Com omm mand Line Based Based Swit ch (CLI (CLI ) Basic Con onff igur igur at ion Swit ch > enable Swit enable Swit Sw it ch #
Used Used t o ent ent er pri vileged mode mode f r om nor nor mal mode mode on on CLI CLI swit swit ch Pr ivi leged mode mode
Swit ch# Swit ch# erase erase star t up- con conf ig Swit Sw it ch# ch# del del f lash:vlan lash:vlan.. dat dat
Er ases ses t he sw swit ch conf conf igur igur at ion but not not t he VLAN VLAN conf conf igur igur at ion Er ases ses t he VLAN VLAN conf conf igur igur at ion
Swit ch(co Swit ch(con nf ig)# host host nam ame e name Swit Sw it ch(conf ch(conf ig)# no host host nam name
To r enam ename e t he swit swit ch Convert onvert s t he swit swit ch nam name e back back t o Sw Swit it ch
passworr d Set s enable Swit ch(conf Swit ch(conf ig)# enable enable pas passw sword ord passwo enable passw passwor or d passworr d Swit Sw it ch(conf ch(conf ig)# enable enable sec secrr et passwo Set s en ena able pass passwo worr d in encr encr ypt ed f orm
Swit Sw it ch(conf ch(conf ig)# no ip dom domain- lookup lookup
To prevent prevent swit swit ch f r om t r ying t o f ind a missp misspelled elled com command
Swit ch(con Swit ch(conff ig)# line Swit Sw it ch(con ch(conff ig- line)# line)# Swit Sw it ch(co ch(con nf ig- line) line)# # Swit Sw it ch(co ch(con nf ig- line) line)# # Swit Sw it ch(conf ch(conf ig- line)#
To ent ent er line conf conf igur igur at ion mode f or t he cons console ole port port Conf onf igur es a pas passw swor or d on t he console console por por t Enables Enables passwo passworr d check ing Set s t he idle t imeout imeout peri od in minut es and and seconds seconds Modif Mo dif ies mess messa age logg logging ing f acili acili t ies f or synchr synchr onized onized out out put put
con con 0 passworr d passw asswo or d passwo log login execexec- t imeo imeou ut 0 0 loggin logging g synchr synchr onou onous s
Swit ch(co Swit ch(conf ig)# line vt y 0 15 passworr d Swit Sw it ch(con ch(conff ig- line)# line)# passw asswo or d passwo Swit Sw it ch(co ch(con nf ig- line) line)# # log login Swit Sw it ch# show show ver ver sion sion Swit Sw it ch# show show vlan nt er f a ce ce Swit Sw it ch# ch# sho show int int erf ace ace i nt
Conf onf igur igur es t erminal erminal li ne set set t ings ings Conf onf igures a passw password ord on t he t er minal inal li nes nes (t elnet elnet )
I ndicat ndicat es I OS ver ver sion, sion, syst syst em imag image e f ile, base base MAC addr addr ess, ess, mode modell # , conf conf igur igur at ion r egist egist er (0x F), ser ser ial # , and and more Shows Shows what what VLANs ar ar e conf conf igured on t he swit swit ch and and which which port s ar ar e in which VLANs. Shows Shows int er f ace set t ings including MAC addr ess, ess, duplex, duplex, speed speed
Not e: MAC addr addr ess ess o off an int erf ace ace = Base MAC addr ess ess o off swit swit ch + por por t # Swit ch# Swit ch# dir f las lash: Swit Sw it ch# sho show f lash lash
Bot Bot h of t hese com comm mands ands show show inf ormat ormat ion abou aboutt f lash mem memory ory
To t elnet , ping, ping, or or globally globally mana manage ge t he swit swit ch, you must ust assign assign an I P address. I f t he I P addr ess is on t he sam same subnet subnet as t he man manag agem emen entt VLAN, VLAN, t he swit swit ch will aut aut om omat at ically be associa associatt ed wit h VLAN 1. 1. Swit ch# Swit ch# con conf ig t Swit Sw it ch(conf ch(conf ig)# int int erf ace ace vlan vlan 1
Ent Ent er s global global conf conf igurat ion mode Ent ers vlan 1 conf conf igur igur at ion
Swit ch(c Swit ch(co onf ig)# ig)# ip address address 10. 1. 1. 1 255.255. 255.0 Swit Sw it ch(co ch(con nf ig)# ig)# exit Swit Sw it ch# ch# ip def def aultault- gat ew ewa ay 10. 1.1. 254
Assigns an an I P addr ess t o vlan 1
Swit ch# Swit ch# sho show int int erf ace ace Swit Sw it ch# show show conf conf ig
To view view t he sw swit ch’s ch’s int int erf aces To view view swit swit ch conf conf igur igur at ion
Set s a def ault ault gat gat eway eway so t hat you may acces access s t he swit swit ch via a r out er
Swit ch(conf ig- if )# descript ion comment s
To descr ibe an int erf ace. Surr ound t he comment s wit h quot es if you want t o leave spaces.
