• Cisco Switch Break Commands
• Cisco Basic Commands List

This tutorial explains basic switch configuration commands in detail with examples. Configuration and commands explained in this tutorial are essential commands to manage a Cisco switch effectively. Learn how to configure and manage a Cisco Switch step by step with this basic switch commands and configuration guide.

To explain basic switch configuration commands, I will use packet tracer network simulator software. You can use any network simulator software or can use a real Cisco switch to follow this guide. There is no difference in output as long as your selected software contains the commands explained in this tutorial.

Create a practice lab as shown in following figure or download this pre-created practice lab and load in packet tracer

If require, you can download the latest as well as earlier version of Packet Tracer from here. Download Packet Tracer

Command Reference, Cisco IOS XE Amsterdam 17.3.x (Catalyst 9300 Switches) 03/Aug/2020 Command Reference, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9300 Switches) 05/May/2020 Command Reference, Cisco IOS XE Amsterdam 17.1.x (Catalyst 9300 Switches) 26/Nov/2019 Command Reference, Cisco IOS XE Gibraltar 16.12.x (Catalyst 9300 Switches) 05/May/2020. Normal case in command prompt you could stop this by doing CTRL+C or CTRL+break. But in Cisco Devices you can only stop this by doing CTRL+SHIFT+6 which is one of the break sequence on Cisco devices. Small things helps when you are frustrated! Ravindu Denawaka. Cisco switch wont let me break stack. But when I do, I get 'Command suspended while switches are being added to stack' When I attempt to remove the stack (power. Some newer switches only support 802.1Q and in that case this command will be unavailable. It’s also possible that packet tracer doesn’t support it, it’s a simulator after all. It doesn’t matter too much thoughwhen this command doesn’t work then the switch will use 802.1Q when you configure the interface as a trunk. Switch name can be set from global configuration mode. Use hostname desired hostname command to set name on switch. How to set password on a Catalyst switch. Passwords are used to restrict physical access to switch. Cisco switch supports console line for local login and VTYs for remote login. All supported lines need be secure for User Exec mode.

In this topology

• Two 2960 Series switches are used.
• Switch1 (Interfarce Gig1/1) is connected with Switch2 (Interface Gig1/1) via cross cable.
• Switch1 has two PCs connected on interfaces Eth0/1 and Eth0/2 via straight through cable.
• Same as switch1, Switch2 also has two PCs connected on its interfaces Eth0/1 and Eth0/2.
• IP address is configured on all PCs PC0 (192.168.1.1/24), PC1 (192.168.1.2/24), PC2 (192.168.1.3/24), PC3 (192.168.1.4/24).

Click Switch1 and click CLI menu item and press Enter Key

Navigating between different switch command modes

Cisco switches run on proprietary OS known as Cisco IOS. IOS is a group of commands used for monitoring, configuring and maintaining cisco devices. For security and easy administration, IOS commands are divided in the set of different command modes. Each command mode has its own set of commands. Which commands are available to use, depend upon the mode we are in.

Following table lists necessary commands to navigate between different IOS modes with examples.

How to get help on Cisco Switch command mode

Switch provides two types of context sensitive help, word help and command syntax help.

Word help

Word help is used to get a list of available commands that begin with a specific letter. For example if we know that our command begins with letter e, we can hit enter key after typing e? at command prompt. It will list all possible commands that begin with letter e.

We can list all available commands, if we don't know the initials of our command. For example to list all available commands at User exec mode, just type ? at command prompt and hit enter key.

Command syntax help

Command syntax help can be used to get the list of keyword, commands, or parameters that are available starting with the keywords that we had already entered. Enter ? (Question mark) after hitting Space key and prompt will return with the list of available command options. For example to know the parameters required by show ip command type show ip ? and prompt will return with all associate parameters. If prompt returns with <CR> only as an option, that means switch does not need any additional parameters to complete the command. You can execute the command in current condition.

How to set name on switch

Switch name can be set from global configuration mode. Use hostname [desired hostname] command to set name on switch.

How to set password on a Catalyst switch

Passwords are used to restrict physical access to switch. Cisco switch supports console line for local login and VTYs for remote login. All supported lines need be secure for User Exec mode. For example if you have secured VTYs line leaving console line unsecure, an intruder can take advantage of this situation in connecting with device. Once you are connected with device, all remaining authentication are same. No separate configuration is required for further modes.

Password can be set from their respective line mode. Enter in line mode from global configuration mode.

