Initial Switch Configuration

The following graphic and table summarize the basic command mode prompts of the switch.

In the start, all the cisco switches have multiple command modes which are mentioned below;

a. User EXEC -
a. Prompt: Switch>
b. How to enter: first time login user will get into this mode.
c. How to exit: users can use command: exit, logout, disconnect.
d. Details: This mode, also known as User mode, allows a user to view a limited amount
of information. Essentially, the user can look around but not break anything by
executing non-disruptive commands.
b. Privileged EXEC -
a. Prompt: Switch#
b. How to enter: by using command: enable
c. How to exit: by using command: exit, disable.
d. Details: This mode, also known as Enable mode, allows the user to execute powerful
or privileged commands, such as reload which tells the switch to reboot the Cisco
IOS.
c. Global Configuration -
a. Prompt: Switch(config)#
b. How to enter: by using command: configure terminal
c. How to exit: by using command: exit, ctrl+z.
d. Details: This mode allows the user to make global configurations on the switch (or
configurations which affect the whole switch), such as the hostname of the switch.
d. Line Configuration mode-
a. Prompt: Switch(config-line)#
b. How to enter: by using command: Switch(config)# line <type> <number>
c. How to exit: by using command: exit, ctrl+z.
 d. Details: Use this mode to configure parameters for the terminal line, such as the
console, Telnet, and SSH lines.
e. Interface configuration mode -
a. Prompt: Switch(config-if)#
b. How to enter: by using command: Switch(config)# interface fastethernet <port
number>
c. How to exit: by using command: exit
d. Details: The switch has multiple interface modes depending on the physical (or
logical) interface type. For this course, you should be familiar with the following
switch interface modes:
1. Ethernet (10 Mbps Ethernet)
2. FastEthernet (100 Mbps Ethernet)
3. GigabitEthernet (1 GB Ethernet)
4. VLAN

Note: The VLAN interface configuration mode is used to configure the switch IP
address and other management functions. It is a logical management interface
configuration mode, instead of a physical interface configuration mode as used for
the FastEthernet and GigabitEthernet ports.

f. VLAN configuration mode -

a. Prompt: Switch(config-vlan)#
b. How to enter: by using command: Switch(config)# vlan <1-4094>
c. How to exit: by using command: exit
d. Details: Details of the config-vlan mode include the following:
i. You can use the config-vlan mode to perform all VLAN configuration tasks.
ii. Changes made in vlan mode take place immediately.

Note: Do not confuse the config-vlan mode with the VLAN interface configuration
mode.

Initial Switch Configuration

Command Descriptoin
Switch(config)#hostname <name> To change the host name of the Switch
Switch(config)#interface <type> <number> To set a description for a specific interface
Switch(config- if)#description
<description text>
Switch(config)#enable secret <password> Set the encrypted password used for privileged
mode access. The enable secret is always used
if it exists.
This command uses the Message-Digest 5
(MD5) hashing algorithm to encrypt the
password.
Switch(config)#enable password <password> Set the unencrypted password for privileged
mode access. This password is used if the
enable secret is not set.
Switch(config)#line con 0 To switch to the line configuration mode for the
console.
Switch(config)#line vty <0-197> To switch to the line configuration mode for the
<1-197> virtual terminal. Specify one line number or a
range of line numbers, for example: line vty 0 4
Switch(config-line)#password <password> To set the line password (for either console or
VTY access)
Switch(config-line)#login This command will require the password for
line access.
Switch(config)#no enable secret These commands will used to remove
Switch(config)#no enable password password. ‘no login’ command will disable
Switch(config-line)#no login password checking at login.
Switch(config-line)#no password
Switch(config)#service password-encryption Encrypt all passwords as a type 7 password.
Encrypted type 7 passwords are not secure and
can be easily broken; however, the encrypted
values do provide some level ofprotection from
someone looking over your shoulder after
having issued the show run command. Rather
than relying on this encryption, make sure to
use the enable secret command for better
encryption.
Switch#show version View hardware configuration, running IOS
version, ROM bootstrap version, and RAM and
processor information
Switch#show running-config To view the currently running configuration file.
This file is stored in RAM.
Switch#show startup-config To view the startup configuration file stored in
NVRAM (The saved copy of the configuration
file)

