Networking · Cisco Catalyst Switch Lab 1

Cisco Catalyst Switch Lab 1

Foundational configuration on legacy Cisco Catalyst 2950/3550: factory reset, initial setup, VLANs, port security, and SPAN.

View this project on GitHub

These next two labs demonstrate foundational switch configurations using legacy Cisco Catalyst models (2950 & 3550). While the hardware is dated, the focus is on building an understanding of core network principles like VLANs, port security, trunking, and STP, which remain critical in modern networking environments.

Table of Contents

  1. Connecting to the Switch
  2. Performing a Factory Reset
  3. Configuring Switch from Scratch
  4. Post Initial Setup
  5. Creating & Configuring VLANs
  6. Configuring Port Security
  7. Setting up a SPAN port - Switch Port Analyzer

Connecting to the Switch

In this lab environment, I'm using a serial DB-9 to console port cable to connect the Cisco Catalyst switches to a Windows machine, managing them with PuTTY.

Here in the PuTTY interface, I'm opening a management session with the switch via Serial connection COM1:

con1.png

Performing a Factory Reset

Performing a factory reset on a Cisco Catalyst 2950 switch to reconfigure it from scratch.

To start, I'm going to carry out the following steps on the Cisco Catalyst 2950 to enter ROMMON mode:

  1. Unplug the power cable from the switch.
  2. Press and hold the MODE button on the front panel.
  3. While holding down the MODE button, reconnect the power.
  4. Continue holding until you see the switch: prompt appear in your console session (PuTTY).

This procedure interrupts the normal boot process and forces the switch into the boot loader environment (ROMMON):

1. Entering ROMMON mode

TheSwitchPrompt.png

2. Running Factory Reset Commands

Once the switch is in ROMMON mode, I'm going to run the following commands to initiate the factory reset.

flash_init          Initializes the flash file system (access/modify files)
del flash:config.text  Deletes the startup configuration file
del flash:vlan.dat    Deletes the VLAN database file
fac4.png

2. Boot Command

Enter the boot command to complete the factory reset.

fac5.png

3. Boot up

The IOS (Internetwork Operating System) image is loaded from flash. The switch then initializes the flash file system again after loading IOS, preparing to access saved files (e.g., configs, logs, VLAN database).

fac6.png

4. Final Phase of Booting up

Here the switch is in the final phase of booting up after issuing boot—completing the Cisco IOS process after a factory reset.

fac7.png

5. The Switch Has Fully Rebooted

System info is displayed and the system is waiting for the prompt.

fac8.png

From here, the switch will prompt for configurations to set it up from scratch.

Configuring Switch from Scratch

1. System Configuration Dialog (setup Wizard)

After the factory reset, the switch enters the System Configuration Dialog (setup wizard). Below I set the hostname to MT0.

conf1.png

2. Password Setup

Setting the enable secret password (used for privileged EXEC mode, MT0#). It’s stored encrypted in the config.

conf2.png

3. Security and Management Configuration

In this example I enter no for SNMP network management (often used in production).

conf3.png

4. Interface Review Stage

Interface summary output:

conf4.png

5. Assign a Management Interface

Specify a Switched Virtual Interface (SVI)—typically VLAN 1—for management. This gives the switch a Layer 3 address for remote management (Telnet/SSH/SNMP) and testing via ping.

conf5.png
conf6.png
conf8.png

6. Enable Cluster Command Switching

Optional legacy feature allowing one switch to manage others using CDP. Modern environments typically use centralized tools.

Here I enable it and specify a cluster name:

conf10.png

7. Review the Generated Configuration Script

After the wizard, preview the configuration before saving to NVRAM.

conf11.png
conf12.png

8. Save or Discard the Configuration

I choose option 2 to save to NVRAM (startup-config) and exit to the prompt.

conf14.png

You may see “line protocol on vlan1 is down”—that’s normal if no active ports are in VLAN 1 yet.

conf15.png

9. Reboot to Switch Prompt

After saving and rebooting, press RETURN to reach the prompt (>), followed by the hostname.

conf16.png

Post Initial Setup

1. Enter Privileged EXEC Mode

From User EXEC (>), type enable to enter Privileged EXEC (#).

post1.png

2. Enter Global Configuration Mode

At MT0#, run configure terminal (or conf t) to enter global config.

post2.png
post3.png

3. Change Switch Hostname

Change hostname to switch1:

post4.png
post5.png

4. Setup MOTD Banner

Set a Message of the Day banner (useful for legal/compliance messaging):

post6.png

5. Secure Console Access with a Password

Require a password on the console line to prevent unauthorized physical access.

post7.png

We’ve now secured console/VTY access, assigned a management IP on VLAN 1, and set a default gateway.

post8.png

6. Configure Access Ports for Workstations

Configure Fa0/40–48 as access ports in VLAN 20, add descriptions, and enable spanning-tree portfast.

post9.png

7. Exit, End, Write Memory

Exit config mode, then write memory to save the running config.

post11.png

Creating & Configuring VLANs

1. Create and Name VLANs for Logical Segmentation

Create VLAN 10 (Lab-1) and VLAN 20 (Lab-2). VLANs segment the switch into multiple logical networks on shared hardware.

vlan1.png

2. Assign Switch Ports to VLANs and Save the Configuration

Use interface range to assign ports to VLAN 10/20, add descriptions, and write memory.

vlan2.png

3. Verify VLAN Configuration

Use show vlan brief to confirm VLAN membership.

vlan3.png

Configuring Port Security

1. Configure Port Security on an Access Port

Configure fa0/30 to allow a single MAC (sticky), shutting down on violation—useful for edge-port hardening.

portsec1.png

2. Verify Port Security on the Interface

Verify with:

show port-security interface fa0/30

Note: Secure-down can simply mean nothing is plugged into the port. When a device connects and a MAC is learned, this changes to Secure-up. Unauthorized devices trigger shutdown and increment violations.

portsec2.png

Setting up a SPAN - Switch Port Analyzer

Monitoring traffic can support security analysis, troubleshooting, and protocol visibility.

Here I configure a basic SPAN session to mirror traffic from a range of source ports to a destination port.

Note: In this demonstration, SPAN is configured on ports within VLAN 1 for simplicity. It’s independent from the earlier VLAN 10/20 example.

1. Configuring a SPAN (Port Mirroring) Session

Mirror traffic from Fa0/2–Fa0/8 (sources) to Fa0/9 (destination). Capture with Wireshark on the destination.

span1.png

2. Verifying SPAN Configuration

Verify that session 1 is monitoring the intended source/destination interfaces:

span2.png

3. Capturing the Mirrored Traffic with Wireshark

Two Windows PCs are connected to Fa0/2 (192.168.1.104) and Fa0/5 (192.168.1.124). A third Windows PC on Fa0/9 runs Wireshark to collect mirrored traffic.

wire1.png
wire2.png
wire3.png
wire4.png

Back to Home