• Before you can manage SW1 remotely from PC1, you need to assign the switch IP address. By default you give Switch IP address in management vlan 1. So for security reason you need to change management vlan1 to other vlan number. Write command switchport mode trunk native vlan 12 in trunk port. But remember you need to write this command on all switch’s trunk port. So that vlan information should be flow in all switch via trunk port.
  • In fresh switch all ports are in vlan1 by default.
  • We can add two fresh switch without giving any command, all host on both switch communicate because of both are in vlan 1 by default.

SW1(config-vlan)#name accounts

SW1(config-if)#exit

SW1(config)#int fastethernet 0/1

SW1(config-if)#switchport mode access

SW1(config-if)#switchport access vlan 2

SW1(config-if)#exit

SW1(config)#int range fastethernet 0/3 – 5

SW1(config-if)#switchport mode access

SW1(config-if)#switchport access vlan 2

SW1(config)#vlan 3

  • Inter vlan communication by Router on stick method-

SW1(config)#int fastethernet 0/24

SW1(config-if)#switchport mode trunk

R1(config)#int fastethernet 0/0

R1(config-if)#no shut

R1(config-if)#exit

R1(config)#int fastethernet 0/0.2

R1(config-if)#ip address 192.168.1.1 255.255.255.0

R1(config-if)#encapsulation dot1Q 2

R1(config-if)#exit

R1(config)#int fastethernet 0/0.3

R1(config-if)#ip address 192.168.2.1 255.255.255.0

R1(config-if)#encapsulation dot1Q 3

R1(config-if)#end

R1#sh ip int brief

F0/0      unassigned         up   up

F0/0.2   192.168.1.1        up   up

F0/0.3   192.168.2.1        up   up

Now all PC are communicate.

Note – If switch int f0/24 is trunk port so it will not show in show vlan command.

VLAN remove – SW1#delete vlan.dat

Vlan.dat file available in flash.

Managing the CAM Table

Switch#  show mac address-table

vlan          mac address             type                port

9         000c.291e.96f0            dynamic         GigabitEthernet1/1

9         000c.293c.7cac            dynamic         GigabitEthernet1/1

9         000c.2950.e3e9            dynamic         GigabitEthernet1/1

9         000c.29ba.fe28             dynamic         GigabitEthernet1/2

9         842b.2ba6.3a7d            dynamic         GigabitEthernet1/3

9         d067.e50b.1975            dynamic         GigabitEthernet1/5

9         000c.e51e.e35a             dynamic         GigabitEthernet2/1

9         f04d.a2f6.d37b              dynamic         GigabitEthernet2/2

A single switch port can learn many addresses. GigabitEthernet1/1 has multiple MAC addresses associated with it. This usually indicates this is an uplink to another switch.

  • To view the CAM table entries for a specific port or MAC address:

Switch#  show mac address-table interface GigabitEthernet 1/5

vlan          mac address             type                port

9              d067.e50b.1975        dynamic         GigabitEthernet1/5

Switch#  show mac address-table address f04d.a2f6.d37b

vlan          mac address             type                port

9         f04d.a2f6.d37b          dynamic          GigabitEthernet2/2

The output of a command can be filtered using the pipe command. For example, to search for any entry that contains 3a7d in the MAC address:

Switch#  show mac address-table | include 3a7d

vlan          mac address             type                port

9            842b.2ba6.3a7d        dynamic        GigabitEthernet1/3

To specifically display only dynamic or static CAM entries:

Switchshow mac address-table dynamic

Switch#  show mac address-table static

To view the total number of entries in the CAM table:

Switch#  show mac address-table count

MAC entries for all vlans:

Dynamic unicast address count:                              234

Static unicast address (user defined) count:         0

Static unicast address (system defined) count:    6

Total unicast MAC address in use:                          240

Total unicast MAC address available:                    55000

Multicast MAC address count:                                 9

Total Multicast MAC address available:                 32768

  • The CAM aging timer can be changed from its default of 300, though this is needed only in rare circumstances:

