4.2 KiB
On Boot
Press Enter to begin
If greeted with a prompt asking about Initial Configuration Dialogue, type n
and hit enter.
- If you decide to make use of Initial Configuration, refer to Cisco Docs
You should be greeted with a prompt that has a >
character at the end, indicating you are in user EXEC mode. This is limited and not used for configuration.
Enable privileged EXEC mode to get access to all commands and configurations:
enable
Shorthand: ena
Enter configuration mode, configuring from the terminal (also possible to configure from memory or the network):
configure terminal
Shorthand: conf t
Create/edit a vlan
docs From configuration mode:
vlan [vlan-id]
where [vlan-id]
is the vlan number you want to generate, this will put you into config-vlan mode
Assign a vlan a name
From config-vlan
mode:
name [ascii name]
where [ascii name]
is the name you want to assign (EG: Accounting
)
Assign interfaces to a vlan
docs Enter interface config mode (from conf mode): Single port:
interface [interface-to-configure]
shorthand: int [interface-to-configure]
Range docs:
interface range fa0/st - nd
where fa
is the speed, st
the starting port, and nd
the end port
From config-if
mode:
Enter port mode configuration:
switchport mode access
Link the interface(s) to a vlan:
switchport access vlan [vlan-id]
interfaces are referenced in the format of sp0/nm
where speed and port number are specified (eg: fa0)
Configuring trunk ports
From the config
mode, select an interface to configure as trunk mode:
interface [interface-id (sp0/nm syntaax)]
shorthand: int fa0/nm
Set the mode of the selected interface to trunk mode:
switchport mode trunk
Type end
or exit
to leave config-if
mode
Limiting trunk traffic to a specific vlan
From config
mode:
interface [interface-id]
shorthand: int fa0/24
Change trunk config:
switchport trunk allow vlan [vlan-id]
Force vlans to be online:
From configure
mode:
vlan [vlan-id]
no shutdown
Access list management
Access lists are created implicitly when you apply the first configuration. More docs for access list management can be found at https://content.cisco.com/chapter.sjs?uri=/searchable/chapter/content/en/us/td/docs/ios-xml/ios/sec_data_acl/configuration/xe-3s/sec-data-acl-xe-3s-book/sec-create-ip-apply.html.xml.
Permitting a particular network for a numbered access list
From the privileged exec terminal:
access-list [access-list-num] permit [network] [wildcard-mask]
permit
can be substituted with deny
to instead explictly deny a network. An example of a valid network could be 192.168.1.0
, and a wildcard mask for a /24
would be 0.0.0.255
. Unless explictly stated, an access list will deny all other traffic. You can explicitly allow traffic by default for a numbered access list with access-list [access-list-num] permit any
.
Denying traffic from a particular address for a numbered access list
access-list [access-list-num] deny [address]
Viewing configs
Vlan config
From the privileged exec terminal:
show vlan
See what IP address is assigned to a vlan
From privileged exec mode:
show run int vlan [vlan-id]
See what mode an interface is in:
show int [interface] switchport
interface trunk config
From privileged exec:
show interface trunk
Helpful Resources
Trying to figure out where in the command hierarchy you are?