Complete Setup Guide for Cisco Catalyst 9300

Setting up a Cisco Catalyst 9300 Series switch involves several steps, from physical installation to advanced configuration. This comprehensive guide walks you through the entire setup process, ensuring your Catalyst c9300 operates efficiently, securely, and optimally within your network infrastructure.

Table of Contents

1. Introduction


2. Pre-requisites


3. Unboxing and Physical Installation


4. Initial Power-Up and Basic Configuration
   
   
   
   • Accessing the Switch
   
   
   • Basic CLI Configuration
   
   
   
   


5. Stacking Configuration with StackWise-480


6. Advanced Configuration
   
   
   
   • VLAN Configuration
   
   
   • Port Security
   
   
   • Quality of Service (QoS)
   
   
   • Spanning Tree Protocol (STP)
   
   
   
   


7. Integrating with Cisco DNA Center


8. Security Enhancements
   
   
   
   • Cisco TrustSec
   
   
   • MACsec Encryption
   
   
   • Role-Based Access Control (RBAC)
   
   
   
   


9. Monitoring and Management
   
   
   
   • Using Cisco DNA Center
   
   
   • Cisco Prime Infrastructure
   
   
   • SNMP and Syslog Integration
   
   
   
   


10. Verification and Testing


11. Troubleshooting Common Issues


12. Best Practices


13. Conclusion


14. Additional Resources

Introduction

The Cisco Catalyst 9300 Series is a robust, enterprise-class switch designed for secure, scalable, and reliable network access layers. Whether deploying in a single location or across multiple sites, the Catalyst 9300 offers advanced features like StackWise-480 technology, Power over Ethernet Plus (PoE+), and seamless integration with Cisco's Digital Network Architecture (DNA).

This guide provides a step-by-step approach to setting up the Catalyst 9300, ensuring optimal performance and security within your network environment.

Pre-requisites

Before commencing the setup process, ensure the following prerequisites are met:

• Hardware Requirements:
  
  
  
  • Cisco Catalyst 9300 switch(es)
  
  
  • Appropriate mounting hardware (rack-mount kits, brackets)
  
  
  • Power cables and redundant power supplies
  
  
  • StackWise-480 stack cables (if stacking)
  
  
  • Ethernet cables for network connectivity
  
  
  
  


• Software Requirements:
  
  
  
  • Latest Cisco IOS XE software compatible with Catalyst 9300
  
  
  • Access to Cisco DNA Center (optional but recommended for advanced management)
  
  
  • Cisco Prime Infrastructure (optional)
  
  
  
  


• Licensing:
  
  
  
  • Ensure you have the necessary licenses for advanced features (e.g., Cisco DNA Essentials or Advantage)
  
  
  
  


• Access Credentials:
  
  
  
  • Console access credentials (username and password)
  
  
  • Administrative access to network management platforms (e.g., Cisco DNA Center)
  
  
  
  


• Tools:
  
  
  
  • Console cable (RJ-45 to USB or serial)
  
  
  • Terminal emulator software (e.g., PuTTY, Tera Term)
  
  
  
  

Unboxing and Physical Installation

1. Unboxing

Carefully unpack the Catalyst 9300 switch from its packaging, ensuring all components are present:

• Catalyst 9300 switch unit


• Rack-mount kit or wall-mount brackets


• StackWise-480 stack cables (if applicable)


• Power cables


• Documentation (quick start guide, warranty information)

2. Physical Mounting

Rack-Mount Installation:

1. Prepare the Rack:
   
   
   
   • Ensure the rack is secure, level, and has adequate ventilation.
   
   
   • Install rail kits if not pre-installed.
   
   
   
   


2. Mount the Switch:
   
   
   
   • Slide the switch into the rack, aligning it with the rail kits.
   
   
   • Secure the switch using screws provided in the rack-mount kit.
   
   
   
   

Wall-Mount Installation:

1. Select Location:
   
   
   
   • Choose a wall with sufficient space and proper ventilation.
   
