Cisco switch port commands

Cisco switch port commands DEFAULT

Cisco Enterprise Network Compute System Switch Command Reference

switch show arp

To display entries in the ARP table, use the switch show arp command in privileged EXEC mode.

switchshowarp

Syntax Description

This command has no arguments.

Command Modes

Privileged EXEC (#)

Command History

Release Modification
3.5.1

This command was introduced.

Usage Guidelines

The Interface field can be empty because the associated interface of a MAC address can be aged out from the FDB table.

If an ARP entry is associated with an IP interface that is defined on a port or port channel, the VLAN field is empty.

Examples

The following example displays entries in the ARP table:

switch show bridge multicast filtering

To display the multicast filtering configuration, use the switch show bridge multicast filtering command in privileged EXEC mode.

switchshowbridgemulticastfilteringvlan

Syntax Description

vlan

Specifies the VLAN.

Command Default

Display multicast filtering configuration for all the VLANs.

Command Modes

Privileged EXEC (#)

Command History

Release Modification
3.5.1

This command was introduced.

Examples

The following example displays the Multicast configuration for VLAN 1.

switch show bridge multicast unregistered

To display the unregistered Multicast filtering configuration, use the switch show bridge multicast unregistered command in privileged EXEC mode.

switchshowbridgemulticastunregistered

Syntax Description

No default argument or values

Command Modes

Privileged EXEC (#)

Command History

Release Modification
3.5.1

This command was introduced.

Examples

The following example displays the unregistered Multicast configuration.

switch show dot1x

Use the switch show dot1x command in privileged EXEC mode to do the following:

  • Display the 802.1X interfaces or a specified interface status.

  • Display information on all the ports (including not-present ports).

  • Display 802.1x statistics.

  • Display active 802.1X authorized users for the device.

Release 3.6.1 and Later Releases

switchshowdot1xdetailedinterfacegigabitEthernetstatisticsusers

Release 3.5.1

switchshowdot1xalldetailedinterfacegigabitEthernetstatisticsgigabitEthernetusers

Syntax Description

all

Display by all dot1x. This parameter is available only in Release 3.5.1.

detailed

Displays information for non-present ports in addition to present ports.

interface gigabitEthernet

Displays the information for the specified interface ID.

statistics

Display 802.1x statistics.

users

Display active 802.1 authenticated users.

Command Default

If detailed parameter is used, information about all ports is displayed. If users parameter is used, information about all users is displayed.

Command Modes

Privileged EXEC (#)

Command History

Release Modification

3.6.1

The command parameters are changed.

3.5.1

This command was introduced.

Examples

The following example specifies that unregistered Multicast packets are filtered on the interface gigabitEthernet 1/1:

The following list describes the significant fields shown in the example:

  • Port: The port interface-id.

  • Host mode: The port authentication configured mode. Possible values: single-host, multi-host, multi-sessions.

  • Port Administrated status: The port administration (configured) mode. Possible values: force-auth, force-unauth, auto.

  • Port Operational status: The port operational (actual) mode. Possible values: authorized or unauthorized.

  • Quiet period: Number of seconds the device remains in the quiet state following a failed authentication exchange (for example, the client provided an invalid password).

  • Tx period: Number of seconds the device waits for a response to an Extensible Authentication Protocol (EAP) request/identity frame from the client before resending the request.

  • Supplicant timeout: Number of seconds the device waits for a response to an EAP-request frame from the client before resending the request.

  • Max req: Maximum number of times the device sends an EAP request frame (assuming that no response is received) to the client before restarting the authentication process.

  • Authentication success: Number of times the state machine received a Success message from the Authentication Server.

  • Authentication fails: Number of times the state machine received a Failure message from the Authentication Server.

Examples

The following example displays 802.1X statistics for gigabitEthernet 1/1:

The following list describes the significant fields shown in the example:

  • EapolFramesRx: Number of valid EAPOL frames of any type that have been received by this Authenticator.

  • EapolFramesTx: Number of EAPOL frames of any type that have been transmitted by this Authenticator.

  • EapolStartFramesRx: Number of EAPOL Start frames that have been received by this Authenticator.

  • EapolLogoffFramesRx: Number of EAPOL Logoff frames that have been received by this Authenticator.

  • EapolRespIdFramesRx: Number of EAP Resp/Id frames that have been received by this Authenticator.

  • EapolRespFramesRx: Number of valid EAP Response frames (other than Resp/Id frames) that have been received by this Authenticator.

  • EapolReqIdFramesTx: Number of EAP Req/Id frames that have been transmitted by this Authenticator.

  • EapolReqFramesTx: Number of EAP Request frames (other than Req/Id frames) that have been transmitted by this Authenticator.

  • InvalidEapolFramesRx: Number of EAPOL frames that have been received by this Authenticator for which the frame type is not recognized.

  • EapLengthErrorFramesRx: Number of EAPOL frames that have been received by this Authenticator in which the Packet Body Length field is invalid.

  • LastEapolFrameVersion: Protocol version number carried in the most recently received EAPOL frame.

  • LastEapolFrameSource: Source MAC address carried in the most recently received EAPOL frame.

switch show lacp

To display LACP information for all interfaces or a specific interface, use the switch show lacp command in privileged EXEC mode.

switchshowlacpgigabitEthernetport-channel

Syntax Description

gigabitEthernet

Specifies Gigabit Ethernet as the interface type.

port-channel

Specifies port channel as the interface type.

Specifies the interface ID.

Command Default

Displays LACP information for all interfaces.

Command Modes

Privileged EXEC (#)

Command History

Release Modification
3.6.1

This command was introduced.

Examples

The following is a sample output of the switch show lacp command for Gigabit Ethernet interface 1/0.

switch show interface advertise

To display auto-negotiation advertisement information for all configured interfaces or for a specific interface, use the switch show interface advertise command in privileged EXEC mode.

switchshowinterfaceadvertisegigabitEthernetport-channel

Syntax Description

gigabitEthernet

Specifies Gigabit Ethernet as the interface type.

port-channel

Specifies port channel as the interface type.

Specifies the interface ID.

Command Default

Displays information for all interfaces.

Command Modes

Privileged EXEC (#)

Command History

Release Modification

3.6.1

The port-channel parameter is added.

3.5.1

This command was introduced.

Examples

The following example displays auto-negotiation advertisement information for the interface gigabitEthernet 1/1:

switch show interface configuration

To display the configuration for all configured interfaces or a specific interface, use the switch show interface configuration command in privileged EXEC mode.

switchshowinterfaceconfigurationgigabitEthernetport-channel

Syntax Description

gigabitEthernet

Specifies Gigabit Ethernet as the interface type.

port-channel

Specifies port channel as the interface type.

Specifies the interface ID.

Command Default

Displays configuration for all interfaces.

Command Modes

Privileged EXEC (#)

Command History

Release Modification

3.6.1

The port-channel parameter is added.

3.5.1

This command was introduced.

Examples

The following example displays the configuration of all configured interfaces:

switch show interface counters

To display traffic seen by all the physical interfaces or by a specific interface, use the switch show interfaces counters command in privileged EXEC mode.

switchshowinterfacecountersgigabitEthernetport-channel

Syntax Description

gigabitEthernet

Specifies Gigabit Ethernet as the interface type.

port-channel

Specifies port channel as the interface type.

Specifies the interface ID.

Command Default

Display counters for all interfaces.

Command Modes

Privileged EXEC (#)

Command History

Release Modification

3.6.1

The port-channel parameter is added.

3.5.1

This command was introduced.

Examples

The following example displays traffic seen by the Gigabit Ethernet interface 1/1:

Field

Description

InUcastPkts

Number of received Unicast packets.

InMcastPkts

Number of received Multicast packets.

InBcastPkts

Number of received broadcast packets.

InOctets

Number of received octets.

OutUcastPkts

Number of transmitted Unicast packets.

OutMcastPkts

Nmber of transmitted Multicast packets.

OutBcastPkts

Number of transmitted Broadcast packets.

OutOctets

Number of transmitted octets.

switch show interface description

To display the description of all configured interfaces or a specific interface, use the switch show interface description command in privileged EXEC mode.

switchshowinterfacedescriptiongigabitEthernetport-channel

Syntax Description

gigabitEthernet

Specifies Gigabit Ethernet as the interface type.

port-channel

Specifies port channel as the interface type.

Specifies the interface ID.

Command Default

Displays description for all interfaces.

Command Modes

Privileged EXEC (#)

Command History

Release Modification

3.6.1

The port-channel parameter is added.

3.5.1

This command was introduced.

Examples

The following example displays the description for all configured interfaces:

switch show interface protected-ports

To display information about all protected interfaces or a specific interface, use the switch show interface protected-ports command in privileged EXEC mode.

switchshowinterfaceprotected-portsgigabitEthernetport-channel

Syntax Description

gigabitEthernet

Specifies Gigabit Ethernet as the interface type.

port-channel

Specifies port channel as the interface type.

Specifies the interface ID.

Command Default

Displays the information about all protected interfaces.

Command Modes

Privileged EXEC (#)

Command History

Release Modification

3.6.1

The port-channel parameter is added.

3.5.1

This command was introduced.

Examples

The following example displays the information about all protected interfaces:

switch show interface port-channel

To display information about all port channel interfaces or a specific interface, use the switch show interface port-channel command in privileged EXEC mode.

switchshowinterfaceport-channel

Syntax Description

(Optional) Specifies an interface ID.

