Change the Hostname
Router>enable
Router#conf t
Router(config)#hostname router1
router1(config)#exit
router1#
router1#? (Help with commands)
Restrict Access to Router
Privelege-mode
router1(config)#enable secret CISCO (hashed)
User-mode
router1(config)#line console 0
router1(config-line)#password Cisco1
router1(config-line)#login
router1(config-line)#exec-timeout 10 0 (min,sec)
router1(config)#line vty 0 4
router1(config-line)#password cisco2
router1(config-line)#login
router1(config-line)#exec-timeout 10 0 (min,sec)
router1(config-line)#logging synchronous
Perform Password Encryption
router1(config)#service password-encryption
Setup SSH and Disable Telnet
router1(config)#ip domain-name mydomain.com
router1(config)#crypto key generate rsa general-keys modulus 1024
router1(config)#ip ssh time-out 180
router1(config)#ip ssh authentication-retries 2
router1(config)#line vty 0 4
router1(config-line)#transport input ssh
Do Command
No need to be in Priveleged-mode (router1#)
router1(config)#do show run
router1(config)#do ping 10.0.10.1
router1(config)#do copy run start
View, Save, Erase
router1#show running-config
router1#show startup-config
router1#copy run start (Copies run as startup-config)
router1#write
router1#erase start
router1#rload (Reboots the router)
Basic Setup for HTTP and HTTPS
(config)#int fa0/1
router1(config-if)#ip address 10.0.10.1 255.255.255.0
router1(config-if)#no shutdown
router1(config-if)#ip http server
router1(config)#ip http secure-server
router1(config)#ip http authentication local
router1(config)#username cisco privilege 15 password 0 cisco
router1(config)#line console 0
router1(config-line)#login local
router1(config-line)#line vty 0 4
router1(config-line)#privilege level 15
router1(config-line)#login local
router1(config-line)#transport input ssh
Configure an Interface
router1(config)#int giga0/1
router1(config-if)#ip address 10.0.10.1 255.255.255.0
router1(config-if)#description LAN
router1(config-if)#no shutdown
router1(config-if)#clock rate 640000 (only for Serial DCE)
PPP Encapsulation
router1(config-if)#encapsulation ppp
PPP Authentication Using CHAP
router1(config)#username CISCO password cisco1
router1(config)#ppp authentication chap
Troubleshooting
router1#show controllers serial 0/0/0 (layer 1 and layer 2 info)
router1#show ip int br
router1#show interface
router1#debug ppp negotiations (PPP packets during startup phase)
router1#debug ppp packet (real-time PPP packet flow)
Connectivity Troubleshooting
router1#ping 10.0.10.1
router1#traceroute 10.0.10.1
router1#telnet 10.0.10.1
router1#show int giga0/0
router1#show ip int giga0/0
Telnet
router1#telnet 10.0.101
router1#terminal monitor
router1#terminal no monitor
Default and Static Routes
router1(config)#ip route 10.0.11.1 255.255.255.0 10.0.10.1
router1#show ip route
DHCP Server
router1#
router1#conf t
router1(config)#ip dhcp excluded-address 10.0.10.1 10.0.10.10
router1(config)#ip dhcp pool CISCO
router1(dhcp-config)#network 10.0.10.0 255.255.255.0
router1(dhcp-config)#default-router 10.0.10.1
router1(dhcp-config)#dns-server 8.8.8.8
router1(dhcp-config)#exit
NAT
router1(config)#ip nat inside source static 10.0.10.1 209.168.200.224
router1(config)#int giga0/1 (inside interface)
router1(config-if)#ip nat inside
router1(config-if)#exit
router1(config)#int giga0/0 (outside interface)
router1(config-if)#ip nat outside
Dynamic NAT
Router(config)#access-list 1 permit 10.0.10.0 0.0.0.255
Router(config)#ip nat pool pub-addr 209.165.201.130 209.165.201.132
Router(config)#ip nat inside source list 1 pool pub-addr
Router(config)#int giga 0/1
Router(config-if)#ip address 10.0.10.1 255.255.255.0
Router(config-if)#ip nat inside
Router(config-if)#exit
Router(config)#int giga 0/0
Router(config-if)#ip address 209.165.201.1 255.255.255.0
Router(config-if)#ip nat outside
Router(config-if)#exit
PAT
Router(config)#access-list 1 permit 10.0.10.0 0.0.0.255
Router(config)#ip nat inside source list 1 int giga0/0 overload
Router(config)#int giga 0/1
Router(config-if)#ip address 10.0.10.1 255.255.255.0
Router(config-if)#ip nat inside
Router(config-if)#exit
Router(config)#int giga 0/0
