NavaYatra

Linkedin

Cisco SG300 CLI Commands

Cisco SG300 CLI Commands

Other parts were obtained using the CLI PDF provided by Cisco

Remove a Trunk and switch to access
config t
int gi44
switchport trunk allowed vlan remove 2
switchport mode access
switchport access vlan 2

or
config t
int gi44
switchport mode general
switchport general allowed vlan remove 2
switchport mode access
switchport access vlan 2



Change CDP Device ID Format to Hostname opposed to default MAC address
s-sg300#sh cdp
Global CDP information:
        CDP is globally enabled
        CDP log duplex mismatch is globally enabled
        CDP log voice VLAN mismatch is globally enabled
        CDP log native VLAN mismatch is globally enabled
        Mandatory TLVs validation is disabled
        Sending CDPv2 advertisements is enabled
        Sending Appliance TLV is enabled
        Device ID format is MAC Address  <————–
        Sending CDP packets every 60 seconds
        Sending a holdtime value of 180 seconds
        CDP packets handling mode is bridging

s-sg300(config)#cdp device-id format hostname

s-switch2#sh cdp nei
Should now be able to see that it’s being sent as hostname

s-sg300#sh cdp
Global CDP information:
        CDP is globally enabled
        CDP log duplex mismatch is globally enabled
        CDP log voice VLAN mismatch is globally enabled
        CDP log native VLAN mismatch is globally enabled
        Mandatory TLVs validation is disabled
        Sending CDPv2 advertisements is enabled
        Sending Appliance TLV is enabled
        Device ID format is Host Name <——————
        Sending CDP packets every 60 seconds
        Sending a holdtime value of 180 seconds
        CDP packets handling mode is bridging

Enable SNTP Server
s-sg300#clock source sntp
s-sg300(config)#sntp server <IPOFSNTPSERVER> poll
s-sg300(config)#end

s-sg300#show clock
*18:22:42 UTC Aug 6 2014
Time source is sntp
Time from Browser is disabled

sntp source-interface vlan 1
sntp server <IPOFSNTPSERVER> poll
sntp unicast client enable
sntp unicast client poll
show sntp status

s-sg300#show sntp configuration
SNTP destination port : 123 .
Polling interval: 1024 seconds.
No MD5 authentication keys.
Authentication is not required for synchronization.
No trusted keys.

Unicast Clients: Enabled
Unicast Clients Polling: Enabled

Server            : <IPOFSNTPSERVER>
  Polling         : Enabled
  Encryption Key  : Disabled

Server            : <IPOFSNTPSERVER2>
  Polling         : Enabled
  Encryption Key  : Disabled

Broadcast Clients: disabled
Anycast Clients: disabled
Source IPv4 interface: vlan 1
Source IPv6 interface:

Set the timezone for CST
clock timezone CST -6 minutes 0
show clock
wr mem
copy run start
copy run tftp://<TFTPserverIP>/s-sg300

Enable SSH

  • Log into the web UI
  • Administration -> Management interface -> IPv4 interface (should already be set up from the previous step, so just check it to be sure)
  • Administration -> User accounts -> Add (add my user account; give myself Read/Write Management Access (15)) — or, using the CLI, just do the following: 
    switch001#configure
    switch001(config)#username [USERNAME] password [PASSWORD] privilege 15
    switch001(config)#end
    switch001#

    (Decide for myself which way is easier)

  • Once I have a username set up, I configure an access method: Security -> Mgmt Access Method -> Access Profiles -> Add 
    Access Profile Name: [SOME_NAME]
    Rule Priority: 1
    Management Method: All
    Action: Permit
    Applies to Interface: User Defined 
    Interface: [SPECIFY]
    Applies to Source IP Address: User Defined [AND SPECIFY]

    Then click on “Apply”, of course, and then Close.

  • Next, define how you will authenticate via SSH: Security -> SSH User Authentication -> SSH User Authentication by Password -> Enable (e.g. — actually, I prefer access via SSH key, but this is left as an exercise to me)
  • Next, make sure the SSH server is running: Security -> TCP/UDP Services -> SSH Service -> Enable -> Apply
  • At this point, I should be able to log in via SSH.

