Cisco Commands BY: Fawzy Abdelbaset

Changing switch hostname

Switch(config)#hostname SW1
Configuring passwords
SW1(config)#enable secret cisco MD5 hash.
SW1(config)#enable password notcisco Clear text.
Securing console port
SW1(config)#line con 0
SW1(config-line) #password cisco
SW1(config-line) #login
Securing terminal lines
SW1(config)#line vty 0 4
SW1(config-line) #password cisco
SW1(config-line) #login
Encrypting passwords
SW1(config)#service password-encryption
Configuring banners
SW1(config)#banner motd $
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
UNAUTHORIZED ACCESS IS PROHIBITED
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
$
Giving the switch an IP address
SW1(config) #interface vlan 1
SW1(config-if) #ip address 172.16.1.11 255.255.255.0 (or dhcp)
SW1(config-if) #shutdown
Setting the default gateway
SW1(config) #ip default-gateway 172.16.1.1
Saving Configuration
SW1#copy running-config startup-config
Destination filename [startup-config]? Press enter to
Building configuration_ confirm file name.
[OK]
SW1#wr
Building configuration_ Short for write memory.
[OK]

Working environment
1|Page
 Cisco Commands BY: Fawzy Abdelbaset

(name lookup, history, exec-timeout and logging behavior)

SW1(config)# no ip domain-lookup
SW1(config)# line vty 0 4
Also valid for
SW1(config-line) #history size 15
line con 0.
SW1(config-line) #exec-timeout 10 30
SW1(config-line) #logging synchronous
Configuring switch to use SSH
• Configure DNS domain name: The size of the key modulus
SW1(config)#ip domain-name example.com in range of 360 to 2048.
• Configure a username and password:
SW1(config)#username admin password cisco You can set vty lines to use
• Generate encryption keys: only telnet or only ssh or
SW1(config)#crypto key generate rsa both as in the example.
How many bits in the modulus [512]: 1024
• Define SSH version to use:
SW1(config)#ip ssh version 2
• Enable vty lines to use SSH:
SW1(config) #line vty 0 4
SW1(config-line) #login local
SW1(config-line) #transport input telnet ssh
Aliases
SW1(config) #alias exec c configure terminal Used to create shortcuts for
SW1(config) #alias exec s show ip interface brief long commands.
SW1(config) #alias exec sr show running-config
SW1(config) #interface fastEthernet 0/1 The range
SW1(config-if) #description LINK TO INTERNET ROUTER keyword used to set a group
SW1(config-if) #speed 100 (options: 10, 100, auto) of interfaces at once.
SW1(config) #interface range fastEthernet 0/5 - 10
SW1(config-if-range) #duplex full (options: half, full, auto)

Verify Basic Configuration

SW1#show version Shows information about the switch and its interfaces,
RAM, NVRAM, flash, IOS, atc.
SW1#show running-config Shows the current configuration file stored in DRAM
SW1#show startup-config shows the configuration file stored in NVRAM which is
used at first boot process.

2|Page
 Cisco Commands BY: Fawzy Abdelbaset

SW1#show history Lists the commands currently held in the history buffer
SW1#show ip interface brief shows an overview of all interfaces, their physical
status; protocol status and ip address if assigned.
SW1#show interface vlan 1 Shows detailed information about the specified
interface, its status, protocol, duplex, speed,
encapsulation, last 5 min Traffic.
SW1#show interfaces description Shows the description of all interfaces
SW1#show interfaces status Shows the status of all interfaces like connected or not,
speed, duplex, trunk or access vlan.
SW1#show crypto key mypubkey rsa Shows the public encryption key used for SSH.
SW1#show dhcp lease shows information about the leased IP address (when
an interface is configured to get IP address via a dhcp
server)
Configuring port Security
• Make the switch interface as access port: The sticky keyword is
SW1(config-if) #switchport mode access used to let the
• Enable port security on the interface: Interface dynamically
SW1(config-if) #switchport port-security learns and configures
• Specify the maximum number of allowed MAC addresses: the Mac addresses
SW1(config-if) #switchport port-security maximum 1 of the currently
• Define the action to take when violation occurs: connected hosts,
SW1(config-if) #switchport port-security violation shutdown (options:
shutdown, protect, restrict)
• Specify the allowed MAC addresses:
SW1(config-if) #switchport port-security mac-address
&68b5.9965.1195
(options: H.H.H, sticky)

