In this continuation of getting familiar with the CLI (Command Line Interface) of your Cisco or Stratix switch, we will go beyond getting connected and look at additional features that will need to be utilized in setting up your switch for any environment whether it would be IT or OT. We will just jump right in and get started.
Image by Brandon Cooper
Understanding Port Numbering
- Ports or Interfaces will be labeled in the switch or router by their speed
- E = ethernet 10 mb
- FA or FE = fast ethernet 100 mb
- GI or GE = 1 gigabit ethernet
- TE = 10 gigabit ethernet
- Routers begin port numbering with 0/0 while switches begin with 0/1
- To make changes to a particular switchport (interface) use command: HMINET1(config)#int Gi0/1
- To view interface status information use command: HMINET1#show interface status as shown below
Image by Brandon Cooper – showINTstatus.png
Port Commands
- Shutting down a port: HMINET1(config-int)#shutdown
- Starting up a port: HMINET1(config-int)#no shutdown
- Adding a port to a vlan: HMINET1(config-int)#switchport access vlan 30
In the example below, Port 1 is shutdown using the #shutdown command. Then, the command #show interface status is used to show that port 1 is now shown as “disabled” instead of “notconnect”. To reverse this and re-enable the port, use the #no shutdown command
Image by Brandon Cooper
Creating a VLAN or Virtual Local Area Network
If your switch is used for more than one purpose, then you will want to segregate traffic by type of traffic. Maybe you have phones connected and need a Voice over IP VLAN or a way to segregate production traffic from other types of network traffic. To do this you can create multiple virtual local area networks (vlans)
- HMINET1(config)# vlan 10
- HMINET1(config-if)#name accounting
- To view the vlan configuration, you can use the #show vlan command
To add a port to a specific vlan you can use the HMINET1(config-if)#switchport access vlan 30 command. In the example below, we move switchport #3 to vlan 30. This port will now communicate only to other devices assigned to vlan 30.
Here, I set up three vlans and ports could be segregated into three areas:
- Accounting
- Shipping
- Production Line
The ports could then be divided into the three areas and network traffic would be segregated by those areas (vlans)
Console & VTY Configuration
The following commands will allow for basic console and vty (remote) connection configuration. Remote configuration can be accomplished via telnet or SSH.
Image by Brandon Cooper
Image by Brandon Cooper
- Your switch is now ready for telnet access. SSH will require further setup.
Conclusion
In this article, we have made a dive into the commands that make things happen. How to interact with an interface for instance is where the connection takes place.
Port security takes place at this point and protecting your network takes place at this point. The best way to prevent intrusion is stopping it at the access point. Don’t allow any unwanted connections and that will alleviate a myriad of other issues before they can happen.
We also discussed how to segregate traffic into different areas or vlans and how to assign ports to those vlans. In the next chapter, we will discuss further configuration as well as device backup and restore capabilities.
Written by Brandon Cooper
Senior Controls Engineer and Freelance Writer
Have a question? Join our community of pros to take part in the discussion! You'll also find all of our automation courses at TheAutomationSchool.com.
Sponsor and Advertise: Get your product or service in front of our 75K followers while also supporting independent automation journalism by sponsoring or advertising with us! Learn more in our Media Guide here, or contact us using this form.
- Rockwell Patch Rollup – How To Download and Install (2022) - August 4, 2022
- Studio 5000 – Resolve .Net Framework 3.5 Installation Error 0x80D05001 - July 26, 2022
- Studio 5000 – v34: What’s New - May 9, 2022
Discover more from The Automation Blog
Subscribe to get the latest posts sent to your email.