cisco press ccna portable command guide 2nd edition 640 802 phần 4 pps
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (5.04 MB, 38 trang )
Configuration Example: EIGRP 89
Houston(config-if)#cc
cc
ll
ll
oo
oo
cc
cc
kk
kk
rr
rr
aa
aa
tt
tt
ee
ee
55
55
66
66
00
00
00
00
00
00
Sets the clock rate.
Houston(config-if)#nn
nn
oo
oo
ss
ss
hh
hh
uu
uu
tt
tt
dd
dd
oo
oo
ww
ww
nn
nn
Enables the interface.
Houston(config-if)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
ff
ff
aa
aa
ss
ss
tt
tt
ee
ee
tt
tt
hh
hh
ee
ee
rr
rr
nn
nn
ee
ee
tt
tt
00
00
//
//
1
1
11
Enters interface configuration mode.
Houston(config-if)#ii
ii
pp
pp
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
11
11
77
77
22
22
11
11
66
66
33
33
00
00
11
11
22
22
55
55
5
5
55
22
22
55
55
55
55
22
22
55
55
55
55
00
00
Assigns the IP address and netmask.
Houston(config-if)#nn
nn
oo
oo
ss
ss
hh
hh
uu
uu
tt
tt
dd
dd
oo
oo
ww
ww
nn
nn
Enables the interface.
Houston(config-if)#rr
rr
oo
oo
uu
uu
tt
tt
ee
ee
rr
rr
ee
ee
ii
ii
gg
gg
rr
rr
pp
pp
11
11
00
00
00
00
Enables EIGRP routing.
Houston(config-router)#nn
nn
oo
oo
aa
aa
uu
uu
tt
tt
oo
oo
ss
ss
uu
uu
mm
mm
mm
mm
aa
aa
rr
rr
yy
yy
Disables auto-summarization.
Houston(config-router)#ee
ee
ii
ii
gg
gg
rr
rr
pp
pp
ll
ll
oo
oo
gg
gg
nn
nn
ee
ee
ii
ii
gg
gg
hh
hh
bb
bb
oo
oo
rr
rr
cc
cc
hh
hh
aa
aa
nn
nn
gg
gg
ee
ee
s
s
ss
Changes with neighbors will be
displayed.
Houston(config-router)#nn
nn
ee
ee
tt
tt
ww
ww
oo
oo
rr
rr
kk
kk
11
11
77
77
22
22
11
11
66
66
00
00
00
00
Advertises directly connected
networks (classful address only).
Houston(config-router)#kk
kk
ee
ee
yy
yy
cc
cc
hh
hh
aa
aa
ii
ii
nn
nn
ee
ee
dd
dd
dd
dd
ii
ii
ee
ee
Identifies a key chain name, which
must match the name configured in
interface configuration mode.
Houston(config-keychain)#kk
kk
ee
ee
yy
yy
11
11
Identifies the key number.
Houston(config-keychain-key)#kk
kk
ee
ee
yy
yy
ss
ss
tt
tt
rr
rr
ii
ii
nn
nn
gg
gg
tt
tt
oo
oo
ww
ww
ee
ee
rr
rr
Identifies the key string.
Houston(config-keychain-key)#aa
aa
cc
cc
cc
cc
ee
ee
pp
pp
tt
tt
ll
ll
ii
ii
ff
ff
ee
ee
tt
tt
ii
ii
mm
mm
ee
ee
00
00
66
66
::
::
33
33
00
00
::
::
00
00
00
00
A
A
AA
pp
pp
rr
rr
11
11
99
99
22
22
00
00
00
00
77
77
ii
ii
nn
nn
ff
ff
ii
ii
nn
nn
ii
ii
tt
tt
ee
ee
Specifies the period during which the
key can be received.
Houston(config-keychain-key)#ss
ss
ee
ee
nn
nn
dd
dd
ll
ll
ii
ii
ff
ff
ee
ee
tt
tt
ii
ii
mm
mm
ee
ee
00
00
66
66
::
::
33
33
00
00
::
::
00
00
00
00
AA
AA
pp
pp
r
r
rr
11
11
99
99
22
22
00
00
00
00
77
77
00
00
99
99
::
::
44
44
55
55
::
::
00
00
00
00
AA
AA
pp
pp
rr
rr
11
11
99
99
22
22
00
00
00
00
77
77
Specifies the period during which the
key can be sent.
Houston(config-keychain-key)#ee
ee
xx
xx
ii
ii
tt
tt
Returns to global configuration
mode.
Houston(config)#ee
ee
xx
xx
ii
ii
tt
tt
Returns to privileged mode.
Houston#cc
cc
oo
oo
pp
pp
yy
yy
rr
rr
uu
uu
nn
nn
nn
nn
ii
ii
nn
nn
gg
gg
cc
cc
oo
oo
nn
nn
ff
ff
ii
ii
gg
gg
ss
ss
tt
tt
aa
aa
rr
rr
tt
tt
uu
uu
pp
pp
cc
cc
oo
oo
nn
nn
ff
ff
ii
ii
gg
gg
Saves the configuration to NVRAM.
This page intentionally left blank
CHAPTER 10
Single Area OSPF
This chapter provides information and commands concerning the following topics:
• Configuring OSPF: Mandatory commands
• Using wildcard masks with OSPF areas
• Configuring OSPF: Optional commands
— Loopback interfaces
— Router ID
— DR/BDR elections
— Modifying cost metrics
— Authentication: Simple
— Authentication: Using MD5 encryption
— Timers
— Propagating a default route
• Verifying OSPF configuration
• Troubleshooting OSPF
• Configuration example: Single area OSPF
Configuring OSPF: Mandatory Commands
Router(config)#rr
rr
oo
oo
uu
uu
tt
tt
ee
ee
rr
rr
oo
oo
ss
ss
pp
pp
ff
ff
11
11
22
22
33
33
Starts OSPF process 123. The process
ID is any positive integer value
between 1 and 65,535. The process
ID is not related to the OSPF area.
The process ID merely distinguishes
one process from another within the
device.
Router(config-router)#nn
nn
ee
ee
tt
tt
ww
ww
oo
oo
rr
rr
kk
kk
11
11
77
77
22
22
11
11
66
66
11
11
00
00
00
00
00
00
00
00
00
00
.
.
22
22
55
55
55
55
aa
aa
rr
rr
ee
ee
aa
aa
00
00
OSPF advertises interfaces, not
networks. Uses the wildcard mask to
determine which interfaces to
advertise. Read this line to say “Any
interface with an address of
172.16.10.x is to be put into area 0.”
92 Using Wildcard Masks with OSPF Areas
Using Wildcard Masks with OSPF Areas
When compared to an IP address, a wildcard mask identifies which addresses get matched
for placement into an area:
• A 0 (zero) in a wildcard mask means to check the corresponding bit in the address for
an exact match.
• A 1 (one) in a wildcard mask means to ignore the corresponding bit in the address—
can be either 1 or 0.
Example 1: 172.16.0.0 0.0.255.255
172.16.0.0 = 10101100.00010000.00000000.00000000
0.0.255.255 = 00000000.00000000.11111111.11111111
result = 10101100.00010000.xxxxxxxx.xxxxxxxx
172.16.x.x (Anything between 172.16.0.0 and 172.16.255.255 will
match the example statement.)
TIP: An octet of all 0s means that the octet has to match exactly to the address.
An octet of all 1s means that the octet can be ignored.
NOTE: The process ID number of
one router does not have to match the
process ID of any other router.
Unlike Enhanced Interior Gateway
Routing Protocol (EIGRP), matching
this number across all routers does not
ensure that network adjacencies will
form.
Router(config-router)#ll
ll
oo
oo
gg
gg
aa
aa
dd
dd
jj
jj
aa
aa
cc
cc
ee
ee
nn
nn
cc
cc
yy
yy
cc
cc
hh
hh
aa
aa
nn
nn
gg
gg
ee
ee
ss
ss
dd
dd
ee
ee
tt
tt
a
a
aa
ii
ii
ll
ll
Configures the router to send a syslog
message when there is a change of
state between OSPF neighbors.
TIP: Although the log-adjacency-
changes command is on by default,
only up/down events are reported
unless you use the detail keyword.
