Cisco Basic Switch Configuration Commands step by step guide

Basic Switch Configuration Commands

Cisco switches are configured using the Command-Line Interface (CLI), which provides a text-based interface where commands are typed and responses are displayed.

Configuration Modes and Navigation

• In order to start configuring a switch, you usually use the configure terminal command from privileged EXEC mode to enter global configuration mode. You can make adjustments in this mode that impact the router or switch as a whole.
• There are numerous subconfiguration modes available in CISCO IOS, starting with global configuration mode. Context-specific submodes group instructions associated with specific components or features, like VLANs or interfaces.
• The current configuration mode is reflected in the command prompt, which changes to (config) for global, (config-if) for interface, (config-line) for line, and (config-vlan) for VLAN.
• The exit command can be used to leave a subconfiguration mode and go to the next higher mode, or you can use the end command or Ctrl+Z to go straight back to enable mode from any configuration submode.

You can also read CISCO Switch Configuration: A Safe and Effective Setup Guide

Basic Switch Management Commands

Setting Hostname: The device’s name is set via the hostname name global command, which also makes an appearance on the command prompt.

Password Configuration:

• Enable Password:
  • enable password pass-value (stored in clear text).
  • enable secret pass-value (stored as an encrypted hash, supersedes enable password).
• Console and VTY Passwords:
  • Enter line configuration mode using line console 0 for the console or line vty 0 15 for virtual terminal lines (Telnet/SSH).
  • Use the password pass-value subcommand to set the password.
  • The login command tells IOS to prompt for a password.
• For local username/password authentication, use login local.
  • service password-encryption is a global command that encrypts all clear-text passwords in the running configuration.
•  SSH and Telnet Access:
  • transport input {telnet | ssh | all | none} in vty line configuration mode defines allowed access methods.
  • SSH requires generating encryption keys using the crypto key generate rsa global command. You also set the ip domain-name fqdn global command for SSH.

You can also read Understanding Switching Logic: The Brain Of A Network Switch

Interface Configuration Commands

Entering Interface Mode:

• To configure a single interface, use the interface type port-number global command.
• To configure multiple interfaces simultaneously, use the interface range type port-number - end-port-number global command. Subsequent subcommands apply to all interfaces in that range.

Administrative Interface Control:

• The shutdown interface subcommand administratively disables an interface.
• The no shutdown interface subcommand enables an interface.

Speed and Duplex Settings:

• speed {10 | 100 | 1000 | auto} manually sets the speed or enables autonegotiation.
• duplex {auto | full | half} manually sets the duplex mode or enables autonegotiation.

Description:  The description text interface subcommand allows you to add a text description to an interface for documentation purposes.

VLAN and Trunking Configuration

Creating VLANs: The vlan vlan-id global command creates a VLAN and enters VLAN configuration mode.

Assigning Access Ports:

• switchport mode access configures an interface to be a static access port.
• switchport access vlan vlan-id assigns a specific VLAN to an access port.
• switchport voice vlan vlan-id defines a voice VLAN for ports connected to IP phones.

Trunk Port Configuration:

• switchport mode trunk configures an interface as a static trunk port.
• switchport trunk encapsulation dot1q specifies 802.1Q as the trunking encapsulation method.
• switchport mode dynamic {auto | desirable} configures dynamic trunk negotiation.
• switchport nonegotiate disables Dynamic Trunking Protocol (DTP) negotiation.
• switchport trunk allowed vlan vlan-list defines which VLANs are permitted to traverse the trunk.
• switchport trunk native vlan vlan-id defines the native VLAN for an 802.1Q trunk port.

VLAN Administrative Control:

• [no] shutdown vlan vlan-id (global configuration mode) or [no] shutdown (VLAN configuration mode) can be used to enable or disable a VLAN.

You can also read What is Frame Forwarding and Frame Forwarding Methods

Port Security Configuration

• switchport port-security enables port security on an interface.
• switchport port-security maximum number overrides the default maximum number of allowed MAC addresses (default is 1).
• switchport port-security mac-address sticky configures the switch to learn MAC addresses dynamically and save them to the running configuration as secure MAC addresses.
• switchport port-security mac-address mac-address statically adds a specific MAC address as an allowed MAC address on the interface.
• switchport port-security violation {protect | restrict | shutdown} overrides the default action (shutdown) when a security violation occurs. A port shut down due to a security violation will show as errdisabled and requires shutdown then no shutdown to recover.

EtherChannel Configuration

• The channel-group number mode {auto | desirable | active | passive | on} interface subcommand enables EtherChannel on an interface.
• active mode initiates LACP negotiation, while passive mode responds to LACP packets without initiating negotiation. on mode unconditionally forces the interfaces to form an EtherChannel without negotiation.
• Configuring EtherChannel automatically creates a logical interface port-channel channel-number for overall management.

Spanning Tree Protocol (STP) Configuration

• spanning-tree mode {pvst | rapid-pvst | mst} (global command) sets the STP mode for the switch.
• spanning-tree portfast (interface subcommand) configures a port to immediately transition to forwarding mode, bypassing normal STP states.
• spanning-tree bpduguard enable (interface subcommand) enables BPDU Guard to protect access ports from receiving BPDUs.
• Alternatively, global commands spanning-tree portfast default and spanning-tree bpduguard default enable PortFast and BPDU Guard on all access ports.

Miscellaneous Commands

• ip address ip-address mask configures an IP address on a Layer 3 interface, such as a VLAN interface.
• ip default-gateway ip-address (global command) sets the default gateway for the switch.
• ip name-server ip-address1 ip-address2 (global command) configures DNS servers for name resolution on the switch.
• [no] lldp run (global command) and [no] lldp receive (interface subcommand) control LLDP operation on the device and interfaces.

Verification Commands

• To confirm and debug network performance, show commands are crucial.
• Examples include show running-config (current configuration), show interfaces [type number] status (interface status, speed, duplex), and show vlan brief (VLAN status).

Key Configuration Commands

You can also read Broadcast and Collision Domains, Advantages & Disadvantages