Cisco Networking: Switch Management Interface Configuration - dummies

Cisco Networking: Switch Management Interface Configuration

By Edward Tetz

Before you can manage your Cisco switch, you need to configure a management interface. Unlike the routers that allow for management on any configured interface, with switches you are not able to associate IP addresses to the physical ports or interface; rather, you associate the IP address to a virtual interface that is implicitly created with a Virtual LAN (VLAN).

You need a switchport configured for the same VLAN as your management VLAN will be configured. If you want to manage your switch over the default VLAN, just follow these steps (notice end is used in this case to exit Global Configuration mode:

  1. Create a new VLAN with the following command:

    Switch1#configure terminal
    Enter configuration commands, one per line.  End with CNTL/Z.
    Switch1#interface VLAN 1
    Switch1(config-if)#ip address

    You do have the option of configuring your switch to use DHCP using the command ip address dhcp. This option can work well if you want to set reservations for the switch’s MAC address, but in most organizations, all managed network devices are assigned static addresses for consistency and ensured connectivity. It would be a danger to network-management if you lost the ability to manage your network because a DHCP server went offline for too long.

    If you were to exit the configuration now and check your running configuration, you would notice one configuration item a little strange:

    Switch1#show running-config interface VLAN 1
    Building configuration...
    Current configuration : 82 bytes
    interface Vlan1
     ip address
     no ip route-cache

    This output clues you in that one important item is missing or, rather, that something is present that should not be. Unlike the reset of the switch ports, the VLAN interfaces are not enabled by default.

    You can have only one management interface or VLAN enabled at a time, so if you configure a second VLAN interface for management, the first one will be shut down or disabled. It will not be deleted, but it will be disabled. You will have to disable it and enable the other one.

  2. Enter the following commands to start using the first VLAN interface again and shut down the second one:

    Switch1#configure terminal
    Enter configuration commands, one per line.  End with CNTL/Z.
    Switch1(config)#interface vlan 1
    Switch1(config-if)#no shutdown

    When you are working on the console of a switch, you will often see status messages from various things that happen on the switch, such as when a device is connected to a port and the link is enabled. If you are using a remote terminal session through Telnet or SSH, then you do not see these status messages.

    If you want to see these messages, enter Privileged EXEC mode and type terminal monitor. This copies all terminal messages to your remote terminal session.

    If you are working on the console or have terminal monitor running, you will receive a status message telling you that the interface has been enabled and can be used again. The message will be similar to the following:

00:00:52: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up

Now you have all the information required (and then some) to configure a switch interface. If you trust the default settings for the MDIX, Speed, and Duplex settings, you likely just need to assign an IP address and bring the management interface up. A description is nice to have and other configuration options are required based on configuration of other parts of your network, such as VLAN configuration.

Once you have the interface up and running, if you are using defaults for your MDIX, Speed, and Duplex settings, examine the interface to ensure that it has detected settings that you are happy with. Do this with the show interfaces command, as shown here. This switch does not support MDIX, but you should be able to locate the other settings.

Switch1#show interfaces  fastEthernet 0/1
FastEthernet0/1 is up, line protocol is up (connected)
  Hardware is Fast Ethernet, address is 0006.d6ab.a041 (bia 0006.d6ab.a041)
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, media type is 100BaseTX
  input flow-control is unsupported output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:24, output 00:00:01, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     2577 packets input, 213622 bytes, 2 no buffer
     Received 2574 broadcasts (420 multicast)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 2 ignored
     0 watchdog, 420 multicast, 0 pause input
     0 input packets with dribble condition detected
     2090 packets output, 157557 bytes, 0 underruns
     0 output errors, 0 collisions, 2 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out

Pay attention to the values at the end of the previous command, because most of them will help you identify configuration issues.

Within all this information, notice that the interface and line protocols should both be Up. In this example, the interface detected Full Duplex as well as a speed of 100 Mbps. When working with a switch, you will see only an IP address on the VLAN interface, which for Layer 2 switches will be the management interface, but will be considered a routing interface for Layer 3 switches. You can verify the IP address of the interface, and see if there are any packet errors on the interface. Incorrect Duplex settings between ends of a connection can cause packet errors.

If you are working with a Layer 3 router, you have two types of configuration changes to work with: a full set of switch configuration commands in addition to a full set of routing commands.