Swit ch(conf ig- if )# speed 10|100| aut o Swit ch(conf ig- if )# duplex aut o| f ull| half
Set s por t speed Set s t he port duplex. Full is def ault f or 100Mbps and half is def ault f or 10Mbps por t s.
I OS-based swit ches r emember t he last 10 commands in t he hist or y buf f er . Use t he bang (!) symbol t o recall pr evious commands. !! !n
Recall pr evious command Recall command number n (use hist or y command t o see commands st or ed in t he buf f er )
^ aa^ bb
Recalls command wit h aa and r eplaces aa wit h bb
Por t Secur it y Swit ch# show mac- address- t able
Displays MAC f orwar ding t able
Swit ch# show mac address- t able Newer command t o display MAC f orwardi ng t able (no hyphen) Swit ch# clear mac addr ess- t able dynamic Reset MAC addr ess t able Swit ch(conf ig)# mac address- t able st atic mac- addr vlan vlan- id int erf ace i nt e r f a ce- i d Used t o set a st at ic MAC address t o be accept ed on a given por t . Ent er t he MAC addr ess in t he f or m xx xx .xxxx .xxxx Swit ch(conf ig- if )# swit chport mode access Swit ch(conf ig- if )# swit chport port - securit y
Set s mode on por t t o access only Enables por t -secur it y
Swit ch(conf ig- if )# swit chpor t por t - secur it y mac- address st icky
All ows por t t o accept only one device
Swit ch(conf ig- if )# por t secur it y max- mac- count #
On 2900 s: Limit s t he amount of host s per por t
Swit ch(conf ig- if )# swit chpor t por t - secur it y maximum #
On 2950 s: Limit s t he amount of host s per por t
Swit ch(conf ig- if )# swit chpor t por t - secur it y violat ion [shut down | pr ot ect | r est r ict ] Act ion t o t ake when t her e has been a securi t y violat ion. Rest r ict sends a t r ap t o t he net work management st at ion. Pr ot ect dr ops packet s when t he packet limit is r eached.
Removing Por t Secur it y I f a secur it y violat ion occur s and t he port has been disabled, f ir st t r y shut t ing t he por t down (shut ) and t hen br inging it back up (no shut ). I f it t r ies t o come back up but shut s down again: • • • • •
Swit ch(conf ig- if )# Swit ch(conf ig- if )# Swit ch(conf ig- if )# Swit ch(conf ig- if )# Swit ch(conf ig- if )#
no swit chpor t por t - secur it y no swit chpor t por t - secur it y mac- address st icky no swit chpor t por t - secur it y mac- address st icky mac_addr ess shut no shut
Passwor d r ecover y (Pr ocedur es may be f ound on Cisco’s websit e at ht t p:/ / www.cisco.com/ war p/ public/ 474/ .) •
On a 2900XL or 2950, t he procedur e is as f ollows: o o o o o
Use HyperT er minal t o st ar t a console session wit h t he swit ch. Unplug t he swit ch. While holding t he MODE but t on in, t urn plug t he swit ch t o t ur n it back on. Release t he MODE but t on when t he STAT LED goes out . I nit ialize t he f ile syst em and f inish loading t he oper at ing syst em by t yping: Flash_init init ializes f lash f ile syst em Load_helper loads and init ializ es a helper image Dir f lash: t o see what is in f lash Rename f lash:conf ig.t ext f lash:conf ig. old r enames t he conf igur at ion f ile Type boot t o r eboot t he swit ch Choose N t o not cont inue wit h t he conf igur at ion dialog. The operat ing syst em will f inish loading wit hout a conf igur at ion f ile. This has ef f ect ively bypassed t he passwords. Swit ch# r ename f lash:conf ig. old f lash:conf ig. t ext Renames conf ig f il e back t o or iginal §
§
§
o o o
o o o
Swit ch# copy f lash:conf ig. t ext syst em: r unning- conf ig Copies conf ig int o DRAM Now you may change t he passwor ds and save t he new conf igurat ion f il e.
