Cisco 4948 Enterprise Switch

http://www.networkhardware.com/4948ReferenceMatrix

http://www.ifm.net.nz/cookbooks/loadingconfig.html

http://www.luckydragon.net/tech/cisco-switch-examples.html

http://www.techrepublic.com/blog/networking/five-things-you-should-know-about-configuring-a-cisco-ios-switch/428

Note that this switch has four shared ports (the last four). They default to SFP mode.

The first 44 interfaces are simply configured as host ports with speed and duplex fixed or left to auto.

GigabitEthernet1/45 through GigabitEthernet1/48 would typically be your SFP trunk uplinks to your aggregation or core layer using a single interface or bundled as port-channel.

https://supportforums.cisco.com/thread/2082896

http://www.gossamer-threads.com/lists/cisco/nsp/131266

Some of 4948s might have IP routing enabled while others not, which causes some to work with the ip default-gateway command and others needing ip route 0.0.0.0.

enable
show interfaces FastEthernet 1

configure terminal

interface FastEthernet1

ip vrf mgmtVrf
ip vrf forwarding mgmtVrf
ip address 10.0.4.11 255.255.255.0
speed auto
duplex auto

no shutdown

ip route vrf mgmtVrf 0.0.0.0 0.0.0.0 10.0.4.1
ip default-gateway 10.0.4.1
ip http server
ip ftp source-interface fa1
ip tftp source-interface fa1

line vty 0 4
access-class 10 in vrf-also
exec-timeout 0 0
transport input telnet
login authentication local_auth

show running-config
copy running-config startup-config

1. Create a separate management VLAN
2. Do trunks between all switches
3. Assign all switches' management interfaces to this VLAN

• You can configure the MGMT VLAN as the native VLAN on trunk interfaces
• For a remote branch, you can use other “vlan x”
• Try to have a specific vlan for management of all switches

Example MGMT addresses:

VLAN 10 - network 10.0.10.0/24

Switch 1: IP 10.0.10.2/24 Switch 2: IP 10.0.10.3/24 Switch 3: IP 10.0.10.4/24 …

Use loopback addresses if you are routing traffic.

Use a routing protocol or set static routes.

Start in configure terminal mode:

enable
configure terminal

Check the running configuration:

show running-config

Don't forget to update the startup configuration when done:

copy running-config startup-config

Don't forget to adjust these bits for your needs:

• cat4500-ipbasek9-mz.122-54.SG1.bin (desired boot image filename)
• cisco-4948-1 (hostname)
• yourdomain.tld (domain-name)
• admin (username)
• yourenablepassword
• yoursshpassword
• yourconsolepassword
• timezone
• offset (hours, -7 for Arizona)
• 192.168.1.254 255.255.255.0 (MGMT Vlan address)
• 192.168.1.1 (default-gateway (L2) and default route (L3))

!
!--- For Cisco Catalyst 4948 Switch
!
boot system flash bootflash:cat4500-ipbasek9-mz.122-54.SG1.bin
hostname cisco-4948-1
ip domain-name yourdomain.tld
enable password yourenablepassword
username admin password 0 yoursshpassword
aaa new-model
service password-encryption
!
ntp server 169.229.70.201
ntp server 128.255.70.89
ntp server 66.162.15.65
clock timezone ARIZONA -7
!
!--- Crypto commands require a K9 boot image.
!
!--- hostname, domain-name, username and password must be configured before SSH
!
crypto key generate rsa general-keys modulus 2048
ip ssh time-out 120
ip ssh authentication-retries 3
ip ssh version 2
!
!
line console 0
  password yourconsolepassword
line vty 0 4
 transport input ssh
line vty 5 15
 transport input ssh
!
!--- Show SSH configuration.
!
!show cry key mypubkey rsa
!show ssh
!
!
!--- The default VLAN on all switches is VLAN 1. By default, all ports on the switch
!--- are VLAN 1.  With all ports in VLAN 1, all ports can communicate. As soon as you
!--- change the VLAN assignment for a switch port to another VLAN, that switch port
!--- will not be able to communicate with the rest of the devices on other ports.
!
!--- Configure the management interface on VLAN 10:
!
vlan 10
  name MGMT
!
!--- Configure other VLANs:
!
vlan 100
  name Vlan100
!
!
!--- The first 44 ports are all RJ45 on the default VLAN 1
!
interface range GigabitEthernet 1/1-44 
  shutdown
  speed auto
  duplex auto
  no switchport
  no ip address
  switchport
  switchport mode access
  switchport access vlan 1
  no shutdown
!
!--- Configure individual ports like this:
!
!interface GigabitEthernet 1/1
!  switchport access vlan ##
!  speed 1000
!  duplex full
!  spanning-tree portfast
!  spanning-tree bpduguard enable
!
!--- Cisco 4948 has no Auto-MDIX support
!
!--- Configure the last four ports as regular RJ-45 ports instead of SFP:
!
interface range GigabitEthernet 1/45-48
  shutdown
  media-type rj45
  speed auto
  duplex auto
!  mdix auto
  no switchport
  no ip address
  switchport
  switchport mode access
  switchport access vlan 1
  no shutdown
!
!--- Configure the default VLAN 1 interface
!
interface Vlan 1
  shutdown
  no ip address
  description DEFAULT
  no shutdown
!
!--- Configure the management interface on VLAN 10:
!
interface Vlan 10
  shutdown
  ip address 192.168.1.254 255.255.255.0
  description MGMT
  no shutdown
!
!
!--- Assign an interface to the MGMT VLAN:
!
interface GigabitEthernet 1/1
  switchport access vlan 10
  no shutdown
!
!
!--- Set the default gateway (layer 2) and default route (layer 3):
!
ip default-gateway 192.168.1.1
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
!
!--- Disable the web interface
!
no ip http server
no ip http secure-server
!
!
!--- Configure the last four ports as two SFP trunks:
!
!interface GigabitEthernet 1/45
!  description Link to Core Switch A
!  switchport trunk encapsulation dot1q
!  switchport trunk native vlan 1
!  switchport trunk allowed vlan 2-10
!  switchport mode trunk
!  media-type sfp
!channel-group 1 mode desirable non-silent
!
!interface GigabitEthernet 1/46
!  description Link to Core Switch A
!  switchport trunk encapsulation dot1q
!  switchport trunk native vlan 1
!  switchport trunk allowed vlan 2-10
!  switchport mode trunk
!  media-type sfp
!channel-group 1 mode desirable non-silent
!
!interface GigabitEthernet 1/47
!  description Link to Core Switch B
!  switchport trunk encapsulation dot1q
!  switchport trunk native vlan 1
!  switchport trunk allowed vlan 2-10
!  switchport mode trunk
!  media-type sfp
!channel-group 2 mode desirable non-silent
!
!interface GigabitEthernet 1/48
!  description Link to Core Switch B
!  switchport trunk encapsulation dot1q
!  switchport trunk native vlan 1
!  switchport trunk allowed vlan 2-10
!  switchport mode trunk
!  media-type sfp
!channel-group 2 mode desirable non-silent
!

