Skip to main content

Cisco SG300 CLI Commands

Cisco SG300 CLI Commands

Other parts were obtained using the CLI PDF provided by Cisco

Remove a Trunk and switch to access
config t
int gi44
switchport trunk allowed vlan remove 2
switchport mode access
switchport access vlan 2

 or
config t
int gi44
switchport mode general
switchport general allowed vlan remove 2
switchport mode access
switchport access vlan 2

Change CDP Device ID Format to Hostname opposed to default MAC address
s-sg300#sh cdp
Global CDP information:
        CDP is globally enabled
        CDP log duplex mismatch is globally enabled
        CDP log voice VLAN mismatch is globally enabled
        CDP log native VLAN mismatch is globally enabled
        Mandatory TLVs validation is disabled
        Sending CDPv2 advertisements is enabled
        Sending Appliance TLV is enabled
        Device ID format is MAC Address  <--------------
        Sending CDP packets every 60 seconds
        Sending a holdtime value of 180 seconds
        CDP packets handling mode is bridging

s-sg300(config)#cdp device-id format hostname

s-switch2#sh cdp nei
Should now be able to see that it's being sent as hostname

s-sg300#sh cdp
Global CDP information:
        CDP is globally enabled
        CDP log duplex mismatch is globally enabled
        CDP log voice VLAN mismatch is globally enabled
        CDP log native VLAN mismatch is globally enabled
        Mandatory TLVs validation is disabled
        Sending CDPv2 advertisements is enabled
        Sending Appliance TLV is enabled
        Device ID format is Host Name <------------------
        Sending CDP packets every 60 seconds
        Sending a holdtime value of 180 seconds
        CDP packets handling mode is bridging

Enable SNTP Server
s-sg300#clock source sntp
s-sg300(config)#sntp server <IPOFSNTPSERVER> poll
s-sg300(config)#end

s-sg300#show clock
*18:22:42 UTC Aug 6 2014
Time source is sntp
Time from Browser is disabled

sntp source-interface vlan 1
sntp server <IPOFSNTPSERVER> poll
sntp unicast client enable
sntp unicast client poll
show sntp status

 s-sg300#show sntp configuration
SNTP destination port : 123 .
Polling interval: 1024 seconds.
No MD5 authentication keys.
Authentication is not required for synchronization.
No trusted keys.

Unicast Clients: Enabled
Unicast Clients Polling: Enabled

Server            : <IPOFSNTPSERVER>
  Polling         : Enabled
  Encryption Key  : Disabled

Server            : <IPOFSNTPSERVER2>
  Polling         : Enabled
  Encryption Key  : Disabled


Broadcast Clients: disabled
Anycast Clients: disabled
Source IPv4 interface: vlan 1
Source IPv6 interface:

Set the timezone for CST
clock timezone CST -6 minutes 0
show clock
wr mem
copy run start
copy run tftp://<TFTPserverIP>/s-sg300

 Enable SSH
  • Log into the web UI
  • Administration -> Management interface -> IPv4 interface (should already be set up from the previous step, so just check it to be sure)
  • Administration -> User accounts -> Add (add my user account; give myself Read/Write Management Access (15)) -- or, using the CLI, just do the following:
    switch001#configure
switch001(config)#username [USERNAME] password [PASSWORD] privilege 15
switch001(config)#end
switch001#
    (Decide for myself which way is easier)
  • Once I have a username set up, I configure an access method: Security -> Mgmt Access Method -> Access Profiles -> Add
    Access Profile Name: [SOME_NAME]
Rule Priority: 1
Management Method: All
Action: Permit
Applies to Interface: User Defined 
Interface: [SPECIFY]
Applies to Source IP Address: User Defined [AND SPECIFY]
    Then click on "Apply", of course, and then Close.
  • Next, define how you will authenticate via SSH: Security -> SSH User Authentication -> SSH User Authentication by Password -> Enable (e.g. -- actually, I prefer access via SSH key, but this is left as an exercise to me)
  • Next, make sure the SSH server is running: Security -> TCP/UDP Services -> SSH Service -> Enable -> Apply
  • At this point, I should be able to log in via SSH.

Set switch IP address


The SG300 can have its own IP address:
swfoo#show ip interface


  Gateway IP Address        Activity status       Type
----------------------- ----------------------- --------


    IP Address         I/F       Type       Status
------------------- --------- ----------- -----------
192.168.10.111/24   vlan 15   Static      Valid

Set the IP address of VLAN 12:
(config)#interface vlan 12
swfoo(config)#ip address 10.100.5.5 255.255.192.0

Add/remove VLANs


swfoo#config
swfoo(config)#vlan database
swfoo(config-vlan)#vlan 2             (add)
swfoo(config-vlan)#no vlan 20         (remove)
swfoo(config-vlan)#exit
swfoo(config)#exit
swfoo#

Configure switchports


Configure a single switchport
swfoo#config
swfoo(config)# interface gi52
swfoo(config-if)# ...commands...
swfoo(config-if)#exit
swfoo(config)#exit
swfoo#

Configure a range of switchports:
swfoo#config
swfoo(config)# interface range gi1-51
swfoo(config-if-range)# ...commands...
swfoo(config-if-range)#exit
swfoo(config)#exit
swfoo#

Set up a switchport (range) for untagged VLAN ("access" mode)
interface gigabitethernet47
description Bar-Baz-mgmt0-b
switchport mode access 
switchport access vlan 15

