Basic Switch Concepts and Configuration

Commands summary
SSH:
Router (config) # username <username> password <password>
Router (config) # enable secret <password>
Router (config) # line vty 0 15
Router (config-line) # login local
Router (config-line) # transport input [Telnet|SSH|All|None]
Router (config) # hostname <hostname>
Router (config) # ip domain-name <domain-name>
Router (config) # crypto key generate RSA

Port Security:
Switch (config) # interface <Slot/Port>
Switch (config-if) # switchport mode access
Switch (config-if) # switchport port-security
Switch (config-if) # switchport port-security mac-address <mac-address>
Switch (config-if) # switchport port-security mac-address sticky
Switch (config-if) # switchport port-security maximum <maximum number>
Switch (config-if) # switchport port-security violation [protect|restrict|shut down]

VLANs:
Creating a VLAN:
Switch (config) # vlan vlan_id
Switch (config) # name vlan_name
Assigning Ports to VLANs:
Switch (config) # interface <Slot/Port>
Switch (config-if) # ip address ip-address
Switch (config-if) # switchport mode access
Switch (config-if) # switchport access vlan vlan_id
Changing VLAN port membership to default vlan:
Switch (config) # interface <Slot/Port>
Switch (config-if) # no switchport access vlan
Deleting VLANs:
Switch (config) # no vlan vlan_id
Configuring IEEE 802.1q Trunk Links:
Switch (config) # interface <Slot/Port>
Switch (config-if) # switchport mode trunk
Specify a NATIVE VLAN:
Switch (config-if) # switchport trunk native vlan vlan_id

1
Specify the list of VLANs to be allowed on the trunk link:
Switch (config-if) # switchport trunk allowed vlan vlan_list
Resetting the trunk to default state:
Switch (config-if) # no switchport trunk allowed vlan
Switch (config-if) # no switchport trunk native vlan

Inter-VLAN Routing:
Configuration on the switch:
Switch (config) # interface <Slot/Port>
Switch (config-if) # switchport mode trunk
Configuration on the Router:
Router (config) # interface g0/0
Router (config-if) # no shutdown
Router (config-if) # exit
Router (config) # interface g0/0.10
Router (config-subif) # encapsulation dot1q 10
Router (config-subif) # ip address ip_address subnet mask

Static Routing
IPV4:
Router (config) # ip route <Network ID> <Subnet Mask> <Outgoing-interface|Next-hop-IP-
address>
Default IPv4 Route:
Router (config) # ip route 0.0.0.0 0.0.0.0 <Outgoing-interface|Next-hop-IP-address>
IPV6:
Router (config) # ipv6 route ipv6-prefix/ipv6-mask <Outgoing-interface|Next-hop-IP-address>
Default IPv6 Route:
Router (config) # ipv6 route ::/0 <Outgoing-interface|Next-hop-IP-address>

RIP
RIPv2:
Router (config) # router rip
Router (config-router) # version 2
Router (config-router) # no auto-summary
Router (config-router) # network net-id
Router (config-router) # passive-interface <Slot/Port>

2
Propagating a Default Route:
Router (config) # ip route 0.0.0.0 0.0.0.0 <Outgoing-interface|Next-hop-IP-address>
Router (config) # router rip
Router (config-router) # default-information originate

RIPng:
Router (config) # ipv6 unicast-routing
Router (config) # interface <Slot/Port>
Router (config-if) # ipv6 rip name enable

Single Area OSPF:

OSPFv2:
Configuring priority for selecting DR and BDR:
Router (config) # interface <Slot/Port>
Router (config-if) # ip ospf priority <priority>
OSPF Configuration:
Router (config) # router ospf <process-id>
Router (config-router) # router-id <router-id>
Router (config-router) # network <net-id> <wild-mask> area <area-number>
Router (config-router) # passive-interface <Slot/Port>
Adjusting the Reference Bandwidth:
Router (config-router) # auto-cost reference-bandwidth <bandwidth>
Adjusting the Interface Bandwidth:
Router (config) # interface <Slot/Port>
Router (config-if) # bandwidth <bandwidth>
Manually Setting the OSPF Cost:
Router (config) # interface <Slot/Port>
Router (config-if) # ip ospf cost <cost>
Restart OSPF process:
Router # clear ip ospf process

OSPFv3:
Router (config) # ipv6 unicast-routing
Router (config) # ipv6 router ospf <process-id>
Router (config-router) # router-id <router-id>
Router (config) # interface <Slot/Port>
Router (config-if) # ipv6 ospf <process-id> area <area-number>

3
Access List
Standard Numbered ACL:
Router (config) # access-list <access-list-number> {permit|deny|remark} <source-ip-address>
<wild mask> [log]
Applying Standard ACLs to Interfaces:
Router (config) # interface <Slot/Port>
Router (config-if) # ip access-group <ACL-number| ACL-name> {out|in}
To remove ACL from an interface:
Router (config) # interface <Slot/Port>
Router (config-if) # no ip access-group
Router (config-if) # exit
Router (config) # no access-list
Standard Named ACL:
Router (config) # ip access-list [standard|extended] <name>
Router (config-std-nacl) # [permit|deny|remark] <source-ip-address> <wild mask> [log]
Router (config) # interface <Slot/Port>
Router (config-if) # ip access-group <name> {out|in}
Extended ACL:
Router (config) # access-list < ACL-number> {permit|deny|remark} {IP|ICMP} <source-ip>
<wild mask> <destination-ip> <wild mask>
Router (config) # access-list < ACL-number> {permit|deny|remark} {TCP|UDP} <source-ip>
<wild mask> operators <source-port> <destination-ip> <wild mask> operators <destination-
port> [established]
Extended Named ACL:
Router (config) # ip access-list [standard|extended] <name>
Router (config-ext-nacl) # {permit|deny|remark} {TCP|UDP} <source-ip> <wild mask>
operators <source-port> <destination-ip> <wild mask> operators <destination-port>
[established]
Standard ACL to secure a VTY port:
Router (config) # line VTY 0 15
Router (config-line) # access-class <access-list-number> {in [vrf-also] | out}
IPv6 ACLs:
Router (config) # ipv6 access-list <access-list-name>
Router (config-ipv6-acl) # {deny|permit} protocol {source-ipv6-prefix/prefix-length|any|host
source-ipv6-address} [operator [port-number]] {destination-ipv6-prefix/ prefix-length|any|host
destination-ipv6-address} [operator [port-number]]

