Cisco Internetwork Operating System is a command line method of configuring a Cisco device. This is software that is consistent through nearly all Cisco devices. Learn it once, and use it on any Cisco equipment, switch or router.
Have the following settings on your terminal:
Baud rate : 9600
Data bits : 8
Parity : None
Stop bits : 1
Flow Control : None
Switch # ? for help
Switch # c? For all commands that start with the letter c
Switch # clock set ?
Switch # clock set 13:16:35 Sept 15 2013
Switch # configure terminal OR conf t
Switch > User mode
Switch > enable
Password:
Switch # Privileged mode
Switch # conf t
Switch(config) # Global configuration mode
Initial configuration of the switch:
Flash memory : IOS stored
64 MB memory
NVRAM —> configuration stored
IP address for the switch
Switch # conf t
Switch(config) # interface vlan 1
Switch(config-if) # ip address 10.149.73.71 255.255.254.0
Switch(config-if) # no shutdown
Switch(config-if) # ip default-gateway 10.149.72.1
Switch(config-if) # exit
Switch(config) # exit
Switch # copy running-config startup-config OR copy run star
This copies the configuration information from the running config to the startup config.
# show version
Passwords
Switch > enable
Switch # enable password <cleartext>
Switch # enable secret <encrypted text>
To remove the enable password,
Switch # no enable password
Line configuration mode
Switch # conf t
Switch(config) # line console 0
Switch(config) # password <something>
Switch(config) # login
For telnet access
Switch # conf t
Switch(config) # line vty 0 4
Switch(config-line) # no login
To convert clear text passwords to encrypted format
Switch # service password-encryption Level 7 encryption, this is not very secure
Better to go for MD5 authentication
Message of the day
Switch # banner motd <whatever message>
Setting up SSH on a Cisco switch
Switch # username admin password octagon123
Switch # ip domain-name www.company.com
Switch # crypto key generate rsa <Return key)
How many bits in the modulus [512]: 1024
Switch # ip ssh version 2
Switch # line vty 0 4
Switch(config-line) # transport input ssh
Configuring port security
Switch # show ip int brief
Switch # terminal monitor
Switch # conf t
Switch(config) # int GigabitEthernet 1/27
Switch(config-if) # switchport mode access
Switch(config-if) # switchport port-security maximum 1
Switch(config-if) # switchport port-security violation shutdown | restrict | protect
Switch(config-if) # switchport port-security mac-address 0014.314a.bcef
Switch(config-if) # switchport port-security mac-address sticky <—— calculated risk
Switch(config-if) # exit
Switch(config) # exit
Switch # copy run star
Switch # show port-security int GigabitEthernet 1/27 <—————— Useful for say Lobby ports
Observe Security Violation Count : 0 or 1 or 2
Some useful configuration and troubleshooting commands
Have the following settings on your terminal:
Baud rate : 9600
Data bits : 8
Parity : None
Stop bits : 1
Flow Control : None
Switch # ? for help
Switch # c? For all commands that start with the letter c
Switch # clock set ?
Switch # clock set 13:16:35 Sept 15 2013
Switch # configure terminal OR conf t
Switch > User mode
Switch > enable
Password:
Switch # Privileged mode
Switch # conf t
Switch(config) # Global configuration mode
Initial configuration of the switch:
Flash memory : IOS stored
64 MB memory
NVRAM —> configuration stored
IP address for the switch
Switch # conf t
Switch(config) # interface vlan 1
Switch(config-if) # ip address 10.149.73.71 255.255.254.0
Switch(config-if) # no shutdown
Switch(config-if) # ip default-gateway 10.149.72.1
Switch(config-if) # exit
Switch(config) # exit
Switch # copy running-config startup-config OR copy run star
This copies the configuration information from the running config to the startup config.
# show version
Passwords
Switch > enable
Switch # enable password <cleartext>
Switch # enable secret <encrypted text>
To remove the enable password,
Switch # no enable password
Line configuration mode
Switch # conf t
Switch(config) # line console 0
Switch(config) # password <something>
Switch(config) # login
For telnet access
Switch # conf t
Switch(config) # line vty 0 4
Switch(config-line) # no login
To convert clear text passwords to encrypted format
Switch # service password-encryption Level 7 encryption, this is not very secure
Better to go for MD5 authentication
Message of the day
Switch # banner motd <whatever message>
Setting up SSH on a Cisco switch
Switch # username admin password octagon123
Switch # ip domain-name www.company.com
Switch # crypto key generate rsa <Return key)
How many bits in the modulus [512]: 1024
Switch # ip ssh version 2
Switch # line vty 0 4
Switch(config-line) # transport input ssh
Configuring port security
Switch # show ip int brief
Switch # terminal monitor
Switch # conf t
Switch(config) # int GigabitEthernet 1/27
Switch(config-if) # switchport mode access
Switch(config-if) # switchport port-security maximum 1
Switch(config-if) # switchport port-security violation shutdown | restrict | protect
Switch(config-if) # switchport port-security mac-address 0014.314a.bcef
Switch(config-if) # switchport port-security mac-address sticky <—— calculated risk
Switch(config-if) # exit
Switch(config) # exit
Switch # copy run star
Switch # show port-security int GigabitEthernet 1/27 <—————— Useful for say Lobby ports
Observe Security Violation Count : 0 or 1 or 2
Some useful configuration and troubleshooting commands
show processes cpu
show processes cpu | include Check heaps
traceroute mac source_MAC_address destination_MAC_address
show ip cef
show ip cef 192.168.1.11
show adjacency
show adjacency detail
show ip arp
show controllers cpu-interface
show ip cache flow
show ip route 172.16.0.0 255.255.0.0 longer-prefixes
show ip route profile
show tcp statistics
show ip inspect session
show ip inspect session detail
show ip inspect all
show ip nat translations
show ip nat statistics
show class-map
show policy-map
show ipv6 route
show mac address-table
show mac address-table security
show mac-address-table dynamic
show mac address-table dynamic vlan <VLAN-ID>
show mac address-table security
show mac-address-table dynamic
show mac address-table dynamic vlan <VLAN-ID>
show mac address-table interface <Interface>
show interfaces trunk
show interfaces trunk
show interfaces switchport
show vlan
show vlan brief
show vlan id <VLAN-ID>
show vtp
show vlan-membership
show vlan all-ports
show vlan access-log config
show vlan access-log statistics
show vlan access-log flow
show vlan
show vlan brief
show vlan id <VLAN-ID>
show vtp
show vlan-membership
show vlan all-ports
show vlan access-log config
show vlan access-log statistics
show vlan access-log flow
No comments:
Post a Comment