Not e: Since you cannot get t o t he power cor d on t he ot her side of t he swit ch, you may use t he f ollowing procedur e t o get t o t he f lash init step: Type r eload. Pr ess Ent er t o conf ir m t he reload. As soon as you seen “Reload r equest ed” on t he scr een, hold t he MODE but t on in. Release t he MODE but t on when you see t he SYSTEM li ght change t o solid gr een (not blinking). §
§
§
§
•
On a 1900: o Console int o t he swit ch. Unplug t he swit ch. o o o
o o
Hold t he MODE but t on in whil e plugging t he swit ch back in. Release t he MODE but t on when you see t he Cisco Syst ems Diagnost ics Console or a couple seconds af t er t he LED above por t 1x goes of f . Pr ess Ent er t o cont inue Observe t he f ir mwar e revision number. I f 1.09 or ear lier, call Cisco f or t he f act ory -inst alled password. I f 1.10 or lat er, choose C t o cont inue wit h st andar d syst em st ar t up. The syst em will t ake a minut e t o per f orm a self - t est . Then you will be asked if you wish t o clear t he passwords.
Fir mwar e Upgrades Swit ch# Swit ch# Swit ch# Swit ch# Swit ch#
show boot dir f lash: r ename f lash: I OS_f ile_name.bin no ip ht t p server delet e f lash:ht ml/ *
shows conf ig f ile shows cont ent s of f lash memory f lash: I OS_f ile_name.old Disables access t o swit ch HTM L pages t empor ari ly Removes exi st ing ht ml f iles
Download t he swit ch I OS and HT ML f iles f r om Cisco Connect ion Onli ne wit h a CCO account . You will need t he .t ar f ile. Swit ch# archive t ar / x t f t p:/ / ip_address_of _t f t p_server/ I OS_image_f ile. t ar f lash: Ext r act s new I OS image and HTML f iles t o f lash memory. Swit ch# ip ht t p ser ver Re- enables access t o HT ML pages Swit ch# boot syst em f lash:I OS_f ile_name.bin Associat es t he new I OS f ile Swit ch# r eload
TFTP Servers Swit ch# copy f lash:c2900XL- c3h2s- mz- 120- 5. 3.WC. 1.bin t f t p Copies t he I OS in f lash memory wit h t he given f ile name (case sensit ive) t o a t f t p server . Swit ch# copy t f t p f lash Copies an image on a t f t p ser ver i nt o f lash memory on t he swit ch. Swit ch# copy run t f t p Switch# copy st art t f t p Swit ch# copy t f t p run Swit ch# copy t f t p st art
Copies running-conf ig on swit ch t o a t f t p ser ver Copies st ar t up-conf ig on swit ch t o a t f t p server Copies r unning-conf ig f r om a t f t p server t o t he swit ch Copies start up-conf ig f r om a t f t p server t o t he swit ch
Spanning Tr ee Pr ot ocol Br idge I D (BI D) = Br idge priorit y. Base MAC Address Root Br idge: lowest BI D Swit ch# show spanning- t r ee brief Swit ch# show spanning- t r ee
For ver sion 12.0 For version 12.1
Swit ch(conf ig)# spanning- t r ee pr ior it y # Changes pri ori t y f or ver sion 12.0 Swit ch(conf ig)# spanning- t r ee vlan 1 pr iorit y 4096 Changes pri ori t y in increment s of 4096 f or version 12.1 Root por t is t he por t closest t o t he r oot br idge (lowest cost t o get t o t he r oot br idge). Designat ed port s ar e t he port s wit h lowest cost t o t he r oot br idge. STP St at es
VLANs Swit ch# show vlan Swit ch# show vlan- member ship
Displays vl ans Displays vlans on a 190 0 swit ch
Swit ch# vlan dat abase
Fr om pr iviledged mode, ent er s vlan dat abase mode t o conf igure VLANs Add, delet e, or modif y values of a vlan
Swit ch(vlan)# vlan # name name Swit ch# conf ig t Swit ch(conf ig)# vlan # name name
Used on 190 0’s f or t he above commands.
