PHPKB Knowledge Base Software Logo  
Guru Corner
Online Knowledgebase System  
Knowledge Base Home Knowledge Base Home
Home > All Categories > Cisco Systems > Switching > VLAN > Basics of Cisco Switch Administration
Question Title Basics of Cisco Switch Administration

Perhaps you are asked to configure a switch port or see what MAC address is on what port. Maybe this isnít something you do every day and need a refresher course on the most basic Cisco switch administration tasks. Letís find out how to perform some basic Cisco switch administration tasks.

Log in

Before you can administer the switch you are going to need some basic information:

  • What is the switches IP address or DNS name?
  • What is the username/password you can use to login?
  • What Ethernet switch port is the device in question connected to?

One option to configure the switch might be a web-based administration interface. If this is the case, basic configurations arenít going to be that difficult and perhaps you donít need much more help. On the other hand, GUI interfaces arenít always available, but on Cisco IOS switches, the Cisco IOS always is. Plus, in a GUI interface, you wonít be able to do every possible configuration. In the command-line interface you will be able to perform every possible configuration. For that reason, I encourage you to use the IOS command-line interface. I will be performing these common switch administration tasks on the Cisco IOS command-line interface.

Showing the switch configuration

Just like on a router, the most command-switch IOS command is to show the switchís configuration. This will show you the configuration for the entire switch, including all the Ethernet ports on the switch. To see switch configuration, just type show running-config, like this:

Showing interface port status

Most of the time you are going to a switch, you want to troubleshoot a switch port, or change a switch port configuration. The quickest way to see the status of your switch ports is to use the show interfaces status, like this:

 

This command shows each port: if the port is connected to the device, the VLAN the port is in, the port duplex, the port speed, and port type. This is an excellent quick way to see status for your switch ports.

Changing interface speed & duplex

Say that you see that interface Fa0/21 is set to auto (auto negotiate) for its speed but it needs to be set to 10Mb/sec. To change the speed of any port, you go to interface configuration mode and use the speed command, like this:

 

On this switch, the possible speeds for the 10/100 Ethernet ports are auto, 10, and 100. On the Gigabit Ethernet ports, you can only tell the switch to either negotiate port speed or not to negotiate port speed.

Once the speed is configured to 10Mb, you can verify it with the show interfaces fa0/21 status, like this:

 

As you can see, the speed is now set to 10.

To change the duplex of a port, you perform the same steps but use the duplex command. Duplex can be set to auto, full, or half.

Enabling and disabling interfaces

To enable and disable interfaces, you use the no shutdown and the shutdown command in interface configuration mode. Here is an example:

 

Notice how when the port was shutdown, console messages appear that told you the administrative state had changed to down, and the line protocol changed to down. When the port was enabled (no shutdown), the link went down, then the line when up, then the line protocol changed to up.

You could now do a show interfaces status to see the state of the interface.  

How to save your switch configuration

In Part 1 of this series, we talked about how to enable/disable ports and how to change speed & duplex settings. Those are necessary administrator functions but, when you are done, you must save your configuration. Cisco switches will not automatically save your changes. If you make these changes and the switch looses power, those changes are gone. You must save your changes when you are done. The minimum that is required is to save your changes to the local switch NVRAM. There are two ways to do this, let me demonstrate:


The textbook method of savings your configuration is: Switch# copy running-config startup-config

However, a legacy command that is short and sweet is: Switch# wr

Both of these commands save your running configuration in RAM to the file NVRAM:startup-config. When the switch is powered off, the running-config is lost. The startup-config is read when the switch boots and the running-config is created.

I also highly recommend that you save your configuration onto TFTP server, in case your switchís local NVRAM is completely lost. Once you have a TFTP server running, you can easily save your configuration to it like this:

Switch# copy running-config tftp

How to use the Cisco Network Assistant

The Cisco Network Assistant (CNA) is a free graphics tool included when you purchase a new switch. It is used to administer Cisco network devices. CNA is a feature-rich tool and I cannot possibly go into everything it can do in this short article. I recommend CNA to anyone who would like a graphical interface for their Cisco network devices.

Basically, CNA gives you an overview screen of your Cisco devices, like this:

 

Once you click on Configure then Port Settings, you will see something like this:

 

From here, you can configure the state, duplex, speed, and other options for your switch ports. In fact, you can configure most switch features with the CNA.

Keep in mind that for all Cisco switches, there is also the web-based interface. It may be more limited than what CNA offers. This interface can be accessed directly with your web browser, or it can be launched via CNA. Here is a sample screenshot of my Cisco 3550 web-based interface:

 

How to speed up switch port startup

Switch ports could be connected to a variety of devices Ė other switches, routers, trunk ports, PCís, or VoIP phones. Each of these devices has a different configuration. Sometimes, when a device is connected to a switch port, the switch will attempt to negotiate settings to match this device. This takes time and it will delay the ability of your device (such as a PC) to transmit and receive data from the network.

Most of the time, you are connecting a PC to a switch and you just want to be able to use the network as soon as possible, right?

The command I recommend enabling on all PC/laptop/printer switch ports is this:

 

The switchport mode access command will configure this port not to go through the spanning-tree process and will get your PC access to the network faster.

Basic VLAN commands

Most companies today use Virtual LANs (VLANs). As an administrator, you should know how to 1) see what device is on what VLAN and 2) to change the VLAN that a device is in. As you know, if your device is in the wrong VLAN, it wonít be able to communicate with the servers that it needs to talk to and/or it may be on the wrong IP subnet.

To see what VLAN a device is in, my favorite command is show vlan brief. Here is an example:


As you can see, this command shows you what VLANs exist on this switch, and what switch ports are in what VLAN.

Now, say that you want to change interface/port Fa0/21 from VLAN 1 (the default) to vlan 131. Let me show you how to do that:

 

Thatís right, you simply go into interface configuration mode on the interface you want to change the VLAN, and use the switchport access vlan XXX command. Once you are done, to verify the vlan membership, just run the show vlan brief command again, like this:

 

You can see from the command output that Fa0/21 is now a member of VLAN 131.

As you can see, this command shows you what VLANs exist on this switch, and what switch ports are in what VLAN.

Now, say that you want to change interface/port Fa0/21 from VLAN 1 (the default) to vlan 131. Let me show you how to do that:

 

Thatís right, you simply go into interface configuration mode on the interface you want to change the VLAN, and use the switchport access vlan XXX command. Once you are done, to verify the vlan membership, just run the show vlan brief command again, like this:

 

You can see from the command output that Fa0/21 is now a member of VLAN 131.
Authored by: Guru Corner
Click Here to View all the questions in VLAN category.
File Attachments File Attachments
There are no attachment file(s) related to this question.
Article Information Additional Information
Article Number: 11
Created: 2008-08-20 9:01 PM
Rating: No Rating
 
Article Options Article Options
Print Question Print this Question
Export to Adobe PDF Export to PDF File
Export to MS Word Export to MS Word
 
Search Knowledge Base Search Knowledge Base
 
 

Powered by Guru Corner