Configuring OSPF: Optional Commands 93
Example 2: 172.16.8.0 0.0.7.255
172.168.8.0 = 10101100.00010000.00001000.00000000
0.0.0.7.255 = 00000000.00000000.00000111.11111111
result = 10101100.00010000.00001xxx.xxxxxxxx
00001xxx = 00001000 to 00001111 = 8–15
xxxxxxxx = 00000000 to 11111111 = 0–255
Anything between 172.16.8.0 and 172.16.15.255 will match the
example statement.
Configuring OSPF: Optional Commands
The following commands, although not mandatory, enable you to have a more controlled
and efficient deployment of OSPF in your network.
Loopback Interfaces
Router(config-router)#nn
nn
ee
ee
tt
tt
ww
ww
oo
oo
rr
rr
kk
kk
11
11
77
77
22
22
11
11
66
66
11
11
00
00
11
11
00
00
00
00
00
00
.
.
00
00
aa
aa
rr
rr
ee
ee
aa
aa
00
00
Read this line to say “Any interface
with an exact address of 172.16.10.1
is to be put into area 0.”
Router(config-router)#nn
nn
ee
ee
tt
tt
ww
ww
oo
oo
rr
rr
kk
kk
11
11
77
77
22
22
11
11
66
66
11
11
00
00
00
00
00
00
00
00
22
22
5
5
55
55
55
22
22
55
55
55
55
aa
aa
rr
rr
ee
ee
aa
aa
00
00
Read this line to say “Any interface
with an address of 172.16.x.x is to be
put into area 0.”
Router(config-router)#nn
nn
ee
ee
tt
tt
ww
ww
oo
oo
rr
rr
kk
kk
00
00
00
00
00
00
00
00
22
22
55
55
55
55
22
22
55
55
55
55
22
22
5
5
55
55
55
22
22
55
55
55
55
aa
aa
rr
rr
ee
ee
aa
aa
00
00
Read this line to say “Any interface
with any address is to be put into area
0.”
Router(config)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
ll
ll
oo
oo
oo
oo
pp
pp
bb
bb
aa
aa
cc
cc
kk
kk
00
00
Creates a virtual interface named
loopback 0, and then moves the
router to interface configuration
mode.
Router(config-if)#ii
ii
pp
pp
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
11
11
99
99
22
22
11
11
66
66
88
88
11
11
00
00
00
00
11
11
2
2
22
55
55
55
55
22
22
55
55
55
55
22
22
55
55
55
55
22
22
55
55
55
55
Assigns the IP address to the
interface.
NOTE: Loopback interfaces are
always “up and up” and do not go
down unless manually shut down.
This makes loopback interfaces
great for use as OSPF router IDs.
94 Configuring OSPF: Optional Commands
Router ID
DR/BDR Elections
Router(config)#rr
rr
oo
oo
uu
uu
tt
tt
ee
ee
rr
rr
oo
oo
ss
ss
pp
pp
ff
ff
11
11
Starts OSPF process 1.
Router(config-router)#rr
rr
oo
oo
uu
uu
tt
tt
ee
ee
rr
rr
ii
ii
dd
dd
11
11
00
00
11
11
11
11
11
11
Sets the router ID to 10.1.1.1. If
this command is used on an OSPF
router process that is already active
(has neighbors), the new router ID
is used at the next reload or at a
manual OSPF process restart.
Router(config-router)#nn
nn
oo
oo
rr
rr
oo
oo
uu
uu
tt
tt
ee
ee
rr
rr
ii
ii
dd
dd
11
11
00
00
11
11
11
11
11
11
Removes the static router ID from
the configuration. If this command
is used on an OSPF router process
that is already active (has
neighbors), the old router ID
behavior is used at the next reload
or at a manual OSPF process
restart.
Router(config)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
ss
ss
ee
ee
rr
rr
ii
ii
aa
aa
ll
ll
00
00
//
//
00
00
Changes the router to interface
configuration mode.
Router(config-if)#ii
ii
pp
pp
oo
oo
ss
ss
pp
pp
ff
ff
pp
pp
rr
rr
ii
ii
oo
oo
rr
rr
ii
ii
tt
tt
yy
yy
55
55
00
00
Changes the OSPF interface
priority to 50.
NOTE: The assigned priority can
be between 0 and 255. A priority
of 0 makes the router ineligible to
become a designated router (DR)
or backup designated router BDR).
The highest priority wins the
election. A priority of 255
guarantees a tie in the election. If
all routers have the same priority,
regardless of the priority number,
they tie. Ties are broken by the
highest router ID.
Configuring OSPF: Optional Commands 95
Modifying Cost Metrics
Authentication: Simple
Router(config)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
ss
ss
ee
ee
rr
rr
ii
ii
aa
aa
ll
ll
00
00
//
//
00
00
Changes the router to interface
configuration mode.
Router(config-if)#bb
bb
aa
aa
nn
nn
dd
dd
ww
ww
ii
ii
dd
dd
tt
tt
hh
hh
11
11
22
22
88
88
If you change the bandwidth, OSPF
recalculates the cost of the link.
Or
Router(config-if)#ii
ii
pp
pp
oo
oo
ss
ss
pp
pp
ff
ff
cc
cc
oo
oo
ss
ss
tt
tt
11
11
55
55
66
66
44
44
Changes the cost to a value of 1564.
NOTE: The cost of a link is determined
by dividing the reference bandwidth by
the interface bandwidth.
The bandwidth of the interface is a
number between 1 and 10,000,000. The
unit of measurement is kilobits.
The cost is a number between 1 and
65,535. The cost has no unit of
measurement—it is just a number.
Router(config)#rr
rr
oo
oo
uu
uu
tt
tt
ee
ee
rr
rr
oo
oo
ss
ss
pp
pp
ff
ff
11
11
Starts OSPF process 1.
Router(config-router)#aa
aa
rr
rr
ee
ee
aa
aa
00
00
aa
aa
uu
uu
tt
tt
hh
hh
ee
ee
nn
nn
tt
tt
ii
ii
cc
cc
aa
aa
tt
tt
ii
ii
oo
oo
nn
nn
Enables simple authentication; password
will be sent in clear text.
Router(config-router)#ee
ee
xx
xx
ii
ii
tt
tt
Returns to global configuration mode.
Router(config)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
ff
ff
aa
aa
ss
ss
tt
tt
ee
ee
tt
tt
hh
hh
ee
ee
rr
rr
nn
nn
ee
ee
tt
tt
00
00
//
//
0
0
00
Moves to interface configuration mode.
Router(config-if)#ii
ii
pp
pp
oo
oo
ss
ss
pp
pp
ff
ff
aa
aa
uu
uu
tt
tt
hh
hh
ee
ee
nn
nn
tt
tt
ii
ii
cc
cc
aa
aa
tt
tt
ii
ii
oo
oo
nn
nn
kk
kk
ee
ee
y
y
yy
ff
ff
rr
rr
ee
ee
dd
dd
Sets key (password) to fred.
NOTE: The password can be any
continuous string of characters that can
be entered from the keyboard, up to
8 bytes in length. To be able to exchange
OSPF information, all neighboring
routers on the same network must have
the same password.
96 Configuring OSPF: Optional Commands
Authentication: Using MD5 Encryption
Timers
Propagating a Default Route
Router(config)#rr
rr
oo
oo
uu
uu
tt
tt
ee
ee
rr
rr
oo
oo
ss
ss
pp
pp
ff
ff
11
11
Starts OSPF process 1.
Router(config-router)#aa
aa
rr
rr
ee
ee
aa
aa
00
00
aa
aa
uu
uu
tt
tt
hh
hh
ee
ee
nn
nn
tt
tt
ii
ii
cc
cc
aa
aa
tt
tt
ii
ii
oo
oo
nn
nn
mm
mm
ee
ee
ss
ss
s
s
ss
aa
aa
gg
gg
ee
ee
dd
dd
ii
ii
gg
gg
ee
ee
ss
ss
tt
tt
Enables authentication with MD5
password encryption.
Router(config-router)#ee
ee
xx
xx
ii
ii
tt
tt
Returns to global configuration mode.
Router(config)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
ff
ff
aa
aa
ss
ss
tt
tt
ee
ee
tt
tt
hh
hh
ee
ee
rr
rr
nn
nn
ee
ee
tt
tt
00
00
//
//
0
0
00
Moves to interface configuration mode.
