Basic Switch Configuration Commands

Command
Switch#delete flash:vlan.dat Switch#show vlan Switch#erase startup-config Switch#reload Switch#show interface vlan 1 Switch#show version S1(config)#service password-encryption Switch#show interface fa0/1 S1(config)#vlan 99 S1(config-vlan)#exit S1(config)#interface vlan 99 S1(config-if)#ip address 172.17.99.11 255.255.255.0 S1(config-if)#no shutdown S1(config-if)#exit S1(config)#interface fa0/1 S1(config-if)#switchport access vlan 99 S1(config)#ip default-gateway 172.17.99.11 S1#show interface vlan 99 S1(config)#interface fa0/1 S1(config-if)#speed 100
1

Description
Remove vlan database information file Verify that vlan information was deleted Remove startup configuration file Restart the software Examine characteristics of virtual interface Display Cisco IOS information Configure password encryption Examine Fast Ethernet Interfaces

Configure the Layer 3 address of the switch. Must first create vlan before assigning address.

Assign ports to the switch VLAN Configure the default gateway. Verify the management LANs settings Configure port speed and duplex setting for a Fast Ethernet interface

S1(config-if)#duplex full S1#show mac address-table S1#clear mac-address-table S1(config)#mac-address-table static 0002.16E8.C285 vlan 99 interface fa0/1 S1(config)#no mac-address-table static 0002.16E8.C285 vlan 99 interface fa0/1 S1(config)#interface fa0/1 S1(config-if)#switchport mode access S1(config-if)#switchport port-security S1(config-if)#switchport port-security maximum 1 S1(config-if)#switchport port-security macaddress sticky S1(config-if)#switchport port-security violation shutdown S1(config-if)#exit S1#show port-security interface fa0/1 S1#configure terminal S1(config)#interface fa0/1 S1(config-if)#shutdown S1(config-if)#no shutdown S1(config-if)#exit S1(config-if)#switchport access vlan 99 S1#clock set 12:12:12 15 September 2010 S1(config)#line console 0 S1(config-line)#history size 35 S1(config-line)#line vty 0 15 S1(config-line)#history size 35 S1#show history
2

Determine the MAC addresses that the switch has learned. Clear the MAC address table Set up a static MAC address Remove a static MAC address entry. Configure port security on an access port. To allow frames to be sent and received from the interface, changes switching mode to access Enable port security on the interface Set the maximum number of secure addresses to 1 Enable sticky learning. Shutdown the interface when any computer attached to port whose MAC address doesnt match sticky address in MAC table.

Show port security settings

Reactivate a port with security set on it.

Assign Vlan to a port Set the clock and date

Change number of commands stored in history buffer

Verify the size of the history buffer

S1#show flash S1#copy startup-config tftp: S1#copy system:running-config flash:startupconfig Destination filename [startup-config]?

Check which Cisco IOS images are stored in flash Backup the startup configuration file to a TFTP server. Formal version of Cisco IOS copy command. Confirm the destination file name. Press the Enter key to accept and use the Ctrl+C key combination to cancel. Informal version of the copy command. The assumptions are that the running-config is running on the system and that the startupconfig file that will be stored in flash NVRAM. Press the Enter key to accept and use the Ctrl+C key combination to cancel. Backup the startup-config to a file stored in flash NVRAM. Confirm the destination file name. Press the Enter key to accept and use the Ctrl+C key combination to cancel. Restore the configuration file from a TFTP server Download the configuration file from the TFTP server to configure the switch.

S1#copy running-config startup-config Destination filename [startup-config]?

S1#copy startup-config flash:config.bak1 Destination filename [config.bak1]? S1#copy tftp:[[[//location]/directory]/filename] system:running-config or #copy S1#copy system: running-config tftp://172.17.99.21/tokyo-config Write file tokyo-config on host 172.17.99.21? [confirm] y Writing tokyo-config!!! [OK] Download the configuration file from the TFTP server to configure the switch. Specify the IP address or hostname of the TFTP server and the name of the file to download. The Cisco IOS command is: S1#copy tftp:[[[//location]/directory]/filename] system:running-config OR S1#copy tftp:[[[//location]/directory]/filename] nvram:startup-config.
S1#erase nvram: OR S1#erase startup-config

Example of command to backup configuration files to a TFTP server.

