Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
201 Cards in this Set
- Front
- Back
|
Display all mac addresses
|
Switch# show mac address-table dynamic [address <mac-address> | interface <type mod/num> | vlan <vlan-id>]
|
|
|
Clear a CAM entry
|
Switch# clearmac address-table dynamic [address <mac-address> | interface <type mod/num> | vlan <vlan-id>]
|
|
|
Display current CAM table size
|
Switch# show mac address-table count
|
|
|
Select a port
|
Switch(config)# interface <type mod/num>
|
|
|
Select multiple ports
|
Switch(config)# interface range <type mod/first-num> - <last/num>, [<mod/first-num> - <last/num>][…]
|
|
|
Define an interface range macro
|
Switch(config)# define interface range macro-name <type> <mod/first-num> - <last/num>
|
|
|
Invoke an interface macro
|
Switch(config)# interface range macro <macro-name>
|
|
|
Set port speed
|
Switch(config-if)# speed {10 | 100 | 1000 | auto}
|
|
|
Set port duplex
|
Switch(config-if)# duplex {auto | full | half}
|
|
|
Specify the errdisable causes that can be reenabled (applies to ALL ports)
|
Switch(config)# errdisable recovery cause [all | <cause-name>]
|
|
|
Show interfaces in errdisabled mode
|
Switch# show interface status err-disabled
|
|
|
Create a VLAN
|
Switch(config)# vlan <vlan-num>
|
|
|
Set an interface for Layer-2 operation
|
Switch(config-if)# switchport
|
|
|
Set the VLAN encapsulation method
|
Switch(config-if)# switchport trunk encapsulation {isl | dot1q | negotiate}
|
|
|
Set the native VLAN (802.1q only)
|
Switch(config-if)# switchport trunk native vlan <vlan-id>
|
|
|
Set the allowed VLANs on a trunk
|
Switch(config-if)# switchport trunk allowed vlan {<vlan-list> | all | {add | except | remove} <vlan-list>
|
|
|
Set the trunk mode
|
Switch(config-if)# switchport mode {trunk | dynamic {desirable | auto}}
|
|
|
Disable DTP mode
|
Switch(config-if)# switchport nonegotiate
|
|
|
Show global dtp settings
|
Switch# show dtp
|
|
|
Show DTP interface settings
|
Switch# show dtp interface <type mod/num>
|
|
|
Show trunking status of a port
|
Switch# show interface <type mod/num> trunk
|
|
|
Show VALN information
|
Switch# show vlan id <vlan-id>
|
|
|
Configure a VTP domain
|
Switch(config)# vtp domain <domain-name>
|
|
|
Configure a VTP mode
|
Switch(config)# vtp mode {server | client | transparent}
|
|
|
Configure a VTP password
|
Switch(config)# vtp domain <password>
|
|
|
Set the VTP version
|
Switch(config)# vtp version {1 | 2}
|
|
|
Enable VTP pruning
|
Switch(config)# vtp pruning
|
|
|
Modify VTP pruning list
|
Switch(config-if)# switchport trunk pruning vlan {{{add | except | remove} <vlan-list>} | none}
|
|
|
Show VTP status
|
Switch(config)# show vtp status
|
|
|
Configure PAgP on an interface
|
Switch(config-if)# channel-protocol pagp
|
|
|
Configure PAgP mode
|
Switch(config-if)# channel-group <number> mode {on | {{auto | desirable} [non-silent]}}
|
|
|
Configure LACP on an interface
|
Switch(config-if)# channel-protocol lacp
|
|
|
Define LACP switch priority
|
Switch(config)# lacp system-priority <priority>
|
|
|
Configure LACP mode
|
Switch(config-if)# channel-group <number> mode {on | passive | active}
|
|
|
Verify the EtherChannel
|
Switch# show etherchannel summary
|
|
|
Verify the EtherChannel negotiation
|
Switch# show etherchannel port
|
|
|
Show all EtherChannel settings for a port
|
Switch# show interface <type mod/num> ethercahnnel
|
|
|
Configure EtherChannel load balancing
|
Switch(config)# port-channel load-balance <method>
|
|
|
Show EtherChannel current load
|
Switch# show etherchannel port-channel
|
|
|
Show STP interface status
|
Switch# show spanning-tree interface <type mod/num>
|
|
|
Show the STP bridge priority values
|
Switch# spanning-tree vlan <vlan-id>
|
|
|
Enable STP per VLAN
|
Switch(config)# spanning-tree vlan <vlan-id>
|
|
|
Enable STP per interface
|
Switch(config-if)# spanning-tree vlan <vlan-id>
