Cisco Access Switch Command Reference

Prepared for: Mohammed Mubin

Purpose: Practical, production-ready command catalog for Cisco Catalyst access switches (IOS/IOS XE)
with correct prompts and usage context.

1. Modes & Navigation

Switch> enable
Switch# disable
Switch# logout
Switch# exit
Switch# configure terminal
Switch(config)# end
Switch(config)# exit

2. System & Management Basics

Common device management, files, and system state.
Switch# show version
Switch# show running-config
Switch# show startup-config
Switch# show inventory
Switch# show license
Switch# show environment all
Switch# show power inline
Switch# show platform
Switch# show file systems
Switch# dir flash:
Switch# delete /force /recursive flash:/<file>
Switch# copy running-config startup-config
Switch# copy startup-config running-config
Switch# write memory
Switch# reload
Switch# clock set [Link] DEC 7 2025
Switch(config)# hostname Access-SW1
Switch(config)# service timestamps debug datetime msec
Switch(config)# service timestamps log datetime msec
Switch(config)# no ip domain-lookup
Switch(config)# ip domain-name [Link]
Switch(config)# banner motd ^C Authorized Access Only! ^C

3. Local Users, SSH, and Access Lines

Switch(config)# username admin secret <STRONG_PASSWORD>
Switch(config)# enable secret <STRONG_PASSWORD>
Switch(config)# crypto key generate rsa modulus 2048
Switch(config)# ip ssh version 2
Switch(config)# line vty 0 4
Switch(config-line)# login local
Switch(config-line)# transport input ssh
Switch(config-line)# exec-timeout 10 0
Switch(config-line)# exit
Switch(config)# line console 0
Switch(config-line)# login local
Switch(config-line)# exec-timeout 15 0
Switch(config-line)# exit
Switch# show ip ssh
Switch# show users
Switch# show line

4. Management IP (SVI) & Default Gateway

Switch(config)# interface vlan 10
Switch(config-if)# ip address [Link] [Link]
Switch(config-if)# description Management SVI
Switch(config-if)# no shutdown
Switch(config)# ip default-gateway [Link]
Switch# show ip interface brief
Switch# show interfaces vlan 10
Switch# ping [Link]
Switch# traceroute [Link]

5. Management VRF (IOS XE optional)

Switch(config)# vrf definition Mgmt-vrf
Switch(config-vrf)# address-family ipv4
Switch(config-vrf)# exit
Switch(config)# interface vlan 10
Switch(config-if)# vrf forwarding Mgmt-vrf
Switch(config-if)# ip address [Link] [Link]
Switch(config-if)# no shutdown

6. VLANs & VTP

Switch# show vlan brief
Switch# show vlan id 20
Switch# show interfaces switchport
Switch(config)# vlan 10
Switch(config-vlan)# name Users
Switch(config-vlan)# exit
Switch(config)# vlan 20
Switch(config-vlan)# name Voice
Switch(config-vlan)# exit
Switch# show vtp status
Switch(config)# vtp mode transparent
Switch(config)# vtp domain CORP
Switch(config)# vtp password <password>

7. Access Ports, Voice VLAN, and Trunking

Switch(config)# interface GigabitEthernet1/0/3
Switch(config-if)# description Floor1-Desk-03
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 10
Switch(config-if)# spanning-tree portfast
Switch(config-if)# spanning-tree bpduguard enable
Switch(config-if)# storm-control broadcast level 1.00
Switch(config-if)# storm-control multicast level 1.00
Switch(config-if)# storm-control unicast level 5.00
Switch(config-if)# ip arp inspection limit rate 100
Switch(config-if)# no shutdown

Switch(config)# interface GigabitEthernet1/0/4

Switch(config-if)# description IP-Phone+PC
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 10
Switch(config-if)# switchport voice vlan 20
Switch(config-if)# mls qos trust cos
Switch(config-if)# spanning-tree portfast
Switch(config-if)# spanning-tree bpduguard enable
Switch(config-if)# no shutdown

Switch(config)# interface GigabitEthernet1/0/48

Switch(config-if)# description Uplink-to-Distro1
Switch(config-if)# switchport trunk encapsulation dot1q
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk allowed vlan 10,20,99
Switch(config-if)# switchport trunk native vlan 99
Switch(config-if)# spanning-tree link-type point-to-point
Switch(config-if)# no shutdown