VTY term stand for virtual terminal such as telnet or SSH. Switch may support up to thousand VTYs lines. By default first five (0 - 4) lines are enabled. If we need more lines, we have to enable them manually. 2960 Series switch supports 16 lines. We can set a separate password for each line, for that we have to specify the number of line. In our example we set a common password for all lines.

Above method is good for small companies, where numbers of network administrators are very few. In above method we have to share password between all administrators. Switch supports both local and remote server authentication. Remote server authentication is a complex process and not included in any entry level exams. For this article I am also skipping remote server method. In local database authentication method switch allows us to set a separate password for each user. Two global configuration commands are used to set local user database.

Both commands do same job. Advantage of using secret option over password option is that in secret option password is stored in MD5 encryption format while in password option password is stored in plain text format.

Along with User Exec mode we can also secure Privilege Exec mode. Two commands are available for it.

Again as I mentioned earlier, password stored with secret command is encrypted while password stored with password command remains in plain text. You only need to use single command. If you would use both commands as I did, enable secret command would automatically replace the enable password command.

How to reset switch to factory defaults

During the practice several times we have to reset switch to factory defaults. Make sure you don't run following commands in production environment unless you understand their effect clearly. Following commands will erase all configurations. In production environment you should always takes backup before removing configurations. In LAB environment we can skip backup process.

How to set IP address in Switch

IP address is the address of device in network. Switch allows us to set IP address on interface level. IP address assigned on interface is used to manage that particular interface. To manage entire switch we have to assign IP address to VLAN1( Default VLAN of switch). We also have to set default gateway IP address from global configuration mode. In following example we would assign IP 172.16.10.2 255.255.255.0 to VLAN1 and set default gateway to 172.16.10.1.

How to set interface description

Switches have several interfaces. Adding description to interface is a good habit. It may help you in finding correct interface. In following example we would add description Development VLAN to interface FastEthernet 0/1.

How to clear mac address table

Switch stores MAC addresses in MAC address table. Gradually it could be full. Once it full, switch automatically starts removing old entries. You can also clear these tables manually from privileged exec mode. To delete all entries use following command

To delete only dynamic entries use

How to add static MAC address in CAM table

For security purpose sometime we have to add mac address in CAM table manually. To add static MAC address in CAM table use following command

In above command we entered an entry for static MAC address aaaa.aaaa.aaaa assigned to FastEnternet 0/1 with default VLAN1.

How to save running configuration in switch

Switch keeps all running configuration in RAM. All data from RAM is erased when we turned off the device. To save running configuration use following command

How to set duplex mode

Switch automatically adjust duplex mode depending upon remote device. We could change this mode with any of other supported mode. For example to force switch to use full duplex mode use

show version

show version command provides general information about device including its model number, type of interfaces, its software version, configuration settings, location of IOS and configuration files and available memories.

show mac-address-table

Switch stores MAC address of devices those are attached with its interfaces in CAM table. We can use show mac-address-table command to list all learned devices. Switch uses this table to make forward decision.

show flash

Switch stores IOS image file in flash memory. show flash command will list the content of flash memory. This command is useful to get information about IOS file and available memory space in flash.

show running-config

Configuration parameter values are created, stored, updated and deleted from running configuration. Running configuration is stored in RAM. We can use show running-config command to view the running configuration.

show startup-config

Any configuration stored in RAM is erased when devices is turned off. We can save running configuration in NVRAM. If we have saved running configuration in NVRAM, it would be automatically loaded back in RAM from NVRAM during the next boot. As switch load this configuration back in RAM in startup of device, at NVRAM it is known as startup-config.

show vlan

show vlan command will display the VLANs. For administrative purpose, switch automatically create VLAN 1 and assign all its interfaces to it. You can create custom VLANs from global configuration mode and then assign them to interfaces.

show interface

show interface command displays information about interfaces. Without argument it would list all interfaces. To get information about specific interface we need to pass its interface number as an argument. For example to view details about FastEthernet 0/1, use show interface fastethernet 0/1.

First line from output provides information about the status of interface.

The first up indicates the status of the physical layer, and the second up indicates to the status of the data link layer.

Possible interface status

• up and up :- Interface is operational.
• up and down :- Its data link layer problem.
• down and down :- Its physical layer problem.
• Administratively down and down :- Interface is disabled with shutdown command.

Possible values for physical layer status

• Up :- Switch is sensing physical layer signal.
• Down :- Switch is not sensing physical layer signal. Possible reasons could be cable is not connected, wrong cable type is used and remote end device is turned off.
• Administratively down :- Interface is disabled by using shutdown command.

