as from a switch to a network printer might auto negotiate to half duplex or a lower speed. Describe how a manually configured duplex and speed on a device might be beneficial and avoid connectivity issues as well. § Chapter 5: Best Practices (Cont.) ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential §Bring up 5.1.2.5 in the curriculum and explain the following conditions: •Interface Status Up – Line Protocol Status Up (Up and Up on the show interfaces or show ip interface brief command) – good to go •Interface Status Up – Line Protocol Status Down (Up and Down) – There is an issue, normally at Layer 2 with the encapsulation, on the other side of the link, or possibly, although less likely, there is a hardware problem. •Interface status Down – Line Protocol Status Down (Down and Down) – There is an issue normally at Layer 1 – check the cable or port. •Interface Status administratively down – Use the no shutdown command to bring the interface up. §Describe why SSH is important to use instead of Telnet, but the IOS version must support it. §Show 5.2.1.2 Figure 1 in the curriculum and review the steps to configure SSH. •Be sure to explain that the reason the ip domain-name command is used in order to create the RSA keys for SSH. If the domain name is not configured, an error will appear when you use the crypto key generate command telling you that you have to define a domain name first. § § Chapter 5: Best Practices (Cont.) ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential §Security best practices: •Disable ports that do not have a device connected to them using the shutdown command. •Avoid using VLAN 1 because it is commonly attacked. •Use port security to keep private devices from being attached to a network in place of a corporate wired device. • Chapter 5: Best Practices (Cont.) ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential §Helpful commands to use on a switch: •show interfaces interface_id or show ip interface brief •show ip interface interface_id •show running-config •show flash •show version •show mac-address-table § § Chapter 5: Best Practices (Cont.) ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential §For additional help with teaching strategies, including lesson plans, analogies for difficult concepts, and discussion topics, visit the CCNA Community at: https://www.netacad.com/group/communities/community-home §Best practices from around the world for teaching CCNA Routing and Switching. https://www.netacad.com/group/communities/ccna §If you have lesson plans or resources that you would like to share, upload them to the CCNA Community in order to help other instructors. §Students can enroll in Introduction to Packet Tracer (self-paced). §Students preparing for chapter exams, the RSE final, or the CCENT certification, could view the 15 lessons and videos contained at the Cisco Networking/CCENT Wikiversity site: https://en.wikiversity.org/wiki/Cisco_Networking/CCENT Chapter 5: Additional Help Chapter 5: Switch Configuration CCNA Routing and Switching Routing and Switching Essentials v6.0 Cisco Networking Academy Program Routing and Switching Essentials v6.0 Chapter 5: Switch Configuration ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential §5.1 Basic Switch Configuration •Configure basic switch settings to meet network requirements. •Configure initial settings on a Cisco switch. •Configure switch ports to meet network requirements. §5.2 Basic Device Configuration •Configure a switch using security best practices in a small to medium-sized business network. •Configure the management virtual interface on a switch. •Configure the port security feature to restrict network access. • Chapter 5 - Sections & Objectives Cisco Networking Academy Program Routing and Switching Essentials v6.0 Chapter 5: Switch Configuration ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5.1 Configure a Switch with Initial Settings 5 – Switch Configuration 5.1 – Configure a Switch with Initial Settings ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential §When a switch is powered on, the boot sequence occurs. •Power-on self-test (POST), a program stored in ROM, executes and checks hardware like CPU and RAM. •The boot loader, also stored in ROM, runs and initializes parts within the CPU, initializes the flash file system, and then locates and loads an IOS image. •The IOS image can be defined within the BOOT environment variable. •If the variable is not set, the switch scours through the flash file system searching for an executable image file, loading it into RAM, and launching it if found. •If an executable image file is not found, the switch shows the prompt switch: where a few commands are allowed in order to provide access to operating system files found in flash memory and files used to load or reload an operating system. •If an IOS operating system loads, the switch interfaces are initialized and any commands stored in the startup-config file load. • Configure a Switch with Initial Settings Switch Boot Sequence The startup-config file is stored in NVRAM. 