The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
The command-line interface (CLI) provides a text-based method for managing and monitoring the switch. You can access the command-line interface using a physical serial connection or a remote logical connection with Telnet.
This chapter describes how to use the command-line interface and contains the following topics:
The command-line interface is divided into various modes. Each mode has a group of commands available in it. These modes are described in the CLI Command Modes section.
Users are assigned privilege levels. Each privilege level can access the CLI modes permitted to that level.
Users may be created with one of the following user levels:
Level 1—Users with this level can only run the User EXEC mode commands. Users at this level cannot access the web-based interface.
Level 15—Users with this level can run all commands. Only users at this level can access the web-based interface.
A system administrator (user with level 15) can create passwords that allow a lower-level user to temporarily become a higher-level user. For example, the user may go from level 1 to 15.
Users with a lower level can raise their level by entering the enable command and the password for level 15. The higher level holds only for the current session.
The disable command returns the user to a lower level.
To create a user and assign a user level, use the username command. Only users with privilege level 15 can create users at this level.
Example 1—The following example creates the password for level 15 (by the administrator):
switchxxxxxx# configure
switchxxxxxx(config)# enable privilege 15 password level15@abcExample 2—The following example creates a user with privilege level 1:
switchxxxxxx# configure
switchxxxxxx(config)# username john privilege 1 secret John1234Example 3—The following example switches between level 1 to level 15. The user must know the password for level 15.
switchxxxxxx# exit
switchxxxxxx> enable 15
Password: ****** (this is the password for level 15)
switchxxxxxx# Note |
If the authentication of passwords is performed on the RADIUS or TACACS+ servers, the passwords assigned to user level 15 must be configured on the external server and associated with the $enab15$ username. |
The command-line interface is divided into four command modes. These are the command modes in the order in which they are accessed:
Each command mode has its own unique console prompt and set of CLI commands. Entering a question mark at the console prompt displays a list of available commands for the current mode and for the level of the user. Specific commands are used to switch from one mode to another.
Users are assigned privilege levels that determine the modes and commands available to them.
Users with level 1 initially log into the User EXEC mode. The User EXEC mode is used for tasks that do not change the configuration, such as performing basic tests and listing system information.
The user-level prompt consists of the switch hostname followed by a >. The default hostname is switchxxxxxx where xxxxxx is the last six digits of the switch’s MAC address, as shown here:
switchxxxxxx>The default hostname can be changed by using the hostname Global Configuration mode command.
A user with level 15 automatically logs into the Privileged EXEC mode.
The user-level prompt consists of the switch hostname followed by a #. The default hostname is switchxxxxxx where xxxxxx is the last six digits of the switch’s MAC address, as shown here:
switchxxxxxx#Users with level 1 can enter the Privileged EXEC mode by entering the enable command, and when prompted, the password for level 15.
To return from the Privileged EXEC mode to the User EXEC mode, use the disable command.
The Global Configuration mode is used to run the commands that configure the features at the system level, as opposed to the interface level.
Only users with command level 15 can access this mode.
To access the Global Configuration mode from the Privileged EXEC mode, enter the configure command at the Privileged EXEC mode prompt and press Enter. The Global Configuration mode prompt, consisting of the switch hostname followed by (config)#, is displayed:
switchxxxxxx(config)#Use any of the following commands to return from the Global Configuration mode to the Privileged EXEC mode:
exit
end
Ctrl+Z
The following example shows how to access the Global Configuration mode and return to the Privileged EXEC mode:
switchxxxxxx#
switchxxxxxx# configure
switchxxxxxx(config)# exit
switchxxxxxx#Various submodes may be entered from the Global Configuration mode. These submodes enable performing commands on a group of interfaces or lines, defining conditions required to allow traffic based on IPv4, IPv6, and MAC addresses, or defining the settings for management ACL, IGMP profiles, and MLD profiles.
For instance, to perform several operations on a specific interface, you can enter the Interface Configuration mode for that interface.
The following example enters the Interface Configuration mode for fa1-5 and then sets their speeds:
switchxxxxxx#
switchxxxxxx# configure
switchxxxxxx(config)# interface range gi1-5
switchxxxxxx(config-if-range)# speed 1000
switchxxxxxx(config-if-range)# exit
switchxxxxxx(config)#The exit command returns to the Global Configuration mode.
The following submodes are available:
Interface—Contains commands that configure a specific interface (port or port channel) or a range of interfaces. The interface Global Configuration mode command is used to enter the Interface Configuration mode.
Port Channel—Contains commands used to configure port channels; for example, assigning ports to a port channel. Most of these commands are the same as the commands in the Ethernet Interface Configuration mode, and are used to manage the member ports as a single entity. The interface Port-Channel Global Configuration mode command is used to enter the Port Channel Interface Configuration mode.
