Configuration Modes for Cisco Switch

CiscoIOS provides two basic command execution levels, user EXEC mode and privileged EXEC mode, as well as multiple levels of configuration modes, such as global configuration, interface configuration, Line configuration, and vlan database configuration, to allow users to configure and manage the resources of the switch.

1. User EXEC mode

When a user connects and logs in to the switch through the console port of the switch or a Telnet session, the command execution mode at this time is the user EXEC mode. In this mode, only a limited set of commands are executed, which are usually used for viewing and displaying system information, changing terminal settings and executing some basic test commands, such as ping, traceroute and so on.

The command status line for user EXEC mode is: Switch>

where Switch is the hostname of the switch, and the default hostname for unconfigured switches is Switch. in user EXEC mode, you can get a list of all the switches on the switch by directly typing ? and enter to get help on commands that are allowed to be executed in this mode.

2. Privileged EXEC Mode

In user EXEC mode, executing the enable command will enter the privileged EXEC mode. In this mode, the user is able to execute all commands provided by IOS. Command state behavior for privileged EXEC mode: switch#

Switch>enable

Password:

Switch#

In the previous startup configuration, the password for logging into the privileged EXEC mode is set, so the system prompts for the user password, which is not displayed when it is being entered, and press Enter when it is finished, and then enters the privileged EXEC mode after the password verification is passed.

If the password for entering the privileged EXEC mode has not been set or is to be modified, it can be set in the global configuration mode using the enable secret command.

In this mode type ? , to get a prompt for all commands that are allowed to be executed. To leave privileged mode and return to user mode, execute the exit or disable command.

To reboot the switch, execute the reload command.

3. Global Configuration Mode

In the privileged mode, execute the command configure terminal to enter the global configuration mode. In this mode, as long as you enter a valid configuration command and enter, the running configuration in memory will be changed immediately to take effect. The scope of configuration commands in this mode is global, acting on the entire switch.

Command state behavior for global configuration mode:

Switch(config)#

Switch#config terminal

Switch(config)#

In global configuration mode, you can also enter interface configuration, line configuration, and other submodes. To return to global configuration mode from a sub-mode, execute the exit command; to return to privileged mode from global configuration mode, execute the exit command; to exit any configuration mode and return directly to privileged mode, either direct the end command or press the Ctrl+Z key combination.

For example, to set the switch name to student2, use the hostname command to set it, with the configuration command:

Switch(config)#hostname student2

student2(config)#

To set or modify the password for entering privileged EXEC mode to 123456, the configuration command is:

Switch(config)#enable secret 123456
or
Switch(config)#enable password 123456

The password set by the enable secret command is encrypted in the configuration file, which is strongly recommended, while the password set by the enable password command is stored in plaintext in the configuration file.

After modifying the configuration, in order to make the configuration still take effect after the next power-down and reboot, you need to save the new configuration into NVRAM, and its configuration command is:

Switch(config)#exit

Switch#write

4. Interface Configuration Mode

In the global configuration mode, execute the interface command to enter the interface configuration mode. In this mode, you can configure selected interfaces (ports) and can only execute commands that configure switch ports. The command line prompt for interface configuration mode is: Switch(config-if)#

For example, to set the port communication speed of the third Fast Ethernet port on module 0 of a Cisco Catalyst 2950 switch to be set to 100M in full duplex mode, the configuration command would be:

Switch(config)#interface fastethernet 0/3

Switch(config-if)#speed 100

Switch(config-if)#duplex full

Switch(config-if)#end

Switch#write

5. Line Configuration Mode

Executing line vty or line console command in global configuration mode will enter Line configuration mode. This mode is mainly used to configure the virtual terminal (vty) and console ports, and its configuration mainly involves setting the user-level login passwords for the virtual terminal and console.

The command line prompt for Line configuration mode is: switch(config-line)#

The switch has a control port (console) numbered 0, which is usually utilized for local login to configure and manage the switch. For security reasons, a password should be set for login on this port:

Switch#config terminal

Switch(config)#line console 0

Switch(config-line)#?

exit： exit from line configuration mode

login： Enable password checking

password： Set a password

As you can see from the help information, the command to set the console login password is password. To enable password checking, i.e., to make the set password effective, you should also execute the login command. To exit line configuration mode, execute the exit command.

The following configuration command sets the console login password to 654321 and enables it:

Switch(config-line)#password 654321

Switch(config-line)#login

Switch(config-line)#end

Switch#write

After setting this password, when you log in to access the switch using the console port in the future, you will be asked and required to enter this login password first, and only after the password is successfully verified can you enter the user EXEC mode of the switch.

The switch supports multiple virtual terminals, usually 16 (0-15). Virtual terminals with passwords set are allowed to log in, while those without passwords set are not allowed to log in. If a login password is set for virtual terminal lines 0-4, the switch allows 5 simultaneous telnet login connections with the following configuration command:

Switch(config)#line vty 0 4

Switch(config)#line vty 0 4 Switch(config-line)#password 123456

Switch(config-line)#login

Switch(config-line)#end

Switch#write

To disallow telnet login, cancel the setting of the terminal password, which can be accomplished by executing no password and no login.

In Cisco IOS commands, to accomplish the opposite of a command, simply precede the command with no and execute the command prefixed with no.

To prevent idle connections from existing for a long period of time, you should also set an idle timeout for login connections through the console port and telnet login connections through the vty line; the default idle timeout is 10 minutes.

The default idle timeout is 10 minutes. The configuration command to set the idle timeout is: exec-timeout minutes seconds

For example, to set the idle timeout for vty 0-4 lines and Console to 3 minutes and 0 seconds, the configuration command is:

Switch#config t

Switch(config)#line vty 0 4

Switch(config-line)#exec-timeout 3 0

Switch(config-line)#line console 0

Switch(config-line)#exec-timeout 3 0

Switch(config-line)#end

Switch#

6. vlan database configuration mode

Execute the vlan database configuration command in privileged EXEC mode to enter the vlan database configuration mode, at which time the command line prompt reads: Switch(vlan)#

In this mode, you can realize configuration operations such as creating, modifying, or deleting VLANs (virtual LANs). To exit the vlan configuration mode and return to the privileged EXEC mode, you can execute the exit command.

(1) Setting Hostname

Setting the hostname of the switch can be realized in the global configuration mode by the hostname configuration command, which is used as follows:

hostname Customized name

By default, the hostname of the switch is Switch, and when more than one switch is used in the network, in order to show the difference, you should usually set a specific hostname for the switch according to its application site.

For example, to set the hostname of a switch to Switch-1, the set command is:

Switch(config)#hostname Switch-1

Switch-1(config)#

(2) Configure the management IP address

In Layer 2 switches, the IP address is only used to log in remotely to manage the switch, and is not necessary for the normal operation of the switch. If the management IP address is not configured, the switch can only use the control port for local configuration and management.

By default, all ports on the switch belong to VLAN 1, which is automatically created and managed by the switch. Each VLAN has only one active management address, so before setting the management address for the Layer 2 switch, you should first select the VLAN 1 interface and then set the management IP address using the ip address configuration command, which is:

interface vlan vlan-id

ip address address netmask

Parameter Description:

vlan-id：represents the VLAN number to be selected for configuration.

address is the management IP address to be set, and netmask is the subnet mask.

The interface vlan configuration command is used to access the specified VLAN interface. layer 2 switches, such as the 2900/3500XL, 2950, etc., do not have layer 3 switching functions and run layer 2 IOS, and VLANs cannot communicate with each other, and the VLAN interface is only used as the management interface.

To cancel the management IP address, execute the no ip address configuration command.