Possible values for data link layer status

• Up :- The data link layer is operational.
• Down :- The data link layer is not operational. Possible reasons could be a disabled physical layer, missed keep alives on a serial link, no clocking or an incorrect encapsulation type.

show ip interface brief

show ip interface brief is a extremely useful command to get quick overview of all interfaces on switch. It lists their status including IP address and protocol.

That’s all for this article.

Configuring a switch is generally an easy task, but when things go wrong you need to know what to do. Indeed, in this article, we jump-start you to switch troubleshooting on Cisco devices. With this step-by-step guide, you will learn the troubleshooting commands, and how to use them. Moreover, you will learn to find devices in a network, including where they are connected, IP, and MAC address. It is time to start!

This article comes with a Cisco Packet Tracer lab. To benefit the most from what you learn, you should try the lab while reading the article. This way, we will guide you through the switch troubleshooting steps and fixes.

Once you downloaded the file, open it with Packet Tracer, and continue reading.

Switch Troubleshooting Lab Intro

The Topology

This lab leverages the topology from the previous article about VLANs configuration. In fact, the majority of issues you are going to have with switches involve VLANs. However, we made some changes to enhance switch troubleshooting. First, we used a Layer 3 switch Mac os 10.7 6. as “TopSwitch”. This switch can perform routing and allows inter-VLAN communication (that was not possible previously).

After that, we have hidden all the switches. This way, we cannot simply see where the cable goes. Instead, we must check the configuration on the switches, doing real switch troubleshooting. We will have to jump on the core device (TopSwitchL3) and then telnet into other switches.

The Requirements

Since this article is all about switch troubleshooting, there is no specific configuration requirement. You won’t implement anything new, but instead, you are going to work with issues. Cisco introduces you to troubleshooting with the concept of the ticket, and because of that, we will do the same. The technical term for a ticket is, in reality, incident: here’s the definition.

An incident (ticket) is an issue in the infrastructure causing it to behave unexpectedly.

It can be a hardware fault, someone plugging a PC in the wrong port, or anything else you need to fix. Tickets are raised by users complaining that something does no work, then you need to identify the problem and solve it. For this article, you have three tickets to solve:

1. Users in the Sales office are complaining they cannot print
2. A guy from the Engineering department complains he has no network access
3. A Junior IT Support technician reported strange alerts on RightSwitch when connected via console

Device credentials

To access the peripheral switches (LeftSwitch, CenterSwitch, and RightSwitch) contained in the cloud, refer to the following table.

List of steps

Since this is a troubleshooting article, we cannot define a specific steps list that will work 100% of the time. However, the following list is the one that will get you to the problem faster. Moreover, we arranged it to be optimized for switch troubleshooting.

1. Define the problem
2. Find device(s) having issues
3. Check VLANs configuration
4. Verify trunk ports configuration
5. Check access ports configuration
6. Troubleshoot client issues

The first step is going to be “Define the problem” every time. However, based on what the problem really is, later steps may be followed in a different order. We are going to follow these steps for both tickets, but before we do it we should talk about troubleshooting approaches.

Troubleshooting approaches and Tips

Some people thing troubleshooting is like an art. Instead, troubleshooting is a simple task that can be written in the form of a procedure. Troubleshooting can be stressful, and you might end up performing the same checks again and again. This is frustrating, as you convince yourself that there is no reason for the problem, and it shouldn’t be happening. Nonetheless, it is happening. You need to have a plan. We can talk a lot about troubleshooting approaches, but for now, we will give you just a few tips.

• First, state the problem clearly, talking with the user if necessary.
• Use the divide-and-conquer approach. This means you start by pinging between the two devices that cannot communicate. If the ping is successful, check for application problems at upper OSI layers. Instead, if the ping fails, do a traceroute to find where in the network the problem is. Then, check the data-link layer and physical connections. This approach is opposed to the bottom-up approach (starting from the cabling) and the top-down approach (starting from the application). With this approach, you start in the middle of the OSI layer.
• Write down everything you do, so you won’t be repeating steps. This is useful for complex issues or infrastructures.
• If you still cannot resolve the issue, don’t panic. Google is your friend, check for users having similar issues.

These concepts are fundamentals. They will help you a lot in switch troubleshooting. We are going to see how right below when working on the tickets.

Ticket #1

Define the problem

The first ticket we are going to face is for the PCs in the Sales department that cannot print. This definition is way far from a punctual problem statement. After calling users, we clarify that they cannot access printers, servers, and file share on the network. Based on that, we know that it is unlikely to be a print problem. Both users have the same problem, but the two PCs can communicate with one another.

