As technology advances, networking switches have become an integral part of the IT infrastructure. They play a crucial role in directing communication on the network and ensuring smooth, efficient data transfer. It’s important for IT professionals to be familiar with basic command configurations for popular switch brands like Huawei, H3C, Ruijie, and Cisco. This comprehensive guide, brought to you by Router-switch.com, the leading global supplier of network hardware and software solutions, will walk you through the basics of switch command configuration.
To make it clear to everyone, each line of code has an explanation.
I. Basic Command Configuration for Huawei Switches
Understanding the Huawei switch command configuration starts with a firm grasp of the system view command and the role of VLAN configuration.
Create VLAN:
<Quidway> // User view, that is, run commands under Quidway mode.
<Quidway>system-view // Enter configuration view
[Quidway] vlan 10 // Create vlan 10 and enter vlan10 configuration view. If vlan10 exists, enter vlan10 configuration view directly.
[Quidway-vlan10] quit // Return to configuration view
[Quidway] vlan 100 // Create vlan 100 and enter vlan100 configuration view. If vlan100 exists, enter vlan100 configuration view directly.
[Quidway-vlan100] quit // Return to configuration view
Add ports to the VLAN:
[Quidway] interface GigabitEthernet2/0/1 (10G optical port)
[Quidway- GigabitEthernet2/0/1] port link-type access // Define port transmission mode
[Quidway- GigabitEthernet2/0/1] port default vlan 100 // Add port to vlan100
[Quidway- GigabitEthernet2/0/1] quit // Return to configuration view
[Quidway] interface GigabitEthernet1/0/0 // Enter the configuration view of the first Gigabit Ethernet port on the slot 1. 0 represents port 1.
[Quidway- GigabitEthernet1/0/0] port link-type access // Define port transmission mode
[Quidway- GigabitEthernet2/0/1] port default vlan 10 // Add this port to vlan10
[Quidway- GigabitEthernet2/0/1] quit
Add multiple ports to the VLAN
<Quidway>system-view
[Quidway]vlan 10
[Quidway-vlan10]port GigabitEthernet 1/0/0 to 1/0/29 // Add ports 0 to 29 to vlan10
[Quidway-vlan10]quit
Switch Configures IP Address
[Quidway] interface Vlanif100 // Enter vlan100 interface view, which is different from where vlan 100 command enters.
[Quidway-Vlanif100] ip address 119.167.200.90 255.255.255.252 // Define vlan100 management IP layer 3 switch gateway route
[Quidway-Vlanif100] quit // Return to view
[Quidway] interface Vlanif10 // Enter vlan10 interface view, which is different from where vlan 10 command enters.
[Quidway-Vlanif10] ip address 119.167.206.129 255.255.255.128 // Define vlan10 management IP layer 3 switch gateway route
[Quidway-Vlanif10] quit
Configure the default gateway:
[Quidway]ip route-static 0.0.0.0 0.0.0.0 119.167.200.89 // Configure the default gateway.
Switch save settings and reset command
<Quidway>save // Save configuration information
<Quidway>reset saved-configuration // Reset switch configuration
<Quidway>reboot // Restart the switch
Common display commands for the switch
User view mode:
<Quidway>display current-configuration // Display the configuration details currently running on the switch
<Quidway>display device // Display the status of each device
<Quidway>display interface? // Display each port status, use ? to check the options followed
<Quidway>display version // Check the firmware version information of the switch
<Quidway>display vlan? // Check the configuration information of vlan
Restore switch factory settings
<Quidway>reset saved-configuration // Reset switch configuration
II. Basic Command Configuration for H3C Switches
H3C switch commands bear resemblance to Huawei switch commands but with subtle differences.
Let’s first understand the configuration commands and functions of H3C. They are commonly used, and most network configurations cannot be without these commands.
