Base Configs 2

Creating a VLAN in Global Configuration Mode in Cisco IOS
Switch# configure terminal

Switch(config)# vlan 5
Switch(config-vlan)# name
Engineering
Switch(config-vlan)# exit
Deleting a VLAN in Global Configuration Mode

Switch# configure
terminal
Switch(config)# no vlan 3
Switch(config)# end
Assigning an Access Port to a VLAN
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface FastEthernet 5/6
Switch(config-if)# description PC A
Switch(config-if)# switchport
Switch(config-if)# switchport host
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 200
Switch(configif)# no shutdown
Switch(config-if)# end
Displaying Information About a VLAN by Number/Name in Cisco IOS
Switch# show vlan id 3 OR name VLAN0003
Displaying Information About the Interface Config
Switch# show running-config interface FastEthernet
5/6
Displaying Detailed Switch Port Information
BXB-6500-10:8A# show interfaces FastEthernet 4/1
Switchport
Displaying MAC Address Table Information
Switch# show mac-address-table interface GigabitEthernet 0/1
vlan 1
Configuring a Port for 802.1Q Trunking in Cisco IOS
Switch(config-if)# switchport trunk encapsulation dot1q
Switch(config-if)# switchport mode dynamic desirable

Switch(config-if)# switchport trunk allowed vlan 1-100
Switch(config-if)# no shutdown
Displaying Port Information for Trunking
Switch# show running-config interface FastEthernet
5/8
Displaying Switchport Information for Trunking
Switch# show interfaces FastEthernet 5/8
Switchport
Displaying Trunk Information for a Particular Port
Switch# show interfaces FastEthernet 5/8 trunk
Cisco IOS VTP CLI Configuration
Switch(config)# vtp mode server
Setting device to VTP SERVER mode.
Switch(config)# vtp domain
Lab_Network
Switch(config)# end
Displaying VTP Status
Switch# show vtp status
Displaying VTP Statistics in Cisco IOS
Switch# show vtp counters
Verifying Private VLANs
Switch# show vlan private-vlan
Switch# show interfaces FastEthernet 5/2 switchport
Private VLAN Configuration for Single Switch Scenario

sw(config)# vtp transparent
sw(config)# vlan 201
sw(config-vlan)# private-vlan isolated
sw(config)# vlan 202
sw(config-vlan)# private-vlan community
sw(config-vlan)# vlan 100
sw(config-vlan)# private-vlan primary
sw(config-vlan)# private-vlan association 201,202
sw(config-vllan)# interface fastethernet 0/24
sw(config-if)# switchport mode private-vlan promiscuous

sw(config-if)# switchport private-vlan mapping 100 201,202
sw(config-if)# interface range fastethernet 0/1 - 2
sw(config-if)# switchport mode private-vlan host
sw2(config-if)# switchport private-vlan host-association 100 202
sw(config-if)# interface range fastethernet 0/3 - 4
sw(config-if)# switchport mode private-vlan host
sw2(config-if)# switchport private-vlan host-association 100 201
Private VLAN Trunk Configuration

SWAwitch(config)# interface fastethernet 5/2
Switch(config-if)# switchport mode private-vlan trunk secondary
Switch(config-if)# switchport private-vlan trunk native vlan 10
Switch(config-if)# switchport private-vlan trunk allowed vlan 10, 3,301-302
Switch(config-if)# switchport private-vlan association trunk 3 301
Switch(config-if)# switchport private-vlan association trunk 3 302
Private VLAN Verification Commands
Switch# show interfaces fastethernet 5/2 switchport
EtherChannel Configuration
Switch(config)# interface fastethernet 0/23
Switch(config-if)# channel-group 2 mode active
Switch(config)# interface fastethernet 0/24
Switch(config-if)# channel-group 2 mode active
Switch(config)# interface port-channel 2
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk native VLAN 99
Switch(config-if)# switchport trunk allowed VLAN 2,3,99
!!!Remote Switch configuration
RSwitch(config)# interface fastethernet 0/23
RSwitch(config-if)# channel-group 5 mode on
RSwitch(config)# interface fastethernet 0/24
RSwitch(config-if)# channel-group 5 mode on
RSwitch(config)# interface port-channel 5
RSwitch(config-if)# switchport mode trunk
RSwitch(config-if)# switchport trunk native VLAN 99
RSwitch(config-if)# switchport trunk allowed VLAN
2,3,99
EtherChannel Verification Command for Interface
Switch# show interfaces fa0/24 etherchannel
EtherChannel Verification Port-Channel Command

