CCNA Lab 6: Switch Replacement Procedure

A switch fails at 2 AM. The replacement arrives the next morning. Without a documented procedure, you will forget something — and that something will cause an outage.

Prerequisites

Before the switch arrives:

Backup of the failed switch config (see CCNA Lab 4)
Console cable and USB-serial adapter
Laptop with terminal emulator (screen, PuTTY, SecureCRT)
IP address, subnet mask, default gateway recorded
Physical location of failed switch (rack, row, port numbers)
Patch panel mappings (which port connects to which device)
IOS image matching the failed switch
TFTP server reachable
Spare SFPs/GBICs if needed

Step 1: Physical Replacement

# Before touching anything
1. Verify the replacement switch model matches the failed unit
2. Check power requirements (PoE budget, voltage)
3. Label all cables before disconnecting
4. Take a photo of the current cabling
5. Power off the failed switch
6. Disconnect cables
7. Install the replacement in the rack
8. Reconnect all cables per your labels/photo
9. Power on the replacement

Step 2: Minimal Boot Config

! Immediately after power-on
enable
configure terminal
 
! Set management IP on the native VLAN
interface vlan 1
 ip address 192.168.1.10 255.255.255.0
 no shutdown
exit
ip default-gateway 192.168.1.1
end

Test connectivity:

ping 192.168.1.1
ping 192.168.1.100   ! TFTP server

Step 3: Restore Configuration

Option A: Full Config Restore via TFTP

copy tftp://192.168.1.100/FAILED-SW-1-confg running-config

Option B: Erase and Full Load

copy tftp://192.168.1.100/FAILED-SW-1-confg startup-config
reload

Option C: Manual Config (if no backup exists — last resort)

configure terminal
hostname REPLACEMENT-SW-1
!
vlan 10
 name DATA
vlan 20
 name VOICE
vlan 99
 name NATIVE
!
interface range Gi0/1-24
 switchport mode access
 switchport access vlan 10
!
interface Gi0/24
 switchport mode trunk
 switchport trunk native vlan 99
 switchport trunk allowed vlan 10,20,99
!
end
wr

Step 4: Verify Port Status

show interfaces status
show interfaces description
show interfaces trunk
show spanning-tree
show vlan brief

Check for error-disabled ports:

show interfaces status | include err

Recover error-disabled ports:

interface range Gi0/1-24
 shutdown
 no shutdown

Step 5: Verify Connected Devices

# From the switch
show mac address-table
show cdp neighbors
show lldp neighbors

If the switch fails to show expected neighbors:

Check cable integrity
Verify port VLAN assignment
Check STP state (may be blocking)
Check port-security violations

Step 6: Update Documentation

After replacement:

Update IPAM with new switch MAC address
Update monitoring system (SNMP community, syslog server)
Update NMS (SolarWinds, PRTG, LibreNMS)
Log the RMA number and replacement date
Test failover paths (redundant links, HSRP/VRRP)

Post-Replacement Checklist

# Connectivity
ping 10.0.0.1          # Default gateway
ping 10.0.0.100        # TFTP server
ping 10.0.0.200        # DNS server
 
# Switching
show vlan brief        # All VLANs present
show interfaces trunk  # All trunks up
show spanning-tree     # Root bridge correct
 
# Security
show port-security     # No violations
show ssh               # SSH enabled
show aaa               # AAA working

Common Issues After Replacement

Issue	Likely Cause	Fix
Ports in err-disabled	CDP/LLDP mismatch or port-security violation	`shutdown / no shutdown`
No connectivity on trunk	Native VLAN mismatch	Match native VLAN on both ends
STP blocking active links	Root bridge changed	Set `spanning-tree vlan X root primary`
PoE not working	Insufficient power budget	Check PoE config: `power inline auto`
VLANs missing	VTP purged VLAN database	Recreate VLANs manually on VTP transparent

Time Targets

Step	Target Time	Notes
Physical swap	10-15 min	Labeled cables save time
Boot config	2 min	Management IP only
Config restore	5 min	Faster with TFTP
Verification	10 min	Check ports, neighbors, STP
Total	~30 min	With proper preparation

A documented procedure and tested backup reduce switch replacement from a panicked hour to a calm 30 minutes.