You are on page 1of 13

CCNP Switch Command

Clearing a Switch

For nomarl switch 1. > ena 2. # Delete flash:vlan.dat 3. # Erase startup-config 4. # Reload

For Switch used connect to larger Network 1. > Ena 2. # Delete vlan.dat 3. # Erase startup-config 4. # Reload 5. # Show vlan brief 6. (config)# Interface rage f0/1-24 7. (config-if)# Shutdown 8. # Conf t 9. (config)# Vtp mode transparent

Config Switch first
1. 2. 3. 4. 5. 6. 7. 8. 9. > Ena # Conf t (config)# Hostname Switch_Access2 (config)# enable secret class (config)# line console 0 (config-line)# logging synch (config-line)# exec-timeout 00 (config-line)# password cisco (config-line)# login Page 1

Nguyễn Hoàng Vũ – NP11.03

10. (config)# enable secret cisco 11. (config)# line vty 0 15 12. (config-line)# password cisco 13. (config-line)#

Config Vlan-Vtp

Step1: show vlan 1. Show Vlan 2. Show vtp status Step 1: config Vlan 1. (config)# interface vlan1 2. (config-if)# ip address 10.1.1.101 255.255.255.0 3. (config-if)# no shutdown Step 2: config vtp 1. 2. 3. 4.

Vtp domain CCNP1103 Vtp version 2 Vtp mode server/client/transparent Vtp password cisco123

Step 3: config interface mode Trunk 1. Interface f0/6 1. Switchport trunk encapsulation dot1q 2. Swichport mode trunk Access 3. Interface f0/1 4. Switchport mode access Show: 1. show interface F0/7 switchport 2. show interface trunk

Nguyễn Hoàng Vũ – NP11.03

Page 2

Step4: configure vlan in configuration mode 1. (confg)# Vlan 20 2. (config-vlan)# Name Server-1 3. (config)# Interface f0/6 4. (config-if)# Switchport access vlan20

modified vlan
    Vlan 120 Shutdown No shutdown State active

Config Ethernet-Channel
Step 1: config basic switch parameter 1. Conf t 2. (config)# Interface range f0/7-12 3. (config-if-range)# Switchport trunk encapsulation dot1q 4. (config-if-range)# Switchport mode trunk Step2: configure Enther Channel with Cisco PAagP 1. (config)# Interface range f0/7-12 2. (config-if-range)# Channel-group 1 mode desirable 3. (config)# interface port-channel 1 4. (config-if)# switchport mode trunk Step3: configure layer3 entherchannel 1. (config)# Interface range fastethernet 0/11-12 2. (config-if-range)# No switchport 3. (config-if-range)# Channel-group 3 mode desirable 4. (config-if-range)# Interface port-channel 3 5. (config-if)# No switchport 6. (config-if)# Ip address 10.0.0.1 255.255.255.0 Step4: configure loadbalancing 1. (config)# Port-channel load-balance src-dst-mac 2. # show ethernetchannel load-balance

Nguyễn Hoàng Vũ – NP11.03

Page 3

Configuration Spanning-tree
basic
Step1: prepare the switches for the lab: 1. (config)# Interface range fastenthernet 0/7-12 2. (config-if-range)# Switchport trunk encapsulation dot1q 3. (config-if-range)# Switchport mode trunk Step 2: configure specific switch to be primary and secondary root 1. # debug spanning-tree events 2. DSL1 (config)# spanning-tree vlan 1 root primary 3. ADSL (config)# spanning-tree vlan 1 root secondary 4. #show run |include span Step 3: change the root port using the spanning-tree 1. (config)# int f0/12 2. (config)# spanning-tree port-priority 112 3. (config)# int f0/6 4. (confg)# spanning-tree cost 10 Step 5: config portfast on an access port 1. (config)# int f0/6 2. (confg)# switchport mode access 3. (config-if)# no shut 4. (config-if)# int f0/6 5. (config-if)# spanning-tree portfast

