2014-03-22

Cisco SG300: useful commands

Presumably these commands apply to the SF300 series, too.

Set switch IP address


The SG300 can have its own IP address:
swfoo#show ip interface


  Gateway IP Address        Activity status       Type
----------------------- ----------------------- --------


    IP Address         I/F       Type       Status
------------------- --------- ----------- -----------
192.168.10.111/24   vlan 15   Static      Valid

Set the IP address of VLAN 12:
(config)#interface vlan 12
swfoo(config)#ip address 10.100.5.5 255.255.192.0

Add/remove VLANs


swfoo#config
swfoo(config)#vlan database
swfoo(config-vlan)#vlan 2             (add)
swfoo(config-vlan)#no vlan 20         (remove)
swfoo(config-vlan)#exit
swfoo(config)#exit
swfoo#

Configure switchports


Configure a single switchport
swfoo#config
swfoo(config)# interface gi52
swfoo(config-if)# ...commands...
swfoo(config-if)#exit
swfoo(config)#exit
swfoo#

Configure a range of switchports:
swfoo#config
swfoo(config)# interface range gi1-51
swfoo(config-if-range)# ...commands...
swfoo(config-if-range)#exit
swfoo(config)#exit
swfoo#

Set up a switchport (range) for untagged VLAN ("access" mode)
interface gigabitethernet47
description Bar-Baz-mgmt0-b
switchport mode access 
switchport access vlan 15

Set up a switchport (range) for untagged VLAN as "Native VLAN" on "Trunk"
interface gigabitethernet47
description foobar
switchport mode trunk
switchport trunk native vlan 15

Set up a switchport (range) for tagged ("Allowed")/untagged ("Native") VLAN
interface gigabitethernet47
description foobar2
switchport mode trunk
switchport trunk allowed vlan add 15
switchport trunk native vlan 2

Remove the native VLAN from a switchport:
swfoo(config-if)# no switchport trunk native vlan

Configure SNMP


Three commands to look at:
show snmp
snmp-server server
snmp-server community public ro


Show configuration information


Display the entire running-config to the screen: show running-config

Display the entire startup-config to the screen: show startup-config

Review switchport descriptions (for all switchports)
swfoo#show inter description

Port      Description
-------   -----------
gi1       
gi2
... etc. etc. ....

Show description of an individual switchport
swfoo#show inter desc gi26
Port      Description
-------   -----------
gi26      barbaz

Review VLAN-to-switchport assignments
swfoo#show vlan

Vlan       Name                   Ports                Type     Authorization 
---- ----------------- --------------------------- ------------ ------------- 
 1           1                    Po1-8              Default      Required    
 15         15                   gi51-52              static      Required    
 20         20                   gi1-52               static      Required

The above summary does not tell you about access/trunk/native/allowed. To find this information, look at the individual switchport:
swfoo#show interfaces switchport gi52
Port : gi52
Port Mode: Trunk
Gvrp Status: disabled
Ingress Filtering: true
Acceptable Frame Type: admitAll
Ingress UnTagged VLAN ( NATIVE ): 20
 
Port is member in: 
 
Vlan               Name               Egress rule Port Membership Type 
---- -------------------------------- ----------- -------------------- 
 15                 15                  Tagged           Static        
 20                 20                 Untagged          Static        

...[etc.]...

Troubleshooting: the SG300 maintains internal counters of packets, CRC errors, etc. for each switchport. CRC errors are not logged to syslog! The following command shows the counters for switchport $N:
swfoo#show interfaces counters gi$N

Show firmware and boot image versions:
M/
swfoo#show bootvar
Image  Filename   Version     Date                    Status
-----  ---------  ---------   ---------------------   -----------
1      image-1    1.3.7.18    12-Jan-2014  18:02:59   Not active
2      image-2    1.3.7.18    12-Jan-2014  18:02:59   Active* 

"*" designates that the image was selected for the next boot

Password complexity, password expiry, password aging


Password complexity settings - see section 16.16 of the Cisco 300 Series Managed Switches Command Line Interface
Guide Release 1.2.5/1.2.7.

Password aging settings - see section 16.16 of the Cisco 300 Series Managed Switches Command Line Interface
Guide Release 1.2.5/1.2.7.

Cheatsheet - disable password aging:
sg300# config
sg300(config)#passwords aging 0
sg300(config)#exit

Now the SG300 will no longer say:
Your password has exceeded the maximum lifetime. Please change the password 
for better protection of your network.
Do you want to change it now (Y/N)[N] ?

Show the passwords configuration:
sg300# show passwords configuration

Save the running configuration


labf2sr1sw1#copy running-config startup-config
Overwrite file [startup-config].... (Y/N)[N] ?Y
28-Jan-2014 18:13:17 %COPY-I-FILECPY: Files Copy - source URL running-config destination URL flash://startup-config
28-Jan-2014 18:13:21 %COPY-N-TRAP: The copy operation was completed successfully
Copy succeeded

Labels: ,

3 comments:

  1. Drag07:14

    Hi Guys!

    How Can make acces port from trunk port. Trunk port has got multiple vlan.

    thank you

    ReplyDelete
    Replies
    1. smithfarm18:22

      If you want to keep multiple VLANs on the port, then the answer is "You can't". By definition, an access port can only be in one VLAN.

      Delete
  2. Unknown12:42

    how to check if an interface is up? I have enabled a port on one of our switches and its isn't obtaining an IP of that VLAN. Its obtaining an self assigned IP.

    ReplyDelete

Subscribe to: Post Comments (Atom)