CISCO

FUNDAMENTALS
BASIC CLI COMMANDS

RUTH ANN SANTOS | PAUL JORDAN ELIGINO

Managed Switches Versus Unmanaged
Switches
When selecting the right type of switch to meet your needs, one consideration is whether
to use a managed or an unmanaged switch. The key difference is in the amount of control you
have over the settings of the switch.

Unmanaged switches are designed to just plug in and run, with no settings to configure.
These are fine to use in small networks with only basic needs. Managed switches, however, are
fully configurable, are customizable, and provide a range of data on performance. Those
attributes make them more suitable for larger networks and networks supporting critical
activities.

What are the differences between managed

and unmanaged switches?
Managed switches and unmanaged switches differ in three areas: capabilities, security,
and cost.

Capabilities: Unmanaged switches immediately start forwarding traffic once users have plugged
them in. They have no features besides what they need to negotiate transfer speeds and to
determine each link's duplexing type. Managed switches can offer a huge number of features that
can be configured by IT professionals, thus permitting a diverse array of deployment
possibilities. These capabilities allow for optimization of network performance and availability.

Security: Network security includes protection from and detection of threats to data and
operability. Managed switches provide security settings that can be configured to protect the
network and to help identify threats. Unmanaged switches do not offer security capabilities.

Cost: For some users, cost is a significant choice driver. Unmanaged switches are cheap, as well
as very simple to run. Managed switches, with all their additional capabilities, cost more than
unmanaged switches. They also require more expertise to provision and manage, meaning added
costs for staff with the skills to maintain the network
How should I choose between managed and
unmanaged switches?
Unmanaged switches are most often seen in very small, uncomplicated networks with only a
dozen or so devices connected and without critical requirements for security and availability.

Managed switches, with the flexibility and control they provide, are a must for networks where
reliability and security are critical. Typically, such networks power enterprise-level businesses,
government agencies, universities, and healthcare organizations.

While managed switches cost more than unmanaged switches, the range of models available
mean that there are different levels of complexity and cost for businesses of all sizes.

A third type of switches, called smart managed switches, offers a compromise between cost
and features. These switches are suited for small businesses that have limited budgets but need
better security protection and want to improve their networks' performance.

https://www.cisco.com/c/en/us/products/switches/what-is-a-managed-switch.html
CLI Command Modes

Command
Mode Access Method Prompt Exit or Access Next Mode
User EXEC This is the first Switch> Enter the logout command.
level of access.
To enter privileged EXEC mode,
(For the switch) enter the enable command.
Change terminal
settings, perform
basic tasks, and
list system
information.
Privileged From user EXEC Switch# To exit to user EXEC mode, enter
EXEC mode, enter the the disable command.
enable
command. To enter global configuration
mode, enter the configure
command.
Global From privileged Switch(config)# To exit to privileged EXEC
configuration EXEC mode, mode, enter the exit or end
enter the command, or press Ctrl-Z.
configure
command. To enter interface configuration
mode, enter the interface
configuration command.
Interface From global Switch(config-if)# To exit to privileged EXEC
configuration configuration mode, enter the end command, or
mode, specify an press Ctrl-Z.
interface by
entering the To exit to global configuration
interface mode, enter the exit command.
command
followed by an
interface
identification.
Fundamentals – Basic Configuration

Command Description
show version Display information about IOS and router

show interfaces Display physical attributes of the router’s interfaces

show ip interface brief Displays a summary of the status for each interface

show running-config Display the current configuration

show startup-config Display the configuration at startup

enable Access Privilege mode

config terminal Access Configuration mode

interface <int> Enter interface configuration

ip address <ip address> <mask> Assign an IP address to the specified interface

shutdown / no shutdown Turn off or turn on an interface. Use both to reset

description Set a description to the interface

show ip interface <type number> Displays the usability status of the protocols for the interfaces

hostname <name> Set a hostname for the Cisco device

enable secret <password> Set an “enable” secret password

copy running-config startup-config Saves the current (running) configuration in the startup
configuration into the NVRAM. The command saves the
configuration so when the device reloads, it loads the latest
configuration file

erase nvram Delete the current startup configuration files. The command
returns the device to its factory default.

reload Reboot the device. The NVRAM will take the latest configuration
Network Access

Command Description
cdp run / no cdp run Display information about IOS and router

show cdp neighbors Display all CDP neighbors

show mac address-table Display all the MAC address entries in a table

show vlan Lists each VLAN and all interfaces assigned to that VLAN

show vlan brief Displays vlan information in brief

show interfaces switchport Display configuration settings about all the switch port
interfaces

show interfaces trunk Display information about the operational trunks along with
their VLANs

vlan <1-4094> Enter VLAN configuration mode and create a VLAN with an
associated number ID

name <name> Within the VLAN configuration mode, assign a name to the
VLAN

switchport mode access In the interface configuration mode, the command assigns the
interface link type as an access link.

switchport access vlan <> Assign this interface to specific VLAN

interface range < > Access interface range configuration mode from Interface
Configuration.

no switchport access vlan <> Remove VLAN assignment from interface. It returns to default
VLAN 1

switchport mode trunk An interface configuration mode. Set the interface link type as a
trunk link.

