ccna switch commands

Switch

LAN Devices

Repeater, hub, bridge, switch, router

Hub is multiport repeater

Switch is multiport bridge

HUB BRIDGE/SWITCH ROUTER

Layer 1 device Layer 2 device Layer 3 device

Function- flooding Bridging /switching routing

Half duplex Full duplex Full duplex

Shared bandwidth Bandwidth not shared Bandwidth not shared

No of cd = 1 No of cd = no of ports

(each port have it’s own cd) No of cd = no of ports

No of bd = 1 No of bd = 1 No of bd = no of ports

Switch Divided into:

Manageable: Non Manageable:

1) Console

2) Upgrade IOS

3) Lots of ports

4) Security can be enabled

5) Layer 2:2950, 1900

Layer 3:355035003700

(Perform Layer 2 & basic function of Router)

1) Non console

2) Only mini IOS (Cant upgrade)

3) Less no. of ports

4) No Security

5) Always a layer 2

Switch

LAN switches forward Ethernet frames. They just have to decide when to forward frames and when not to.

LAN switch decide this by looking into source mac address and destination mac address of the Ethernet frame.

3 general categories of MAC addresses on Ethernet:

Unicast addresses—A MAC address that identifies a single LAN interface card.

Broadcast addresses—the broadcast address, has a value of FFFF.FFFF.FFFF (in hexadecimal notation). The broadcast address implies that all devices on the LAN should receive and process a frame sent to the broadcast address.

Multicast addresses—Frames sent to multicast addresses are destined for a group of device in a network.

3 functions of switch:

Learning—The switch learns MAC addresses by examining the source MAC address of each frame the bridge receives.

Forwarding or filtering—The switch decides when to forward a frame or when to filter (not forward) it based on the destination MAC address.

Loop prevention—The switch creates a loop-free environment with other bridges by using Spanning Tree Protocol (STP).

Accessing the Cisco IOS CLI

User and Privileged Modes

Setting Speed & Duplex:

SW1 (config) # interface fast-ethernet 0/1

SW1 (config-if) #duplex full {half, full}

SW1 (config-if) #speed 10 {10,100, auto}

Setting password & Optimizing Switch:

Switch (config) #enable password cisco Sets the enable password to cisco

Switch (config) #enable secret class Sets the encrypted secret password to class

Switch (config-line) #logging synchronous By giving this command: When the annoying error message appears, the typing command will automatically get down:

Switch (config-line) # exec-timeout 30 0{in minutes} Give the time out, to automatically exit out of switch

Switch (config) #no ip domain-lookup This disables the error message that lookups from broadcast ip add. i.e. stops the broadcast add to resolve

Setting IP address & Default Gateway:

SW1 (config) # interface vlan 1 Enters the virtual interface for VLAN 1, the default VLAN on the switch

SW1 (config-if) # ip address 172.30.1.101 255.255.255.0

SW1 (config) # ip default-gateway 172.30.1.251 Allows IP information an exit past the local network

TIP: For the 2960 series switches, the IP address of the switch is just that—the IP address for the entire switch. That is why you set the address in VLAN 1 (the default VLAN of the switch) and not in a specific Ethernet interface.

Setting Interface Descriptions:

2960Switch (config) #interface fastethernet 0/1 Enters interface configuration mode

2960Switch (config-if) #description Finance VLAN Adds a description of the Interface

TIP: The 2960 series switches have either 12 or 24 Fast Ethernet ports named fa0/1, fa0/2, ... fa0/24—there is no fastethernet 0/0.

Setting up Telnet

SW1 (config) #line vty 0 4

SW1 (line-config) # password cisco

SW1 (line-config) # login

Switch Port Security:

Switch (config) #interface fastethernet 0/1 Moves to interface configuration mode.

Switch (config-if) # switchport mode access

Switch (config-if) #switchport port-security Enables port security on the interface.

Switch (config-if) #switchport port-security maximum 4 Sets a maximum limit of four MAC addresses that will be allowed on this port.