Set up a switchport (range) for untagged VLAN as "Native VLAN" on "Trunk"
interface gigabitethernet47
description foobar
switchport mode trunk
switchport trunk native vlan 15

Set up a switchport (range) for tagged ("Allowed")/untagged ("Native") VLAN
interface gigabitethernet47
description foobar2
switchport mode trunk
switchport trunk allowed vlan add 15
switchport trunk native vlan 2

Remove the native VLAN from a switchport:
swfoo(config-if)# no switchport trunk native vlan

Remove VLAN from Trunk POrt
console> enable
console# config
console(config)# interface ethernet 1/e5
console(config-if)# switchport trunk allowed vlan remove 2

Configure SNMP


Three commands to look at:
show snmp
snmp-server server
snmp-server community public ro


Show configuration information


Display the entire running-config to the screen: show running-config

Display the entire startup-config to the screen: show startup-config

Review switchport descriptions (for all switchports)
swfoo#show inter description

Port      Description
-------   -----------
gi1       
gi2
... etc. etc. ....

Show description of an individual switchport
swfoo#show inter desc gi26
Port      Description
-------   -----------
gi26      barbaz

Review VLAN-to-switchport assignments
swfoo#show vlan

Vlan       Name                   Ports                Type     Authorization 
---- ----------------- --------------------------- ------------ ------------- 
 1           1                    Po1-8              Default      Required    
 15         15                   gi51-52              static      Required    
 20         20                   gi1-52               static      Required

The above summary does not tell you about access/trunk/native/allowed. To find this information, look at the individual switchport:
swfoo#show interfaces switchport gi52
Port : gi52
Port Mode: Trunk
Gvrp Status: disabled
Ingress Filtering: true
Acceptable Frame Type: admitAll
Ingress UnTagged VLAN ( NATIVE ): 20
 
Port is member in: 
 
Vlan               Name               Egress rule Port Membership Type 
---- -------------------------------- ----------- -------------------- 
 15                 15                  Tagged           Static        
 20                 20                 Untagged          Static        

...[etc.]...

Troubleshooting: the SG300 maintains internal counters of packets, CRC errors, etc. for each switchport. CRC errors are not logged to syslog! The following command shows the counters for switchport $N:
swfoo#show interfaces counters gi$N

Show firmware and boot image versions:
M/
swfoo#show bootvar
Image  Filename   Version     Date                    Status
-----  ---------  ---------   ---------------------   -----------
1      image-1    1.3.7.18    12-Jan-2014  18:02:59   Not active
2      image-2    1.3.7.18    12-Jan-2014  18:02:59   Active* 

"*" designates that the image was selected for the next boot

Password complexity, password expiry, password aging


Password complexity settings - see section 16.16 of the Cisco 300 Series Managed Switches Command Line Interface
Guide Release 1.2.5/1.2.7. 

Password aging settings - see section 16.16 of the Cisco 300 Series Managed Switches Command Line Interface
Guide Release 1.2.5/1.2.7. 

Cheatsheet - disable password aging:
sg300# config
sg300(config)#passwords aging 0
sg300(config)#exit

Now the SG300 will no longer say:
Your password has exceeded the maximum lifetime. Please change the password 
for better protection of your network.
Do you want to change it now (Y/N)[N] ?

Show the passwords configuration:
sg300# show passwords configuration

Save the running configuration


labf2sr1sw1#copy running-config startup-config
Overwrite file [startup-config].... (Y/N)[N] ?Y
28-Jan-2014 18:13:17 %COPY-I-FILECPY: Files Copy - source URL running-config destination URL flash://startup-config
28-Jan-2014 18:13:21 %COPY-N-TRAP: The copy operation was completed successfully
Copy succeeded
 
Reference1: http://smithfarm-thebrain.blogspot.com/

Comments

Post a Comment

Popular posts from this blog

Branches, Part II

Now that we’ve covered the mechanics behind Git branches, we can discuss the practical impact that they have on the software development process. Instead of introducing new commands, this module covers how the typical Git user applies this workflow to real projects, as well as some of the problems that arise in a branched environment. To Git, a branch is a branch, but it’s often useful to assign special meaning to different branches. For example, we’ve been using master as the stable branch for our example project, and we’ve also used a temporary branch to add some CSS formatting. Temporary branches like the latter are called topic branches because they exist to develop a certain topic, then they are deleted. We’ll work with two types of topic branches later in this module. Amid our exploration of Git branches, we’ll also discover that some merges cannot be “fast-forwarded.” When the history of two branches diverges, a dedicated commit is required to combine the branches. This ...
Post a Comment
Read more

Distributed Workflows

Now that we know how to share information via a centralized workflow, we can appreciate some of the drawbacks of this collaboration model. While it may be convenient, allowing everyone to push to an “official” repository raises some legitimate security concerns. It means that for anyone to contribute content, they need access to the entire project. This is fine if you’re only interacting with a small team, but imagine a scenario where you’re working on an open-source software project and a stranger found a bug, fixed it, and wants to incorporate the update into the main project. You probably don’t want to give them push-access to your central repository, since they could start pushing all sorts of random snapshots, and you would effectively lose control of the project. But, what you can do is tell the contributor to push the changes to their own public repository. Then, you can pull their bug fix into your private repository to ensure it doesn’t contain any undeclared code. If y...
Post a Comment
Read more