Set switch IP address


The SG300 can have its own IP address:

swfoo#show ip interface


  Gateway IP Address        Activity status       Type
----------------------- ----------------------- --------


    IP Address         I/F       Type       Status
------------------- --------- ----------- -----------
192.168.10.111/24   vlan 15   Static      Valid


Set the IP address of VLAN 12:

(config)#interface vlan 12
swfoo(config)#ip address 10.100.5.5 255.255.192.0


Add/remove VLANs


swfoo#config
swfoo(config)#vlan database
swfoo(config-vlan)#vlan 2             (add)
swfoo(config-vlan)#no vlan 20         (remove)
swfoo(config-vlan)#exit
swfoo(config)#exit
swfoo#


Configure switchports


Configure a single switchport

swfoo#config
swfoo(config)# interface gi52
swfoo(config-if)# ...commands...
swfoo(config-if)#exit
swfoo(config)#exit
swfoo#


Configure a range of switchports:

swfoo#config
swfoo(config)# interface range gi1-51
swfoo(config-if-range)# ...commands...
swfoo(config-if-range)#exit
swfoo(config)#exit
swfoo#


Set up a switchport (range) for untagged VLAN (“access” mode)

interface gigabitethernet47
description Bar-Baz-mgmt0-b
switchport mode access 
switchport access vlan 15


Set up a switchport (range) for untagged VLAN as “Native VLAN” on “Trunk”

interface gigabitethernet47
description foobar
switchport mode trunk
switchport trunk native vlan 15


Set up a switchport (range) for tagged (“Allowed”)/untagged (“Native”) VLAN

interface gigabitethernet47
description foobar2
switchport mode trunk
switchport trunk allowed vlan add 15
switchport trunk native vlan 2


Remove the native VLAN from a switchport:

swfoo(config-if)# no switchport trunk native vlan
Remove VLAN from Trunk POrt
console> enable
console# config
console(config)# interface ethernet 1/e5
console(config-if)# switchport trunk allowed vlan remove 2


Configure SNMP


Three commands to look at:

show snmp
snmp-server server
snmp-server community public ro



Show configuration information


Display the entire running-config to the screen: show running-config

Display the entire startup-config to the screen: show startup-config

Review switchport descriptions (for all switchports)

swfoo#show inter description

Port      Description
-------   -----------
gi1       
gi2
... etc. etc. ....


Show description of an individual switchport

swfoo#show inter desc gi26
Port      Description
-------   -----------
gi26      barbaz


Review VLAN-to-switchport assignments

swfoo#show vlan

Vlan       Name                   Ports                Type     Authorization 
---- ----------------- --------------------------- ------------ ------------- 
 1           1                    Po1-8              Default      Required    
 15         15                   gi51-52              static      Required    
 20         20                   gi1-52               static      Required


The above summary does not tell you about access/trunk/native/allowed. To find this information, look at the individual switchport:

swfoo#show interfaces switchport gi52
Port : gi52
Port Mode: Trunk
Gvrp Status: disabled
Ingress Filtering: true
Acceptable Frame Type: admitAll
Ingress UnTagged VLAN ( NATIVE ): 20
 
Port is member in: 
 
Vlan               Name               Egress rule Port Membership Type 
---- -------------------------------- ----------- -------------------- 
 15                 15                  Tagged           Static        
 20                 20                 Untagged          Static        

...[etc.]...


Troubleshooting: the SG300 maintains internal counters of packets, CRC errors, etc. for each switchport. CRC errors are not logged to syslog! The following command shows the counters for switchport $N:

swfoo#show interfaces counters gi$N


Show firmware and boot image versions:
M/

swfoo#show bootvar
Image  Filename   Version     Date                    Status
-----  ---------  ---------   ---------------------   -----------
1      image-1    1.3.7.18    12-Jan-2014  18:02:59   Not active
2      image-2    1.3.7.18    12-Jan-2014  18:02:59   Active* 

"*" designates that the image was selected for the next boot


Password complexity, password expiry, password aging


Password complexity settings – see section 16.16 of the Cisco 300 Series Managed Switches Command Line Interface
Guide Release 1.2.5/1.2.7. 

Password aging settings – see section 16.16 of the Cisco 300 Series Managed Switches Command Line Interface
Guide Release 1.2.5/1.2.7. 

Cheatsheet – disable password aging:

sg300# config
sg300(config)#passwords aging 0
sg300(config)#exit


Now the SG300 will no longer say:

Your password has exceeded the maximum lifetime. Please change the password 
for better protection of your network.
Do you want to change it now (Y/N)[N] ?


Show the passwords configuration:

sg300# show passwords configuration


Save the running configuration


labf2sr1sw1#copy running-config startup-config
Overwrite file [startup-config].... (Y/N)[N] ?Y
28-Jan-2014 18:13:17 %COPY-I-FILECPY: Files Copy - source URL running-config destination URL flash://startup-config
28-Jan-2014 18:13:21 %COPY-N-TRAP: The copy operation was completed successfully
Copy succeeded
 
Reference1: http://smithfarm-thebrain.blogspot.com/

copyright @navarajthapa.com.np