Command Default

Displays information about all port channels.

Command Modes

Privileged EXEC (#)

Command History

Release Modification
3.6.1

This command was introduced.

Examples

The following example displays the port channels information:

switch show interface status

To display the status of all interfaces or a specific interface, use the switch show interface status command in privileged EXEC mode.

switchshowinterfacestatusgigabitEthernetport-channel

Syntax Description

gigabitEthernet

Specifies Gigabit Ethernet as the interface type.

port-channel

Specifies port channel as the interface type.

Specifies the interface ID.

Command Default

Displays status of all interfaces.

Command Modes

Privileged EXEC (#)

Command History

Release Modification

3.6.1

The port-channel parameter is added.

3.5.1

This command was introduced.

Examples

The following example displays the status of all interfaces:

switch show interface storm-control

To display the storm control configuration, use the switch show interface storm-control command in privileged EXEC mode.

switchshowinterfacestorm-control

Syntax Description

No default argument or values

Command Modes

Privileged EXEC (#)

Command History

Release Modification

4.1.1

This command was introduced.

Examples

The following example displays storm control configuration:

switch show interface switchPort

To display the switchport information of all interfaces or a specific interface, use the switch show interface switchPort command in privileged EXEC mode.

switchshowinterfaceswitchPortgigabitEthernetport-channel

Syntax Description

gigabitEthernet

Specifies Gigabit Ethernet as the interface type.

port-channel

Specifies port channel as the interface type.

Specifies the interface ID.

Command Default

Displays switchport information of all interfaces.

Command Modes

Privileged EXEC (#)

Command History

Release Modification
3.5.1

This command was introduced.

Examples

The following is a sample output of the switch show interface switchPort command that displays switchport information for Gigabit Interface 1/0:

switch show ip igmp snooping groups

To display the Multicast groups learned by IGMP snooping, use the switch show ip igmp snooping groups command in the privileged EXEC mode.

switchshowipigmpsnoopinggroupsvlanip-addr

Syntax Description

vlan

(Optional) Specifies the VLAN.

ip-addr

(Optional) Specifies the IP address.

Command Default

No default behavior or values.

Command Modes

Privileged EXEC (#)

Command History

Release Modification
3.5.1

This command was introduced.

Usage Guidelines

To see all Multicast groups learned by IGMP snooping, use the switch show ip igmp snooping groups command without parameters. To see a subset of Multicast groups learned by IGMP snooping, use the switch show ip igmp snooping groups command with parameters.

Examples

The following example shows a sample output for the command:

switch show ip igmp snooping interface

To display the IGMP snooping configuration for a specific VLAN, use the switch show ip igmp snooping interface command in the privileged EXEC mode.

switchshowipigmpsnoopinginterface

Syntax Description

(Optional) Specifies the VLAN.

Command Default

None

Command Modes

Privileged EXEC (#)

Command History

Release Modification
3.5.1

This command was introduced.

Examples

The following example displays the IGMP snooping configuration for VLAN 20:

Sours: https://www.cisco.com/c/en/us/td/docs/routers/nfvis/switch_command/b-nfvis-switch-command-reference/switch_show_commands.html

How to Configure Cisco Switch: A Step-by-Step Guide with Commands

How to configure Cisco switches - A step-by-step guide

When we think of connectivity in a network, the router is probably the first device that comes to mind, but switches play a vital role in enabling network devices to communicate.

Switches can take incoming/outgoing traffic and pass it onward toward its final destination. Cisco is one of the most well-known switch vendors on the market and in this article, we’re going to look at how to configure Cisco switches with PuTTY and from the command-line.

Getting Started with Cisco Switch Commands

Before we begin, get to know what hardware you’re using, fire up your CLI and download PuTTY.

The first step is to check what hardware you’re using before you begin. If you’re using a Cisco switch you need to know what model you have. You also want to check the physical state of the device and verify that none of the cables are damaged. You can turn the router on to make sure there is no damage to the lighting/indicators.

Now that you’ve made sure the device is in working order you’re ready to start configuring. In this guide, we’re going to perform a Cisco switch configuration through the command-line interface (CLI) with the open-source SSH/Telnet client PuTTY (although you can use another tool if you prefer). If for any reason putty is not an option for your setup, you can get similar results with a PuTTY alternative.

1. Connect the Switch to PuTTY

To start configuration, you want to connect the switch console to PuTTY. You can do this by doing the following:

  1. Connect the switch to PuTTY with a 9-pin serial cable.
  2. Now open PuTTY and the PuTTY Configuration window will display. Go to the Connection type settings and check the Serial option (shown below).
    PuTTY Configuration sample screenshot
  3. Go to the Category list section on the left-hand side and select the Serial option.
  4. When the options controlling local serial lines page displays enter the COM port your network is connected to in the Serial line to connect to box e.g. COM1.
  5. Next, enter the digital transmission speed of your switch model. For 300 and 500 Series Managed Switches, this is 115200.
  6. Go to the Data bits field and enter 8.
  7. Now go to the Stops bits field and enter 1.
  8. Click on the Parity drop-down menu and select the None option.
  9. Go to the Flow Control drop-down menu and select the None option.

Save Your Settings and Start the PuTTY CLI

To save your PuTTY settings for your next session do the following:

  1. Click on the Session option from the Category list on the left-hand side of the page.
    PuTTY Configuration - specify destination screenshot
  2. Go to the Saved Session field and enter a name for your settings e.g. Comparitech.
  3. Click the Save button to store the settings.
  4. Press the Open button at the bottom of the page to launch the CLI.

The following message will display in the command prompt:

Switch>

2. Enter Privileged EXEC Mode and Set a Hostname for the Switch

Type in the enable command to enter privileged EXEC mode (you don’t need a password at this stage because you’re under the default configurations which don’t have one!):

Enable 

Next, enter Global Configuration Mode and enter the following command:

Switch# configure terminal Switch(config)#

You can make the switch easier to locate in the network by assigning a hostname. Enter the following command to assign a hostname:

Switch(config)# hostname access-switch1 access-switch1(config)#1

3. Assign a Password to the Switch

Once you’ve assigned a hostname you will want to create a password to control who has access to the privileged EXEC mode (to prevent everyone from being able to log in). To assign an administrator password to enter the following command:

access-switch1(config)# enable secret COMPARI7ECH

Remember to pick a strong password so that it’s harder to figure out.

4. Configure Telnet and Console Access Passwords

The next step is to configure passwords for Telnet and console access. Configuring passwords for these is important because it makes your switch more secure. If someone without authorization gains telnet access then it puts your network at serious risk. You can configure passwords by entering the following lines (See the top paragraph for Telnet and the bottom paragraph for Console access).

Telnet

access-switch1(config)# line vty 0 15access-switch1(config-line)# password COMPARI7ECHaccess-switch1(config-line)# loginaccess-switch1(config-line)# exitaccess-switch1(config)#

Console

access-switch1(config)# line console 0access-switch1(config-line)# password COMPARI7ECH access-switch1(config-line)# loginaccess-switch1(config-line)# exitaccess-switch1(config)#

5. Configure IP Addresses With Telnet Access

The next step is to decide which IP addresses will have access to Telnet, and add them with the PuTTY CLI. To select permitted IP’s enter the following command (replace the listed IPs with the IPs of the components you want to grant permission to):

access-switch1(config)# ip access-list standard TELNET-ACCESSaccess-switch1(config-std-nacl)# permit 216.174.200.21access-switch1(config-std-nacl)# permit 216.174.200.21access-switch1(config-std-nacl)# exit

You can also configure your network’s access control lists (ACLs) to virtual terminal (VTY) lines. ACLs ensure that only the administrator can connect to the router through Telnet.

access-switch1(config)# line vty 0 15access-switch1(config-line)# access-class TELNET-ACCESS inaccess-switch1(config-line)# exitaccess-switch1(config)#

6. Configure a Network Management IP address (or Management Interface)

Next, you need to configure a network management IP address. Switches don’t come with an IP address by default, meaning that you can’t connect to it with Telnet or SSH. To solve this problem you can select a virtual LAN(VLAN) on the switch and create a virtual interface with an IP address. You can do this by entering the following command:

access-switch1(config)# interface vlan 1access-switch1(config-if)# ip address 10.1.1.200 255.255.255.0access-switch1(config-if)# exitaccess-switch1(config)#

The new IP management address is located in VLAN1, which other computers will now use to connect.

7. Assign a Default Gateway to the Switch

At this stage, you want to assign a default gateway to the switch. The default gateway is essentially the address of the router that the switch will be communicating with. If you don’t configure a default gateway then VLAN1 will be unable to send traffic to another network. To assign the default gateway, enter the command below (change the IP address to that of your router).

access-switch1(config)# ip default-gateway 10.1.1.254

8. Disable Unused Open Ports

As a best practice, it is a good idea to disable any unused open ports on the switch. Cyber-criminals often use unsecured ports as a way to breach a network. Closing these ports down reduces the number of entry points into your network and makes your switch more secure. Enter the range of ports you want to close by entering the following command (you would change 0/25-48 to the ports that you want to close):

access-switch1(config)# interface range fe 0/25-48access-switch1(config-if-range)# shutdownaccess-switch1(config-if-range)# exitaccess-switch1(config)#

9. Save Your System Configuration Settings

Once you’ve finished configuring the router it’s time to save your system configuration. Saving the configuration will make sure that your settings are the same when you open up your next session. To save enter the following command:

access-switch1(config)# exit access-switch1# wr

Always remember to save any changes to your settings before closing the CLI.

