[CCNA] Cisco Commands Cheat Sheet #2

Continuing our Cisco Commands Cheat Sheet for CCNA students, this is our 2nd post.

Configuring port security:

  • Make the switch interface as access port:
SW1(config-if)# switchport mode access
  • Enable port security on the interface:
SW1(config-if)# switchport port-security
  • Specify the maximum number of allowed MAC addresses:
SW1(config-if)# switchport port-security maximum 1
  • Define the action to take when violation occurs:
SW1(config-if)# switchport port-security violation shutdown    ! options: shutdown, protect, restrict
  • Specify the allowed MAC addresses:

The sticky keyword is used to let the interface dynamically learns and configures the MAC addresses of the currently connected hosts.

SW1(config-if)# switchport port-security mac-address 68b5.9965.1195    ! options: H.H.H, sticky

Verify and troubleshoot port security:

  • Shows the entries of the mac address table:
SW1# show mac-address-table
  • Overview of port security of all interfaces:
SW1# show port-security
  • Shows detailed information about port security on the specified interface:
SW1# show port-security interface fa0/5

Configuring VLANs:

  • Create a new VLAN and give it a name:
SW1(config)# vlan 10
SW1(config-vlan)# name SALES
  • Assign an access interface to access a specific VLAN:
SW1(config)# interface fastEthernet 0/5
SW1(config-if)# switchport mode access
SW1(config-if)# switchport access vlan 10

Configuring an auxiliary VLAN for cisco IP phones:

SW1(config)# interface fastEthernet 0/5
! accessing vlan 10 (data) and 12 (VoIP)
SW1(config-if) #switchport access vlan 10
SW1(config-if) #switchport voice vlan 12

Configuring Trunks:

SW1(config)# interface fastEthernet 0/1
SW1(config-if)# switchport mode trunk    ! options: access, trunk, dynamic auto, dynamic desirable
SW1(config-if)# switchport trunk allowed vlan add 10    ! options: add, remove, all, except

Securing VLANs and Trunking:

  • Administratively disable unused interfaces:
SW1(config-if)# shutdown
  • Prevent trunking by disabling auto negotiation on the interface:
SW1(config-if)# nonegotiate    ! or hardcode the port asan access port
SW1(config-if)# switchport mode access
  • Assign the port to an unused VLAN:
SW1(config-if)# switchport access vlan 222

Configuring VTP:

  • Configure VTP mode:

The transparent VTP mode is used when an engineer wants to deactivate VTP on a particular switch

SW1(config)# vtp mode server    ! options: server, client, transparent
  • Configure VTP domain name:
SW1(config)# vtp domain EXAMPLE    ! case-sensitive
  • Configure VTP password (optional):
SW1(config)# vtp password cisco    ! case-sensitive
  • Configure VTP pruning (optional):
SW1(config)# vtp pruning    ! only works on VTP servers
  • Enable VTP version 2 (optional):
SW1(config)# vtp version 2

Verify and troubleshoot VLANs and VTP:

  • Lists information about administrative setting and operation status of interface:
SW1# show interfaces if switchport
  • Lists all the trunk ports on a switch including the trunk allowed VLANs:
SW1# show interfaces trunk
  • Lists information about the VLANs:
SW1# show vlan {brief | id | name | summary}
  • Lists VTP configuration (mode, domain-name, version, etc) and revision number:
SW1# show vtp status
  • Shows the VTP password:
SW1# show vtp password

STP optimization:

  • Hard coding the root bridge (changing bridge priority):
SW1(config)# spanning-tree vlan 1 root primary
SW1(config)# spanning-tree vlan 1 root secondary
! Priority must be a multiply of 4096
SW1(config)# spanning-tree [vlan 1]priority 8192
  • Changing the STP mode:
SW1(config)# spanning-tree mode rapid-pvst    ! options: mst, pvst, rapid-pvst
  • Enabling portfast and BPDU guard on an interface:

Portfast and BPDU guard are enabled only on interfaces connected to end user hosts

SW1(config-if)# spanning-tree portfast
SW1(config-if)# spanning-tree bpduguard enable
  • Changing port cost:
SW1(config-if)# spanning-tree [vlan 1] cost 25
  • Bundling interfaces into an etherchannel:
SW1(config-if)# channel-group 1 mode on    ! options: auto, desirable, on

STP verification and troubleshooting:

  • Shows detailed info about STP state:
SW1# show spanning-tree
  • Shows STP info only on a specific port:
SW1# show spanning-tree interface fa0/2
  • Shows STP info only for a specific VLAN:
SW1# show spanning-tree vlan 1
  • Shows info about the root switch:
SW1# show spanning-tree [vlan 1] root
  • Shows info about the local switch:
SW1# show spanning-tree [vlan 1] bridge
  • Show the state of the etherchannels:
SW1# show etherchannel 1
  • Provides informational messages about the changes in the STP topology:
SW1# debug spanning-tree events

Enabling or disabling CDP:

  • Enabling CDP globally on a switch:
SW1(config)# cdp run
  • Disabling CDP on a given interface:
SW1(config-if)# no cdp enable

Using CDP for network verification and troubleshooting:

  • Shows global information about CDP itself:
SW1# show cdp
  • Shows information about CDP on a specific interface:
SW1# show cdp interface fa0/2
  • Shows information about the directly connected cisco devices including interfaces names capabilities:
SW1# show cdp neighbors
  • Shows detailed information about the neighboring cisco devices including device address and version of IOS they run:
SW1# show cdp neighbors detail
! OR
SW1# show cdp entry *
  • Shows detailed information about the specified entry only:
SW1# show cdp entry SW2

Enjoy !

Advertisements

Tagged: , , , , , , ,

5 thoughts on “[CCNA] Cisco Commands Cheat Sheet #2

  1. […] Cisco Commands Cheat Sheet #2 […]

  2. […] Cisco Commands Cheat Sheet #2 […]

  3. […] Cisco Commands Cheat Sheet #2 […]

  4. […] Cisco Commands Cheat Sheet #2 […]

  5. […] Cisco Commands Cheat Sheet #2 […]

Leave a Reply :

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: