Change Device Name :
Hostname
For Example : (config)# hostname sw1
Hostname
For Example : (config)# hostname sw1
Set Password on Device :
Line con 0
For example : (config)# line con 0
(Config-line)# login local
(Config-line)# username admin password 123
(Config-line)# exit
Set password enable mode :
(config)# enable secret 123
Secret —-> md5 —->encryped
Password —> cleartext
Line con 0
For example : (config)# line con 0
(Config-line)# login local
(Config-line)# username admin password 123
(Config-line)# exit
Set password enable mode :
(config)# enable secret 123
Secret —-> md5 —->encryped
Password —> cleartext
Change Device Time :
Clock time zone <name> <hours> <minutes>
For example : (config)# clock time zone cisco 11 30
Clock time zone <name> <hours> <minutes>
For example : (config)# clock time zone cisco 11 30
Create vlan :
Vlan <number>
Vlan <name>
For example : (config)# vlan 10
(Config-vlan)# name srv
show created vlan :
(Config)# do show vlan brief
Vlan <number>
Vlan <name>
For example : (config)# vlan 10
(Config-vlan)# name srv
show created vlan :
(Config)# do show vlan brief
select one or multiple interfaces and set vlan :
(config)# interface fastEthernet <num>
(config)# interface range fa <num>
(config-if)# switchport mode access
(config-if)# switchport access vlan <num>
(config)# interface fastEthernet <num>
(config)# interface range fa <num>
(config-if)# switchport mode access
(config-if)# switchport access vlan <num>
trunk config :
L2 Switches:
(config)# int fa <num>
(config-if)# switchport mode trunk
MLS Switches:
(config)# int fa <num>
(config-if)# switchport trunk encapsulation dot1q
(config-if)# switchport mode trunk
L2 Switches:
(config)# int fa <num>
(config-if)# switchport mode trunk
MLS Switches:
(config)# int fa <num>
(config-if)# switchport trunk encapsulation dot1q
(config-if)# switchport mode trunk
vtp config :
(config)# vtp domain <name>
(config)# vtp password <num>
(config)# vtp version <num>
(config)# vtp mode <client|server|transparent>
show vtp ?
counters VTP statistics
password VTP password
status VTP domain status
(config)# vtp domain <name>
(config)# vtp password <num>
(config)# vtp version <num>
(config)# vtp mode <client|server|transparent>
show vtp ?
counters VTP statistics
password VTP password
status VTP domain status
Vlan Filtering :
Manual config :
(config)# int fa <num>
(config-if)# switchport trunk allowed vlan <num>
Help:
add add VLANs to the current list
all all VLANs
except all VLANs except the following
none no VLANs
remove remove VLANs from the current list
Automatic config :
(config)# vtp pruning
Manual config :
(config)# int fa <num>
(config-if)# switchport trunk allowed vlan <num>
Help:
add add VLANs to the current list
all all VLANs
except all VLANs except the following
none no VLANs
remove remove VLANs from the current list
Automatic config :
(config)# vtp pruning
Port Security Config :
Enable feature :
(config)# int fa <num>
(config-if)# switchport port-security
Select manually :
(config-if)# switchport port-security mac-address <H.H.H>
Select Automatically :
(config-if)# switchport port-security mac-address sticky
Accept one or more mac Address per interface :
(config-if)# switchport port-security maximum <num>
By Default : one mac address
Select Port security Mode :
(config-if)# switchport port-security violation <protect|restrict|shutdown>
By Default Mode : Shutdown
Enable feature :
(config)# int fa <num>
(config-if)# switchport port-security
Select manually :
(config-if)# switchport port-security mac-address <H.H.H>
Select Automatically :
(config-if)# switchport port-security mac-address sticky
Accept one or more mac Address per interface :
(config-if)# switchport port-security maximum <num>
By Default : one mac address
Select Port security Mode :
(config-if)# switchport port-security violation <protect|restrict|shutdown>
By Default Mode : Shutdown
Spanning Tree Protocol Config(STP) :
By Default is Running
STP Protocols = No loop
STP Mode :
(config)# spanning-tree mode <>
PVST ----> By Default
Rapide pvst
Multiple stp (MSTP)
PVST and Rapide = per vlan
MSTP = no per vlan
Spanning tree Priority per vlans cmd :
(config)# spanning-tree vlan <num> priority <num>