10. Configure NetFlow to Manage Your Cisco Switch (Optional)

It is also a good idea to use a network traffic analyzer to monitor network traffic. As a Cisco device, your switch will have the communication protocol NetFlow. However, it must be configured first. You can configure NetFlow by completing the four steps below. Before we begin, enter Global Configuration Mode by executing the following command:

Switch# configure terminal 

Create a flow record

  1. The first step is to create a flow record (you can change the name). You can do this by entering the following command: #flow record Comparitechrecord
  2. After you’ve entered the previous command you need to set the IPv4 source address, IPv4 destination address, iPv4 protocol, transport source-port, transport destination-port, IPv4 dos, interface input, and interface output. You can do this by entering the following command: Switch# match ipv4 source address Switch# match ipv4 destination address Switch# match ipv4 protocol Switch# match transport source-port Switch# match transport destination-port Switch# match ipv4 tos Switch# match interface input Switch# collect interface output 
  3. To finish configuring the flow record and define the type of data you’re going to collect, enter the following switch configuration commands: Switch# collect interface output Switch# collect counter bytes Switch# collect counter packets Switch# collect timestamp sys-uptime first Switch# collect timestamp sys-uptime last 

Create the Flow Exporter

  1. You must now create the flow exporter to store the information that you want to export to an external network analyzer. The first step is to name the flow exporter: Switch# flow exporter Comparitechexport
  2. Enter the IP address of the server your network analyzer is on (Change the IP address): Switch# destination 117.156.45.241
  3. Configure the interface that you want to export packets with: Switch# destination source gigabitEthernet 0/1 
  4. Configure the port that the software agent will use to listen for network packets: Switch# transport UDP 2055 
  5. Set the type of protocol data that you’re going to export by entering this command: Switch# export-protocol netflow-v9 
  6. To make sure there are no gaps in when flow data is sent enter the following command: Switch# template data timeout 60 

Create a Flow Monitor

  1. Once you’ve configured the flow exporter it is time to create the flow monitor. Create the flow monitor with the following command:< Switch# flow monitor Comparitechmonitor
  2. Associate the flow monitor with the flow record and exporter we configured earlier: Switch# record Comparitechrecord Switch# exporter Comparitechexport
  3. To make sure that flow information is collected and normalized without a delay, enter the following command: Switch# cache timeout active 60 Switch# cache timeout inactive 15 
  4. Enter the exit command: Switch# exit 
  5. You need to input the interfaces that will collect the NetFlow data. If this is an ethernet interface you would enter the following: Switch# interface gigabitEthernet 0/1
  6. Use the following command to configure NetFlow on multiple interfaces (the input command will still collect data in both directions): Switch# ip flow monitor Comparitechmonitor input 
  7. If you want to collect NetFlow data on only one interface then you must use the input and output command. So you would enter the following: Switch# ip flow monitor Comparitechmonitor input Switch# ip flow monitor Comparitechmonitor output 
  8. Exit configuration mode by entering the following command: Switch# exit 
  9. Save your settings to finish.

Configure a Cisco Switch for Peace of Mind! 

Completing simple tasks like configuring passwords and creating network access lists controls who can access the switch can enable you to stay secure online. Incomplete or incorrect configurations are a vulnerability that attackers can exploit.

Configuring a Cisco switch is only half the battle, you also have to regularly monitor its status. Any performance issues with your switch can have a substantial impact on your users.

Using a network monitoring tool and network analyzer can help you to monitor switches remotely and review performance concerns. Taking the time out of your day to configure a switch and assign strong passwords gives you peace of mind so that you can communicate safely online.

Cisco Switch Configuration & Commands FAQs

How to configure a trunk port on a Cisco 2960 switch?

To configure a trunk port on a Cisco 2960 switch:

  1. Enter configuration mode:
configure terminal
  1. Specify the port to use:
interface <interface-id>
  1. Configure the port as a Layer 2 trunk:
switchport mode {dynamic {auto | desirable} | trunk}

These options mean:

  • dynamic auto – The Default. Creates a trunk link if the neighboring interface is set to trunk or desirable mode.
  • dynamic desirable – Creates a trunk link if the neighboring interface is set to trunk, desirable, or auto mode.
  • trunk – Sets the interface in permanent trunking mode.
  1. Specify a default VLAN to use for back up. This is optional:
switchport access vlan <vlan-id>
  1. Specify the native VLAN:
switchport trunk native vlan <vlan-id>
  1. Exit the config mode:
end

How do I set a static IP on a Cisco switch?

A problem with the GUI interface of Cisco switches makes it impossible to assign a static IP address to an interface. Follow these steps for a workaround:

  1. Create a text file on your PC. It doesn’t matter where you save it or what you call it, but make sure you remember where it is. Substitute real values for the tokens shown in angle brackets (<>) below. The text in the file should be:
Config t Interface <VLAN ID> No ip address DHCP Y No ip address <old IP address> IP address <new IP address> <subnet mask> Exit IP default-gateway <gateway IP address>
  1. Access the admin menu of the switch for Switch Management.
  2. In the menu, click on Administration, then File Management, and then select File Operations.
  3. In the File Operations screen, set the following:
  • Operation Type: Update File
  • Destination File Type: Running Configuration
  • Copy Method: HTTP/HTTPS
  • File Name: (Browse to select the file you created on your PC).
  1. Click on Apply.

These steps will create a static IP address, which you can check by going from the main menu to IP Configuration > IPv4 Interface.

Do I have to configure a Cisco switch before it gets to work?

No. The typical Cisco switch is ready to go out-of-the-box. However, you might want to change some parameters to customize its operations. 

Sours: https://www.comparitech.com/net-admin/configure-cisco-switches/
  1. Broward county section 8 fair market rent
  2. Fnaf cosplay ideas
  3. Teddy bear cute cartoon
  4. The beach pad rincon

Cisco Commands Cheat Sheet

Basic Configuration Commands

Command 

Purpose

enableLogs you into enable mode, which is also known as user exec mode or privileged modeconfigure terminalLogs you into configuration modeinterface fastethernet/numberEnters interface configuration mode for the specified fast ethernet interfacereloadAn exec mode command that reboots a Cisco switch or routerhostname nameSets a host name to the current Cisco network devicecopy from-location to-locationAn enable mode command that copies files from one file location to anothercopy running-config startup-configAn enable mode command that saves the active config, replacing the startup config when a Cisco network device initializescopy startup-config running-configAn enable mode command that merges the startup config with the currently active config in RAM

write erase

erase startup-config

An enable mode command that deletes the startup configip address ip-address maskAssigns an IP address and a subnet mask

shutdown

no shutdown

Used in interface configuration mode. “Shutdown” shuts down the interface, while “no shutdown” brings up the interface.ip default-gateway ip_addressSets the default gateway on a Cisco deviceshow running-configAn enable mode command that displays the current configurationdescription name-stringA config interface command to describe or name an interfaceshow running-config interface interface slot/numberAn enable mode command to display the running configuration for a specific interfaceshow ip interface [type number]Displays the usability status of interfaces that are configured for IPip name-server serverip-1 serverip-2A configure mode command that sets the IP addresses of DNS servers 

Troubleshooting Commands

ping {hostname | system-address} [source source-address]Used in enable mode to diagnose basic network connectivityspeed {10 | 100 | 1000 | auto}An interface mode command that manually sets the speed to the specified value or negotiates it automaticallyduplex {auto | full | half}An interface mode command that manually sets duplex to half, full or auto

cdp run

no cdp run

A configuration mode command that enables or disables Cisco Discovery Protocol (CDP) for the deviceshow mac address-tableDisplays the MAC address tableshow cdpShows whether CDP is enabled globallyshow cdp neighbors[detail]Lists summary information about each neighbor connected to this device; the “detail” option lists detailed information about each neighborshow interfacesDisplays detailed information about interface status, settings and countersshow interface statusDisplays the interface line statusshow interfaces switchportDisplays a large variety of configuration settings and current operational status, including VLAN trunking details.show interfaces trunkLists information about the currently operational trunks and the VLANs supported by those trunks

show vlan

show vlan brief

Lists each VLAN and all interfaces assigned to that VLAN but does not include trunksshow vtp statusLists the current VTP status, including the current mode 

Routing and VLAN Commands

ip routenetwork-number network-mask {ip-address | interface}Sets a static route in the IP routing tablerouter ripEnables a Routing Information Protocol (RIP) routing process, which places you in router configuration modenetwork ip-addressIn router configuration mode, associates a network with a RIP routing processversion 2In router configuration mode, configures the software to receive and send only RIP version 2 packetsno auto-summaryIn router configuration mode, disables automatic summarizationdefault-information originateIn router configuration mode, generates a default route into RIPpassive-interface interfaceIn router configuration mode, sets only that interface to passive RIP mode. In passive RIP mode, RIP routing updates are accepted by, but not sent out of, the specified interface.show ip rip databaseDisplays the contents of the RIP routing databaseip nat [inside | outside]An interface configuration mode command to designate that traffic originating from or destined for the interface is subject to NATip nat inside source {list{access-list-number | access-list-name}} interface type number[overload]A configuration mode command to establish dynamic source translation. Use of the “list” keyword enables you to use an ACL to identify the traffic that will be subject to NAT. The “overload” option enables the router to use one global address for many local addresses.ip nat inside source static local-ip global-ipA configuration mode command to establish a static translation between an inside local address and an inside global addressvlanCreates a VLAN and enters VLAN configuration mode for further definitionsswitchport access vlanSets the VLAN that the interface belongs to.switchport trunk encapsulation dot1qSpecifies 802.1Q encapsulation on the trunk link.switchport accessAssigns this port to a VLANvlan vlan-id [name vlan-name]Configures a specific VLAN name (1 to 32 characters)switchport mode { access | trunk }Configures the VLAN membership mode of a port. The access port is set to access unconditionally and operates as a non-trunking, single VLAN interface that sends and receives non-encapsulated (non-tagged) frames. An access port can be assigned to only one VLAN.
The trunk port sends and receives encapsulated (tagged) frames that identify the VLAN of origination. A trunk is a point-to-point link between two switches or between a switch and a router.switchport trunk {encapsulation { dot1q }Sets the trunk characteristics when the interface is in trunking mode. In this mode, the switch supports simultaneous tagged and untagged traffic on a port.encapsulation dot1q vlan-idA configuration mode command that defines the matching criteria to map 802.1Q frames ingress on an interface to the appropriate service instance 

