Are you a CCNP or CCIE student looking to challenge your perfect knowledge of Catalyst switchport commands?

Take the latest SWITCH Command Recall exam by clicking the link below. Good luck - and let us know how you scored in the comments area of this post.

Remember to read, AND TYPE, very carefully! I failed my first attempt due to just plain sloppiness. :-(

SWITCH Command Recall Exam - L2/L3 Ports


One of the features students love in the INE 5-Day CCNP bootcamp is the frequent Exam Challenges that are presented to students. Have fun with this sample from SWITCH.

Q1: Examine the configurations shown and the topology. Identify three errors in the configurations.

Exhibit 1

interface range fa0/16 – 17
switchport trunk encapsulation dot1q
switchport mode dynamic desirable
no shutdown
channel-group 1 mode on
interface range fa0/16 – 17
switchport trunk encapsulation dot1q
switchport mode dynamic auto
channel-group 3 mode active 

One of the many skills that you must demonstrate as a CCENT candidate is your ability to configure basic password security on a Cisco router or switch. This blog post walks you through the configurations you must have mastered in order to succeed in this area of the exam.

While I will demonstrate the configurations required on a Cisco router, keep in mind that they are going to be identical on the model of switch you are presented with in the exam.

First, let us enter user mode on the router, and then enter global configuration mode to set our first password.

Press RETURN to get started!
Router> enable
Router# configure terminal

The first password we will set is the enable password. This is for backwards compatibility if you ever need to copy this configuration to a system that does not support password encryption. Since our router does support password encryption, note that you will never actually use this password on the device. Again, it is there for sheer backwards compatibility.

Router(config)# enable password S0ftBa11

Now that we have taken care of that, it is time to set the encrypted version of the enable password. It is the job of this password to protect Privileged mode on the device. Remember, Privileged mode allows us to make configuration changes to the device.

Router(config)# enable secret SanFr@n

What about protecting User mode, the mode that you enter from the console port before you enter Privileged mode? You can do this by setting a password on the Console Line. When setting a password on any of the lines on the router, you need to also use the login command. This command instructs the router or switch to check the locally configured password upon login.

Router(config)# line con 0
Router(config-line)# password V011eyBa11
Router(config-line)# login

Here is an example of setting the password for the default Telnet lines available on the Cisco device:

Router(config-line)# line vty 0 4
Router(config-line)# password T3nn1sBa11
Router(config-line)# login

Great. So pretty darn easy. Except there is one slight problem. The enable secret password does have a weak encryption used so that it is not readable to the naked eye when viewing the configuration, but all the other passwords above will not feature any encryption at all by default. Here is proof:

Router#show running-config
Building configuration...
Current configuration : 772 bytes
enable secret 5 $1$3cho$p9t1k6BeP8iGFYtoY1kNS.
line con 0
password V011eyBa11

This is solved through the use of the handy service password-encryption command. This command places a weak encryption on the clear-text passwords in your configurations follows:

Router(config)#service password-encryption
Router#show running-config
Building configuration...
Current configuration : 772 bytes
enable secret 5 $1$3cho$p9t1k6BeP8iGFYtoY1kNS.
line con 0
password 7 113F49544641122E057B7A

Which is stronger security? The MD5 hashing of the password done with the enable secret password, or the Cisco invention of password-encryption hashing? Well, you can see with your own eyes that it is the MD5 enable secret. Notice that it produces a longer string of characters, and even uses special characters in the hash.

You should also be aware of the fact that if you turn off this feature with the command no service password-encryption, you will not hash future passwords, but you will also not undo the hashing you have already done.

As always, thanks for reading, and enjoy your studies. If you have questions regarding this post, do not forget about our incredible forums at


Sure, everyone knows that it is copy running-config startup-config in order to save your hard-earned configuration to the Non-volatile RAM (NVRAM) inside the device. But what about saving a copy of the configuration on your local PC? Well, this is easy thanks to a couple of tips and tricks, and the wonder of Notepad!

Here is how you save the configuration locally using Windows HyperTerminal. But realize that whatever terminal program you use, there is going to be a similar option.

Step 1: Login to the device with the configuration you want to save and ensure you are in Privileged mode (the # prompt).

Step 2: Type the command terminal length 0. This command will eliminate the MORE key press feature and will eliminate the need to clean up your captured configuration later.

Step 3: Click the Transfer menu option and choose Capture Text. Choose a location and name for the text file you are about to create and click Start.

Step 4: Back at the router or switch prompt type show run and press Enter. You will see the configuration file display on screen and return you to the prompt. That configuration was also just written to your text file! Cool!

Step 5: Go back to the Transfer menu and choose Capture Text then Stop. Notice that you could also Pause the capture as you navigate to another device and capture another configuration in the file.

Step 6: You can now go into your file and trim out the initial text about the show run and Building Configuration. Replace that text with enable, then configure terminal, and now your configuration is ready to paste into the User mode of a device!

Have fun with your studies and enjoy building a library of configurations in various stages!

Subscribe to INE Blog Updates

New Blog Posts!