<0-61440> bridge priority in increments of 4096
Allowed values are:
0 4096 8192 12288 16384 20480 24576 28672
32768 36864 40960 45056 49152 53248 57344 61440
By Default = 32768
STP Timers :
By Default = about 50 Second
For Decreased Timer = Use Portfast
Portfast config :
(config)# int fa <num>
(config-if)# spanning-tree portfast
Dont accept port as root :
(config-if)# spanning-tree guard root
Change port Priority :
(config)# int fa <num>
(config-if)# spanning-tree vlan <num> port-priority <num>
By Default is Running
STP Protocols = No loop
STP Mode :
(config)# spanning-tree mode <>
PVST ----> By Default
Rapide pvst
Multiple stp (MSTP)
PVST and Rapide = per vlan
MSTP = no per vlan
Spanning tree Priority per vlans cmd :
(config)# spanning-tree vlan <num> priority <num>
<0-61440> bridge priority in increments of 4096
Allowed values are:
0 4096 8192 12288 16384 20480 24576 28672
32768 36864 40960 45056 49152 53248 57344 61440
By Default = 32768
STP Timers :
By Default = about 50 Second
For Decreased Timer = Use Portfast
Portfast config :
(config)# int fa <num>
(config-if)# spanning-tree portfast
Dont accept port as root :
(config-if)# spanning-tree guard root
Change port Priority :
(config)# int fa <num>
(config-if)# spanning-tree vlan <num> port-priority <num>
ACL Types :
Extended Access List -------> <100-199> Extended IP access-list number
Standard Access List ------->
<1-99> Standard IP access-list number
IP access-list number
Create Standard accesslist :
(config)# ip access-list standard <name or num>
(config-std-nacl)# ?
<1-2147483647> Sequence Number
default Set a command to its defaults
deny Specify packets to reject
exit Exit from access-list configuration mode
no Negate a command or set its defaults
permit Specify packets to forward
remark Access list entry comment
For Example : (config-std-nacl)# <seq num> permit <IP> <wildcard or subnet mask>
Create Extended accesslist :
(config)# ip access-list extended <name or num>
For Example : (config-ext-nacl)# <seq num> deny <protocol> <IP> <wildcard or subnet mask> eq <port num> <IP> <wildcard or subnet mask> eq <port num>
Using ACL in Interface :
(config)# int fa <num>
(config-if)# ip access-group <name or num> input|output
Extended Access List -------> <100-199> Extended IP access-list number
Standard Access List ------->
<1-99> Standard IP access-list number
IP access-list number
Create Standard accesslist :
(config)# ip access-list standard <name or num>
(config-std-nacl)# ?
<1-2147483647> Sequence Number
default Set a command to its defaults
deny Specify packets to reject
exit Exit from access-list configuration mode
no Negate a command or set its defaults
permit Specify packets to forward
remark Access list entry comment
For Example : (config-std-nacl)# <seq num> permit <IP> <wildcard or subnet mask>
Create Extended accesslist :
(config)# ip access-list extended <name or num>
For Example : (config-ext-nacl)# <seq num> deny <protocol> <IP> <wildcard or subnet mask> eq <port num> <IP> <wildcard or subnet mask> eq <port num>
Using ACL in Interface :
(config)# int fa <num>
(config-if)# ip access-group <name or num> input|output
Telnet Configuration :
Create vlan :
(config)# vlan <num>
Create Virtual interface and Set ip address :
(config)# int vlan <num>
(config-if)# ip address <ip> <subnet mask>
Set vlan on interface :
(config)# int fa <num>
(config-if)# switchport mode access
(config-if)# switchport access vlan <num>
create accesslist(ACL) :
(config)# access-list <num> permit host <IP>
Enable Telnet :
(config)# line vty <num> <num>
(config-line)# login local
(config-line)# username <name> secret <num>
(config-line)# access group <ACL num> input
(config)# Enable secret <num>
Create vlan :
(config)# vlan <num>
Create Virtual interface and Set ip address :
(config)# int vlan <num>
(config-if)# ip address <ip> <subnet mask>
Set vlan on interface :
(config)# int fa <num>
(config-if)# switchport mode access
(config-if)# switchport access vlan <num>
create accesslist(ACL) :
(config)# access-list <num> permit host <IP>
Enable Telnet :
(config)# line vty <num> <num>
(config-line)# login local
(config-line)# username <name> secret <num>
(config-line)# access group <ACL num> input
(config)# Enable secret <num>