====== Cisco Catalyst 9500 Series Manual ====== **[[https://www.cisco.com/c/en/us/support/switches/catalyst-9500-series-switches/products-installation-and-configuration-guides-list.html|Configuration Guides]]** **[[https://www.manualslib.com/products/Cisco-Catalyst-9500-Series-8759103.html|Cisco Catalyst 9500 Series Switches Manuals]]** ---- Switch#show interfaces status Switch#show mac address-table Switch#show ip igmp snooping Switch#show lldp Switch#show lldp neighbors Switch#show lldp neighbors detail Switch#show system mtu Switch#show platform hardware capacity Switch#show interfaces | include MTU Switch#show running-config | begin TwentyFiveGigE1/0/1 ---- On the **Cisco switch**, you need to edit the interface, then use the command -**fec off** On the **Aruba switch**, you need to edit the interface, then use the command -**error-control none** ---- **{{ :cisco:switch:9500:1dc4bfad-7c8a-4b86-aa6e-bd3bd2d46fbe.pdf |Cisco Catalyst 9500 Series Switches Hardware Installation Guide}}** {{pdfjs 46em >:cisco:switch:9500:1dc4bfad-7c8a-4b86-aa6e-bd3bd2d46fbe.pdf }} ---- **{{ :cisco:switch:9500:baef5d19-ac34-49f0-a5fa-76969121fd01.pdf |CommandReference, Cisco IOS XE 17.15.x (Catalyst 9500 Switches)}}** {{pdfjs 46em >:cisco:switch:9500:baef5d19-ac34-49f0-a5fa-76969121fd01.pdf }} ---- ---- **Password** enable configure terminal enable password NEW_PASSWORD enable secret NEW_PASSWORD exit configure terminal line console 0 password NEW_PASSWORD login exit configure terminal username USERNAME password NEW_PASSWORD exit write mem show running-config | include username Note:For enhanced security, enable password encryption on the switch: **service password-encryption** ---- ---- **Basic cli** Switch# configure terminal Switch(config)# Switch(config)#hostname Switch(config)#hostname Cisco_switch_x Switch(config)#interface vlan1 Switch(config)#no shutdown Switch(config-if)#ip address Switch(config-if)#ip address 172.16.29.10 255.255.0.0 Switch(config)#enable secret Switch(config)#enable secret P@$$w0^d Switch(config)# username admin privilege 15 password Switch(config)# username admin privilege 15 password P@$$w0^d Switch(config)# ip default-gateway Switch(config)# ip default-gateway 172.16.29.1 Switch# show ip route Switch(config)# line con 0 Switch(config-line)# password p@$$w0^d Switch(config-line)# login Switch(config)# exit Switch(config)# line vty 0 4 Switch(config-line)# password p@$$w0^d Switch(config-line)# login Switch(config)# exit Switch(config)# line aux 0 Switch(config-line)# password p@$$w0^d Switch(config-line)# login Switch(config)# exit Switch(config)# ip route Switch(config)# ip route 172.16.29.59 255.255.0.0 Switch# show running-config Switch(config)#interface fastethernet 0/1 Switch(config-if)#description Development VLAN Switch(config-if)#duplex full Switch#write memory Building configuration... [OK] Switch# ---- ---- **Allow IP Forwarding Globally** configure terminal ip routing ip forward-protocol udp interface Vlan10 ip address 192.168.1.1 255.255.255.0 no shutdown interface Vlan20 ip address 192.168.2.1 255.255.255.0 no shutdown ---- ---- **Enable Multicast Routing** enable configure terminal ip multicast-routing ip pim sparse-mode interface INTERFACE_ID ip pim sparse-mode ip pim rp-address RP_IP_ADDRESS ip pim send-rp-announce INTERFACE scope TTL ip pim send-rp-discovery INTERFACE scope TTL ip igmp snooping vlan VLAN_ID ip igmp snooping exit show ip mroute show ip pim neighbor show ip pim rp show ip igmp groups Example Configuration Scenario: Multicast source: 192.168.1.10 RP: 192.168.1.1 VLAN 10 and VLAN 20 are participating in multicast. Configuration: ip multicast-routing ip pim rp-address 192.168.1.1 interface Vlan10 ip address 192.168.1.1 255.255.255.0 ip pim sparse-mode interface Vlan20 ip address 192.168.2.1 255.255.255.0 ip pim sparse-mode **Example** enable configure terminal ip igmp snooping vlan 1 ip igmp snooping vlan 500 ip igmp snooping vlan 501 ip igmp snooping vlan 502 ip igmp snooping vlan 503 ip igmp snooping vlan 504 ip igmp snooping vlan 505 ip igmp snooping vlan 506 ip igmp snooping vlan 507 ip igmp snooping vlan 508 ip igmp snooping vlan 509 ip igmp snooping vlan 510 ip igmp snooping vlan 511 ip igmp snooping vlan 512 ip igmp snooping vlan 513 ip igmp snooping vlan 514 ip igmp snooping vlan 515 ip igmp snooping vlan 516 ip igmp snooping vlan 517 ip igmp snooping vlan 518 ip igmp snooping vlan 519 ip igmp snooping vlan 520 ip igmp snooping vlan 521 ip igmp snooping vlan 522 ip igmp snooping vlan 523 