This tutorial explains basic switch configuration commands in detail with examples. Configuration and commands explained in this tutorial are essential commands to manage a Cisco switch effectively. Learn how to configure and manage a Cisco Switch step by step with this basic switch commands and configuration guide.
To explain basic switch configuration commands, I will use packet tracer network simulator software. You can use any network simulator software or can use a real Cisco switch to follow this guide. There is no difference in output as long as your selected software contains the commands explained in this tutorial.
Create a practice lab as shown in following figure or download this pre-created practice lab and load in packet tracer
Title: Basic switch configuration Author: Thomas Ivarsson Last edit: February 28, 2012 Basic switch configuration Cisco IOS Basic switch functions, names and passwords The switch name is tool to let us see what device we are connected to. The prompt will display the name of the switch so SW1 tells us that we are connected to a switch named 'SW1'. Should start to learn the routing and switching configuration through the Juniper routers, first, you need to be familiar with basic Juniper Router Configuration commands. Here, we are going to explain the step by step Juniper Router Configuration guide. CCNA Command Summary Cheat Sheet Basic Router Commands To get into Privilege Mode from User mode enable To exit out of Privilege mode disable To exit the router Exit or logoff Previous Command Up arrow or Ctrl-P Next Command Down arrow or Ctrl-N Move forward one character Right arrow or Ctrl-F Move back one character Left arrow or Ctrl-B. Other Commands Comm and From Mode Func tion sdm pre dual def global config used if switch won't take IPv6 address General Commands Short Command Complete Command Func tion en enable user EXEC priv. EXEC conf t config terminal priv. EXEC global config int inter face global config interface config linegoba c f config sh run show runnin g.
If require, you can download the latest as well as earlier version of Packet Tracer from here. Download Packet Tracer
In this topology
- Two 2960 Series switches are used.
- Switch1 (Interfarce Gig1/1) is connected with Switch2 (Interface Gig1/1) via cross cable.
- Switch1 has two PCs connected on interfaces Eth0/1 and Eth0/2 via straight through cable.
- Same as switch1, Switch2 also has two PCs connected on its interfaces Eth0/1 and Eth0/2.
- IP address is configured on all PCs PC0 (192.168.1.1/24), PC1 (192.168.1.2/24), PC2 (192.168.1.3/24), PC3 (192.168.1.4/24).
Click Switch1 and click CLI menu item and press Enter Key
Navigating between different switch command modes
Cisco switches run on proprietary OS known as Cisco IOS. IOS is a group of commands used for monitoring, configuring and maintaining cisco devices. For security and easy administration, IOS commands are divided in the set of different command modes. Each command mode has its own set of commands. Which commands are available to use, depend upon the mode we are in.
Following table lists necessary commands to navigate between different IOS modes with examples.
Mode | Purpose | Prompt | Command to enter | Command to exit |
User EXEC | Allow you to connect with remote devices, perform basic tests, temporary change terminal setting and list system information | Router > | Default mode after booting. Login with password, if configured. | Use exit command |
Privileged EXEC | Allow you to set operating parameters. It also includes high level testing and list commands like show, copy and debug. | Router # | Use enable command from user exec mode | Use exit command |
Global Configuration | Contain commands those affect the entire system | Router(config)# | Use configure terminal command from privileged exec mode | Use exit command |
Interface Configuration | Contain commands those modify the operation of an interface | Router(config-if)# | Use interface type number command from global configuration mode | Use exit command to return in global configuration mode |
Sub-Interface Configuration | Configure or modify the virtual interface created from physical interface | Router(config-subif) | Use interface type sub interface number command from global configuration mode or interface configure mode | Use exit to return in previous mode. Use end command to return in privileged exec mode. |
Setup | Used by router to create initial configuration, if running configuration is not present | Parameter[Parameter value]: | Router will automatically insert in this mode if running configuration is not present | Press CTRL+C to abort. Type Yes to save configuration, or No to exit without saving when asked in the end of setup. |
ROMMON | If router automatically enter in this mode, then it indicates that it fails to locate a valid IOS image. Manual entrance in this mode Allow you to perform low-level diagnostics. | ROMMON> | Enter reload command from privileged exec mode. Press CTRL + C key combination during the first 60 seconds of booting process | Use exit command. |
How to get help on Cisco Switch command mode
Switch provides two types of context sensitive help, word help and command syntax help.
