Switching

SWITCHING basic commands


view current status
ccna>show interfaces status

Port    Name               Status       Vlan     Duplex Speed   Type
------- ------------------ ------------ -------- ------ ------- ----
Fa0/1                      connected    401      A-Full   A-100 100BaseTX/FX
Fa0/2                      connected    402      A-Full      10 100BaseTX/FX
Fa0/3                      connected    403      A-Full      10 100BaseTX/FX
Fa0/4                      disabled     404        Auto      10 100BaseTX/FX
Fa0/5                      notconnect   405        Auto    Auto 100BaseTX/FX
Fa0/6                      notconnect   406        Auto    Auto 100BaseTX/FX
Fa0/7                      notconnect   407        Auto      10 100BaseTX/FX
Fa0/8                      connected    408      A-Full      10 100BaseTX/FX
Fa0/9                      notconnect   409        Auto      10 100BaseTX/FX
Fa0/10                     notconnect   410        Auto      10 100BaseTX/FX
Fa0/11                     notconnect   411        Auto      10 100BaseTX/FX
Fa0/12                     notconnect   412        Auto      10 100BaseTX/FX
Fa0/13                     notconnect   413        Auto      10 100BaseTX/FX
Fa0/14                     notconnect   414        Auto      10 100BaseTX/FX
Fa0/15                     notconnect   415        Auto      10 100BaseTX/FX


view mac:
ccna>show mac-address-table sec | inc  FastEthernet0/29
001b.2418.712c       Secure         429  FastEthernet0/29
0023.5a57.0022       Secure         429  FastEthernet0/29


view up/down history
ccna>sh log | inc  FastEthernet0/3
028976: *Apr 24 14:38:12: %LINK-3-UPDOWN: Interface FastEthernet0/30, changed state
to down
028977: *Apr 24 14:38:13: %LINEPROTO-5-UPDOWN: Line protocol on Interface
FastEthernet0/30, changed state to down
028978: *Apr 24 14:45:31: %LINK-3-UPDOWN: Interface FastEthernet0/31, changed state
to down
028979: *Apr 24 14:45:32: %LINEPROTO-5-UPDOWN: Line protocol on Interface
FastEthernet0/31, changed state to down


show clock:
ccna>show clock
*23:54:14.529 MSK Sat Apr 24 1993

view uptime:
ccna>sh ver
Cisco Internetwork Operating System Software
IOS (tm) C3500XL Software (C3500XL-C3H2S-M), Version 12.0(5)WC16, RELEASE SOFTWARE
(fc1)
Copyright (c) 1986-2006 by cisco Systems, Inc.
Compiled Thu 21-Sep-06 12:51 by antonino
Image text-base: 0x00003000, data-base: 0x00352924

ROM: Bootstrap program is C3500XL boot loader

ccna uptime is 7 weeks, 5 days, 20 hours, 52 minutes
System returned to ROM by power-on
System image file is "flash:c3500xl-c3h2s-mz.120-5.WC16.bin"


cisco WS-C3548-XL (PowerPC403) processor (revision 0x01) with 16384K/1024K bytes of
memory.
Processor board ID FAA0432X0C2, with hardware revision 0x00
Last reset from power-on

ccna>sho diags ?
  addr-move  Show learned address movement count and rate
  link-flap  Show link up/down count and rate

view port going up and down:
ccna>sho diags link-flap
Interface                 Total   Last Min
-------------------- ---------- ----------
FastEthernet0/1             126          0
FastEthernet0/2              60          0
FastEthernet0/3              28          0
FastEthernet0/4             121          0
FastEthernet0/5             999          0
FastEthernet0/6             180          0
FastEthernet0/7             251          0
FastEthernet0/8             261          0
FastEthernet0/9             194          0
FastEthernet0/10             11          0


view vlans:
ccna>sh vlan
VLAN Name                             Status    Ports
---- -------------------------------- --------- ------------------
1    default                          active
41   VLAN0041                         active
42   VLAN0042                         active
43   VLAN0043                         active
44   VLAN0044                         active
45   VLAN0045                         active
46   VLAN0046                         active
47   VLAN0047                         active
48   VLAN0048                         active
401  VLAN0401                         active    Fa0/1
402  VLAN0402                         active    Fa0/2
403  VLAN0403                         active    Fa0/3
404  VLAN0404                         active    Fa0/4
405  VLAN0405                         active    Fa0/5
406  VLAN0406                         active    Fa0/6
407  VLAN0407                         active    Fa0/7
408  VLAN0408                         active    Fa0/8
409  VLAN0409                         active    Fa0/9

Switches are hardware based because they use ASIC chips.
Switches have a higher number of ports than most bridges.

Functions

address learning
forward/filter decisions
loop avoidance

provides

Hardware-based bridging (ASIC)
Wire speed
Low latency
Low cost

If the destination hardware address is not listed in the MAC database, then the frame is flooded out all active interfaces except the interface the frame was received on.
sh mac address-table - to view macs (in privileged mode)

mac-address-table static cafe.dead.beaf - to assign mac-address

S1#config ter S1(config)#mac-address-table static dead.beef.cafe vlan 1 int fa0/5

choosing several interfaces together:

Switch(config)#int range fastEthernet 0/1 - 12

ip default-gateway to manage switche remotedly one needs to assign default gateway and ip address to the interface vlan 1 . This ip would be the only one for all interfaces. Setting telnet password is also needed. Interface vlan 1 is down by default.:

Switch(config-if)#interface vlan 1 Switch(config-if)#ip address 192.168.10.1 255.255.255.0 Switch(config-if)#no shut

Switch(config)#ip default-gateway 192.168.10.30

Port Security

When a device is connected to the switch port, the MAC address of the frame from the connected device is place in a forwarding table. Under normal circumstances, there are no restrictions on the devices that can be attached to a switch port.

With switch port security, you configure the switch to allow only specific devices to use a given port. You identify the MAC address of allowed devices.
Any devices not explicitly identified will not be allowed to send frames through the switch. To configure port security, take the following general actions on the port:

Explicitly configure the port as an access port (a port with attached hosts, not with an attached switch).
Enable switch port security.
Identify the MAC addresses that can use the switch.

switchport mode access - to make the port an access port.
switchport port-security - to enable port security
switchport port-security mac-address cafe.dead.beef - to assign the allowed MAC
switchport port-security maximum 2 - maximum number of MAC addresses that can be allowed for a port.
The default allows only a single MAC address per port.
switchport port-security mac-address sticky - to dynamically identify the allowed MAC address.
The address in the first frame received by the switch port is the allowed MAC address for the port.
The Catalyst switch can sticky learn a maximum of 132 MAC addresses.
switchport port-security violation shutdown -

shutdown disables the port (default)
protect drops the frames from the unauthorized device
restrict does the same as protect and also generates an SNMP trap

switch#show port-security interface f0/2 - to view security settings

Examples

The following commands configures Fast Ethernet port 0/15 to accept the first MAC address it receives as the allowed MAC address for the port:

switch(config)#interface fast 0/15 switch(config-if)#switchport mode access switch(config-if)#switchport port-security switch(config-if)#switchport port-security mac-address sticky

Thrashing the MAC table - constantly updating the MAC filter table with source hardware address locations.