DHCP Commands

ip address dhcpA configuration mode command to acquire an IP address on an interface via DHCPip dhcp pool nameA configuration mode command to configure a DHCP address pool on a DHCP server and enter DHCP pool configuration modedomain-name domainUsed in DHCP pool configuration mode to specify the domain name for a DHCP clientnetwork network-number [mask]Used in DHCP pool configuration mode to configure the network number and mask for a DHCP address pool primary or secondary subnet on a Cisco IOS DHCP serverip dhcp excluded-address ip-address [last-ip-address]A configuration mode command to specify IP addresses that a DHCP server should not assign to DHCP clientsip helper-address addressAn interface configuration mode command to enable forwarding of UDP broadcasts, including BOOTP, received on an interfacedefault-router address[address2 ... address8]Used in DHCP pool configuration mode to specify the default router list for a DHCP client 

Security Commands

passwordpass-valueLists the password that is required if the login command (with no other parameters) is configuredusername name password pass-valueA global command that defines one of possibly multiple user names and associated passwords used for user authentication. It is used when the login local line configuration command has been used.enable password pass-valueA configuration mode command that defines the password required when using the enable commandenable secretpass-valueA configuration mode command that sets this Cisco device password that is required for any user to enter enable modeservice password-encryptionA configuration mode command that directs the Cisco IOS software to encrypt the passwords, CHAP secrets, and similar data saved in its configuration fileip domain-name nameConfigures a DNS domain name crypto key generate rsaA configuration mode command that creates and stores (in a hidden location in flash memory) the keys that are required by SSHtransport input {telnet | ssh}Used in vty line configuration mode, defines whether Telnet or SSH access is allowed into this switch. Both values can be specified in a single command to allow both Telnet and SSH access (default settings).access-list access-list-number {deny | permit} source [source-wildcard] [log]A configuration mode command that defines a standard IP access listaccess-classRestricts incoming and outgoing connections between a particular vty (into a basic Cisco device) and the addresses in an access listip access-list {standard | extended} {access-list-name | access-list-number}A configuration mode command that defines an IP access list by name or numberpermit source [source-wildcard]Used in ACL configuration mode to set conditions to allow a packet to pass a named IP ACL. To remove a permit condition from an ACL, use the “no” form of this command.deny source [source-wildcard]Used in ACL configuration mode to set conditions in a named IP ACL that will deny packets. To remove a deny condition from an ACL, use the “no” form of this command.ntp peer <ip-address>Used in global configuration mode to configure the software clock to synchronize a peer or to be synchronized by a peerswitchport port-securityUsed in interface configuration mode to enable port security on the interfaceswitchport port-security maximum maximumUsed in interface configuration mode to set the maximum number of secure MAC addresses on the portswitchport port-security mac-address {mac-addr | {sticky [mac-addr]}} 


 Used in interface configuration mode to add a MAC address to the list of secure MAC addresses. The “sticky” option configures the MAC addresses as sticky on the interface.switchport port-security violation {shutdown | restrict | protect}Used in interface configuration mode to set the action to be taken when a security violation is detectedshow port security [interface interface-id]Displays information about security options configured on the interface 

Monitoring and Logging Commands

logging ip addressConfigures the IP address of the host that will receive the system logging (syslog) messageslogging trap levelUsed in configuration mode to limit messages that are logged to the syslog servers based on severity. Specify the number or name of the desired severity level at which messages should be logged.show loggingEnable mode command that displays the state of system logging (syslog) and the contents of the standard system logging buffer.terminal monitorAn enable mode command that tells Cisco IOS to send a copy of all syslog messages, including debug messages, to the Telnet or SSH user who issues this command
Sours: https://www.netwrix.com/cisco_commands_cheat_sheet.html

Using the Command-Line Interface

The Cisco IOS user interface is divided into many different modes. The commands available to you depend on which mode you are currently in. Enter a question mark (?) at the system prompt to obtain a list of commands available for each command mode.

You can start a CLI session through a console connection, through Telnet, a SSH, or by using the browser.

When you start a session, you begin in user mode, often called user EXEC mode. Only a limited subset of the commands are available in user EXEC mode. For example, most of the user EXEC commands are one-time commands, such as show commands, which show the current configuration status, and clear commands, which clear counters or interfaces. The user EXEC commands are not saved when the switch reboots.

To have access to all commands, you must enter privileged EXEC mode. Normally, you must enter a password to enter privileged EXEC mode. From this mode, you can enter any privileged EXEC command or enter global configuration mode.

Using the configuration modes (global, interface, and line), you can make changes to the running configuration. If you save the configuration, these commands are stored and used when the switch reboots. To access the various configuration modes, you must start at global configuration mode. From global configuration mode, you can enter interface configuration mode and line configuration mode.

This table describes the main command modes, how to access each one, the prompt you see in that mode, and how to exit the mode.

Mode

Access Method

Prompt

Exit Method

About This Mode

User EXEC

Begin a session using Telnet, SSH, or console.

Switch>

Enter logout or quit.

Use this mode to

  • Change terminal settings.
  • Perform basic tests.
  • Display system information.

Privileged EXEC

While in user EXEC mode, enter the enable command.

Switch#

Enter disable to exit.

Use this mode to verify commands that you have entered. Use a password to protect access to this mode.

Global configuration

While in privileged EXEC mode, enter the configure command.

Switch(config)#

To exit to privileged EXEC mode, enter exit or end, or press Ctrl-Z.

Use this mode to configure parameters that apply to the entire switch.

VLAN configuration

While in global configuration mode, enter the vlanvlan-id command.

Switch(config-vlan)#

To exit to global configuration mode, enter the exit command.

To return to privileged EXEC mode, press Ctrl-Z or enter end.

Use this mode to configure VLAN parameters. When VTP mode is transparent, you can create extended-range VLANs (VLAN IDs greater than 1005) and save configurations in the switch startup configuration file.

Interface configuration

While in global configuration mode, enter the interface command (with a specific interface).

Switch(config-if)#

To exit to global configuration mode, enter exit.

To return to privileged EXEC mode, press Ctrl-Z or enter end.

Use this mode to configure parameters for the Ethernet ports.

Line configuration

While in global configuration mode, specify a line with the line vty or line console command.

Switch(config-line)#

To exit to global configuration mode, enter exit.

To return to privileged EXEC mode, press Ctrl-Z or enter end.

Use this mode to configure parameters for the terminal line.

Sours: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/consolidated_guide/b_consolidated_3850_3se_cg_chapter_01.html

Commands cisco switch port

How to Enable a Port on a Cisco Switch

Need to enable a port on a Cisco switch? Look no further!

To begin you need to know what the name of the port is that you want to enable on the switch. This name or Port ID can be found by using the following command.network cables

#show interface status

This command will provide a list of your ports by ID.

For this example, we will use the port Gi1/10 for our switch.

Next, we need to enter privileged EXEC mode on the switch in order to issue the following commands.

To do this, type one of the following commands.

#enable

or

#en

Now, we need to enter configuration command followed by terminal to enter global configuration mode.

#configure terminal

or

#conf t

Next, we tell the switch which interface to configure.

(config)#interface Gi1/10

Now you can assign the selected port to a VLAN. You can use whatever VLAN number you would like but for our example we will use VLAN 10.

(config-if)#switchport access vlan 10

Lastly, we want to bring this port (interface) up or enable it. To do use one of the following commands.

(config-if)#no shutdown

or

(config-if)#no shut

That’s it. Your port should now be enabled and assigned to the VLAN you choose. You can to this to any other available port on your switch. If you want to add other ports to this same network then simply repeat this process using your other port ID’s and assign them to the same VLAN.

If you would like to check on the status of the port (interface) that you just set up use the following commands.

Exit config mode by performing one of the following methods.

Use Ctrl-Z to exit configuration mode.

or

Type “exit” until you are out of configuration mode.

(If you followed this example you will likely need to enter the exit command two times in a row.)

Lastly, we can now show the status of the port(interface) you choose by entering the following command. We are going to stick with our example port for this command.

