Wednesday, May 26, 2004

Important CISCO Switch commands

Configuring ip address, subnet mask and default gateway on a layer 2 switch

(config)# interface vlan 1 (vlan 1 is the default administrative lan of a switch).
(config-if)# ip   address   10.1.1.1   255.0.0.0
(config-if)# no shutdown
(config-if)# exit
(config)# ip default-gateway 10.1.1.2


To verify ip-address and default gateway

# show interfaces vlan 1
# show ip default


Configure speed and duplex setting on a catalyst switch

(config)# interface fa0/1
(config-if)# speed {10|100|auto*}  -  * is the default value
(config-if)#duplex {full|half|auto*}


To verify speed and duplex settings

# show interfaces fa0/1
or
# show interface status


spanning tree portfast is used for moving a switch port directly into forwarding state.

(config-if)# spanning-tree portfast



Displaying a mac address table for a switch

# show mac-address-table



Entering static mac addresses

(config)# mac-address-table   static   0000.0c12.2345   vlan   1   interface   FastEthernet0/1



Configuring port security

(config-if)#switchport port-security [maximum (number)]
Where maximum denotes the maximum number of mac addresses stored in the mac address table of the switch.



Show port security in an interface

# show port-security



If there is a violation in the port security, the switch does one of the following : protect, restrict or shutdown. This can be set using the following command :

(config)# switchport port-security violation {protect|restrict|shutdown*}
You can reset the switch to its default value (shutdown) by using the command :
(config)# no switchport port-security violation



Executing adds, moves and changes to port security

As your network topology changes by adding new devices or interfaces or moving and changing existing ones, you might need to modify the switch configuration if you enabled port security. To add a new MAC address for the port security, complete the following tasks :


  1. Configure port security
  2. Configure the MAC address to the port allocated for the new interface using the command switchport port-security mac-address mac address , so that only this mac address will be permitted to use the port.



To delete a MAC address on a secured port, remove the port restrictions by issuing the command (config)# no switchport port-security.


To move a MAC address from one secured port into another, you must delete the MAC address restriction from one port and assign it to a new port.

posted by Ravi @ 10:09 AM   0 comments

0 Comments:

Post a Comment

<< Home