Router(config-if)#ii
ii
pp
pp
oo
oo
ss
ss
pp
pp
ff
ff
mm
mm
ee
ee
ss
ss
ss
ss
aa
aa
gg
gg
ee
ee
dd
dd
ii
ii
gg
gg
ee
ee
ss
ss
tt
tt
kk
kk
ee
ee
y
y
yy
11
11
mm
mm
dd
dd
55
55
ff
ff
rr
rr
ee
ee
dd
dd
1 is the key-id. This value must be the
same as that of your neighboring router.
md5 indicates that the MD5 hash
algorithm will be used.
fred is the key (password) and must be
the same as that of your neighboring
router.
NOTE: If the service password-
encryption command is not used when
implementing OSPF MD5
authentication, the MD5 secret is
stored as plain text in NVRAM.
Router(config-if)#ii
ii
pp
pp
oo
oo
ss
ss
pp
pp
ff
ff
hh
hh
ee
ee
ll
ll
ll
ll
oo
oo
ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
vv
vv
aa
aa
ll
ll
tt
tt
ii
ii
m
m
mm
ee
ee
rr
rr
22
22
00
00
Changes the Hello Interval timer to
20 seconds.
Router(config-if)#ii
ii
pp
pp
oo
oo
ss
ss
pp
pp
ff
ff
dd
dd
ee
ee
aa
aa
dd
dd
ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
vv
vv
aa
aa
ll
ll
88
88
00
00
Changes the Dead Interval timer to
80 seconds.
NOTE: Hello and Dead Interval timers
must match for routers to become
neighbors.
Router(config)#ii
ii
pp
pp
rr
rr
oo
oo
uu
uu
tt
tt
ee
ee
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
00
s
s
ss
00
00
//
//
00
00
Creates a default route.
Router(config)#rr
rr
oo
oo
uu
uu
tt
tt
ee
ee
rr
rr
oo
oo
ss
ss
pp
pp
ff
ff
11
11
Starts OSPF process 1.
Router(config-router)#dd
dd
ee
ee
ff
ff
aa
aa
uu
uu
ll
ll
tt
tt
ii
ii
nn
nn
ff
ff
oo
oo
rr
rr
mm
mm
aa
aa
tt
tt
ii
ii
oo
oo
nn
nn
oo
oo
rr
rr
ii
ii
gg
gg
ii
ii
n
n
nn
aa
aa
tt
tt
ee
ee
Sets the default route to be propagated to
all OSPF routers.
Verifying OSPF Configuration 97
Verifying OSPF Configuration
Router(config-router)#dd
dd
ee
ee
ff
ff
aa
aa
uu
uu
ll
ll
tt
tt
ii
ii
nn
nn
ff
ff
oo
oo
rr
rr
mm
mm
aa
aa
tt
tt
ii
ii
oo
oo
nn
nn
oo
oo
rr
rr
ii
ii
gg
gg
ii
ii
n
n
nn
aa
aa
tt
tt
ee
ee
aa
aa
ll
ll
ww
ww
aa
aa
yy
yy
ss
ss
The always option propagates a default
“quad-zero” route even if one is not
configured on this router.
NOTE: The default-information
originate command or the default-
information originate always command
is usually only to be configured on your
“entrance” or “gateway” router, the
router that connects your network to the
outside world—the Autonomous System
Boundary Router (ASBR).
Router#ss
ss
hh
hh
oo
oo
ww
ww
ii
ii
pp
pp
pp
pp
rr
rr
oo
oo
tt
tt
oo
oo
cc
cc
oo
oo
ll
ll
Displays parameters for all protocols
running on the router
Router#ss
ss
hh
hh
oo
oo
ww
ww
ii
ii
pp
pp
rr
rr
oo
oo
uu
uu
tt
tt
ee
ee
Displays a complete IP routing table
Router#ss
ss
hh
hh
oo
oo
ww
ww
ii
ii
pp
pp
oo
oo
ss
ss
pp
pp
ff
ff
Displays basic information about OSPF
routing processes
Router#ss
ss
hh
hh
oo
oo
ww
ww
ii
ii
pp
pp
oo
oo
ss
ss
pp
pp
ff
ff
ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
Displays OSPF info as it relates to all
interfaces
Router#ss
ss
hh
hh
oo
oo
ww
ww
ii
ii
pp
pp
oo
oo
ss
ss
pp
pp
ff
ff
ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
ff
ff
aa
aa
s
s
ss
tt
tt
ee
ee
tt
tt
hh
hh
ee
ee
rr
rr
nn
nn
ee
ee
tt
tt
00
00
//
//
00
00
Displays OSPF information for interface
fastethernet 0/0
Router#ss
ss
hh
hh
oo
oo
ww
ww
ii
ii
pp
pp
oo
oo
ss
ss
pp
pp
ff
ff
bb
bb
oo
oo
rr
rr
dd
dd
ee
ee
rr
rr
rr
rr
oo
oo
uu
uu
tt
tt
ee
ee
rr
rr
ss
ss
Displays border and boundary router
information
Router#ss
ss
hh
hh
oo
oo
ww
ww
ii
ii
pp
pp
oo
oo
ss
ss
pp
pp
ff
ff
nn
nn
ee
ee
ii
ii
gg
gg
hh
hh
bb
bb
oo
oo
rr
rr
Lists all OSPF neighbors and their states
Router#ss
ss
hh
hh
oo
oo
ww
ww
ii
ii
pp
pp
oo
oo
ss
ss
pp
pp
ff
ff
nn
nn
ee
ee
ii
ii
gg
gg
hh
hh
bb
bb
oo
oo
rr
rr
dd
dd
ee
ee
tt
tt
aa
aa
ii
ii
ll
ll
Displays a detailed list of neighbors
Router#ss
ss
hh
hh
oo
oo
ww
ww
ii
ii
pp
pp
oo
oo
ss
ss
pp
pp
ff
ff
dd
dd
aa
aa
tt
tt
aa
aa
bb
bb
aa
aa
ss
ss
ee
ee
Displays contents of the OSPF database
Router#ss
ss
hh
hh
oo
oo
ww
ww
ii
ii
pp
pp
oo
oo
ss
ss
pp
pp
ff
ff
dd
dd
aa
aa
tt
tt
aa
aa
bb
bb
aa
aa
ss
ss
ee
ee
nn
nn
ss
ss
ss
ss
a
a
aa
ee
ee
xx
xx
tt
tt
ee
ee
rr
rr
nn
nn
aa
aa
ll
ll
Displays NSSA external link states
98 Configuration Example: Single Area OSPF
Troubleshooting OSPF
Configuration Example: Single Area OSPF
Figure 10-1 illustrates the network topology for the configuration that follows, which shows
how to configure Single Area OSPF using commands covered in this chapter.