Basic Configuration
<H3C> // User prompt in the user view
<H3C>system-view // Enter configuration view
[H3C] sysname xxx // Set the hostname as xxx
User Configuration
<H3C>system-view
[H3C]super password H3C // Set the user hierarchy password
[H3C]undo super password // Delete the user hierarchy password
[H3C]localuser bigheap 1234561 // Set up Web management user, 1 represents an administrative user
[H3C]undo localuser bigheap // Delete Web management user
[H3C]user-interface aux 0 // Supports only 0
[H3C-Aux0]idle-timeout 250 // Set timeout to 2 minutes and 50 seconds. If set to 0, it means no timeout. The default is 5 minutes
[H3C-Aux0]undo idle-timeout // Restore the default value
[H3C]user-interface vty 0 // Supports only 0 and 1
[H3C-vty0]idle-timeout 250 // Set timeout to 2 minutes and 50 seconds. If set to 0, it means no timeout. The default is 5 minutes
[H3C-vty0]undo idle-timeout // Restore the default value
[H3C-vty0]set authentication password 123456 // Set telnet password, must be set
[H3C-vty0]undo set authentication password // Cancel the password
[H3C]display users // Display users
[H3C]display user-interface // Display user interface status
VLAN Configuration
[H3C]vlan 2 // Create VLAN2
[H3C]undo vlan all // Delete all VLANs except the default VLAN. The default VLAN cannot be deleted
[H3C-vlan2]port Ethernet 0/4 to Ethernet0/7 // Add ports 4 to 7 to VLAN2, this command can only be used to add access ports, not for adding trunk or hybrid ports
[H3C-vlan2]port-isolate enable // Enable port isolation feature in VLAN, disables layer 2 forwarding, this feature is not enabled by default
[H3C-Ethernet0/4]port-isolate uplink-port vlan 2 // Set port 4 as the uplink port of VLAN2 for layer 2 data forwarding, only one uplink port can be configured. If it’s a trunk, it is recommended to allow all VLANs to pass. Isolation cannot be configured simultaneously with aggregation
[H3C]display vlan all // Display detailed information of all VLANs
[H3C]user-group 20 // Create user-group 20, by default only user-group 1 exists
[H3C-UserGroup20]port Ethernet 0/4 to Ethernet 0/7 // Add ports 4 to 7 to VLAN20, initially they all belong to user-group 1
[H3C]display user-group 20 // Display related information of user-group 20
Switch IP Configuration
[H3C]vlan 20 // Create vlan
[H3C]management-vlan 20 // Manage vlan
[H3C]interface vlan-interface 20 // Enter and manage vlan20
[H3C]undo interface vlan-interface 20 // Delete management VLAN port
[H3C-Vlan-interface20]ip address 192.168.1.2 255.255.255.0 // Configure static IP address for the management VLAN interface
[H3C-Vlan-interface20]undo ip address // Delete IP address
[H3C-Vlan-interface20]ip gateway 192.168.1.1 // Specify default gateway (default without gateway address)
[H3C-Vlan-interface20]undo ip gateway
[H3C-Vlan-interface20]shutdown // Shut down the interface
[H3C-Vlan-interface20]undo shutdown // Turn on
[H3C]display ip // Display related information of the management VLAN interface IP
[H3C]display interface vlan-interface 20 // Check the interface information of the management VLAN
<H3C>debugging ip // Turn on IP debugging function
<H3C>undo debugging ip
DHCP Client Configuration
[H3C-Vlan-interface20]ip address dhcp-alloc // Obtain IP address for the management VLAN interface via DHCP
[H3C-Vlan-interface20]undo ip address dhcp-alloc // Cancel
[H3C]display dhcp // Display DHCP client information
<H3C>debugging dhcp-alloc // Enable DHCP debugging function
<H3C>undo debugging dhcp-alloc
Port Configuration
[H3C]interface Ethernet0/3 // Enter the port
[H3C-Ethernet0/3]shutdown // Close the port
[H3C-Ethernet0/3]speed 100 // Set the speed to 10, 100, 1000 or auto (default)
[H3C-Ethernet0/3]duplex full // Set duplex mode, can be half, full or auto, cannot be configured after aggregation
[H3C-Ethernet0/3]flow-control // Turn on flow control, default is off
[H3C-Ethernet0/3]broadcast-suppression 20 // Set broadcast suppression to 20%, can be set to 5, 10, 20, 100, default is 100, multicast and unknown unicast are also affected
[H3C-Ethernet0/3]loopback internal // Internal loopback test
