·
In this article I will introduce
the Cisco Internetwork Operating System (IOS) command line interface (CLI) for
the 2960 series switch. You will need to logon to a switch and become familiar
with the different levels of access on the switch. You will also become
familiar with the commands available to you in each mode (user or privileged)
and the switch help facility, history, and editing features.
User vs.
Privileged Mode
User mode is indicated with the
> next to the switch name. You can look at settings but can not make changes
from user mode. In Privilege mode, indicated by the #, you can do anything. To
get into privilege mode the keyword is enable.
HELP
To view all commands available
from this mode type:?This will give you the list of all available
commands for the switch in your current mode. You can also use the question
mark after you have started typing a command. For example if you want to use a
show command but you do not remember which one it is, use the ? as this will
output all commands that you can use with the show command.
Configuration
Mode
From privilege mode you can enter
configuration mode by typing config term command you can exit
configuration mode type type end or <CTL>+z
Configuration
of Cisco 2960 Switch
To practically implement these
command either create a simple topology on packet tracer or download this
topology.
Now click on any switch and
configure it as given below
To know all available command on
user exec mode type ? and press enter
Switch>?
Exec
commands:
[1-99] Session number to resume
connect Open a terminal connection
disconnect Disconnect an existing network connection
enable Turn on privileged commands
exit Exit from the EXEC
logout Exit from the EXEC
ping Send echo messages
[Output
is omitted]
Three command can be used to
logout from terminal.
Switch>enable
Switch#disable
Switch>exit
Switch
con0 is now available
Press
RETURN to get started.
show version Command will display the
device platform, detected interface, ios name
Switch>enable
Switch#show
version
Cisco
IOS Software, C2960 Software (C2960-LANBASE-M), Version
12.2(25)FX,
RELEASE SOFTWARE (fc1)
Copyright
(c) 1986-2005 by Cisco Systems, Inc.
Compiled
Wed 12-Oct-05 22:05 by pt_team
ROM:
C2960 Boot Loader (C2960-HBOOT-M) Version 12.2(25r)FX,
RELEASE
SOFTWARE (fc4)
System
returned to ROM by power-on
Cisco
WS-C2960-24TT (RC32300) processor (revision C0) with
21039K
bytes of memory.
24
FastEthernet/IEEE 802.3 interface(s)
2
Gigabit Ethernet/IEEE 802.3 interface(s)
[Output
is omitted]
show mac address Command will show all
detected mac address dynamically and manually
Switch#show
mac-address-table
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1
0001.643a.5501 DYNAMIC Gig1/1
To view run time configuration of
RAM use show running-config command
Switch#show
running-config
Building
configuration...
Current
configuration : 925 bytes
version
12.2
no
service password-encryption
!
hostname
Switch
[Output
is omitted]
To view startup configuration [
Stored in NVRAM] use show startup-config command
Switch#show
startup-config
Current
configuration : 925 bytes
version
12.2
no
service password-encryption
!
hostname
Switch
[Output
is omitted]
To get information about VLAN
configuration use show vlan command
Switch#show
vlan
VLAN
Name Status Ports
----
-------------------------------- --------- -----------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5,
Fa0/6, Fa0/7, Fa0/8
Fa0/9,
Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21,
Fa0/22, Fa0/23, Fa0/24
[Output
is omitted]
show interface command will show all
detected interface with their hardware description and configuration
Switch#show
interfaces
FastEthernet0/1
is up, line protocol is up (connected)
Hardware is Lance, address is 0060.2f9d.9101
(bia 0060.2f9d.9101)
MTU 1500 bytes, BW 100000 Kbit, DLY 1000
usec,
reliability 255/255, txload 1/255, rxload
1/255
Encapsulation ARPA, loopback not set
[Output
is omitted]
interface vlan 1 is used to assign
ip address and default gateway to switch. Show interface vlan 1 will
give a over view of vlan1.
