Switch
Connect your network
February 16th, 2025
Our Netgate security appliance comes with four wired ethernet interfaces, but one is already in use as our uplink and the other three aren't enough to meet our lab's needs. We're going to need more interfaces so we'll be connecting an 8-port (interface) gigabit ethernet switch to our lab in this post. In fact, we'll be doing a lot more than just connecting our switch to another device. We'll be dividing up eight (8) of the ten (10) interfaces into four (4) separate Virtual Local Area Networks (VLANs) and also applying multiple configurations to improve our lab's security posture while we're at it.
This post covers a ton of critical Networking 101 fundamentals and also provides a lot hands-on experience. By the end, you'll have the network and security foundation for your lab in place and a decent amount of networking and network security experience as a cherry on top.
Choose Your Hardware#
Hands-on networking experience is priceless because, these days, an understanding of networking is encouraged if not outright required in the tech industry. The network touches everything and if you want to build more complex systems in the future then you'll need to know how to interconnect them.
That said, the only piece of legacy hardware I'm using in this lab series is my HP 2915al switch. The HP 2915al is a little over 14 years old at this point but, the concepts in this lab are still very relevant. Plus, our configuration requirements are minimal and pretty much any small switch (8-10 interfaces) will do for our lab so it won't be difficult to find a substitute.
If you're looking for a recommendation, I've suggested the Cisco Catalyst 1200 series switch in the first post in the series titled “Gear Up”. Finally, keep in mind that while the below instructions and commands will not be compatible with a Cisco 1200 series switch, it will be a worthy challenge to similarly configure a different switch. Let's get networking!
Connect Via Console (Serial) Cable#
Assuming our switch is powered on and we have a console connection established between our PC and our HP 2915 switch, we'll want to launch PuTTY and establish a serial connection.
With PuTTY open, under “Session”, select “Serial” for the “Connection type”, confirm your “Serial line” using Windows Device Manger, and click “Open”.
If a blank Putty terminal window opens, that's a good thing! Just left-click the blank terminal, hit “enter” on your keyboard a few times to help kick in the Serial connection and you should see a prompt load.
Change Context#
One of the first things to know about configuring a switch using the command line is that there are different “contexts” that you can enter to configure various aspects of the switch. For instance, when you first land in the command line after connecting to your switch, you'll notice that the prompt ends with a greater-than symbol `>`. The mode or context you are in by default is called “Operator” mode and you can tell what context you're in by viewing the prompt.
To have more privileges and do more things on your switch, you have to enter the “Manager” context by typing “enable”; however, to make configuration changes, you have to enter “Global Configuration” context by typing “config”. There are also non-global configuration “Context Configuration”(s) such as VLAN context configuration and interface context configuration. To exit a context type “exit”. To move from any level back to the “Manager” level, type “end”. Practice Tip: Try entering these contexts and typing “?” to see what commands are available to you as you change context.
# Enter “Manager” context
enable
# Enter “Global Configuration” context
config
# Enter VLAN “Context Configuration”
vlan 10
# Move from any level back to the preceding level
exit
View Menu#
Most of our switch configuration will be done using the command line menu. Type `menu` into the command line to enter the command line menu. You can arrow up and down to move from one menu item to another, hitting “enter” to access each item. Alternatively, you can simply type in the corresponding menu number to access each item with a single keystroke. Take a few minutes to browse and get a good idea of what options are available to you through the menu, Keep an eye out for navigation tips provided at the bottom of the screen.
# Access the "Switch Menu” page
menu
Basic Setup#
Manager Password Setup
Now that we've gained access to our switch and know our way around a bit, the first thing we should do is configure our “Switch Setup”. Using the `setup` command to enter the “Switch Setup” screen which is where you can configure the manager password amongst other critical settings. Of course, a best practice is to update the default passwords or set passwords in the event that there are none set by default. The HP 2915 has the concept of a “Manager” and “Operator” role, each with their own set of credentials and privileges. We'll first update the Manager Password and confirm it for good measure.
# Access the "Switch Setup" page
setup
Operator Password Setup
An optional step might be to set an “Operator” password which, as the name suggests, has fewer system privileges. To configure an operator password, we have to navigate to the CLI menu using the menu command. Then, we select "3. Console Passwords…" followed by "1. Set Operator Password."
# log in as manager
u/n: manager
p/w:
# log in as operator
u/n: operator
p/w:
IP Settings
There are other IP protocol related settings we'll need to configure in the Switch Setup. Most notably are the switch'sIP Config,IP Address, andDefault Gateway which we'll be setting toDHCP,192.168.50.10, and192.168.2.1 respectively. In this step, we're telling the switch to get its IP address from a DHCP server we're explicitly setting the switch's default gateway and we're choosing a time synchronization method.
TBD#
tbd