Switch(config)#  mac address-table aging-time 360

  • To add a static entry into the CAM table:

Switch(config)# mac address-table static 0011.2233.4455 vlan 9 interface GigabitEthernet 2/7

  • To clear all dynamic entries in the CAM table:

Switch#  clear mac address-table dynamic all

  • To clear a single entry in the CAM, either by MAC address or interface:

Switch# clear mac address-table dynamic address d067.e51e.e35a

Switch# clear mac address-table dynamic interface ge 2/1

  • Note: In Cisco IOS versions prior to 12.1, the syntax for all CAM table commands contained an additional hyphen between mac and address:

Switch#  show mac-address-table

This additional hyphen is no longer required on modern versions of the IOS. Some IOS versions may support both syntaxes.

IOS Version Numbers

x.y(z)t

  • The “x” designates a major revision number.
  • The “y” designates a minor revision number.
  • The “z” designates an individual release number
  • The “t” designates a train identifier.

 

Thus, the third release of IOS version 12.4 would be identified as 12.4(3). The major and minor revision numbers combined is often called the Maintenance Release number (e.g., “12.4”).

        Trains identify IOS releases to specific markets, and are represented by a single letter:

  • The “T” or Technology train is continuously updated with new features and security fixes.
  • The “E” or Enterprise train contains features and commands for enterprise-level equipment.
  • The “S” or Service Provider train contains features and a command-set for specific ISP equipment.

The absence of a train identifier denotes a Mainline release. Security updates are released for the mainline train, but new functionality is never added to the feature set.The latest version of             the IOS (as of this writing) is 12.4(11)T.

The Cisco IOS is stored in Flash on Cisco routers and Catalyst switches, in a .BIN file format. It can be upgraded using one of several methods:

  • Replacing the existing Flash stick
  • Via a TFTP server
  • Via Xmodem
  • Via a PCMCIA slot (not supported by all Cisco devices)

To adjust the number of commands the history buffer stores (range 0-256):

RouterA# terminal history size 30

The following command provides output similar to show version:

           Router#  show hardware

The enable password command sets an unencrypted password intended for legacy systems that do not support encryption. It is no longer widely used. The enable secret command sets an MD5-hashed password, and thus is far more secure.

Router(config)# enable password MYPASSWORD

Router(config)# enable secret MYPASSWORD2

Router(config)#  line vty 0 4

Router(config-line)#  login

Router(config-line)#  password cisco1234

Router(config-line)#  exec-timeout 2 30

Router(config-line)#  logging synchronous

Timeout are of 2 minutes and 30 seconds.

The logging synchronous command is also optional, and prevents system messages from interrupting your command prompt.

By default, line passwords are stored in clear-text in configuration files. To ensure these passwords are encrypted in all configuration files:

Router(config)#  service password–encryption

Certain router families (such as the 3600 series) are modular, and have multiple “slots” for interfaces. All commands must reflect both the module number and the interface number, formatted as: module/interface

             Router(config)# interface fa 0/2

               Router(config-if)# ip address 192.168.1.1 255.255.255.0

              Router(config-if)# ip address 192.168.1.2 255.255.255.0 secondary

Status of up/up indicates that the physical interface is active, and both sending and receiving keepalives.

Status of down/down indicates that defective (or unplugged) cable or interface.

Status of up/down indicates that

  • Absence of keepalives being sent or received.
  • Clock rate not set on the DCE side of a serial connection.
  • Different encapsulation types set on either side of the link.

To delete the contents of the startup-config file:

Router# erase start

If the router is power-cycled after erasing the startup-config file, the router will enter Initial Configuration Mode (sometimes called Setup Mode). This mode is a series of interactive questions intended for quick reconfiguration of the router.Initial Configuration Mode can be exited by typing CTRL-C.

