notes/IT/Configuring a Cisco IOS Switch.md

4.2 KiB

On Boot

Press Enter to begin

If greeted with a prompt asking about Initial Configuration Dialogue, type n and hit enter.

  • If you decide to make use of Initial Configuration, refer to Cisco Docs

You should be greeted with a prompt that has a > character at the end, indicating you are in user EXEC mode. This is limited and not used for configuration.

Enable privileged EXEC mode to get access to all commands and configurations:

enable

Shorthand: ena

Enter configuration mode, configuring from the terminal (also possible to configure from memory or the network):

configure terminal

Shorthand: conf t

Create/edit a vlan

docs From configuration mode:

vlan [vlan-id]

where [vlan-id] is the vlan number you want to generate, this will put you into config-vlan mode

Assign a vlan a name

From config-vlan mode:

name [ascii name]

where [ascii name] is the name you want to assign (EG: Accounting)

Assign interfaces to a vlan

docs Enter interface config mode (from conf mode): Single port:

interface [interface-to-configure]

shorthand: int [interface-to-configure] Range docs:

interface range fa0/st - nd

where fa is the speed, st the starting port, and nd the end port

From config-if mode: Enter port mode configuration:

switchport mode access

Link the interface(s) to a vlan:

switchport access vlan [vlan-id]

interfaces are referenced in the format of sp0/nm where speed and port number are specified (eg: fa0)

Configuring trunk ports

From the config mode, select an interface to configure as trunk mode:

interface [interface-id (sp0/nm syntaax)]

shorthand: int fa0/nm

Set the mode of the selected interface to trunk mode:

switchport mode trunk

Type end or exit to leave config-if mode

Limiting trunk traffic to a specific vlan

From config mode:

interface [interface-id]

shorthand: int fa0/24

Change trunk config:

switchport trunk allow vlan [vlan-id]

Force vlans to be online:

From configure mode:

vlan [vlan-id]
no shutdown

Access list management

Access lists are created implicitly when you apply the first configuration. More docs for access list management can be found at https://content.cisco.com/chapter.sjs?uri=/searchable/chapter/content/en/us/td/docs/ios-xml/ios/sec_data_acl/configuration/xe-3s/sec-data-acl-xe-3s-book/sec-create-ip-apply.html.xml.

Permitting a particular network for a numbered access list

From the privileged exec terminal:

access-list [access-list-num] permit [network] [wildcard-mask]

permit can be substituted with deny to instead explictly deny a network. An example of a valid network could be 192.168.1.0, and a wildcard mask for a /24 would be 0.0.0.255. Unless explictly stated, an access list will deny all other traffic. You can explicitly allow traffic by default for a numbered access list with access-list [access-list-num] permit any.

Denying traffic from a particular address for a numbered access list

access-list [access-list-num] deny [address]

Viewing configs

Vlan config

From the privileged exec terminal:

show vlan

See what IP address is assigned to a vlan

From privileged exec mode:

show run int vlan [vlan-id]

See what mode an interface is in:

show int [interface] switchport

interface trunk config

From privileged exec:

show interface trunk

Helpful Resources

Trying to figure out where in the command hierarchy you are?