Figure 10-9 Network Topology for Single Area OSPF Configuration
Router#cc
cc
ll
ll
ee
ee
aa
aa
rr
rr
ii
ii
pp
pp
rr
rr
oo
oo
uu
uu
tt
tt
ee
ee
**
**
Clears entire routing table, forcing it to
rebuild
Router#cc
cc
ll
ll
ee
ee
aa
aa
rr
rr
ii
ii
pp
pp
rr
rr
oo
oo
uu
uu
tt
tt
ee
ee
aa
aa
bb
bb
cc
cc
dd
dd
Clears specific route to network a.b.c.d
Router#cc
cc
ll
ll
ee
ee
aa
aa
rr
rr
ii
ii
pp
pp
oo
oo
pp
pp
ss
ss
ff
ff
cc
cc
oo
oo
uu
uu
nn
nn
tt
tt
ee
ee
rr
rr
ss
ss
Resets OSPF counters
Router#cc
cc
ll
ll
ee
ee
aa
aa
rr
rr
ii
ii
pp
pp
oo
oo
ss
ss
pp
pp
ff
ff
pp
pp
rr
rr
oo
oo
cc
cc
ee
ee
ss
ss
ss
ss
Resets entire OSPF process, forcing
OSPF to re-create neighbors, database,
and routing table
Router#dd
dd
ee
ee
bb
bb
uu
uu
gg
gg
ii
ii
pp
pp
oo
oo
ss
ss
pp
pp
ff
ff
ee
ee
vv
vv
ee
ee
nn
nn
tt
tt
ss
ss
Displays all OSPF events
Router#dd
dd
ee
ee
bb
bb
uu
uu
gg
gg
ii
ii
pp
pp
oo
oo
ss
ss
pp
pp
ff
ff
aa
aa
dd
dd
jj
jj
aa
aa
cc
cc
ee
ee
nn
nn
cc
cc
yy
yy
Displays various OSPF states and DR/
BDR election between adjacent routers
Router#dd
dd
ee
ee
bb
bb
uu
uu
gg
gg
ii
ii
pp
pp
oo
oo
ss
ss
pp
pp
ff
ff
pp
pp
aa
aa
cc
cc
kk
kk
ee
ee
tt
tt
ss
ss
Displays OPSF packets
172.16.10.10 172.16.30.30 172.16.50.50
s0/0
172.16.40.1
s0/0
172.16.20.1
Network
172.16.20.0/30
DCEDCE
s0/1
172.16.40.2
s0/1
172.16.20.2
Network
172.16.40.0/30
Network
172.16.50.0/24
Network
172.16.10.0/24
Network
172.16.30.0/24
fa0/0
172.16.10.1
fa0/0
172.16.30.1
fa0/0
172.16.50.1
Galveston
Houston
Austin
Configuration Example: Single Area OSPF 99
Austin Router
Router>ee
ee
nn
nn
aa
aa
bb
bb
ll
ll
ee
ee
Moves to privileged mode.
Router#cc
cc
oo
oo
nn
nn
ff
ff
ii
ii
gg
gg
uu
uu
rr
rr
ee
ee
tt
tt
ee
ee
rr
rr
mm
mm
ii
ii
nn
nn
aa
aa
ll
ll
Moves to global configuration mode.
Router(config)#hh
hh
oo
oo
ss
ss
tt
tt
nn
nn
aa
aa
mm
mm
ee
ee
AA
AA
uu
uu
ss
ss
tt
tt
ii
ii
nn
nn
Sets the host name.
Austin(config)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
ff
ff
aa
aa
ss
ss
tt
tt
ee
ee
tt
tt
hh
hh
ee
ee
rr
rr
nn
nn
ee
ee
tt
tt
00
00
//
//
0
0
00
Moves to interface configuration mode.
Austin(config-if)#ii
ii
pp
pp
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
11
11
77
77
22
22
11
11
66
66
11
11
00
00
11
11
22
22
55
55
5
5
55
22
22
55
55
55
55
22
22
55
55
55
55
00
00
Assigns an IP address and netmask.
Austin(config-if)#nn
nn
oo
oo
ss
ss
hh
hh
uu
uu
tt
tt
dd
dd
oo
oo
ww
ww
nn
nn
Enables the interface.
Austin(config-if)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
ss
ss
ee
ee
rr
rr
ii
ii
aa
aa
ll
ll
00
00
//
//
00
00
Moves to interface configuration mode.
Austin(config-if)#ii
ii
pp
pp
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
11
11
77
77
22
22
11
11
66
66
22
22
00
00
11
11
22
22
55
55
5
5
55
22
22
55
55
55
55
22
22
55
55
55
55
22
22
55
55
22
22
Assigns an IP address and netmask.
Austin(config-if)#cc
cc
ll
ll
oo
oo
cc
cc
kk
kk
rr
rr
aa
aa
tt
tt
ee
ee
55
55
66
66
00
00
00
00
00
00
DCE cable plugged in this side.
Austin(config-if)#nn
nn
oo
oo
ss
ss
hh
hh
uu
uu
tt
tt
dd
dd
oo
oo
ww
ww
nn
nn
Enables the interface.
Austin(config-if)#ee
ee
xx
xx
ii
ii
tt
tt
Returns to global configuration mode.
Austin(config)#rr
rr
oo
oo
uu
uu
tt
tt
ee
ee
rr
rr
oo
oo
ss
ss
pp
pp
ff
ff
11
11
Starts OSPF process 1.
Austin(config-router)#nn
nn
ee
ee
tt
tt
ww
ww
oo
oo
rr
rr
kk
kk
11
11
77
77
22
22
11
11
66
66
11
11
00
00
00
00
00
00
00
00
00
00
.
.
22
22
55
55
55
55
aa
aa
rr
rr
ee
ee
aa
aa
00
00
Any interface with an address of
172.16.10.x is to be put into area 0.
Austin(config-router)#nn
nn
ee
ee
tt
tt
ww
ww
oo
oo
rr
rr
kk
kk
11
11
77
77
22
22
11
11
66
66
22
22
00
00
00
00
00
00
00
00
00
00
.
.
22
22
55
55
55
55
aa
aa
rr
rr
ee
ee
aa
aa
00
00
Any interface with an address of
172.16.20.x is to be put into area 0.
Austin(config-router)#<<
<<
cc
cc
tt
tt
rr
rr
ll
ll
>>
>>
zz
zz
Returns to privileged mode.
Austin#cc
cc
oo
oo
pp
pp
yy
yy
rr
rr
uu
uu
nn
nn
nn
nn
ii
ii
nn
nn
gg
gg
cc
cc
oo
oo
nn
nn
ff
ff
ii
ii
gg
gg
ss
ss
tt
tt
aa
aa
rr
rr
tt
tt
u
u
uu
pp
pp
cc
cc
oo
oo
nn
nn
ff
ff
ii
ii
gg
gg
Saves the configuration to NVRAM.
100 Configuration Example: Single Area OSPF
Houston Router
Router>ee
ee
nn
nn
aa
aa
bb
bb
ll
ll
ee
ee
Moves to privileged mode.
Router#cc
cc
oo
oo
nn
nn
ff
ff
ii
ii
gg
gg
uu
uu
rr
rr
ee
ee
tt
tt
ee
ee
rr
rr
mm
mm
ii
ii
nn
nn
aa
aa
ll
ll
Moves to global configuration mode.
Router(config)#hh
hh
oo
oo
ss
ss
tt
tt
nn
nn
aa
aa
mm
mm
ee
ee
HH
HH
oo
oo
uu
uu
ss
ss
tt
tt
oo
oo
nn
nn
Sets the host name.
Houston(config)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
ff
ff
aa
aa
ss
ss
tt
tt
ee
ee
tt
tt
hh
hh
ee
ee
rr
rr
nn
nn
ee
ee
tt
tt
00
00
//
//
0
0
00
Moves to interface configuration mode.
Houston(config-if)#ii
ii
pp
pp
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
11
11
77
77
22
22
11
11
66
66
33
33
00
00
11
11
22
22
55
55
5
5
55
22
22
55
55
55
55
22
22
55
55
55
55
00
00
Assigns an IP address and netmask.
Houston(config-if)#nn
nn
oo
oo
ss
ss
hh
hh
uu
uu
tt
tt
dd
dd
oo
oo
ww
ww
nn
nn
Enables the interface.
Houston(config-if)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
ss
ss
ee
ee
rr
rr
ii
ii
aa
aa
ll
ll
00
00
//
//
00
00
Moves to interface configuration mode.
Houston(config-if)#ii
ii
pp
pp
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
11
11
77
77
22
22
11
11
66
66
44
44
00
00
11
11
22
22
55
55
5
5
55
22
22
55
55
55
55
22
22
55
55
55
55
22
22
55
55
22
22
Assigns an IP address and netmask.
Houston(config-if)#cc
cc
ll
ll
oo
oo
cc
cc
kk
kk
rr
rr
aa
aa
tt
tt
ee
ee
55
55
66
66
00
00
00
00
00
00
DCE cable plugged in this side.
Houston(config-if)#nn
nn
oo
oo
ss
ss
hh
hh
uu
uu
tt
tt
dd
dd
oo
oo
ww
ww
nn
nn
Enables the interface.
Houston(config)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
ss
ss
ee
ee
rr
rr
ii
ii
aa
aa
ll
ll
00
00
//
//
11
11
Moves to interface configuration mode.
Houston(config-if)#ii
ii
pp
pp
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
11
11
77
77
22
22
11
11
66
66
22
22
00
00
22
22
22
22
55
55
5
5
55
22
22
55
55
55
55
22
22
55
55
55
55
22
22
55
55
22
22
Assigns an IP address and netmask.
