Documente Academic
Documente Profesional
Documente Cultură
We will see the Switch’s commands and other details;
Switch Modes Description
Switch> User Mode
Switch# Privileged Mode (also known as Exec‐level Mode)
Switch(config)# Global Configuration Mode
Switch(config‐if)# Interface Mode
Switch#disable Leaves Privileged Mode
Switch>exit Leaves User Mode
Commands
Switch#configure terminal Move from Privilege mode to Global Configuration
mode
Switch(config)# hostname Switch‐A Set the Switch name: Switch‐A
Switch#show version Display the information about software & hardware
Switch#show flash Display the files and directories in the flash of Cisco
Switches.
Switch#show mac‐address‐table Display the Mac address of devices, currently
connect with it.
Switch#show running‐config Displays the current configuration from RAM
Switch#show startup‐config Displays the saved configuration from NVRAM
Switch(config)#interface vlan 1 Moves to virtual interface of VLAN 1
Switch(config‐if)#ip address 10.1.1.1 255.0.0.0 Sets the IP Address to VLAN1.
Switch#show vlan Display the information about vlans
Switch#show interface vlan1 Displays setting of virtual interface VLAN 1, the
default VLAN on switch.
Switch#show interfaces Displays the interfaces configuration and status of
line UP/UP, UP/Down, Administratively down.
Switch(config)#interface fastehternet0/1 Moves to Interface configuration mode
Switch(config‐if)#duplex full Forces Full‐duplex operation
Switch(config‐if)#duplex half Forces half‐duplex operation
Switch(config‐if)#duplex auto Enables auto‐duplex configuration
Switch(config‐if)#speed 10 Forces 10‐Mbps speed
Switch(config‐if)#speed 100 Forces 100‐Mbps Speed
Switch(config‐if)#speed auto Enable auto speed configuration
Configured Passwords
Switch(config)#enable password pucit Sets the enable password
Switch#show running‐config See the password in configuration file, in plane text.
Switch#exit Exit from privileged mode.
Switch>enable It changes Switch mode but ask for above mention password
Switch(config)#no enable password Remove the above set password.
Prepared By: Javed Ahmad Dogar Page 1
Switch(config)# enable secret pucit Sets the encrypted password, we can’t read it.
Again use command: show runnging‐config to view it
Switch(config)#line console 0 Enter to console mode
Switch(config‐line)#password Lahore Sets console line mode password: Lahore
Switch(config‐line)#login Enable password checking at login
Switch(config‐line)#no password This command removes the password.
Switch(config)#line vty 0 15 Enters to vty line mode for all five vty lines;
vty (Virtual TeletYpe) - A command line interface created in Switch
for a Telnet session.
Switch(config-line)#password javed Sets the vty password; javed
Switch(config-line)#login Enable password checking at telnet login
Switch(config‐line)#no password Remove the password, if you want
Configured the Encrypted Password
Switch(config)#service password‐encryption Turn on the password encryption
Switch(config)#enable password Pakistan Sets enable password: Pakistan, it will be encrypted
Caution: If you have turn on service password encryption, use it and then turn it off, any passwords that
you have encrypted will stay encrypted. If you assign new passwords, those will remain unencrypted.
Managing the MAC Address Table
Switch# show mac‐address‐table Display the current MAC address table
Switch#clear mac‐address‐table dynamic Deletes all entries from MAC address table
Configure the Switch Port Security
Switch(config)# interface fastethernet 0/5 Moves to interface mode fasthethernet
0/5
Switch(config‐if)#switchport mode access Change port mode to access to enable
security
Switch(config‐if)#switchport port‐security Enables port security on interface
fasthethernet 0/5
Switch(config‐if)#switchport port‐security maximum 2 Sets the maximum limit of two MAC
addresses that will be allowed on this
port.
Switch(config‐if)# switchport port‐security mac‐address Sets a specific secure MAC address
0040.0BAD.E813 0040.0BAD. E813. You can add additional
secure MAC address up to maximum
value configured.
Switch#show port‐security address
Secure Mac Address Table
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Vlan Mac Address Type Ports Remaining Age
(mins)
‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐ ‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐
‐
1 0040.0BAD.E813 SecureConfigured FastEthernet0/5 ‐
1 00E0.8FCE.52E1 SecureConfigured FastEthernet0/5 ‐
Prepared By: Javed Ahmad Dogar Page 2
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Total Addresses in System (excluding one mac per port) : 2
Max Addresses limit in System (excluding one mac per port) : 1024
Switch(config‐if)#switchport port‐security violation Configures port security to shutdown
shutdown the interface if a security violation occur
Switch(config‐if)#switchport port‐security violation restrict Configure port security to restrict mode,
if security violation occurs, it dropped
frames from not allowed addresses. Log
entry is made. The interface remains
operational.
Switch(config‐if)#switchport port‐security violation protect Configure port security to protect mode,
if security violation occurs, it dropped
frames from not allowed addresses. The
interface remains operational.