#show run interface Gi1/10

Filed Under: Guides, How ToTagged With: Cisco, Guide, How To, interface, iOS, Networking, port, quick guide, switch

Sours: https://www.geekwithenvy.com/2017/05/enable-port-cisco-switch/
Cisco Switch - Trunk Configuration (Command-line interface)

Cisco IOS Interface and Hardware Component Command Reference

squelch

To extend the Ethernet twisted-pair 10BASE-T capability beyond the standard 100 meters on the Cisco 4000 platform, use the squelch command in interface configuration mode. To restore the default, use the no form of this command.

squelch {normal | reduced}

nosquelch

Syntax Description

normal

Allows normal capability. This is the default.

reduced

Allows extended 10BASE-T capability.

Command Default

Normal range

Command Modes

Interface configuration

Command History

Release

Modification

10.0

This command was introduced.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Examples

The following example extends the twisted-pair 10BASE-T capability on the cable attached to Ethernet interface 2:

srp buffer-size

To make adjustments to buffer settings on the receive side for different priority traffic, use the srpbuffer-sizecommand in interface configuration mode. To disable buffer size configurations, use the no form of this command.

srpbuffer-sizereceive [low | medium | high]

nosrpbuffer-sizereceive [low | medium | high]

Syntax Description

receive

Allocates SDRAM buffer for incoming packets.

low

(Optional) Specifies buffer size, in kilobytes, for low-priority packets. Any number from 16 to 8192. The default is 8192.

medium

(Optional) Specifies buffer size, in kilobytes, for medium-priority packets. Any number from 16 to 8192. The default is 4096.

high

(Optional) Specifies buffer size, in kilobytes, for high-priority packets. Any number from 16 to 8192. The default is 4096.

Command Default

low = 8192 kilobytes, medium = 4096 kilobytes, high = 4096 kilobytes

Command Modes

Interface configuration

Command History

Release

Modification

12.0(6)S

This command was introduced.

12.0(7)XE1

This command was implemented on Cisco 7500 series routers.

12.1(5)T

This command was integrated into Cisco IOS Release 12.1(5)T.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Examples

The following example sets the buffer size for the receive side at the high setting of 17 kilobytes:

Related Commands

Command

Description

mtu

Adjusts the maximum packet size MTU size.

srpdeficit-round-robin

Transfers packets from the internal receive buffer to Cisco IOS software.

srp deficit-round-robin

To transfer packets from the internal receive buffer to Cisco IOS software, use the srpdeficit-round-robin command in interface configuration mode. To disable the packet transfer, use the no form of this command.

srpdeficit-round-robin [input | output] [low | medium | high] [quantum | deficit]

nosrpdeficit-round-robin

Syntax Description

input

(Optional) Specifies input buffer.

output

(Optional) Specifies output buffer.

low

(Optional) Specifies low-priority queue level.

medium

(Optional) Specifies medium-priority queue level.

high

(Optional) Specifies high-priority queue level.

quantum

(Optional) Specifies the Deficit Round Robin (DRR) quantum value. Any number from 9216 to 32767. The default is 9216.

deficit

(Optional) Specifies the DRR deficit value. Any number from 0 to 65535. The default is 16384.

Command Default

quantum: 9216deficit: 16384

Command Modes

Interface configuration

Command History

Release

Modification

12.0(6)S

This command was introduced.

12.0(7)XE1

This command was implemented on Cisco 7500 series routers.

12.1(5)T

This command was integrated into Cisco IOS Release 12.1(5)T.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Examples

The following example shows how to configure packets for the medium-priority input queue:

Related Commands

Command

Description

srpbuffer-size

Makes adjustments to buffer settings on the receive side for different priority traffic.

srppriority-map

Sets priority mapping for transmitting and receiving packets.

srprandom-detect

Configures WRED parameters on packets received through an SRP interface.

srp loopback

To loop the spatial reuse protocol (SRP) interface on an OC-12c DPTIP, use the srploopbackcommand in interfaceconfiguration mode. To remove the loopback, use the no form of this command.

srploopback {internal | line} {a | b}

nosrploopback

Syntax Description

internal

Sets the loopback toward the network before going through the framer

line

Loops the payload data toward the network.

a

Loops back the A side of the interface (inner tx, outer rx).

b

Loops back the B side of the interface (outer tx, inner rx).

Command Default

No loops are configured.

Command Modes

Interface configuration

Command History

Release

Modification

12.0(6)S

This command was introduced.

12.0(7)XE1

This command was introduced on Cisco 7500 series routers.

12.1(5)T

This command was integrated into Cisco IOS Release 12.1(5)T.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Usage Guidelines

Use this command for troubleshooting purposes.

Examples

The following example configures the loopback test on the A side of the SRP interface:

srp priority-map

To set priority mapping for transmitting and receiving packets, use thesrppriority-mapcommand in interface configuration mode. To disable priority mapping u se the no form of this command .

srppriority-mapreceive {low | medium | high | transmit {medium | high}}

nosrppriority-map

Syntax Description

receive

Specifies priority mapping for receiving packets.

transmit

Specifies priority mapping for transmitting packets.

low

(Optional) Specifies mapping for low-priority packets. Any number from 1 to 8. The default is 1.

medium

(Optional) Specifies mapping for medium-priority packets. Any number from 1 to 8. The default is 3.

high

(Optional) Specifies mapping for high-priority packets. Any number from 1 to 8. The default is 5 for receiving packets, and default is 7 for transmitting packets.

Command Default

receivelow: 1receivemedium: 3 receivehigh: 5 transmithigh: 7

Command Modes

Interface configuration

Command History

Release

Modification

12.0(6)S

This command was introduced.

12.0(7)XE1

This command was implemented on Cisco 7500 series routers.

12.1(5)T

This command was integrated into Cisco IOS Release 12.1(5)T.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Usage Guidelines

The spatial reuse protocol (SRP) interface provides commands to enforce quality of service (QoS) functionality on the transmit side and receive side of Cisco routers. SRP uses the IP type of service (ToS) field values to determine packet priority.

The SRP interface classifies traffic on the transmit side into high- and low-priority traffic. High-priority traffic is rate shaped and has higher priority than low-priority traffic. You have the option to configure high- or low-priority traffic and can rate limit the high-priority traffic.

The srppriority-maptransmit command enables the user to specify IP packets with values equal to or greater than the ToS value to be considered as high-priority traffic.

On the receive side, when WRED is enabled, SRP hardware classifies packets into high-, medium-, and low-priority packets on the basis of the IP ToS value. After classification, it stores the packet into the internal receive buffer. The receive buffer is partitioned for each priority packet. Cisco routers can employ WRED on the basis of the IP ToS value. Routers also employ the Deficit Round Robin (DRR) algorithm to transfer packets from the internal receive buffer to Cisco IOS software.

The srppriority-mapreceive command enables the user to classify packets as high, medium, or low based on the IP ToS value.

Examples

The following example configures Cisco 7500 series routers to transmit packets with priority greater than 5 as high-priority packets:

Related Commands

Command

Description

srprandom-detect

Configures WRED parameters on packets received through an SRP interface.

srp random-detect

To configure weighted RED (WRED) parameters on packets received through an spatial reuse protocol (SRP) interface, use the srprandom-detectcommand in interfaceconfiguration mode. To return the value to the default, use the no form of this command.

srprandom-detect {compute-interval | enable | input [low | medium | high] | [exponential-weight | precedence]}

nosrprandom-detect

Syntax Description

compute-interval

Specifies the queue depth compute interval, in nanoseconds. Number in the range from 1 to 128. Default is 128.

enable

Enables WRED.

input

Specifies WRED on packet input path.

low

(Optional) Specifies low-priority queue level.

medium

(Optional) Specifies medium-priority queue level.

high

(Optional) Specifies high-priority queue level.

exponential-weight

(Optional) Specifies the queue weight, in bits. Number in the range from 0 to 6. The default is 6.

precedence

(Optional) Specifies the input queue precedence. Number in the range from 0 to 7. The default is 7.

Command Default

compute-interval: 128 weight: 6 precedence: 7

Command Modes

Interface configuration

Command History

Release

Modification

12.0(6)S

This command was introduced.

12.0(7)XE1

This command was implemented on Cisco 7500 series routers.

12.1(5)T

This command was integrated into Cisco IOS Release 12.1(5)T.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Examples

The following example configures WRED parameters on packets received through an SRP interface with a weight factor of 5:

srp shutdown

To disable the spatial reuse protocol (SRP) interface, use the srpshutdown command in interface configuration mode. To restart a disabled interface, use the no form of this command.

srpshutdown [a | b]

nosrpshutdown [a | b]

Syntax Description

a

(Optional) Specifies side A of the SRP interface.

b

(Optional) Specifies side B of the SRP interface.

Command Default

The SRP interface continues to be enabled until this command is issued.

Command Modes

Interface configuration

Command History

Release

Modification

12.0(6)S

This command was introduced.

12.0(7)XE1

This command was introduced on Cisco 7500 series routers.

12.1(5)T

This command was integrated into Cisco IOS Release 12.1(5)T.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Usage Guidelines

The srpshutdown command disables all functions on the specified side.

Examples

The following example turns off side A of the SRP interface:

srp tx-traffic-rate

To limit the amount of high-priority traffic that the spatial reuse protocol (SRP) interface can handle, use thesrptx-traffic-rate command in interface configuration mode. Use the no form of this command to disable transmitted traffic rate .

srptx-traffic-rate

nosrptx-traffic-rate

Syntax Description

Transmission speed, in kilobits per second. The range is from 1 to 65535. Default is 10.

Command Default

: 10

Command Modes

Interface configuration

Command History

Release

Modification

12.0(6)S

This command was introduced.

12.0(7)XE1

This command was implemented on Cisco 7500 series routers.

