142 lines
4.2 KiB
Markdown
142 lines
4.2 KiB
Markdown
## On Boot
|
|
Press **Enter** to begin
|
|
|
|
If greeted with a prompt asking about *Initial Configuration Dialogue*, type `n` and hit enter.
|
|
- If you decide to make use of Initial Configuration, refer to [Cisco Docs](https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/fundamentals/configuration/15mt/fundamentals-15-mt-book/cf-setup.html)
|
|
|
|
You should be greeted with a prompt that has a `>` character at the end, indicating you are in user EXEC mode. This is limited and not used for configuration.
|
|
|
|
Enable privileged EXEC mode to get access to all commands and configurations:
|
|
```
|
|
enable
|
|
```
|
|
Shorthand: `ena`
|
|
|
|
|
|
Enter configuration mode, configuring from the terminal (also possible to configure from memory or the network):
|
|
```
|
|
configure terminal
|
|
```
|
|
Shorthand: `conf t`
|
|
|
|
## Create/edit a vlan
|
|
[docs](https://community.cisco.com/t5/networking-knowledge-base/how-to-configure-vlans-on-the-catalyst-switches/ta-p/3131780)
|
|
From configuration mode:
|
|
```
|
|
vlan [vlan-id]
|
|
```
|
|
where `[vlan-id]` is the vlan number you want to generate, this will put you into config-vlan mode
|
|
|
|
## Assign a vlan a name
|
|
From `config-vlan` mode:
|
|
```
|
|
name [ascii name]
|
|
```
|
|
where `[ascii name]` is the name you want to assign (EG: `Accounting`)
|
|
## Assign interfaces to a vlan
|
|
[docs](https://community.cisco.com/t5/networking-knowledge-base/how-to-configure-vlans-on-the-catalyst-switches/ta-p/3131780)
|
|
Enter interface config mode (from conf mode):
|
|
Single port:
|
|
```
|
|
interface [interface-to-configure]
|
|
```
|
|
shorthand: `int [interface-to-configure]`
|
|
Range [docs](https://www.cisco.com/c/en/us/td/docs/ios/interface/configuration/guide/ir_ifrange.html):
|
|
```
|
|
interface range fa0/st - nd
|
|
```
|
|
where `fa` is the speed, `st` the starting port, and `nd` the end port
|
|
|
|
From `config-if` mode:
|
|
Enter port mode configuration:
|
|
```
|
|
switchport mode access
|
|
```
|
|
|
|
Link the interface(s) to a vlan:
|
|
```
|
|
switchport access vlan [vlan-id]
|
|
```
|
|
|
|
interfaces are referenced in the format of `sp0/nm` where speed and port number are specified (eg: fa0)
|
|
|
|
## Configuring trunk ports
|
|
From the `config` mode, select an interface to configure as trunk mode:
|
|
```
|
|
interface [interface-id (sp0/nm syntaax)]
|
|
```
|
|
shorthand: `int fa0/nm`
|
|
|
|
Set the mode of the selected interface to trunk mode:
|
|
```
|
|
switchport mode trunk
|
|
```
|
|
|
|
|
|
Type `end` or `exit` to leave `config-if` mode
|
|
|
|
## Limiting trunk traffic to a specific vlan
|
|
From `config` mode:
|
|
```
|
|
interface [interface-id]
|
|
```
|
|
shorthand: `int fa0/24`
|
|
|
|
Change trunk config:
|
|
```
|
|
switchport trunk allow vlan [vlan-id]
|
|
```
|
|
|
|
## Force vlans to be online:
|
|
From `configure` mode:
|
|
```
|
|
vlan [vlan-id]
|
|
```
|
|
- [ ]
|
|
```
|
|
no shutdown
|
|
```
|
|
|
|
# Access list management
|
|
Access lists are created implicitly when you apply the first configuration. More docs for access list management can be found at <https://content.cisco.com/chapter.sjs?uri=/searchable/chapter/content/en/us/td/docs/ios-xml/ios/sec_data_acl/configuration/xe-3s/sec-data-acl-xe-3s-book/sec-create-ip-apply.html.xml>.
|
|
### Permitting a particular network for a numbered access list
|
|
From the privileged exec terminal:
|
|
```
|
|
access-list [access-list-num] permit [network] [wildcard-mask]
|
|
```
|
|
`permit` can be substituted with `deny` to instead explictly deny a network. An example of a valid network could be `192.168.1.0`, and a wildcard mask for a `/24` would be `0.0.0.255`. Unless explictly stated, an access list will deny all other traffic. You can explicitly allow traffic by default for a numbered access list with `access-list [access-list-num] permit any`.
|
|
|
|
### Denying traffic from a particular address for a numbered access list
|
|
```
|
|
access-list [access-list-num] deny [address]
|
|
```
|
|
|
|
# Viewing configs
|
|
### Vlan config
|
|
From the privileged exec terminal:
|
|
```
|
|
show vlan
|
|
```
|
|
|
|
### See what IP address is assigned to a vlan
|
|
From privileged exec mode:
|
|
```
|
|
show run int vlan [vlan-id]
|
|
```
|
|
|
|
See what mode an interface is in:
|
|
```
|
|
show int [interface] switchport
|
|
```
|
|
|
|
### interface trunk config
|
|
From privileged exec:
|
|
```
|
|
show interface trunk
|
|
```
|
|
## Helpful Resources
|
|
Trying to figure out where in the command hierarchy you are?
|
|
- https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_46_se/command/reference/cr1/intro.pdf
|
|
Wondering more about the Cisco IOS CLI?
|
|
- https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_46_se/command/reference/cr1/intro.pdf
|
|
- |