Skip to main content Link Search Menu Expand Document (external link)

Cisco Switching

Table of contents

  1. Basic Setup and query
  2. SSH
  3. Vlan
  4. VLAN ACL
  5. VTP Vlan Trunk Protocol (risk)
  6. Spanning-tree
  7. Switchport Mode Access
  8. Switchport Mode Access (Advanced Security)
  9. Switchport Mode Trunk
  10. EthernetChannel
  11. Switchport mirror
  12. StackWise
  13. Virtual Port Channel and HSRP
  14. VRRP Virtual Router Redundancy Protocol
  15. 802.1x Authentication
  16. DHCP
  17. POE
  18. Voice VLAN
  19. Backup and Restore
  20. Reset Configuration
  21. Reset Password
  22. Error Disable
  23. Trick

Basic Setup and query 

enable
configure terminal
hostname CoreSwitch01
enable secret cisco
write-memory
show flash:
show running-config
show interface status
show interfaces description
show running-config interface fastEthernet 0/1
show interface fastEthernet 0/1 switchport
show mac-address-table
show arp
show interface counters
show int f0/0 | include rate

SSH 

ip domain-name contoso.wiki
crypto key generate rsa
username cisco privilege 15 secret cisco
line vty 0 4
login local
transport input ssh

Vlan 

vlan 1 (management vlan by default)
Create vlan (Manually on all switches)
vlan 10
vlan 20
show vlan brief
interface vlan 10
ip address 192.168.100.1 255.255.255.0
no shutdown

VLAN ACL 

ip access-list extended local-17
permit ip host 192.168.99.17 192.168.99.0 0.0.0.255
exit
vlan access-map block-17 10
match ip address local-17
action drop
vlan access-map block-17 20
action forward
exit
vlan filter block-17 vlan-list 99

VTP Vlan Trunk Protocol (risk) 

configure trunk first
mode: server / client / transparent
vtp domain alphabook
vtp mode server
vtp password cisco
vtp pruning (on server)
show vtp status

Spanning-tree 

PVST+ (Cisco)
RPVST Rapid PVST (Cisco)
MST Multiple Spanning Tree
spanning-tree mode mst
spanning-tree mst configuration
name cisco
revision 1
instance 1 vlan 10,11,12
instance 2 vlan 20,21,22
spanning-tree mst 1 root primary
spanning-tree mst 2 root secondary

Switchport Mode Access 

interface fastEthernet 0/1
description 1F-P001
switchport mode access
switchport access vlan 10
interface fastEthernet 0/2
description 1F-P002
switchport mode access
switchport access vlan 20

Switchport Mode Access (Advanced Security) 

switchport port-security mac-address 0000.1111.2222
switchport port-security maximum 1
switchport port-security violation shutdown
switchport port-security violation protect
show port-security
show errdisable recovery

Switchport Mode Trunk 

interface range gigabitEthernet 0/1 - 2
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
switchport trunk native vlan 10
switchport trunk allowed vlan 1,10,20,30,1002-1005
switchport trunk allowed vlan add 40
show switchport trunk
show interface gigabitEthernet 0/1 trunk

EthernetChannel 

interface range gigabitEthernet 0/1 - 2
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode on
port-channel load-balance src-dst-mac
show etherchannel summary
show etherchannel port-channel
show etherchannel load-balance

Switchport mirror 

monitor session 1 source interface fastEthernet 0/1
monitor session 1 destination interface fastEthernet 0/1
show monitor 1
no monitor session 1

StackWise 

Cisco StackWise technology provides an innovative new method for collectively utilizing the capabilities of a stack of switches. Individual switches intelligently join to create a single switching unit with a 32-Gbps switching stack interconnect. Configuration and routing information is shared by every switch in the stack, creating a single switching unit. Switches can be added to and deleted from a working stack without affecting performance.
show switch
show switch stack-ports
switch stack-member-number priority new-priority-value
https://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3750-series-switches/prod_white_paper09186a00801b096a.html

Virtual Port Channel and HSRP 

It eliminates the need to run Spanning Tree Protocol (STP).
It provides a loop-free topology.
Because we are no longer running STP, every link is leveraged.
It improves high availability.
It allows downstream devices to be connected to two separate devices, thus providing more redundancy.

VRRP Virtual Router Redundancy Protocol 

interface vlan 10
vrrp 10 ip 192.168.10.1
vrrp priority 105 (100 by default)
show vrrp brief

802.1x Authentication 

configure terminal
aaa new-model
aaa authentication dot1x default group radius
dot1x system-auth-control
radius-server host 192.168.1.100
radius-server key cisco
interface fastEthernet 0/1
switchport mode access
authentication port-control auto
dot1x pae authenticator
dot1x host-mode multi-host
show dot1x

DHCP 

UDP (Client 67, Server 68) DHCP Discover / DHCP Offer / DHCP Request / DHCP ACK
service dhcp
no ip dhcp conflict logging
ip dhcp pool poolVlan10
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 192.168.10.20
lease 7
ip dhcp excluded-address 192.168.10.1 192.168.10.49
Multiple VLANs
ip helper-address 192.168.10.1

POE 

power inline auto max 6000
power inline never
show power inline

Voice VLAN 

switchport voice vlan 120
show interface fastEthernet 0/1
Storm Control

Backup and Restore 

copy running-config tftp:
copy tftp: running-config

Reset Configuration 

erase startup-config
dir
delete flash:vlan.dat
reload

Reset Password 

flash_init
load_helper
dir flash:
rename flash:config.text flash:config.old
boot
rename flash:config.old flash:config.text
copy flash:config.text system:running-config
enable secret cisco
write memory

Error Disable 

errdisable detect cause ?
errdisable recovery cause ?
errdisable recovery interval ?
show errdisable detect
show errdisable recovery

Trick 

service password-encryption
no ip domain-lookup
no switchport
no ip routing
no cdp run
default interface fastEthernet 0/1
PVID Port Vlan ID
AAA Authentication / Authorization / Accounting
TTL
Multicast address 224.0.0.0 - 239.255.255.255