Introduction to Cisco Switch Configuration

Cisco switches are the backbone of enterprise and small business networks, providing reliable connectivity, VLAN segmentation, and security features. Whether you’re setting up a new network or replacing old hardware, understanding basic Cisco switch configuration is essential for network administrators.

This guide will walk you through:

Initial switch setup (Console access, hostname, passwords)
Basic security hardening (SSH, disable Telnet)
VLAN configuration (Creating VLANs, assigning ports)
Port security & management (Speed, duplex, description)
Backup & restore (Saving configurations)

Step 1: Accessing the Cisco Switch

Connecting via Console Cable

Before configuring the switch, you need physical access via a console cable (RJ-45 to USB/Serial).

Connect the console cable to the switch’s Console port and your PC.
Use a terminal emulator (PuTTY, Tera Term, or SecureCRT).
Configure terminal settings:

Baud rate: 9600
Data bits: 8
Parity: None
Stop bits: 1
Flow control: None

Power on the switch and press Enter to see the CLI prompt:

   Switch>

Step 2: Entering Privileged EXEC Mode

The Cisco IOS has different access levels:

User EXEC mode (Switch>) – Limited commands (ping, show)
Privileged EXEC mode (Switch#) – Full access (configure, reload)

To enter privileged mode:

Switch> enable
Switch#

Step 3: Basic Switch Configuration

Setting Hostname & Passwords

Enter Global Configuration Mode:

   Switch# configure terminal
   Switch(config)#

Change the hostname (for easier identification):

   Switch(config)# hostname SW1
   SW1(config)#

Set an enable password (protects privileged mode):

   SW1(config)# enable secret MyStrongPassword

Set console password (for local access security):

   SW1(config)# line console 0
   SW1(config-line)# password ConsolePass123
   SW1(config-line)# login
   SW1(config-line)# exit

Set VTY (Telnet/SSH) password (for remote access):

   SW1(config)# line vty 0 15
   SW1(config-line)# password VTYPass456
   SW1(config-line)# login
   SW1(config-line)# exit

Step 4: Securing Remote Access (SSH Configuration)

Telnet is insecure (sends passwords in plaintext). Always use SSH instead.

Configure a domain name (required for SSH keys):

   SW1(config)# ip domain-name mynetwork.local

Generate RSA encryption keys (for SSH):

   SW1(config)# crypto key generate rsa
   How many bits in the modulus [512]? 2048

Enable SSH and disable Telnet:

   SW1(config)# line vty 0 15
   SW1(config-line)# transport input ssh
   SW1(config-line)# exit

Create an SSH admin user:

   SW1(config)# username admin secret AdminPass789
   SW1(config)# ip ssh version 2

Step 5: VLAN Configuration

VLANs (Virtual LANs) segment network traffic for security and performance.

Creating VLANs

Add VLANs (e.g., VLAN 10 for IT, VLAN 20 for HR):

   SW1(config)# vlan 10
   SW1(config-vlan)# name IT
   SW1(config-vlan)# exit
   SW1(config)# vlan 20
   SW1(config-vlan)# name HR
   SW1(config-vlan)# exit

Assign ports to VLANs (e.g., port Gig0/1 to VLAN 10):

   SW1(config)# interface GigabitEthernet0/1
   SW1(config-if)# switchport mode access
   SW1(config-if)# switchport access vlan 10
   SW1(config-if)# exit

Configuring a Trunk Port (For Inter-Switch VLAN Traffic)

SW1(config)# interface GigabitEthernet0/24
SW1(config-if)# switchport mode trunk
SW1(config-if)# switchport trunk allowed vlan 10,20
SW1(config-if)# exit

Step 6: Port Security & Management

Setting Port Descriptions

SW1(config)# interface GigabitEthernet0/1
SW1(config-if)# description "Connected to IT PC"
SW1(config-if)# exit

Enabling Port Security (Prevent MAC Flooding)

SW1(config)# interface GigabitEthernet0/2
SW1(config-if)# switchport port-security
SW1(config-if)# switchport port-security maximum 2
SW1(config-if)# switchport port-security violation shutdown
SW1(config-if)# exit

Setting Speed & Duplex Manually (If Needed)

SW1(config)# interface GigabitEthernet0/3
SW1(config-if)# speed 100
SW1(config-if)# duplex full
SW1(config-if)# exit

Step 7: Saving & Backing Up Configuration

View Current Configuration

SW1# show running-config

Save Configuration to Startup

SW1# copy running-config startup-config
Destination filename [startup-config]? (Press Enter)

Backup Configuration to a TFTP Server

SW1# copy running-config tftp:
Address or name of remote host? 192.168.1.100
Destination filename [SW1-config]? (Press Enter)

Step 8: Verifying Configuration

Check VLAN Assignments

SW1# show vlan brief

Verify Port Security

SW1# show port-security

Test Connectivity

SW1# ping 192.168.1.1

Conclusion

This guide covered essential Cisco switch configuration steps, including:

Initial access & basic settings (hostname, passwords)
Security hardening (SSH, disabling Telnet)
VLAN setup (Access & trunk ports)
Port management (Descriptions, speed, security)
Backup & verification

Next Steps

Explore advanced features (STP, EtherChannel, QoS)
Automate with Python/Ansible
Monitor with SNMP/NetFlow

FAQs

Q: How to reset a Cisco switch to factory settings?

SW1# erase startup-config
SW1# reload

Q: Why is my SSH connection failing?

Ensure ip ssh version 2 is enabled
Check firewall rules blocking port 22

Q: How to recover a lost enable password?

Use password recovery mode (break sequence during boot)

Who we are

Comments

Media

Cookies

Embedded content from other websites

Who we share your data with

How long we retain your data

What rights you have over your data

Where your data is sent

The Ultimate Guide to Basic Cisco Switch Configuration: Step-by-Step Tutorial