|
|
|
Enable extended system ID mode
|
Switch(config)# spanning-tree extend system-id
|
|
|
Set the bridge ID (per VLAN)
|
Switch(config)# spanning-tree vlan <vlan-list> priority <bridge-priority>
|
|
|
Set bridge as root primary or secondary
|
Switch(config)# spanning-tree vlan <vlan-id> root {primary | secondary} [diameter <diameter>]
|
|
|
Configure a port's STP port priority
|
Switch(config-if)# spanning-tree [vlan <vlan-list>] port-priority <port-priority>
|
|
|
Set STP Hello Timer (1-10s, default 2)
|
Switch(config)# spanning-tree [vlan <vlan-id>] hello-time <seconds>
|
|
|
Set STP Forward Timer (4-30s, default 15)
|
Switch(config)# spanning-tree [vlan <vlan-id>] forward-time <seconds>
|
|
|
Set STP Max-Age Timer (6-40s, default 20)
|
Switch(config)# spanning-tree [vlan <vlan-id>] max-age <seconds>
|
|
|
Automatically configure STP timers
|
Switch(config)# spanning-tree vlan <vlan-list> root {primary | secondary} [diameter <diameter> [hello-time <hello-time>]]
|
|
|
Enable PortFast globally on all Access ports by default
|
Switch(config)# spanning-tree portfast default
|
|
|
Enable PortFast on a port
|
Switch(config-if)# spanning-tree portfast
|
|
|
Show PortFast status
|
Switch# show spanning-tree interface <type mod/num> portfast
|
|
|
Enable UplinkFast
|
Switch(config)# spanning-tree uplinkfast [max-update-rate <pkts-per-second>]
|
|
|
Show UplinkFast status
|
Switch# show spanning-tree uplinkfast
|
|
|
Enable BackboneFast
|
Switch(config)# spanning-tree backbonefast
|
|
|
Show BackboneFast status
|
Switch# show spanning-tree backbonefast
|
|
|
Show the root bridge, root port and root path cost
|
Switch# show spanning-tree [vlan <vlan-id>] root
|
|
|
Show bridge ID and timers for local switch
|
Switch# show spanning-tree [vlan <vlan-id>] bridge
|
|
|
Show the STP state of each switch port
|
Switch# show spanning-tree [vlan <vlan-id>] summary
|
|
|
Show ALL STP information (very detailed port information)
|
Switch# show spanning-tree detail
|
|
|
Show STP activity on a specific interface
|
Switch# show spanning-tree interface <type mod/num>
|
|
|
Enable Root Guard
|
Switch(config-if)# spanning-tree guard root
|
|
|
Show switch ports the Root Guard put into the "root-inconsistent" state
|
Switch# show spanning-tree inconsistentports
|
|
|
Enable BPDU Guard as global default
|
Switch(config)# spanning-tree portfast bpduguard default
|
|
|
Enable BPDU Guard per port
|
Switch(config-if)# [no] spanning-tree bpduguard enable
|
|
|
Enable Loop Guard as global default
|
Switch(config)# spanning-tree loopguard default
|
|
|
Enable Loop Guard per port
|
Switch(config-if)# [no] spanning-tree guard loop
|
|
|
Enable UDLD globally
|
Switch(config)# udld {enable | aggressive | message time <seconds>}
|
|
|
Enable UDLD per port
|
Switch(config-if)# udld {enable | aggressive | disable}
|
|
|
Show UDLD status
|
Switch# show udld [type mod/num]
|
|
|
Reenable ports the UDLD aggressive mode has errdisabled
|
Switch# udld reset
|
|
|
Enable BPDU Filter as global default
|
Switch(config)# spanning-tree portfast bpdufilter default
|
|
|
Enable BPDU Filter per port
|
Switch(config-if)# spanning-tree bpdu filter {enable | disable}
|
|
|
Configure a port as an RSTP edge port
|
Switch(config-if)# spanning-tree portfast
|
|
|
Force a port to act as an RSTP point-to-point link
|
Switch(config-if)# spanning-tree link-type point-to-point
|
|
|
Enable RPVST+
|
Switch(config)# spanning-tree mode rapid-pvst
|
|
|
Enable PVST
|
Switch(config)# spanning-tree mode pvst
|
|
|
Enable MST on a switch
|
Switch(config)# spanning-tree mode mst
|
|
|
Enter MST config mode
|
Switch(config)# spanning-tree mst configuration
|
|
|
While in MST config mode, name the MST region
|
Switch(config-mst)# name <name>
|
|
|
While in MST config mode, assign or update a MST revision number
|
Switch(config-mst)# revision <version>
|
|
|
