You are on page 1of 6

Command Line Based Switch (CLI

Basic Configuration
Switch > enable Switch # Switch# erase startup-config Switch# del flash:vlan.dat Switch(config)# hostname name Switch(config)# no hostname Used to enter privileged mode from normal mode on CLI switch Privileged mode Erases the switch configuration but not the VLAN configuration Erases the VLAN configuration To rename the switch Converts the switch name back to Switch Sets enable password Sets enable password in encrypted form To prevent switch from trying to find a misspelled command To enter line configuration mode for the console port Configures a password on the console port Enables password checking Sets the idle timeout period in minutes and seconds Modifies message logging facilities for synchronized output Configures terminal line settings Configures a password on the terminal lines (telnet)

Switch(config)# enable password password Switch(config)# enable secret password Switch(config)# no ip domain-lookup Switch(config)# line con 0 Switch(config-line)# password password Switch(config-line)# login Switch(config-line)# exec-timeout 0 0 Switch(config-line)# logging synchronous Switch(config)# line vty 0 15 Switch(config-line)# password password Switch(config-line)# login Switch# show version Switch# show vlan Switch# show interface interface

Indicates IOS version, system image file, base MAC address, model #, configuration register (0xF), serial #, and more Shows what VLANs are configured on the switch and which ports are in which VLANs. Shows interface settings including MAC address, duplex, speed

Note: MAC address of an interface = Base MAC address of switch + port # Switch# dir flash: Switch# show flash Both of these commands show information about flash memory

To telnet, ping, or globally manage the switch, you must assign an IP address. If the IP address is on the same subnet as the management VLAN, the switch will automatically be associated with VLAN 1. Switch# config t Switch(config)# interface vlan 1 Switch(config)# ip address Switch(config)# exit Switch# ip default-gateway Enters global configuration mode Enters vlan 1 configuration Assigns an IP address to vlan 1 Sets a default gateway so that you may access the switch via a router To view the switch’s interfaces To view switch configuration

Switch# show interface Switch# show config

Enter the MAC address in the form xxxx.xxxx. Sets port speed Sets the port duplex. !! !n ^aa^bb Recall previous command Recall command number n (use history command to see commands stored in the buffer) Recalls command with aa and replaces aa with bb Port Security Switch# show mac-address-table Switch# show mac address-table Switch# clear mac address-table dynamic Displays MAC forwarding table Newer command to display MAC forwarding table (no hyphen) Reset MAC address table Switch(config)# mac address-table static mac-addr vlan vlan-id interface interface-id Used to set a static MAC address to be accepted on a given port. Switch(config-if)# speed 10|100|auto Switch(config-if)# duplex auto|full|half IOS-based switches remember the last 10 commands in the history buffer. Use the bang (!) symbol to recall previous commands. Removing Port Security If a security violation occurs and the port has been disabled. Full is default for 100Mbps and half is default for 10Mbps ports. Restrict sends a trap to the network management station. first try shutting the port down (shut) and then bringing it back up (no shut).xxxx Switch(config-if)# switchport mode access Sets mode on port to access only Switch(config-if)# switchport port-security Enables port-security Switch(config-if)# switchport port-security mac-address sticky Allows port to accept only one device Switch(config-if)# port security max-mac-count # Switch(config-if)# switchport port-security maximum # On 2900s: Limits the amount of hosts per port On 2950s: Limits the amount of hosts per port Switch(config-if)# switchport port-security violation [shutdown | protect | restrict] Action to take when there has been a security violation.Switch(config-if)# description comments To describe an interface. If it tries to come back up but shuts down again: • • • • • Switch(config-if)# Switch(config-if)# Switch(config-if)# Switch(config-if)# Switch(config-if)# no switchport port-security no switchport port-security mac-address sticky no switchport port-security mac-address sticky mac_address shut no shut . Protect drops packets when the packet limit is reached. Surround the comments with quotes if you want to leave spaces.

) • On a 2900XL or 2950.old flash:config. This has effectively bypassed the passwords.text flash:config. hold the MODE button in. o Release the MODE button when you see the Cisco Systems Diagnostics Console or a couple seconds after the LED above port 1x goes off. If 1. The operating system will finish loading without a configuration file. o Initialize the file system and finish loading the operating system by typing: § Flash_init initializes flash file system § Load_helper loads and initializes a helper image § Dir flash: to see what is in flash o Rename flash:config. If 1. o Unplug the switch.09 or earlier. • On a 1900: o Console into the system:running-config Copies config into DRAM o Now you may change the passwords and save the new configuration file.10 or later. the procedure is as follows: o Use HyperTerminal to start a console session with the § As soon as you seen “Reload requested” on the screen. § Release the MODE button when you see the SYSTEM light change to solid green (not blinking). § Press Enter to confirm the reload. you may use the following procedure to get to the flash init step: § Type reload. o Switch# rename flash:config. o While holding the MODE button in. o Release the MODE button when the STAT LED goes out. The system will take a minute to perform a self-test.old renames the configuration file o Type boot to reboot the switch o Choose N to not continue with the configuration dialog. Note: Since you cannot get to the power cord on the other side of the switch. o Hold the MODE button in while plugging the switch back in. Then you will be asked if you wish to clear the passwords.bin no ip http server delete flash:html/* shows config file shows contents of flash memory flash: IOS_file_name. call Cisco for the factory-installed password. o Unplug the switch. turn plug the switch to turn it back on. Firmware Upgrades Switch# Switch# Switch# Switch# Switch# show boot dir flash: rename flash: IOS_file_name. o Press Enter to continue o Observe the firmware revision number. choose C to continue with standard system start up.text Renames config file back to original o Switch# copy flash:config.old Disables access to switch HTML pages temporarily Removes existing html files .Password recovery (Procedures may be found on Cisco’s website at http://www.