Router(config-if)#ip address 209.165.201.1 255.255.255.0
Router(config-if)#ip nat outside
Router(config-if)#exit
Privilege Level Account
router1(config)#username CISCO privilege 15 password 0 cisco1
Switch Basics
Switch#erase start
Switch#delete vlan.dat
Switch#reload
Switch#show run
Switch#reloadshow ip int
Port Security
Switch(config)#int range fa0/1-24
Switch(config-if-range)#switchport port-security mac-address sticky
Switch(config-if-range)#switchport port-security maximum 1
Switch(config-if-range)#switchport port-security violation shutdown
Disable Port Security
Switch#conf t
Switch(config)#int fa0/18
Switch(config-if)#no switchport port-security
Troubleshoot and View Status
Switch#show port-security address
Switch#show port-security interface fa0/22
Switch#show mac-address table
Create VLAN
Switch#conf t
Switch(config)#vlan 20
Switch(config)#name ACCOUNTING
Assign Ports to a VLAN
Switch#conf t
Switch(config)#int fa0/11
Switch(config-if)#switchport access vlan 20
Remove VLAN
Switch#conf t
Switch(config)#no vlan 20
Remove VLAN on an Interface
Switch#conf t
Switch(config)#int fa0/11
Switch(config-if)# no switchport access vlan 20
Verify VLAN
Switch#show vlan
Configure a Trunk Port
Switch#conf t
Switch(config)#int fa0/24
Switch(config-if)#switchport trunk encapsulation dot1q
Switch(config-if)#switchport mode trunk
Configure Port to Detect Trunk Link
Switch#conf t
Switch(config)#int fa0/24
Switch(config-if)#switchport trunk encapsulation dot1q
Switch(config-if)#switchport mode dynamic auto
Configure native VLAN on a Trunk Port
Switch#conf t
Switch(config)#int fa0/24
Switch(config-if)#dot1q native vlan 20
Remove a Trunk Port
Switch#conf t
Switch(config)#int fa0/24
Switch(config-if)#no switchport mode trunk
Configure VTP Server
Switch#conf t
Switch(config)#vtp domain MYCISCO
Switch(config)#vtp mode server
Switch(config)#vtp version 2
Switch(config)#vtp password CISCO1
Configure VTP Client
Switch#conf t
Switch(config)#vtp mode client
Switch(config)#vtp domain MYCISCO
Switch(config)#vtp password CISCO1
Inter-VLAN Routing
Router#conf t
Router(config)#int fa0/1
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#int fa0/1.10
Router(config-subif)#encapsulation dot1q10
Router(config-subif)#ip address 10.0.10.1 255.255.255.0
BGP
Router#conf t
Router(config)#router bgp 14
Router(config-router)#neighbor 10.0.10.25 remote-as 13
Router(config-router)#network 192.168.10.0 255.255.255.0
EIGRP
Router#conf t
Router(config)#router eirgp 10
Router(config-router)#no auto-summary
Router(config-router)#network 192.168.15.0
Router(config-router)#network 10.0.10.0
EIGRP - Information and Troubleshooting
Router#show ip eigrp topology
Router#show ip eigrp traffic
Router#show ip route
Router#debug ip eigrp
Router#debug ip route
OSPF
Router#conf t
Router(config)#router ospf 1
Router(config-router)#network 192.168.10.0 0.0.0.255 area 0
Router(config-router)#network 192.168.50.0 0.0.0.255 area 0
OSPF - Information and Troubleshooting
Router#show ip protocols
Router#show ip ospf
Router#show ip route
Router#debug ip ospf
Access List (ACL) Standard
Router(config)#access-list [1-99/1300-1999][deny/permit][source][mask]
Router(config)#access-list 10 permit 192.168.10.0 0.0.0.255
Router(config)#access-list 11 deny 192.168.5.0 0.0.0.255
Router(config)#access-list 12 permit any
Extended
Router(config)#access-list [100-199/2000-2699][permit/deny][tcp/ip/ospf][source][mask] host[destination][mask][eq/gt/lt][tcp_port]
Router(config)#access-list 100 permit ip host 192.168.1.10 host 192.168.10.1
Router(config)#access-list 101 permit tcp any host 192.168.20.10 eq 80
Modern
Router(config)#ip access-list standard ACCOUNTING
Router(config-std-nacl)#permit 192.168.10.2 0.0.0.255
Router(config)#ip access-list extended MARKETING
Router(config-ext-nacl)#permit ip host 192.168.10.2 host 192.168.10.1
Troubleshooting
Router#show access-lists
Router#clear access-list counters
Router#debug ip packet
Assign the ACL to an interface
Router#conf t
Router(config)#int fa0/1
Router(config-if)#ip access-group [ACL number][in/out]
Router(config-if)#ip access-group 100 in
Set Clock
Router#clock set 15:00:00 Feb 21 2019
0 Comments:
Post a Comment