While in MST config mode, map VLANs to an MST instance
|
Switch(config-mst)# instance <instance-id> vlan <vlan-list>
|
|
|
While in MST config mode, show pending MST changes
|
Switch(config-mst)# show pending
|
|
|
While in MST config mode, exit MST config mode and commit changes
|
Switch(config-mst)# exit
|
|
|
Show a port's current Layer 2 or Layer 3 mode
|
Switch# show interface <type mod/num> switchport
|
|
|
Show FIB table entries for an interface or VLAN
|
Switch# show ip cef [<type mod/num> | vlan <vlan-id>] [detail]
|
|
|
Show FIB table entries for an IP prefix
|
Switch# show ip cef [<prefix-ip> <prefix-mask>] [longer-prefixes] [detail]
|
|
|
Show FIB adjacency table
|
Switch# show adjacency [<type mod/num> | vlan <vlan-id>] [summary | detail]
|
|
|
Show FIB CEF drop stats
|
Switch# show cef drop
|
|
|
Show FIB CEF punt activity
|
Switch# show cef not-cef-switched
|
|
|
Show entire FIB
|
Switch# show ip cef
|
|
|
Define DHCP excuded addresses
|
Switch(config)# ip dhcp excluded-address <start-ip> <end-ip>
|
|
|
Configure a DHCP IP pool
|
Switch(config)# ip dhcp pool <pool-name>
|
|
|
Define a DHCP network
|
Switch(config-dhcp)# network <ip-address> <subnet-mask>
|
|
|
Define a DHCP default router IP
|
Switch(config-dhcp)# default-router <ip-address> [<ip-address2>] …
|
|
|
Define a DHCP lease
|
Switch(config-dhcp)# lease {infinite | {<days> [<hours> [<minutes>]]}}
|
|
|
Configure DHCP Relay
|
Switch(config-if)# ip helper address <ip-address>
|
|
|
Set HSRP interface priority
|
Switch(config-if)# standby <group> priority <priority>
|
|
|
Set HSRP timers
|
Switch(config-if)# standby <group> timers [msec] <hello-time> [msec] <holdtime>
|
|
|
Have an interface preempt the HSRP active role
|
Switch(config-if)# standby <group> preempt [delay [minimum <seconds>] [reload <seconds>]]
|
|
|
Configure HSRP interface tracking
|
Switch(config-if)# standby <group> track <type mod/num> [<decrementvalue>]
|
|
|
Assign the HSRP address
|
Switch(config-if)# standby <group> ip <ip-address> [secondary]
|
|
|
Show HSRP status
|
Switch# show standby [brief] [vlan <vlan-id> | <type mod/num>]
|
|
|
Plain-text HSRP authentication
|
Switch(config-if)# standby <group> authentication <string>
|
|
|
MD5 HSRP authentication
|
Switch(config-if)# standby <group> authentication md5 key-string [0 | 7] <string>
|
|
|
MD5 HSRP authentication using a key chain
|
Switch(config-if)# standby <group> authentication md5 key-chain <chain-name>
|
|
|
Create and name a key chain
|
Switch(config)# key chain <chain-name>
|
|
|
Create and configure the key chain key number
|
Switch(config-keychain)# key <key-number>
|
|
|
Enter a key chain key
|
Switch(config-keychain-key)# key-string [0 | 7] <string>
|
|
|
Set VRRP interface priority
|
Switch(config-if)# vrrp <group> priority <level>
|
|
|
Set VRRP timers
|
Switch(config-if)# vrrp <group> timers advertise [msec] <interval>
|
|
|
Learn VRRP advertisement interval from master router
|
Switch(config-if)# vrrp <group> timers learn
|
|
|
Disable VRRP preempting
|
Switch(config-if)# no vrrp <group> preempt
|
|
|
Change VRRP preempt delay
|
Switch(config-if)# vrrp <group> preempt [delay <seconds>]
|
|
|
VRRP authentication
|
Switch(config-if)# vrrp <group> authentication <string>
|
|
|
Assign the VRRP address
|
Switch(config-if)# vrrp <group> ip <ip-address>[secondary]
|
|
|
Show VRRP status
|
Switch# show vrrp [brief]
|
|
|
Assign GLBP priority
|
Switch(config-if)# glbp <group> priority <priority>
|
|
|
Enable GLBP preempting and delay
|
Switch(config-if)# glbp <group> preempt [delay minimum <seconds>]
|
|
|
Set GLBP timers
|
Switch(config-if)# glbp <group> timers [msec] <hellotime> [msec] <holdtime>
|
|
|
Set GLBP redirect timers
|
Switch(config-if)# glbp <group> timers redirect <redirect> <timeout>
|
|
|
Define an interface to track
|
Switch(config)# track <object-number> interface <type mod/num> {line-protocol | ip routing} <timeout>