Word help
Word help is used to get a list of available commands that begin with a specific letter. For example if we know that our command begins with letter e, we can hit enter key after typing e? at command prompt. It will list all possible commands that begin with letter e.
We can list all available commands, if we don't know the initials of our command. For example to list all available commands at User exec mode, just type ? at command prompt and hit enter key.
Command syntax help
Command syntax help can be used to get the list of keyword, commands, or parameters that are available starting with the keywords that we had already entered. Enter ? (Question mark) after hitting Space key and prompt will return with the list of available command options. For example to know the parameters required by show ip command type show ip ? and prompt will return with all associate parameters. If prompt returns with <CR> only as an option, that means switch does not need any additional parameters to complete the command. You can execute the command in current condition.
How to set name on switch
Switch name can be set from global configuration mode. Use hostname [desired hostname] command to set name on switch.
How to set password on a Catalyst switch
Passwords are used to restrict physical access to switch. Cisco switch supports console line for local login and VTYs for remote login. All supported lines need be secure for User Exec mode. For example if you have secured VTYs line leaving console line unsecure, an intruder can take advantage of this situation in connecting with device. Once you are connected with device, all remaining authentication are same. No separate configuration is required for further modes.
Password can be set from their respective line mode. Enter in line mode from global configuration mode.
VTY term stand for virtual terminal such as telnet or SSH. Switch may support up to thousand VTYs lines. By default first five (0 - 4) lines are enabled. If we need more lines, we have to enable them manually. 2960 Series switch supports 16 lines. We can set a separate password for each line, for that we have to specify the number of line. In our example we set a common password for all lines.
Above method is good for small companies, where numbers of network administrators are very few. In above method we have to share password between all administrators. Switch supports both local and remote server authentication. Remote server authentication is a complex process and not included in any entry level exams. For this article I am also skipping remote server method. In local database authentication method switch allows us to set a separate password for each user. Two global configuration commands are used to set local user database.
Both commands do same job. Advantage of using secret option over password option is that in secret option password is stored in MD5 encryption format while in password option password is stored in plain text format.
Along with User Exec mode we can also secure Privilege Exec mode. Two commands are available for it.
Again as I mentioned earlier, password stored with secret command is encrypted while password stored with password command remains in plain text. You only need to use single command. If you would use both commands as I did, enable secret command would automatically replace the enable password command.
How to reset switch to factory defaults
During the practice several times we have to reset switch to factory defaults. Make sure you don't run following commands in production environment unless you understand their effect clearly. Following commands will erase all configurations. In production environment you should always takes backup before removing configurations. In LAB environment we can skip backup process.
How to set IP address in Switch
IP address is the address of device in network. Switch allows us to set IP address on interface level. IP address assigned on interface is used to manage that particular interface. To manage entire switch we have to assign IP address to VLAN1( Default VLAN of switch). We also have to set default gateway IP address from global configuration mode. In following example we would assign IP 172.16.10.2 255.255.255.0 to VLAN1 and set default gateway to 172.16.10.1.
How to set interface description
Switches have several interfaces. Adding description to interface is a good habit. It may help you in finding correct interface. In following example we would add description Development VLAN to interface FastEthernet 0/1.
How to clear mac address table
Switch stores MAC addresses in MAC address table. Gradually it could be full. Once it full, switch automatically starts removing old entries. You can also clear these tables manually from privileged exec mode. To delete all entries use following command
To delete only dynamic entries use
How to add static MAC address in CAM table
For security purpose sometime we have to add mac address in CAM table manually. To add static MAC address in CAM table use following command
In above command we entered an entry for static MAC address aaaa.aaaa.aaaa assigned to FastEnternet 0/1 with default VLAN1.
How to save running configuration in switch
Switch keeps all running configuration in RAM. All data from RAM is erased when we turned off the device. To save running configuration use following command
How to set duplex mode
Switch automatically adjust duplex mode depending upon remote device. We could change this mode with any of other supported mode. For example to force switch to use full duplex mode use
To use half duplex useshow version
show version command provides general information about device including its model number, type of interfaces, its software version, configuration settings, location of IOS and configuration files and available memories.
show mac-address-table
Switch stores MAC address of devices those are attached with its interfaces in CAM table. We can use show mac-address-table command to list all learned devices. Switch uses this table to make forward decision.
show flash
Switch stores IOS image file in flash memory. show flash command will list the content of flash memory. This command is useful to get information about IOS file and available memory space in flash.
