Basic Switch Configuration Guide with

Examples
This tutorial explains basic switch configuration commands in detail with examples.
Configuration and commands explained in this tutorial are essential commands to
manage a Cisco switch effectively. Learn how to configure and manage a Cisco Switch
step by step with this basic switch commands and configuration guide.

To explain basic switch configuration commands, I will use packet tracer network
simulator software. You can use any network simulator software or can use a real Cisco
switch to follow this guide. There is no difference in output as long as your selected
software contains the commands explained in this tutorial.

Create a practice lab as shown in following figure or download this pre-created practice
lab and load in packet tracer

Download practice topology for basic switch configuration

If require, you can download the latest as well as earlier version of Packet Tracer from here. Download Packet
Tracer

In this topology

 Two 2960 Series switches are used.

 Switch1 (Interfarce Gig1/1) is connected with Switch2 (Interface Gig1/1) via cross cable.
 Switch1 has two PCs connected on interfaces Eth0/1 and Eth0/2 via straight through
cable.
 Same as switch1, Switch2 also has two PCs connected on its interfaces Eth0/1 and
Eth0/2.
 IP address is configured on all PCs PC0 (192.168.1.1/24), PC1 (192.168.1.2/24), PC2
(192.168.1.3/24), PC3 (192.168.1.4/24).

Click Switch1 and click CLI menu item and press Enter Key

Navigating between different switch command modes

Cisco switches run on proprietary OS known as Cisco IOS. IOS is a group of commands
used for monitoring, configuring and maintaining cisco devices. For security and easy
administration, IOS commands are divided in the set of different command modes. Each
command mode has its own set of commands. Which commands are available to use,
depend upon the mode we are in.

Following table lists necessary commands to navigate between different IOS modes with
examples.

Mode Purpose Prompt Command to enter

User EXEC Allow you to connect with remote Router > Default mode after booting. L
devices, perform basic tests, temporary password, if configured.
change terminal setting and list system
information
Privileged Allow you to set operating parameters. It Router # Use enable command from u
EXEC also includes high level testing and list mode
commands like show, copy and debug.
Global Contain commands those affect the entire Router(config)# Use configure terminal com
Configuration system privileged exec mode
Interface Contain commands those modify the Router(config-if)# Use interface type number c
Configuration operation of an interface from global configuration mo
Sub-Interface Configure or modify the virtual interface Router(config-subif) Use interface type sub inter
Configuration created from physical interface command from global configu
or interface configure mode
Setup Used by router to create initial Parameter[Parameter Router will automatically inse
configuration, if running configuration is value]: mode if running configuration
Mode Purpose Prompt Command to enter
not present present

ROMMON If router automatically enter in this mode, ROMMON> Enter reload command from
then it indicates that it fails to locate a exec mode. Press CTRL + C k
valid IOS image. Manual entrance in this combination during the first 6
mode Allow you to perform low-level booting process
diagnostics.
How to get help on Cisco Switch command mode

Switch provides two types of context sensitive help, word help and command syntax
help.

Word help

Word help is used to get a list of available commands that begin with a specific letter.
For example if we know that our command begins with letter e, we can hit enter key
after typing e? at command prompt. It will list all possible commands that begin with
letter e.

We can list all available commands, if we don't know the initials of our command. For
example to list all available commands at User exec mode, just type ? at command
prompt and hit enter key.

Command syntax help

Command syntax help can be used to get the list of keyword, commands, or parameters
that are available starting with the keywords that we had already entered.
Enter ? (Question mark) after hitting Space key and prompt will return with the list of
available command options. For example to know the parameters required by show ip
command type show ip ? and prompt will return with all associate parameters. If
prompt returns with <CR> only as an option, that means switch does not need any
additional parameters to complete the command. You can execute the command in
current condition.

How to set name on switch

Switch name can be set from global configuration mode. Use hostname [desired
hostname] command to set name on switch.

How to set password on a Catalyst switch

Passwords are used to restrict physical access to switch. Cisco switch supports console
line for local login and VTYs for remote login. All supported lines need be secure for
User Exec mode. For example if you have secured VTYs line leaving console line
unsecure, an intruder can take advantage of this situation in connecting with device.
Once you are connected with device, all remaining authentication are same. No separate
configuration is required for further modes.

Password can be set from their respective line mode. Enter in line mode from global
configuration mode.
VTY term stand for virtual terminal such as telnet or SSH. Switch may support up to
thousand VTYs lines. By default first five (0 - 4) lines are enabled. If we need more lines,
we have to enable them manually. 2960 Series switch supports 16 lines. We can set a
separate password for each line, for that we have to specify the number of line. In our
example we set a common password for all lines.

Above method is good for small companies, where numbers of network administrators
are very few. In above method we have to share password between all administrators.
Switch supports both local and remote server authentication. Remote server
authentication is a complex process and not included in any entry level exams. For this
article I am also skipping remote server method. In local database authentication
method switch allows us to set a separate password for each user. Two global
configuration commands are used to set local user database.

Switch(config)#username [Username] password[test123]

Or
Switch(config)#username [Username] secret[test123]

Both commands do same job. Advantage of using secret option over password option
is that in secret option password is stored in MD5 encryption format while
in password option password is stored in plain text format.

Along with User Exec mode we can also secure Privilege Exec mode. Two commands are
available for it.

