Switch Basic Configuration:

hostname SW
Enable password cisco
ip default-gateway 192.168.1.10
interface Vlan1
ip address 192.168.1.100 255.255.255.0
!
!
line con 0
password sanfran
logging synchronous
login
history size 25
exec-timeout 0 0
!
line vty 0 4
password sanjose
logging synchronous
login
history size 35
Using accounts to access switch:
username admin1 password ccna1
username admin2 password ccna2
username admin3 password ccna3

hostname SW
Enable password cisco
ip default-gateway 192.168.1.10
interface Vlan1
ip address 192.168.1.100 255.255.255.0
!
!
line con 0
password sanfran
logging synchronous
login local
history size 25
exec-timeout 0 0
!
line vty 0 15
password sanjose
logging synchronous
login local
history size 35
exec-timeout 5 25
Enable SSH and Using accounts to access switch:

username admin1 password ccna1

username admin2 password ccna2
username admin3 password ccna3

hostname SW
ip domain-name nh.com
crypto key generate rsa

Enable password cisco

ip default-gateway 192.168.1.10
interface Vlan1
ip address 192.168.1.100 255.255.255.0
!
!
line vty 0 15
password sanjose
logging synchronous
login local
history size 35
exec-timeout 5 25
transport input all
Dealing with Storage in Cisco Devices:
Dealing with RAM and NVRAM
To Copy from RAM to NVRAM (Save configuration):
sh startup-config
sh running-config
Copy running-config startup-config
Wr
Copy from NVRAM to RAM
Reload
Copy startup-config running-config
To delete startup-config
Write erase
Erase startup-config
Erase nvram
Hold system button

Dealing with RAM , NVRAM and Flash

Sh flash
Copy startup-config flash
Copy running-config flash
Copy flash running-config
Copy flash startup-config
Delete flash

Dealing with RAM , NVRAM , Flash and TFTP

Copy startup-config tftp
Copy running-config tftp
Copy flash tftp
Copy tftp startup-config
Copy tftp running-config
Copy tftp flash
Dealing with ARP:
To Display ARP Cache
Switch#sh ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.1.1 2 0050.7966.6809 ARPA Vlan1
Internet 192.168.1.2 2 0050.7966.680e ARPA Vlan1
Internet 192.168.1.100 - 5000.0001.8001 ARPA Vlan1

Switch#sh ip arp 0050.7966.6809

Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.1.1 3 0050.7966.6809 ARPA Vlan1

Switch#sh ip arp 192.168.1.1

Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.1.1 3 0050.7966.6809 ARPA Vlan1
Switch#

Dealing with Mac address table:

Switch#sh mac address-table
Mac Address Table
-------------------------------------------

Vlan Mac Address Type Ports

---- ----------- -------- -----
1 0050.7966.6809 DYNAMIC Gi1/1
1 0050.7966.680e DYNAMIC Gi1/2
Total Mac Addresses for this criterion: 2

Switch#sh mac address-table address 0050.7966.6809

Mac Address Table
-------------------------------------------

Vlan Mac Address Type Ports

---- ----------- -------- -----
1 0050.7966.6809 DYNAMIC Gi1/1
Total Mac Addresses for this criterion: 1
Switch#
 Switch#sh mac address-table interface Gi 1/1
Mac Address Table
-------------------------------------------

Vlan Mac Address Type Ports

---- ----------- -------- -----
1 0050.7966.6809 DYNAMIC Gi1/1
Total Mac Addresses for this criterion: 1
Switch#

Cisco Discovery Protocol:

Conf t
CDP run
No CDP run

#sh CDP neighbor

#Sh CDP neighbor detail
Link Layer Discovery Protocol:

Conf t
Lldp run
No lldp run

#sh llldp neighbor

#Sh lldp neighbor detail

Dealing with accounts and Passwords

SW1(config)#user ac1 password ccna1
SW1(config)#user ac2 password ccna2
SW1(config)#
SW1(config)#user ab1 secret ccnp1
SW1(config)#user ab2 secret ccnp2
SW1(config)#enable password cisco
SW1(config)#enable secret ccna
SW1(config)#service password-encryption
{encrypts all existing passwords in running config}
{encrypts all new passwords in running config}

