Professional Documents
Culture Documents
SW1(config)#line vty 0 4
SW1(config-line)#login local
SW1(config-line)#transport input telnet ssh
Aliases
Used to create
SW1(config)#alias exec c configure terminal
shortcuts for
SW1(config)#alias exec s show ip interface brief
long
SW1(config)#alias exec sr show running-config
commands.
Description, speed and duplex
SW1(config)#interface fastEthernet 0/1 The range
SW1(config-if)#description LINK TO INTERNET ROUTER keyword used
SW1(config-if)#speed 100 (options: 10, 100, auto) to set a group
SW1(config)#interface range fastEthernet 0/5 – 10 of interfaces at
SW1(config-if-range)#duplex full (options: half, full, auto) once.
Verify Basic Configuration
Shows
information
about the
switch and its
SW1#show version
interfaces,
RAM,
NVRAM,
flash, IOS, etc.
Shows the
current
SW1#show running-config configuration
file stored in
DRAM.
Shows the
configuration
file stored in
SW1#show startup-config NVRAM
which is used
at first boot
process
Lists the
commands
SW1#show history currently held
in the history
buffer.
Shows an
overview of all
interfaces,
their physical
SW1#show ip interface brief
status,
protocol status
and ip address
if assigned.
Shows detailed
information
about the
specified
interface, its
SW1#show interface vlan 1 status,
protocol,
duplex, speed,
encapsulation,
last 5 min
traffic.
Shows the
SW1#show interfaces description description of
all interfaces
Shows the
status of all
interfaces like
SW1#show interfaces status connected or
not, speed,
duplex, trunk
or access vlan.
Shows the
public
SW1#show crypto key mypubkey rsa
encryption key
used for SSH.
Shows
information
about the
leased IP
address (when
SW1#show dhcp lease
an interface is
configured to
get IP address
via a dhcp
server)
Configuring port security
The sticky
Make the switch interface as access port:
keyword is
used to let the
SW1(config-if)#switchport mode access
interface
dynamically
Enable port security on the interface: learns and
configures the
SW1(config-if)#switchport port-security MAC
addresses of
Specify the maximum number of allowed MAC addresses: the currently
connected
SW1(config-if)#switchport port-security maximum 1 hosts.
SW1(config-if)#shutdown
Configuring VTP
Configure VTP mode:
SW1(config)#vtp version 2
SW1(config)#cdp run
R1(config-if)#description WAN_C0NNECTI0N_T0_R2
Rl(config-if)#no shutdown
Rl(config-if)#no shutdown
Static routes
Using next
Rl(config)#ip route 10.1.2.0 255.255.255.0 10.1.128.1
hop
Rl(config)#ip route 10.1.2.0 255.255.255.0 Serial 0/0 Using exit
*Note: Exit interface can be used in point-to-point serial links. interface
Default Route
Rl(config)#ip route 0.0.0.0 0.0.0.0 199.1.1.1
RIPv2 Configuration
Rl(config)#router rip
Rl(config-router)#version 2
Rl(config-router)#network 10.0.0.0 (written as an original class A)
Rl(config-router)#no autosummary
Rl(config-router)#passive-interface serial 0/0
RIPv2 Verification
Shows
information
about the
Rl#show ip protocols running
routing
protocol
process
Shows the
Rl#show ip route entire routing
table
Shows routes
Rl#show ip route rip</td>
learned via
RIP only
Shows detailed
information
about the route
Rl#show ip route 10.1.1.1 to the
specified
destination
network
OSPF Configuration
Enter OSPF router configuration mode:
Configure one or more network commands to identify which interfaces will run
OSPF:
Impact routing choices by tuning interface cost using one of the following ways:
(Optional)
Rl(config-router)#maximum paths 6
OSPF verification
Shows
information
about the
Rl#show ip protocols running
routing
protocol
process
Shows the
Rl#show ip route entire routing
table
Shows routes
Rl#show ip route ospf learned via
OSPF only
Shows all
