Cisco Internetwork Operating System IOS

Cisco Internetwork Operating System is a command line method of configuring a Cisco device.  This is software that is consistent through nearly all Cisco devices.  Learn it once, and use it on any Cisco equipment, switch or router.

Have the following settings on your terminal:
Baud rate    :    9600
Data bits    :    8
Parity        :    None
Stop bits    :    1
Flow Control    :    None

Switch # ?                          for help

Switch # c?                        For all commands that start with the letter c

Switch # clock set ?
Switch # clock set  13:16:35 Sept 15 2013

Switch # configure terminal          OR        conf t

Switch >                    User mode
Switch > enable
Password:
Switch #                    Privileged mode

Switch # conf t
Switch(config) #             Global configuration mode


Initial configuration of the switch:
Flash memory    :    IOS stored
64 MB memory
NVRAM —>  configuration stored

IP address for the switch
———————————
Switch # conf t
Switch(config) # interface vlan 1
Switch(config-if) # ip address 10.149.73.71 255.255.254.0
Switch(config-if) # no shutdown
Switch(config-if) # ip default-gateway 10.149.72.1
Switch(config-if) # exit
Switch(config) # exit
Switch # copy running-config startup-config        OR        copy run star
This copies the configuration information from the running config to the startup config.

# show version

Passwords
—————
Switch > enable
Switch # enable password <cleartext>
Switch # enable secret <encrypted text>

To remove the enable password,
Switch # no enable password

Line configuration mode
———————————
Switch # conf t
Switch(config) # line console 0
Switch(config) # password <something>
Switch(config) # login

For telnet access
————————
Switch # conf t
Switch(config) #  line vty 0 4
Switch(config-line) # no login

To convert clear text passwords to encrypted format
————————————————————————
Switch # service password-encryption                                             Level 7 encryption, this is not very secure
Better to go for MD5 authentication

Message of the day
—————————
Switch # banner motd <whatever message>

Setting up SSH on a Cisco switch
———————————————
Switch # username admin password octagon123
Switch # ip domain-name www.company.com
Switch # crypto key generate rsa     <Return key)
               How many bits in the modulus [512]:   1024
Switch # ip ssh version 2
Switch # line vty 0 4
Switch(config-line) # transport input ssh

Configuring port security
————————————
Switch # show ip int brief
Switch # terminal monitor
Switch # conf t
Switch(config) # int GigabitEthernet 1/27
Switch(config-if) # switchport mode access
Switch(config-if) # switchport port-security maximum 1
Switch(config-if) # switchport port-security violation     shutdown | restrict | protect
Switch(config-if) # switchport port-security mac-address 0014.314a.bcef
Switch(config-if) # switchport port-security mac-address sticky                     <—— calculated risk
Switch(config-if) # exit
Switch(config) # exit
Switch # copy run star
Switch # show port-security int GigabitEthernet 1/27                         <——————  Useful for say Lobby ports
              Observe Security Violation Count :  0 or 1 or 2 


Some useful configuration and troubleshooting commands

show processes cpu

show processes cpu | include Check heaps

show interfaces trunk

show interfaces switchport

traceroute mac source_MAC_address destination_MAC_address

show ip cef

show ip cef 192.168.1.11

show adjacency

show adjacency detail

show ip arp

show controllers cpu-interface

show ip cache flow

show ip route 172.16.0.0 255.255.0.0 longer-prefixes

show ip route profile

show tcp statistics

show ip inspect session

show ip inspect session detail

show ip inspect all

show ip nat translations

show ip nat statistics

show class-map

show policy-map

show ipv6 route

show mac address-table

show mac address-table dynamic

show mach address-table dynamic vlan 141

show interfaces trunk