NOTE: The maximum number of secure MAC addresses that you can configure on a switch is set by the maximum number of available MAC addresses allowed in the system.

Switch (config-if) #switchport port-security mac-address 1234.5678.90ab

Sets a specific secure MAC address 1234.5678.90ab. You can add additional secure MAC addresses up to the maximum value configured. - Sticky automatically embeds the mac

id into its configuration file

Switch (config-if) # switchport port-security violation {shutdown/restrict/protect}

NOTE: In shutdown mode, the port is errdisabled, a log entry is made, and manual intervention or errdisable recovery must be used to reenable the interface.

NOTE: In restrict mode, frames from a nonallowed address are dropped, and a log entry is made. The interface remains operational.

NOTE: In protect mode, frames from a nonallowed address are dropped, but no log entry is made. The interface remains operational.

Switch (config) #interface fastethernet 0/1 Moves to interface configuration mode.

Switch (config-if) #switchport port-security mac-address sticky Converts all dynamic port security learned MAC addresses to sticky secure MAC addresses.

Verifying Switch Port Security

Switch #show port-security Displays security information for all interfaces

Switch #

Displays security information for interface

fastethernet 0/5

Switch #show port-security address Displays MAC address table security information

Managing the MAC Address Table:

Switch #show mac address-table Displays current MAC address forwarding table

Switch # show mac-address-table dynamic

Switch #clear mac address-table Deletes all entries from current MAC address

forwarding table

Switch #clear mac address-table dynamic Deletes only dynamic entries from table

Switch #clear mac address-table dynamic address aaaa.bbbb.cccc Deletes the specified dynamic MAC address

Switch #clear mac address-table dynamic interface fastethernet 0/5 Deletes all dynamic MAC addresses on interface fastethernet 0/5

Switch #clear mac address-table dynamic vlan 10 Deletes all dynamic MAC addresses on VLAN 10

Switch #clear mac address-table notification Clears MAC notification global counters

Verifying Commands

switch # show ip interface brief

switch #show version Displays information about software and hardware.

Switch #show flash: Displays information about flash memory (for the 2900/

2950 series only).

Switch #show running-config Displays the current configuration in DRAM.

Switch #show startup-config Displays the current configuration in NVRAM.

Switch #show interfaces Displays the interface configuration and status of line: up/up, up/down, admin down.

Switch #show interface vlan1 Displays setting of virtual interface VLAN 1, the default VLAN on the switch.

NOTE: This command is unsupported in some Cisco IOS Software releases, such as 12.2(25)FX.

Resetting Switch Configuration

Switch #delete flash:vlan.dat Removes the VLAN database from flash memory.

Delete filename [vlan.dat]? Press Enter.

Delete flash:vlan.dat? [confirm] Reconfirm by pressing Enter.

Switch #erase startup-config Erases the file from NVRAM.

<output omitted>

Switch #reload Restarts the switch.

Create Alias:

Switch (config) #alias {exec} {s} {show ip interface brief}

Where: s is the name given to the alias for show ip interface brief

An Ideal Design: Switch Layers

An Ideal Design: Switch Layers

Layered approach allows for easy, manageable growth

Ether-channel (up to 8 port of data transfer at a time) can provide more bandwidth on key links

Redundant connections eliminate a single point failure

Spanning Tree Protocol(STP) Redundancy Chaos

Switches forward broadcast packets out all ports by design

Redundant connections are necessary in business networks

The place of Spanning Tree: Drop trees on redundant links ( until they are needed)

Which means its BLOCKS the port

The Facts about Spanning Tree:

Original STP (802.1D) was created to prevent loops

Switches send ―probes‖ into the network called Bridge Protocol Data Units (BPDUS)

to discover loops

The BPDU probes also help elect the core switch of the network, called the ROOT BRIDGE

The simplistic view of STP: All switches find the best way to reach the root bridge then

block all redundant links

Bridge ID: Used to Elect Root Bridge

Priority+MAC

Priority-[0-61440] By default its 32768

Incremental of 4096

Root Bridge- Bridge with the best Bridge ID(lowest)