|
|
|
Define the weighting thresholds for a tracked interface using GLBP
|
Switch(config-if)# glbp <group> weighting <maximum> [lower <lower>] [upper <upper>]
|
|
|
Configure GLBP to know which objects to track so weighting can be adjusted
|
Switch(config-if)# glbp <group> weighting track <object-number> [decrement <value>]
|
|
|
Set GLBP load-balancing method
|
Switch(config-if)# glbp <group> load-balancing [round-robin | weighted | host-dependent]
|
|
|
Enable GLBP
|
Switch(config-if)# glbp <group>ip [<ip-address> [secondary]]
|
|
|
Show GLBP status
|
Switch# show glbp [brief]
|
|
|
Enter supervisor redundancy configuration mode
|
Switch(config)# redundancy
|
|
|
Select the supervisor redundancy mode
|
Switch(config-red)# mode {rpr | rpr-plus | sso}
|
|
|
Show redundancy
|
Switch(config)# show redundancy states
|
|
|
Enter the redundancy main-cpu mode
|
Switch(config-red)# main-cpu
|
|
|
Specify the redundancy information that will be synchronized
|
Switch(config-r-mc)# mode {startup-config | config-register | bootvar}
|
|
|
NSF for BGP
|
Switch(config-router)# bgp graceful-restart
|
|
|
NSF for EIGRP
|
Switch(config-router)# nsf
|
|
|
NSF for OSPF
|
Switch(config-router)# nsf
|
|
|
NSF for IS-IS
|
Switch(config-router)# nsf [cisco | ietf]
|
|
|
Configure PoE
|
Switch(config-if)# power inline {auto [max <milli-watts>] | static [max <milli-watts>] | never
|
|
|
Verify PoE
|
Switch# show power inline [<type mod/num>]
|
|
|
Configure the Voice VLAN mode
|
Switch(config-if)# switchport voice vlan {<vlan-id> | dot1p | untagged | none}
|
|
|
Verify Voice VLAN
|
Switch# show interface switchport
|
|
|
Enable QoS on the switch
|
Switch(config)# mls qos
|
|
|
Define the QoS parameter that will be trusted
|
Switch(config-if)# mls qos trust {cos | ip-precedence | dscp}
|
|
|
Make the trust conditional
|
Switch(config-if)# mls qos trust device cisco-phone
|
|
|
Instruct an IP Phone on how to extend a trust boundary
|
Switch(config-if)# switchport priority extend {cos <value> | trust}
|
|
|
Configure a switch uplink to be trusted
|
Switch(config-if)# mls qos trust cos
|
|
|
Set Auto-QoS with the appropriate trust
|
Switch(config-if)# auto qos voip {cisco-phone | cisco-softphone | trust}
|
|
|
Remove Auto-QoS
|
Switch(config)# no auto qos voip
|
|
|
Verify QoS trust
|
Switch# show mls qos interface <type mod/num>
|
|
|
Verify how an IP Phone has been instructed to treat incoming QoS info
|
Switch# show interface <type mod/num> switchport
|
|
|
Verify Auto-QoS on an interface
|
Switch# show auto qos interface <type mod/num>
|
|
|
Configure port security on a switch port
|
Switch(config-if)# switchport port-security
|
|
|
Configure port security maximum number of MACs
|
Switch(config-if)# switchport port-security maximum <max-addr>
|
|
|
Set port security static MAC address
|
Switch(config-if)# switchport port-security mac-address <mac-addr>
|
|
|
Configure how a security port should treat a violation
|
Switch(config-if)# switchport port-security violation {shutdown | restrict | protect}
|
|
|
View port security status for an interface
|
Switch# show port-security interface <type mod/num>
|
|
|
Show summary port port security
|
Switch# show port-security
|
|
|
Enable AAA on a switch
|
Switch(config)# aaa new-model
|
|
|
Define external RADIUS servers
|
Switch(config)# radius-server host {<hostname> | <ip-address>} [key <string>]
|
|
|
Define the authentication method for 802.1x
|
Switch(config)# aaa authentication dot1x default group radius
|
|
|
Enable 802.1x in a switch
|
Switch(config)# dot1x system-auth-control
|
|
|
Configure a switch port for 802.1x
|
Switch(config-if)# dot1x port-control {force-authorized | force-unauthorized | auto}
|
|
|
Allow multiple 802.1x hosts on a switch port
|
Switch(config-if)# dot1x host-mode multi-host
|
|
|
Show 802.1x operations on all ports
|
Switch# show dot1x all