4
DHCP
DHCPv4:
Router (config) # ip dhcp excluded-address <ip-address>
Router (config) # ip dhcp pool <pool-name>
Router (dhcp-config) # network <net-id> <subnet mask>
Router (dhcp-config) # default-router <default-gateway-address>
Router (dhcp-config) # dns-server <dns-server-address>
Router (dhcp-config) # domain-name <domain-name>
Disable DHCP:
Router (config) # no service dhcp

DHCPV4 Relay Agent:

Router (config) # interface <Slot/Port>
Router (config-if) # ip helper-address <ip-address of DHCP server>
Configuring a Router as a DHCPv4 Client:
Router (config) # interface <Slot/Port>
Router (config-if) # ip address dhcp
Router (config-if) # no shutdown

DHCPv6:
Stateless DHCPv6 Server:
Router (config) # ipv6 unicast-routing
Router (config) # ipv6 dhcp pool <pool-name>
Router (config-dhcpv6) # dns-server <dns-server-address>
Router (config-dhcpv6) # domain-name <domain-name>
Router (config) # interface <Slot/Port>
Router (config-if) # ipv6 address <ipv6-address>
Router (config-if) # ipv6 dhcp server <pool-name>
Router (config-if) # ipv6 nd other-config-flag

Configuring a Router as a Stateless DHCPv6 Client:

Router (config) # interface <Slot/Port>
Router (config-if) # ipv6 enable
Router (config-if) # ipv6 address autoconfig

Stateful DHCPv6 Server:

Router (config) # ipv6 unicast-routing
Router (config) # ipv6 dhcp pool <pool-name>

5
Router (config-dhcpv6) # address prefix <ipv6-prefix> [lifetime {<valid-lifetime> <preferred-
lifetime> | infinite}]
Router (config-dhcpv6) # dns-server <dns-server-address>
Router (config-dhcpv6) # domain-name <domain-name>
Router (config) # interface <Slot/Port>
Router (config-if) # ipv6 address <ipv6-address>
Router (config-if) # ipv6 dhcp server <pool-name>
Router (config-if) # ipv6 nd managed-config-flag

Configuring a Router as a Stateful DHCPv6 Client:

Router (config-if) # ipv6 address <ipv6-address>
Router (config-if) # ipv6 enable
Router (config-if) # ipv6 address dhcp

Configuring a Router as a Stateful DHCPv6 Relay Agent:

Router (config) # interface <Slot/Port>
Router (config-if) # ipv6 dhcp relay destination <ip-address of DHCP server>

NAT / PAT
Static NAT :
Router (config) # interface <Slot/Port>
Router (config-if) # ip nat inside
Router (config) # interface <Slot/Port>
Router (config-if) # ip nat outside
Router (config) # ip nat inside source static <inside-local> <inside-global>

Dynamic NAT:
Router (config) # interface <Slot/Port>
Router (config-if) # ip nat inside
Router (config) # interface <Slot/Port>
Router (config-if) # ip nat outside
Router (config) # access list <ACL-number> permit <network> <wild mask>
Router (config) # ip nat pool <pool-name> <First-IP> <Last-IP> net mask <subnet mask>
Router (config) # ip nat inside source list <ACL-number> pool <pool-name> overload

PAT:
Router (config) # interface <Slot/Port>
Router (config-if) # ip nat inside
Router (config) # interface <Slot/Port>

6
Router (config-if) # ip nat outside
Router (config) # access list <ACL-number> permit <network> <wild mask>
Router (config) # ip nat inside source list <ACL-number> interface <Slot/Port> overload

WAN CONFIG
PPP Configuration
encapsulation ppp
ppp authentication <chap_or_pap_here>
ppp chap hostname <routername_here>
ppp pap sent-username <username_here>
sh int ser 0 - use to view encapsulation on the interface

FRAME-RELAY CONFIGURATION
encapsulation frame-relay ietf - use IETF when setting up a frame-relay network between a Cisco
router and a non-Cisco router
frame-relay lmi-type ansi - LMI types are Cisco, ANSI, Q933A; Cisco is the default; LMI type is auto-
sensed in IOS v11.2 and up
frame-relay map ip 3.3.3.3 100 broadcast - if inverse ARP won't work, map Other IP to Your DLCI #
(local)
keepalive 10 - use to set keepalive
sh int ser 0 - use to show DLCI, LMI, and encapsulation info
sh frame-relay pvc - shows the configured DLCI's; shows PVC traffic stats
sh frame-relay map - shows route maps
sh frame-relay lmi - shows LMI info

KEYBOARD SHORTCUTS
CTRL-P - show previous command
CTRL-N - show next command
SHIFT-CTRL-6 - Break