Houston(config-if)#nn
nn
oo
oo
ss
ss
hh
hh
uu
uu
tt
tt
dd
dd
oo
oo
ww
ww
nn
nn
Enables the interface.
Houston(config-if)#ee
ee
xx
xx
ii
ii
tt
tt
Returns to global configuration mode.
Houston(config)#rr
rr
oo
oo
uu
uu
tt
tt
ee
ee
rr
rr
oo
oo
ss
ss
pp
pp
ff
ff
11
11
Starts OSPF process 1.
Houston(config-router)#nn
nn
ee
ee
tt
tt
ww
ww
oo
oo
rr
rr
kk
kk
11
11
77
77
22
22
11
11
66
66
00
00
00
00
00
00
00
00
22
22
55
55
5
5
55
22
22
55
55
55
55
aa
aa
rr
rr
ee
ee
aa
aa
00
00
Any interface with an address of
172.16.x.x is to be put into area 0.
One statement will now advertise all
three interfaces.
Houston(config-router)#<<
<<
cc
cc
tt
tt
rr
rr
ll
ll
>>
>>
zz
zz
Returns to privileged mode.
Houston#cc
cc
oo
oo
pp
pp
yy
yy
rr
rr
uu
uu
nn
nn
nn
nn
ii
ii
nn
nn
gg
gg
cc
cc
oo
oo
nn
nn
ff
ff
ii
ii
gg
gg
ss
ss
tt
tt
aa
aa
rr
rr
tt
tt
uu
uu
pp
pp
cc
cc
oo
oo
nn
nn
ff
ff
ii
ii
gg
gg
Saves the configuration to NVRAM.
Configuration Example: Single Area OSPF 101
Galveston Router
Router>ee
ee
nn
nn
aa
aa
bb
bb
ll
ll
ee
ee
Moves to privileged mode.
Router#cc
cc
oo
oo
nn
nn
ff
ff
ii
ii
gg
gg
uu
uu
rr
rr
ee
ee
tt
tt
ee
ee
rr
rr
mm
mm
ii
ii
nn
nn
aa
aa
ll
ll
Moves to global configuration mode.
Router(config)#hh
hh
oo
oo
ss
ss
tt
tt
nn
nn
aa
aa
mm
mm
ee
ee
GG
GG
aa
aa
ll
ll
vv
vv
ee
ee
ss
ss
tt
tt
oo
oo
nn
nn
Sets the host name.
Galveston(config)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
ff
ff
aa
aa
ss
ss
tt
tt
ee
ee
tt
tt
hh
hh
ee
ee
rr
rr
nn
nn
ee
ee
tt
tt
00
00
//
//
0
0
00
Moves to interface configuration mode.
Galveston(config-if)#ii
ii
pp
pp
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
11
11
77
77
22
22
11
11
66
66
55
55
00
00
11
11
22
22
55
55
5
5
55
22
22
55
55
55
55
22
22
55
55
55
55
00
00
Assigns an IP address and netmask.
Galveston(config-if)#nn
nn
oo
oo
ss
ss
hh
hh
uu
uu
tt
tt
dd
dd
oo
oo
ww
ww
nn
nn
Enables the interface.
Galveston(config-if)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
ss
ss
ee
ee
rr
rr
ii
ii
aa
aa
ll
ll
00
00
//
//
11
11
Moves to interface configuration mode.
Galveston(config-if)#ii
ii
pp
pp
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
11
11
77
77
22
22
11
11
66
66
44
44
00
00
22
22
22
22
55
55
5
5
55
22
22
55
55
55
55
22
22
55
55
55
55
22
22
55
55
22
22
Assigns an IP address and netmask.
Galveston(config-if)#nn
nn
oo
oo
ss
ss
hh
hh
uu
uu
tt
tt
dd
dd
oo
oo
ww
ww
nn
nn
Enables the interface.
Galveston(config-if)#ee
ee
xx
xx
ii
ii
tt
tt
Returns to global configuration mode.
Galveston(config)#rr
rr
oo
oo
uu
uu
tt
tt
ee
ee
rr
rr
oo
oo
ss
ss
pp
pp
ff
ff
11
11
Starts OSPF process 1.
Galveston(config-router)#nn
nn
ee
ee
tt
tt
ww
ww
oo
oo
rr
rr
kk
kk
11
11
77
77
22
22
11
11
66
66
44
44
00
00
22
22
00
00
00
00
00
00
.
.
00
00
aa
aa
rr
rr
ee
ee
aa
aa
00
00
Any interface with an exact address of
172.16.40.2 is to be put into area 0. This
is the most precise way to place an
exact address into the OSPF routing
process.
Galveston(config-router)#nn
nn
ee
ee
tt
tt
ww
ww
oo
oo
rr
rr
kk
kk
11
11
77
77
22
22
11
11
66
66
55
55
00
00
11
11
00
00
00
00
00
00
.
.
00
00
aa
aa
rr
rr
ee
ee
aa
aa
00
00
Any interface with an exact address of
172.16.50.2 is to be put into area 0.
Galveston(config-router)#<<
<<
cc
cc
tt
tt
rr
rr
ll
ll
>>
>>
zz
zz
Returns to privileged mode.
Galveston#cc
cc
oo
oo
pp
pp
yy
yy
rr
rr
uu
uu
nn
nn
nn
nn
ii
ii
nn
nn
gg
gg
cc
cc
oo
oo
nn
nn
ff
ff
ii
ii
gg
gg
ss
ss
tt
tt
aa
aa
rr
rr
tt
tt
u
u
uu
pp
pp
cc
cc
oo
oo
nn
nn
ff
ff
ii
ii
gg
gg
Saves the configuration to NVRAM.
This page intentionally left blank
PART V
Switching
Chapter 11 Configuring a Switch
Chapter 12 VLANs
Chapter 13 VLAN Trunking Protocol and Inter-VLAN Routing
Chapter 14 STP and EtherChannel
This page intentionally left blank
CHAPTER 11
Configuring a Switch
This chapter provides information and commands concerning the following topics:
• Help commands
• Command modes
• Verifying commands
• Resetting switch configuration
• Setting host names
• Setting passwords
• Setting IP addresses and default gateways
• Setting interface descriptions
• Setting duplex operation
• Setting operation speed
• Managing the MAC address table
• Configuring static MAC addresses
• Switch port security
• Verifying switch port security
• Sticky MAC addresses
• Configuration example
Help Commands
Command Modes
switch>??
??
The ? works here the same as
in a router.
switch>ee
ee
nn
nn
aa
aa
bb
bb
ll
ll
ee
ee
User mode, same as a router
switch#
Privileged mode
switch#dd
dd
ii
ii
ss
ss
aa
aa
bb
bb
ll
ll
ee
ee
Leaves privileged mode
switch>ee
ee
xx
xx
ii
ii
tt
tt
Leaves user mode
106 Verifying Commands
Verifying Commands
switch#ss
ss
hh
hh
oo
oo
ww
ww
vv
vv
ee
ee
rr
rr
ss
ss
ii
ii
oo
oo
nn
nn
Displays information about
software and hardware.
switch#ss
ss
hh
hh
oo
oo
ww
ww
ff
ff
ll
ll
aa
aa
ss
ss
hh
hh
::
::
Displays information about
flash memory (for the 2900/
2950 series only).
switch#ss
ss
hh
hh
oo
oo
ww
ww
mm
mm
aa
aa
cc
cc
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
tt
tt
aa
aa
bb
bb
ll
ll
ee
ee
Displays the current MAC
address forwarding table.
switch#ss
ss
hh
hh
oo
oo
ww
ww
cc
cc
oo
oo
nn
nn
tt
tt
rr
rr
oo
oo
ll
ll
ll
ll
ee
ee
rr
rr
ss
ss
ee
ee
tt
tt
hh
hh
ee
ee
rr
rr
nn
nn
ee
ee
tt
tt
cc
cc
oo
oo
nn
nn
tt
tt
rr
rr
oo
oo
ll
ll
ll
ll
ee
ee
rr
rr
Displays information about
the Ethernet controller.
switch#ss
ss
hh
hh
oo
oo
ww
ww
rr
rr
uu
uu
nn
nn
nn
nn
ii
ii
nn
nn
gg
gg
cc
cc
oo
oo
nn
nn
ff
ff
ii
ii
gg
gg
Displays the current
configuration in DRAM.
switch#ss
ss
hh
hh
oo
oo
ww
ww
ss
ss
tt
tt
aa
aa
rr
rr
tt
tt
uu
uu
pp
pp
cc
cc
oo
oo
nn
nn
ff
ff
ii
ii
gg
gg
Displays the current
configuration in NVRAM.
switch#ss
ss
hh
hh
oo
oo
ww
ww
pp
pp
oo
oo
ss
ss
tt
tt
Displays whether the switch
passed POST.
switch#ss
ss
hh
hh
oo
oo
ww
ww
vv
vv
ll
ll
aa
aa
nn
nn
Displays the current VLAN
configuration.
switch#ss
ss
hh
hh
oo
oo
ww
ww
ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
ss
ss
Displays the interface
configuration and status of
line: up/up, up/down, admin
down.
NOTE: This command is
unsupported in some Cisco
IOS Software releases, such
as 12.2(25)FX.
switch#ss
ss
hh
hh
oo
oo
ww
ww
ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
vv
vv
ll
ll
aa
aa
nn
nn
11
11
Displays setting of virtual
interface VLAN 1, the
default VLAN on the switch.
NOTE: This command is
unsupported in some Cisco
IOS Software releases, such
as 12.2(25)FX.
Setting Passwords 107
Resetting Switch Configuration
Setting Host Names
Setting Passwords
Setting passwords for the 2960 series switches is the same method as used for a router.
Switch#dd
dd
ee
ee
ll
ll
ee
ee
tt
tt
ee
ee
ff
ff
ll
ll
aa
aa
ss
ss
hh
hh
::
::
vv
vv
ll
ll
aa
aa
nn
nn
dd
dd
aa
aa
tt
tt
Removes the VLAN database
from flash memory.
Delete filename [vlan.dat]?
Press ®.
Delete flash:vlan.dat? [confirm]
Reconfirm by pressing
®.
Switch#ee
ee
rr
rr
aa
aa
ss
ss
ee
ee
ss
ss
tt
tt
aa
aa
rr
rr
tt
tt
uu
uu
pp
pp
cc
cc
oo
oo
nn
nn
ff
ff
ii
ii
gg
gg
Erases the file from NVRAM.
<output omitted>
Switch#
rr
rr
ee
ee
ll
ll
oo
oo
aa
aa
dd
dd
Restarts the switch.
Switch#cc
cc
oo
oo
nn
nn
ff
ff
ii
ii
gg
gg
uu
uu
rr
rr
ee
ee
tt
tt
ee
ee
rr
rr
mm
mm
ii
ii
nn
nn
aa
aa
ll
ll
Moves to global configuration
mode.
Switch(config)#hh
hh
oo
oo
ss
ss
tt
tt
nn
nn
aa
aa
mm
mm
ee
ee
22
22
99
99
66
66
00
00
SS
SS
ww
ww
ii
ii
tt
tt
cc
cc
hh
hh
Creates a locally significant
host name of the switch. This
is the same command as the
router.
2960Switch(config)#
2960Switch(config)#
ee
ee
nn
nn
aa
aa
bb
bb
ll
ll
ee
ee
pp
pp
aa
aa
ss
ss
ss
ss
ww
ww
oo
oo
rr
rr
dd
dd
cc
cc
ii
ii
ss
ss
cc
cc
oo
oo
Sets the enable password to
cisco
2960Switch(config)#ee
ee
nn
nn
aa
aa
bb
bb
ll
ll
ee
ee
ss
ss
ee
ee
cc
cc
rr
rr
ee
ee
tt
tt
cc
cc
ll
ll
aa
aa
ss
ss
ss
ss
Sets the encrypted secret
password to class
2960Switch(config)#ll
ll
ii
ii
nn
nn
ee
ee
cc
cc
oo
oo
nn
nn
ss
ss
oo
oo
ll
ll
ee
ee
00
00
Enters line console mode
2960Switch(config-line)#ll
ll
oo
oo
gg
gg
ii
ii
nn
nn
Enables password checking
2960Switch(config-line)#pp
pp
aa
aa
ss
ss
ss
ss
ww
ww
oo
oo
rr
rr
dd
dd
cc
cc
ii
ii
ss
ss
cc
cc
oo
oo
Sets the password to cisco
2960Switch(config-line)#ee
ee
xx
xx
ii
ii
tt
tt
Exits line console mode
2960Switch(config-line)#ll
ll
ii
ii
nn
nn
ee
ee
aa
aa
uu
uu
xx
xx
00
00
Enters line auxiliary mode
108 Setting Interface Descriptions
Setting IP Addresses and Default Gateways
TIP: For the 2960 series switches, the IP address of the switch is just that—the IP
address for the entire switch. That is why you set the address in VLAN 1 (the
default VLAN of the switch) and not in a specific Ethernet interface.
Setting Interface Descriptions
TIP: The 2960 series switches have either 12 or 24 Fast Ethernet ports named
fa0/1, fa0/2, fa0/24—there is no fastethernet 0/0.
2960Switch(config-line)#ll
ll
oo
oo
gg
gg
ii
ii
nn
nn
Enables password checking
2960Switch(config-line)#pp
pp
aa
aa
ss
ss
ss
ss
ww
ww
oo
oo
rr
rr
dd
dd
cc
cc
ii
ii
ss
ss
cc
cc
oo
oo
Sets the password to cisco
2960Switch(config-line)#ee
ee
xx
xx
ii
ii
tt
tt
Exits line auxiliary mode
2960Switch(config-line)#ll
ll
ii
ii
nn
nn
ee
ee
vv
vv
tt
tt
yy
yy
00
00
44
44
Enters line vty mode for all
five virtual ports
2960Switch(config-line)#ll
ll
oo
oo
gg
gg
ii
ii
nn
nn
Enables password checking
2960Switch(config-line)#pp
pp
aa
aa
ss
ss
ss
ss
ww
ww
oo
oo
rr
rr
dd
dd
cc
cc
ii
ii
ss
ss
cc
cc
oo
oo
Sets the password to cisco
2960Switch(config-line)#ee
ee
xx
xx
ii
ii
tt
tt
Exits line vty mode
2960Switch(config)#
2960Switch(config)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
vv
vv
ll
ll
aa
aa
nn
nn
11
11
Enters the virtual interface
for VLAN 1, the default
VLAN on the switch
2960Switch(config-if)#ii
ii
pp
pp
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
11
11
77
77
22
22
11
11
66
66
11
11
00
00
22
22
22
22
55
55
5
5
55
22
22
55
55
55
55
22
22
55
55
55
55
00
00
Sets the IP address and
netmask to allow for remote
access to the switch
2960Switch(config-if)#ee
ee
xx
xx
ii
ii
tt
tt
2960Switch(config)#ii
ii
pp
pp
dd
dd
ee
ee
ff
ff
aa
aa
uu
uu
ll
ll
tt
tt
gg
gg
aa
aa
tt
tt
ee
ee
ww
ww
aa
aa
yy
yy
11
11
77
77
22
22
11
11
66
66
.
.