Switch#show etherchannel 1 port-channel
EtherChannel Load Balancing
Switch(config)# port-channel load-balance src-dst-ip
Switch(config)# exit
Switch# show etherchannel load-balance
Configuration and Verification of PortFast on Cisco IOSBased Catalyst Switches
Switch(config-if)# spanning-tree portfast
Switch#
Switch# show spanning-tree interface FastEthernet 3/27 portfast
Configuration of Host Interface on Cisco IOSBased Catalyst Switch
SwitchB# configure terminal
SwitchB(config)# interface fastEthernet 3/9
SwitchB(config-if)# switchport host
Configuring MST for Topology Shown in Figure 3-20
SwitchA(config)# spanning-tree mode mst

SwitchA(config)# spanning-tree mst configuration
SwitchA(config-mst)# name XYZ
SwitchA(config-mst)# revision 1
SwitchA(config-mst)# instance 1 vlan 11, 21, 31
SwitchA(config-mst)# instance 2 vlan 12, 22,32
SwitchA(config)# spanning-tree mst 1 root
primary
SwitchB(config)# spanning-tree mode mst
SwitchB(config)# spanning-tree mst configuration
SwitchB(config-mst)# name XYZ
SwitchB(config-mst)# revision 1
SwitchB(config-mst)# instance 1 vlan 11, 21, 31
SwitchB(config-mst)# instance 2 vlan 12, 22,32
SwitchB(config)# spanning-tree mst 2 root
primary
Configuring and Verifying Root Guard on Cisco IOSBased Catalyst Switches
Switch(config-if)# spanning-tree guard root
Displaying Root-Inconsistent Interfaces on Cisco IOSBased Catalyst Switches
Switch# show spanning-tree inconsistentports
Configuration and Verification of UDLD on Cisco Switches
SwitchA# configure terminal
SwitchA(config)# interfacegigabitEthernet 5/1
SwitchA(config-if)# udld port aggressive
SwitchA(config-if)# end
Configuration and Verification of Flex Links

Switch(conf)# interface fastethernet1/0/1
Switch(conf-if)# switchport backup interface fastethernet1/0/2
Switch(conf-if)# end
Switch# show interface switchport backup
Spanning-Tree Events Debug on Cisco IOSBased Catalyst Switches
Switch# debug spanning-tree events
Inter-VLAN Routing Using External Router
Router(config)# interface FastEthernet0/0
Router(config-if)#no shutdown
Router(config)# interface FastEthernet 0/0.1
Router(config-subif) description VLAN 1
Router(config-subif)# encapsulation dot1Q 1 native
Router(config-subif)# ip address 10.1.1.1 255.255.255.0
Router(config-subif)# exit
Router(config)# interface FastEthernet 0/0.2
Router(config-subif)# description VLAN 2
Router(config-subif)# encapsulation dot1Q 2
Router(config-subif)# ip address 10.2.2.1 255.255.255.0
Router(config-subif)# exit
Router(config)# end
#####Cisco IOS switch Trunking Configuration Connected to Interface
FastEthernet0/0
switch(config)# interface FastEthernet 4/2
switch(config-if)# switchport trunk encapsulation dot1q
switch(config-if)# switchport mode trunk
switch(config-if)# end
Inter-VLAN Routing Using SVIs
Switch(config)# ip routing
Switch(config)# router rip
Switch(config-router)# network 10.0.0.0
Switch(config)# interface vlan 10
Switch(config-if)# ip address 10.10.1.1 255.0.0.0
Switch(config-if)# interface vlan 20
Switch(config-if)# ip address 10.20.1.1 255.255.255.0
Configuration of Routed Ports in Cisco IOS
Core(config)# interface GigabitEthernet 1/1
Core(Coreonfig-if)# no switchport
Core(config-if)# ip address 10.10.1.1 255.255.255.252
Core(config-if)# exit
Core(config)# interface GigabitEthernet 1/2
Core(config-if)# ip address 10.20.1.254
255.255.255.252
% IP addresses may not be configured on L2 links.
Core(config-if)# no switchport
Core(config-if)# ip address 10.20.1.254
255.255.255.252
To verify the DHCP operation, use the following two commands:
Switch# show ip dhcp binding
Switch# debug ip dhcp server packet
show ip cef Command
Switch# show ip cef
Prefix Next Hop Interface
0.0.0.0/32 receive
1.0.0.0/24 attached GigabitEthernet0/2
1.0.0.0/32 receive
1.0.0.1/32 receive
1.0.0.55/32 1.0.0.55 GigabitEthernet0/2
show ip cef detail Command
Switch# show ip cef vlan 10 detail
IP CEF with switching (Table Version 11), flags=0x0
10 routes, 0 reresolve, 0 unresolved (0 old, 0 new), peak