5.1 – Basic Switch Configuration 5.1.1 – Configure a Switch with Initial Settings 5.1.1.1 – Switch Boot Sequence ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential §The boot system command is use to set the BOOT environment variable. • Configure a Switch with Initial Settings Switch Boot Sequence (Cont.) 5.1 – Basic Switch Configuration 5.1.1 – Configure a Switch with Initial Settings 5.1.1.1 – Switch Boot Sequence ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential §The boot loader prompt can be accessed through a console connection to the switch: •1. Cable the PC to the switch console port. •2. Configure the terminal emulation software on the PC. •3. Unplug the switch power cord. •4. Reconnect the power cord and at the same time or within 15 seconds, press and hold the Mode button on the front of the switch until the System LED turns an amber color briefly and then turns a solid green. §The boot loader command prompt is switch: (instead of Switch>). •The commands available through the boot loader command prompt are limited. •Use the help command to display the available commands. • Configure a Switch with Initial Settings Recovering From a System Crash 5.1 – Basic Switch Configuration 5.1.1 – Configure a Switch with Initial Settings 5.1.1.2 – Recovering From a System Crash ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Configure a Switch with Initial Settings Switch LED Indicators §System LED shows if the switch has power applied. §Port LED states: •Off – no link or shut down •Green – link is present •Blinking green – data activity •Alternating green and amber – link fault •Amber – port is not sending data; common for first 30 seconds of connectivity or activation •Blinking amber – port is blocking to prevent a switch loop • • • • • • • • • 5.1 – Basic Switch Configuration 5.1.1 – Configure a Switch with Initial Settings 5.1.1.3 – Switch LED Indicators ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Configure a Switch with Initial Settings Preparing for Basic Switch Management §To configure a switch for remote access, the switch must be configured with an IP address, subnet mask, and default gateway. §One particular switch virtual interface (SVI) is used to manage the switch: •A switch IP address is assigned to an SVI. •By default the management SVI is controlled and configured through VLAN 1. •The management SVI is commonly called the management VLAN. §For security reasons, it is best practice to use a VLAN other than VLAN 1 for the management VLAN. • • • • • • • • Remember that the switch console port is on the back of the switch. 5.1 – Basic Switch Configuration 5.1.1 – Configure a Switch with Initial Settings 5.1.1.4 – Preparing for Basic Switch Management ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Configure a Switch with Initial Settings Configuring Basic Switch Management Access with IPv4 exit > Important Concept The default gateway is the router address and is used by the switch to communicate with other networks. 5.1 – Basic Switch Configuration 5.1.1 – Configure a Switch with Initial Settings 5.1.1.5 – Configuring Basic Switch Management Access with IPv4 ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Configure a Switch with Initial Settings Basic Switch Configuration 5.1 – Basic Switch Configuration 5.1.1 – Configure a Switch with Initial Settings 5.1.1.6 – Lab - Basic Switch Configuration ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential §Gigabit Ethernet and 10Gb Ethernet NICs require full-duplex connections to operate. • Configure Switch Ports Duplex Communication Bidirectional communication Unidirectional communication 5.1 – Basic Switch Configuration 5.1.2 – Configure Switch Ports 5.1.2.1 – Duplex Communication ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential §Some switches have the default setting of auto for both duplex and speed. §Mismatched duplex and/or speed settings can cause connectivity issues. §Always check duplex and speed settings using the show interface interface_id command. §All fiber ports operate at one speed and are always full-duplex. • Configure Switch Ports Configure Switch Ports at the Physical Layer 5.1 – Basic Switch Configuration 5.1.2 – Configure Switch Ports 5.1.2.2 – Configure Switch Ports at the Physical Layer ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential §Some switches have the automatic medium-dependent interface crossover (auto-MDIX) feature that allows an interface to detect the required cable connection type (straight-through or crossover) and configure the connection appropriately. Configure Switch Ports Auto-MDIX 5.1 – Basic Switch Configuration 5.1.2 – Configure Switch Ports 5.1.2.3 – Auto-MDIX ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential §Use the show controllers Ethernet-controller command to verify auto-MDIX settings. Configure Switch Ports Auto-MDIX (Cont.) 5.1 – Basic Switch Configuration 5.1.2 – Configure Switch Ports 5.1.2.3 – Auto-MDIX (Cont.) ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Configure Switch Ports Verifying Switch Port Configuration 5.1 – Basic Switch Configuration 5.1.2 – Configure Switch Ports 5.1.2.4– Verifying Switch Port Configuration ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Configure Switch Ports Verifying Switch Port Configuration (Cont.) 5.1 – Basic Switch Configuration 5.1.2 – Configure Switch Ports 5.1.2.4– Verifying Switch Port Configuration (Cont.) ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Configure Switch Ports Verifying Switch Port Configuration (Cont.) Layer 1 OK Layer 2 OK 5.1 – Basic Switch Configuration 5.1.2 – Configure Switch Ports 5.1.2.4– Verifying Switch Port Configuration (Cont.) ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential §Use the show interfaces command to detect common media issues. §The first parameter refers to Layer 1, the physical layer, and indicates if the interface is receiving a carrier detect signal. §The second parameter (protocol status) refers to the data link layer and indicates whether the data link layer protocol has been configured correctly and keepalives are being received. Configure Switch Ports Network Access Layer Issues 5.1 – Basic Switch Configuration 5.1.2 – Configure Switch Ports 5.1.2.5 – Network Access Layer Issues ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Configure Switch Ports Network Access Layer Issues (Cont.) 5.1 – Basic Switch Configuration 5.1.2 – Configure Switch Ports 5.1.2.5 – Network Access Layer Issues (Cont.) ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Configure Switch Ports Troubleshooting Network Access Layer Issues 5.1 – Basic Switch Configuration 5.1.2 – Configure Switch Ports 5.1.2.6– Troubleshooting Network Access Layer Issues ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5.2 Switch Security 5 - Switch Configuration 5.2 – Switch Security ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential §Secure Shell (SSH) •An alternative protocol to Telnet. Telnet uses unsecure plaintext of the username and password as well as the data transmitted. •SSH is more secure because it provides an encrypted management connection. Secure Remote Access SSH Operation Wireshark Capture of Telnet Wireshark Capture of SSH 5.2 – Switch Security 5.2.1 – Secure Remote Access 5.2.1.1 – SSH Operation ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential §A switch must have an IOS version (k9 at the end of the IOS file name) that includes cryptographic capabilities in order to configure and use SSH. •Use the show version command to see the IOS version. Secure Remote Access SSH Operation (Cont.) 5.2 – Switch Security 5.2.1 – Secure Remote Access 5.2.1.1 – SSH Operation (Cont.) ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1.Verify SSH support. 2.Configure the IP domain name. 3.Generate RSA key pairs. 4.Configure user authentication. 5.Configure the vty lines. 6.Enable SSH version 2. Secure Remote Access Configuring SSH > Commonly forgotten command that is used in key generation Default is to accept both Telnet and SSH (transport input all) The login local command forces the use of the local database for username/ password. 5.2 – Switch Security 5.2.1 – Secure Remote Access 5.2.1.2 – Configuring SSH ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential §On the PC, connect to the switch using SSH. Secure Remote Access Verifying SSH The PC is using SSH to communicate and issue commands on the switch. 5.2 – Switch Security 5.2.1 – Secure Remote Access 5.2.1.3 – Verifying SSH ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Secure Remote Access Packet Tracer – Configuring SSH 5.2 – Switch Security 5.2.1 – Secure Remote Access 5.2.1.4 – Packet Tracer – Configuring SSH ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Switch Port Security Secure Unused Ports The interface range command can be used to apply a configuration to several switch ports at one time. 5.2 – Switch Security 5.2.2 – Switch Port Security 5.2.2.1 – Secure Unused Ports ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential §Port security limits the number of valid MAC addresses allowed to transmit data through a switch port. •If a port has port security enabled and an unknown MAC address sends data, the switch presents a security violation. •Default number of secure MAC addresses allowed is 1. §Methods use to configure MAC addresses within port security: •Static secure MAC addresses – manually configure • switchport port-security mac-address mac-address •Dynamic secure MAC addresses – dynamically learned and removed if the switch restarts •Sticky secure MAC addresses – dynamically learned and added to the running configuration (which can later be saved to the startup-config to permanently retain the MAC addresses) • switchport port-security mac-address sticky mac-address •Note: Disabling sticky learning converts sticky MAC addresses to dynamic secure addresses and removes them from the running-config. • • • Switch Port Security Port Security: Operation 5.2 – Switch Security 5.2.2 – Switch Port Security 5.2.2.2 – Port Security: Operation ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential §Protect – data from unknown source MAC addresses are dropped; a security notification IS NOT presented by the switch §Restrict - data from unknown source MAC addresses are