show running-config
Configuration parameter values are created, stored, updated and deleted from running configuration. Running configuration is stored in RAM. We can use show running-config command to view the running configuration.
show startup-config
Any configuration stored in RAM is erased when devices is turned off. We can save running configuration in NVRAM. If we have saved running configuration in NVRAM, it would be automatically loaded back in RAM from NVRAM during the next boot. As switch load this configuration back in RAM in startup of device, at NVRAM it is known as startup-config.
show vlan
show vlan command will display the VLANs. For administrative purpose, switch automatically create VLAN 1 and assign all its interfaces to it. You can create custom VLANs from global configuration mode and then assign them to interfaces.
show interface
show interface command displays information about interfaces. Without argument it would list all interfaces. To get information about specific interface we need to pass its interface number as an argument. For example to view details about FastEthernet 0/1, use show interface fastethernet 0/1.
First line from output provides information about the status of interface.
The first up indicates the status of the physical layer, and the second up indicates to the status of the data link layer.
Possible interface status
- up and up :- Interface is operational.
- up and down :- Its data link layer problem.
- down and down :- Its physical layer problem.
- Administratively down and down :- Interface is disabled with shutdown command.
Possible values for physical layer status
- Up :- Switch is sensing physical layer signal.
- Down :- Switch is not sensing physical layer signal. Possible reasons could be cable is not connected, wrong cable type is used and remote end device is turned off.
- Administratively down :- Interface is disabled by using shutdown command.
Possible values for data link layer status
- Up :- The data link layer is operational.
- Down :- The data link layer is not operational. Possible reasons could be a disabled physical layer, missed keep alives on a serial link, no clocking or an incorrect encapsulation type.
show ip interface brief
show ip interface brief is a extremely useful command to get quick overview of all interfaces on switch. It lists their status including IP address and protocol.
That’s all for this article.
In order to help us complete the basic configuration of our Cisco routers, this lesson introduces the use of configuration modes, and how they interact to help us configure the router from the command-line interface (CLI). We will see configuration examples for basic interface components including IP addresses and then an overview of the show commands to verify proper configuration and operations.
Overview of Router Modes
The first step in configuring a router is to be located at privileged mode. Remember, exact modes have two sublevels: user and privileged. You go from user to privilege using the enable command and then from there you can only do monitoring and maintenance commands. If you want to configure, you have to go into global configuration mode at least, and you can accomplish that by typing configure terminal. That changes you to a different mode and the commands that you will have available are going to be different.
While in global configuration mode, anything you configure in that particular mode will affect the router as a whole typically, for example, the router’s host name and passwords and banners. If you want to configure specific components, then you would have to go into that components configuration mode from global configuration.
Router con0 is now available
Press RETURN to get started.
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#
Router(config)#hostname Branch
Branch(config)#^Z
Branch#
*Feb 4 20:09:54.192: %SYS-5-CONFIG_I: Configured from console by console
Branch#
Interface configuration mode requires a command from global config and then the prompt changes to tell you that you are in a different configuration mode. This is similar for sub-interfaces, controllers, access lines and routing protocols. If you want to navigate back and forth between modes, exit takes you one mode back and Ctrl+Z takes you all the way back to privileged EXEC mode with no regards to your location. If you want to navigate between second level configuration modes, then you can do so without having to go back to global configuration mode.
Saving Configuration
The configuration process is typically ongoing and incremental. Administrators may even start the process by cutting text from configuration files and pasting it into the command-line interface. After that, they gradually configure different functions and different components of the router. During change management, new configurations and sections may appear. At all times, for every line that I type into or copy into the command-line interface and hit Enter, that configuration command is going to be active and available in the running configuration. If I boot up the router at that point, I will lose my configurations if I do not save them into the nonvolatile memory. This is again what is called the startup configuration. This command will help you save those configurations into NVRAM and it is recommended to use it frequently, especially during change management.
Branch#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
Branch#
Or:
Branch#write memory
Building configuration...
[OK]
Configuring Router Identification
Accurate and effective documentation in sign posting is always a good practice. Router configuration is no exception and so here we see some commands that will allow you to document your settings and provide visual aids to identify certain components. For example, the host name of the router will be used as your router prompt.
At the command-line interface, the first word you see is the host name. For users connecting to the router, a good banner when they log in or when they access via any of the access lines will be an effective tool to convey the message of policies, access times, or support information. In configuring and changing the router configuration, it is probably important to provide descriptions to different components and so you will have a description command in interface configuration mode that allows you to then identify the interface when you use the show commands.