ip igmp snooping vlan 524 ip igmp snooping vlan 525 ip igmp snooping vlan 526 ip igmp snooping vlan 527 ip igmp snooping ---- ---- **Enable LLDP Globally** enable configure terminal lldp run interface INTERFACE_ID lldp transmit lldp receive exit show lldp show lldp neighbors show lldp neighbors detail lldp timer 60 lldp holdtime 180 write memory **Example** configure terminal lldp run lldp timer 60 lldp holdtime 180 interface GigabitEthernet1/0/1 lldp transmit lldp receive interface GigabitEthernet1/0/2 lldp transmit lldp receive write memory **Example** enable configure terminal lldp run interface TwentyFiveGigE1/0/1 lldp transmit lldp receive interface TwentyFiveGigE1/0/2 lldp transmit lldp receive interface TwentyFiveGigE1/0/3 lldp transmit lldp receive interface TwentyFiveGigE1/0/4 lldp transmit lldp receive interface TwentyFiveGigE1/0/5 lldp transmit lldp receive interface TwentyFiveGigE1/0/6 lldp transmit lldp receive interface TwentyFiveGigE1/0/7 lldp transmit lldp receive interface TwentyFiveGigE1/0/8 lldp transmit lldp receive interface TwentyFiveGigE1/0/9 lldp transmit lldp receive interface TwentyFiveGigE1/0/10 lldp transmit lldp receive interface TwentyFiveGigE1/0/11 lldp transmit lldp receive interface TwentyFiveGigE1/0/12 lldp transmit lldp receive interface TwentyFiveGigE1/0/13 lldp transmit lldp receive interface TwentyFiveGigE1/0/14 lldp transmit lldp receive interface TwentyFiveGigE1/0/15 lldp transmit lldp receive interface TwentyFiveGigE1/0/16 lldp transmit lldp receive interface TwentyFiveGigE1/0/17 lldp transmit lldp receive interface TwentyFiveGigE1/0/18 lldp transmit lldp receive interface TwentyFiveGigE1/0/19 lldp transmit lldp receive interface TwentyFiveGigE1/0/20 lldp transmit lldp receive interface TwentyFiveGigE1/0/21 lldp transmit lldp receive interface TwentyFiveGigE1/0/22 lldp transmit lldp receive interface TwentyFiveGigE1/0/23 lldp transmit lldp receive interface TwentyFiveGigE1/0/24 lldp transmit lldp receive interface HundredGigE1/0/25 lldp transmit lldp receive interface HundredGigE1/0/26 lldp transmit lldp receive interface HundredGigE1/0/27 lldp transmit lldp receive interface HundredGigE1/0/28 lldp transmit lldp receive ---- ---- **Verify MTU Support** show system mtu show platform hardware capacity configure terminal system mtu jumbo 9100 exit write memory reload show system mtu show interfaces | include MTU interface INTERFACE_ID mtu 9100 exit **Example** configure terminal system mtu jumbo 9100 system mtu 9100 interface GigabitEthernet1/0/1 mtu 9100 exit write memory reload ---- ---- If you don't see VLAN information in the running configuration on a Cisco switch, it could be because the default **VTP mode** //is causing the VLAN database information to appear in another file//. To force the configuration to appear in the running configuration, you can use the command **vtp mode transparent**. **Explanation** To display VLAN information on a Cisco switch, you can use the show switch vlan command in privileged EXEC mode. The **show run** command displays the complete configuration of a Cisco router or switch, which can be very long and have thousands of lines. The default VTP mode causes VLAN database information to appear in the **vlan.dat** file ---- ---- **Port-channel** enable configure terminal interface range GigabitEthernet1/0/1 - 2 channel-group 1 mode active interface Port-channel1 switchport switchport mode trunk switchport trunk allowed vlan 10,20,30 For Layer 3 (used for routing): no switchport ip address 192.168.1.1 255.255.255.0 exit show etherchannel summary show lacp neighbor show running-config interface Port-channel1 **Port-channel Example 1** interface range GigabitEthernet1/0/1 - 2 channel-group 1 mode active interface Port-channel1 switchport switchport mode trunk switchport trunk allowed vlan 10,20,30 ---- **Port-channel Example 2** ! interface Port-channel1 description *** Port-Channel to XYZ*** switchport switchport mode trunk switchport nonegotiate logging event bundle-status ! ! interface TwentyFiveGigE1/0/5 description *** Port-Channel to XYZ*** switchport switchport mode trunk switchport nonegotiate logging event link-status logging event trunk-status logging event bundle-status udld port aggressive channel-protocol lacp channel-group 1 mode active service-policy input AutoQos-4.0-Trust-Cos-Input-Policy service-policy output AutoQos-4.0-Output-Policy ! **Port-channel Example 3** interface Port-channel1 description Link to Juniper Networks EX2300-24P switchport mode