How To Configure Cisco Switches

How To Configure Cisco Switches

Configuring Cisco Switches: A Step by Step Guide

Cisco offers some of the world’s best networking equipment, however knowing how to configure those devices can be a challenge. In this article, we’ll review exactly how to configure a Cisco switch, and answer some frequently asked questions along the way.

Switches are a vital part of any network deployment and are often overlooked due to their native simplicity. Switch implementations can be easy for small networks, but quickly get complicated with V-LAN tagging, and round-robin scheduling for larger enterprise networks.

Unboxing Your Cisco Switch

You’ll want to verify your make and model of Cisco switch, as some models may have additional features and functionality that you’ll want to be aware of. Power on the switch and ensure it is in working order.

In order to continue, we’ll need to send commands to the switch in order to configure it before it is put on the network. In order to do this, we’ll use a popular command-line tool called PuTTY. PuTTY is a free open-source tool you can use to connect and configure devices through SSH and Telnet.

If for any reason you cannot use PuTTY, be sure to check out our list of PuTTY alternatives.

Connecting with PuTTY

  1. Using a 9-pin serial to USB cable, connect your switch to your laptop and launch PuTTY. Under the connection type settings, check the Serial options and mirror the settings below.
  2. Under the Category list on the left side, choose the Serial option. When you see the page that controls the local serial lines, enter the COM port your PC is using to connect with the switch. You can find this under Device Manager if you’re unsure. Example: COM1.
  3. For the digital transmission speed. This speed is based on the model of your switch. Series 300 and 500 switches use a baud of 115200.
  4. Under Data bits enter the value 8.
  5. Under Stop bits enter a value of 1.
  6. Under the Parity drop-down select the None option.
  7. Go to the Flow Control menu and select the None option as well.

Click Save in PuTTY and start the connection. Under the Category List choose the Session option from the left-hand column.

Enter a name for your new session so you can save it and use it in the future for other Cisco configurations. Name it something familiar and then click Save.

Click the Open button to launch the command-line interface (CLI).

Setting Privileged EXEC Mode

Under the factory default setting you do not need to enter a password; simply type Enable and then enter the Global Configuration Mode of the Cisco switch.

Type Enable into the console, then enter the following command:

Switch# configure terminal 


Next, we’ll assign a hostname to the Cisco switch. This will make it easier to find and allow you to set it to a naming convention that fits your network. The example below assigns the switch a name of “switch1:”

Switch(config)# hostname access-switch1 


Setting a password on your Cisco switch

Once your hostname is set you’ll want to secure the privileged EXEC mode account to prevent anyone from making unauthorized changes. To assign an admin password, enter the following:

access-switch1(config)# enable secret YoUrS3creTP@ssw0rd

The above example uses YoUrS3creTP@ssw0rd as an example. You can of course use whatever valid password you’d like. Just ensure it is a strong password.

Telnet & Console Access

The next step is to configure additional passwords for both Telnet and console access. Missing this step could leave your device vulnerable and wide open to anyone who might be poking around. Below are the commands for configuring both Console and Telnet passwords:


access-switch1(config)# line console 0 

access-switch1(config-line)# password YoUrS3creTP@ssw0rd 

access-switch1(config-line)# login 

access-switch1(config-line)# exit 



access-switch1(config)# line vty 0 15 

access-switch1(config-line)# password YoUrS3creTP@ssw0rd 

access-switch1(config-line)# login 

access-switch1(config-line)# exit 


Setting Device Access

Next, we’ll decide what IP address will be allowed to Telnet into the devices through tools like PuTTY. This works similar to how a whitelist would work, so only IP addresses listed in this section will be allowed to remote in for access.

Replace the example IP address with your own, and ensure that the IP addresses you are adding are static reservations, so you don’t lose access:

access-switch1(config)# ip access-list standard TELNET-ACCESS access-switch1(config-std-nacl)# permit 

access-switch1(config-std-nacl)# permit 

access-switch1(config-std-nacl)# exit

Next, you can choose to set your network’s Access Control Lists (ACLs) to the virtual terminal lines. An ACL list will help ensure that only administrators can connect to the switch via Telnet:

access-switch1(config)# line vty 0 15 

access-switch1(config-line)# access-class TELNET-ACCESS in 

access-switch1(config-line)# exit 


Setting the Management Interface

The next step is to choose which IP address will manage the Cisco switch. This will require you to configure a network management IP address. Since Cisco switches don’t come with factory default IP addresses, you won’t be able to connect via SSH or Telnet yet.

You can create a virtual LAN on the switch and make a virtual interface with an IP address by doing the following:

access-switch1(config)# interface vlan 1 

access-switch1(config-if)# ip address 

access-switch1(config-if)# exit 


The above command creates a new management IP address on VLAN 1 using an IP address of and a subnet mask of in the above example.

Setting the default gateway

We’ll need to tell the Cisco switch where to look on the network for the router. This is called assigning the default gateway of the device and will be one of the last steps before the switch is able to contact other devices. Change the example IP address to the IP address of your router:

access-switch1(config)# ip default-gateway

Closing Unused Ports

It’s best practice to close off any unused ports on the switch. This significantly reduces the number of points an attacker could use to gain unauthorized access to the network. All ports are open by default so you’ll want to make sure you follow this step.

