User Tools
Table of Contents
Cisco 4948 Enterprise Switch
http://www.networkhardware.com/4948ReferenceMatrix
http://www.ifm.net.nz/cookbooks/loadingconfig.html
http://www.luckydragon.net/tech/cisco-switch-examples.html
Note that this switch has four shared ports (the last four). They default to SFP mode.
The first 44 interfaces are simply configured as host ports with speed and duplex fixed or left to auto.
GigabitEthernet1/45 through GigabitEthernet1/48 would typically be your SFP trunk uplinks to your aggregation or core layer using a single interface or bundled as port-channel.
Management Interface
Physical Management Port
Some of 4948s might have IP routing enabled while others not, which causes some to work with the ip default-gateway command and others needing ip route 0.0.0.0.
enable show interfaces FastEthernet 1 configure terminal interface FastEthernet1 ip vrf mgmtVrf ip vrf forwarding mgmtVrf ip address 10.0.4.11 255.255.255.0 speed auto duplex auto no shutdown ip route vrf mgmtVrf 0.0.0.0 0.0.0.0 10.0.4.1 ip default-gateway 10.0.4.1 ip http server ip ftp source-interface fa1 ip tftp source-interface fa1 line vty 0 4 access-class 10 in vrf-also exec-timeout 0 0 transport input telnet login authentication local_auth show running-config copy running-config startup-config
For Layer 2 Switches
- Create a separate management VLAN
- Do trunks between all switches
- Assign all switches' management interfaces to this VLAN
Optional
- You can configure the MGMT VLAN as the native VLAN on trunk interfaces
- For a remote branch, you can use other “vlan x”
- Try to have a specific vlan for management of all switches
Example MGMT addresses:
VLAN 10 - network 10.0.10.0/24
Switch 1: IP 10.0.10.2/24 Switch 2: IP 10.0.10.3/24 Switch 3: IP 10.0.10.4/24 …
For Layer 3 Switches
Use loopback addresses if you are routing traffic.
Use a routing protocol or set static routes.
Sample Configuration
Start in configure terminal mode:
enable configure terminal
Check the running configuration:
show running-config
Don't forget to update the startup configuration when done:
copy running-config startup-config
Don't forget to adjust these bits for your needs:
cat4500-ipbasek9-mz.122-54.SG1.bin(desired boot image filename)cisco-4948-1(hostname)yourdomain.tld(domain-name)admin(username)yourenablepasswordyoursshpasswordyourconsolepasswordtimezone- offset (hours, -7 for Arizona)
192.168.1.254 255.255.255.0(MGMT Vlan address)192.168.1.1(default-gateway (L2) and default route (L3))
! !--- For Cisco Catalyst 4948 Switch ! boot system flash bootflash:cat4500-ipbasek9-mz.122-54.SG1.bin hostname cisco-4948-1 ip domain-name yourdomain.tld enable password yourenablepassword username admin password 0 yoursshpassword aaa new-model service password-encryption ! ntp server 169.229.70.201 ntp server 128.255.70.89 ntp server 66.162.15.65 clock timezone ARIZONA -7 ! !--- Crypto commands require a K9 boot image. ! !--- hostname, domain-name, username and password must be configured before SSH ! crypto key generate rsa general-keys modulus 2048 ip ssh time-out 120 ip ssh authentication-retries 3 ip ssh version 2 ! ! line console 0 password yourconsolepassword line vty 0 4 transport input ssh line vty 5 15 transport input ssh ! !--- Show SSH configuration. ! !show cry key mypubkey rsa !show ssh ! ! !--- The default VLAN on all switches is VLAN 1. By default, all ports on the switch !--- are VLAN 1. With all ports in VLAN 1, all ports can communicate. As soon as you !--- change the VLAN assignment for a switch port to another VLAN, that switch port !--- will not be able to communicate with the rest of the devices on other ports. ! !--- Configure the management interface on VLAN 10: ! vlan 10 name MGMT ! !--- Configure other VLANs: ! vlan 100 name Vlan100 ! ! !--- The first 44 ports are all RJ45 on the default VLAN 1 ! interface range GigabitEthernet 1/1-44 shutdown speed auto duplex auto no switchport no ip address switchport switchport mode access switchport access vlan 1 no shutdown ! !--- Configure individual ports like this: ! !interface GigabitEthernet 1/1 ! switchport access vlan ## ! speed 1000 ! duplex full ! spanning-tree portfast ! spanning-tree bpduguard enable ! !--- Cisco 4948 has no Auto-MDIX support ! !--- Configure the last four ports as regular RJ-45 ports instead of SFP: ! interface range GigabitEthernet 1/45-48 shutdown media-type rj45 speed auto duplex auto ! mdix auto no switchport no ip address switchport switchport mode access switchport access vlan 1 no shutdown ! !--- Configure the default VLAN 1 interface ! interface Vlan 1 shutdown no ip address description DEFAULT no shutdown ! !