Cisco Switches are managed through the several commands. Among those commands, in this tutorial I will explain some basic configuration commands with examples. These commands are highly tested in CCNA exam and most frequently used in real world scenario. For demonstration purpose I will use Packet Tracer network simulator software.
Create a topology as
shown in following figure
In this topology
Ø Two 2960 Switches are used.
Ø Switch1 (Interface Gig1/1) is connected with Switch2 (Interface Gig1/1) via cross cable.
Ø Switch1 has two PCs connected on interfaces Eth0/1 and Eth0/2 via straight through cable.
Ø Same as switch1, Switch2 also has two PCs connected on its interfaces Eth0/1 and Eth0/2.
Ø IP address is configured on all PCs PC0 (192.168.1.1/24), PC1 (192.168.1.2/24), PC2 (192.168.1.3/24), PC3 (192.168.1.4/24).
Click Switch1 and click CLI menu item and press Enter Key
Navigation between
different switch command modes
Cisco switches run on proprietary OS known as Cisco
IOS. IOS is a group of
commands used for monitoring, configuring and maintaining cisco devices. For
security and easy administration, IOS commands are divided in the set of
different command modes. Each command mode has its own set of commands. Which
commands are available to use, depend upon the mode we are in.
Navigation between Cisco IOS modes
Mode
|
Purpose
|
Prompt
|
Command to enter
|
Command to exit
|
User
EXEC
|
Allow
you to connect with remote devices, perform basic tests, temporary
change terminal setting and list
system information
|
Router
>
|
Default
mode after booting. Login with password, if configured.
|
Use exit
command
|
Privileged
EXEC
|
Allow
you to set operating parameters. It also includes high level testing and list
commands like show, copy and debug.
|
Router #
|
Use enable
command from user exec mode
|
Use exit
command
|
Global
Configuration
|
Contain
commands those affect the entire system
|
Router(config)#
|
Use configure
terminal command from privileged exec mode
|
Use exit
command
|
Interface
Configuration
|
Contain
commands those modify the operation of an interface
|
Router(config-if)#
|
Use interface type number command from global configuration mode
|
Use exit command to return in global
configuration mode
|
Sub-Interface
Configuration
|
Configure
or modify the virtual interface created from physical interface
|
Router(config-subif)
|
Use interface type sub interface number command from global configuration
mode or interface configure mode
|
Use exit
to return in previous mode. Use end command to return in
privileged exec mode.
|
Setup
|
Used by
router to create initial configuration, if running configuration is not
present
|
Parameter[Parameter
value]:
|
Router
will automatically insert in this mode if running configuration is not
present
|
Press CTRL+C to abort. Type yes to save configuration, or no to exit without saving when asked
in the end of setup.
|
ROMMON
|
If
router automatically enters in this mode, then it indicates that it fails to
locate a valid IOS image. Manual entrance in this mode Allow you to perform
low-level diagnostics.
|
ROMMON>
|
Enter reload command from privileged exec
mode. Press CTRL + C key
combination during the first 60 seconds of booting process
|
Use exit command.
|
How to get help on Cisco Switch command mode
Switch provides two types of context sensitive help, word help and command syntax help.
Word help
Word help is used to get a list of available commands that begin with a specific letter. For example if we know that our command begins with letter e, we can hit enter key after typing e? at command prompt. It will list all possible commands that begin with letter e.
Command syntax help
Command syntax help can be used to get
the list of keyword, commands, or parameters that are available starting with
the keywords that we had already entered. Enter ? (Question mark) after hitting Space
key and prompt will return with the list of available command options. For
example to know the parameters required by show ip command type show
ip ? and prompt will return with all associate parameters. If prompt
returns with <CR> only as an option, that means switch does not need any
additional parameters to complete this command. You can execute this command in
current condition.
Switch name can be set from global configuration mode. Use hostname [desired hostname] command to set name on switch.
Passwords are used to restrict physical access to switch. Cisco switch supports console line for local login and VTYs for remote login. All supported lines need be secure for User Exec mode. For example if you have secured VTYs line leaving console line unsecure, an intruder can take advantage of this situation in connecting with device. Once you are connected with device, all remaining authentication are same. No separate configuration is required for further modes.
Password can be set from their respective line mode. Enter in line mode from global configuration mode.
VTY term stand for virtual terminal such as telnet or SSH. Switch may support up to thousand VTYs lines. By default first five (0 - 4) lines are enabled. If we need more lines, we have to enable them manually. 2960 Series switch supports 16 lines. We can set a separate password for each line, for that we have to specify the number of line. In our example we set a common password for all lines.
Above method is good for small companies, where numbers of network administrators are very few. In above method we have to share password between all administrators. Switch supports both local and remote server authentication. Remote server authentication is a complex process and not included in any entry level exams. For this article I am also skipping remote server method. In local database authentication method switch allows us to set a separate password for each user. Two global configuration commands are used to set local user database.
Switch(config)#username [Username] password[test123]
Or
Switch(config)#username [Username] secret[test123]
Both commands do same job. Advantage of using secret option over password option is that in secret option password is stored in MD5 encryption format while in password option password is stored in
plain text format.
Along with User Exec mode we can also secure Privilege Exec mode. Two commands are available for it.
