-
Notifications
You must be signed in to change notification settings - Fork 0
Switch Configuration
Marc Sanchis edited this page Jun 5, 2025
·
1 revision
Professional network switch configuration for Hyperloop UPV's Control Station infrastructure, enabling high-performance wired connectivity across all system components.
This guide provides comprehensive configuration instructions for managed network switches in the Hyperloop UPV infrastructure. Switches form the backbone of wired connectivity, providing reliable, high-bandwidth connections between critical system components.
Control Station Network (192.168.0.0/24)
βββ Management Switch (Core)
β βββ Control Station PC (192.168.0.9)
β βββ NAP Control Unit (192.168.0.101)
β βββ Raspberry Pi Router (192.168.0.10)
β βββ Network Monitoring (192.168.0.50)
β
βββ Vehicle Network Switch
β βββ Connected via NAP wireless bridge
β
βββ Booster Network Switch
βββ Connected via NAP wireless bridge
- Managed Switches: Cisco SG300/SG500 series or equivalent
- Ports: 24-48 ports (depending on deployment size)
- Speed: Gigabit Ethernet (1000 Mbps minimum)
- Features: VLAN support, QoS, SNMP management
- Power: PoE+ capability for NAP devices
- Rack mounting for permanent installations
- Redundant power supplies for critical deployments
- Console port for out-of-band management
- Link aggregation capabilities for high availability
- Cat6 or Cat6a ethernet cables
- Fiber optic for long-distance connections
- Proper cable management for maintenance access
- Redundant uplinks between switches
- Mount switch in rack or secure location
- Connect power and verify status LEDs
- Connect console cable for initial configuration
- Connect management network cable
# Using screen (Linux/macOS)
screen /dev/ttyUSB0 9600
# Using PuTTY (Windows)
# Port: COM1, Speed: 9600, Connection: Serial
# Default credentials (varies by manufacturer)
# Cisco: admin/admin or cisco/cisco
# HP: admin/[blank]
# Netgear: admin/password# Cisco SG300 series example
configure
hostname "Hyperloop-Core-Switch"
username admin password "SecurePassword123!" privilege 15
enable password "SecurePassword123!"
# Set timezone
clock timezone "Europe/Madrid" 1
clock summer-time "Europe/Madrid" recurring
# Save configuration
copy running-config startup-config# Configure management VLAN
interface vlan 1
ip address 192.168.0.20 255.255.255.0
ip default-gateway 192.168.0.1
no shutdown
# Enable SSH
crypto key generate rsa
ip ssh server
ip ssh timeout 60
ip ssh authentication-retries 3
# Disable telnet (security)
no ip telnet server| VLAN ID | Name | Purpose | Subnet |
|---|---|---|---|
| 1 | Management | Switch management and control | 192.168.0.0/24 |
| 10 | Control | Control Station operations | 192.168.0.0/24 |
| 20 | Vehicle | Vehicle network traffic | 192.168.1.0/24 |
| 30 | Booster | Booster network traffic | 192.168.2.0/24 |
| 99 | Isolated | Quarantine/guest access | 192.168.99.0/24 |
# Create VLANs
vlan database
vlan 10 name "Control" media ethernet
vlan 20 name "Vehicle" media ethernet
vlan 30 name "Booster" media ethernet
vlan 99 name "Isolated" media ethernet
exit
# Configure access ports
interface range gigabitethernet1/0/1-10
switchport mode access
switchport access vlan 10
spanning-tree portfast
no shutdown
# Configure trunk ports (for NAP connections)
interface gigabitethernet1/0/24
switchport mode trunk
switchport trunk allowed vlan 10,20,30
no shutdown
# Configure management ports
interface range gigabitethernet1/0/45-48
switchport mode access
switchport access vlan 1
no shutdown# Enable port security on access ports
interface range gigabitethernet1/0/1-23
switchport port-security
switchport port-security maximum 3
switchport port-security violation restrict
switchport port-security aging time 10
switchport port-security aging type inactivity# Enable 802.1X for device authentication
dot1x system-auth-control
dot1x critical recovery delay 1000
# Configure per-port
interface range gigabitethernet1/0/1-20
dot1x port-control auto
dot1x reauthentication
dot1x timeout reauth-period 3600# Create management ACL
access-list 100 permit tcp 192.168.0.0 0.0.0.255 any eq 22
access-list 100 permit tcp 192.168.0.0 0.0.0.255 any eq 443
access-list 100 permit udp 192.168.0.0 0.0.0.255 any eq 161
access-list 100 deny ip any any
# Apply to management interface
interface vlan 1
ip access-group 100 in# Configure SNMPv3 (secure)
snmp-server group readonly v3 priv read iso
snmp-server user hyperloop-monitor readonly v3 auth sha AuthPass123 priv aes PrivPass123
# Disable older SNMP versions
no snmp-server community public
no snmp-server community private# Configure QoS trust
mls qos
# Trust DSCP markings from devices
interface range gigabitethernet1/0/1-24
mls qos trust dscp
auto qos voip trust