IP Access-List—Configures conditions required to allow traffic based on IP addresses. The ip access-list Global Configuration mode command is used to enter the IP Access-List Configuration mode.
IPv6 Access-List—Configures conditions required to allow traffic based on IPv6 addresses. The ipv6 access-list Global Configuration mode command is used to enter the IPv6 Access-List Configuration mode.
Line Interface—Contains commands used to configure the management connections for the console, Telnet, and SSH. These commands configure connection operations such as line timeout settings. The line Global Configuration command is used to enter the Line Configuration mode.
MAC Access-List—Configures conditions required to allow traffic based on MAC addresses. The mac access-list Global Configuration mode command is used to enter the MAC Access-List Configuration mode.
Management Access-List—Contains commands used to define management access-lists. The management access-list Global Configuration mode command is used to enter the Management Access-List Configuration mode.
IGMP Profile—Contains commands used to define the settings of IGMP profiles. The ip igmp profile Global Configuration mode command is used to enter the IGMP Profile Configuration mode.
MLD Profile—Contains commands used to define the settings of MLD profiles. The ipv6 mld profile Global Configuration mode command is used to enter the MLD Profile Configuration mode.
To return from any Interface Configuration mode to the Global Configuration mode, use the exit command.
The command-line interface can be accessed from a terminal or computer by performing one of the following tasks:
Running a terminal application, such as HyperTerminal, on a computer that is directly connected to the switch’s console port.
Running a Telnet session from a command prompt on a computer with a network connection to the switch.
Using SSH.
Note |
Telnet and SSH are disabled by default on the switch. |
If the access is through a Telnet connection, ensure that the following conditions are met before using CLI commands:
The switch has a defined IP address.
Corresponding management access is granted.
An IP path is available so that the computer and the switch can reach each other.
The switch’s serial console port provides a direct connection to a computer’s serial port using a standard DB-9 null modem or crossover cable. Once the computer and the switch are connected, run a terminal application to access the command-line interface.
To access the command-line interface using the HyperTerminal application, perform the following steps:
| Command or Action | Purpose | |
|---|---|---|
| Step 1 |
Click the Start button. |
|
| Step 2 |
Select All Programs>AccessoriesCommunications>HyperTerminal. |
|
| Step 3 |
Enter a name for this connection. Select an icon for the application, then click OK. |
|
| Step 4 |
Select a port (such as COM1) to communicate with the switch. |
|
| Step 5 |
Set the serial port settings, then click OK. |
|
| Step 6 |
When the command-line interface appears, enter cisco at the Username prompt and press Enter. |
|
| Step 7 |
Enter cisco at the Password prompt and press Enter. |
If this is the first time that you have logged on with the default username and password, or the switch has been rebooted to factory defaults, you are asked to change your password. The following message appears: |
| Step 8 |
Enter Y, and set a new administrator password. |
Password complexity is enabled on the switch by default. Passwords must conform to the following default settings:
|
| Step 9 |
Press Enter. |
The switchxxxxxx# prompt is displayed. You can now enter the commands to manage the switch. For detailed information about the commands, refer to the appropriate chapters of this reference guide. |
Telnet provides a method of connecting to the command-line interface over an IP network.
To establish a Telnet session from the command prompt, perform the following steps:
| Command or Action | Purpose | |
|---|---|---|
| Step 1 |
Click Start, then select All Programs>Accessories>Command Prompt to open a command prompt. |
|
| Step 2 |
At the prompt, enter telnet <IP address of switch>, then press Enter. |
The command-line interface is displayed. |
There are certain command entry standards that apply to all commands. The following table describes the command conventions:
|
[ ] |
In a command line, square brackets indicate an optional entry. |
|
{ } |
In a command line, curly brackets indicate a selection of compulsory parameters separated with the | character. One option must be selected. For example, flowcontrol {auto | on | off} means that for the flowcontrol command, either auto, on, or off must be selected. |
|
parameter |
Italic text indicates a parameter. |
|
bold |
Command names and keywords are shown in bold. |
|
italics |
Variables and arguments are shown in italics. |
|
press key |
Names of keys to be pressed are shown in bold. |
|
Ctrl+F4 |
Keys separated by the + character are to be pressed simultaneously on the keyboard. |
|
Fixed-width font indicates CLI prompts, CLI commands entered by the user, and system messages displayed on the console. |
A CLI command is a series of keywords and arguments. Keywords identify a command, and arguments specify configuration parameters. For example, in the command show interfaces status gi1, show, interfaces, and status are keywords, gi is an argument that specifies the interface type, and 1 specifies the port.