Switch#show
interface vlan1
Vlan1
is administratively down, line protocol is down
Hardware is CPU Interface, address is
0060.5c23.82ae
(bia 0060.5c23.82ae)
MTU 1500 bytes, BW 100000 Kbit, DLY 1000000
usec,
reliability 255/255, txload 1/255, rxload
1/255
Encapsulation ARPA, loopback not set
ARP type: ARPA, ARP Timeout 04:00:00
[Output
is omitted]
delete command is used to delete
all vlan configuration from switch Don’t add space between flash and vlan.dat
Run this exactly shown here adding a space could erase flash entirely leaving
switch blank
Switch#delete
flash:vlan.dat
Delete
filename [vlan.dat]?
Delete
flash:/vlan.dat? [confirm]
%deleting
flash:/vlan.dat
Startup configuration can be
removed by erase commands
Switch#erase
startup-config
Erasing
the nvram filesystem will remove all configuration files!
Continue?
[confirm]
[OK]
Erase
of nvram: complete
%SYS-7-NV_BLOCK_INIT:
Initialized the geometry of nvram
Basic Switch
Configuration Step by Step
use configure terminal command
to go in global configuration mode
Switch#configure
terminal
Enter
configuration commands, one per line.
End with CNTL/Z.
Now change default switch name
to switch 1
Switch(config)#hostname
Switch1
Set enable password to vinita and
secret to nikki
Switch1(config)#enable
password vinita
Switch1(config)#enable
secret nikki
Set console password to vinita and
enable it by login command. Order of command is
important. Set password before you enable it.
Switch1(config)#line
console 0
Switch1(config-line)#password
vinita
Switch1(config-line)#login
Switch1(config-line)#exit
Enable 5 telnet session [ vty0 -
vty4] for router and set their password to vinita
Switch1(config)#line
vty 0 4
Switch1(config-line)#password
vinita
Switch1(config-line)#login
Switch1(config-line)#exit
Now set switch ip address to 192.168.0.10
255.255.255.0 and default gateway to 192.168.0.5
Switch1(config)#interface
vlan1
Switch1(config-if)#ip
address 192.168.0.10 255.255.255.0
Switch1(config-if)#exit
Switch1(config)#ip
default-gateway 192.168.0.5
Set a description finance
VLAN to interface fast Ethernet 1
Switch1(config)#interface
fastEthernet 0/1
Switch1(config-if)#description
finance VLAN
By default switch automatically
negotiate speed and duplex but you can adjust it manually
Switch1(config-if)#duplex
full
%LINK-5-CHANGED:
Interface FastEthernet0/1, changed state to down
%LINEPROTO-5-UPDOWN:
Line protocol on Interface FastEthernet0/1,
changed state to downSwitch1
(config-if)#duplex
auto
%LINK-5-CHANGED:
Interface FastEthernet0/1, changed state to up
Switch1(config-if)#duplex
half
%LINK-5-CHANGED:
Interface FastEthernet0/1, changed state to down
%LINEPROTO-5-UPDOWN:
Line protocol on Interface FastEthernet0/1,
changed
state to down
%LINK-5-CHANGED:
Interface FastEthernet0/1, changed state to up
Switch1(config-if)#duplex
auto
Switch1(config-if)#speed
10
Switch1(config-if)#speed
100
Switch1(config-if)#speed
auto
Switch1(config-if)#exit
Switch1(config)#exit
mac address table can be wiped out
by clear commands
Switch1#show
Switch1#show
mac-address-table
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- -----------
-------- -----
1
0001.643a.5501 DYNAMIC Gig1/1
Switch1#clear
mac-address-table
Switch1#clear
mac-address-table ?
dynamic
dynamic entry type
Switch1#clear
mac-address-table dynamic
To restart switch use reload
command [ running configuration will be erased so copy it first to startup
configuration ]
Switch1#reload
Proceed
with reload? [confirm]
Switch
con0 is now available
Press
RETURN to get started.
