CLI Commands Flashcards
Computer port to switch port specs (console)
8N1
9600 bps
No hardware flow control
8-bit ASCII
No parity bits
1 stop bit
Enter privileged mode
enable
Enter privileged mode
rebooting a switch
reload
to see current operating parameters
show running-config
turning on enable mode password
enable secret _____
getting into console specific configuration
line console 0
Asking for password in console mode
line console 0
login
password ________
for help with all commands in current mode
?
to get help with a specific command
command ?
(show ?)
(copy ? )
etc
Finding the lists of MAC addresses learned
show mac address-table dynamic
how to tell switch what to do and how to do it
configure terminal
from config back to enable
end
interface subcommand
interface
specific interface command
hostname (config-if)
interface fastEthernet 0/1 (for example)
configure a switch hostname
configure terminal
hostname Fred (example)
setting a console password
line console 0
password Hope (example)
setting speed of an interface
configure terminal
interface fastEthernet 0/1
speed 100
entering line mode
hostname (config-line)
configure terminal
line console 0
configure terminal
line vty 0 15
enter VLAN configuration
hostname (config-vlan)
vlan #
how to store work beyond reboot
copy running-config startup-config
start fresh in lab
write erase
erase NVRAM
erase startup-config
then reload or power off.
see current status of what’s going on with device
show running-config
leave the CLI
quit
see how it started
show startup-config
going back to original session
copy startup-config running-config
see any mac address
show mac address-table
see mac addresses in a particular vlan
show mac address-table dynamic vlan #
see picture of all interfaces
show interfaces status
interface status, which is best to find a MAC address
show mac address-table dynamic interface fastEthernet 0/1
if you know particular MAC address, to find it
show mac address-table dynamic address 0200.1111.1111
finding traffic on a particular port
show interfaces f0/1 counters
finding number of MAC addresses used and available
show mac address-table count
finding age out number for entries in table
show mac address-table aging-time
clearing table
clear mac address-table dynamic
clearing table per vlan
clear mac address-table vlan #
clearing table per interface
clear mac address-table interface fastEthernet 0/1
clear a particular address
clear mac address-table address xxxx.xxxx.xxxx
Basic security passwords for a switch
enable
enable secret ___
configure terminal
line console 0
password _____
login
exit
line vty 0 15
password ____
login
end
enaLocal password and usernames
–> user
username ____ password_____
enable
configure terminal
line console 0
login local
no password
exit
line vty 0 15
login local
no password
end
AAA
Authenticate, authorize, account
switch would actually connect to an AAA server. Where the usernames would be stored
switch to AAA (radius or TACAS+)
Configuring SSH
enable
configure terminal
hostname
IP domain-name example.com
crypto key generate rsa modulus 768
ip ssh version 2
line vty 0 15
login local
transport input ssh
exit
username ___ password ___
name for key would be SW1.example.com
confirming SSH
show ip ssh
how to see each user currently connected to ssh
show ssh
Configuring IPv4
configure terminal
interface vlan 1
ip address _______
no shutdown
exit
ip default-gateway ____
ip name-server
turning ports on and off administratively
shutdown
no shutdown
DHCP
dynamic host control protocol
Configuring IPv4 with DHCP
configure terminal
interface vlan 1
no shutdown
ip address DHCP
Verifying IPv4
show running-config
show interfaces vlan 1
show dhcp lease
importance of show interfaces vlan 1
would tell you the interface is up/up.
it would be down, or not functional, if you forgot no shutdown
if DHCP didnt work, you wont see an IP address.
seeing commands you’ve entered
show history
to set history size for current session
terminal history X
setting history size permanently
configure terminal
line console 0
history size X
configure terminal
line vty 0 15
history size X
to avoid untimely messages from console
logging synchronous
changing session timeout
exec-time out (minutes) (seconds)
exec-timeout 10 0
exec-time out 0 0 (never sign out)
avoiding slowdowns when you mistype a command
no ip domain-lookup
to see ssh key
show crypto key mypubkey rsa
changing aging time, or per vlan
mac address-table aging-time ___(seconds)___ vlan (number)
changing speed of interface
speed auto
speed 10
speed 100
speed 1000
changing duplex settings
duplex half
duplex full
duplex auto
adding a note on interface to say why you had good reason to change duplex or speed
description
description Printer on 3rd floor, preset to 100/full
selecting a range of interfaces
example
interfaces FastEthernet 0/11 - 20
description End users connect to these ports
to see what’s going on with the interfaces you’ve changed.
show interfaces status
short vs long information concerning interface
show interfaces status vs show interfaces
reverting some configurations back to default
use no….
like shutdown, no shutdown.
speed, no speed (reverts to auto
duplex, no duplex
description, no description
Notes about show configuration concerning default settings
show running-config and show startup-config don’t usually enumerate default configurations.
so if you went from particular to default, no longer shower particular configuration means they’re back in default configuration.