Switch#show port‐security interface fastEthernet 0/5 Displays security information for
interface fasthethernet 0/5
Switch#show port‐security address Displays the MAC address table about
port‐security information
Sticky MAC Addresses Sticky MAC addresses are a feature of
port security, Sticky MAC addresses limit
the switch port access to a specific MAC
address that can be dynamically learned,
no need to configure MAC address
manually with specific port. These
addresses are stored in the running
configuration file. If this file is saved to
startup‐config then sticky address do not
have to relearn when switch is rebooted.
This is high level of switch port security.
Switch(config)# interface fastethernet 0/10 Moves to interface configuration mode
Switch(config‐if)#switchport mode access Change the interface mode to access
Switch(config‐if)#switchport port‐security mac‐address Convert all dynamic port security learned
sticky MAC addresses to sticky secure MAC
addresses. Can use these address like
static MAC address use above.
Prepared By: Javed Ahmad Dogar Page 3
Configure VLANS
Creating Static VLANS
Switch(config)#vlan 100 Creates VLAN 100 and enters to VLAN configuration
mode for further description
Switch(config‐vlan)#name finance‐dept Assigns a name finance‐dept to VLAN‐100, the length
of name can be from 1 to 32 characters.
nd
2 way to create VLANs by Database Mode
Switch#vlan database Moves to VLAN database.
Switch(vlan)#vlan 9 name Sales Create VLAN 9, with name of sales.
Switch(vlan)#exit Applies changes to VLAN database.
Assigning ports to VLANs
Switch(config)#interface fastethernet 0/1 Moves to interface configuration mode
Switch(config‐if)#switchport mode access Sets the port to access mode
Switch(config‐if)#switchport access vlan 100 Assign port 0/1 to VLAN 100
Assigning range of ports to one VLAN
Switch(config)#interface range fastEthernet 0/10 ‐ 24 Moving to range of ports 0/10 to 24
Switch(config‐if‐range)#switchport mode access Change mode of ports to access
Switch(config‐if‐range)#switchport access vlan 6 Assigning range of ports 10‐24 to VLAN‐6
Verifying VLAN Information
Switch#show vlan Displays VLAN Information
Switch#show vlan brief Displays VLAN information in brief
Switch#show vlan id 6 Displays the information about VLAN 6
Switch#show vlan name MIS Displays the information about VLAN named MIS.
Switch#show interfaces vlan 6 Displays interface characteristics for VLAN 6
Erasing VLAN Configuration
Switch#delete flash:vlan.dat Removes the entire VLAN database from flash.
Delete filename [vlan.dat]?
Delete flash:/vlan.dat? [confirm]
Switch(config)#interface fastEthernet 0/1 Moves to interface configuration mode
Switch(config‐if)#no switchport access vlan 100 Removes port from VLAN 100 and reassign to VLAN
1, the default VLAN.
Switch(config)#no vlan 100 Removes VLAN 100 from VLAN database.
Prepared By: Javed Ahmad Dogar Page 4
STATIC TRUNK LINK
TRUNK CONFIGURATION ‐ SWITCH‐A
A(config)# interface fastethernte 0/1
A(config‐if)# switchport trunk encapsulation dot1q
A(config‐if)# switchport mode trunk
A(config‐if)# switchport nonegotiate
A(config‐if)# no shutdown
TRUNK CONFIGURATION ‐ SWITCH‐B
B(config)# interface fastethernte 0/1
B(config‐if)# switchport trunk encapsulation dot1q
B(config‐if)# switchport mode trunk
B(config‐if)# switchport nonegotiate
B(config‐if)# no shutdown
VERIFICATION OF TRUNK
Switch#show interfaces trunk
Port Mode Encapsulation Status Native vlan
Fa0/1 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/1 1‐1005
Port Vlans allowed and active in management domain
Fa0/1 1,23,102,123,200,1002,1003,1004,1005
Port Vlans in spanning tree forwarding state and not pruned
Fa0/1 1,23,102,123,200,1002,1003,1004,1005
Prepared By: Javed Ahmad Dogar Page 5
Spanning Tree Protocols
Switch(config)#spanning‐tree vlan1 Enables STP on VLAN 1
Switch(config)#no spanning‐tree vlan1 Disable STP on VLAN 1
Switch(config)#spanning‐tree vlan 1 root primary Modifies the switch priority from default 32768
to a lower value 24576 to make it root switch.
Switch(config)#spanning‐tree vlan 1 root secondry It will be root switch when primary root switch
of vlan 1 fails.
Switch(config)#spanning‐tree vlan 1 priority 4096 Change the switch priority to make it root
switch.
Switch#show spanning‐tree Displays STP Information
Switch#show spanning‐tree detail Displays a detail summary of interface
Information with STP
Switch#show spanning‐tree interface fastEthernet 0/1 Displays STP information for Interface fa0/1
Switch#show spanning‐tree summary Displays a summary of port states in STP
Switch#show spanning‐tree summary totals Displays the total lines of the STP section
Prepared By: Javed Ahmad Dogar Page 6