trunk mtu 9100 logging event bundle-status ! interface TwentyFiveGigE1/0/1 description Link to Juniper Networks EX2300-24P switchport mode trunk mtu 9100 logging event trunk-status logging event bundle-status udld port aggressive channel-protocol lacp channel-group 1 mode active ! interface TwentyFiveGigE1/0/2 description Link to Juniper Networks EX2300-24P switchport mode trunk mtu 9100 logging event trunk-status logging event bundle-status udld port aggressive channel-protocol lacp channel-group 1 mode active ! ---- **Basic cli example** configure terminal hostname cisco_switch_x interface vlan ip address 172.16.29.10 255.255.0.0 no shutdown exit enable secret P@$$w0^d username admin privilege 15 password P@$$w0^d ip default-gateway 172.16.29.1 show ip route ip route 172.16.29.59 255.255.0.0 show running-config interface fastethernet 0/1 description Development VLAN duplex full exit write memory ---- **Stop Cisco console messages** enable configure terminal terminal no monitor no logging console logging console warnings show logging write memory ---- **Disable STP on a Specific VLAN** configure terminal vlan VLAN_ID no spanning-tree vlan VLAN_ID write memory show spanning-tree vlan VLAN_ID show spanning-tree no spanning-tree vlan 1-4094 interface INTERFACE_ID spanning-tree portfast **Example** no spanning-tree vlan 1 no spanning-tree vlan 500 no spanning-tree vlan 501 no spanning-tree vlan 502 no spanning-tree vlan 503 no spanning-tree vlan 504 no spanning-tree vlan 505 no spanning-tree vlan 506 no spanning-tree vlan 507 no spanning-tree vlan 508 no spanning-tree vlan 509 no spanning-tree vlan 510 no spanning-tree vlan 511 no spanning-tree vlan 512 no spanning-tree vlan 513 no spanning-tree vlan 514 no spanning-tree vlan 515 no spanning-tree vlan 516 no spanning-tree vlan 517 no spanning-tree vlan 518 no spanning-tree vlan 519 no spanning-tree vlan 520 no spanning-tree vlan 521 no spanning-tree vlan 522 no spanning-tree vlan 523 no spanning-tree vlan 524 no spanning-tree vlan 525 no spanning-tree vlan 526 no spanning-tree vlan 527 ---- ---- **FEC** on an SFP port refers to **Forward Error Correction (FEC)**, which is a technique used in fiber optic and Ethernet networks to enhance data transmission reliability by detecting and correcting errors without the need for retransmission. **FEC (Forward Error Correction)**: FEC is a mechanism that adds redundant information to the transmitted data. This redundancy allows the receiving end to detect and correct errors caused by signal degradation or noise during transmission. Purpose: FEC is essential for high-speed data links (e.g., 10G, 25G, 40G, 100G Ethernet) to improve link quality and performance. Types: Different FEC modes can be used depending on the standard and speed of the connection (e.g., Reed-Solomon FEC). * **auto** Enable FEC Auto-Neg * **cl108** Enable clause108 with 25G * **cl74** Enable clause74 with 25G * **off** Turn FEC off, FEC is mandatory for speeds 50G or higher ---- ---- **Benefits of FEC on SFP Ports**: * Error Correction: FEC can correct errors due to signal attenuation or interference. * Better Link Performance: Allows for longer cable runs or higher speeds by improving signal integrity. * No Retransmissions: Unlike other error correction methods, FEC works proactively without needing retransmissions, which is important for low-latency environments. ---- **C9500 Cisco Catalyst** C9500-N#**show ver** Cisco IOS XE Software, **Version 17.12.03** Cisco IOS Software [Dublin], Catalyst L3 Switch Software (CAT9K_IOSXE), Version 17.12.3, RELEASE SOFTWARE (fc7) interface TwentyFiveGigE1/0/3 description VLAN 526 PTP A.B.C.D/EF X30 switchport access vlan 526 switchport mode access mtu 9100 logging event trunk-status logging event bundle-status udld port aggressive fec cl74 C9500-N(config-if)#interface TwentyFiveGigE1/0/3 C9500-N(config-if)#fec ? auto Enable FEC Auto-Neg cl108 Enable clause108 with 25G cl74 Enable clause74 with 25G off Turn FEC off, FEC is mandatory for speeds 50G or higher ---- ---- ====== SSH ====== **SSH Configuration on Cisco IOS XE 17.12.03** configure terminal hostname MyRouter ip domain-name mynetwork.local crypto key generate rsa modulus 2048 username admin privilege 15 secret MyStrongPassword ip ssh version 2 line vty 0 4 transport input ssh exec-timeout 10 0 ! 10 minutes, 0 seconds login local exit configure terminal ip ssh server algorithm encryption aes256-ctr aes192-ctr aes128-ctr end write memory show ip ssh show run | include ssh ---- ----