PVST students
step1: prepare the switches on the lab 1. (config)# int range f0/7-12 2. (config-if-range)# switchport trunk encapsulation dot1q 3. (config-if-range)# switchport mode trunk step 2: config VLAN step3: assign a root switch of each vlan 1. (config)# spanning-tree vlan 10 priority 4096 Step 3: config RSTP 1. (config)# spanning-tree mode rapid-pvst Nguyễn Hoàng Vũ – NP11.03 Page 4

Configure

MTS

Step1: prepare the switches for the lab 1. (config)# Interface range fastenthernet 0/7-12 2. (config-if-range)# Switchport trunk encapsulation dot1q 3. (config-if-range)# Switchport mode trunk Step2: configure VTP and Vlans 1. (config)# Vtp mode transparent 2. (config)# vtp domain Cisco Step 3: configure MTS globally 1. (config)# spanning-tree mode mst Step 4: config the MTS region and instance 2. (config)# spanning-tree mst configuration 3. (config-mst)# name CISCO 4. (config-mst)# revision 1 5. (config-mst)# instance 1 vlan 20-50

Show command
1. 2. 3. 4. 5. 6. 7. (config-mst)# show current (config-mst)# show pending (config-mst)# show span mst configuration (config)# show spanning-tree (config)# show interface trunk (config)# show spanning-tree root (config)# debug spanning-tree events

Configure Inter-Vlan
Step 3: configure the route 1. (config)# hostname ISP 2. (config)# int s0/1 3. (config-if)# ip address 192.168.1.2 255.255.255.0 4. (config-if)# clockrate 64000 5. (config-if)# no shutdown 6. (config)# ip route 172.16.0.0 255.255.0.0 192.168.1.1

Nguyễn Hoàng Vũ – NP11.03

Page 5

Step4: configure the switches 1. (config)# int vlan 1 2. (config-if)# ip address 172.16.1.101 255.255.255.0 3. (config-if)# no shutdown 4. (config-if)# exit 5. (config)# ip default-gateway 172.16.1.1 Step 6: configure trunk links and ethernetchannel on switches 1. (config)# int range f0/7-12 2. (config-if-range)# switchport mode trunk 3. (config-if-range)# channel-group 1 mode desirable 4. (config-if-range)# end 5. # show etherchannel 1 summary Step 7: config VTP and Vlan Step 8: config Accessport- fastport 1. (config)# int f0/6 2. (config-if)# switchport mode access 3. (config-if) switch access vlan 100 4. (config-if)# spanning-tree portfast step 10: config the gateway router fast Ethernet interface for vlan trunking 1. (config)# interface f0/1.1 2. (config-subif)# description management VLan1 3. (config-subif)# encapsulation dot1q native 4. (config-subif)# ip address 172.16.1.1 255.255.255.0

Config HSRP
1. 2. 3. 4. 5. 6. 7. Step1: prepare the switch for the lab Step 2: configure the host ip setting Step 3: configure basic parameter Step 4: configure trunks and ethernetchannel between switches Step 5: configure vtp on adls Step 6: configure vtp on dsl Step7: configure accessport fast

Step8 configure HSRP interface and enable routing 1. (config)# ip routing Nguyễn Hoàng Vũ – NP11.03 Page 6

2. 3. 4. 5. 6.

(config)# interface vlan 1 (config-if)# standby 1 ip 172.16.1.1 (config-if)# standby 1 preempt (config-if)# standby 1 priority 150 (config-if)# exit

Step9: verify the HSRP configuration 1. # Show standby 2. # Show standby brief

Configure SLA campus
Step1: prepare the switches for the lab Step2: config the host PCs Step3: config basic parameter switches  configure the hostname, password and optionally, remote access  configure a management IP address on VLAN 1 o (config)# int vlan1 o (config-if)# ip address 172.1.16.10 255.255.255.0 o (config-if)# no shut  config default gateway o (config)# ip default-gateway 172.16.1.1 step 4: config trunks and ethernetchannel between switches step 5&6: config VLan and VTP Step 7: config accessport step8: config VLAN interface and enable routing    (config)# int vlan 100 (config-if)# ip address 10.172.16.1 255.255.255.0 (config)# ip routing