Port Configuration Commands

Command Description
switch(config)#interface <type> <number> These commands are used to move to interface
switch(config)#interface FastEthernet 0/14 configuration mode.
switch(config)#interface GigabitEthernet 0/1
switch(config)#interface range <type> These commands are used to select multiple
<number> interfaces at the same time.
switch(config)#interface range fastethernet
0/1-3
switch(config)#interface range fastethernet
0/1-3, 0/12
switch(config)#interface range fa 0/8 - 9 , gi 0/1
-2
switch(config-if)#speed 10 To set the port speed on the interface.
switch(config-if)#speed 100
switch(config-if)#speed 1000
switch(config-if)#speed auto
switch(config-if)#duplex half To set the duplex mode on the interface.
switch(config-if)#duplex full
switch(config-if)#duplex auto
 switch(config-if)#no shutdown To enable or disable the interface.
switch(config-if)#shutdown
switch#show interface status To show interface status of all ports
switch#show ip interface brief To show line and protocol status of all ports

Remote Access
By default, there are no such output ports are available on the cisco switches/routers. For
management purposes, all devices have a console port available. As the console cable connectivity
required the physical presence around the switch devices, hence it is not useful way to access
switch/router CLI access using the console cable. We can configure the remote access of our switch
or router devices so that we can access their CLI mode remotely sitting on our own PC/laptop.

There are two common protocols for remote management to your Cisco IOS router or switch: telnet
and SSH.

How to configure SSH in the cisco devices?

SSH (Secure Shell) is a secure method for remote access as is includes authentication and encryption.
To do this, it uses RSA public/private keypair.

There are two versions: version 1 and 2. Version 2 is more secure and commonly used.

Command Description
Switch(config)# interface vlan 1 Go into the vlan 1 interface (virtual interface)
Switch(config-if)# ip address <IP> <subnet To set IP address on VLAN 1 interface
mask>
Switch(config-if)# no shutdown To enable the interface
Router(config)#hostname R1 To change the default hostname of the switch
or router.
R1(config)#ip domain-name <domain name> To change/set the domain name of the switch
or router.
R1(config)#crypto key generate rsa general- This command will generate a key to encrypt
keys modulus 1024 the data.
R1(config)#ip ssh version 2 To enable ssh version 2. By default, version 1.99
is enabled.
R1(config)#line vty 0 4 To enable vty communication for 5 (0-4)
terminals.
R1(config-line)#transport input ssh Allow only ssh based communication for
remote access.
R1(config-line)#login local To allow local user database should be used for
authentication.
R1(config)#username <username> password To create user and set their password.
<password>
PC> ssh -l <username> <Sw/Router IP> This command can be used to ssh from PC
devices in packet tracer.
How to configure telnet access to a cisco device?
Telnet is easy to configure but not used often anymore since it is insecure, everything you do is sent
in plaintext while SSH uses encryption. However, some older devices might only support telnet, so
it’s good to know how to configure it. Besides remote management, the telnet client is also very
useful to test access-lists, routing and if certain ports are listening or not.

Note: make a note that the management IP has been for the VLAN 1, hence no other VLAN members
are allowed to access the remote connection using telnet/SSH using management IP of VLAN 1.

Command Description
R1(config)#line vty 0 4 Enable the 5 vty terminal for remote access of
CLI. Here 0 indicates the minimum limit and 4
indicates the maximum terminal users limit.
R1(config-line)#transport input telnet To enable telnet only communication for
remote access
R1(config-line)#password <password> Password command allows you to set the
password for telnet access.
R1(config-line)#login Login command allows users to login using
telnet.
R1(config-line)# login local This command configure telnet to be accessed
using username and password both
parameters.
For this we need to add user and set their
password locally on the switch using
“username <username> password
<password>” command.

• Switch ports are enabled (no shutdown) by default.

• Port numbering on some switches begins at 1, not 0. For example, FastEthernet 0/1 is the
first FastEthernet port on a 2960 switch.
• Through auto-negotiation, the 10/100/1000 ports configure themselves to operate at the
speed of attached devices. If the attached ports do not support auto-negotiation, you can
explicitly set the speed and duplex parameters.
• If the speed and duplex settings are set to auto, the switch will use auto-MDIX to sense the
cable type (crossover or straight-through) connected to the port and will automatically
adapt itself to the cable type used. When you manually configure the speed or duplex
setting, it disables auto-MDIX so you will need to be sure to use the correct cable.

Note: If one link partner has the duplex manually-configured and the other link partner is using auto-
negotiation, a mismatch will occur, resulting in very poor performance and Layer 2 error frames. This
is because the auto-negotiating link partner did not receive auto- negotiation parameters from the
other link partner and consequently defaulted to half duplex as defined in the IEEE 802.3u
specification.

• Always manually configure the speed and duplex settings for critical connections. Use auto-
negotiation for connections to user workstations.