SW1(config)#no service password-encryption

{Decrypts all existing passwords in running config}
{ all new passwords in running config will be written as a clear text}
VLAN Configuration:
SW0(config)#vlan 2
SW0(config-vlan)#name ccna2
SW0(config-vlan)#exit
SW0(config)#
SW0(config)#vlan 3
SW0(config-vlan)#name ccna3
SW0(config-vlan)#exit
SW0(config)#
SW0(config)#int fa 0/1
SW0(config-if)#switchport mode access
SW0(config-if)#switchport access vlan 2
SW0(config-if)#exit
SW0(config)#
SW0(config)#int fa 0/2
SW0(config-if)#switchport mode access
SW0(config-if)#switchport access vlan 2
SW0(config-if)#exit
SW0(config)#
SW0(config)#int fa 0/3
SW0(config-if)#switchport mode access
SW0(config-if)#switchport access vlan 2
SW0(config-if)#exit
SW0(config)#
SW0(config)#
SW0(config)#int range fa 0/4 - 6
SW0(config-if-range)#switchport mode access
SW0(config-if-range)#switchport access vlan 3
SW0(config-if-range)#exit
SW0(config)#
SW0#sh vlan brief

Trunk Configuration:
Int gi 0/1
Switchport trunk encapsulation isl/dot1Q/auto
Int gi 0/1
Switchport trunk encapsulation dot1Q
Switchport trunk native vlan 3
Switchport mode trunk
Int gi 0/1
Switchport trunk encapsulation isl
Switchport mode trunk
SW0#sh int trunk
SW2#sh int gi 0/2 switchport
Name: Gig0/2
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 3 (ccna3)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none
Trunk Negotiation Protocol (NDP)
Int gi 0/2

switchport mode dynamic desirable

SW2 SW2
SW2#sh int gi 0/2 switchport SW1#sh int gi 0/2 switchport
Name: Gig0/2 Name: Gig0/2
Switchport: Enabled Switchport: Enabled
Administrative Mode: dynamic desirable Administrative Mode: dynamic auto
Operational Mode: trunk Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On Negotiation of Trunking: On
Access Mode VLAN: 1 (default) Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none Voice VLAN: none
Administrative private-vlan host-association: none Administrative private-vlan host-association:
Administrative private-vlan mapping: none none
Administrative private-vlan trunk native VLAN: Administrative private-vlan mapping: none
none Administrative private-vlan trunk native
Administrative private-vlan trunk encapsulation: VLAN: none
dot1q Administrative private-vlan trunk
Administrative private-vlan trunk normal VLANs: encapsulation: dot1q
none Administrative private-vlan trunk normal
Administrative private-vlan trunk private VLANs: VLANs: none
none Administrative private-vlan trunk private
Operational private-vlan: none VLANs: none
Trunking VLANs Enabled: ALL Operational private-vlan: none
Pruning VLANs Enabled: 2-1001 Trunking VLANs Enabled: ALL
Capture Mode Disabled Pruning VLANs Enabled: 2-1001
Capture VLANs Allowed: ALL Capture Mode Disabled
Protected: false Capture VLANs Allowed: ALL
Appliance trust: none Protected: false
SW2# Appliance trust: none
SW1#
Port Security
!
interface FastEthernet0/1
switchport mode access
switchport port-security
switchport port-security mac-address 0090.21D8.42D0
switchport port-security vioalation shutdown
!
Sticky Mac
interface FastEthernet0/2
switchport mode access
switchport port-security
switchport port-security mac-address sticky

ping 192.168.1.2
interface FastEthernet0/2
switchport mode access
switchport port-security
switchport port-security mac-address sticky
switchport port-security mac-address sticky 00D0.BAB6.5B68
!

Port violation: Restrict

interface FastEthernet0/2
switchport mode access
switchport port-security
switchport port-security violation restrict
switchport port-security mac-address sticky
switchport port-security mac-address sticky 00D0.BAB6.5B68
Port violation: Protect
interface FastEthernet0/2
switchport mode access
switchport port-security
switchport port-security violation protect
switchport port-security mac-address sticky
switchport port-security mac-address sticky 00D0.BAB6.5B68

Maximum address
interface FastEthernet0/4
switchport mode access
switchport port-security
switchport port-security maximum 3
switchport port-security mac-address sticky
switchport port-security violation protect
switchport port-security mac-address sticky 000C.85EC.DE30
switchport port-security mac-address sticky 00E0.B042.4065
switchport port-security mac-address sticky 00E0.F7BE.95D4