Non- Root Bridge- All other Bridge(here its Switch)

3 Port types:

• Root Port: Port directly connected to root bridge

shortest Path to root bridge

• Designed Port: Forwarding port, one per link (If it has a PC. Port having the best(lowest) cost

• Blocking/ Non-Designated port: One with highest cost than designated port

Spanning Tree Election Criteria:

Spanning Tree Port States Was created a long time ago

LISTENING:

Receives BPDU’s, to determine its Role in STP

Discards Frames

LEARNING:

Receives & Transmits BPDU’s

Discards Frames

FORWARDING:

Receives & Transmits BPDU’s

Forwards Frames

BLOCKING:

Receives BPDU’s

Discards Frames

DISABLED: This is the port which is non operational .i.e the port which is DOWN

How RSTP improves performance:

More logical port type:

Root Port: Used to reach the Root Bridge

Designed Port: Forwarding port, one per link

Alternate port: Discarding port, Backup path to root

S1 (config) #spanning-tree mode {mst, pvst, rapid-pvst}

Enabling PVRST+

Switch (config) #spanning-tree mode rapid-pvst

Switch#show spanning-tree Displays STP information

VLAN Normal Switch Works:

One collision domain per port

Broadcasts send to all ports

One subnet per LAN

Very limited access control

VLAN is logical grouping of users according to their functions.

It reduces the size of the broadcast domain, by increasing the no. of broadcast domain.

Segments broadcast domains

Access Control

Quality of service

Grouping the ports irrespective of their physical location.

By default all the ports are in single VLAN and that VLAN is known as Management VLAN

Supports 1 – 4094 vlans

VLAN Membership:

Static VLANs -- Each switch port is statically assigned to a particular VLAN, and this relationship never changes. This is how usually VLANs are set up. Monitoring is easy.

Dynamic VLANs -- All MAC addresses are initially entered into a centralized VLAN management application. Then, when a host is plugged into a switch, VLAN association happens automatically.

VLAN CONFIGURATION

1. Create vlan ( vlan 1 is default)

2. Assign vlan membership (all port membership is for vlan 1 by default)

You can create VLANs in two different ways:

• Using the VLAN configuration mode, which is the recommended way to create VLANs

• Using the VLAN database mode (which should not be used but is still available)

1. Create VLAN:

You must use either the apply command or the exit command to save . If we use the Ctrl-Z command, it will aborts all changes made to the VLAN database.

New method:

Old method:

Sw1(config)# vlan 2 Sw1(config-vlan)# name sales Sw1(config)# vlan 3 Sw1(config-vlan)# name marketing Name-1-32 character

Sw1>enable Sw1# vlan database Sw1(vlan)# vlan 2 name sales Sw1(vlan)# vlan 3 name marketing Sw1(vlan)# {apply/ exit/abort}

NOTE: You cannot delete the default VLANs for the different media types: Ethernet VLAN 1 and FDDI or

Token Ring VLANs 1002 to 1005.

2. Assign VLAN Membership:

Switch (config) #interface fastethernet 0/1 Moves to interface configuration mode

Switch (config-if) #switchport mode access Sets the port to access mode

Switch (config-if) #switchport access vlan 2 Assigns this port to VLAN 2

Switch(config)# interface range fastethernet 0/1 – 10



or

Switch(config)# interface range fastethernet 0/10, fastethernet 0/12, fastethernet 0/23



To span vlan to more than one switch two methods

1. Use Separate ports for each vlan

Here we have to use more ports as the number of vlans increases so inefficient method

2. Trunk ports for all vlan

Here only one trunk ports is used for all vlans. To identify which vlan a frame belongs to we have to use

frame tag with each frame.

What is Trunkng:

• Trunking (aka Tagging) passes multi-VLAN information between switches

• Places VLAN information into each frame

• Layer 2 Feature

2 Types of Ports:

Access Port:

Carries single VLAN information.

Typically a port connected to a PC

Trunk Port:

Carries multiple VLAN information.

