+Basic Switch Settings
Switch# configure terminal
Switch(config)# hostname S1
S1(config)# enable secret class
S1(config)# service password-encryption
S1(config)# no ip domain-lookup
S1(config)# banner motd #Hello#
S1(config)# ip default-gateway 192.168.1.1
S1(config)# exit
S1# copy running-config startup-config
S1# erase startup-config
S1# write erase
Switch# delete vlan.dat
S1# reload
++Console port
S1(config)# line con 0
S1(config-line)# password cisco
S1(config-line)# login
S1(config-line)# logging synchronous
S1(config-line)# exec-timeout 5
S1(config-line)# exit
++Telnet
A device must have two passwords for a remote user to be able to make changes to the configuration: Line vty password and Enable or enable secret password
S1(config)# line vty 0 15
S1(config-line)# password cisco
S1(config-line)# login
S1(config-line)# transport input all
S1(config-line)# history size 256
++SSH
SSH requires a local username database, a local IP domain, and an RSA key to be generated. The device name cannot be the default switch (on a switch) or router (on a router).
S1(config)# ip domain-name netacad.pka
S1(config)# crypto key generate rsa
S1(config)# username administrator secret cisco
S1(config)# ip ssh version 2
S1(config)# line vty 0 15
S1(config-line)# login local
S1(config-line)# transport input ssh
S1(config-line)# no password cisco
++FastEthernet interface
S1(config)# interface fasterethernet 0/1
S1(config-if)# duplex auto
S1(config-if)# speed auto
S1(config-if)# mdix auto
++MAC Table
S1# clear mac address-table dynamic
++Show IOS
Switch# show version
Switch# show running-config
Switch# show startup-config
Switch# show flash
Switch# show history
Switch> Show line
++Show Interfaces
Switch# show interfaces fastethernet 0/1
Switch# show mac-address-table aging
Switch# show ip interface brief
Switch# show interface vlan1
Switch# show ip interface vlan1
S1# show mac address-table
S1# show mac address-table dynamic
S1# show mac address-table address <PC-A MAC here>
S1# Show controllers ethernet-controller fa 0/1 phy | include Auto-MDIX
-Port Security
++Configure
S1(config)# interface range fa0/1 – 2
S1(config-if-range)# switchport port-security
S1(config-if-range)# switchport port-security maximum 1
S1(config-if-range)# switchport port-security mac-address sticky
S1(config-if-range)# switchport port-security violation restrict
++Clear the violation counters
S1(config-if)#shutdown
S1(config-if)#no shutdown
++Show
S1# show port-security interface
S1# show port-security interface fa0/2
-VLAN
++Create VLAN
S1(config)# vlan 99
S1(config-vlan)# name Student
S1(config)# vlan 100,102,105-107
++Configure VLAN Interface
S1(config)# interface vlan99
S1(config-if)# name Management
S1(config-if)# ip address 192.168.1.2 255.255.255.0
S1(config-if)# no shutdown
++Changing VLAN Port Membership (important for security)
since by default all ports in cisco routers are set to Auto-desire, it’s can turn to trunk if the other side is set to trunk. so it’s important to set all ports to access mode.
S1(config)# interface range f0/1 – 24,g0/1 – 2
S1(config-if-range)# switchport mode access
S1(config-if-range)# switchport access vlan 99
++Delete VLAN
S1(config)# no vlan 99
++Remove port from VLAN
S1(config-if)# no switch port access vlan
++Set VTP
S1(config)# vtp domain Cisco
S1(config)# vtp mode server
S1(config)# vtp mode client
S1(config)# vtp mode transparent
++Show VTP
S1# show vtp status
++Set trunk port
S1(config)# interface range g0/1 – 2
S1(config-if)# switchport mode trunk
S1(config-if)# switchport trunk native vlan 99
S1(config-if)# switchport trunk allowed vlan all
S1(config-if)# switchport trunk allowed vlan 100,200,400
S1(config-if)# switchport trunk except 300
S1(config-if)# switchport trunk encapsulation dot1q
++Resetting the Trunk to Default State
S1(confit-if)# no switchport trunk native vlan
S1(config-if)# no switchport trunk allowed vlan
S1(config-if)# no switchport trunk encapsulation dot1q
++Reset the switch port to an access port
S1(config-if)# switchport mode access
S1(config-if)# switchport nonegotiate
S1(config-if)# switchport mode dynamic desirable
++Delete the entire vlan.dat file
S1# delete flash:vlan.dat
S1# delete vlan.dat
++Show VLAN
S1# show vlan
S1# show vlan brief
S1# show vlan id 99
S1# show vlan name Students
S1# show vlan summary
S1# show interfaces g0/1 switchport
S1# show interface trunk
S1# show dtp interface f0/1
S1#show mac address-table interface f0/1
S1#show mac address-table interface | include 0101
-Configure Inter-VLAN Routing on Layer 3 Switches
++Enable routing on the switch
S1(config)#ip routing
++Create VLANs
S1(config)# vlan 10
S1(config-vlan)# name Student
S1(config)# vlan 20
S1(config-vlan)# name Instructors
Switch(config)#interface Vlan 10
++Configure the VLAN interfaces with the IP address
Switch(config-if)#ip address 10.1.1.1 255.255.255.0
Switch(config-if)#no shutdown
Switch(config)#interface Vlan 20
Switch(config-if)#ip address 10.1.1.1 255.255.255.0
Switch(config-if)#no shutdown
++Configure the interface to the default router
Switch(config)#interface FastEthernet 0/1
Switch(config-if)#no switchport
Switch(config-if)#ip address 200.1.1.1 255.255.255.0
Switch(config-if)#no shutdown
++Configure the default route for the switch
Switch(config)#ip route 0.0.0.0 0.0.0.0 200.1.1.2