0
13 leaves, 12 nodes, 14248 bytes, 14 inserts, 1
invalidations
0 load sharing elements, 0 bytes, 0 references..
show adjacency Command
Switch# show adjacency
Protocol Interface Address
IP GigabitEthernet0/3 2.0.0.55(5)
show adjacency detail Command
Switch# show adjacency gigabitethernet 1/5 detail
Protocol Interface Address
504 packets, 6110 bytes
00605C865B82
000164F83FA50800
ARP 03:49:31
Configuring Syslog Trap Command
sw(config)# logging trap ?
<0-7> Logging severity level
alerts Immediate action needed
(severity=1)
critical Critical conditions
(severity=2)
debugging Debugging messages
(severity=7)
emergencies System is unusable
(severity=0)
errors Error conditions
(severity=3)
informational Informational messages
(severity=6)
notifications Normal but significant conditions
(severity=5)
warnings Warning conditions
(severity=4)
Configuring Syslog Buffered Command
sw(config)# logging buffered ?
<0-7> Logging severity level
<4096-2147483647> Logging buffer size
alerts Immediate action needed
(severity=1)
critical Critical conditions
(severity=2)
debugging Debugging messages
(severity=7)
discriminator Establish MD-Buffer association
emergencies System is unusable
(severity=0)
errors Error conditions
(severity=3)
informational Informational messages
(severity=6)
notifications Normal but significant conditions
(severity=5)
warnings Warning conditions
(severity=4)
xml Enable logging in XML to XML logging buffer
Displaying Filtered System Log Messages
sw# show logging| inc LINK-3
2d20h: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
Configuring SNMP
sw(config)# access-list 100 permit ip 10.1.1.0 0.0.0.255 any
sw(config)# snmp-server community cisco RO 100
sw(config)# snmp-server community xyz123 RW 100
sw(config)# snmp-server trap 10.1.1.50
Cisco IP SLA Configuration
SwitchB(config)# ip sla monitor 11
SwitchB(config-sla)# type echo prot ipIcmpEcho 10.1.1.1 source-int
fa0/1
SwitchB(config-sla)# frequncy 10
SwitchB(config0sla)# exit
SwitchB(config)# ip sla monitor schedule 11 life forever start-time now
SwitchB(config)# track 1 ip sla 11 reachability
Verifying IP SLA
sw# show ip sla statistics
Verifying IP SLA Configuration
sW# sh ip sla configuration
Configuring and Verifying RPR+ Redundancy
Switch(config)# redundancy
Switch(config-red)# mode rpr-plus
Switch(config-red)# end
Switch# show redundancy states