8. Port Security
Switch(config)# interface GigabitEthernet1/0/5
Switch(config-if)# description Secure-Edge-Port
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 10
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security maximum 2
Switch(config-if)# switchport port-security violation restrict
Switch(config-if)# switchport port-security mac-address sticky
Switch(config-if)# switchport port-security aging time 5
Switch(config-if)# switchport port-security aging type inactivity
Switch# show port-security interface gigabitEthernet1/0/5
Switch# clear port-security sticky interface gigabitEthernet1/0/5

9. Spanning Tree Protocol (RPVST)

Switch# show spanning-tree
Switch# show spanning-tree vlan 10
Switch# show spanning-tree summary
Switch(config)# spanning-tree mode rapid-pvst
Switch(config)# spanning-tree extend system-id
Switch(config)# spanning-tree vlan 10 root primary
Switch(config)# spanning-tree vlan 10 priority 24576
Switch(config)# spanning-tree portfast default
Switch(config)# spanning-tree bpduguard default
Switch(config)# errdisable recovery cause bpduguard
Switch(config)# errdisable recovery interval 300

Switch(config)# interface g1/0/6

Switch(config-if)# spanning-tree portfast
Switch(config-if)# spanning-tree bpduguard enable
Switch(config-if)# spanning-tree guard root
Switch(config-if)# spanning-tree cost 10
Switch(config-if)# spanning-tree vlan 10 cost 5

10. EtherChannel (LACP)

Switch(config)# interface range g1/0/47 - 48
Switch(config-if-range)# channel-group 1 mode active
Switch(config-if-range)# exit
Switch(config)# interface port-channel 1
Switch(config-if)# description Uplink-PO1
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk allowed vlan 10,20,99
Switch# show etherchannel summary
Switch# show lacp neighbor

11. QoS Basics (Voice/Data)

Switch(config)# mls qos
Switch(config)# auto qos voip cisco-phone
Switch(config)# interface g1/0/4
Switch(config-if)# mls qos trust cos
Switch(config-if)# srr-queue bandwidth share 10 10 60 20
Switch# show mls qos interface g1/0/4

12. DHCP Snooping, DAI, IP Source Guard

Switch(config)# ip dhcp snooping
Switch(config)# ip dhcp snooping vlan 10,20
Switch(config)# ip dhcp snooping verify mac-address
Switch(config)# interface g1/0/48
Switch(config-if)# ip dhcp snooping trust
Switch(config)# interface g1/0/1
Switch(config-if)# ip dhcp snooping limit rate 50
Switch# show ip dhcp snooping

Switch(config)# ip arp inspection vlan 10,20

Switch(config)# interface g1/0/1
Switch(config-if)# ip arp inspection limit rate 100
Switch# show ip arp inspection

Switch(config)# interface g1/0/1

Switch(config-if)# ip verify source port-security
Switch# show ip verify source

13. Neighbor Discovery (CDP/LLDP)

Switch# show cdp neighbors
Switch# show cdp neighbors detail
Switch(config)# cdp run
Switch(config)# interface range g1/0/1 - 24
Switch(config-if-range)# cdp enable

Switch# show lldp neighbors

Switch# show lldp neighbors detail
Switch(config)# lldp run
Switch(config)# interface range g1/0/1 - 24
Switch(config-if-range)# lldp transmit
Switch(config-if-range)# lldp receive

14. Monitoring, Logging, SNMP, NetFlow

Switch(config)# logging host [Link]
Switch(config)# logging trap informational
Switch(config)# logging buffered 16384
Switch# show logging

Switch(config)# snmp-server community PUBLIC ro

Switch(config)# snmp-server location Muscat-ALKhuwair
Switch(config)# snmp-server contact Said Abaid
Switch# show snmp
Switch(config)# flow exporter EXP1
Switch(cfg-flow-exporter)# destination [Link]
Switch(cfg-flow-exporter)# transport udp 2055
Switch(cfg-flow-exporter)# exit
Switch(config)# flow monitor MON1 input
Switch(config)# interface g1/0/48
Switch(config-if)# ip flow monitor MON1 input
Switch# show flow monitor MON1 cache