--- Configure the management interface on VLAN 10: ! interface Vlan 10 shutdown ip address 192.168.1.254 255.255.255.0 description MGMT no shutdown ! ! !--- Assign an interface to the MGMT VLAN: ! interface GigabitEthernet 1/1 switchport access vlan 10 no shutdown ! ! !--- Set the default gateway (layer 2) and default route (layer 3): ! ip default-gateway 192.168.1.1 ip route 0.0.0.0 0.0.0.0 192.168.1.1 ! ! !--- Disable the web interface ! no ip http server no ip http secure-server ! ! !--- Configure the last four ports as two SFP trunks: ! !interface GigabitEthernet 1/45 ! description Link to Core Switch A ! switchport trunk encapsulation dot1q ! switchport trunk native vlan 1 ! switchport trunk allowed vlan 2-10 ! switchport mode trunk ! media-type sfp !channel-group 1 mode desirable non-silent ! !interface GigabitEthernet 1/46 ! description Link to Core Switch A ! switchport trunk encapsulation dot1q ! switchport trunk native vlan 1 ! switchport trunk allowed vlan 2-10 ! switchport mode trunk ! media-type sfp !channel-group 1 mode desirable non-silent ! !interface GigabitEthernet 1/47 ! description Link to Core Switch B ! switchport trunk encapsulation dot1q ! switchport trunk native vlan 1 ! switchport trunk allowed vlan 2-10 ! switchport mode trunk ! media-type sfp !channel-group 2 mode desirable non-silent ! !interface GigabitEthernet 1/48 ! description Link to Core Switch B ! switchport trunk encapsulation dot1q ! switchport trunk native vlan 1 ! switchport trunk allowed vlan 2-10 ! switchport mode trunk ! media-type sfp !channel-group 2 mode desirable non-silent !
General Troubleshooting
Enable 'portfast' for PCs connected to access ports. This brings up the port much quicker for PXE booting and such.
show interfaces counters errors show interfaces | include input err show interfaces | include output err show interfaces status | include connected show run | b username show standby brief show etherchannel summary
Reset Interface to Default
Here we reset a single port 'gigabitEthernet 1/13' back to defaults and set it as an access port:
conf t default interface gi1/13 interface gi1/13 switchport mode access exit exit
This is for a range of ports:
conf t default int range gi1/13,gi1/15,gi1/17,gi1/19,gi1/21 int range gi1/13,gi1/15,gi1/17,gi1/19,gi1/21 switchport mode access exit exit
LACP Port Bonding
Configure the channel group (channel group 1 example shown here):
Router> enable Router# configure terminal Router(config)# interface port-channel 1 Router(config-if)#description your_bond Router(config-if)#switchport Router(config-if)#switchport mode access Router(config-if)#exit
Configure the ports (gigabit ports 33 and 34 in this example):
Router(config)# interface range gi1/33-34 Router(config-if-range)#channel-protocol lacp Router(config-if-range)#channel-group 1 mode active Router(config-if-range)#exit Router(config-if)# exit Router# show lacp internal
VLANs
VLAN = Broadcast Domain
Define VLANs
conf t vlan 3 name vl-office interface range gigabitEthernet 1/47-48 switchport access vlan 3 exit
Trunk Ports
https://supportforums.cisco.com/docs/DOC-2218
Cisco calls bonded Ethernet links EtherChannel.
Access Ports only pass traffic for one VLAN and all others are dropped.
By default, Cisco Trunk Ports carry multiple VLANs and will accept all VLANs, until they are removed.
Limit the VLANs a trunk will carry with switchport trunk allowed vlan 100,200.
With encapsulation set to dot1q, all traffic is tagged and untagged frames are dropped.
conf t interface range gi1/22, gi1/16, gi1/18, gi1/20 switchport trunk encapsulation dot1q switchport mode dynamic desirable switchport mode trunk exit exit show interfaces trunk write copy running-config startup-config
EtherChannel and VLAN Trunking
- Bond up to eight Ethernet links into a single EtherChannel
- Increased bandwidth
- Increased redundancy
- Load balances traffic across physical interfaces
- Static EtherChannels or EtherChannels running Link Aggregation Control Protocol (LACP)
- Configuration of an EtherChannel configures all bonded interfaces
interface Port-channel10 switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 2,5,10,16,17,21,22,101,130 switchport mode trunk no snmp trap link-status interface GigabitEthernet3/1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 2,5,10,16,17,21,22,101,130 switchport mode trunk no snmp trap link-status channel-group 10 mode desirable interface GigabitEthernet3/2 switchport trunk encapsulation dot1q switchport trunk allowed vlan 2,5,10,16,17,21,22,101,130 switchport mode trunk no snmp trap link-status channel-group 10 mode desirable
Backup and Restore