It’s time for you to gather technical details. You ask the users to open the command prompt (from the Start or with Win+R, then cmd for Windows users) and type ipconfig /all. We need to gather four items: IP address, default gateway, subnet mask, and Physical address (mac address). The two devices having problems are Laptop0 and Laptop1, so here is an example of Laptop 0 output.

After talking with the user, here is what we have learnt.

• User 1 is using a laptop with IP 10.100.2.10 and subnet mask of 255.255.255.0. Its default gateway is 10.100.20.1 and the MAC address is 00-D0-FF-66-C6-A1.
• User 2 is also using a laptop, with IP 10.100.2.11 and subnet mask of 255.255.255.0. Its default gateway is still 10.100.20.1 and the MAC address is 00-E0-8F-E1-5D-8B.

From that, we know that IP configuration on the two laptops is correct. Filmora video not showing. This is likely to be a network issue, and we need to find where in the network the issue is.

Gathering more information

When we face this kind of problem, we need to find out where the isolation is. In other words, we know that these two PCs are somehow isolated, but we need to know if they can reach at least their gateway, or if there is a problem with L2 segmentation. So, we jump on the TopSwitchL3, which is the default gateway, and we try to ping these two IP addresses. Both pings will fail.

Verify ARP cache

Since pings are failing, and we are in the same subnet, we need to verify if the data-link layer is working as expected. To verify the data-link layer, we start by issuing show ip arp just after those pings. With this command, we are checking if our switch was able to resolve the IP addresses to MAC addresses.

The command show ip arp presents you with the content of the ARP table. In other words, you can find all the bindings between IP addresses and MAC addresses the switch know. It may contain hundreds or even thousands of entries in a real-world switch performing routing. This command presents you several columns, here’s their meaning.

• Protocol – Internet stands for IP, identifies the protocol that triggered the ARP request/response process
• Address – IP address
• Age – Time in minutes since the entry is in the table
• Hardware Addr – MAC address associated with the IP address in the same row
• Type – ARP encapsulation type, generally “ARPA”, way out of scope for this article
• Interface – On which interface the switch learned the MAC address

Entries that have no age (but a dash instead) are the ones associated switch’s IP addresses. Moreover, note that this table is populated only from ARP requests the switch made. As a result, ARP requests made from other devices, and passing through the switch will be ignored.

Checking the previous output, we didn’t find any MAC address but the ones of the local switch. This means that ARP requests have been failing, so we have a problem at the data-link layer or even below.

Verify MAC address table

The MAC address table on a switch remembers the association between a MAC address and a physical port of the switch. The switch will populate that table and keep it up-to-date every time it receives an ethernet frame. In other words, to see the MAC address of these laptops on the Top switch, laptops must generate traffic and that traffic must reach the Top switch. Even ARP responses are traffic, but we don’t know if our requests made it to the client. In case they didn’t, the device won’t have generated any traffic. Just to be sure, jump on Laptop0 and ping the default gateway, 10.100.2.1.

Even if ping fails, our PC has generated some traffic, so we can check the ARP table on the Top switch to see if they made it. We do it by typing show mac address-table from the privileged exec prompt.

We are looking for the MAC address of the Laptop0, which is 00d0.ff66.c6a1 (in Cisco notation). Nevertheless, we cannot find this MAC address here. Now we are sure that communication with the device doing routing is broken. We need to find if we can reach the peripheral switch, at least. Since we don’t know where in the network Laptop0 is, we need to check all the switches. Our objective is to find a switch having that MAC address in the MAC address table.

Checking MAC address table on peripheral switches

To continue with our switch troubleshooting, we are going to connect to LeftSwitch. To do it, remain on TopSwitchL3 in privileged exec, then type telnet 10.80.0.2 and enter the password as required. Then, once again, issue show mac address-table and check the results.

Here we are! We found our device, it is connected to the FastEthernet 0/10 port on LeftSwitch. At this point, we know that the connection between Laptop0 and LeftSwitch is working fine, but there might be some problems between LeftSwitch and top switch. Before we check that, try to discover where Laptop1 is connected on your own. Just for the sake of learning, here’s the explanation of show mac address-table output.

• Vlan – the VLAN associated with the MAC address, this comes from the VLAN associated with the port
• Mac Address – the MAC address itself
• Type – How the MAC address was learned, dynamic means from an ethernet frame, static means it was hardcoded
• Port – Physical port this MAC address was seen on

Tip: if you don’t see the MAC address even there, it means the MAC address table aged out. Try again the ping from the Laptop and, as soon as it finishes, immediately check the MAC address table.