Step9: configure cisco IP SLA responders  (config)# ip sla responder  (config)# ip sla responder udp-echo ipaddress 172.16.1.1 port 5000 Nguyễn Hoàng Vũ – NP11.03 Page 7

Step10: configure cisco ios ip sla source to menasure network performance 1. (config)# ip sla 1 2. (config-ip-sla)# icmp-echo 172.16.100.101 3. (config-ip-sla)# exit 4. (config)# ip sla schedule 1 life forver start-time now Step11: monitor ip sla operation 1. # show ip sla configuration 1 2. #show ip sla application 3. #show ip sla responder 4. #show ip sla statistics 1.

Securing layer 2
Step 1: prepare the switch for the lab Step 2: configure the basic parameter and trunking  (config)# hostname ADLS1  (config)# enable secret class  (config)# line vty 0 15  (config-line)# password cisco  (config-line)# login  (config-lien) exit

o o o o o o o

(config)# interface vlan 1 (config-if)# ip address 172.16.101.1 255.255.255.0 (config-if)# no shutdown (config-if)# exit (config)# ip default-gateway 172.16.1.1 (config)# int range f0/7p12 (config-if)switchport mode trunk

Step 3: configure vtp on adsl1 and adsl2 step4: configure IP routing. the vlan. vlan SVIs, HSRP a) config VTP, VLAN, and IP routing o (config)# vtp domain SPWOD o (config)# vtp version 2 Nguyễn Hoàng Vũ – NP11.03 Page 8

o (config)# vlan 100 o (config-if)# name stafff o (config-if)#exit o (confi)# ip routing b) config switch vitural interface (SVIs) and HSRP o (config)# int vlan 1 o (config-if)# standby 1 ip 172.16.1.1 o (config-if)# standby 1 preempt o (config-if)# standby 1 priority 150 c) veryfy o show vlan brief o show vtp status o show standby brief o show ip route Step 6: config port-sercurity a) By default, issuing the switchport port-security command by itself sets the maximum number of MAC addresses to 1, and the violation mode to shutdown. It is not necessary to specify the maximum number of addresses, unless it is greater than 1. o ALS2(config)# interface range fastethernet 0/15 - 24 o ALS2(config-if-range)# switchport port-security b) Verify o show port-security c) Enter the configuration of the staff o (confg)# int range f0/15-24 o (config-if-range)# switchport port-sercurity o (config-if-range)# switchport port-sercurity maximum 2 o (config-if-range)# switchport port-sercurity mac-address sticky Step 7: config DHCP snooping a) enable to trust DHCP relay information  (config)# ip dhcp relay information trust-all b) config switches to trust DHCP on the trunk port  ALS1(config)# ip dhcp snooping  ALS1(config)# interface range fastethernet 0/7 - 12  ALS1(config-if-range)# ip dhcp snooping trust  ALS1(config-if-range)# exit  ALS1(config)# interface range fastethernet 0/15 - 24  ALS1(config-if-range)# ip dhcp snooping limit rate 20  ALS1(config-if-range)# exit  ALS1(config)# ip dhcp snooping vlan 100,200 Nguyễn Hoàng Vũ – NP11.03 Page 9

Step 8: config AAA  (config)# username vu password cisco  (config)# username vu password cisco  (config)# username vu password cisco  (config)# aaa new-model  (config)# aaa authentication dot1x default local  (config)# dot1x system-auth-control  (config)# int range f0/15-24  (config-if-range)# dot1x port-control auto