15. Errdisable, UDLD, Loop Guard

Switch# show errdisable recovery
Switch(config)# errdisable recovery cause all
Switch(config)# errdisable recovery interval 300

Switch(config)# udld aggressive

Switch(config)# interface g1/0/48
Switch(config-if)# udld port aggressive

Switch(config)# interface g1/0/48

Switch(config-if)# spanning-tree guard loop

16. Power over Ethernet (PoE)

Switch# show power inline
Switch(config)# interface g1/0/4
Switch(config-if)# power inline auto
Switch(config-if)# power inline static max 15.4
Switch# test cable-diagnostics tdr interface g1/0/4
Switch# show cable-diagnostics tdr interface g1/0/4

17. Interface Health & MAC Table

Switch# show interfaces status
Switch# show interfaces
Switch# show interfaces counters errors
Switch# show interfaces description
Switch# show interfaces trunk
Switch# show controllers ethernet-controller g1/0/1
Switch# show mac address-table
Switch# show mac address-table dynamic
Switch# show mac address-table interface g1/0/1
Switch# clear mac address-table dynamic

18. Minimal Routing (Mgmt only)

Switch(config)# ip route [Link] [Link] [Link]
Switch# show ip route
Switch# show ip cef

19. Time & NTP

Switch(config)# ntp server [Link] prefer
Switch(config)# ntp authenticate
Switch(config)# ntp trusted-key 1
Switch(config)# ntp key 1 md5 <SECRET>
Switch# show ntp associations
Switch# show clock
20. Access Control Lists (mgmt filtering)
Switch(config)# ip access-list standard MGT-ALLOW
Switch(config-std-nacl)# permit [Link] [Link]
Switch(config-std-nacl)# deny any
Switch(config)# line vty 0 4
Switch(config-line)# access-class MGT-ALLOW in
Switch# show access-lists

21. IP Device Tracking & 802.1X

Switch(config)# ip device tracking
Switch# show ip device tracking all

Switch(config)# dot1x system-auth-control

Switch(config)# interface g1/0/6
Switch(config-if)# authentication port-control auto
Switch(config-if)# mab
Switch(config-if)# dot1x timeout tx-period 10
Switch# show authentication sessions interface g1/0/6

22. StackWise (if applicable)

Switch# show switch
Switch# show switch stack-ports
Switch# switch 1 priority 15
Switch# switch 2 renumber 3
Switch# reload

23. Quick Reference: Useful 'show' Commands

Switch# show ip interface brief
Switch# show interfaces status
Switch# show interfaces counters
Switch# show interfaces switchport
Switch# show mac address-table
Switch# show vlan brief
Switch# show spanning-tree
Switch# show etherchannel summary
Switch# show cdp neighbors detail
Switch# show lldp neighbors detail
Switch# show port-security
Switch# show power inline
Switch# show logging
Switch# show inventory
Switch# show version
Switch# show system mtu
Switch# show platform software status control-processor

24. Debug Commands (use with caution)

Switch# debug spanning-tree events
Switch# debug dhcp packet
Switch# debug ip packet detail
Switch# debug cdp events
Switch# debug lldp events
Switch# terminal monitor
Switch# terminal no monitor
Switch# undebug all
25. Ready-to-use Port Templates
Standard user edge port:
Switch(config)# interface g1/0/7
Switch(config-if)# description User-Desk
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 10
Switch(config-if)# spanning-tree portfast
Switch(config-if)# spanning-tree bpduguard enable
Switch(config-if)# storm-control broadcast level 1.00
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security maximum 2
Switch(config-if)# switchport port-security violation restrict
Switch(config-if)# switchport port-security mac-address sticky
Switch(config-if)# no shutdown

Uplink trunk:
Switch(config)# interface g1/0/48
Switch(config-if)# description Uplink-to-Distro
Switch(config-if)# switchport mode trunk
Switch(config-if)# switchport trunk allowed vlan add 10,20,99
Switch(config-if)# switchport trunk native vlan 99
Switch(config-if)# spanning-tree link-type point-to-point
Switch(config-if)# udld port aggressive
Switch(config-if)# no shutdown
Notes:
• Commands may vary slightly by platform/IOS version. • Use 'show ?' and 'command ?' on the device for
on-box help. • For lab safety, avoid running heavy debugs on production switches.