11
11
00
00
11
11
Allows IP information an
exit past the local network
2960Switch(config)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
ff
ff
aa
aa
ss
ss
tt
tt
ee
ee
tt
tt
hh
hh
ee
ee
rr
rr
nn
nn
ee
ee
tt
tt
00
00
//
//
11
11
Enters interface
configuration mode
2960Switch(config-if)#dd
dd
ee
ee
ss
ss
cc
cc
rr
rr
ii
ii
pp
pp
tt
tt
ii
ii
oo
oo
nn
nn
FF
FF
ii
ii
nn
nn
aa
aa
nn
nn
cc
cc
ee
ee
VV
VV
LL
LL
AA
AA
NN
NN
Adds a description of the
interface
Configuring Static MAC Addresses 109
Setting Duplex Operation
Setting Operation Speed
Managing the MAC Address Table
Configuring Static MAC Addresses
2960Switch2960Switch(config)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
ff
ff
aa
aa
ss
ss
tt
tt
ee
ee
tt
tt
hh
hh
ee
ee
rr
rr
nn
nn
ee
ee
tt
tt
00
00
//
//
1
1
11
Moves to interface
configuration mode
2960Switch(config-if)#dd
dd
uu
uu
pp
pp
ll
ll
ee
ee
xx
xx
ff
ff
uu
uu
ll
ll
ll
ll
Forces full-duplex
operation
2960Switch(config-if)#dd
dd
uu
uu
pp
pp
ll
ll
ee
ee
xx
xx
aa
aa
uu
uu
tt
tt
oo
oo
Enables auto-duplex config
2960Switch(config-if)#dd
dd
uu
uu
pp
pp
ll
ll
ee
ee
xx
xx
hh
hh
aa
aa
ll
ll
ff
ff
Forces half-duplex operation
2960Switch(config)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
ff
ff
aa
aa
ss
ss
tt
tt
ee
ee
tt
tt
hh
hh
ee
ee
rr
rr
nn
nn
ee
ee
tt
tt
00
00
//
//
11
11
2960Switch(config-if)#ss
ss
pp
pp
ee
ee
ee
ee
dd
dd
11
11
00
00
Forces 10-Mbps operation
2960Switch(config-if)#ss
ss
pp
pp
ee
ee
ee
ee
dd
dd
11
11
00
00
00
00
Forces 100-Mbps operation
2960Switch(config-if)#ss
ss
pp
pp
ee
ee
ee
ee
dd
dd
aa
aa
uu
uu
tt
tt
oo
oo
Enables autospeed
configuration
switch#ss
ss
hh
hh
oo
oo
ww
ww
mm
mm
aa
aa
cc
cc
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
tt
tt
aa
aa
bb
bb
ll
ll
ee
ee
Displays current MAC
address forwarding table
switch#cc
cc
ll
ll
ee
ee
aa
aa
rr
rr
mm
mm
aa
aa
cc
cc
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
tt
tt
aa
aa
bb
bb
ll
ll
ee
ee
Deletes all entries from
current MAC address
forwarding table
switch#cc
cc
ll
ll
ee
ee
aa
aa
rr
rr
mm
mm
aa
aa
cc
cc
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
tt
tt
aa
aa
bb
bb
ll
ll
ee
ee
dd
dd
yy
yy
nn
nn
aa
aa
mm
mm
ii
ii
cc
cc
Deletes only dynamic
entries from table
2960Switch(config)#mm
mm
aa
aa
cc
cc
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
tt
tt
aa
aa
bb
bb
ll
ll
ee
ee
ss
ss
tt
tt
aa
aa
tt
tt
ii
ii
cc
cc
aaaa
.
aaaa
.
aaaa
vv
vv
ll
ll
aa
aa
nn
nn
11
11
ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
ff
ff
aa
aa
ss
ss
tt
tt
ee
ee
tt
tt
hh
hh
ee
ee
rr
rr
nn
nn
ee
ee
tt
tt
00
00
//
//
11
11
Sets a permanent address to
port fastethernet 0/1 in
VLAN 1
110 Switch Port Security
Switch Port Security
2960Switch(config)#nn
nn
oo
oo
mm
mm
aa
aa
cc
cc
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
tt
tt
aa
aa
bb
bb
ll
ll
ee
ee
ss
ss
tt
tt
aa
aa
tt
tt
i
i
ii
cc
cc
aaaa
.
aaaa
.
aaaa
vv
vv
ll
ll
aa
aa
nn
nn
11
11
ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
ff
ff
aa
aa
ss
ss
tt
tt
ee
ee
tt
tt
hh
hh
ee
ee
r
r
rr
nn
nn
ee
ee
tt
tt
00
00
//
//
11
11
Removes the permanent
address to port fastethernet
0/1 in VLAN 1
Switch(config)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
ff
ff
aa
aa
ss
ss
tt
tt
ee
ee
tt
tt
hh
hh
ee
ee
rr
rr
nn
nn
ee
ee
tt
tt
00
00
//
//
11
11
Moves to interface
configuration mode.
Switch(config-if)#ss
ss
ww
ww
ii
ii
tt
tt
cc
cc
hh
hh
pp
pp
oo
oo
rr
rr
tt
tt
pp
pp
oo
oo
rr
rr
tt
tt
ss
ss
ee
ee
cc
cc
uu
uu
rr
rr
ii
ii
tt
tt
yy
yy
Enables port security on the
interface.
Switch(config-if)#ss
ss
ww
ww
ii
ii
tt
tt
cc
cc
hh
hh
pp
pp
oo
oo
rr
rr
tt
tt
pp
pp
oo
oo
rr
rr
tt
tt
ss
ss
ee
ee
cc
cc
uu
uu
rr
rr
ii
ii
tt
tt
yy
yy
m
m
mm
aa
aa
xx
xx
ii
ii
mm
mm
uu
uu
mm
mm
44
44
Sets a maximum limit of
four MAC addresses that
will be allowed on this port.
NOTE: The maximum
number of secure MAC
addresses that you can
configure on a switch is set
by the maximum number of
available MAC addresses
allowed in the system.
Switch(config-if)#ss
ss
ww
ww
ii
ii
tt
tt
cc
cc
hh
hh
pp
pp
oo
oo
rr
rr
tt
tt
pp
pp
oo
oo
rr
rr
tt
tt
ss
ss
ee
ee
cc
cc
uu
uu
rr
rr
ii
ii
tt
tt
yy
yy
m
m
mm
aa
aa
cc
cc
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
11
11
22
22
33
33
44
44
55
55
66
66
77
77
88
88
99
99
00
00
aa
aa
bb
bb
Sets a specific secure MAC
address 1234.5678.90ab.
You can add additional
secure MAC addresses up to
the maximum value
configured.
Switch(config-if)#ss
ss
ww
ww
ii
ii
tt
tt
cc
cc
hh
hh
pp
pp
oo
oo
rr
rr
tt
tt
pp
pp
oo
oo
rr
rr
tt
tt
ss
ss
ee
ee
cc
cc
uu
uu
rr
rr
ii
ii
tt
tt
yy
yy
v
v
vv
ii
ii
oo
oo
ll
ll
aa
aa
tt
tt
ii
ii
oo
oo
nn
nn
ss
ss
hh
hh
uu
uu
tt
tt
dd
dd
oo
oo
ww
ww
nn
nn
Configures port security to
shut down the interface if a
security violation occurs.
NOTE: In shutdown mode,
the port is errdisabled, a log
entry is made, and manual
intervention or errdisable
recovery must be used to
reenable the interface.
Switch(config-if)#ss
ss
ww
ww
ii
ii
tt
tt
cc
cc
hh
hh
pp
pp
oo
oo
rr
rr
tt
tt
pp
pp
oo
oo
rr
rr
tt
tt
ss
ss
ee
ee
cc
cc
uu
uu
rr
rr
ii
ii
tt
tt
yy
yy
v
v
vv
ii
ii
oo
oo
ll
ll
aa
aa
tt
tt
ii
ii
oo
oo
nn
nn
rr
rr
ee
ee
ss
ss
tt
tt
rr
rr
ii
ii
cc
cc
tt
tt
Configures port security to
restrict mode if a security
violation occurs.
Verifying Switch Port Security 111
Verifying Switch Port Security
NOTE: In restrict mode,
frames from a nonallowed
address are dropped, and
a log entry is made. The
interface remains
operational.
Switch(config-if)#ss
ss
ww
ww
ii
ii
tt
tt
cc
cc
hh
hh
pp
pp
oo
oo
rr
rr
tt
tt
pp
pp
oo
oo
rr
rr
tt
tt
ss
ss
ee
ee
cc
cc
uu
uu
rr
rr
ii
ii
tt
tt
yy
yy
v
v
vv
ii
ii
oo
oo
ll
ll
aa
aa
tt
tt
ii
ii
oo
oo
nn
nn
pp
pp
rr
rr
oo
oo
tt
tt
ee
ee
cc
cc
tt
tt
Configures port security to
protect mode if a security
violation occurs.
NOTE: In protect mode,
frames from a nonallowed
address are dropped, but no
log entry is made. The
interface remains
operational.