   
   
   


2. Attach Brackets:
   
   
   
   • Secure the wall-mount brackets using the provided screws.
   
   
   
   


3. Mount the Switch:
   
   
   
   • Align the switch with the brackets and secure it in place.
   
   
   
   

3. Connecting Power

1. Connect Power Supplies:
   
   
   
   • Insert the power cables into the power supply ports on the back of the switch.
   
   
   • Ensure redundancy by connecting multiple power supplies to different power sources (if available).
   
   
   
   


2. Power On:
   
   
   
   • Switch on the power supply units. The switch should begin its boot-up sequence, indicated by LED lights.
   
   
   
   

Initial Power-Up and Basic Configuration

Accessing the Switch

To perform the initial configuration, you need to access the switch via the console port.

1. Connect Console Cable:
   
   
   
   • Connect one end of the console cable to the switch's console port.
   
   
   • Connect the other end to your computer's serial or USB port.
   
   
   
   


2. Launch Terminal Emulator:
   
   
   
   • Open your terminal emulator software (e.g., PuTTY, Tera Term).
   
   
   • Configure the serial connection with the following settings:
     
     
     
     • Baud Rate: 9600
     
     
     • Data Bits: 8
     
     
     • Parity: None
     
     
     • Stop Bits: 1
     
     
     • Flow Control: None
     
     
     
     
   
   
   
   


3. Power Cycle the Switch:
   
   
   
   • If the switch is already powered on, restart it to initiate the setup process.
   
   
   
   

Basic CLI Configuration

1. Access Privileged EXEC Mode:
   
   
   
   • Once connected, you should see the switch's boot-up messages followed by the prompt.
   
   
   
   

Enter privileged EXEC mode by typing:
bash
Copy code
enable

Enter Global Configuration Mode:
Copy code
configure terminal

Set Hostname:
Copy code
hostname SwitchName

Configure Management Interface (VLAN 1 by Default):
perl
Copy code
interface vlan 1

ip address 192.168.1.2 255.255.255.0

no shutdown

exit

Set Default Gateway:
arduino
Copy code
ip default-gateway 192.168.1.1

Configure Console Password:
arduino
Copy code
line console 0

password YourConsolePassword

login

exit

Configure SSH Access:
lua
Copy code
ip domain-name yourdomain.com

copyright key generate rsa modulus 2048

username admin privilege 15 secret YourStrongPassword

line vty 0 15

transport input ssh

login local

exit

Save Configuration:
arduino
Copy code
write memory

Verifying Basic Configuration

Ping the Default Gateway:
Copy code
ping 192.168.1.1

Verify IP Address:
kotlin
Copy code
show ip interface brief

2. Check SSH Access:
   
   
   
   • From a remote machine, attempt to SSH into the switch using the configured IP address and credentials.
   
   
   
   

Stacking Configuration with StackWise-480

Cisco StackWise-480 allows up to 8 Catalyst 9300 switches to be stacked, providing a single logical switch with increased bandwidth and redundancy.

1. Physical Stacking

1. Connect Stack Cables:
   
   
   
   • Use StackWise-480 cables to connect the stack ports on each switch.
   
   
   • Ensure that the stack cables are securely connected in a ring topology to provide redundancy.
   
   
   
   


2. Power Up Stack Members:
   
   
   
   • Power on all switches in the stack.
   
   
   • The switches will automatically form a stack, with one switch elected as the stack master.
   
   
   
   

2. Stack Configuration

Verify Stack Membership:
arduino
Copy code
show switch detail

2. Set Stack Priority (Optional):
   
   
   
   • Assign a higher priority to the desired master switch.
   
   
   
   

arduino
Copy code
switch 1 priority 15

switch 2 priority 10

1. 
   
   
   
   • Save configuration and reload switches if necessary.
   