Enable 'portfast' for PCs connected to access ports. This brings up the port much quicker for PXE booting and such.

show interfaces counters errors
show interfaces | include input err
show interfaces | include output err
show interfaces status | include connected
show run | b username
show standby brief
show etherchannel summary

Here we reset a single port 'gigabitEthernet 1/13' back to defaults and set it as an access port:

conf t

default interface gi1/13
interface gi1/13
switchport mode access
exit
exit

This is for a range of ports:

conf t

default int range gi1/13,gi1/15,gi1/17,gi1/19,gi1/21
int range gi1/13,gi1/15,gi1/17,gi1/19,gi1/21        
switchport mode access
exit
exit

Configure the channel group (channel group 1 example shown here):

Router> enable 
Router# configure terminal
Router(config)# interface port-channel 1
Router(config-if)#description your_bond
Router(config-if)#switchport
Router(config-if)#switchport mode access
Router(config-if)#exit

Configure the ports (gigabit ports 33 and 34 in this example):

Router(config)# interface range gi1/33-34
Router(config-if-range)#channel-protocol lacp
Router(config-if-range)#channel-group 1 mode active 
Router(config-if-range)#exit
Router(config-if)# exit
Router# show lacp internal

VLAN = Broadcast Domain

conf t

vlan 3
   name vl-office

interface range gigabitEthernet 1/47-48
   switchport access vlan 3

exit

https://supportforums.cisco.com/docs/DOC-2218

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli_rel_4_0_1a/CLIConfigurationGuide/AccessTrunk.html

Cisco calls bonded Ethernet links EtherChannel.

Access Ports only pass traffic for one VLAN and all others are dropped.

By default, Cisco Trunk Ports carry multiple VLANs and will accept all VLANs, until they are removed.

Limit the VLANs a trunk will carry with switchport trunk allowed vlan 100,200.

With encapsulation set to dot1q, all traffic is tagged and untagged frames are dropped.

conf t
interface range gi1/22, gi1/16, gi1/18, gi1/20
switchport trunk encapsulation dot1q
switchport mode dynamic desirable
switchport mode trunk
exit
exit

show interfaces trunk

write

copy running-config startup-config

http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli_rel_4_0_1a/EtherChannel.html

• Bond up to eight Ethernet links into a single EtherChannel
  • Increased bandwidth
  • Increased redundancy
  • Load balances traffic across physical interfaces
  • Static EtherChannels or EtherChannels running Link Aggregation Control Protocol (LACP)
  • Configuration of an EtherChannel configures all bonded interfaces

interface Port-channel10
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 2,5,10,16,17,21,22,101,130
 switchport mode trunk
 no snmp trap link-status

interface GigabitEthernet3/1
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 2,5,10,16,17,21,22,101,130
 switchport mode trunk
 no snmp trap link-status
 channel-group 10 mode desirable

interface GigabitEthernet3/2
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 2,5,10,16,17,21,22,101,130
 switchport mode trunk
 no snmp trap link-status
 channel-group 10 mode desirable

https://www.petenetlive.com/KB/Article/0000538