Cisco Switch Setup Guide Command List

Enter configuration console:

enable

configure terminal

This is important because if your console doesn't look like below none of the commands will work!

Switch(config)#

Save and Apply Settings

wr

Show Switch Configuration:

show run

Show Port List/Status:

Switch#show interface status     

Port      Name               Status       Vlan       Duplex  Speed Type
Fa0/1                        connected    1          a-full  a-100 10/100BaseTX
Fa0/2                        notconnect   1            auto   auto 10/100BaseTX
Fa0/3                        notconnect   1            auto   auto 10/100BaseTX
Fa0/4                        notconnect   1            auto   auto 10/100BaseTX
Fa0/5                        notconnect   1            auto   auto 10/100BaseTX
Fa0/6                        notconnect   1            auto   auto 10/100BaseTX
Fa0/7                        notconnect   1            auto   auto 10/100BaseTX
Fa0/8                        notconnect   1            auto   auto 10/100BaseTX
Fa0/9                        notconnect   1            auto   auto 10/100BaseTX
Fa0/10                       notconnect   1            auto   auto 10/100BaseTX
Fa0/11                       notconnect   1            auto   auto 10/100BaseTX
Fa0/12                       notconnect   1            auto   auto 10/100BaseTX
Fa0/13                       notconnect   1            auto   auto 10/100BaseTX
Fa0/14                       notconnect   1            auto   auto 10/100BaseTX
Fa0/15                       notconnect   1            auto   auto 10/100BaseTX
Fa0/16                       notconnect   1            auto   auto 10/100BaseTX
Fa0/17                       notconnect   1            auto   auto 10/100BaseTX
Fa0/18                       notconnect   1            auto   auto 10/100BaseTX
Fa0/19                       notconnect   1            auto   auto 10/100BaseTX
Fa0/20                       notconnect   1            auto   auto 10/100BaseTX
Fa0/21                       notconnect   1            auto   auto 10/100BaseTX
Fa0/22                       notconnect   1            auto   auto 10/100BaseTX
Fa0/23                       notconnect   1            auto   auto 10/100BaseTX
Fa0/24                       notconnect   1            auto   auto 10/100BaseTX
Gi0/1                        connected    1          a-full a-1000 10/100/1000BaseTX
Gi0/2                        notconnect   1            auto   auto Not Present

 

Show config of individual port or vlan

You could also have used "interface vlan 1" and you would get the config of the vlan.


Switch#show running-config interface gi0/1
Building configuration...

Current configuration : 36 bytes
!
interface GigabitEthernet0/1
end

 

Create VLAN:

Switch(config)#vlan 80
Switch(config-vlan)#name realtechtalk.com

 

Assign VLAN:

Switch(config)#int fa0/19
Switch(config-if)#switchport access vlan 80


 

Show all VLANs:

show vlan



VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24
                                                Gi0/1, Gi0/2
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0  
1002 fddi  101002     1500  -      -      -        -    -        0      0  
1003 tr    101003     1500  -      -      -        -    -        0      0  
1004 fdnet 101004     1500  -      -      -        ieee -        0      0  
1005 trnet 101005     1500  -      -      -        ibm  -        0      0  

Show Specific VLAN

show vlan id 1

 

Configure interfaces

100M Ethernet is normally known as fa0

So for port 1 you would use fa0/1

int fa0/1

or

int fastethernet0/1

1Gig Ethernet known as gigabitethernet or gi0

int gigabitethernet0/1

or

int gi0/1

You can configure vlans in the same way:

int vlan 1

Working with a range of ports (example of ports 1-12)

int range fa0/1-12

Enable Port(s)

int fa0/1

no shutdown

The no in front of shutdown means turn on the port (the opposite or !)

How to Assign ports to vlan

#how to assign ports to vlan in this case it is ports 1-24 and they are being assigned to vlan 1

Switch(config)#int range fa0/1-24
Switch(config-if-range)#switchport access vlan 1

Port Security

 

Maximum MAC addresses/devices

Where 8 below  is the maximum number of MAC's

rtt(config)#int fa0/3                         
rtt(config-if)#switchport port-security maximum 8

To Disable MAC Limit

rtt(config-if)#no switchport port-security maximum

How To Disable Port Security On A Port

no switchport port-security
no switchport port-security violation protect
no switchport port-security mac-address sticky
no switchport mode access

BPDU Guard

This can be the source of a lot of pain for end users and network admins.  To understand this, first let's talk about STP (Spanning Tree Protocol) which is designed to prevent routing loops that would otherwise kill a network.  A routing loop could be something as simple as an ethernet cable that has both ends plugged into the same switch.

STP works by exchanging BPDU (Bridge Protocol Data Units) which are multicast messages sent out and contain info like the source MAC, switch ID, originating switch port, switch port priority.  It then uses an algorithm based on the BPDU information to create an STA (Spanning Tree Algorithm) at the layer 2 level and will shut down a port if it is creating a loop.

Now BPDU Guard in the world of Cisco just means that if it receives a BPDU it will shutdown the port in errdisable.

I say this is good in terms of keeping a network secure and running well, but a pain for end users who need to run a managed switch and for network admins who were unaware that BPDU was enabled.

Check a port's settings and you may see this:

rtt#show run int gi0/1
Building configuration...

