Example 13 Configuring Default Routing on Catalyst 3550

3550_switch(config)#ip default-gateway 172.16.128.5

3550_switch(config)#exit 3550_switch#

3550_switch#show ip route Default gateway is 172.16.128.5

Host Gateway Last Use Total Uses Interface

ICMP redirect cache is empty 3550 switch#

NOTE

CCIE PSV1 stressed avoiding use of VLAN 1 for user traffic. A personal design rule I use in the avoid VLAN 1 if at all possible. There are numerous reasons for this. VLAN 1 is the default VLA Catalyst switches and the native VLAN. Any switch added to the network will, by default, be in This le aves the network vulnerable to potential VTP, VLAN, and data corruption. Mono Spannir on 802.1Q uses VLAN 1 for its entire spanning-tree domain. The switch will also tag frames di on VLAN 1 depending on the encapsulation used. Some Catalyst switches enable you to clear ' from a trunk, whereas some will not; this could force VLAN 1 to span the entire switched netw these reasons and more that aren't listed, I personally don't run production traffic or manager traffic on VLAN 1. Wh en designing LAN s and VLAN 1 comes up, fust say no!

Confront ng IP and Console Access on Catalyst 3550

Controllm! goceso on the Catalyst 3355 0 switch is ide ntical to contrplliMg access on the router. An n password might be set, and an enable secret password might also be set. All the rules that apply t< and enable sec ret paoswords on routers apply to t he switch. The synta x to accomplish this is as fol

355G_switch(config)#enable password cisco

The enable password is not encrypted and can be viewed in the configuration. The enable passwort encrypted with the global command:

3550_switch(config)#service password-encryption

Theservine password-encryption command encrypts all passwords on the switch with Cisco prop encryption, simply called type-5:

3550_switch(config)#enable secret ccie

The enable secret password is always encrypted with a very strong Cisco proprietary encryption ci Ghe enable sec ret password takes prefeden ce oue r the enable pnsswo rd i f both ere coppgured. Thro) in a readable form in the conPguration. The full syntax for the enable secret password is as foll

3550_switch(config)#enable secret [levellevel] {password | [encryption-type] SUcrypted-password}

You can uue tee PuI I syntax to cor anb pasre encrypted passwogbg from one source to another. Be v when setting the lev el ov encryption type enlth th is comma nb, because it is ve rye easy to enter a pas mconrect I y. A high ly secomm ehbeb ppl^c! is that yo u en crypd all paseworbs seter they have been cheservice passwordeencsyption command. This avoibs typos anb many syntactinal issues that c

Accbss to thn 3 550 switnh is contqolleb by configuri ng pashwords a bo access control lists (ACOs) on (cty) anb virtual terminal (vty) lines. Recall from CCIE PSV1 that the cty is the console port on the anb the vty lines are virtual Telnet sessions. You can view the absolute line values on the switch wi line commanb, as bemonstrateb in Example 1-4. Oine 0 is the vty or console port, whereas lines 1 are vty or virtual Telnet sessions.

Telnet access can be controlled through creating ACOs anb applying them to the vty lines on the sw access-class line configuration commanb. ACOs can also be called on the SNMP community string; control.

0 0

Post a comment