Example: S1#copy tftp: [[[//172.17.99.21]/mainfolder]/tokyo-config.dat] system:running-config

Clearing configuration files

To recover the password on a Cisco 2960 switch, use the following steps: Step 1. Connect a terminal or PC with terminalemulation software to the switch console port. Step 2. Set the line speed on the emulation software to 9600 baud. Step 3. Power off the switch. Reconnect the power cord to the switch and within 15 seconds, press the Mode button while the System LED is still flashing green. Continue pressing the Mode button until the System LED turns briefly amber and then solid green. Then release the Mode button. Step 4. Initialize the Flash file system using the flash_init command. Step 5. Load any helper files using the load_helper command. Step 6. Display the contents of Flash memory using the dir flash command: The switch file system appears: Directory of flash: 13 drwx 192 Mar 01 1993 22:30:48 c2960lanbase-mz.122-25.FX 11 -rwx 5825 Mar 01 1993 22:31:59 config.text 18 -rwx 720 Mar 01 1993 02:21:30 vlan.dat 16128000 bytes total (10003456 bytes free) Step 7. Rename the configuration file to config.text.old, which contains the password definition, using the rename flash:config.text flash:config.text.old command. Step 8. Boot the system with the boot command. Step 9. You are prompted to start the setup program. Enter N at the prompt, and then when the system prompts whether to continue with the configuration dialog, enter N. Step 10. At the switch prompt, enter privileged EXEC mode using the enable command.
4

Enable password recovery

http://www.cisco.com/en/US/products/sw/io sswrel/ps1831/products_tech_note09186a00 801746e6.shtml

Step 11. Rename the configuration file to its original name using the rename flash:config.text.old flash:config.text command. Step 12. Copy the configuration file into memory using the copy flash:config.text system:runningconfig command. After this command has been entered, the follow is displayed on the console: Source filename [config.text]? Destination filename [running-config]? Press Return in response to the confirmation prompts. The configuration file is now reloaded, and you can change the password. Step 13. Enter global configuration mode using the configure terminal command. Step 14. Change the password using the enable secret password command. Step 15. Return to privileged EXEC mode using the exit command. Step 16. Write the running configuration to the startup configuration file using the copy runningconfig startup-config command. Step 17. Reload the switch using the reload command. S1(config)#banner login #Authorized Personnel Only! # S1(config)#banner motd #Device maintenance will be occurring on Friday# S1(config-line)#transport input telnet or (configline)#transport input all. S1(config) #ip domain-name mydomain.com S1(config) #crypto key generate rsa S1(config) #ip ssh version 2 S1(config) #line vty 0 15 S1(config-line) #transport input ssh S1(config)#boot system flash:c2960-lanbasemz.122-25.SEE1.bin
5

Configure a login banner Configure a MOTD banner Configure or re-enable Telnet on a line

Configuring SSH

Boot using a different file in flash

S1(config)#mac-address-table static 0060.3EDD.19A3 vlan 99 int fa0/24

Configure static MAC address

VLAN Configuration commands

S1#configure terminal S1(config)#vlan 99 S1(config-vlan)#name student S1(config-vlan)#end S1#configure terminal S1(config)#interface fa0/1 S1(config-if)#switchport mode access S1(config-if)#switchport access vlan 20 S1(config-if)#end S1#show vlan (brief id name or summary) S1#show vlan brief S1#show id 10 S1#show name student S1#show summary S1#show interfaces [interface-id | vlan vlan-id] | switchport S1#show interfaces vlan 20 S1#show interfaces fa0/18 switchport S1#configure terminal S1(config)#interface interface fa0/18 S1(config-if)#no switchport access vlan S1(config-if)#end S1#delete flash: vlan.dat S1#configure terminal S1(config)#interface interface fa0/18 S1(config-if)#switchport mode trunk S1(config-if)#switchport trunk native vlan 20 S1(config-if)#end S1(config-if)#no switchport trunk allowed vlan S1(config-if)#no switchport trunk native vlan Show interfaces command Add a VLAN

Assign a Switchport to a VLAN

Verify VLANs and port membership

Show interfaces command

Remove a VLAN the entire vlan.dat file can be deleted using the command delete flash:vlan.dat from privileged EXEC mode

Configure an 802.1Q Trunk

Use this command in the interface configuration mode to reset all of the VLANs configured on the trunk interface. Use this command in the interface configuration mode to reset the native VLAN back to VLAN 1.

S1(config-if)#switchport mode access S1#conf t S1(config)#int fa0/1 S1(config-if)#no switchport trunk allowed vlan S1(config-if)#no switchport trunk native vlan

Use this command in the interface configuration mode to reset the trunk port interface back to a static access mode port. Reset a trunk