Configuring and Verifying SSO Redundancy
Switch(config)# redundancy
Switch(config-red)# mode sso
Changing to sso mode will reset the standby. Do you want to continue? [confirm]
Switch(config-red)# end
Switch# show redundancy states
Configuring and Verifying NSF Support for BGP and OSPF Routing Protocols
Switch(config)# router bgp 100
Switch(config-router)# bgp graceful-restart
Switch(config-router)# exit
Switch(config)#router ospf 200
Switch(config-router)# nsf
Switch(config-router)# end
Switch# show ip bgp neighbors 192.168.200.1
HSRP Priority and Preempt Configuration
RouterA(config)# interface vlan 10
RouterA(config-if)# ip address 10.1.1.2 255.255.255.0
RouterA(config-if)# standby 10 ip 10.1.1.1
RouterA(config-if)# standby 10 priority 110
RouterA(config-if)# standby 10 preempt
HSRP Authentication Configuration
RouterA(config-if)# standby 10 ip 10.1.1.1
RouterA(config-if)# standby 10 priority 110
RouterA(config-if)# standby 10 preempt
RouterA(config-if)# standby 10 authentication xyz123
Configuring HSRP Timers
switch(config)# interface vlan 10
switch(config-if)# ip address 10.1.1.2 255.255.255.0
switch(config-if)# standby 10 ip 10.1.1.1
switch(config-if)# standby 10 priority 110
switch(config-if)# standby 10 preempt
switch(config-if)# standby 10 timers msec 200 msec 750
switch(config-if)# standby 10 preempt delay minimum
225
Configuration Example for HSRP Interface Tracking
switch(config)# interface vlan 10
switch(config-if)# ip address 10.1.1.2 255.255.255.0
switch(config-if)# standby 10 ip 10.1.1.1
switch(config-if)# standby 10 priority 110
switch(config-if)# standby 10 preempt

switch(config-if)# standby 10 track fastethernet0/23 20
switch(config-if)# standby 10 track fastethernet0/24
HSRP Tracking Object Configuration
switch(config)# track 1 ?
Monitoring HSRP with the show standby Command
switch# show standby OR show standby brief
switch# show standby neighbor vlan10
Configuring and Verifying VRRP

Code View: Scroll / Show All
RouterA# configure terminal
RouterA(config-if)# vrrp 1 ip 10.0.2.254
RouterA(config-if)# vrrp 1 timers advertise msec 500
RouterA(config-if)# end
RouterB# configure terminal
RouterB(config)# interface vlan 1
RouterB(config-if)# ip address 10.0.2.2 255.255.255.0
RouterB(config-if)# vrrp 1 ip 10.0.2.254
RouterB(config-if)# vrrp 1 priority 90
RouterB(config-if)# vrrp 1 timers learn
RouterB(config-if)# end
RouterA# show vrrp interface vlan 1
Vlan1 - Group 1
State is Master
Virtual IP address is 10.0.2.254
Virtual MAC address is 0000.5e00.0101
Advertisement interval is 0.500 sec
Preemption is enabled
min delay is 0.000 sec
Priority is 100
Master Router is 10.0.2.1 (local), priority is 100
Master Advertisement interval is 0.500 sec
Master Down interval is 2.109 sec
RouterB# show vrrp interface vlan 1
Vlan1 - Group 1
State is Backup
Configuring Server Farm with Real Servers
Switch(config)# ip slb serverfarm PUBLIC

Switch(config-slb-sfarm)# real 10.1.1.1
Switch(config-slb-real)# inservice
Switch(config-slb-real)# exit
Switch(config-slb-sfarm)# exit
Switch(config)# ip slb serverfarm RESTRICTED
Switch(config-slb-real)# end
Displaying SLB Real Servers
Switch# show ip slb real
Displaying SLB Server Farm
Switch# show ip slb serverfarm
Configuring Virtual Servers
Switch(config)# ip slb vserver PUBLIC_HTTP
Switch(config-slb-vserver)# virtual 10.1.1.100 tcp www
Switch(config-slb-vserver)# serverfarm PUBLIC
Switch(config-slb-vserver)# inservice
Switch(config-slb-vserver)# exit
Switch(config)# ip slb vserver RESTRICTED_HTTP
Switch(config-slb-vserver)# virtual 10.1.1.200 tcp www
Switch(config-slb-vserver)# client 10.4.4.0 255.255.255.0
Switch(config-slb-vserver)# serverfarm RESTRICTED
Switch(config-slb-vserver)# inservice
Switch(config-slb-vserver)# end
Displaying SLB Virtual Servers
Switch# show ip slb vserver
Displaying the Current SLB Connections
Switch# show ip slb connections
Displaying Detailed Information for an SLB Client
Switch# show ip slb connections client 10.4.4.0 detail
Displaying SLB Statistics

Switch# show ip slb stats
Chapter 6
To disable trunk negotiation on a switch port.