[H3C-Ethernet0/3]port link-type trunk // Set the link type to trunk
[H3C-Ethernet0/3]port trunk pvid vlan 20 // Set 20 as the default VLAN for this trunk, default is 1 (trunk line ends PVID must be consistent)
[H3C-Ethernet0/3]port access vlan 20 // Add the current access port to the specified VLAN
[H3C-Ethernet0/3]port trunk permit vlan all // Allow all VLANs to pass through the current trunk port, this command can be used multiple times
[H3C-Ethernet0/3]mdi auto // Set the Ethernet port to automatic detection, normal for straight-through cable, across for crossover cable
[H3C]link-aggregation Ethernet 0/1 to Ethernet 0/4 // Add ports 1-4 to the aggregation group, 1 is the main port, both ends need to be configured simultaneously, ports that have set port mirroring and port isolation cannot be aggregated
[H3C]undo link-aggregation Ethernet 0/1 // Delete this aggregation group
[H3C]link-aggregation mode egress // Configure port aggregation mode to load balance based on the destination MAC address, can be set to ingress, egress or both, default is both
[H3C]monitor-port Ethernet 0/2 // Set this port as the mirroring port, must set the mirroring port first, when deleting, must delete the mirrored port first, and they cannot be on the same port, this port cannot be in the aggregation group, when setting a new mirroring port, the new replaces the old, the mirrored remains unchanged
[H3C]mirroring-port Ethernet 0/3 to Ethernet 0/4 both // Set ports 3 and 4 as mirrored ports, both for monitoring received and sent packets, inbound for only monitoring received packets, outbound for only monitoring sent packets
[H3C]display mirror
[H3C]display interface Ethernet 0/3
<H3C>reset counters // Clear all port statistics information
[H3C]display link-aggregation Ethernet 0/3 // Display port aggregation information
[H3C-Ethernet0/3]virtual-cable-test // Diagnose the circuit condition of this port
QoS Priority Configuration
QoS configuration steps: Set the port priority, set the switch to trust the packet priority mode, queue scheduling, port rate limiting
[H3C-Ethernet0/3]priority 7 // Set the port priority to 7, default is 0
[H3C]priority-trust cos // Set the switch to trust the packet priority mode to cos (802.1p priority, default value), can also be set to dscp mode
[H3C]queue-scheduler hq-wrr 2 4 6 8 // Set the queue scheduling algorithm to HQ-WRR (default is WRR), the weights are 2, 4, 6, 8
[H3C-Ethernet0/3]line-rate inbound 29 // Limit the port inbound rate to 2Mbps, take 1-28, the rate is rate81024/125, that is, 64, 128, 192…1.792M; when taking 29-127, the rate is (rate-27)*1024, that is, 2M, 3M, 4M…100M.
[H3C]display queue-scheduler // Display queue scheduling mode and parameters
[H3C]display priority-trust // Display priority trust mode
III. Basic Command Configuration for Ruijie Switches
Ruijie switches have a slightly different command configuration.
Preparation Commands
Enable // Enter privileged mode
Exit // Return to the previous operational mode
End // Return to privileged mode
copy running-config startup-config // Save the configuration file
del flash:config.text // Delete the configuration file (for switches and 1700 series routers)
erase startup-config // Delete the configuration file (for 2500 series routers)
del flash:vlan.dat // Delete VLAN configuration information (for switches)
Configure terminal // Enter global configuration mode
(config)# hostname switchA // Configure the device name as switchA
(config)# banner motd & // Configure the daily message of the day (MOTD) with & as the delimiter
(config)# enable secret level 1 0 star // Configure the remote login password as star for privilege level 1
(config)# enable secret level 15 0 star // Configure the privilege password as star for privilege level 15
Level 1 is the ordinary user level and can be any value from 1 to 15, with 15 being the highest privilege level; 0 indicates no encryption for the password
(config)# enable services web-server // Enable the switch’s web management functionality
Services can include: web-server (web management), telnet-server (remote login), etc.