CCNA
basic switch configuration commands sheet
|
Command
|
descriptions
|
|
switch>?
|
The ? works here the same as in a router Used to get the list
of all available commands
|
|
switch>enable
|
User mode, same as a router
|
|
switch#
|
Privileged mode
|
|
switch#disable
|
Leaves privileged mode
|
|
switch>exit
|
Leaves user mode
|
|
switch#show version
|
Displays information about software and hardware.
|
|
switch#show flash:
|
Displays information about flash memory (will work only for
the 2900/2950 series).
|
|
switch#show mac-address-table
|
Displays the current MAC address forwarding table
.
|
|
switch#show running-config
|
Displays the current configuration in DRAM.
|
|
switch#show startup-config
|
Displays the current configuration in NVRAM.
|
|
switch#show vlan
|
Displays the current VLAN configuration.
|
|
switch#show interfaces
|
Displays the interface configuration and status of line:
up/up, up/down, admin down.
|
|
switch#show interface vlan1
|
Displays setting of virtual interface VLAN 1, the default VLAN
on the switch.
|
|
To Reset Switch Configuration
|
|
|
Switch#delete flash:vlan.dat
|
Removes the VLAN database from flash memory.
|
|
Delete filename [vlan.dat]?
|
Press Enter
|
|
Delete flash:vlan.dat? [confirm]
|
Press Enter
|
|
Switch#erase startup-config
|
Erases the file from NVRAM.
|
|
Switch#reload
|
Restarts the switch.
|
|
To Set Host Names
|
|
|
Switch#configure terminal
|
Moves to global configuration mode
|
|
Switch(config)#hostname Switch1
|
Creates a locally significant host name of the switch. This is
the same command as the router.
|
|
Switch1(config)#
|
|
|
To Set Passwords
|
|
|
Switch(config)#enable password vinita
|
Sets the enable password to vinita
|
|
Switch(config)#enable secret nikki
|
Sets the encrypted secret password to nikki
|
|
Switch(config)#line console 0
|
Enters line console mode
|
|
Switch(config-line)#login
|
Enables password checking
|
|
Switch(config-line)#password vinita
|
Sets the password to vinita
|
|
Switch(config-line)#exit
|
Exits line console mode
|
|
Switch(config-line)#line vty 0 4
|
Enters line vty mode for all five virtual ports
|
|
Switch(config-line)#login
|
Enables password checking
|
|
Switch(config-line)#password vinita
|
Sets the password to vinita
|
|
Switch(config-line)#exit
|
Exits line vty mode
|
|
Switch(config)#
|
|
|
To Set IP Addresses and Default
Gateways
|
|
|
Switch(config)#interface vlan1
|
Enters the virtual interface for VLAN 1, the default VLAN on
the switch
|
|
Switch(config-if)#ip address 192.168.0.10 255.255.255.0
|
Sets the IP address and netmask to allow for remote access to
the switch
|
|
Switch(config-if)#exit
|
|
|
Switch(config)#ip default-gateway 192.168.0.5
|
Allows IP information an exit past the local network
|
|
To Set Interface Descriptions
|
|
|
Switch(config)#interface fastethernet 0/1
|
Enters interface configuration mode
|
|
Switch(config-if)#description Finance VLAN
|
Adds a description of the interface
|
|
To Set Duplex Operation
|
|
|
Switch(config)#interface fastethernet 0/1
|
Moves to interface configuration mode
|
|
Switch(config-if)#duplex full
|
Forces full-duplex operation
|
|
Switch(config-if)#duplex auto
|
Enables auto-duplex config
|
|
Switch(config-if)#duplex half
|
Forces half-duplex operation
|
|
To Set Operation Speed
|
|
|
Switch(config)#interface fastethernet 0/1
|
|
|
Switch(config-if)#speed 10
|
Forces 10-Mbps operation
|
|
Switch(config-if)#speed 100
|
Forces 100-Mbps operation
|
|
Switch(config-if)#speed auto
|
Enables autospeed configuration
|
|
MAC Address Table
|
|
|
switch#show mac address-table
|
Displays current MAC address forwarding table
|
|
switch#clear mac address-table
|
Deletes all entries from current MAC address forwarding table
|
|
switch#clear mac address-table dynamic
|
Deletes only dynamic entries from table
|
·
A virtual
LAN (VLAN) is a logical grouping of network devices
in the same broadcast domain that can span multiple physical segments.
Advantages
of VLANs:
·
Increase
the number of broadcast domains while reducing their size.
·
Provide
additional security.
·
Increase
the flexibility of network equipment.
·
Allow
a logical grouping of users by function, not location.
·
Make
user adds, moves, and changes easier.