Console-Line Commands
Another important function in configuring the router is security and access control. The first command there could mitigate the exposure caused by lack of physical security. If someone accesses the console, and they suddenly leave, someone else could come in and use that session to their advantage: view the configurations, view the passwords, or even change them. The exec-timeout command allows you to set up a time out for command-line interface shells. In example, the console connection will time out and relogin the users after 20 minutes and 30 seconds.
Branch(config)#
Branch(config)#line vty 0 4
Branch(config-line)#exec-timeout ?
<0-35791> Timeout in minutes
Branch(config-line)#exec-timeout 20 ?
<0-2147483> Timeout in seconds
<cr>
Branch(config-line)#exec-timeout 20 30 ?
<cr>
Branch(config-line)#exec-timeout 20 30
Some other times you may want to prevent a denial of service attack that we inflict on ourselves. For example, when you are troubleshooting a router, you may enable a good number of messages to be displayed on the console, so that you can see what is going on. Well, that may prevent you from typing commands to fix a problem and so logging synchronous is a command that allows us to redisplay the interrupted console input after a message has been displayed. In other words, I am typing, a message is displayed, well the command I was typing is redisplayed on the screen, so I can follow up and continue typing and fixing the problems.
Branch(config-line)#logging synchronous
Branch(config-line)#end
Branch#wr
Building configuration...
[OK]
Branch#
Configuring an Interface
Interfaces are the door to other networks and are one of the things that makes the router a router, the device capable of connecting multiple segments, so their configuration is going to be critical. You can configure interfaces by going into the interface configuration mode, and you do this by typing the command interface and then the interface identifier.
Typically, the interface identifier will depend on the type of router we have and so there are some fixed configuration routers that will simply have Ethernet 0 as an example or Serial 0 as another example. In modular routers, the interface identifier depends on the location of the interface in terms of the various slots and modules in the router chassis. At that point, you would identify the interface with a number and the number is going to be a slot followed by a / followed by a port, and so if the interface I want to accesses is on slot 1 and it is port number 3, then it would be 1/3.
Configuring an Interface Description
It is very important to be able to identify quickly the various components of our configuration. Interface names and numbers are sometimes not too pneumonic or suitable to remember what they are all about. It will be better to know an interface by calling it interface 2 branch 1 than by calling it as 00.
So good description will come handy; it will improve your documentation and will be very effective in troubleshooting. That is the command to assign an interface, a description, and as you can imagine, it is an interface configuration mode command.
Disabling or Enabling an Interface
Interfaces have multiple statuses, and they relate to layers 1 and 2 in the display of our commands. For example, if I do show IP interfaces brief, the output of that command will display the layer 1 status and layer 2 status. One possible status is down and this could happen due to lack of service or signal on a certain interface or due to misconfigurations.
Cisco Basic Router Configuration Commands
At some point, during troubleshooting or during change management, administrators may want to bring the interface down administratively. These commands show how to do it. The shut down command in interface configuration mode disables the interface, while the no version of the same command will enable the interface. The no keyword is valid for several commands, not only this one, and allows you to negate or revert the action of a certain command.
Configuring IP Address
IP addresses are the building block to IP communications. In a router, any active IP interface will require an IP address. Setting the IP address includes setting of the address itself plus the mask. The mask tells the router how to read the IP address and understand in terms of networks and hosts. Following proper design guidelines you should reach a consensus in terms of how IP addresses are going to be allocated and assigned to different segments and hosts in the network.
Basic Router Configuration Commands Pdf Software
In routers, again, all interfaces that transport IP will need one; this also helps the router in defining the topology of the directly connected networks and be able to advertise those networks to other devices via routing protocols. The router’s IP addresses will also sometimes serve as a default gateway to configure on other devices and hosts.
Branch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Branch(config)#interface fa0/0
Branch(config-if)#ip address 192.168.10.1 255.255.255.0
Branch(config-if)#description ### LAN ###
Branch(config-if)#no shutdown
Branch(config-if)#
*Feb 4 20:21:05.434: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Feb 4 20:21:06.435: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
Branch(config-if)#
Branch(config-if)#exi
Branch(config)#int fa0/1
Branch(config-if)#ip address 10.1.5.2 255.255.255.252
Branch(config-if)#description ### Internet ###
Branch(config-if)#no shu
*Feb 4 20:22:32.896: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
*Feb 4 20:22:33.899: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
Branch(config-if)#end
Branch#
Branch#wr
Building configuration...
