Cisco Commands

I’ve collected some useful command lists of Cisco and wanted publishing on my blog. This article will be updated when I see some new commands related to Cisco.

Changing switch hostname

Switch(config)#hostname SW1

Configuring passwords

SW1(config)#enable secret cisco
SW1(config)#enable password notcisco

Securing console port

SW1(config)#line con 0
SW1(config-line)#password cisco
SW1(config-line)#login

Securing terminal lines

SW1(config)#line vty 0 4
SW1(config-line)#password cisco
SW1(config-line)#login

Configuring banners

SW1(config)#banner motd $
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
UNAUTHORIZED ACCESS IS PROHIBITED
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
$

Giving the switch an IP address

SW1(config)#interface VLAN 1
SW1(config-if)#ip address 172.16.1.11 255.255.255.0 (or dhcp)
SW1(config-if)#shutdown

Setting the default gateway

SW1(config)#ip default-gateway 172.16.1.1

Saving configuration

SW1#copy running-config startup-config
Destination filename [startup-config]? [OK]
or
SW1#wr [OK]

Working environment

(name lookup, history, exec-timeout and logging behavior)
SW1(config)#no ip domain-lookup
SW1(config)#line vty 0 4
SW1(config-line)#history size 15
SW1(config-line)# exec-timeout 10 30
SW1(config-line)#logging synchronous

Configuring switch to use SSH

1. Configure DNS domain name:
SW1(config)#ip domain-name example.com
2. Configure a username and password:
SW1(config)#username admin password cisco
3. Generate encryption keys:
SW1(config)#crypto key generate rsa
How many bits in the modulus [512]: 1024
4. Define SSH version to use:
SW1(config)#ip ssh version 2
5. Enable vty lines to use SSH:
SW1(config)#line vty 0 4
SW1(config-line)#login local
SW1(config-line)#transport input telnet ssh

Aliases

SW1(config)#alias exec c configure terminal
SW1(config)#alias exec s show ip interface brief
SW1(config)#alias exec sr show running-config

Description, speed and duplex

SW1(config)#interface fastEthernet 0/1
SW1(config-if)#description LINK TO INTERNET ROUTER
SW1(config-if)#speed 100 (options: 10, 100, auto)
SW1(config)#interface range fastEthernet 0/5 – 10
SW1(config-if-range)#duplex full (options: half, full, auto)

Verify Basic Configuration

SW1#show version
Shows information about the switch and its interfaces, RAM, NVRAM, flash, IOS, etc.

SW1#show running-config
Shows the current configuration file stored in DRAM.

SW1#show startup-config
Shows the configuration file stored in NVRAM which is used at the first boot process.

SW1#show history
Lists the commands currently held in the history buffer.

SW1#show ip interface brief
Shows an overview of all interfaces, their physical status, protocol status, and IP address if assigned.

SW1#show interface VLAN 1
Shows detailed information about the specified interface, its status, protocol, duplex, speed, encapsulation, last 5 min traffic.

SW1#show interfaces description
Shows the description of all interfaces

SW1#show interfaces status
Shows the status of all interfaces like connected or not, speed, duplex, trunk, or access VLAN.

SW1#show crypto key mypubkey RSA
Shows the public encryption key used for SSH.

SW1#show DHCP lease
Shows information about the leased IP address (when an interface is configured to get an IP address via a DHCP server)

Configuring port security

The sticky keyword is used to let the interface dynamically learns and configures the MAC addresses of the currently connected hosts.

1. Make the switch interface as access port:
SW1(config-if)#switchport mode access
2. Enable port security on the interface:
SW1(config-if)#switchport port-security
3. Specify the maximum number of allowed MAC addresses:
SW1(config-if)#switchport port-security maximum 1
4. Define the action to take when a violation occurs:
SW1(config-if)#switchport port-security violation shutdown (options: shutdown, protect, restrict)
5. Specify the allowed MAC addresses:
SW1(config-if)#switchport port-security mac-address 68b5.9965.1195 (options: H.H.H, sticky)

Verify and troubleshoot port-security

SW1#show mac-address-table
Shows the entries of the mac address table

SW1#show port-security
Overview of port security of all interfaces

SW1#show port-security interface fa0/5
Shows detailed information about port security on the specified interface

Configuring VLANs

1. Create a new VLAN and give it a name:
SW1(config)#vlan 10
SW1(config-vlan)#name SALES
2. Assign an access interface to access a specific VLAN:
SW1(config)#interface fastEthernet 0/5
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access VLAN 10

Configuring an auxiliary VLAN for cisco IP phones

Accessing vlan 10 (data) and 12 (VoIP)

SW1(config)#interface fastEthernet 0/5
SW1(config-if)#switchport access vlan 10
SW1(config-if)#switchport voice vlan 12

Configuring Trunks


SW1(config)#interface fastEthernet 0/1
SW1(config-if)#switchport mode trunk
(options: access, trunk, dynamic auto, dynamic desirable)

SW1(config-if)#switchport trunk allowed vlan add 10
(options: add, remove, all, except)

Securing VLANS and Trunking

1. Administratively disable unused interfaces:
SW1(config-if)#shutdown
2. Prevent trunking by disabling auto-negotiation on the interface:
SW1(config-if)#nonegotiate (or hardcode the port as an access port)
SW1(config-if)#switchport mode access
3. Assign the port to an unused VLAN:
SW1(config-if)#switchport access VLAN 222

Thanks reading the cisco commands article.

tr_TRTR