Frame tagging -- each frame is assigned a tag, called a "VLAN ID" or a "color".

When the frame reaches the destination port, the switch removes this ID, thus making the process

transparent to the connected machines.

2 Types of Trunk Port:

• Inter-Switch Link (ISL) -- proprietary to Cisco switches, used for FastE or GigE links only. ISL routing can be used on a switch port, router interfaces, or server interface cards.

• IEEE 802.1q -- a standard method that inserts a field into the frame to identify the VLAN. IEEE 802.1q must be used if you are trunking between a Cisco switch an a different brand of switch. Dot1q add tag within the frame. And dot1q support native vlan.

To configure a port as trunk we have to use command:

3560Switch (config-if) #switchport mode trunk Puts the interface into permanent trunking mode and negotiates to convert the link into a trunk link

3560Switch (config-if) #switchport trunk encapsulation {isl/dot1q}

Specifies ISL/dot1q encapsulation on the trunk link

3560Switch(config-if) #switchport trunk encapsulation negotiate

Specifies that the interface negotiate with the neighboring interface to become either an ISL or dot1q trunk, depending on the capabilities or configuration of the neighboring interface

CAUTION: The 2960 series switch supports only dot1q trunking.

Verifying VLAN Information:

Switch #show vlan Displays VLAN information

Switch #show vlan brief Displays VLAN information in brief

Switch #show vlan id 2 Displays information about VLAN 2 only

Switch #show vlan name marketing Displays information about VLAN named marketing only

Switch #show interfaces vlan x Displays interface characteristics for the specified VLAN

Switch # show interface fa 0/1 switchport

VLAN Trunk Protocol (VTP) VLAN Trunk Protocol (VTP)

• VLAN Trunking Protocol (VTP) is a Cisco proprietary Layer 2 messaging protocol that manages the addition, deletion, and renaming of Virtual Local Area Networks (VLAN) on a network-wide basis.

• Cisco's VLAN Trunk Protocol reduces administration in a switched network. When a new VLAN is configured on one VTP server, the VLAN is distributed through all switches in the domain. This reduces the need to configure the same VLAN everywhere.

• To do this, VTP carries VLAN information to all the switches in a VTP domain.

• Allows centralized VLAN management.

• An administrator can add, delete, and rename VLANs.

VTP Modes:

Server Mode: (default) Client Mode: Transparent Mode

Can create, delete, and modify VLAN

Cannot change(create, delete )

VLAN

Can create, delete VLAN

Sends & receives VTP updates Sends & receives VTP updates Forwards (passes through) VTP updates

Saves VLAN configurations

in NVRAM

Does not Saves VLAN configurations Saves VLAN configurations in NVRAM

Originate and saves a vtp packet. Does not originate vtp packet.

It forwards vtp packets

Does not listen to other vtp

advertisements

One server is needed per VTP domain.

Always

Configuration Revision no = 0

3 Steps to Configure VTP:

1) Mode

2) Name

3) Password

4) vesion

Switch (config) #vtp domain domain-name configures the VTP domain name. The name can be from 1 to 32 characters long.

NOTE: All switches operating in VTP server or client mode must have the same domain name to ensure communication.

Switch (config) #vtp password password configures a VTP password. In Cisco IOS Software Release 12.3 and later, the password is an ASCII string from 1 to 32 characters long. If you are using a Cisco IOS Software release earlier than 12.3, the password length ranges from 8 to 64 characters long.

NOTE: To communicate with each other, all switches must have the same VTP password set.

Switch (config) #vtp v2-mode sets the VTP domain to Version 2. This command is for Cisco IOS Software Release 12.3 and later. If you are using a Cisco IOS Software release earlier than 12.3, the command is vtp version 2.

NOTE: VTP Versions 1 and 2 are not interoperable. All switches must use the same version. The biggest difference between Versions 1 and 2 is that Version 2 has support for Token Ring VLANs.