Matching values
an NIC and port must match, for example NIC cannot run at 100 while a port is configured to receive at 1000mbps.
Problem of upgrades, due to matching values.
If you upgraded a PC that now uses 1000mbps off NIC, you’d need to upgrade switch to use 1000mbps. Because switch uses 1000mbps, all other PCs connected to the switch would need to use 1000mbps.
You need devices with uniformity, or variable settings. If you have devices that use variable settings, auto negotiation is a great thing. you could have 1000base-T cabling, but autonegotation would make it work for 10/100/1000 if the settings were variable on both ends.
Issues of autonegotiation for one side
if one side uses autonegotiation (as default) but another is configured to definite settings, the link may not work at all or very poorly.
default settings for failed autonegotiation
IEEE:
use slowest possible speed, 10.
if 10 or 100, use half duplex. if 1000, use full.
Cisco:
sense speed, if not possible use 10.
if 10 or 100, use half. if 1000 use full.
if speed or duplex is configured, autonegotiation is shut off.
devices over 1000mbps always use full duplex.
Duplex mismatch
if a duplex mismatch occurs, one side will use CSMA/CD while the other doesn’t. The side using CSMA/CD will believe collisions occur, shutting off and performing poorly.
Auto negotiation and LAN hubs
HUBS dont react to autonegotiation messages or forward them. You must use IEEE defaults, so HUB speed (10/100) and half duplex for everything connected to the HUB.
Pulling interface analysis
show interfaces or show interfaces description, show interfaces status
administratively down/down
shutdown is configured on interface
down/down
no cable
bad cable
wrong pinouts
speed mismatch
neighboring device is powered off, shutdown, or error disabled
down/down (err disabled) interface: err-disabled
port security has disabled interface
up/up
interace is working
notconnect root causes
Cable could be unplugged, could be damaged from being under a carpet, office chairs riding over it, macrobending in terms of fiber optic cabling, EMI from any electronic device even non IT devices. or mismatch issues.
show interfaces status will said notconnect, rather than down/down
show interfaces status to show interfaces particular
if you get a notconnect where you’d expect it, you need to examine interface more closely with show interfaces fastEthernet 0/1
value of show interfaces status
tells you how switch determined settings of interfaces:
prefix a- means autonegotiated, no a- prefix means manual configured.
duplex or speed mismatch complexity.
if one devices is still auto negotiating, it would have a prefix a- even though the auto negotiated settings are wrong because theyre using iEEE default. Prefix a- isn’t enough to assume the switch is performing. Must examine the entire link.
duplex vs speed diagnosis.
speed would be down/down notconnect.
a duplex mismatch could still read as up/up. It’s a performance issue, CSMA/CD is degrading the link.
Layer 1 issues, that may be occurring on a up/up interface
Runts, giants, input errors, crc (cyclical redundancy check), frame, packets output, output errors, collisions, late collisions.
runts
frames smaller than 64 bytes –accounting for 18 byte destination, source, type and FCS–so 46 data. Can be caused by collisions.
giants
frames exceeding 1518 bytes.
input errors
a total number of counters, including runts, giants, no buffer, CRC, frame, ovverun, and ignored counts.
CRC
cyclical redundancy check, frames that didn’t pass FCS. Can be caused by collisions.
Output errors
total number of frames that port tried to transmit, but had some issue.
Frame (port diaganosis)
received frames that have illegal format. Can be caused by collisions.
Packets output
total number of frames sent out through the port.
Late collisions
collisions occurring after 64th byte has been transmitted. In a properly working LAN, collisions should occur before 64th byte. Late collisions often point to duplex mismatch.
CSMA/CD collisions
Half duplex has a lot of collisions, so increasing collision counters on half duplex system may not point to any issues at all. However, late collisions would denote a collision mismatch.
Late collision functionality.
A half duplex would send a frame, with CSMA/CD on; however, the switch in full duplex would continue sending a frame. Even after 64th byte of outgoing frame, which would usually be accounted for if the switch were matching half duplex with CSMA/CD listening.
Best way to track duplex mismatch
repeat the show interfaces command,
watch the late collision counter increase. Almost certain there is a duplex mismatch.
Up/up performance beyond duplex mismatch
up/up collision may still suffer from layer 1 issues. A cable may be degraded without being in complete failure.
Excessive interference would cause counters to increase, especially the CRC counter. repeat show interfaces to watch CRC counter increase but collisions do not–may be interference on the cable.
quick way to see specifics of a port
show interfaces description
would show you engineer notes as to whats going on with the port.
err disabled down/down
port security has shut down interface