Switch(config-if)# switchport mode access
This command is optional but is recommended for security purposes. An access port does not need to
negotiate trunk formation.
To configure an optional macro for switch access ports.

Switch(config-if)# switchport host
This macro sets the port mode to access, enables spanning-tree portfast, and disables EtherChannel.
Configuring pVLANs - Steps

Step 1. Set VTP mode to transparent.
Step 2. Create the secondary pVLANs.
Step 3. Create the primary pVLAN.
Step 4. Associate the secondary pVLAN with the primary pVLAN.
Only one isolated pVLAN can be mapped to a primary pVLAN, but more than one community pVLAN
can be mapped to a primary pVLAN.
Step 5. Configure an interface as an isolated or community port.
Step 6. Associate the isolated port or community port with the primary-secondary pVLAN pair.
Step 7. Configure an interface as a promiscuous port.
Step 8. Map the promiscuous port to the primary-secondary pVLAN pair.
Switch(config)# vlan pvlan-id
Switch(config-vlan)# private-vlan {community | isolated | primary}

Switch(config-vlan)# exit
Switch(config)# vlan primary-vlan-id
Switch(config-vlan)# private-vlan association {secondary-vlan-list | add
secondary-vlan-list | remove secondary-vlan-list}
Switch(config-vlan)# interface vlan primary-vlan-id
Switch(config-if)# private-vlan mapping {secondary-vlan-list | add secondaryvlan-list | remove secondary-vlan-list}
Switch(config-if)# interface type slot/port
Switch(config-if)# switchport
Switch(config-if)# switchport mode private-vlan {host | promiscuous}
Switch(config-if)# switchport private-vlan host-association primary-vlan-id
secondary-vlan-id
Switch(config-if)# switchport private-vlan mapping primary-vlan-id {secondary-vlan-list | add secondary-vlan-list
| remove secondary-vlan-list}
Switch(config)# vtp transparent

Switch(config-vlan)# private-vlan isolated
Switch(config-vlan)# private-vlan community
Switch(config-vlan)# vlan 100
Switch(config-vlan)# private-vlan primary
Switch(config-vlan)# private-vlan association 201,202
Switch(config-vlan)# interface fastethernet 0/24
Switch(config-if)# switchport mode private-vlan promiscuous
Switch(config-if)# switchport private-vlan mapping 100 201,202
Switch(config-if)# interface range fastethernet 0/1 - 2
Switch(config-if)# switchport mode private-vlan host
Switch(config-if)# switchport private-vlan host-association 100 202
Switch(config-if)# interface range fastethernet 0/3 - 4
Switch(config-if)# switchport mode private-vlan host
Switch(config-if)# switchport private-vlan host-association 100 201
A protected port does not forward any traffic to any other port that is also a protected port on the same
switch.
Switch(config-if)# switchport protected
PAgP Modes
Auto: passive negotiation state

Desirable: active negotiation state
LACP Modes
Passive: passive
Active: active
A good practice is to start by shutting down these interfaces, so that incomplete configuration will not start
to create activity on the link:
Switch(config)# interface range
Switch(config-if-range)# channel-protocol
Switch(config-if-range)# channel-group number mode
Switch(config)# interface port-channel number
Here the EtherChannel load-balancing mechanism is configured to use source and destination IP address
pairs.
This rule is applied to IPv4 and IPv6 traffic, whereas the non-IP load-balancing mechanism uses source
and destination MAC address pairs.
port-channel load-balance src-dst-ip
Use the spanning-tree portfast interface command to enable the PortFast feature.
Use the spanning-tree portfast default global configuration mode command to enable the PortFast
feature on all nontrunking interfaces
Use the spanning-tree portfast trunk interface command to enable the PortFast feature on a
trunk port.
Enable MST on switch.

Switch(config)# spanning-tree mode mst
Enter MST configuration submode.
Switch(config)# spanning-tree mst configuration

Display current MST configuration.
Switch(config-mst)# show current

Name MST instance.
Switch(config-mst)# name name

Set the 16-bit MST revision number. It is not incremented automatically when you commit a new MST
configuration.
Switch(config-mst)# revision revision_number
Map VLANs to MST instance.