|
|
|
Enable DHCP snooping on the switch
|
Switch(config)# ip dhcp snooping
|
|
|
Select the VLAN where DHCP snooping should take place
|
Switch(config)# ip dhcp snooping vlan <vlan-id> [<vlan-id>]
|
|
|
Select the interface where a DHCP server exists
|
Switch(config)# interface <type mod/num>
|
|
|
Set a DHCP Snooping interface to be trusted
|
Switch(config-if)# ip dhcp snooping trust
|
|
|
Confiugre a DHCP rate limit for a port
|
Switch(config-if)# ip dhcp snooping limit rate <rate>
|
|
|
Enable or disable Option 82
|
Switch(config)# [no] ip dhcp snooping information option
|
|
|
Show DHCP snooping status
|
Switch# show ip dhcp snooping [binding]
|
|
|
Configure static IP source guard binding
|
Switch(config)# ip source binding <mac-address> vlan <vlan-id> <ip-address> interface <type mod/num>
|
|
|
Enable IP source guard on an interface
|
Switch(config-if)# ip verify source [port-security]
|
|
|
Verify IP source guard status
|
Switch# show ip verify source [interface <type mod/num>]
|
|
|
Verify IP source binding database
|
Switch# show ip source binding <[ip-address>] [<mac-address>] [dhcp-snooping | static] [interface <type mod/num>] [vlan <vlan-id>]
|
|
|
Enable dynamic ARP inspection (DAI) on a vlan
|
Switch(config)# ip arp inspection vlan <vlan-range>
|
|
|
Configure a trusted port (ports with other switches attached)
|
Switch(config-if)# ip arp inspection trust
|
|
|
Configure the ARP access list
|
Switch(config)# arp access-list <acl-name>
|
|
|
Add an entry to the access list
|
Switch(config-acl)# permit ip host <sender-ip> mac host <sender-mac> [log]
|
|
|
Apply the the access list to DAI
|
Switch(config)# ip arp inspection filter <arp-acl-name> vlan <vlan-range> [static]
|
|
|
Configure DAI validation (to confirm ARP MAC matches actual MAC on Ethernet frame)
|
Switch(config)# ip arp inspection validate {[src-mac] [dst-mac] [ip]}
|
|
|
Show DAI status
|
Switch# show ip arp inspection
|
|
|
Enable secret privileged-level password
|
Switch(config)# enable secret
|
|
|
Enable password encryption
|
Switch(config)# service password-encryption
|
|
|
Set MOTD banner
|
Switch# banner motd
|
|
|
Disable the web interface
|
Switch# no ip http server
|
|
|
Enable secure web interface
|
Switch# ip http secure server
|
|
|
Enable access list for http server
|
Switch(config)# ip http access-class <acl-number>
|
|
|
Enable access list for terminal access
|
Switch(config)# access-class <acl-name> in
|
|
|
Define a VLAN access map
|
Switch(config)# vlan access-map <map-name> [<sequence-number>]
|
|
|
Configure a matching condition for the VLAN access map
|
Switch(config-access-map)# match ip address {<acl-number> | <acl-name>}
|
|
|
Configure an action for the VLAN access map
|
Switch(config-access-map)# action {drop | forward [capture] | redirect <type mod/num>}
|
|
|
Apply VACL to a VLAN
|
Switch(config)# vlan filter <map-name> vlan-list <vlan-list>
|
|
|
Define secondary VLANs
|
Switch(config-vlan)# private-vlan {isolated | community}
|
|
|
Define a primary VLAN
|
Switch(config-vlan)# private-vlan primary
|
|
|
Set primary VLAN's associations
|
Switch(config-vlan)# private-vlan association {<secondary-vlan-list> | add <secondary-vlan-list> | remove <secondary-vlan-list>}
|
|
|
Associate ports with private VLANs
|
Switch(config-if)# switchport mode private-vlan {host | promiscuous}
|
|
|
Configure non-promiscuous ports to associate with the appropriate primary and secondary VLANs
|
Switch(config-if)# switchport private-vlan host-association <primary-vlan-id> <secondary-vlan-id>
|
|
|
Configure promiscuous ports to associate with the appropriate primary and secondary VLANs
|
Switch(config-if)# switchport private-vlan mapping <primary-vlan-id> <secondary-vlan-list> | {add <secondary-vlan-list>} | {remove <secondary-vlan-list>}
|
|
|
Force a switch to tag the native VLAN
|
Switch(config)# vlan dot1q tag native
|