To enter the commands that require parameters, enter the required parameters after the command keyword. For example, to set a password for the administrator, enter:
switchxxxxxx(config)# username admin secret Nn148279When working with the CLI, the command options are not displayed. The standard command to request help is ?.
There are two instances where help information can be displayed:
Keyword lookup—The character ? is entered in place of a command. A list of all valid commands and corresponding help messages are displayed.
Partial keyword lookup—If a command is incomplete and the character ? is entered in place of a parameter, the matched keyword or parameters for this command are displayed.
Every time a command is entered in the CLI, it is recorded on an internally managed command history buffer. Commands stored in the buffer are maintained on a First In First Out (FIFO) basis. These commands can be recalled, reviewed, modified, and reissued. This buffer is not preserved across device resets.
|
Up-Arrow key Ctrl+P |
Recalls commands in the history buffer, beginning with the most recent command. Repeat the key sequence to recall successively older commands. |
|
Down-Arrow key |
Returns to more recent commands in the history buffer after recalling commands with the up-arrow key. Repeating the key sequence will recall successively more recent commands. |
By default, the history buffer system is enabled, but it can be disabled at any time. For more information on enabling or disabling the history buffer, refer to the history command.
There is a standard default number of commands that are stored in the buffer. The standard number of 10 commands can be increased to 256. For more information on configuring the command history buffer, refer to the history command.
To display the history buffer, refer to the show history command.
For many configuration commands, the prefix keyword no can be entered to cancel the effect of a command or reset the configuration to the default value. This reference guide provides a description of the negation effect for each CLI command.
If the command entered is incomplete, invalid, or has missing or invalid parameters, then the appropriate error message is displayed. This assists in entering the correct command. By pressing Tab after an incomplete command is entered, the system will attempt to identify and complete the command. If the characters already entered are not enough for the system to identify a single matching command, press ? to display the available commands matching the characters already entered.
The CLI has a range of keyboard shortcuts to assist in editing the CLI commands. The following table describes the CLI shortcuts:
|
Up-arrow |
Recalls commands from the history buffer, beginning with the most recent command. Repeat the key sequence to recall successively older commands. |
|
Down-arrow |
Returns the most recent commands from the history buffer after recalling commands with the up-arrow key. Repeating the key sequence will recall successively more recent commands. |
|
Ctrl+A |
Moves the cursor to the beginning of the command line. |
|
Ctrl+E |
Moves the cursor to the end of the command line. |
|
Ctrl+Z / End |
Returns back to the Privileged EXEC mode from any configuration mode. |
|
Backspace |
Deletes one character left to the cursor position. |
Up to 1000 lines of text (or commands) can be copied and pasted into the device.
Note |
It is the user’s responsibility to ensure that the text copied into the device consists of legal commands only. |
When copying and pasting commands from a configuration file, make sure that the following conditions exist:
A device Configuration mode has been accessed.
The commands contain no encrypted data, such as encrypted passwords or keys. Encrypted data cannot be copied and pasted into the device except for encrypted passwords where the keyword encrypted is used before the encrypted data.
Within the command-line interface, the interfaces are denoted by concatenating the following elements:
Type of interface—The following types of interfaces are found on the various types of devices:
Fast Ethernet (10/100 bits)—This can be written as FastEthernet or fa.
Gigabit Ethernet ports (10/100/1000 bits)—This can be written either GigabitEthernet or gi.
LAG (Port Channel)—This can be written as either Port-Channel or po.
Interface Number—Port, LAG, tunnel, or VLAN ID.
The syntax for this is:
{<port-type>[ ]<port-number>}|{Port-Channel|po}[ ]<port-channel-number>Sample of these various options are shown in the example below:
switchxxxxxx# configure
switchxxxxxx(config)# interface gi1
switchxxxxxx(config)# interface fa1
switchxxxxxx(config)# interface Port-Channel 1
switchxxxxxx(config-if)#Interfaces may be described on an individual basis or within a range. The interface range command has the following syntax:
<interface-range> ::=
{<port-type>[ ][<first-port-number>[ - <last-port-number]}|
{Port-Channel|po}[ ]<first-port-channel-number>[ - <last-port-channel-number>]A sample of this command is shown in the example below:
switchxxxxxx# configure
switchxxxxxx(config)# interface range gi1-5
switchxxxxxx(config-if-range)#A combination of interface types can be specified in the interface range command in the following format:
<range-list> ::= <interface-range> | <range-list>,< interface-range>Note |
Range lists can contain either ports or port channels. The space after the comma is optional. When a range list is defined, a space after the first entry and before the comma (,) must be entered. |
A sample of this command is shown in this example:
switchxxxxxx# configure
switchxxxxxx(config)# interface range gi1,gi4-5
switchxxxxxx(config-if-range)#
Feedback