Piping command

The following command will display the contents of the startup-config, beginning with the first line containing the text ethernet:

Router#  show startup | begin ethernet

The following command will exclude all lines containing the text ethernet:

                 Router#  show startup | exclude ethernet

The following command will include all lines containing the text ethernet:

                 Router#  show startup | include  Ethernet

IOS Trouleshooting command

The show tech-support command prints to screen every configuration file, and the output of several important show commands. This can be redirected to a file and either viewed or sent to Cisco for troubleshooting purposes:

               Router#  show tech-support

               Router#  debug ip rip events

VTP (VLAN trunking protocol)

  • It is layer 2 protocol.
  • It manages addition, deletion & renaming of VLAN. When you configure new VLAN on one VTP switch (server), VLAN is distributed through all switches in his domain.
  • If switch can be linked but not part of one domain. In that case VLAN information is drop.
  • It is cisco proprietary (all switch in his domain must be cisco switch).
  • VTP have 3 mode –  Server (by default)

Client (It only receive VLAN information and forward to other switch).

Transparent (It forward VTP traffic but do not originate or use it. They can create local VLAN)

SW1(config)#vtp mode server

SW1(config)#vtp domain tips

SW1(config)#vtp password tips123

SW1#show vtp status

STP (Spanning tree protocol)

  • It defined by IEEE 802.1d. Switches (higher end or manageable) run STP by default.
  • It’s improved version is called RSTP defined by IEEE 802.1w.
  • Process – (1) Choose 1 switch to be “root bridge”. For making of root bridge, switch exchange BPDUs. In BPDU, bridge ID (Priority + Vlan no. + Mac address) based on VLAN. Switch with lowest bridge ID will becomes root bridge. (2)Choose root port and designated port of each switch. (3)Close down all other ports.
  • Switch A is new switch (Gigabit ethernet is available), so we want switch A will become Root bridge. Priority of Switch C = 32768(by default)+1(vlan no.). Priority(1-65536) should be in multiples of 4096.

C#show spanning-tree

Root id             Priority  32769

Mac add 0002.CEF5.E256

Bridge id          Priority  32769

Mac add 000C.CEF5.E256

Interface     Role             Cost      Type

F0/1            Altn BLK    19          P2P

F0/2            Root FWD   19          P2P

A(config)#spanning-tree vlan 1 root primary             or

A(config)#spanning-tree vlan 1 priority 20480

RSTP (Rapid Spanning tree protocol)

  • In STP, for making root(listening, learning to forwarding) time taken is 30-50s. Today BW is more So in RSTP only 6s required. Write command in configuration mode on all switches “spanning-tree mode rapid-pvst”.

STP(802.1D) port state        RSTP(802.1w) port state     Is port included in active topology   Is port learning Mac add.

Disabled                               Discarding                                    No                                                      No

Blocking                               Discarding                                    No                                                      No

Listening                              Discarding                                    Yes                                                     No

Learning                               Learning                                       Yes                                                     Yes

Forwarding                           Forwarding                                 Yes                                                     Yes

Speed and duplex

If an interface does not have an accurate description, there are two methods of determining what is connected to it:

  • Trace the physical cable to the host (always fun).
  • Leverage the CAM table to identify a host by its MAC address.

Switch(config)# interface gi3/10

Switch(config-if)#  speed auto

The configuration must be consistent on both sides of the connection. Both sides must be configured to autonegotiate, or both sides must be hardcoded with identical settings. Otherwise a duplex mismatch error can occur. For example, if a workstation’s interface is configured to autonegotiate, and the switch interface is hardcoded for 100Mbps and full-duplex, then a duplex mismatch will occur. The workstation’s interface will sense the correct speed of 100Mbps, but will not detect the correct duplex and will default to half-duplex.

If the duplex is mismatched, collisions will occur. Because the full-duplex side of the connection does not utilize CSMA/CD, performance is severely degraded. These issues can be difficult to troubleshoot, as the network connection will still function, but will be very slow. Most manufacturers recommend autonegotiation on Gigabit Ethernet interfaces as a best practice.