dropped; a security notification IS presented by the switch and the violation counter increments. §Shutdown – (default mode) interface becomes error-disabled and port LED turns off. The violation counter increments. Issues the shutdown and then the no shutdown command on the interface to bring it out of the error-disabled state. • Switch Port Security Port Security: Violation Modes 5.2 – Switch Security 5.2.2 – Switch Port Security 5.2.2.3 – Port Security: Violation Modes ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Switch Port Security Port Security: Configuring 5.2 – Switch Security 5.2.2 – Switch Port Security 5.2.2.4 – Port Security: Configuring ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential §Before configuring port-security features, place the port in access mode and use the switchport port-security interface configuration command to enable port security on an interface. Switch Port Security Port Security: Configuring (Cont.) 5.2 – Switch Security 5.2.2 – Switch Port Security 5.2.2.4 – Port Security: Configuring (Cont.) ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Switch Port Security Port Security: Configuring (Cont.) 5.2 – Switch Security 5.2.2 – Switch Port Security 5.2.2.4 – Port Security: Configuring (Cont.) ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential §Use the show port-security interface command to verify the maximum number of MAC addresses allowed on a particular port and how many of those addresses were learned dynamically using sticky. Switch Port Security Port Security: Verifying Dynamic Sticky 5.2 – Switch Security 5.2.2 – Switch Port Security 5.2.2.5 – Port Security: Verifying ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential §Use the show running-config command to see learned MAC addresses added to the configuration. §The show port-security address command shows how MAC addresses were learned on a particular port. Switch Port Security Port Security: Verifying (Cont.) 5.2 – Switch Security 5.2.2 – Switch Port Security 5.2.2.5 – Port Security: Verifying (Cont.) ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential §Switch console messages display when a port security violation occurs. Notice the port link status changes to down. Switch Port Security Ports in Error Disabled State 5.2 – Switch Security 5.2.2 – Switch Port Security 5.2.2.6 – Ports in Error Disabled State ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential §Check the port status and the port security settings. Switch Port Security Ports in Error Disabled State (Cont.) §Do not re-enable a port until the security threat is investigated and eliminated. §Notice that you must first shut the port down and then issue the no shutdown command in order to use the particular port again after a security violation has occurred. 5.2 – Switch Security 5.2.2 – Switch Port Security 5.2.2.6 – Ports in Error Disabled State (Cont.) ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Secure Remote Access Packet Tracer – Configuring Switch Port Security 5.2 – Switch Security 5.2.2 – Switch Port Security 5.2.2.7 – Packet Tracer – Configuring Switch Port Security ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Secure Remote Access Packet Tracer – Troubleshooting Switch Port Security 5.2 – Switch Security 5.2.2 – Switch Port Security 5.2.2.8 – Packet Tracer – Troubleshooting Switch Port Security ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Secure Remote Access Packet Tracer – Configuring Switch Security Features 5.2 – Switch Security 5.2.2 – Switch Port Security 5.2.2.9 – Lab – Configuring Switch Security Features ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5.3 Chapter Summary 5 - Switch Configuration 5.3 – Summary ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Conclusion Packet Tracer - Skills Integration Challenge 5.3 – Summary 5.3.1 – Conclusion 5.3.1.2 – Packet Tracer - Skills Integration Challenge ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential § §Configure basic switch settings to meet network requirements. §Configure a switch using security best practices in a small to medium-sized business network. • Conclusion Chapter 5: Switch Configuration 5.3 – Summary 5.3.1 – Conclusion 5.3.1.3 – Switch Configuration ‹#› © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential Section 5.1 New Terms and Commands •POST •Boot loader •boot system command •show boot command •switch: prompt •Mode button •System LED •Port LED •SVI •VLAN •Management VLAN •interface vlan command •vlan command •name command •Full-duplex •Half-duplex •Port speed •duplex command •speed command •mdix command •show interfaces command •SSH configuration •ip domain-name command •crypto key generate rsa command •transport input local command •username secret command •ip ssh version 2 command •login local command •show ip ssh command •Unused ports •Port security •switchport mode access command •switchport port-security command •switchport port-security maximum command •switchport port-security mac-address sticky command •show port-security interface command •show port-security address command Chapter 5 - New Terms and Commands