neighboring
routers along
Rl#show ip ospf neighbors
with their
respective
adjacency state
Shows all the
information
Rl#show ip ospf database
contained in
the LSDB
Shows detailed
information
about OSPF
Rl#show ip ospf interfaces serial 0/0
running on a
specific
interface
EIGRP Configuration
Enter EIGRP configuration mode and define AS number:
Rl(config-router)#network 10.0.0.0
Rl(config-router)#network 172.16.0.0 0.0.3.255
Rl(config-router)#network 192.168.1.1 0.0.0.0
Rl(config-router)#network 0.0.0.0 255.255.255.255
Disable auto summarization: (Optional)
Rl(config-router)#no autosummary
Rl(config-router)#maximum-paths 6
Rl(config-router)#variance 4
EIGRP Authentication
Create an authentication key chain as follows:
EIGRP Verification
Shows routes
Rl#show ip route eigrp learned via
EIGRP only
Shows EIGRP
Rl#show ip eigrp neighbors neighbors and
status
Rl#show ip eigrp topology Shows EIGRP
topology table,
including
successor and
feasible
successor
Shows
Rl#show ip eigrp interfaces interfaces that
run EIGRP
Lists statistics
on numbers of
EIGRP
Rl#show ip eigrp traffic
messages sent
and received
by the router
Access Control Lists (ACLs)
Standard ACL
Plane the location (router and interface) and direction (in or out) on that interface:
– Standard ACL should be placed as close as possible to the destination of the packet.
– Identify the source IP addresses of packets as they go in the direction that the ACL is
examining.
Enable the ACL on the chosen router interface in the correct direction (in or out):
Extended ACL
Note: Extended ACL
number
– Extended ACL should be placed as close as possible to the source of the packet. ranges: 100 –
– Extended ACL matches packets based on source & des. IP addresses, protocol, source 199 and 2000
& des. Port numbers and other criteria as well. – 2699.
Rl(config)#access-list 101 remark MY_ACCESS_LIST
Rl(config)#access-list 101 deny ip host 10.1.1.1 host 10.2.2.2
Rl(config)#access-list 101 deny tcp 10.1.1.0 0.0.0.255 any eq 23
Rl(config)#access-list 101 deny icmp 10.1.1.1 0.0.0.0 any
Rl(config)#access-list 101 deny tcp host 10.1.1.0 host 10.0.0.1 eq 80
Rl(config)#access-list 101 deny udp host 10.1.1.7 eq 53 any
Rl(config)#access-list 101 permit ip any any
Rl(config)#interface fastEthernet 0/0
Rl(config-if)#ip access-group 101 in
Named ACL
Note:
– Named ACLs use names to identify ACLs rather than numbers, and commands that
permit or deny traffic are written in a sub mode called named ACL mode (nacl).
– Named ACL enables the editing of the ACL (deleting or inserting statements) by
sequencing statements of the ACL.
Verifying ACLs
Shows all
ACLs
configured on
Rl#show access-lists a router with
counters at the
end of each
statement
Same as the
Rl#show ip access-list previous
command
Shows only
Rl#show ip access-list 101 the specified
ACL
Includes a
reference to
the on that
Rl#show ip interface f0/0
interface either
in ACLs
enabled or out.
DHCP Server
Define a DHCP pool and give it a name:
Define network and mask to use in this pool and the default gateway:
Rl(dhcp-config)lease 2 (days)
Rl(config)#hostname ALPHA
The password
Configure the name of the other end router and the shared password: used is shared
password, that
ALPHA(config)#username BETA password XYZ means it must
be the same on
Enable CHAP authentication on the interface: both routers
PAP
Configure the hostname:
Rl(config)#hostname ALPHA
Configure the name of the other end router and the shared password:
Enable PAP authentication on the interface and define the username and password
to be sent by PAP:
Dynamic NAT
Define the outside and inside interfaces:
Create an ACL that determines the IP addresses that are allowed to be translated: