Nine Switch Commands Every Cisco Network Engineer Needs to Know
Overview
To be considered experts, network engineers need experience with a wide variety of commands used with network technology. At the Cisco Certified Network Associate (CCNA) level, Cisco has indicated a number of commands that should be known initially for Cisco network switches. This article covers these commands, explaining what they do and how they alter the behavior and/or use of a Cisco switch.
hostname
Syntax:hostnamehostname
One of the most basic network commands,hostnameconfigures the hostname used for a device. This hostname identifies the device to other locally connected devices for protocols such as the Cisco Discovery Protocol (CDP), which helps in the identification of devices attached directly to the network. Although it is not case-sensitive, the hostname must follow certain rules: It must begin with a letter and end in a letter or digit, and interior characters must be letters, digits, or hyphens (-).
ip default-gateway
Syntax:ip default-gatewaygateway
Theip default-gatewaycommand configures the default gateway for a switch when IP routing isnotenabled (with theip routingglobal configuration command), which is typical when lower-level Layer 2 switches are being configured. The easiest way to determine whether IP routing has been enabled is to run theshow ip routecommand. When IP routing has not been enabled, the output will look similar to the following example:
SW1#show ip route Default gateway is 10.10.10.1 Host Gateway Last Use Total Uses Interface ICMP redirect cache is empty SW1#
When IP routing is enabled, the output looks similar to the output displayed on a router:
SW1 #显示ip路由代码:L -地方、C -连接,S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP + - replicated route, % - next hop override Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C 10.10.10.0/24 is directly connected, Vlan1 L 10.10.10.10/32 is directly connected, Vlan1 SW1#
username
Syntax:usernameusername{password | secret}password
Theusernamecommand configures a username and associates a password with it. Using thepasswordorsecretversion of this command is a matter of security:
Thepassword版本的这个命令将做两件事中的一件with the configuredpassword:
- Place the password into the configuration in plaintext (if theservice password-encryptioncommand is not enabled).
- Put the password through a Cisco-proprietary encryption algorithm before placing it into the configuration. (Note that this encryption is easily reversed.)
- Thesecretversion of this command will create an MD5 hash with the configuredpasswordand then place it into the configuration. This reconfigured password is much harder to crack than the encrypted version created with thepasswordversion of this command.
可以使用此用户名/密码的different features, including Telnet and SSH.
enable
Syntax:enable {password | secret}password
Theenablecommand configures the password that will be used to access a switch's privileged configuration mode. Because all configuration of a Cisco IOS switch requires privileged configuration mode, keeping this password private is very important. As with theusernamecommand, this command has two options:passwordandsecret. The differences between these two options are the same as those for theusernamecommand in the preceding section. Theenable secretversion of the command should be used in all production environments.
Console and Terminal Login Commands
Five commands are used to configure login via the control and virtual terminal (VTY) lines of a switch:
- password
- login
- exec-timeout
- service password-encryption
- copy running-config startup-config
The following sections describe these individual commands.
password
Syntax:passwordpassword
When entered in line-configuration mode (console or terminal), thepasswordcommand is used to configure the password that will be used to access a switch from that specific line, depending on the line mode (console or terminal). However, the password configured with this command is used only if thelogincommand is used (which is the default).
login
Syntax:login [local]
Thelogincommand is used to enable password checking on an interface. If this command is used without any parameters, the system will check the password entered with the login against the one entered with thepasswordcommand discussed in the preceding section. If used with thelocalparameter, both username and password will be prompted, and the entries will then be checked against the local username database that was created with theusernamecommand discussed previously.
exec-timeout
Syntax:exec-timeoutminutes[seconds]
Theexec-timeoutcommand is used to configure the amount of time that can pass before a device considers the connection idle and disconnects. By default, timeout is set to 10 minutes. This timeout can be disabled with theno exec-timeoutcommand. (This command is a shortcut and actually enters theexec-timeout 0 0command into the configuration.)
service password-encryption
Syntax:service password-encryption
Theservice password-encryptioncommand is used to enable the encryption of configured passwords on a device. The passwords referenced with this command are the ones configured with a command'spasswordparameter, such asusernamepasswordandenablepassword. The passwords encrypted with this command are not highly encrypted and can be broken relatively easily. By and large this command is deprecated, as most network engineers will use thesecretversion of the appropriate commands; however, even weak protection is better than nothing.
copy running-config startup-config
Syntax:copy running-config startup-config
Thecopy running-config startup-configcommand (popularly shortened tocopy run start) is one of the most fundamental commands learned by new Cisco network engineers. It copies the active configuration (running-config) on a device to non-volatile memory (NVRAM)(startup-config), which maintains a configuration across a reload. Without this command, a configuration can be lost when a device is reloaded or powered off. Thecopycommand can also be extended to save configuration and IOS images to and from a local device, as well as to and from different locations on the local device.
Summary
Network engineers must learn many Cisco OS commands in the process of becoming a CCNA (and beyond), and understanding these basic management commands is where the process starts. Without the knowledge of how to access devices, the complex commands are useless. You must understand when learning these concepts that they are intended to be stacked on top of each other. Lack of knowledge of a few base concepts undermines learning other, more advanced concepts that build on top of those basics.