   
   
   

Configure Stack Master (If Needed):
arduino
Copy code
switch stack member 1 priority 15

Verify Stack Operation:
arduino
Copy code
show switch stack

show switch stack ring speed

3. Managing the Stack

• Single Management Interface: Manage all switches in the stack using the master switch’s IP address.


• Unified Configuration: Any configuration changes on the master are automatically propagated to member switches.

Advanced Configuration

VLAN Configuration

VLANs segment network traffic, enhancing security and performance.

Create VLANs:
bash
Copy code
vlan 10

name Sales

exit

vlan 20

name Engineering

exit

Assign VLANs to Ports:
go
Copy code
interface range GigabitEthernet1/0/1 - 24

switchport mode access

switchport access vlan 10

exit

Configure Trunk Ports:
kotlin
Copy code
interface GigabitEthernet1/0/25

switchport mode trunk

switchport trunk allowed vlan 10,20

exit

Verify VLAN Configuration:
sql
Copy code
show vlan brief

Port Security

Enhance security by controlling access to switch ports.

Enable Port Security:
c
Copy code
interface GigabitEthernet1/0/1

switchport port-security

switchport port-security maximum 2

switchport port-security violation restrict

switchport port-security mac-address sticky

exit

Verify Port Security:
kotlin
Copy code
show port-security interface GigabitEthernet1/0/1

Quality of Service (QoS)

Prioritize critical traffic to ensure optimal performance.

Define QoS Policies:
python
Copy code
class-map match-all VOIP

 match ip dscp ef

exit

policy-map PRIORITY-VOIP

 class VOIP

  priority percent 30

exit

Apply QoS Policies to Interfaces:
kotlin
Copy code
interface GigabitEthernet1/0/25

service-policy output PRIORITY-VOIP

exit

Verify QoS Configuration:
go
Copy code
show policy-map interface GigabitEthernet1/0/25

Spanning Tree Protocol (STP)

Prevent network loops and ensure redundancy.

Enable Rapid Spanning Tree Protocol (RSTP):
Copy code
spanning-tree mode rapid-pvst

Configure PortFast for Edge Ports:
go
Copy code
interface range GigabitEthernet1/0/1 - 24

spanning-tree portfast

exit

Verify STP Status:
sql
Copy code
show spanning-tree

Integrating with Cisco DNA Center

Cisco DNA Center provides centralized management, automation, and analytics for Cisco networks, including the Catalyst 9300 Series.

1. Connect Catalyst 9300 to Cisco DNA Center

1. Ensure Connectivity:
   
   
   
   • The switch should be reachable from Cisco DNA Center over the network.
   
   
   
   


2. Add Device to Cisco DNA Center:
   
   
   
   • Navigate to Provision > Network Devices in Cisco DNA Center.
   
   
   • Click Add Device and enter the switch’s IP address or hostname.
   
   
   • Provide the necessary SSH credentials for authentication.
   
   
   
   


3. Verify Device Discovery:
   
   
   
   • Cisco DNA Center should discover the switch and display its details.
   
   
   
   

2. Configure Cisco DNA Center Policies

1. Define Network Policies:
   
   
   
   • Create policies for security, access control, and application prioritization based on organizational needs.
   
   
   
   


2. Automate Provisioning:
   
   
   
   • Use Cisco DNA Center’s automation capabilities to deploy configurations across multiple switches, ensuring consistency and reducing manual effort.
   
   
   
   


3. Monitor and Analyze:
   
   
   
   • Utilize Cisco DNA Center’s analytics tools to monitor network performance, detect anomalies, and gain actionable insights.
   
   
   
   

Security Enhancements

Enhancing the security of your Catalyst 9300 ensures robust protection against unauthorized access and cyber threats.

Cisco TrustSec

Cisco TrustSec provides scalable security through software-defined segmentation.