Viewing Information
show running-config // View the currently effective configuration information
show interface fastethernet 0/3 // View the information of interface F0/3
show interface serial 1/2 // View the information of interface S1/2
show interface // View information for all interfaces
show ip interface brief // Summarize and view information for all interfaces in a concise manner
show ip interface // View information for all interfaces
show version // View version information
show mac-address-table // View the switch’s current MAC address table
show running-config // View the currently effective configuration information
show vlan // View all VLAN information
show vlan id 10 // View information for a specific VLAN (e.g., VLAN 10)
show interface fastethernet 0/1 // View the mode of a specific port (e.g., F 0/1)
show aggregateport 1 summary // View information for aggregated port AG1
show spanning-tree // View spanning tree configuration information
show spanning-tree interface fastethernet 0/1 // View the spanning tree status of the port
show port-security // View port security configuration information for the switch
show port-security address // View address security binding configuration information
show ip access-lists listname // View configuration information for the list named “listname”
Basic Port Configuration
(config)# Interface fastethernet 0/3 // Enter the port configuration mode for F0/3
(config)# interface range fa 0/1-2,0/5,0/7-9 // Enter the port configuration mode for F0/1, F0/2, F0/5, F0/7, F0/8, F0/9
(config-if)# speed 10 // Configure the port speed as 10 Mbps (options: 10, 100, auto)
(config-if)# duplex full // Configure the port as full duplex mode (options: full, half, auto)
(config-if)# no shutdown // Enable the port
(config-if)# switchport access vlan 10 // Assign the port to VLAN 10 for VLAN
(config-if)# switchport mode trunk // Set the port to trunk mode (options: access, trunk)
(config-if)# port-group 1 // Assign the port to aggregated port AG1 for link aggregation
Creating Aggregated Ports
(config)# interface aggregateport 1 // Create aggregated interface AG1
(config-if)# switchport mode trunk // Configure and ensure AG1 is in trunk mode
(config)# int f0/23-24
(config-if-range)# port-group 1 // Assign the ports (port group) to aggregated port AG1
Spanning Tree
Configure Multiple Spanning Tree Protocol:
switch(config)# spanning-tree // Enable spanning tree protocol
switch(config)# spanning-tree mst configuration // Establish multiple spanning tree protocol
switch(config-mst)# name ruijie // Name it as ruijie
switch(config-mst)# revision 1 // Set the revision number as 1
switch(config-mst)# instance 0 vlan 10,20 // Create instance 0
switch(config-mst)# instance 1 vlan 30,40 // Create instance 1
switch(config)# spanning-tree mst 0 priority 4096 // Set the priority as 4096 for instance 0
switch(config)# spanning-tree mst 1 priority 8192 // Set the priority as 8192 for instance 1
switch(config)# interface vlan 10
switch(config-if)# vrrp 1 ip 192.168.10.1 // IP address for VLAN 10
switch(config)# interface vlan 20
switch(config-if)# vrrp 1 ip 192.168.20.1 // IP address for VLAN 20
switch(config)# interface vlan 30
switch(config-if)# vrrp 2 ip 192.168.30.1 // IP address for VLAN 30 (on another layer 3 switch)
switch(config)# interface vlan 40
switch(config-if)# vrrp 2 ip 192.168.40.1 // IP address for VLAN 40 (on another layer 3 switch)
Basic VLAN Configuration
(config)# vlan 10 // Create VLAN 10
(config-vlan)# name vlanname // Name the VLAN as vlanname
(config-if)# switchport access vlan 10 // Assign the port to VLAN 10
In the interface configuration mode of a certain port:
(config)# interface vlan 10 // Enter the virtual port configuration mode for VLAN 10
(config-if)# ip address 192.168.1.1 255.255.255.0 // Configure the IP address and subnet mask for the VLAN 10 virtual port. A layer 2 switch can only have one IP address, which is used as the management IP, for example, for Telnet access.