Checking trunks

This problem involves two devices on the same VLAN, so it could be potentially a problem of that VLAN. We issue show vlan brief to check if the VLAN exists, and we find that VLAN 102 is the one for Laptops. Consequently, we need to check if this VLAN goes on the trunk toward TopSwitchL3. We do that with show interfaces trunk.

This must be the problem. Therefore, all we need to do is enter in configuration mode, go under the interface GigabitEthernet 0/1 and add the missing VLANs. Below, the needed commands.

Once you typed that, try to ping the default gateway from both Laptop1 and Laptop2. This problem prevented all the traffic from devices on LeftSwitch to reach the TopSwitch, the routing core. As a result, all devices inside VLAN 102 on LeftSwitches, was isolated from everything else. Review this configuration, and when you feel confident with what we did move to the next ticket.

Ticket #2

Define the problem

The second ticket in our Switch Troubleshooting is the one from the Engineering guy, the one complaining to have no network access. This time, we know the problem is on Laptop2, and only on that device. All laptops are working fine, and other devices connected to the same switch are working fine too. Therefore, we know that this problem is very limited, and can be associated with either PC settings or access port settings.

Gathering additional information

Again, we need to know the whereabouts of the PC. So, log into Laptop2 and, from the prompt, type ipconfig /all. You will find that this PC has the IP address 10.100.2.12 associated with a /24 subnet mask, the default gateway is the 10.100.2.1 and the MAC address is 0002.154c.552c. Since we know the problem is likely to be on the device, it’s time to find it.

Finding the device in the network

This time we will go much faster. First thing, from the command prompt of Laptop2, issue a ping toward 10.100.2.1 to generate traffic. After that, immediately check the MAC address table of TopSwitchL3 with show mac address-table command. We are looking for 0002.154c.552c. Apparently, we found it.

At first glance, the laptop might seem connected to FastEthernet 0/2 on TopSwitchL3. The problem is clear from there, the laptop is in VLAN 301 (servers) instead of VLAN 102 (laptops). However, we are doing switch troubleshooting, so we must look closely. Thus, we see than this port is associated with multiple MAC addresses in different VLANs. We should check whether it is a trunk using our friend show interfaces trunk.

To help you, FastEthernet 0/2 is the interface connecting CenterSwitch. Since we saw the MAC address of the laptop coming from that interface, the laptop must be connected to that switch. We can reach it with telnet 10.80.0.3 and check its MAC address table.

Interface FastEthernet 0/10 is an access port in VLAN 301. To put it in VLAN 102, as it should be, use the following commands.

Done. The problem is fixed, and pinging again can prove it.

Ticket #3

Define the problem

For the third ticket of our switch troubleshooting, a Junior technician told us about strange messages on RightSwitch. So, we know where the problem is and we just need to check those messages. Log into RightSwitch using telnet 10.80.0.4 to check those messages. However, since messages normally appear in console only, and we don’t have console access, we need to find an alternative way.

To see the log messages in VTY lines, type terminal monitor, and to disable that use terminal no monitor. If you wait for about 30 seconds with the terminal monitor on, you will see a CDP error message as in the picture.

Fixing Native VLAN Mismatch

Let’s analyze the syntax. Here’s the whole message.

This message is extremely clear, but analyzing all its sections will make that even clearer.

• %CDP – Cisco Discovery Protocol is the protocol that noticed the error
• 4 – Severity, indicates how severe this error is, where 0 is the most severe, and 7 is debugging. 4 means warning.
• NATIVE_VLAN_MISMATCH – The code of the error
• Native VLAN mismatch discovered – Brief description of the error, it indicates that the native VLAN on one side of a trunk is different from the one set by the other switch
• on GigabitEthernet0/1 – the interface of the local switch
• (1) – Native VLAN of the local switch
• with TopSwitchL3 – the hostname of the remote switch
• FastEthernet0/3 – the interface of the remote switch
• (99) – Native VLAN of the remote switch

Cisco Switch Break Commands

What this message is trying to say is that the native VLAN on this switch differs from the one on the other side of the trunk. Specifically, TopSwitchL3 is using VLAN 99 – correct – while RightSwitch is using VLAN 1 – wrong. To fix this, simply add the commands below.

Then wait for about a minute, you won’t see any more message like that.

Conclusion

Congratulations! We finished our switch troubleshooting successfully, now everything works as expected. Just to recap, we learned two powerful commands: show ip arp and show mac address-table. These two commands help you to locate devices in the network and perform basic troubleshooting. With experience increasing, you will become faster and faster in switch troubleshooting tasks.

Cisco Basic Commands List

Continue to follow our Free CCNA course to learn everything else you need to work in networking and get your certification fast and easy.