Switch(config-mst)# instance instance_number vlan vlan_range
Display new MST configuration to be applied.
Switch(config-mst)# show pending

Apply configuration and exit MST configuration submode.
Switch(config-mst)# exit
Assign root bridge for MST instance. This syntax makes the switch root primary or secondary (only
active if primary fails). It sets primary priority to 24576 and secondary to 28672.
Switch(config)# spanning-tree mst instance_number root primary | secondary
SwitchA(config)# spanning-tree mode mst

SwitchA(config)# spanning-tree mst configuration
SwitchA(config-mst)# name XYZ
SwitchA(config-mst)# revision 1
SwitchA(config)# spanning-tree mst 1 root primary
SwitchB(config)# spanning-tree mode mst
SwitchB(config)# spanning-tree mst configuration
SwitchB(config-mst)# name XYZ
SwitchB(config-mst)# revision 1
SwitchB(config)# spanning-tree mst 2 root primary
BPDU Guard puts an interface configured for STP PortFast in the err-disable state upon receipt of a
BPDU. BPDU guard disables interfaces as a preventive step to avoid potential bridging loops
To enable BPDU guard globally, use the command:

spanning-tree portfast bpduguard default
To enable BPDU guard on a port, use the command:
spanning-tree bpduguard enable
BPDU filtering prevents a Cisco switch from sending BPDUs on PortFast-enabled interfaces, preventing
unnecessary BPDUs from being transmitted to host devices.
To enable BPDU filtering globally, use the command:

spanning-tree portfast bpdufilter default
To enable BPDU guard on a port, use the command:
spanning-tree bpdufilter enable

Switch(config-if)# spanning-tree guard root
Use the following interface-level configuration command to enable Loop Guard:

Switch(config-if)# spanning-tree guard loop
The global configuration can be overridden on a per-port basis. To enable Loop Guard globally, use the
following global configuration command:
Switch(config)# spanning-tree loopguard default
Switch(config)# interface fastethernet1/0/1

Switch(config-if)# switchport backup interface fastethernet1/0/2
Switch# show interface switchport backup
Switch Backup Interface Pairs:
Active Interface Backup Interface State
----------------- ------------------ --------------------FastEthernet1/0/1 FastEthernet1/0/2 Active Up/Backup Standby

Base Configs 2

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Base Configs 2

Caricato da

Copyright:

Formati disponibili

Creating a VLAN in Global Configuration Mode in Cisco IOS

Switch# configure terminal

Deleting a VLAN in Global Configuration Mode

Switch(config-if)# switchport mode dynamic desirable

Private VLAN Configuration for Single Switch Scenario

sw(config-if)# switchport mode private-vlan promiscuous

Private VLAN Trunk Configuration

EtherChannel Verification Port-Channel Command

SwitchA(config)# spanning-tree mode mst

Configuration and Verification of Flex Links

10 routes, 0 reresolve, 0 unresolved (0 old, 0 new), peak

Switch# show redundancy states

switch(config-if)# standby 10 preempt

Configuring and Verifying VRRP

Switch(config)# ip slb serverfarm PUBLIC

Displaying SLB Statistics

To disable trunk negotiation on a switch port.

To configure an optional macro for switch access ports.

Configuring pVLANs - Steps

Switch(config)# vlan pvlan-id

Switch(config-vlan)# private-vlan {community | isolated | primary}

Switch(config)# vtp transparent

Auto: passive negotiation state

Enable MST on switch.

Switch(config)# spanning-tree mst configuration

Switch(config-mst)# show current

Switch(config-mst)# name name

Switch(config-mst)# revision revision_number

Map VLANs to MST instance.

Switch(config-mst)# show pending

Switch(config)# spanning-tree mst instance_number root primary | secondary

SwitchA(config)# spanning-tree mode mst

To enable BPDU guard globally, use the command:

To enable BPDU filtering globally, use the command:

Switch(config)# interface FastEthernet 5/8

Use the following interface-level configuration command to enable Loop Guard:

Switch(config)# interface fastethernet1/0/1

Potrebbero piacerti anche