(config-if)# no shutdown // Enable the port
Port Security
(config)# interface fastethernet 0/1 // Enter a port
(config-if)# switchport port-security // Enable port security for the port
a. Configure maximum connection limit
(config-if)# switchport port-security maximum 1 // Configure the maximum connection limit for the port as 1 (maximum value is 128)
(config-if)# switchport port-security violation shutdown
// Configure the action to be taken for security violations as shutdown. Options: protect (discard packets from unknown addresses when the secure address limit is reached), restrict (send a Trap notification when a violation occurs), shutdown (shut down the port and send a Trap notification when a violation occurs; can be recovered using errdisable recovery in global mode)
b. IP and MAC address binding
(config-if)# switchport port-security mac-address xxxx.xxxx.xxxx ip-address 172.16.1.1
// Bind the MAC address xxxx.xxxx.xxxx and IP address 172.16.1.1 in interface configuration mode (lowercase MAC address)
Layer 3 Routing Function (for Layer 3 switches)
(config)# ip routing // Enable layer 3 routing on the switch
(config)# interface fastethernet 0/1
(config-if)# no switchport // Enable layer 3 routing for the port (to assign an IP address to the port)
(config-if)# ip address 192.168.1.1 255.255.255.0
(config-if)# no shutdown
Layer 3 Switch Routing Protocols
(config)# ip route 172.16.1.0 255.255.255.0 172.16.2.1 // Configure a static route
Note: 172.16.1.0 255.255.255.0 // Destination network and subnet mask
172.16.2.1 is the next-hop address, or an interface can be used, such as ip route 172.16.1.0 255.255.255.0 serial 1/2 (the port connected to 172.16.2.0)
(config)# router rip // Enable RIP protocol process
(config-router)# network 172.16.1.0 // Declare the directly connected network segment information of this device
(config-router)# version 2 // Enable RIP V2, options: version 1 (RIPv1), version 2 (RIPv2)
(config-router)# no auto-summary // Disable automatic summarization of routing information (only supported in RIPV2)
(config)# router ospf // Enable OSPF routing protocol process (for 1762, no process ID required)
(config)# router ospf 1 // Enable OSPF routing protocol process (for 2501, OSPF process ID required)
(config-router)# network 192.168.1.0 0.0.0.255 area 0
// Declare directly connected network segment information and assign an area number (area 0 is the backbone area)
It is evident that the commands of the three vendors are quite similar, with Huawei and H3C being more alike.
IV. Basic Command Configuration for Cisco Switches
Cisco switches, widely popular in the networking world, have their unique command configuration. Let’s understand the configuration commands of Cisco switches in detail.
Enter privileged mode: enable
switch> enable
switch#
Enter global configuration mode: configure terminal
switch> enable
switch# configure terminal
switch(conf)#
Switch naming: hostname aptech2950 (example: aptech2950)
switch> enable
switch# configure terminal
switch(conf)# hostname aptech2950
aptech2950(conf)#
Configure enable password: enable password cisco (example: cisco)
switch> enable
switch# configure terminal
switch(conf)# hostname aptech2950
aptech2950(conf)# enable password cisco
Configure enable secret password: enable secret ciscolab (example: ciscolab)
switch> enable
switch# configure terminal
switch(conf)# hostname aptech2950
aptech2950(conf)# enable secret ciscolab
Create multiple VLANs
Create multiple VLANs
Switch> enable (enter privileged mode)
Switch# vlan database (enter VLAN configuration mode)
Switch(vlan)# vlan 10 name IT (create VLAN 10 with name IT)
Switch(vlan)# vlan 20 name HR (create VLAN 20 with name HR)
Switch(vlan)# vlan 30 name FIN (create VLAN 30 with name FIN)
Switch(vlan)# vlan 40 name LOG (create VLAN 40 with name LOG)
Switch(vlan)# exit
Set VLAN 1
switch> enable
switch# configure terminal
switch(conf)# hostname aptech2950
aptech2950(conf)# interface vlan 1
aptech2950(conf-if)# ip address 192.168.1.1 255.255.255.0 (configure the IP address and subnet mask for the switch port)
aptech2950(conf-if)# no shutdown (configure to be in a running state)
aptech2950(conf-if)# exit