switchport trunk allowed vlan Allow specific VLANs on this trunk

IP Services

Command Description
ip default-gateway <ip_address> Set the default gateway for the router

ip dhcp excluded-address The DHCP server should not assign to the DHCP client

<first-ip-address> <last-ip-address>

ip dhcp pool <name> Enters the DHCP pool configuration mode and creates a new
DHCP pool

network <network ID> <mask> Inside the DHCP configuration mode. Define the address pool
for the DHCP server

default-router <IP address> Set the default gateway IP address for the DHCP clients

dns-server <IP address> Set the DNS server IP address for the DHCP clients.

ip helper-address <ip address> Turns an interface into a DHCP bridge. The interface redirects
DHCP broadcast packets to a specific IP

show ip dhcp pool Display information about the DHCP pool

show ip dhcp binding Display information about all the current DHCP bindings

ip dns server Enable DNS service

show logging Shows the state logging (syslog). Shows the errors, events, and
host addresses. It also shows SNMP configuration and activity

terminal monitor Enables debug and system’s error messages for the current
terminal
Security

Command Description
enable secret <password> Set an “enable” secret password. Enable secret passwords are
hashed via the MD5 algorithm.

line vty 0 4 A global configuration command to access the virtual terminal

configuration. VTY is a virtual port used to access the device via
SSH and Telnet. 0 4 to allow five simultaneous virtual
connections

line console 0 A global configuration command to access the console

configuration

password <password> Once in line mode, set a password for those remote sessions
with the “password” command

username <username> privilege Require a username with a specific password

<level> secret <password>

service password-encryption Makes the device encrypt all passwords saved on the
configuration file

switchport port-security enable dynamic port security on the specific interface

switchport port-security Specify the max no. of secure MAC on the specific interface

maximum <max value>

switchport port-security Force a specific mac-address to the interface

mac-address sticky
Sample Cisco Switch Baseline

! CLOCK SETTINGS CONFIGURATION

clock set <hh:mm:ss> <day> <month> <year>

configure terminal

! HOSTNAME CONFIGURATION
hostname CICT_SWITCH

! CONFIGURE ENABLE PASSWORD

enable secret neust1234

! CONFIGURE LOCAL ACCOUNTS

username cict privilege 15 secret cict1234

! ENCRYPT PASSWORD
service password-encryption

! CREATING A BANNER
no banner motd
banner motd ^
********************************** SWITCH *********************************

UNAUTHORIZED personnel are allowed to access this network device.

FOR CICT STUDENTS TEST LABORATORY ONLY

****************************************************************************

^C

! MANAGEMENT INTERFACE CONFIGURATION

interface Vlan 1
ip address 192.168.1.2 255.255.255.0
no shut
exit

! SWITCH DEFAULT GATEWAY CONFIGURATION

ip default-gateway 192.168.1.1
! ACCESS PORT INTERFACE CONFIGURATION
interface FastEthernet0/1
description ***PORT Number 1***
switchport mode access
spanning-tree portfast
no shutdown
exit

! ACCESS MANAGEMENT CONFIGURATION (CONSOLE)

line con 0

login local

exit

! REMOTE MANAGEMENT CONFIGURATION (VTY)

line vty 0 4

login local

transport input all

exit

end

! SAVING CONFIGURATION IN STARTUP

copy running-config startup-config
Sample Cisco Router Baseline

! CLOCK SETTINGS CONFIGURATION

clock set <hh:mm:ss> <day> <month> <year>

configure terminal

! HOSTNAME CONFIGURATION
hostname CICT_ROUTER

! CONFIGURE ENABLE PASSWORD

enable secret neust1234

! CONFIGURE LOCAL ACCOUNTS

username cict privilege 15 secret cict1234

! ENCRYPT PASSWORD
service password-encryption

! CREATING A BANNER
no banner motd
banner motd ^
********************************** ROUTER *********************************

UNAUTHORIZED personnel are allowed to access this network device.

FOR CICT STUDENTS TEST LABORATORY ONLY

****************************************************************************

^C

! MANAGEMENT INTERFACE CONFIGURATION

interface GigabitEthernet0/1
description ***CONNECTION TO SWITCH***
ip address 192.168.1.1 255.255.255.0
no shutdown
exit

! ACCESS MANAGEMENT CONFIGURATION (CONSOLE)

line con 0

login local

exit
! REMOTE MANAGEMENT CONFIGURATION (VTY)

line vty 0 4

login local

transport input all

exit

end

! SAVING CONFIGURATION IN STARTUP

copy running-config startup-config
Cisco Router DHCP Configuration

configure terminal

! DHCP CONFIGURATION

ip dhcp pool CICT

network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8
exit

! IP RANGE EXCLUSION
ip dhcp excluded-address 192.168.1.1 192.168.1.20
exit

Cisco Switch Configuration with Port Security

configure terminal

! ACCESS PORT INTERFACE CONFIGURATION WITH PORT SECURITY

interface range FastEthernet0/1 -24

switchport port-security maximum 1

switchport port-security mac-address sticky

switchport port-security

exit
Wireless Router Configuration
In the Wireless Devices – Choose WRT300N Wireless Router

Plugged the Wireless Router using the Internet Port.

Go to Config

Click Internet – Static - and fill-up the Internet Settings Details

After Config Settings – Select GUI

Go to Setup >>> Basic Setup

Internet Setup choose Automatic Configuration – DHCP

Network Setup Input your preferred IP Address and Subnet Mask

DHCP Server Settings select Disabled

After Basic Setup Click Wireless

Select Basic Wireless Settings and Input your preferred SSID Name

For Basic Wireless Setup leave all selection in default and Save Settings

For defining SSID Password select Wireless Security

Fill up the details highlighted below and input the passphrase and Save Settings