Subnets
and VLANs
Logically speaking,
VLANs are also subnets. A subnet, or a network, is a contained broadcast
domain. A broadcast that occurs in one subnet will not be forwarded, by
default, to another subnet. Routers, or layer-3 devices, provide this boundary
function. Switch provide this function at layer 2 by VLAN.
Scalability
VLANs provide for location
independence. This flexibility makes adds, changes, and moves of networking
devices a simple process. It also allows you to group people together, which
also makes implementing your security policies straightforward.
IP protocols supports
500 devices per vlans.
VLAN
Membership
A device's membership
in a VLAN can be determined by one of two methods: static or dynamic
·
Static:
- you have to assign manually
·
Dynamic:-
Configure VTP server and it will automatically do rest
VLAN
Connections
two types of connections:
access links and trunks.
Access-Link
Connections An access-link
connection is a connection between a switch and a device with a normal Ethernet
NIC, where the Ethernet frames are transmitted unaltered.
Trunk
Connections trunk connections are
capable of carrying traffic for multiple VLANs. Cisco supports two Ethernet
trunking methods:
·
Cisco's
proprietary Inter Switch Link (ISL) protocol for Ethernet
·
IEEE's
802.1Q, commonly referred to as dot1q for Ethernet
ISL is Cisco-proprietary
trunking method that adds a 26-byte header and a 4-byte trailer to the original
Ethernet frame. Cisco's 1900 switch supports only ISL
802.1Q is a standardized
trunking method that inserts a four-byte field into the original Ethernet frame
and recomputed the FCS. The 2950 only supports 802.1Q. 802.1Q trunks support
two types of frames: tagged and untagged.
·
An untagged frame does not carry any VLAN
identification information in it—basically, this is a standard, unaltered
Ethernet frame.
·
A tagged frame contains VLAN
information, and only other 802.1Q-aware devices on the trunk will be able to
process this frame
Trunk Tagging
For VLANs to span
across multiple switches, you obviously need to connect the switches to each
other. Although it is possible to simply plug one switch into another using an
Access port just as you would plug in a host or a hub, doing so kills the
VLAN-spanning feature and a bunch of other useful stuff too. A switch-to-switch
link must be set up as a trunk link in order for the VLAN system to work
properly. A trunk link is a special connection; the key difference between an
ordinary connection (an Access port) and a Trunk port is that although an
Access port is only in one VLAN at a time, a Trunk port has the job of carrying
traffic for all VLANs from one switch to another. Any time you connect a switch
to another switch, you want to make it a trunk.
Trunking
methods create the illusion
that instead of a single physical connection between the two trunking devices,
a separate logical connection exists for each VLAN between them. When trunking,
the switch adds the source port's VLAN identifier to the frame so that the
device (typically a switch) at the other end of the trunk understands what VLAN
originated this frame and the destination switch can make intelligent
forwarding decisions on not just the destination MAC address, but also the
source VLAN identifier. Since information is added to the original Ethernet
frame, normal NICs will not understand this information and will typically drop
the frame. Therefore, you need to ensure that when you set up a trunk
connection on a switch's interface, the device at the other end also supports
the same trunking protocol and has it configured. If the device at the other
end doesn't understand these modified frames or is not set up for trunking, it
will, in most situations, drop them. The modification of these frames, commonly
called tagging.
By
default, all VLANs are permitted across a trunk link. Switch-to-Switch trunk
links always require the use of a crossover cable, never a straight-through
cable.
Key
feature about DTP
·
A
trunk can be created only on a Fast Ethernet or Gigabit Ethernet connection;
10Mb Ethernet ports are not fast enough to support the increased traffic from
multiple VLANs, so the commands are not available for a regular Ethernet port.
·
By
default, traffic from all VLANs is allowed on a trunk. You can specify which
VLANs are permitted (or not) to cross a particular trunk if you have that
requirement, but these functions are not covered in the CCNA exam.
·
Switches
(whether trunked or not) are always connected with crossover cables, not
straight-through cables.
Dynamic Trunk Protocol
(DTP) DTP supports five trunking modes
·
On or Trunk interface always
assumes the connection is a trunk, even if the remote end does not support
trunking.