Switch(config)# enable password Privilege_EXEC_password
or
Switch(config)#
enable secret Privilege_EXEC_password
Again
as I mentioned earlier, password stored with secret command is
encrypted while password stored with password command remains in plain
text. You only need to use single command. If you would use both commands as I
did, enable secret command would
automatically replace the enable password
command.
How to reset switch
to factory defaults
During the practice several times we have to reset switch to factory
defaults. Make sure you don't run
following commands in production environment unless you understand their effect
clearly. Following commands will erase all configurations. In production
environment you should always takes backup before removing configurations. In
LAB environment we can skip backup process.
Switch>enable
Switch#delete flash:vlan.dat
Delete filename [vlan.dat]? [Press Enter Key]
Delete flash:vlan.dat? [confirm] [ Reconfirm by pressing enter key]
Switch#erase startup-config
Switch#reload
How to set IP address in Switch
IP
address is the address of device in network. Switch allows us to set IP address
on interface level. IP address assigned on interface is used to manage that
particular interface. To manage entire switch we have to assign IP address to
VLAN1 ( Default VLAN of switch). We also have to set default gateway IP address
from global configuration mode. In
following example we would assign IP 172.16.10.2 255.255.255.0 to VLAN1 and set
default gateway to 172.16.10.1.
Switch>enable
Switch#configure terminal
Switch(config)#interface vlan1
Switch(config-if)#ip address 172.16.10.2 255.255.255.0
Switch(config-if)#exit
Switch(config)#ip default-gateway 172.16.10.1
How to set interface description
Switches have several interfaces. Adding description to interface is a good habit. It may help you in finding correct interface. In following example we would add description Development VLAN to interface FastEthernet 0/1.
Switch(config)#interface fastethernet 0/1
Switch(config-if)#description
Development VLAN
How to clear mac address table
Switch stores MAC addresses in MAC address table. Gradually it could be full. Once it full, switch automatically starts removing old entries. You can also clear these tables manually from privileged exec mode. To delete all entries use following command
switch#clear mac address-table
To delete only dynamic entries use
switch#clear mac address-table dynamic
How to add static MAC address in CAM table
For security purpose sometime we have to add mac address in CAM table manually. To add static MAC address in CAM table use following command
Switch(config)#mac address-table static aaaa.aaaa.aaaa vlan 1 interface fastethernet 0/1
In above command we entered an entry for static MAC address aaaa.aaaa.aaaa assigned to FastEnternet 0/1 with default VLAN1.
How to save running configuration in switch
Switch keeps all running configuration in RAM. All data from RAM is erased when we turned off the device. To save running configuration use following command
Switch#copy running-config startup-config
How to set duplex mode
Switch automatically adjust duplex mode depending upon remote device. We could change this mode with any of other supported mode. For example to force switch to use full duplex mode use
Switch(config)# #interface fastethernet 0/1
Switch(config-if)#duplex full
To use half duplex use
Switch(config)# #interface fastethernet 0/1
Switch(config-if)#duplex half
show version
show version command provides general information about device including its model number, type of interfaces, its software version, configuration settings, location of IOS and configuration files and available memoires.
show mac-address-table
Switch stores MAC address of devices those are attached with its interfaces in CAM table. We can use show mac-address-table command to list all learned devices. Switch uses this table to make forward decision.
show flash
Switch stores IOS image file in flash memory. show flash command will list the content of flash memory. This
command is useful to get information about IOS file and available memory space
in flash. 
show running-config
Configuration parameter values are created, stored, updated and deleted from running configuration. Running configuration is stored in RAM. We can use show running-config command to view the running configuration.
Any configuration stored in RAM is erased when devices is turned off. We can save running configuration in NVRAM. If we have saved running configuration in NVRAM, it would be automatically loaded back in RAM from NVRAM during the next boot. As switch load this configuration back in RAM in startup of device, at NVRAM it is known as startup-config.
show vlan
show vlan command will display the VLANs. For administrative purpose, switch automatically create VLAN 1 and assign all its interfaces to it. You can create custom VLANs from global configuration mode and then assign them to interfaces.
show interface
show interface command displays information about interfaces. Without argument it would list all interfaces. To get information about specific interface we need to pass its interface number as an argument. For example to view details about FastEthernet 0/1, use show interface fastethernet 0/1.
First line from output provides information about the status of
interface.
FastEthernet0/1 is up, line protocol is up (connected)
The first up indicates the
status of the physical layer, and the second up indicates to the status of the
data link layer.
Possible interface status
up and up :- Interface is operational.
up and
down :- Its data link layer problem.
down and
down :- Its physical layer problem.
Administratively
down and down :- Interface is disabled with shutdown
command.
Possible values for physical layer status
Up :- Switch is sensing physical layer signal.
Down :-
Switch is not sensing physical layer signal. Possible reasons could be cable is
not connected, wrong cable type is used, and remote end device is turned
off.
Administratively
down :- Interface is disabled by using shutdown
command.
Possible values for data link layer status
Up :- The data link layer is operational.
Down :-
The data link layer is not operational. Possible reasons could be a disabled
physical layer, missed keepalives on a serial link, no clocking or an incorrect
encapsulation type.
show ip interface brief
show ip interface brief is an extremely useful command to get quick overview of all interfaces on switch. It lists their status including IP address and protocol.
No comments:
Post a Comment