12.1(5)T

This command was integrated into Cisco IOS Release 12.1(5)T.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Examples

The following example configures SRP traffic to transmit at 1000 kilobits per second:

stack-mib portname

To specify a name string for a port, use the stack-mibportnamecommand in interface configuration mode.

stack-mibportname

Syntax Description

Name for a port.

Command Default

This command has no default settings.

Command Modes

Interface configuration

Command History

Release

Modification

12.2(14)SX

Support for this command was introduced on the Supervisor Engine 720.

12.2917d)SXB

Support for this command on the Supervisor Engine 2 was extended to Release 12.2(17d)SXB.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

Using the stack-mib command to set a name string to a port corresponds to the portName MIB object in the portTable of CISCO-STACK-MIB. portName is the MIB object in the portTable of CISCO-STACK-MIB. You can set this object to be descriptive text describing the function of the interface.

Examples

This example shows how to set a name to a port:

storm-control

To enable broadcast, multicast, or unicast storm control on a port or to specify the action when a storm occurs on a port, use the storm-control command in interface configuration mode. To disable storm control for broadcast, multicast, or unicast traffic or to disable the specified storm-control action, use the no form of this command.

storm-control { {broadcast | multicast | unicast}level | action {shutdown | trap}}

nostorm-control { {broadcast | multicast | unicast}level | action {shutdown | trap}}

Cisco ME 2600X Series Ethernet Access Switch

storm-control { {broadcast | multicast}cir | actionshutdown}

nostorm-control { {broadcast | multicast}cir | actionshutdown}

Syntax Description

broadcast

Enables broadcast storm control on the port.

multicast

Enables multicast storm control on the port.

unicast

Enables unicast storm control on the port.

level

Defines the rising and falling suppression levels.

  • —Rising suppression level as a percent of the total bandwidth (up to two decimal places). The valid values are from 0 to 100. When the value specified for a level is reached, the flooding of storm packets is blocked.

action

Specifies the action to take when a storm occurs on a port. The default action is to filter traffic.

shutdown

Disables the port during a storm.

Sours: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/interface/command/ir-cr-book/ir-s7.html

You will also like:

Cisco 800M Series ISR Software Configuration Guide

Configuring Ethernet Switch Ports

This chapter gives an overview of configuration tasks for the Gigabit Ethernet (GE) switch on the Cisco 800M Series ISR.

This chapter contains the following sections:

Configuring VLANs

A VLAN is a switched network that is logically segmented by function, project team, or application, without regard to the physical locations of the users. VLANs have the same attributes as physical LANs, but you can group end stations even if they are not physically located on the same LAN segment. Any switch port can belong to a VLAN, and unicast, broadcast, and multicast packets are forwarded and flooded only to end stations in the VLAN. Each VLAN is considered a logical network, and packets destined for stations that do not belong to the VLAN must be forwarded through a router. A VLAN is a switched network that is logically segmented by function, project team, or application, without regard to the physical locations of the users. VLANs have the same attributes as physical LANs, but you can group end stations even if they are not physically located on the same LAN segment. Any switch port can belong to a VLAN, and unicast, broadcast, and multicast packets are forwarded and flooded only to end stations in the VLAN. Each VLAN is considered a logical network, and packets destined for stations that do not belong to the VLAN must be forwarded through a router.

For detailed information on VLANs, see the following web link:

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750/software/release/15-0_2_se/configuration/guide/scg3750/swvlan.html

For a sample VLAN configuration, see “Example: VLAN configuration”.

Example: VLAN configuration

The following example shows how to configure inter-VLAN routing:

Router# configure terminal Router(config)# vlan 1 Router(config)# vlan 2 Router(config)# interface vlan 1 Router(config-if)# ip address 1.1.1.1 255.255.255.0 Router(config-if)# no shut Router(config-if)# interface vlan 2 Roouter(config-if)# ip address 2.2.2.2 255.255.255.0 Router(config-if)# no shut Router(config-if)# interface gigabitethernet 0/1 Router(config-if)# switchport access vlan 1 Router(config-if)# interface gigabitethernet 0/2 Router(config-if)# switchport access vlan 2 Router(config-if)# exit

Configuring VTP

VTP is a Layer 2 messaging protocol that maintains VLAN configuration consistency by managing the addition, deletion, and renaming of VLANs on a network-wide basis. VTP minimizes misconfigurations and configuration inconsistencies that can cause several problems, such as duplicate VLAN names, incorrect VLAN-type specifications, and security violations.

Before you create VLANs, you must decide whether to use VTP in your network. Using VTP, you can make configuration changes centrally on one or more switches and have those changes automatically communicated to all the other switches in the network. Without VTP, you cannot send information about VLANs to other switches.VTP is designed to work in an environment where updates are made on a single switch and are sent through VTP to other switches in the domain. It does not work well in a situation where multiple updates to the VLAN database occur simultaneously on switches in the same domain, which would result in an inconsistency in the VLAN database.

You should understand the following concepts for configuring VTP.

  • VTP domain: A VTP domain (also called a VLAN management domain) consists of one switch or several interconnected switches or switch stacks under the same administrative responsibility sharing the same VTP domain name. A switch can be in only one VTP domain. You make global VLAN configuration changes for the domain.
  • VTP server: In VTP server mode, you can create, modify, and delete VLANs, and specify other configuration parameters (such as the VTP version) for the entire VTP domain. VTP servers advertise their VLAN configurations to other switches in the same VTP domain and synchronize their VLAN configurations with other switches based on advertisements received over trunk links.VTP server is the default mode.
  • VTP client: A VTP client behaves like a VTP server and transmits and receives VTP updates on its trunks, but you cannot create, change, or delete VLANs on a VTP client. VLANs are configured on another switch in the domain that is in server mode.
  • VTP transparent: VTP transparent switches do not participate in VTP. A VTP transparent switch does not advertise its VLAN configuration and does not synchronize its VLAN configuration based on received advertisements. However, in VTP version 2 or version 3, transparent switches do forward VTP advertisements that they receive from other switches through their trunk interfaces. You can create, modify, and delete VLANs on a switch in VTP transparent mode.

For detailed information on VTP, see the following web link:

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750/software/release/15-0_2_se/configuration/guide/scg3750/swvtp.html

For a sample VTP configuration, see “Example: Configuring VTP”.

Example: Configuring VTP

The following example shows how to configure the switch as a VTP server:

Router# configure terminalRouter(config)# vtp mode serverRouter(config)# vtp domain Lab_NetworkRouter(config)# vtp password WATERRouter(config)# exit

 

The following example shows how to configure the switch as a VTP client:

Router# configure terminalRouter(config)# vtp mode clientRouter(config)# exit

 

The following example shows how to configure the switch as VTP transparent:

Router# configure terminalRouter(config)# vtp mode transparentRouter# exit

 

Configuring 802.1x Authentication

IEEE 802.1x port-based authentication defines a client-server-based access control and authentication protocol to prevent unauthorized clients from connecting to a LAN through publicly accessible ports.The authentication server authenticates each client connected to a switch port before allowing access to any switch or LAN services. Until the client is authenticated, IEEE 802.1x access control allows only Extensible Authentication Protocol over LAN (EAPOL), Cisco Discovery Protocol (CDP), and Spanning Tree Protocol (STP) traffic through the port to which the client is connected. After authentication, normal traffic passes through the port.

With IEEE 802.1x authentication, the devices in the network have specific roles:

  • Supplicant—Device (workstation) that requests access to the LAN and switch services and responds to requests from the router. The workstation must be running IEEE 802.1x-compliant client software such as that offered in the Microsoft Windows XP operating system. (The supplicant is sometimes called the client.)
  • Authentication server—Device that performs the actual authentication of the supplicant. The authentication server validates the identity of the supplicant and notifies the router whether or not the supplicant is authorized to access the LAN and switch services. The Network Access Device (or Cisco ISR router in this instance) transparently passes the authentication messages between the supplicant and the authentication server, and the authentication process is carried out between the supplicant and the authentication server. The particular EAP method used will be decided between the supplicant and the authentication server (RADIUS server). The RADIUS security system with EAP extensions is available in Cisco Secure Access Control Server Version 3.0 or later. RADIUS operates in a client and server model in which secure authentication information is exchanged between the RADIUS server and one or more RADIUS clients.
  • Authenticator—Router that controls the physical access to the network based on the authentication status of the supplicant. The router acts as an intermediary between the supplicant and the authentication server, requesting identity information from the supplicant, verifying that information with the authentication server, and relaying a response to the supplicant. The router includes the RADIUS client, which is responsible for encapsulating and decapsulating the EAP frames and interacting with the authentication server.

For detailed information on how to configure 802.1x port-based authentication, see the following link:

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_8021x/configuration/15-mt/sec-user-8021x-15-mt-book/config-ieee-802x-pba.html

For a sample 802.1x authentication configuration see “Example: Enabling IEEE 802.1x and AAA on a Switch Port”.

Example: Enabling IEEE 802.1x and AAA on a Switch Port

This example shows how to configure Cisco 800M series ISR as 802.1x authenticator.