[OK]
Branch#
Router show interface Command
Multiple commands are available to verify your configuration; show interfaces is perhaps one of the commands that displays the most information in its output. The basic version of the command will actually display the MAC addresses and IP addresses as well as valuable statistics in terms of number received and transmitted packets and put an output rates and layer 1 and layer 2 counters. Do yourself a favour and try to memorize the following two very useful and important commands!
Interpreting the Interface Status
The first line of our show interfaces command is the actual status of the interface, and again this is broken into two different statuses, one per layer. The first status is layer 1, the second status is layer 2, and so you can see here some of the combinations that will represent a different overall status of the interface.
Router#sh int fa 0
FastEthernet0 is up, line protocol is up
Hardware is PQ3_TSEC, address is 0021.a09d.1b6c (bia 0021.a09d.1b6c)
Description: ### PROVIDER ###
Internet address is 192.168.0.65/24
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of 'show interface' counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 39
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 2000 bits/sec, 1 packets/sec
5 minute output rate 1000 bits/sec, 1 packets/sec
491094 packets input, 487489009 bytes
Received 245 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
386363 packets output, 74996232 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
If both components are up, then status is operational. If the physical layer is up, but the data link layer is down, then there may be a connection problem related to say Ethernet. In the case of serial interfaces, this may be an indication of lack of keepalives or mismatched encapsulation types. If both statuses are down, then that probably means that there is no cable attached to the port. Finally, when you shut down the interface, it will show as administratively down.
Navigating the CLI
Let's review the navigation tools and some of the commands that may come handy. We know that here at privileged mode, we can go into global configuration by doing the config T, and then from there, to further other configuration modes like interface configuration mode, like that, for that particular interface. Now from here, we cannot do show commands initially because those belong to the EXEC mode and we are in interface configuration mode. So, if I do things like show ip int brief from here, it says no, you can’t because it is not available in this mode. Well, I can always use a do version of the command. Do will invoke commands that belong to EXEC mode. And so, if I do that, then it displays the output of the show IP interface brief while I am still at the interface configuration mode. Now, if I wanted to navigate and move back and forth, I can use the exit command to go back one level or one section. If I go back to interface configuration mode, though, and want to go all the way back into the EXEC mode, I can do Ctrl-Z, and then that is going to do it. Another command that may come handy is how to break, or abort, certain things. For example, the default behavior if I type an unknown command is to look up that word via DNS and try to resolve it to an IP address and Telnet to it. All that may take a little time. So, if I do that and start looking it up, I can use the keywords to abort, which are Ctrl-Shift-6, and that thing aborts certain commands like this translation, and also ping and trace for testing. And that is going to come handy if you do not want to waste your time here. Useful stuff. Let's move on.
Router#
Router#
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int fa 0
Router(config-if)#
Router(config-if)#sh ip int brie
^
% Invalid input detected at '^' marker.
Router(config-if)#do sh ip int brie
Interface IP-Address OK? Method Status Protocol
BRI0 unassigned YES NVRAM administratively down down
BRI0:1 unassigned YES unset administratively down down
BRI0:2 unassigned YES unset administratively down down
FastEthernet0 192.168.0.65 YES NVRAM up up
FastEthernet1 unassigned YES NVRAM administratively down down
FastEthernet2 unassigned YES unset down down
FastEthernet3 unassigned YES unset down down
FastEthernet4 unassigned YES unset up down
FastEthernet5 unassigned YES unset up down
FastEthernet6 unassigned YES unset up up
FastEthernet7 unassigned YES unset up up
FastEthernet8 unassigned YES unset up up
FastEthernet9 unassigned YES unset down down
NVI0 192.168.0.65 YES unset up up
Tunnel1 10.10.1.65 YES NVRAM up up
Tunnel2 10.10.2.65 YES NVRAM up up
Vlan1 192.168.65.192 YES NVRAM up up
Router(config-if)#
Router(config-if)#exi
Router(config)#
Router(config)#
Router(config)#int fa 0
Router(config-if)#
Router(config-if)#^Z
Router#
Router#unknown
Translating 'unknown'
Translating 'unknown'
% Bad IP address or host name
% Unknown command or computer name, or unable to find computer address
Router#
Comments are closed.