·
Desirable the interface will
generate DTP messages on the interface, but it make the assumption that the
other side is not trunk-capable and will wait for a DTP message from the remote
side. In this state, the interface starts as an access-link connection. If the
remote side sends a DTP message, and this message indicates that trunking is
compatible between the two switches, a trunk will be formed and the switch will
start tagging frames on the interface. If the other side does not support
trunking, the interface will remain as an access-link connection
·
Auto-negotiate interface passively
listens for DTP messages from the remote side and leaves the interface as an
access-link connection. If the interface receives a DTP message, and the
message matches trunking capabilities of the interface, then the interface will
change from an access-link connection to a trunk connection and start tagging
frames
·
No-negotiate, interface is set as a
trunk connection and will automatically tag frames with VLAN information;
however, the interface will not generate DTP messages: DTP is disabled. This
mode is typically used when connecting trunk connections to non-Cisco devices
that don't understand Cisco's proprietary trunking protocol and thus won't
understand the contents of these messages.
·
Off If an interface is set
to off, the interface is configured as an access link. No DTP messages are
generated in this mode, nor are frames tagged.
VLAN Trunk Protocol (VTP)
VTP is a Layer 2
protocol that takes care of the steps of creating and naming VLANs on all
switches in the system. We still have to set port membership to VLANs at each
switch, which we can do either statically or using a VMPS. VTP works by
establishing a single switch as being in charge of the VLAN information for a
domain. In this case, a domain is simply a group of switches that all have the
same VTP domain name. This simply puts all the switches into a common administrative
group.
The VLAN Trunk
Protocol (VTP) is a proprietary Cisco protocol used to share VLAN configuration
information between Cisco switches on trunk connections When you are setting up
VTP, you have three different modes: Server client
and transparent.
Server
mode—
This is the one switch that is in charge of the VLAN information for the VTP domain. You may add, delete, and change VLAN information on this switch, and doing so affects the entire VTP domain. This way, we only have to enter our VLAN information once, and the Server mode switch propagates it to all the other switches in the domain.
This is the one switch that is in charge of the VLAN information for the VTP domain. You may add, delete, and change VLAN information on this switch, and doing so affects the entire VTP domain. This way, we only have to enter our VLAN information once, and the Server mode switch propagates it to all the other switches in the domain.
Client
mode—
Client mode switches get VLAN information from the Server. You cannot add, delete, or change VLAN information on a Client mode switch; in fact, the commands to do so are disabled.
Client mode switches get VLAN information from the Server. You cannot add, delete, or change VLAN information on a Client mode switch; in fact, the commands to do so are disabled.
Transparent
mode—
A Transparent mode switch is doing its own thing; it will not accept any changes to VLAN information from the Server, but it will forward those changes to other switches in the system. You can add, delete, and change VLANs—but those changes only affect the Transparent mode switch and are not sent to other switches in the domain.
A Transparent mode switch is doing its own thing; it will not accept any changes to VLAN information from the Server, but it will forward those changes to other switches in the system. You can add, delete, and change VLANs—but those changes only affect the Transparent mode switch and are not sent to other switches in the domain.
VTP
Messages
An advertisement
request message is a VTP message a client generates When the server responds to
a client's request, it generates a subset advertisement A summary advertisement
is also generated by a switch in VTP server mode. Summary advertisements are
generated every five minutes by default (300 seconds), or when a configuration
change takes place on the server switch
VTP
Pruning
VTP gives you a way to
preserve bandwidth by configuring it to reduce the amount of broadcasts,
multicasts, and unicast packets. This is called pruning. VTP pruning enabled
switches sends broadcasts only to trunk links that actually must have the
information.
VTP pruning is used on
trunk connections to dynamically remove VLANs not active between the two
switches. It requires all of the switches to be in server mode
·
In this tutorial I
will demonstrate that how can you
·
Configure
Access or Trunk links
·
Create
VLAN
·
Assign
VLAN membership
·
Configure
Intra VLAN routing
·
Configure
VTP Server
·
Make
VTP Clients
·
Show
STP Static
·
Configure
DTP port
To complete these lab
either create a topology as shown in figure or download this file and load it
in packet tracer
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
No comments:
Post a Comment