# Map traffic classes
mls qos map cos-dscp 0 8 16 24 32 46 48 56# Configure priority queues
mls qos queue-set output 1 threshold 1 138 138 92 138
mls qos queue-set output 1 threshold 2 138 138 92 138
mls qos queue-set output 1 threshold 3 36 77 100 318
mls qos queue-set output 1 threshold 4 20 50 67 400
# Real-time traffic (emergency commands)
class-map match-all EMERGENCY
match dscp ef
# Critical data (sensor readings)
class-map match-all CRITICAL
match dscp cs5
# Normal data (general communication)
class-map match-all NORMAL
match dscp default
# Configure policy
policy-map HYPERLOOP-QOS
class EMERGENCY
priority percent 20
class CRITICAL
bandwidth percent 60
class NORMAL
bandwidth percent 20
# Apply to interfaces
interface range gigabitethernet1/0/1-24
service-policy output HYPERLOOP-QOS# Configure SNMP monitoring
snmp-server location "Hyperloop Control Station"
snmp-server contact "network-admin@hyperloop-upv.com"
# Interface monitoring
snmp-server enable traps snmp linkdown linkup
snmp-server enable traps port-security
snmp-server enable traps config
# Set trap destination
snmp-server host 192.168.0.50 version 3 priv hyperloop-monitor# Configure logging levels
logging buffered 8192 informational
logging console critical
logging monitor informational
# Remote logging to syslog server
logging 192.168.0.50
logging facility local7
logging source-interface vlan 1
# Log specific events
logging event link-status default
logging event spanning-tree default# Create port channel for uplinks
interface port-channel 1
switchport mode trunk
switchport trunk allowed vlan 10,20,30
# Add member ports
interface range gigabitethernet1/0/47-48
channel-group 1 mode active
no shutdown# Enable Rapid PVST+
spanning-tree mode rapid-pvst
# Configure root bridge priority
spanning-tree vlan 1,10,20,30 priority 4096
# Enable portfast on access ports
interface range gigabitethernet1/0/1-23
spanning-tree portfast
# Enable BPDU guard
spanning-tree portfast bpduguard default# Enable port mirroring for traffic analysis
monitor session 1 source interface gigabitethernet1/0/1-10
monitor session 1 destination interface gigabitethernet1/0/24
# RSPAN for remote monitoring
vlan 100
remote-span
interface gigabitethernet1/0/24
switchport mode access
switchport access vlan 100# Show interface status
show interfaces status
show interfaces gigabitethernet1/0/1
# Show VLAN information
show vlan brief
show vlan id 10
# Show spanning tree status
show spanning-tree brief
# Show port security
show port-security
show port-security interface gigabitethernet1/0/1# Check port status
show interfaces status
show interfaces gigabitethernet1/0/X
# Check for errors
show interfaces gigabitethernet1/0/X | include error
show logging | include gigabitethernet1/0/X
# Reset interface
interface gigabitethernet1/0/X
shutdown
no shutdown# Verify VLAN membership
show vlan brief
show interfaces switchport
# Check trunk configuration
show interfaces trunk
show spanning-tree vlan 10# Check QoS statistics
show mls qos interface gigabitethernet1/0/1 statistics
show policy-map interface gigabitethernet1/0/1
# Monitor utilization
show interfaces gigabitethernet1/0/1 | include rate- Monitor port utilization regularly
- Adjust QoS policies based on traffic patterns
- Implement rate limiting for non-critical traffic
- Use link aggregation for high-bandwidth requirements
- Enable spanning tree portfast on access ports
- Configure appropriate queue priorities
- Minimize broadcast domains with VLANs
- Use hardware switching for best performance
- Verify all critical ports are operational
- Check system logs for errors or warnings
- Monitor interface utilization
- Verify spanning tree topology
- Review QoS statistics and adjust policies
- Check SNMP monitoring alerts
- Update port security tables
- Backup configuration
- Firmware updates and security patches
- Performance analysis and optimization
- Cable plant inspection
- Disaster recovery testing
# Manual backup
copy running-config tftp://192.168.0.50/backups/switch-config-$(date +%Y%m%d).cfg
# Automated backup script
#!/bin/bash
DATE=$(date +%Y%m%d-%H%M)
SWITCH_IP="192.168.0.20"
BACKUP_SERVER="192.168.0.50"
# Use expect or similar for automated login
expect -c "
spawn ssh admin@$SWITCH_IP
expect 'Password:'
send 'SecurePassword123!\r'
expect '#'
send 'copy running-config tftp://$BACKUP_SERVER/backups/switch-$DATE.cfg\r'
expect '#'
send 'exit\r'
"- Network Overview - Complete network architecture
- NAP Configuration - Wireless access points
- Raspberry Pi Router - Inter-network routing
- Troubleshooting Network - Network diagnostics
β Switch Configuration Complete!
Your network switching infrastructure is now configured for optimal performance, security, and reliability. Regular monitoring and maintenance following the procedures above will ensure continued operational excellence.