The command below will close port 22 and 100-1000. You’ll want to change this to reflect what is right for your network:

access-switch1(config)# interface range fe 22/100-1000 

access-switch1(config-if-range)# shutdown 

access-switch1(config-if-range)# exit 


Save Your Work

Save your configurations to ensure that they are written to memory so they are not lost when the device is restarted with the following command:

access-switch1(config)# exit 

access-switch1# wr

Setup NetFlow for Management

This next step is optional but enables the use of a network traffic analyzer to monitor packets through the switch using the NetFlow protocol. By default, this is off but it is beneficial to turn it on now so you can use it in the future.

To start, we must enter Global Configuration Mode by entering the following command:

Switch# configure terminal

Next, we have to publish a flow record. Below the flow record is named Example1, you can pick whatever you’d like.

#flow record Example1

After that, we’ll need to outline the source address, destination, and protocol as well as the transport source port, destination, and interface options. Enter the following command:

Switch# match ipv4 source address 

Switch# match ipv4 destination address 

Switch# match ipv4 protocol 

Switch# match transport source-port 

Switch# match transport destination-port 

Switch# match ipv4 tos 

Switch# match interface input 

Switch# collect interface output

Next, we’ll define the data that will be collected on the flow record by entering the next set of commands:

Switch# collect interface output 

Switch# collect counter bytes 

Switch# collect counter packets 

Switch# collect timestamp sys-uptime first 

Switch# collect timestamp sys-uptime last

Next, we’ll build the Flow Exporter which allows the flow to store the information that you wish to export to a separate network analyzer. We’ll first need to assign it a name.

Switch# flow exporter Exampleexport

Next, enter the IP address of the server that your network traffic analyzer resides on:

Switch# destination 123.456.79.10

The following command sets the source interface that will be used to export the data:

Switch# destination source gigabitEthernet 0/1

Set the port below to match the listening port of your network traffic analyzer software:

Switch# transport UDP 1137

Set the type of protocol data that you wish to export:

Switch# export-protocol netflow-v9

Set a timeout of 60 to avoid any data loss during network disturbances:

Switch# template data timeout 60

Last but not least we’ll need to create a flow monitor. Each monitor needs at least one record to properly export data. Below we’ll create one in six steps and associate it with our previous flow record.

Create the flow record with the following command:

Switch# flow monitor Examplemonitor1

Next, let’s associate the new flow monitor with the flow record we created earlier:

Switch# record Example1
Switch# exporter Exampleexport

To help eliminate the possibility of data loss we’ll set the cache timeout active to 60 and the cache timeout inactive to 15 by doing the following:

Switch# cache timeout active 60
Switch# cache timeout inactive 15

Let’s exit and input the interfaces we created:

Switch# exit

For the interfaces to work they must be defined so the NetFlow protocol function will work. Assuming this connection is over ethernet the following command will configure NetFlow over ethernet:

Switch# interface gigabitEthernet 0/1

Now we’ll tell our newly created monitor where and how to collect data. By simply defining input the command will collect data in both directions:

Switch# ip flow monitor Examplemonitor1 input

If you wish to only use one interface for NetFlow data collection, you’ll need to specify both input and output by defining the following:

Switch# ip flow monitor Examplemonitor1 input

Switch# ip flow monitor Examplemonitor1 input

Exit the configuration menu by entering the following command:

Switch# exit

Save your configuration changes by using the following command:

access-switch1(config)# exit 

access-switch1# wr

Cisco Switches FAQs

How do I set a static IP address on a Cisco switch?

You can create a template file on your desktop that can pull network information quickly from the template to set the IP address of your switch with relative ease. Just be sure to change out the information in the template wrapped in brackets below before saving. You can save this file to your desktop for easy access.

Config t 

Interface <VLAN ID> 

No ip address DHCP 

No ip address <old IP address>

IP address <new IP address> <subnet mask> 

Exit IP default-gateway <gateway IP address>

Now under the administration menu of the switch go to Switch Management.

Under that menu, click on Administration, then File Management and choose File Operations. Inside the File Operation screen, enter the following settings:

Operation Type: Update File 

Destination File Type: Running Configuration 

Copy Method: HTTP/HTTPS 

File Name: (Navigate to the path where you stored the file)

Click Apply.

Now your switch will have a static IP address based on the settings you outlined in the text file.

Are Cisco switches plug and play?

Nowadays most switches are ready right out of the box. Most network administrators will want to configure settings manually and to their liking before joining the device to the network.

How do I know what ports to open or close?

For enterprise and business environments most system administrators like to use the “zero-trust model” for network security. In short, closing all ports and only opening them as needed is seen as a good security practice. You can get a better understanding of what devices are using what ports by running a port scanner software such as LanSweeper and reviewing the NAT policies and access rules inside your firewall.


In a world where switches and other devices just “work” it’s good to know how to configure equipment to your liking so it fits best with your security and network architecture. Do you enjoy using Cisco switches? Let us know in the comments below.

Leave a Reply