Cisco 2960 Switch Configuration (PID: WS-C2960-24TC-L):
Changing Switch Hostname:
Switch(config)#hostname DST-SW
Configuring Passwords:
DST-SW(config)#enable secret sysadminDST-SW(config)#enable secret sysadmin
Securing Console Port:
DST-SW(config)#line con 0DST-SW(config-line)#password sysadminDST-SW(config-line)#login
Securing Terminal Lines:
DST-SW(config)#line vty 0 4DST-SW(config-line)#password sysadminDST-SW(config-line)#login
Encrypting Passwords:
DST-SW(config)#service password-encryption
Configuring Banners:
DST-SW(config)#banner motd$ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- UNAUTHORIZED ACCESS IS PROHIBITED -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- $
Giving the Switch an IP Address:
DST-SW(config)#interface vlan 1DST-SW(config-if)#ip address 192.168.101.2 255.255.255.0DST-SW(config-if)#shutdown
Setting the Default Gateway:
DST-SW(config)#ip default-gateway 192.168.101.1
Saving Configuration:
DST-SW#copy running-config startup-configDestination filename [startup-config]?Building configuration… [OK]
OrDST-SW#wrBuilding configuration… [OK]
Working Environment
(name lookup, history, exec-timeout and logging behavior):
DST-SW(config)#no ip domain-lookupDST-SW(config)#line vty 0 4DST-SW(config-line)#history size 15DST-SW(config-line)# exec-timeout 10 30DST-SW(config-line)#logging synchronous
Configuring Switch to use SSH:
• Configure DNS domain name:
DST-SW(config)#ip domain-name example.com
• Configure a username and password:
DST-SW(config)#username admin secrat cisco
• Generate encryption keys:
DST-SW(config)#crypto key generate rsa How many bits in the modulus [512]: 1024
• Define SSH version to use:
DST-SW(config)#ip ssh version 2
• Enable vty lines to use SSH:
DST-SW(config)#line vty 0 4DST-SW(config-line)#login localDST-SW(config-line)#transport input telnet ssh
Description, Speed, and Duplex:
DST-SW(config)#interface fastEthernet 0/1DST-SW(config-if)#description ***To-Core RTR***DST-SW(config-if)#speed 100 (options: 10, 100, auto)DST-SW(config)#interface range fastEthernet 0/5 – 10DST-SW(config-if-range)#duplex full (options: half, full, auto)
Verify Basic Configuration:
• Shows information about the switch and its interfaces, RAM, NVRAM, flash, IOS, etc.
DST-SW#show version
• Shows the current configuration file stored in DRAM.
DST-SW#show running-config
• Shows the configuration file stored in NVRAM which is used at first boot process.
DST-SW#show startup-config
• Lists the commands currently held in the history buffer.
DST-SW#show history
• Shows an overview of all interfaces, their physical status, protocol status and ip address if assigned.
DST-SW#show ip interface brief
• Shows detailed information about the specified interface, its status, protocol, duplex, speed, encapsulation, last 5 min traffic.
DST-SW#show interface vlan 1
• Shows the description of all interfaces
DST-SW#show interfaces description
• Shows the status of all interfaces like connected or not, speed, duplex, trunk or access vlan.
DST-SW#show interfaces status
• Shows the public encryption key used for SSH.
DST-SW#show crypto key mypubkey rsa
• Shows information about the leased IP address (when an interface is configured to get IP address via a dhcp server)
DST-SW#show dhcp lease
Configuring Port Security:
• Make the switch interface an access port
DST-SW(config-if)#switchport mode access
• Enable port security on the interface:
DST-SW(config-if)#switchport port-security
• Specify the maximum number of allowed MAC addresses:
DST-SW(config-if)#switchport port-security maximum 1
• Define the action to take when violation occurs:
DST-SW(config-if)#switchport port-security violation shutdown (options: shutdown, protect, restrict)
• Specify the allowed MAC addresses:
DST-SW(config-if)#switchport port-security mac-address 68b5.9965.1195 (options: H.H.H, sticky)
Verify and Troubleshoot Port Security:
• Shows the entries of the mac address table
DST-SW#show mac-address-table
• An overview of port security of all interfaces
DST-SW#show port-security
• Shows detailed information about port security on the specified interface
DST-SW#show port-security interface fa0/5
Configuring VLANs:
• Create a new VLAN and give it a name:
DST-SW(config)#vlan 10DST-SW(config-vlan)#name ***To-IT-Users***
• Assign an access interface to access a specific VLAN:
DST-SW(config)#interface fastEthernet 0/5DST-SW(config-if)#switchport mode accessDST-SW(config-if)#switchport access vlan 10
Configuring an auxiliary VLAN for cisco IP phones:
DST-SW(config)#interface fastEthernet 0/5DST-SW(config-if)#switchport access vlan 10DST-SW(config-if)#switchport voice vlan 12
Configuring Trunks:
DST-SW(config)#interface fastEthernet 0/1DST-SW(config-if)#switchport mode trunk (options: access, trunk, dynamic auto, dynamic desirable) DST-SW(config-if)#switchport trunk allowed
Securing VLANS and Trunking:
• Administratively disable unused interfaces:
DST-SW(config-if)#shutdown
• Prevent trunking by disabling auto negotiation on the interface:
DST-SW(config-if)#nonegotiate (or hardcode the port as an access port)DST-SW(config-if)#switchport mode access
• Assign the port to an unused VLAN:
DST-SW(config-if)#switchport access vlan 222
STP optimization:
• Hard coding the root bridge (changing bridge priority):
DST-SW(config)#spanning-tree vlan 1 root primaryDST-SW(config)#spanning-tree vlan 1 root secondaryDST-SW(config)#spanning-tree [vlan 1] priority 8192
• Changing the STP mode:
DST-SW(config)#spanning-tree mode rapid-pvst (options: mst, pvst, rapid-pvst)
• Enabling portfast and BPDU guard on an interface:
DST-SW(config-if)#spanning-tree portfastDST-SW(config-if)#spanning-tree bpduguard enable
• Changing port cost:
DST-SW(config-if)#spanning-tree [vlan 1] cost 25
• Bundling interfaces into an etherchannel:
DST-SW(config-if)#channel-group 1 mode on (options: auto, desirable, on)
STP Verification and Troubleshooting:
• Shows detailed info about STP state
DST-SW#show spanning-tree
• Shows STP info only on a specific port
DST-SW#show spanning-tree interface fa0/2
• Shows STP info only for a specific VLAN
DST-SW#show spanning-tree vlan 1
• Shows info about the root switch
DST-SW#show spanning-tree [vlan1] root
• Shows info about the local switch
DST-SW#show spanning-tree [vlan1] bridge
• Show the state of the etherchannels
DST-SW#show etherchannel 1
• Provides informational messages about the changes in the STP topology
DST-SW#debug spanning-tree events
Enabling or disabling CDP:
• Enabling CDP globally on a switch:
DST-SW(config)#cdp run
• Disabling CDP on a given interface:
DST-SW(config-if)#no cdp enable
Using CDP for Network Verification and Troubleshooting:
• Shows global information about CDP itself
DST-SWSW1#show cdp
• Shows information about CDP on a specific interface
DST-SW#show cdp interface fa0/2
• Shows information about the directly connected cisco devices including interfaces names capabilities
DST-SW#show cdp neighbors
• Shows detailed information about the neighboring cisco devices including device address and version of IOS they run
DST-SW#show cdp neighbors detail
• Same as show cdp neighbor detail
DST-SW#show cdp entry *
• Shows detailed information about the specified entry only
DST-SW#show cdp entry DST-SW2
No comments:
New comments are not allowed.