Swit ch(conf ig- if )# swit chpor t mode access Swit ch(conf ig- if )# swit chpor t access vlan #
Set s t r uning mode t o access Assigns int erf ace t o t he vlan
Swit ch(conf ig- if )# vlan st at ic #
Used on a 1900 seri es swit ch inst ead of t he above t wo commands
Swit ch# show vlan id # Swit ch# show vlan name VLAN # Swit ch# show vlan #
Displays inf ormat ion about a specif ic vlan only Alt er nat e command
Swit ch(conf ig- if )# no swit chpor t mode access Swit ch(conf ig- if )# no swit chport access vlan #
Removes an int er f ace f r om a vlan
Swit ch# vlan dat abase
Delet es a vlan
Used on a 190 0 ser ies swit ch
Swit ch# no vlan #
Tr unking Swit ch(conf ig)# int f a0/ 1 Swit ch(conf ig- if )# swit chpor t mode tr unk Swit ch(conf ig- if )# swit chpor t t r unk encapsulat ion [isl | dot 1q]
Set s por t t o t r unk Set s t he t r unking encapsulat ion on por t Thi s line is not needed on a 2950 since it only suppor t s dot 1q t r unking.
Swit ch# show inter f ace # swit chpor t
To view t r unking inf ormat ion on int er f ace
Swit ch(conf ig- if )# swit chpor t t r unk allowed vlan r emove vlan_ids To r emove t r unk links Not es: •
• •
Bot h sides of a tr unk must use t he same encapsulat ion. o The Cat alyst 2950 only suppor t s dot 1q o The Cat alyst 2900 XL and 355 0 suppor t bot h dot 1q and isl For host s t o communicat e t hr u a swit ch, t hey must be on t he same vlan. I n or der f or host s t o communicat e on dif f erent VLANs, a layer 3 device must r out e t he t r af f ic.
VLAN Tr unking Pr ot ocol (VTP) Client and Ser ver Conf igur at ion Swit ch# vlan dat abase Swit ch(vlan)# vt p v2- mode Swit ch(vlan)# vtp [ser ver | client ] Swit ch(vlan)# vt p password passwor d Swit ch(vlan)# vt p domain name
Changes t he versi on of VTP t o a newer version. Use only i f all swit ches suppor t version 2. Ver sion 1 is t he def ault . Conf igur es swit ch t o be a VTP ser ver or cli ent. Server is t he def ault . To secur e t he domain. Opt ional. Set s t he name of t he VTP administ r at ive domain
The above commands may also be ent er ed in global conf igurat ion mode: Swit ch(conf ig)# Swit ch(conf ig)# Swit ch(conf ig)# Swit ch(conf ig)#
•
vt p vt p vt p vt p
version 2 domain name passwor d passwor d mode [ser ver | clent ]
Addi ng a Swit ch t o a VTP Domain: o o o
Er ase st art t o clear t he conf igur at ion of t he new swit ch Power cycle t he swit ch t o clear NVRAM Swit ch# show vtp st at us Det er mines whet her ser ver or cli ent . Make sure t he Conf igur at ion r evision number i s set t o zero. §
Veri f icat ion Commands: Swit ch# show vt p st at us Swit ch# show vt p count ers
Conf igur e I nt er- VLAN Rout ing Rout er(conf ig)# int erf ace # Rout er(conf ig- if )# no shut down Rout er(conf ig)# int erf ace # . s ub Rout er(conf ig- if )# encapsulat ion [isl | dot 1q} vlan Rout er(conf ig- if )# ip address address subnet
Access t he physical int erf ace Turn t he physical int erf ace on Conf igur e a subint erf ace on t he rout er-on-a- st ick Conf igur e t he encapsulat ion and vlan # Conf igur e t he I P address f or t he subint erf ace