Switch (config) #vtp pruning Keeps unnecessary broadcast traffic from crossing trunk links. Only works on VTP servers

VTP configuration

VTP Configuration new

(configuration Mode):

VTP Configuration old:

(Database Mode)

Sw1(config)# vtp mode server Sw1(config)# vtp domain cisco Sw1(config)# vtp password cisco

Sw1# vlan database Sw1(vlan)# vtp server / client Sw1(vlan)# vtp domain cisco Sw1(vlan)# vtp password cisco

Verifying VTP:

Switch#show vtp status Displays general information about VTP configuration

Switch#show vtp counters Displays the VTP counters for the switch

Switch#show vtp password Displays the VTP password

NOTE: If trunking has been established before VTP is set up, VTP information is propagated throughout the

switch fabric almost immediately. However, because VTP information is advertised only every 300 seconds (5

minutes), unless a change has been made to force an update, it can take several minutes for VTP information to

be propagated.

INTER VLAN COMMUNICATION Routing between VLANs – intervlan communication is possible with the help of a layer 3 device like a router or

a layer 3 switch.

INTER VLAN COMMUNICATION USING ROUTER

3 Methods to route between VLAN’s:

METHOD 3 Assigning or Adding L3 interface to switch (SW3550)

Switch # show ip interface brief

Switch (config) # interface vlan 1

Switch (config-if) # ip address 192.168.1.1 255.255.255.0

Switch (config) # interface vlan 10

Switch (config-if) # ip address 192.168.10.1 255.255.255.0

Switch (config) #ip routing – {now this switch will have the routing capability}

METHOD 2 Assigning or Adding interface to switch

Inter VLAN Routing:

Inter-VLAN Routing is a process of making communicate different VLAN between VLAN using layer-3

device (Router)

Router’s physical interface divided into sub interface

Switchport connecting to router set up as TRUNK

Router’s sub-interfaces assigned specific VLAN tag

CORP (config) #interface fastethernet 0/0

CORP (config-if) #duplex full

CORP (config-if) #no shutdown

CORP (config-if) #interface fastethernet 0/0.1

CORP (config-subif) #description Management VLAN 1 – Native VLAN

CORP (config-subif) #encapsulation dot1q 1

CORP (config-subif) #ip address 192.168.1.1 255.255.255.0

CORP (config-subif) #interface fastethernet 0/0.10

CORP (config-subif) #description Sales VLAN 10




CORP (config-subif) #description Engineering VLAN 20




CORP (config-subif) #description Marketing VLAN 30


CORP (config-subif) #ip add 192.168.30.1 255.255.255.0

L2Switch1 (config) #vlan 10

L2Switch1 (config-vlan) #name Sales .


L2Switch1 (config-vlan) #name Engineering


L2Switch1 (config-vlan) #name Marketing

L2Switch1 (config) #interface range fastethernet 0/2 – 4

L2Switch1 (config-if-range) #switchport mode access

L2Switch1 (config-if-range) #switchport access vlan 10

L2Switch1 (config-if-range) #interface range fastethernet 0/5 – 8



L2Switch1 (config-if-range) #interface range fastethernet 0/9 - 12



L2Switch1 (config) #interface fastethernet 0/1

L2Switch1 (config-if) #description Trunk Link to CORP Router

---------------------------------------------------------------------------------------------------------------

Switch (config-if) # switch trunk encapsulation dot1Q Switch 3550,3750….

L2Switch1 (config-if) # switchport mode trunk

---------------------------------------------------------------------------------------------------------------

L2Switch1 (config-if) # switchport mode trunk Switch 2950

---------------------------------------------------------------------------------------------------------------

L2Switch1 (config) #interface vlan 1

L2Switch1 (config-if) #ip address 192.168.1.2 255.255.255.0

L2Switch1 (config) #ip default-gateway 192.168.1.1

Show command

Router # show interface trunk

Router # show vtp status

Thanks...

vineethv2

ccna switch commands

Education

switch switch config

lan switch

ports switch

switch sw1 config

cisco switch config

learningthe switch

entire switch

functions of switch