*********************************************************************************

Create Vlans

• Vlan 50

Name VLans

• name SALES

Assign Ports to Vlans

• int gi1/0/22
• switchport mode access
• switchport access vlan 50

Assign an ip address to vlan

• interface vlan 50
• ip address 10.10.10.10 255.255.255.0
• no shutdown

Note :  to assign multiple ports interface range g1/0/10-20

to avoid switchport becoming trunk port  switchport mode access

*********************************************************************************

• show vtp status 
• vtp domain abc
• vtp mode server (transparent, client)

show run command does not display the vtp info if vtp is not in transparent mode, here is the reason:

…a VLAN database was introduced into Cisco IOS Software as a method to immediately save VTP updates for VTP clients and servers. In some versions of software, this VLAN database is in the form of a separate file in NVRAM, called the vlan.dat file. You can view VTP/VLAN information that is stored in the vlan.dat file for the VTP client or VTP server if you issue the show vtp status command.

VTP server/client mode switches do not save the entire VTP/VLAN configuration to the startup config file in the NVRAM when you issue the copy running-config startup-config command on these systems. It saves the configuration in the vlan.dat file. This does not apply to systems that run as VTP transparent. VTP transparent systems save the entire VTP/VLAN configuration to the startup config file in NVRAM when you issue the copy running-config startup-config command.

Configure a trunk port

• interface g1/0/23
• switchport trunk encapsulation dot1q  (for older switches)
• switchport mode trunk
• switchport nonegeotiate

+++++++++++++++++++++++++++++++++++++++++++++++++++

To check Trunk or Vlan info

note:   show cdp neighbors

Show interface trunk

show int g1/0/10 trunk

show run

show vlan

show interfaces g1/0/23 switchport (to check a interface status, trunk, etc)

Example:

• int g1/0/24
• switchport mode access
• switchport port-security maximum 1
• switchport port-security violation shutdown (protect, restrict)

To enable the function Type:    switchport port-security

To check a port security status  type:   show port-security    (show port-security int g1/0/24 for detailed info)

To bring a port from a shutdown state:

• int g1/0/24 
• shutdown
• no shutdown

Configuring SSH on a Cisco Device

1. Create hostname                    hostname abc
2. Configure a Domain name   ip domain-name abc.com
3. Generate encryption keys     crypto key generate rsa   -> How many bits in the modulus [512]:
4. Enable SSH version 2            ip ssh version 2
5. Create local user account(s) username Peter  secret password
6. line vty 0 4
   
7. Allow telnet or ssh                  transport input telnet ssh
8. Enable local login                    login local 
9. Write mem

• Hostname 

enable

conf t

hostname abc

no IP domain-lookup

• Console password

line con 0

login

password abcd

logging sync

• Telnet password

line vty 0 4

login

password abcd

exec-timeout 0 0 (minutes  seconds, 0 means unlimited)

(exec-timeout ?  ? to set a time for admin console to log off)

or

line vty o4

login local

(this will use the local account to log into the system)

use the following command to create a local user

conf t

username John secret abc123

• Enable security password

enable secret abc (encrypted password for console and telnet to enter/enable privilege mode)

enable password abc  (clear text, no encrypted password for console and telnet to enter/enable privilege mode)

If none above enabled, a user can log into console and access the privilege mode without using a password.  A Telnet user can use the telnet password to access and enter the privilege mode.

• Management (VLAN) IP address

interface vlan 1

ip address 10.10.10.10  255.255.255.0

no shutdown

• Default gateway

switch(config)#ip default-gateway 1.1.1.1

• Shutdown (disable not used ports)

interface g3/0/24

shutdown

• Logon Banner

Banner motd  ^abc^

• Saving configurations

copy running-config startup-config

or

Write mem

note : service password-encryption  (encrypt lin con & line vty pw)

show ip interface brief

show run   (do show run)

show ip route