Enable TrustSec:
csharp
Copy code
security

authentication event fail action authorize vlan 999

Define Security Group Tags (SGTs):
csharp
Copy code
security group-tag Sales

security group-tag Engineering

Apply SGTs to VLANs:
vbnet
Copy code
vlan 10

name Sales

security group-tag Sales

exit

vlan 20

name Engineering

security group-tag Engineering

exit

2. Configure Access Control Policies:
   
   
   
   • Use Cisco ISE to define policies based on SGTs, controlling traffic between different segments.
   
   
   
   

MACsec Encryption

MACsec encrypts data at the Layer 2 level, ensuring data confidentiality and integrity.

Enable MACsec on Interfaces:
vbnet
Copy code
interface GigabitEthernet1/0/25

mka policy myMACsecPolicy

mka key0 aes-cmac-256 <hex-key>

mka policy default

mka key0 aes-cmac-256 <hex-key>

exit

Verify MACsec Status:
sql
Copy code
show mka sessions

Role-Based Access Control (RBAC)

RBAC restricts network access based on user roles.

Define User Roles:
sql
Copy code
username admin privilege 15 secret YourStrongPassword

username user privilege 1 secret UserPassword

2. Assign Roles to Access:
   
   
   
   • Configure access controls on interfaces to restrict based on roles.
   
   
   
   

Verify RBAC Configuration:
arduino
Copy code
show running-config | include username

Dynamic Segmentation

Dynamic Segmentation uses TrustSec policies to adjust network access based on real-time conditions.

1. Integrate with Cisco ISE:
   
   
   
   • Ensure Catalyst 9300 is integrated with Cisco Identity Services Engine (ISE).
   
   
   
   


2. Define Dynamic Policies:
   
   
   
   • Create policies in ISE that assign SGTs based on user authentication and device posture.
   
   
   
   


3. Apply Policies Automatically:
   
   
   
   • Allow dynamic assignment of access levels based on policies, enhancing security and flexibility.
   
   
   
   

Monitoring and Management

Effective monitoring and management are crucial for maintaining optimal network performance and quickly addressing issues.

Using Cisco DNA Center

1. Centralized Management:
   
   
   
   • Use Cisco DNA Center to manage configurations, policies, and automation across all Catalyst 9300 switches.
   
   
   
   


2. Assurance and Analytics:
   
   
   
   • Monitor network health, performance metrics, and user behaviors.
   
   
   • Identify and resolve issues proactively using DNA Center’s analytics tools.
   
   
   
   


3. Automated Workflows:
   
   
   
   • Implement automated workflows for provisioning, policy enforcement, and network adjustments based on real-time data.
   
   
   
   

Cisco Prime Infrastructure

1. Unified Dashboard:
   
   
   
   • Access a centralized view of network devices, performance metrics, and alerts.
   
   
   
   


2. Configuration Management:
   
   
   
   • Deploy and manage configurations across multiple switches, ensuring consistency and compliance.
   
   
   
   


3. Troubleshooting Tools:
   
   
   
   • Utilize diagnostic tools to identify and resolve network issues efficiently.
   
   
   
   

SNMP and Syslog Integration

Configure SNMP:
arduino
Copy code
snmp-server community public RO

snmp-server enable traps

Set Up Syslog:
bash
Copy code
logging host 192.168.1.100

logging trap informational

Verify SNMP and Syslog Configuration:
sql
Copy code
show snmp community

show logging

Verification and Testing

After completing the setup, verify that all configurations are correctly applied and the network operates as expected.

1. Ping Test:

Verify connectivity between the switch and the default gateway:
Copy code
ping 192.168.1.1

1. VLAN Verification:

Ensure VLANs are correctly assigned and operational:
sql
Copy code
show vlan brief

1. Stack Verification:

Confirm stack members and stack bandwidth:
arduino
Copy code
show switch stack

show switch stack ring speed

1. Security Verification:

Check TrustSec and MACsec configurations:
sql
Copy code
show security group-tag

show mka sessions

1. Management Access:
   
   
   
   • Test SSH access from a remote machine using the configured credentials.
   
