Networknet.nl

If you are managing local area networks which extent the UTP capabilities than most likely some kind of fiber optic equipment has been installed. Recently I evaluated couple of different Cisco switch models and ordered one Cisco Switch 2940-8TF to test with current equipment I am managing. Please make sure to read the product details and order the right fiber cable. Most of the equipment I have has a ST connector; Cisco 2940 has a integrated 100BASE-FX port with MT-RJ connector. Check wikipedia for more information on optical fiber connectors.

Cisco product details:

The Cisco Catalyst 2940-8TF is a member of the Catalyst 2940 Series Switches, small, standalone, managed switches with 8 Fast Ethernet ports and a single integrated Fast Ethernet or Gigabit Ethernet uplink. The switches are designed to be used outside the wiring closet in the end-user workspace, such as classrooms or conference rooms, and feature a durable metal shell, no fan for silent operation, easy wall or under-the-desk mounting, a security lock slot to prevent theft, and an available cable guard to lock down cables and help prevent theft.

Complete with a simple web-based Express Setup, a free Java-enabled web-based monitoring and configuration tool, and the rich functionality of Cisco IOS, this switch provides comprehensive functionality and manageability for classrooms, conference rooms, or other small workgroup environments. Easy to install and manage, periodic software updates for life, and built to last, these switches provide outstanding investment protection and the lowest total cost of ownership in its product class.

• 8 Ethernet 10/100 ports + 1 Ethernet 100BASE-FX + 1 1000BASE-X SFP port (one uplink active at a time)
• Wall-mountable, standalone, managed switch
• Catalyst 2940 Standard Image (SI) software
• Available with optional Cable Guard

During the installation I collected some screenshots. Take couple of seconds and check out the web and telnet interface of Cisco 2940 switch here.

Cisco IOS introduced the support of a range command in Release 12.0(7)XE, Release 12.1 E, and Release 12.1(5)T and above to select multiple ports wihtin the Cisco switch interface configuration. I am using the range function to assign my first twently gigabit ports as trunk interfaces for my VMWare ESX environment.

The Interface Range Specification feature allows specification of a range of interfaces to which subsequent commands are applied and supports definition of macros that contain an interface range. The Interface Range Specification feature is implemented with the range keyword, which is used with the interface command. In the interface configuration mode with the range keyword, all entered commands are applied to all interfaces within the range until you exit interface configuration mode.

The Interface Range Specification feature makes configuration easier because:

•Identical commands can be entered once for a range of interfaces, rather than being entered separately for each interface.

•Interface ranges can be saved as macros.

Switch1#enable

Switch1(config)#interface range gigabitEthernet 0/1 - 20

Switch1(config-if-range)#spanning-tree portfast

Switch1(config-if-range)#switchport mode trunk

Switch1(config-if-range)#^Z

Switch1# copy running-configuration startup-configuration

Switch1#show running-configuration

It can save some time when configuring a new Cisco switch and not assigning manual configuration for each Ethernet interface.

If you are installing different VMWare ESX servers than the CDP support in the networking area can help you find the right port on your Cisco switch; for details check my previous post. After I identified the port than I went back to the switch configuration and add the interface description!

In the following example I am configuring port forwarding to a Windows Server 2003 Standard Edition PPTP VPN server. My configuration has been configured as shown in the diagram. I have a /28 network registered on the Internet and 14 public IP Addresses are available though the SDSL ISP modem. The SDSL modem is providing these IP addresses by the internal DHCP server. For the Cisco PIX 501 firewall I am using manual assigned Public IP Address.

In the CLI command lines below I am configuring static NAT on a public IP Address for tcp port 1723 (pptp) and assign the private IP Address/hostname to VPN-02 which has been defined in the line “name”.

fixup protocol pptp 1723

name 192.168.5.35 VPN-02

access-list outside_access_in permit tcp any host 194.0.0.2

access-list outside_access_in permit gre any host 194.0.0.2

pdm location VPN-02 255.255.255.255 inside

static (inside,outside) tcp 194.0.0.2 pptp VPN-02 pptp netmask 255.255.255.255 0 0

What did I achieve with this configuration? After I applied this configuration I was able to connect from my Windows XP & Windows Vista clients with built-in VPN client and connect using the PPTP protocol. I also used static port forwarding on tcp 1723 port and enabled the GRE IP protocol fix by using the “fixup protocol pptp 1723″ command. Without the fixup for pptp protocol I was forced to translate complete internal host (VPN-02) and using all TCP ports. If you don’t apply to fixup than you probably will get eventlog message like one below.