aptech2950(conf)# ip default-gateway 192.168.254 (set the gateway address)
Enter a specific port on the switch: interface fastethernet 0/17 (example: port 17)
switch> enable
switch# configure terminal
switch(conf)# hostname aptech2950
aptech2950(conf)# interface fastethernet 0/17
aptech2950(conf-if)#
View commands: show
switch> enable
switch# show version (view all version information in the system)
show interface vlan 1 (view IP-related configurations of the switch)
show running-config (view currently active configurations on the switch)
show interface fastethernet 0/1 (view specific configuration and statistics information for interface 1 of the switch)
show mac-address-table (view MAC address table)
show mac-address-table aging-time (view automatic aging time of the MAC address table)
Reset switch to factory default: switch> enable
switch# erase startup-config
switch# reload
Duplex mode setting
switch> enable
switch# configure terminal
switch2950(conf)# hostname aptech-2950
aptech2950(conf)# interface fastethernet 0/17 (example: port 17)
aptech2950(conf-if)# duplex full/half/auto (three options: full, half, auto)
CDP-related commands
switch> enable
switch# show cdp (view CDP global configuration information of the device)
show cdp interface fastethernet 0/17 (view CDP configuration information for port 17)
show cdp traffic (view statistics information about CDP packets)
show cdp neighbors (list connected Cisco devices)
Telnet remote login configuration for the switch:
switch> en
switch# configure terminal
switch(conf)# hostname aptech-2950
aptech2950(conf)# enable password cisco (set cisco as the privileged mode password)
aptech2950(conf)# interface fastethernet 0/1 (use port 17 as the telnet remote login port)
aptech2950(conf-if)# ip address 192.168.1.1 255.255.255.0
aptech2950(conf-if)# no shutdown
aptech2950(conf-if)# exit
aptech2950(conf)line vty 0 4 (allow 0-4 users for telnet remote login)
aptech2950(conf-line)# login
aptech2950(conf-line)# password edge (set edge as the user password for remote login)
Host Configuration:
ip 192.168.1.2 (the host’s IP must be in the same network segment as the switch port address)
netmask 255.255.255.0
gateway 192.168.1.1 (the gateway address is the switch port address)
Operation:
telnet 192.168.1.1
Enter telnet remote login interface
password: edge
aptech2950>en
password: cisco
aptech#
Conclusion
While these commands give you a basic understanding of the command configurations for Huawei, H3C, Ruijie, and Cisco switches, it’s important to note that there’s a lot more to explore within each brand’s command line interface. Learning the ins and outs of these commands can be time-consuming but highly beneficial for managing network switches effectively.
Router-switch.com, a leading provider of network solutions for over a decade, can assist you with your networking needs. Our expertise extends beyond providing high-quality hardware and extends to comprehensive after-sales support. We understand the nuances of different networking switches and can guide you through the process, ensuring a smooth transition and operation. Our goal is to provide high-quality network switches and solutions at competitive prices, all while delivering exceptional customer service.
We invite you to visit Router-switch.com to learn more about the intricate world of switch command configurations. Whether you are an IT professional looking to expand your knowledge or a business owner wanting to understand the best switches for your needs, we have something for everyone.
Are you interested in the switches? Welcome to learn details and check the price on Router-switch.com.
Do you have any question? Contact us now via Live Chat or sales@router-switch.com.
Read More:
How Global Tech Partnerships with Huawei Drive the Growth of Qatar’s ICT Sector
Driving High-Speed Connectivity with Cisco Nexus N9K-C93180YC-FX
Exploring the 4 Common Types of Wireless Networks: Empowering Modern Connectivity
Igniting the Future of ICT: An Invitation to Router-switch.com’s InnovateTech Speaker Program
Types of Wireless Security: How to choose a security home wifi network?
The Dell R750 8SFF Server: Dell’s Answer to Next-Generation Workloads