Switch#ss
ss
hh
hh
oo
oo
ww
ww
pp
pp
oo
oo
rr
rr
tt
tt
ss
ss
ee
ee
cc
cc
uu
uu
rr
rr
ii
ii
tt
tt
yy
yy
Displays security
information for all
interfaces
Switch#ss
ss
hh
hh
oo
oo
ww
ww
pp
pp
oo
oo
rr
rr
tt
tt
ss
ss
ee
ee
cc
cc
uu
uu
rr
rr
ii
ii
tt
tt
yy
yy
ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
ff
ff
aa
aa
ss
ss
tt
tt
ee
ee
tt
tt
hh
hh
ee
ee
rr
rr
nn
nn
ee
ee
tt
tt
00
00
//
//
55
55
Displays security
information for interface
fastethernet 0/5
Switch#ss
ss
hh
hh
oo
oo
ww
ww
pp
pp
oo
oo
rr
rr
tt
tt
ss
ss
ee
ee
cc
cc
uu
uu
rr
rr
ii
ii
tt
tt
yy
yy
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
Displays MAC address
table security information
Switch#ss
ss
hh
hh
oo
oo
ww
ww
mm
mm
aa
aa
cc
cc
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
tt
tt
aa
aa
bb
bb
ll
ll
ee
ee
Displays the MAC address
table
Switch#cc
cc
ll
ll
ee
ee
aa
aa
rr
rr
mm
mm
aa
aa
cc
cc
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
tt
tt
aa
aa
bb
bb
ll
ll
ee
ee
dd
dd
yy
yy
nn
nn
aa
aa
mm
mm
ii
ii
cc
cc
Deletes all dynamic MAC
addresses
Switch#cc
cc
ll
ll
ee
ee
aa
aa
rr
rr
mm
mm
aa
aa
cc
cc
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
tt
tt
aa
aa
bb
bb
ll
ll
ee
ee
dd
dd
yy
yy
nn
nn
aa
aa
mm
mm
ii
ii
cc
cc
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
aaaa
.
bbbb
.
cccc
Deletes the specified
dynamic MAC address
Switch#cc
cc
ll
ll
ee
ee
aa
aa
rr
rr
mm
mm
aa
aa
cc
cc
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
tt
tt
aa
aa
bb
bb
ll
ll
ee
ee
dd
dd
yy
yy
nn
nn
aa
aa
mm
mm
ii
ii
cc
cc
ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
ff
ff
aa
aa
ss
ss
tt
tt
ee
ee
tt
tt
hh
hh
ee
ee
rr
rr
nn
nn
ee
ee
tt
tt
00
00
//
//
55
55
Deletes all dynamic MAC
addresses on interface
fastethernet 0/5
Switch#cc
cc
ll
ll
ee
ee
aa
aa
rr
rr
mm
mm
aa
aa
cc
cc
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
tt
tt
aa
aa
bb
bb
ll
ll
ee
ee
dd
dd
yy
yy
nn
nn
aa
aa
mm
mm
ii
ii
cc
cc
vv
vv
ll
ll
aa
aa
nn
nn
11
11
00
00
Deletes all dynamic MAC
addresses on VLAN 10
112 Sticky MAC Addresses
Sticky MAC Addresses
Sticky MAC addresses are a feature of port security. Sticky MAC addresses limit switch
port access to a specific MAC address that can be dynamically learned, as opposed to a
network administrator manually associating a MAC address with a specific switch port.
These addresses are stored in the running configuration file. If this file is saved, the sticky
MAC addresses do not have to be relearned when the switch is rebooted, and thus provide
a high level of switch port security.
Switch#cc
cc
ll
ll
ee
ee
aa
aa
rr
rr
mm
mm
aa
aa
cc
cc
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
tt
tt
aa
aa
bb
bb
ll
ll
ee
ee
nn
nn
oo
oo
tt
tt
ii
ii
ff
ff
ii
ii
cc
cc
aa
aa
tt
tt
ii
ii
oo
oo
nn
nn
Clears MAC notification
global counters
NOTE: Beginning with
Cisco IOS Software Release
12.1(11)EA1, the clear mac
address-table command
(no hyphen in mac address)
replaces the clear mac-
address-table command
(with the hyphen in mac-
address). The clear mac-
address-table static
command (with the hyphen
in mac-address) will
become obsolete in a future
release.
Switch(config)#ii
ii
nn
nn
tt
tt
ee
ee
rr
rr
ff
ff
aa
aa
cc
cc
ee
ee
ff
ff
aa
aa
ss
ss
tt
tt
ee
ee
tt
tt
hh
hh
ee
ee
rr
rr
nn
nn
ee
ee
tt
tt
00
00
//
//
55
55
Moves to interface
configuration mode.
Switch(config-if)#ss
ss
ww
ww
ii
ii
tt
tt
cc
cc
hh
hh
pp
pp
oo
oo
rr
rr
tt
tt
pp
pp
oo
oo
rr
rr
tt
tt
ss
ss
ee
ee
cc
cc
uu
uu
rr
rr
ii
ii
tt
tt
yy
yy
m
m
mm
aa
aa
cc
cc
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
ss
ss
tt
tt
ii
ii
cc
cc
kk
kk
yy
yy
Converts all dynamic port
security learned MAC
addresses to sticky secure
MAC addresses.
Switch(config-if)#ss
ss
ww
ww
ii
ii
tt
tt
cc
cc
hh
hh
pp
pp
oo
oo
rr
rr
tt
tt
pp
pp
oo
oo
rr
rr
tt
tt
ss
ss
ee
ee
cc
cc
uu
uu
rr
rr
ii
ii
tt
tt
yy
yy
m
m
mm
aa
aa
cc
cc
aa
aa
dd
dd
dd
dd
rr
rr
ee
ee
ss
ss
ss
ss
ss
ss
tt
tt
ii
ii
cc
cc
kk
kk
yy
yy
vv
vv
ll
ll
aa
aa
nn
nn
11
11
00
00
vv
vv
oo
oo
ii
ii
cc
cc
ee
ee
Converts all dynamic port
security learned MAC
addresses to sticky secure
MAC addresses on voice
VLAN 10.
NOTE: The voice
keyword is available only
if a voice VLAN is first
configured on a port and if
that port is not the access
VLAN.
Configuration Example 113
Configuration Example
Figure 11-1 shows the network topology for the basic configuration of a 2960 series switch
using commands covered in this chapter.
Figure 11-1 Network Topology for 2960 Series Switch Configuration
switch>ee
ee
nn
nn
aa
aa
bb
bb
ll
ll
ee
ee
Enters privileged mode.
switch#cc
cc
oo
oo
nn
nn
ff
ff
ii
ii
gg
gg
uu
uu
rr
rr
ee
ee
tt
tt
ee
ee
rr
rr
mm
mm
ii
ii
nn
nn
aa
aa
ll
ll
Enters global configuration
mode.
switch(config)#nn
nn
oo
oo
ii
ii
pp
pp
dd
dd
oo
oo
mm
mm
aa
aa
ii
ii
nn
nn
ll
ll
oo
oo
oo
oo
kk
kk
uu
uu
pp
pp
Turns off Domain Name
System (DNS) queries so
that spelling mistakes do not
slow you down.
switch(config)#hh
hh
oo
oo
ss
ss
tt
tt
nn
nn
aa
aa
mm
mm
ee
ee
22
22
99
99
66
66
00
00
Sets the host name.
2960(config)#ee
ee
nn
nn
aa
aa
bb
bb
ll
ll
ee
ee
ss
ss
ee
ee
cc
cc
rr
rr
ee
ee
tt
tt
cc
cc
ii
ii
ss
ss
cc
cc
oo
oo
Sets the encrypted secret
password to cisco.
2960(config)#ll
ll
ii
ii
nn
nn
ee
ee
cc
cc
oo
oo
nn
nn
ss
ss
oo
oo
ll
ll
ee
ee
00
00
Enters line console mode.
2960(config-line)#ll
ll
oo
oo
gg
gg
gg
gg
ii
ii
nn
nn
gg
gg
ss
ss
yy
yy
nn
nn
cc
cc
hh
hh
rr
rr
oo
oo
nn
nn
oo
oo
uu
uu
ss
ss
Appends commands to a
new line; router information
will not interrupt.
Workstation B
192.168.1.11
Network 192.168.1.0/24
Workstation A
192.168.1.10
192.168.1.1Fa0/0
192.168.1.2
Fa0/1
2960Switch
Bismarck
Fa0/8Fa0/4