   
   
   

Troubleshooting Common Issues

Despite careful setup, you may encounter issues. Here are common problems and their solutions:

Connectivity Problems

• Symptom: Devices cannot connect to the network or experience intermittent connectivity.


• Solution:
  
  
  
  • Verify physical connections and ensure cables are securely plugged in.
  
  
  • Check VLAN configurations and ensure devices are assigned to the correct VLANs.
  
  
  • Use show interfaces status to check port statuses.
  
  
  
  

Stacking Issues

• Symptom: Stack members are not recognized or stack bandwidth is not as expected.


• Solution:
  
  
  
  • Ensure StackWise-480 cables are properly connected.
  
  
  • Verify stack priority settings and adjust if necessary.
  
  
  • Restart stack members to re-establish connections.
  
  
  
  

PoE+ Power Concerns

• Symptom: Devices are not receiving power or experiencing power fluctuations.


• Solution:
  
  
  
  • Check power supply connections and ensure redundancy is properly configured.
  
  
  • Monitor PoE power usage using Cisco DNA Center or CLI commands (show power inline).
  
  
  • Adjust PoE budgets and prioritize critical devices if necessary.
  
  
  
  

Performance Bottlenecks

• Symptom: High latency, packet loss, or reduced throughput.


• Solution:
  
  
  
  • Analyze traffic patterns using Cisco DNA Center to identify sources of congestion.
  
  
  • Implement QoS policies to prioritize critical traffic.
  
  
  • Upgrade uplink modules if necessary to handle increased bandwidth demands.
  
  
  
  

Best Practices

Adhering to best practices ensures the Catalyst 9300 operates efficiently and securely.

Comprehensive Training

• Staff Training: Ensure that network administrators are trained in Catalyst 9300 management and Cisco DNA Center usage.


• Certification: Encourage certifications like Cisco Certified Network Associate (CCNA) and Cisco Certified Network Professional (CCNP).

Regular Firmware Updates

• Stay Current: Regularly update the switch firmware to benefit from the latest features, security patches, and performance improvements.


• Testing: Test firmware updates in a controlled environment before deploying them to production.

Data Privacy

• Secure Configurations: Implement strong access controls and encryption to protect sensitive data.


• Compliance: Ensure configurations comply with industry standards and regulations (e.g., GDPR, HIPAA).

Scalable Architecture

• Future-Proofing: Design your network to accommodate future growth and technological advancements.


• Modular Deployment: Utilize modular uplinks and stack configurations to easily scale as needed.

Monitoring and Analytics

• Continuous Monitoring: Use tools like Cisco DNA Center for real-time monitoring and analytics.


• Proactive Management: Identify and address potential issues before they impact network performance.

Conclusion

The Cisco Catalyst 9300 Series is a versatile and powerful solution for modern enterprise networks, offering advanced features, robust security, and seamless integration with Cisco's management and analytics platforms. By following this complete setup guide, organizations can ensure their Catalyst 9300 switches are configured optimally, providing reliable, secure, and high-performance network access.

Investing time in proper configuration, adhering to best practices, and leveraging Cisco's comprehensive support resources will maximize the benefits of the Catalyst 9300, driving operational efficiency and supporting the organization's growth and innovation goals.

Additional Resources

• Cisco Catalyst 9300 Series Switches Overview


• Cisco Catalyst 9300 Configuration Guides


• Cisco DNA Center


• Cisco Learning Network


• Cisco Certification Programs


• Cisco Technical Assistance Center (TAC)


• Cisco Support Portal


• Best Practices for Cisco Catalyst 9300


• Cisco Catalyst 9300 Series Overview Video


• Cisco Catalyst 9300 Case Studies

For personalized assistance or to explore how Cisco Catalyst 9300 can be tailored to your specific networking needs, contact a Cisco-certified partner or your local Cisco representative.

Ormsystems is a global source for IT solutions designed for businesses and public sectors. Acquire Cisco routers, Cisco switches, and other IT products through our platform.