Nine Switch Commands Every Cisco Network Engineer Needs to Know

-


1. hostname

Syntax: hostname hostname

One of the most basic network commands, hostname configures the hostname used for a device. This hostname identifies the device to other locally connected devices for protocols such as the Cisco Discovery Protocol (CDP), which helps in the identification of devices attached directly to the network. Although it is not case-sensitive, the hostname must follow certain rules: It must begin with a letter and end in a letter or digit, and interior characters must be letters, digits, or hyphens (-).

2. ip default-gateway

Syntax: ip default-gateway gateway

The ip default-gateway command configures the default gateway for a switch when IP routing is not enabled (with the ip routing global configuration command), which is typical when lower-level Layer 2 switches are being configured. The easiest way to determine whether IP routing has been enabled is to run the show ip route command. When IP routing has not been enabled, the output will look similar to the following example

switch commands - show ip route

When IP routing is enabled, the output looks similar to the output displayed on a router:

show ip route

3. username

Syntax: username username {password | secret} password

The username command configures a username and associates a password with it. Using the password or secret version of this command is a matter of security:
  • The password version of this command will do one of two things with the configured password:
    • Place the password into the configuration in plaintext (if the service password-encryption command is not enabled).
    • Put the password through a Cisco-proprietary encryption algorithm before placing it into the configuration. (Note that this encryption is easily reversed.)
  • The secret version of this command will create an MD5 hash with the configured password and then place it into the configuration. This reconfigured password is much harder to crack than the encrypted version created with the password version of this command.
This username/password can be used for a number of different features, including Telnet and SSH.

4. enable

Syntax: enable {password | secret} password

The enable command configures the password that will be used to access a switch's privileged configuration mode. Because all configuration of a Cisco IOS switch requires privileged configuration mode, keeping this password private is very important. As with the username command, this command has two options: password and secret. The differences between these two options are the same as those for the username command in the preceding section. The enable secret version of the command should be used in all production environments.



Console and Terminal Login Commands

Five commands are used to configure login via the control and virtual terminal (VTY) lines of a switch:
  • password
  • login
  • exec-timeout
  • service password-encryption
  • copy running-config startup-config
The following sections describe these individual commands.

5. password

Syntax: password password

When entered in line-configuration mode (console or terminal), the password command is used to configure the password that will be used to access a switch from that specific line, depending on the line mode (console or terminal). However, the password configured with this command is used only if the login command is used (which is the default).

6. login

Syntax: login [local]

The login command is used to enable password checking on an interface. If this command is used without any parameters, the system will check the password entered with the login against the one entered with the password command discussed in the preceding section. If used with the local parameter, both username and password will be prompted, and the entries will then be checked against the local username database that was created with the username command discussed previously.

7. exec-timeout

Syntax: exec-timeout minutes [seconds]

The exec-timeout command is used to configure the amount of time that can pass before a device considers the connection idle and disconnects. By default, timeout is set to 10 minutes. This timeout can be disabled with the no exec-timeout command. (This command is a shortcut and actually enters the exec-timeout 0 0 command into the configuration.)

8. service password-encryption

Syntax: service password-encryption

The service password-encryption command is used to enable the encryption of configured passwords on a device. 
The passwords referenced with this command are the ones configured with a command's password parameter, such as username password and enablepassword. The passwords encrypted with this command are not highly encrypted and can be broken relatively easily. By and large this command is deprecated, as most network engineers will use the secret version of the appropriate commands; however, even weak protection is better than nothing.

9. copy running-config startup-config

Syntax: copy running-config startup-config

The copy running-config startup-config command (popularly shortened to copy run start) is one of the most fundamental commands learned by new Cisco network engineers. It copies the active configuration (running-config) on a device to non-volatile memory (NVRAM) (startup-config), which maintains a configuration across a reload. Without this command, a configuration can be lost when a device is reloaded or powered off. The copy command can also be extended to save configuration and IOS images to and from a local device, as well as to and from different locations on the local device.


Comments

Post a Comment

Popular posts from this blog

7 Popular Layer 2 Attacks

-
Image
A large number of common threats need to be considered when securing a network, but a frequently overlooked area is the security of the LAN. When people think about security, often they’re thinking specifically of the layers above Layer 2, but there’s no reason to limit a security plan to these upper layers.  A good security plan should account for  all  layers, from Layer 1 through Layer 7.   Here we are discussing about some of the most common Layer 2 attacks and how they operate. 1. Spanning Tree Protocol (STP) Attacks The Spanning Tree Protocol (STP) is used on LAN-switched networks. Its primary function is removing potential loops within the network. Without STP, Layer 2 LANs simply would stop functioning, because the loops created within the network would flood the switches with traffic. The optimized operation and configuration of STP ensures that the LAN remains stable and that traffic takes the most optimized path through the network.  If an att
Read more

CCNA Latest Dumps Part 3

-
Image
QUESTION 21 Refer to the exhibit. The two connected ports on the switch are not turning orange or green. What would be the most effective steps to troubleshoot this physical layer problem? (Choose three.) A. Ensure that the Ethernet encapsulations match on the interconnected router and switch ports. B. Ensure that cables A and B are straight-through cables. C. Ensure cable A is plugged into a trunk port. D. Ensure the switch has power. E. Reboot all of the devices. F. Reseat all cables. Correct Answer: BDF QUESTION 22  A network administrator is troubleshooting the OSPF configuration of routers R1 and R2. The routers cannot establish an adjacency relationship on their common Ethernet link The graphic shows the output of the show ip ospf interface e0 command for routers R1 and R2. Based on the information in the graphic, what is the cause of this problem? A. The OSPF area is not configured properly. B. The priority on R1 sho
Read more