Router> enableRouter# configure terminalRouter(config)# dot1x system-auth-controlRouter(config)# aaa new-modelRouter(config)# aaa authentication dot1x default group radiusRouter(config)# interface gigabitethernet 0/1Router(config-if)# switchport mode accessRouter(config-if)# authentication port-control autoRouter(config-if)# dot1x pae authenticatorRouter(config-if)# end

Configuring Spanning Tree Protocol

Spanning Tree Protocol (STP) is a Layer 2 link management protocol that provides path redundancy while preventing loops in the network. For a Layer 2 Ethernet network to function properly, only one active path can exist between any two stations. Multiple active paths among end stations cause loops in the network. If a loop exists in the network, end stations might receive duplicate messages. Switches might also learn end-station MAC addresses on multiple Layer 2 interfaces. These conditions result in an unstable network. Spanning-tree operation is transparent to end stations, which cannot detect whether they are connected to a single LAN segment or a switched LAN of multiple segments.

The STP uses a spanning-tree algorithm to select one switch of a redundantly connected network as the root of the spanning tree. The algorithm calculates the best loop-free path through a switched Layer 2 network by assigning a role to each port based on the role of the port in the active topology:

  • Root—A forwarding port elected for the spanning-tree topology
  • Designated—A forwarding port elected for every switched LAN segment
  • Alternate—A blocked port providing an alternate path to the root bridge in the spanning tree
  • Backup—A blocked port in a loopback configuration

The switch that has all of its ports as the designated role or as the backup role is the root switch. The switch that has at least one of its ports in the designated role is called the designated switch.Spanning tree forces redundant data paths into a standby (blocked) state. If a network segment in the spanning tree fails and a redundant path exists, the spanning-tree algorithm recalculates the spanning-tree topology and activates the standby path. Switches send and receive spanning-tree frames, called bridge protocol data units (BPDUs), at regular intervals. The switches do not forward these frames but use them to construct a loop-free path. BPDUs contain information about the sending switch and its ports, including switch and MAC addresses, switch priority, port priority, and path cost. Spanning tree uses this information to elect the root switch and root port for the switched network and the root port and designated port for each switched segment.

When two ports on a switch are part of a loop, the spanning-tree port priority and path cost settings control which port is put in the forwarding state and which is put in the blocking state. The spanning-tree port priority value represents the location of a port in the network topology and how well it is located to pass traffic. The path cost value represents the media speed.

For detailed configuration information on STP see the following link:

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750/software/release/15-0_2_se/configuration/guide/scg3750/swstp.html

For configuration examples, see “Example: Spanning Tree Protocol Configuration”.

Example: Spanning Tree Protocol Configuration

The following example shows configuring spanning-tree port priority of a Gigabit Ethernet interface. If a loop occurs, spanning tree uses the port priority when selecting an interface to put in the forwarding state.

Router# configure terminal Router(config)# interface gigabitethernet 0/2Router(config-if)# spanning-tree vlan 1 port-priority 64 Router(config-if)# end  

The following example shows how to change the spanning-tree port cost of a Gigabit Ethernet interface. If a loop occurs, spanning tree uses cost when selecting an interface to put in the forwarding state.

Router#configure terminal Router(config)# interface gigabitethernet 0/2Router(config-if)# spanning-tree cost 18

Router(config-if)# end

The following example shows configuring the bridge priority of VLAN 10 to 33792:

Router# configure terminal Router(config)# spanning-tree vlan 10 priority 33792 Router(config)# end  

The following example shows configuring the hello time for VLAN 10 being configured to 7 seconds. The hello time is the interval between the generation of configuration messages by the root switch.

Router# configure terminal Router(config)# spanning-tree vlan 10 hello-time 4Router(config)# end  The following example shows configuring forward delay time. The forward delay is the number of seconds an interface waits before changing from its spanning-tree learning and listening states to the forwarding state.Router# configure terminal Router(config)# spanning-tree vlan 10 forward-time 21 Router(config)# end  

The following example shows configuring maximum age interval for the spanning tree. The maximum-aging time is the number of seconds a switch waits without receiving spanning-tree configuration messages before attempting a reconfiguration.

Router# configure terminal Router(config)# spanning-tree vlan 20 max-age 36 Router(config)# end

 

The following example shows the switch being configured as the root bridge for VLAN 10, with a network diameter of 4.

Router# configure terminal Router(config)# spanning-tree vlan 10 root primary diameter 4 Router(config)# exit

Configuring MAC Address Table Manipulation

The MAC address table contains address information that the switch uses to forward traffic between ports. All MAC addresses in the address table are associated with one or more ports. The address table includes these types of addresses:

  • Dynamic address: a source MAC address that the switch learns and then drops when it is not in use. You can use the aging time setting to define how long the switch retains unseen addresses in the table.
  • Static address: a manually entered unicast address that does not age and that is not lost when the switch resets.

The address table lists the destination MAC address, the associated VLAN ID, and port number associated with the address and the type (static or dynamic).

See the “Example: MAC Address Table Manipulation” for sample configurations for enabling secure MAC address, creating a statc entry, set the maximum number of secure MAC addresses and set the aging time.

For detailed configuration information on MAC address table manipulation see the following link:

http://www.cisco.com/c/en/us/td/docs/routers/access/interfaces/software/feature/guide/geshwic_cfg.html#wp1048223

Example: MAC Address Table Manipulation

The following example shows configuration for enabling secure MAC address option on the port.

Router# configure terminalRouter(config)# mac-address-table secure 0004.0005.0006 GigabitEthernet 0/1 vlan 5Router(config)# end 

The following example shows creating a static entry in the MAC address table.

Router# configure terminalRouter(config)# mac-address-table static 0002.0003.0004 interface GigabitEthernet 0/2 vlan 3Router(config)# end The following example sets the maximum number of secure MAC addresses to 10. Router# configure terminalRouter(config)# mac-address-table secure maximum 10 GigabitEthernet 0/1Router(config)# end 

The following example shows setting the aging timer.

Router# configure terminalRouter(config)# mac-address-table aging-time 300

Router(config)# end

Configuring MAC Address Notification Traps

MAC address notification enables you to track users on a network by storing the MAC address activity on the switch. Whenever the switch learns or removes a MAC address, an SNMP notification can be generated and sent to the network management system (NMS). If you have many users coming and going from the network, you can set a trap interval time to bundle the notification traps and reduce network traffic. The MAC notification history table stores the MAC address activity for each hardware port for which the trap is enabled. MAC address notifications are generated for dynamic and secure MAC addresses; events are not generated for self addresses, multicast addresses, or other static addresses.

For configuration examples, see “Example: Configuring MAC Address Notification Traps”.

Example: Configuring MAC Address Notification Traps

This example shows how to enable the MAC notification trap when a MAC address is added to the interface:

Router(config)# interface gigabitethernet 0/1 Router(config-if)# snmp trap mac-notification added Router(config-if)# end

 

This example shows how to enable the MAC notification trap when a MAC address is removed from this interface.

Router(config)# interface gigabitethernet 0/1 Router(config-if)# snmp trap mac-notification removedRouter(config-if)# end

Configuring the Switched Port Analyzer

You can analyze network traffic passing through ports or VLANs by using SPAN or RSPAN to send a copy of the traffic to another port on the switch or on another switch that has been connected to a network analyzer or other monitoring or security device. SPAN copies (or mirrors) traffic received or sent (or both) on source ports or source VLANs to a destination port for analysis. SPAN does not affect the switching of network traffic on the source ports or VLANs. You must dedicate the destination port for SPAN use. Except for traffic that is required for the SPAN or RSPAN session, destination ports do not receive or forward traffic.

Only traffic that enters or leaves source ports or traffic that enters or leaves source VLANs can be monitored by using SPAN; traffic routed to a source VLAN cannot be monitored. For example, if incoming traffic is being monitored, traffic that gets routed from another VLAN to the source VLAN cannot be monitored; however, traffic that is received on the source VLAN and routed to another VLAN can be monitored.

See Example: SPAN Configuration for SPAN configuration examples.

For detailed information on how to configure a switched port analyzer (SPAN) session, see the following web link:

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750/software/release/15-0_2_se/configuration/guide/scg3750/swspan.html

Example: SPAN Configuration

The following example shows how to configure a SPAN session to monitor bidirectional traffic from a Gigabit Ethernet source interface:

Router# configure terminal Router(config)# monitor session 1 source gigabitethernet 0/1Router(config)# end 

The following example shows how to configure a gigabit ethernet interface as the destination for a SPAN session:

Router# configure terminalRouter(config)# monitor session 1 destination gigabitethernet 0/2

Router(config)# end

The following example shows how to remove gigabit ethernet as a SPAN source for SPAN session 1:

Router# configure terminalRouter(config)# no monitor session 1 source gigabitethernet 0/1

Router(config)# end

Configuring IGMP Snooping

IGMP snooping constrains the flooding of multicast traffic by dynamically configuring Layer 2 interfaces so that multicast traffic is forwarded to only those interfaces associated with IP multicast devices. As the name implies, IGMP snooping requires the LAN switch to snoop on the IGMP transmissions between the host and the router and to keep track of multicast groups and member ports. When the switch receives an IGMP report from a host for a particular multicast group, the switch adds the host port number to the forwarding table entry; when it receives an IGMP Leave Group message from a host, it removes the host port from the table entry. It also periodically deletes entries if it does not receive IGMP membership reports from the multicast clients.

The multicast router sends out periodic general queries to all VLANs. All hosts interested in this multicast traffic send join requests and are added to the forwarding table entry. The switch creates one entry per VLAN in the IGMP snooping IP multicast forwarding table for each group from which it receives an IGMP join request.