Current configuration : 335 bytes
!
interface GigabitEthernet0/1
 switchport access vlan 999
 switchport mode access
 switchport port-security
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
end

To disable bpduguard

rtt(config-if)#spanning-tree bpduguard disable

To enable bpduguard

rtt(config-if)#spanning-tree bpduguard enable
 

*Note you can also enable or disable BPDUguard globally by just being in conf t

#enable by default

rtt(config)#spanning-tree portfast bpduguard default

#disable by default
rtt(config)#no spanning-tree portfast bpduguard default

How to assign IP to VLAN

Choose your interface eg vlan 777

Where below 10.25.20.2 is the IP and the netmask is 255.255.255.0

Switch(config-if)#ip address 10.25.20.2 255.255.255.0

Assign the default gateway:

Switch(config-if)#ip default-gateway 10.25.20.1

How To Set Administrative "enable" mode Password

Switch(config)#enable password realtechtalk.com
 

DHCP Server Creation for VLAN

Create VLAN and assign IP 10.25.2.2 and DFGW 10.25.2.1

switch(config-if)#int vlan 1800                     
switch(config-if)#ip address 10.25.2.2 255.255.255.0
switch(config-if)#ip default-gateway 10.25.2.1

#you could add Option 150 if this VLAN is for phones and you have a CUCM Server (specify the CUCM server IP)

switch(dhcp-config)#option 150 ip 10.25.2.8

Create DHCP Pool for VLAN 1800 range 10.25.2.0

#to match the DHCP Pool to the VLAN we mention vlan1800 as the name of the pool below.

switch(config)#ip dhcp pool vlan1800
switch(dhcp-config)#network 10.25.2.0 255.255.255.0
switch(dhcp-config)#dns-server 8.8.8.8 4.2.2.1
switch(dhcp-config)#default-router 10.25.2.1

Exclude Relevant Addresses

switch(config)#ip dhcp excluded-address 10.25.2.1 10.25.2.2
 

Enable SSH:

First we need to generate keys for the SSH server which takes a bit of time if you choose a decent key size

crypto key generate rsa

A key size of anything less than 4096 is useless but some older routers or switches may only support 2048.  4096 on a 2960G takes forever for example.

The name for the keys will be: rttkey
Choose the size of the key modulus in the range of 360 to 4096 for your
   General Purpose Keys. Choosing a key modulus greater than 512 may take
   a few minutes.

How many bits in the modulus [512]: 4096
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]

From enable mode enable password encryption otherwise if someone sees your config, they will see your raw password in unencrypted form:

service password-encryption

Create username and password:

username rttuser password rttpassword  Enter line vty 0 4, enable SSH and tell it to authenticate as a local user (eg. the one created above)

line vty 0 4
(config-line)# transport input ssh
(config-line)# login local
(config-line)# password 7
(config-line)# exit

Troubleshooting

Why can't I ping or connect to my VLAN IP?

  • Make sure the VLAN that has the IP is assigned to a port
  • Make sure the IP address is correct and it has the appropriate default gateway if necessary
  • Make sure your client side machine has an IP on that subnet AND that you have a route to it through the right adapter (eg. in Linux  ip route add 10.10.25.0/24 dev eth0)*Remember to specify the /24 or whatever mask you desire and the right device.
  • Is the port and VLAN in a noshut state?

Cannot Set VLAN on port due to VTP errors:

Switch(config-if)#switchport access vlan 1234
% Access VLAN does not exist. Creating vlan 1234
Switch(config-if)#
*Mar  1 00:17:02.688: %PM-2-VLAN_ADD: Failed to add VLAN 1234 - VTP error.

A quick and easy way is to turn off VTP as VTP can pose a risk to production environments due to its ability to automatically delete VLANs.


vtp mode off
Setting device to VTP Off mode for VLANS.
 


Tags:

cisco, listenter, configuration, console, enable, configure, terminal, doesn, commands, config, interface, vlan, duplex, fa, basetx, notconnect, auto, gi, vlans, ports, default, active, fddi, unsup, token, fddinet, trnet, mtu, ringno, bridgeno, stp, brdgmode, trans, enet, tr, fdnet, ieee, ibm, interfaces, ethernet, int, fastethernet, gigabitethernet, shutdown, assign, assigned, switchport, mode,

Latest Articles

  • FreePBX 17 How To Add a Trunk
  • Docker Container Onboot Policy - How to make sure a container is always running
  • FreePBX 17 How To Add Phones / Extensions and Register
  • Warning: The driver descriptor says the physical block size is 2048 bytes, but Linux says it is 512 bytes. solution
  • Cisco How To Use a Third Party SIP Phone (eg. Avaya, 3CX)
  • Cisco Unified Communication Manager (CUCM) - How To Add Phones
  • pptp / pptpd not working in DD-WRT iptables / router
  • systemd-journald high memory usage solution
  • How to Install FreePBX 17 in Linux Debian Ubuntu Mint Guide
  • How To Install Cisco's CUCM (Cisco Unified Communication Manager) 12 Guide
  • Linux Ubuntu Redhat How To Extract Images from PDF
  • Linux and Windows Dual Boot Issue NIC Won't work After Booting Windows
  • Cisco CME How To Enable ACD hunt groups
  • How to install gns3 on Linux Ubuntu Mint
  • How to convert audio for Asterisk .wav format
  • Using Cisco CME Router with Asterisk as a dial-peer
  • Cisco CME How To Configure SIP Trunk VOIP
  • Virtualbox host Only Network Error Failed to save host network interface parameter - Cannot change gateway IP of host only network
  • Cisco CME and C7200 Router Testing and Learning Environment on Ubuntu 20+ Setup Tutorial Guide
  • Abusive IP ranges blacklist