Switch# archive tar /x tftp://ip_address_of_tftp_server/IOS_image_file.bin Associates the new IOS file Switch# reload TFTP Servers Switch# copy flash:c2900XL-c3h2s-mz-120-5.1 Switch(config)# spanning-tree priority # Changes priority for version 12.3. STP States . Switch# ip http server Re-enables access to HTML pages Switch# boot system flash:IOS_file_name.1.tar file.Base MAC Address Root Bridge: lowest BID Switch# show spanning-tree brief Switch# show spanning-tree For version 12. Designated ports are the ports with lowest cost to the root bridge.WC.0 Switch(config)# spanning-tree vlan 1 priority 4096 Changes priority in increments of 4096 for version 12. Switch# copy tftp flash Copies an image on a tftp server into flash memory on the switch. Switch# copy run tftp Switch# copy start tftp Switch# copy tftp run Switch# copy tftp start Copies running-config on switch to a tftp server Copies startup-config on switch to a tftp server Copies running-config from a tftp server to the switch Copies startup-config from a tftp server to the switch Spanning Tree Protocol Bridge ID (BID) = Bridge priority.bin tftp Copies the IOS in flash memory with the given file name (case sensitive) to a tftp server.tar flash: Extracts new IOS image and HTML files to flash memory. You will need the .Download the switch IOS and HTML files from Cisco Connection Online with a CCO account.0 For version 12.1 Root port is the port closest to the root bridge (lowest cost to get to the root bridge).

enters vlan database mode to configure VLANs Add. a layer 3 device must route the traffic. or modify values of a vlan Used on 1900’s for the above commands. • In order for hosts to communicate on different VLANs. o The Catalyst 2950 only supports dot1q o The Catalyst 2900XL and 3550 support both dot1q and isl • For hosts to communicate thru a switch.VLANs Switch# show vlan Switch# show vlan-membership Switch# vlan database Switch(vlan)# vlan # name name Switch# config t Switch(config)# vlan # name name Switch(config-if)# switchport mode access Switch(config-if)# switchport access vlan # Switch(config-if)# vlan static # Displays vlans Displays vlans on a 1900 switch From priviledged mode. they must be on the same vlan. . Sets truning mode to access Assigns interface to the vlan Used on a 1900 series switch instead of the above two commands Displays information about a specific vlan only Alternate command Used on a 1900 series switch Removes an interface from a vlan Switch# show vlan id # Switch# show vlan name VLAN # Switch# show vlan # Switch(config-if)# no switchport mode access Switch(config-if)# no switchport access vlan # Switch# vlan database Switch# no vlan # Deletes a vlan Trunking Switch(config)# int fa0/1 Switch(config-if)# switchport mode trunk Switch(config-if)# switchport trunk encapsulation [isl | dot1q] Sets port to trunk Sets the trunking encapsulation on port This line is not needed on a 2950 since it only supports dot1q trunking. delete. To view trunking information on interface Switch# show interface # switchport Switch(config-if)# switchport trunk allowed vlan remove vlan_ids To remove trunk links Notes: • Both sides of a trunk must use the same encapsulation.

Version 1 is the default. Configures switch to be a VTP server or client. To secure the domain.VLAN Trunking Protocol (VTP) Client and Server Configuration Switch# vlan database Switch(vlan)# vtp v2-mode Switch(vlan)# vtp [server | client] Switch(vlan)# vtp password password Switch(vlan)# vtp domain name Changes the version of VTP to a newer version. Sets the name of the VTP administrative domain The above commands may also be entered in global configuration mode: Switch(config)# Switch(config)# Switch(config)# Switch(config)# vtp vtp vtp vtp version 2 domain name password password mode [server | clent] • Adding o o o a Switch to a VTP Domain: Erase start to clear the configuration of the new switch Power cycle the switch to clear NVRAM Switch# show vtp status § Determines whether server or client. Verification Commands: Switch# show vtp status Switch# show vtp counters Configure Inter-VLAN Routing Router(config)# interface # Router(config-if)# no shutdown Router(config)# interface #. Server is the default. Use only if all switches support version 2.sub Router(config-if)# encapsulation [isl | dot1q} vlan Router(config-if)# ip address address subnet Access the physical interface Turn the physical interface on Configure a subinterface on the router-on-a-stick Configure the encapsulation and vlan # Configure the IP address for the subinterface . Make sure the Configuration revision number is set to zero. Optional.