Cisco Switch Commands

+Basic Switch Settings

Switch# configure terminal
Switch(config)# hostname S1
S1(config)# enable secret class
S1(config)# service password-encryption
S1(config)# no ip domain-lookup
S1(config)# banner motd #Hello#
S1(config)# ip default-gateway 192.168.1.1
S1(config)# exit
S1# copy running-config startup-config
S1# erase startup-config
S1# write erase
Switch# delete vlan.dat
S1# reload

++Console port

S1(config)# line con 0
S1(config-line)# password cisco
S1(config-line)# login
S1(config-line)# logging synchronous
S1(config-line)# exec-timeout 5
S1(config-line)# exit

++Telnet

A device must have two passwords for a remote user to be able to make changes to the configuration: Line vty password and Enable or enable secret password
S1(config)# line vty 0 15
S1(config-line)# password cisco
S1(config-line)# login
S1(config-line)# transport input all
S1(config-line)# history size 256

++SSH

SSH requires a local username database, a local IP domain, and an RSA key to be generated. The device name cannot be the default switch (on a switch) or router (on a router).

S1(config)# ip domain-name netacad.pka
S1(config)# crypto key generate rsa
S1(config)# username administrator secret cisco
S1(config)# ip ssh version 2
S1(config)# line vty 0 15
S1(config-line)# login local
S1(config-line)# transport input ssh
S1(config-line)# no password cisco

++FastEthernet interface

S1(config)# interface fasterethernet 0/1
S1(config-if)# duplex auto
S1(config-if)# speed auto
S1(config-if)# mdix auto

++MAC Table

S1# clear mac address-table dynamic

++Show IOS

Switch# show version
Switch# show running-config
Switch# show startup-config
Switch# show flash
Switch# show history
Switch> Show line

++Show Interfaces

Switch# show interfaces fastethernet 0/1
Switch# show mac-address-table aging
Switch# show ip interface brief
Switch# show interface vlan1
Switch# show ip interface vlan1
S1# show mac address-table
S1# show mac address-table dynamic
S1# show mac address-table address <PC-A MAC here>
S1# Show controllers ethernet-controller fa 0/1 phy | include Auto-MDIX

-Port Security

++Configure

S1(config)# interface range fa0/1 – 2
S1(config-if-range)# switchport port-security
S1(config-if-range)# switchport port-security maximum 1
S1(config-if-range)# switchport port-security mac-address sticky
S1(config-if-range)# switchport port-security violation restrict

++Clear the violation counters

S1(config-if)#shutdown
S1(config-if)#no shutdown

++Show

S1# show port-security interface
S1# show port-security interface fa0/2

-VLAN

++Create VLAN

S1(config)# vlan 99
S1(config-vlan)# name Student
S1(config)# vlan 100,102,105-107

++Configure VLAN Interface

S1(config)# interface vlan99
S1(config-if)# name Management
S1(config-if)# ip address 192.168.1.2 255.255.255.0
S1(config-if)# no shutdown

++Changing VLAN Port Membership (important for security)

since by default all ports in cisco routers are set to Auto-desire, it’s can turn to trunk if the other side is set to trunk. so it’s important to set all ports to access mode.
S1(config)# interface range f0/1 – 24,g0/1 – 2
S1(config-if-range)# switchport mode access
S1(config-if-range)# switchport access vlan 99

++Delete VLAN

S1(config)# no vlan 99

++Remove port from VLAN

S1(config-if)# no switch port access vlan

++Set VTP

S1(config)# vtp domain Cisco
S1(config)# vtp mode server
S1(config)# vtp mode client
S1(config)# vtp mode transparent

++Show VTP

S1# show vtp status

++Set trunk port

S1(config)# interface range g0/1 – 2
S1(config-if)# switchport mode trunk
S1(config-if)# switchport trunk native vlan 99
S1(config-if)# switchport trunk allowed vlan all
S1(config-if)# switchport trunk allowed vlan 100,200,400
S1(config-if)# switchport trunk except 300
S1(config-if)# switchport trunk encapsulation dot1q

++Resetting the Trunk to Default State

S1(confit-if)# no switchport trunk native vlan
S1(config-if)# no switchport trunk allowed vlan
S1(config-if)# no switchport trunk encapsulation dot1q

++Reset the switch port to an access port

S1(config-if)# switchport mode access
S1(config-if)# switchport nonegotiate
S1(config-if)# switchport mode dynamic desirable

++Delete the entire vlan.dat file

S1# delete flash:vlan.dat
S1# delete vlan.dat

++Show VLAN

S1# show vlan
S1# show vlan brief
S1# show vlan id 99
S1# show vlan name Students
S1# show vlan summary
S1# show interfaces g0/1 switchport
S1# show interface trunk
S1# show dtp interface f0/1
S1#show mac address-table interface f0/1
S1#show mac address-table interface | include 0101

-Configure Inter-VLAN Routing on Layer 3 Switches

++Enable routing on the switch

S1(config)#ip routing

++Create VLANs

S1(config)# vlan 10
S1(config-vlan)# name Student
S1(config)# vlan 20
S1(config-vlan)# name Instructors
Switch(config)#interface Vlan 10

++Configure the VLAN interfaces with the IP address

Switch(config-if)#ip address 10.1.1.1 255.255.255.0
Switch(config-if)#no shutdown
Switch(config)#interface Vlan 20
Switch(config-if)#ip address 10.1.1.1 255.255.255.0
Switch(config-if)#no shutdown

++Configure the interface to the default router

Switch(config)#interface FastEthernet 0/1
Switch(config-if)#no switchport
Switch(config-if)#ip address 200.1.1.1 255.255.255.0
Switch(config-if)#no shutdown

++Configure the default route for the switch

Switch(config)#ip route 0.0.0.0 0.0.0.0 200.1.1.2

Your browser is not able to display frames. Please visit <a href="https://www.mindmeister.com/742635511/vlan" target="_blank">VLAN</a> on MindMeister.