Verify and troubleshoot port security

SW1#show mac-address-table Shows the entries of the mac
address table
SW1#show port-security overview of port security of
all interfaces

3|Page
 Cisco Commands BY: Fawzy Abdelbaset

SW1#show port-security interface fa0/5 Shows detailed information

about port
Configuring VLANs
• Create a new VLAN and give it a name:
SW1(config) #vlan 10
SW1(config-vlan) #name SALES
• Assign an access interface to access a specific VLAN:
SW1(config) #interface fastEthernet 0/5
SW1(config-if) #switchport mode access
SW1(config-if) #switchport access vlan 10

STP verification and troubleshooting

SW1#show spanning-tree Shows detailed info about
STP state
SW1#show spanning-tree interface fa0/2 Shows STP Info only on a
specific port
SW1#show spanning-tree vlan 1 Shows STP info only for a
specific VLAN
SW1#show spanning-tree [vlan1] root Shows info about the root
switch
SW1#show spanning-tree [vlan1] bridge shows info about the local
switch
SW1#show etherchannel 1 Show the state of the
etherchannels
SW1#debug spanning-tree events Provides informational
messages about the changes
in the STP topology
Enabling or disabling CDP
• Enabling CDP globally on a switch:
SW1(config) #cdp run
• Disabling CDP on a given interface:
SW1(config-if) #no cdp enable
Using CDP for network verification and troubleshooting
SW1#show cdp Shows global information
about CPP itself
SW1#show cdp interface fa0/2 Shows information about
COP on a specific

4|Page
 Cisco Commands BY: Fawzy Abdelbaset

SW1#show cdp neighbors Shows information about the

directly connected cisco
devices including interfaces
names capabilities.
SW1#show cdp neighbors detail Shows detailed information
about the
neighboring cisco devices
Including device address and
version of IOS they run.
SW1#show cdp entry * Same as show cdp neighbor
detail
SW1#show cdp entry sw2 shows detailed information
about the specified entry
only.
Configuring an auxiliary WLAN for cisco IP phones
SW1(config) #interface fastEthernet 0/5 Accessing vlan 10
SW1(config-if) #switchport access vlan 10 (data) and 12 (voip)
SW1(config-if) #switchport voice vlan 12
Configuring Trunks
SW1(config) #interface fastEthernet 0/1
SW1(config-if) #switchport mode trunk
(options: access, trunk, dynamic auto, dynamic desirable)
SW1(config-if) #switchport trunk allowed vlan 10
(options: add, remove, all, except)
Securing VLANS and Trunking
• Administratively disable unused interfaces:
SW1(config-if) #shutdown
• Prevent trunking by disabling auto negotiation on the
interface:
SW1(config-if) #nonegotiate (or hardcode the port as an access port)
SW1(config-if) #switchport mode access
• Assign the port to an unused VLAN:
SW1(config-if) #switchport access vlan 222

5|Page
 Cisco Commands BY: Fawzy Abdelbaset

Configuring VTP
• Configure VTP mode: VTP mode is used
SW1(config) #vtp mode server (options: server, client, transparent) when an engineer
• Configure VTP domain name: wants to deactivate
SW1(config) #vtp domain EXAMPLE (case-sensitive) VTP on a particular
• Configure VTP password: (optional) switch
SW1(config) #vtp password cisco (case-sensitive)
• (Configure VTP pruning: (optional)
SW1(config) #vtp pruning (only works on VTP servers)
• Enable VTP version 2: (optional)
SW1(config) #vtp version 2
• Bring up trunks between the switches

Verify and troubleshoot VLANS and VTP

SW1#show interfaces if switchport Lists information about administrative
setting and operation status of interface
SW1#show interfaces trunk Lists all the Trunk ports on a switch
including the trunk allowed VLANS
SW1#show vlan {brief| id| name| summary} Lists VTP configuration (mode, domain
name, version, etc) and revision number
SW1#show vtp password Shows the VTP password

6|Page