Quickref:Cisco Switches (IOS)

From Bits Wiki

Jump to: navigation, search

⇒ By Andy Smith | Last updated: Tue, 23 Mar 2010 16:59:24 +0000 by Andys

style='float: left; margin-right: 20px'
This page is under development, which means the content is likely to change.

Contents

Introduction

This is a quick reference for Cisco switches running IOS.

Reference

Showing port status

  • show ip interface brief (or sh ip int br)
Example: Displaying port status with show interface ip brief 
sw1# show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
Vlan1                      192.0.2.2       YES NVRAM  up                    up      
FastEthernet0/1            unassigned      YES unset  down                  down    
FastEthernet0/2            unassigned      YES unset  down                  down    
FastEthernet0/3            unassigned      YES unset  down                  down    
... 
FastEthernet0/23           unassigned      YES unset  up                    up      
FastEthernet0/24           unassigned      YES unset  up                    up
  • show interface status (or sh int status)
Example: Displaying port status with show interface status 
sw1# show interface status

Port      Name               Status       Vlan       Duplex  Speed Type
Fa0/1                        notconnect   1            auto   auto 10/100BaseTX
Fa0/2                        notconnect   1            auto   auto 10/100BaseTX
Fa0/3                        notconnect   1            auto   auto 10/100BaseTX

Fa0/23    To firewall        connected    51         a-full  a-100 10/100BaseTX
Fa0/24    Uplink to LAN      connected    52         a-full  a-100 10/100BaseTX

Show which MAC addresses are connected to which port

You can find out which port a MAC address is connected through with show mac-address-table.

Example: Listing the MAC addresses for each port with show mac-address-table 
sw1# show mac-address-table
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
 All    0009.43bc.aa80    STATIC      CPU
 All    0100.0ccc.cccc    STATIC      CPU
 All    0100.0ccc.cccd    STATIC      CPU
 All    0100.0cdd.dddd    STATIC      CPU
   1    000b.cdfb.23f6    DYNAMIC     Fa0/11
   1    0010.dcdb.72b2    DYNAMIC     Fa0/7
   1    00c0.ffee.0000    DYNAMIC     Fa0/5
  52    0008.02e6.1204    DYNAMIC     Fa0/24
  52    000c.29f1.802e    DYNAMIC     Fa0/24
  52    001f.1f03.9476    DYNAMIC     Fa0/4
  52    001f.3a55.761c    DYNAMIC     Fa0/4
  52    0022.1519.6d9b    DYNAMIC     Fa0/24
  52    00c0.ffee.0001    DYNAMIC     Fa0/23
Total Mac Addresses for this criterion: 13

Labelling a port

You can set the description on a port so that it shows up when you run a sh int status with the description parameter.

Example: Setting the description for FastEthernet0/20 
sw1# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
sw1(config)# interface FastEthernet0/20
sw1(config-if)# description My desktop
sw1(config-if)#^Z
sw1#

We can now see this is set:-

Example: Checking a single port with sh int <port> status 
sw1# show interface FastEthernet0/20 status

Port      Name               Status       Vlan       Duplex  Speed Type
Fa0/20    My desktop         notconnect   61           auto   auto 10/100BaseTX

Setting the native VLAN for a port

The native VLAN for a port is the VLAN that normal traffic will appear on - that is to say, any traffic which isn't labelled with a specific VLAN. Setting a VLAN on a port separates the traffic on that port from traffic in any other VLANs on the switch.

Example: Setting the native VLAN for FastEthernet0/20 
sw1# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
sw1(config)# interface FastEthernet0/20
sw1(config-if)# switchport access vlan 61
% Access VLAN does not exist. Creating vlan 61
sw1(config-if)# ^Z
sw1#

If the VLAN hasn't been created already (in vlan database), it'll be created - as in the example above.

Setting the hostname and domain name

This is needed before generating RSA keys for configuring SSH

Example: Setting the hostname and domain name 
sw# configure terminal
sw(config)# hostname sw
sw(config)# ip domain-name example.com

Configuring SSH

If SSH hasn't been configured before, you'll need to generate the RSA keys. Before doing this, you need to make sure you've set the switch hostname and domain name appropriately.

Example: Generating the RSA keys on IOS 
sw# configure terminal
sw(config)# crypto key generate rsa
The name for the keys will be: sw.example.com

How many bits in the modulus [512]: 2048
Generating RSA keys ...
[OK]

Now, configure the timeout, the maximum authentication retries and the preferred version:-

Example: Configuring SSH parameters 
sw(config)# ip ssh time-out 120
sw(config)# ip ssh authentication-retries 3
sw(config)# ip ssh version 2

Finally, configure remote connections to use SSH only:-

Example: Turn on SSH access and disable telnet 
sw(config)# line vty 0 15
sw(config)# transport input ssh
Retrieved from "http://andys.org.uk/wiki/Quickref:Cisco_Switches_(IOS)"
elsewhere