By default, IGMP snooping is globally enabled. When globally enabled or disabled, it is also enabled or disabled in all existing VLAN interfaces. By default, IGMP snooping is enabled on all VLANs, but it can be enabled and disabled on a per-VLAN basis. Global IGMP snooping overrides the per-VLAN IGMP snooping capability. If global snooping is disabled, you cannot enable VLAN snooping. If global snooping is enabled, you can enable or disable snooping on a VLAN basis.

See the “Example: Configuring IGMP Snooping” for a sample configuration on IGMP snooping.

Example: Configuring IGMP Snooping

The following example shows how to enable IGMP snooping on a VLAN interface.

Router# configure terminalRouter(config)# ip igmp snooping vlan 1

Router# end

The following example shows how to enable a static connection to a multicast router.

Router# configure terminalRouter(config)# ip igmp snooping vlan 1 mrouter interface gigabitethernet 0/1Router# end  

The following example shows how to add a port as a member of a multicast group. Ports normally join multicast groups through the IGMP report message, but you can also statically configure a port as a member of a multicast group.

Router# configure terminalRouter(config)# ip igmp snooping vlan 1 static 0100.5e02.0203 interface gigabitethernet 0/1

Router# end

Configuring Per-Port Storm Control

Storm control prevents traffic on a LAN from being disrupted by a broadcast, a multicast, or a unicast storm on one of the physical interfaces. A LAN storm occurs when packets flood the LAN, creating excessive traffic and degrading network performance. Errors in the protocol-stack implementation, mistakes in the network configuration, or users issuing a denial-of-service attack can cause a storm.

Storm control (or traffic suppression) monitors packets passing from an interface to the switching bus and determines if the packet is unicast, multicast, or broadcast. The switch counts the number of packets of a specified type received within the 1-second time interval and compares the measurement with a predefined suppression-level threshold.

Storm control uses one of these methods to measure traffic activity:

  • Bandwidth as a percentage of the total available bandwidth of the port that can be used by the broadcast, multicast, or unicast traffic
  • Traffic rate in packets per second at which broadcast, multicast, or unicast packets are received

With either method, the port blocks traffic when the rising threshold is reached. The port remains blocked until the traffic rate drops below the falling threshold (if one is specified) and then resumes normal forwarding. If the falling suppression level is not specified, the switch blocks all traffic until the traffic rate drops below the rising suppression level. In general, the higher the level, the less effective the protection against broadcast storms.


Note In C800M platform, when you configure the storm-control action shutdown command, the state of the port changes to administratively down. Use the no shutdown command to manually revert the state of the port.


See the “Example: Per-Port Storm-Control” for a sample configuration on per-port storm control.

Example: Per-Port Storm-Control

The following example shows bandwidth-based multicast storm control being enabled at 70 percent on Gigabit Ethernet interface.

Router# configure terminalRouter(config)# interface gigabitethernet 0/2Router(config-if)# storm-control multicast level 70.0 30.0Router(config-if)# endRouter# show storm-control multicastInterface Filter State Upper Lower Current--------- ------------- ------- ------- -------Gi0/0 inactive 100.00% 100.00% N/AGi0/1 inactive 100.00% 100.00% N/AGi0/2 Forwarding 70.00% 30.00% 0.00% 

 

Configuring HSRP

The Hot Standby Router Protocol (HSRP) is Cisco's standard method of providing high network availability by providing first-hop redundancy for IP hosts on an IEEE 802 LAN configured with a default gateway IP address. HSRP routes IP traffic without relying on the availability of any single router. It enables a set of router interfaces to work together to present the appearance of a single virtual router or default gateway to the hosts on a LAN. When HSRP is configured on a network or segment, it provides a virtual Media Access Control (MAC) address and an IP address that is shared among a group of configured routers. HSRP allows two or more HSRP-configured routers to use the MAC address and IP network address of a virtual router. The virtual router does not exist; it represents the common target for routers that are configured to provide backup to each other. One of the routers is selected to be the active router and another to be the standby router, which assumes control of the group MAC address and IP address should the designated active router fail.

HSRP uses a priority mechanism to determine which HSRP configured device is to be the default active device. To configure a device as the active device, you assign it a priority that is higher than the priority of all the other HSRP-configured devices. The default priority is 100, so if you configure just one device to have a higher priority, that device will be the default active device. In case of ties, the primary IP addresses are compared, and the higher IP address has priority. If you do not use the standby preempt interface configuration command in the configuration for a router, that router will not become the active router, even if its priority is higher than all other routers.

For more information about configuring HSRP, see the following link:

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp_fhrp/configuration/15-mt/fhp-15-mt-book/fhp-hsrp.html

For a sample HSRP configuration, see “Example: Configuring HSRP”

Example: Configuring HSRP

In this example, Router A is configured to be the active device for group 1 and standby device for group 2. Device B is configured as the active device for group 2 and standby device for group 1.

RouterA# configure terminalRouterA(config)# interface GigabitEthernet 0/1RouterA(config-if)# ip address 10.1.0.21 255.255.0.0RouterA(config-if)# standby 1 priority 110RouterA(config-if)# standby 1 preemptRouterA(config-if)# standby 1 ip 10.1.0.3RouterA(config-if)# standby 2 priority 95RouterA(config-if)# standby 2 preemptRouterA(config-if)# standby 2 ip 10.1.0.4RouterA(config-if)# end RouterB# configure terminalRouterB(config)# interface GigabitEthernet 0/1RouterB(config-if)# ip address 10.1.0.22 255.255.0.0RouterB(config-if)# standby 1 priority 105RouterB(config-if)# standby 1 preemptRouterB(config-if)# standby 1 ip 10.1.0.3RouterB(config-if)# standby 2 priority 110RouterB(config-if)# standby 2 preemptRouterB(config-if)# standby 2 ip 10.1.0.4

 

Configuring VRRP

The Virtual Router Redundancy Protocol (VRRP) is an election protocol that dynamically assigns responsibility for one or more virtual routers to the VRRP routers on a LAN, allowing several routers on a multiaccess link to utilize the same virtual IP address. A VRRP router is configured to run the VRRP protocol in conjunction with one or more other routers attached to a LAN. In a VRRP configuration, one router is elected as the virtual router master, with the other routers acting as backups in case the virtual router master fails.

An important aspect of the VRRP is VRRP router priority. Priority determines the role that each VRRP router plays and what happens if the virtual router master fails. If a VRRP router owns the IP address of the virtual router and the IP address of the physical interface, this router will function as a virtual router master. Priority also determines if a VRRP router functions as a virtual router backup and the order of ascendancy to becoming a virtual router master if the virtual router master fails. You can configure the priority of each virtual router backup using the vrrp priority command.

By default, a preemptive scheme is enabled whereby a higher priority virtual router backup that becomes available takes over for the virtual router backup that was elected to become virtual router master. You can disable this preemptive scheme using the no vrrp preempt command. If preemption is disabled, the virtual router backup that is elected to become virtual router master remains the master until the original virtual router master recovers and becomes master again.

The virtual router master sends VRRP advertisements to other VRRP routers in the same group. The advertisements communicate the priority and state of the virtual router master. The VRRP advertisements are encapsulated in IP packets and sent to the IP Version 4 multicast address assigned to the VRRP group. The advertisements are sent every second by default; the interval is configurable.

For more information on VRRP, see the following link:

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp_fhrp/configuration/15-mt/fhp-15-mt-book/fhp-vrrp.html

For a sample VRRP configuration, see “Example: Configuring VRRP”.

Example: Configuring VRRP

In the following example, Router A and Router B each belong to two VRRP groups, group1 and group 5. In this configuration, each group has the following properties:

Group 1:

  • Virtual IP address is 10.1.0.10.
  • Router A will become the master for this group with priority 120.
  • Advertising interval is 3 seconds.
  • Preemption is enabled.

Group 5:

  • Router B will become the master for this group with priority 200.
  • Advertising interval is 30 seconds.
  • Preemption is enabled.
RouterA(config)# interface GigabitEthernet 0/1RouterA(config-if)# ip address 10.1.0.2 255.0.0.0 RouterA(config-if)# vrrp 1 priority 120 RouterA(config-if)# vrrp 1 authentication cisco RouterA(config-if)# vrrp 1 timers advertise 3 RouterA(config-if)# vrrp 1 timers learn RouterA(config-if)# vrrp 1 ip 10.1.0.10 RouterA(config-if)# vrrp 5 priority 100 RouterA(config-if)# vrrp 5 timers advertise 30RouterA(config-if)# vrrp 5 timers learnRouterA(config-if)# vrrp 5 ip 10.1.0.50

RouterA(config-if)# no shutdown

RouterA(config-if)# end

RouterB(config)# interface GigabitEthernet 0/1RouterB(config-if)# ip address 10.1.0.1 255.0.0.0 RouterB(config-if)# vrrp 1 priority 100 RouterB(config-if)# vrrp 1 authentication cisco RouterB(config-if)# vrrp 1 timers advertise 3 RouterB(config-if)# vrrp 1 timers learn RouterB(config-if)# vrrp 1 ip 10.1.0.10 RouterB(config-if)# vrrp 5 priority 200 RouterB(config-if)# vrrp 5 timers advertise 30RouterB(config-if)# vrrp 5 timers learnRouterB(config-if)# vrrp 5 ip 10.1.0.50 RouterB(config-if)# no shutdownRouterB(config-if)# end

 

 
Sours: https://www.cisco.com/c/en/us/td/docs/routers/access/800M/software/800MSCG/vlanconf.html


9367 9368 9369 9370 9371