Sercuring Spanning tree protocol
step1: load or verify the configuration step2: Config the primary and secondary root bridges for the vlans a) command  (config)# spanning-tree vlan 1,100 root primary  (config)# spanning-tree vlan 20 root secondary b) verify : show spanning-tree Step3: configure root guard  (config)# int range f0/13-14  (config)# spanning-tree guard root Step4: demonstrate root guard functionally a) command show  show spanning-tree vlan 1  show spanning-tree inconsistentports b) undo  (config-if)# no spanning-tree guard root Step5: config BPDU  (config)# spanning-tree portfast bpduguard default  show spanning-tree summary Step6: enable broardcast storm control on trunk port  (config)# int f0/7  (config-if)# storm-control broadcast level 50  show running-config interface Nguyễn Hoàng Vũ – NP11.03 Page 10

Step7: configure UDLD  (config)# int range f0/1-24  (config-if-range)# udld port aggressive  (config)# udld enable  show udld f0/15

Sercuring Vlan
step1: verify configure from switches  show vlan  show interface trunk  show standby brief step2: configure private vlan a) config HSRP  (config)# int vlan 50  (config-vlan)# name server-farm  (config)# int f0/5  (config-if)# ip address 10.172.16.1 255.255.255.0  (config-if)# standby 1 ip 10.172.16.3  (config-if)# standby 1 priority 100  (config-if)# standby 1 preempt  show standby vlan 150 brief b) config vlan  (config) vlan 151  (config-van) primary-vlan isolated  (config) vlan 150  (config-vlan) primary-vlan community  (config) vlan 152  (confi-vlan) primary-vlan isolated  (config-vlan) primary-vlan association 150,151 c) the VLan mapping  (config) int vlan 152  (config-if) private-vlan mapping 150-151 d) The switchport mode private-vlan host-association  (config) int range f0/18-20  (config-if-range) switchport mode private-vlan host Nguyễn Hoàng Vũ – NP11.03 Page 11

(config-if-range) switchport private-vlan host-association 150 151

Step 3: configure RACLs between VLANs a) config access list  DLS1(config)# access-list 100 permit tcp 172.16.200.0 0.0.0.255 172.16.100.0 0.0.0.255 established  DLS1(config)# access-list 100 permit icmp 172.16.200.0 0.0.0.255 172.16.100.0 0.0.0.255 echo-reply  DLS1(config)# access-list 100 deny ip 172.16.200.0 0.0.0.255 172.16.100.0 0.0.0.255  DLS1(config)# access-list 100 permit ip any any  DLS1(config)# interface vlan 100  DLS1(config-if)# ip access-group 100 in  DLS1(config)# interface vlan 200  DLS1(config-if)# ip access-group 100 in b) show command  show access-lists  show ip interface vlan 100 c) ip vlan  (config) int vlan 100  (config-if) ip address 172.16.100.100 255.255.255.0 d) verify  ping 172.16.100.1 source vl100 step4: configure VACLs a) configure access list  (config) ip access-list extended temp-host  (config-ext-nacl) permit ip host 172.16.100.150 172.16.100.0 0.0.0.255 b) configure vlan access map  (config) vlan access-map block-temp 10  (config-access-map) match ip address temp-host  (config-access-map) action drop  (config-access-map) vlan access-map block-temp 20  (config-access-map) action forward c) define vlan filter  (config) vlan filter block-temp vlan-list 100 d) show command  show vlan access map

Nguyễn Hoàng Vũ – NP11.03

Page 12

Switch IP telephone stundent
step1: prepare the switches lab step2: config the basic parameter step3: config the trunk and ethernetchannel step4: config VTP and vlan step5: config IP routing, VLAN SVIs, HSRP step7: config access-port to trusth IP phone CoS      (config)#: int range f0/15-24 (config-if)# switchport mode access (config-if-range)# switchport access vlan 10 (config-if-range)# switchport voice vlan 20 (config-if-range)# auto qos voip cisco-phone

step9: config the distribution layer switches to trust access layer    (config)# mls qos (config)# int range f0/15-24 (config-if-range)# auto qos voip trust

step10: manual assign access layer CoS for the camera       (config)# int f0/5 (config-if)# switchport mode access (config-if)# switchport access vlan 100 (config-if)# mls qos trust cos (config-if)# mls qos cos 3 show mls qos cos interface

Nguyễn Hoàng Vũ – NP11.03

Page 13