Switch(config)# enable password Privilege_EXEC_password

or
Switch(config)# enable secret Privilege_EXEC_password

Again as I mentioned earlier, password stored with secret command is encrypted while
password stored with password command remains in plain text. You only need to use
single command. If you would use both commands as I did, enable secret command
would automatically replace the enable password command.

How to reset switch to factory defaults

During the practice several times we have to reset switch to factory defaults. Make sure
you don't run following commands in production environment unless you understand
their effect clearly. Following commands will erase all configurations. In production
environment you should always takes backup before removing configurations. In LAB
environment we can skip backup process.

Switch>enable
Switch#delete flash:vlan.dat
Delete filename [vlan.dat]? [Press Enter Key]
Delete flash:vlan.dat? [confirm] [ Reconfirm by pressing enter key]
Switch#erase startup-config
Switch#reload

How to set IP address in Switch

IP address is the address of device in network. Switch allows us to set IP address on

interface level. IP address assigned on interface is used to manage that particular
interface. To manage entire switch we have to assign IP address to VLAN1( Default VLAN
of switch). We also have to set default gateway IP address from global configuration
mode. In following example we would assign IP 172.16.10.2 255.255.255.0 to VLAN1
and set default gateway to 172.16.10.1.

Switch>enable
Switch#configure terminal
Switch(config)#interface vlan1
Switch(config-if)#ip address 172.16.10.2 255.255.255.0
Switch(config-if)#exit
Switch(config)#ip default-gateway 172.16.10.1

How to set interface description

Switches have several interfaces. Adding description to interface is a good habit. It may
help you in finding correct interface. In following example we would add
description Development VLAN to interface FastEthernet 0/1.

Switch(config)#interface fastethernet 0/1

Switch(config-if)#description Development VLAN

How to clear mac address table

Switch stores MAC addresses in MAC address table. Gradually it could be full. Once it
full, switch automatically starts removing old entries. You can also clear these tables
manually from privileged exec mode. To delete all entries use following command

switch#clear mac address-table

To delete only dynamic entries use

switch#clear mac address-table dynamic

How to add static MAC address in CAM table

For security purpose sometime we have to add mac address in CAM table manually. To
add static MAC address in CAM table use following command

Switch(config)#mac address-table static aaaa.aaaa.aaaa vlan 1 interface

fastethernet 0/1
In above command we entered an entry for static MAC
address aaaa.aaaa.aaaa assigned to FastEnternet 0/1 with default VLAN1.

How to save running configuration in switch

Switch keeps all running configuration in RAM. All data from RAM is erased when we
turned off the device. To save running configuration use following command

Switch#copy running-config startup-config

How to set duplex mode

Switch automatically adjust duplex mode depending upon remote device. We could
change this mode with any of other supported mode. For example to force switch to use
full duplex mode use

Switch(config)# #interface fastethernet 0/1

Switch(config-if)#duplex full
To use half duplex use
Switch(config)# #interface fastethernet 0/1
Switch(config-if)#duplex half
show version

show version command provides general information about device including its model
number, type of interfaces, its software version, configuration settings, location of IOS
and configuration files and available memories.

show mac-address-table

Switch stores MAC address of devices those are attached with its interfaces in CAM
table. We can use show mac-address-table command to list all learned devices. Switch
uses this table to make forward decision.
show flash

Switch stores IOS image file in flash memory. show flash command will list the content
of flash memory. This command is useful to get information about IOS file and available
memory space in flash.

show running-config

Configuration parameter values are created, stored, updated and deleted from running
configuration. Running configuration is stored in RAM. We can use show running-config
command to view the running configuration.
show startup-config

Any configuration stored in RAM is erased when devices is turned off. We can save
running configuration in NVRAM. If we have saved running configuration in NVRAM, it
would be automatically loaded back in RAM from NVRAM during the next boot. As
switch load this configuration back in RAM in startup of device, at NVRAM it is known as
startup-config.

show vlan

show vlan command will display the VLANs. For administrative purpose, switch
automatically create VLAN 1 and assign all its interfaces to it. You can create custom
VLANs from global configuration mode and then assign them to interfaces.

show interface

show interface command displays information about interfaces. Without argument it

would list all interfaces. To get information about specific interface we need to pass its
 interface number as an argument. For example to view details about FastEthernet 0/1,
use show interface fastethernet 0/1.

First line from output provides information about the status of interface.

FastEthernet0/1 is up, line protocol is up ( connected)

The first up indicates the status of the physical layer, and the second up indicates to the
status of the data link layer.

Possible interface status

 up and up :- Interface is operational.

 up and down :- Its data link layer problem.
 down and down :- Its physical layer problem.
 Administratively down and down :- Interface is disabled with shutdown
command.

Possible values for physical layer status

 Up :- Switch is sensing physical layer signal.

 Down :- Switch is not sensing physical layer signal. Possible reasons could be cable is
not connected, wrong cable type is used and remote end device is turned off.
 Administratively down :- Interface is disabled by using shutdown command.

Possible values for data link layer status

 Up :- The data link layer is operational.
 Down :- The data link layer is not operational. Possible reasons could be a disabled
physical layer, missed keep alives on a serial link, no clocking or an incorrect
encapsulation type.

show ip interface brief