Comandos - Importantes de Cisco CCNA

CONFIGURACION BASICA
Router>enable
Router#
Router#conf t
Router(config)#ip route direccion_de_red mascara_de_red direccin_siguiente_salto
Router(config)#interfaz conexin_de_red
Router(config-if)#ip address direccin_de_interfaz mascara_de_interfaz
Router(config-if)#no shutdown
Router(config-if)#clock rate #####
Router(config-if)#ipv6 address direccin_de_interfaz/prefijo_de_red
Router(config)#hostname nuevo_nombre_de_router
Router(config)#banner motd #mensaje_operador#
Router(config)#line console 0
Router(config-line)#password cisco
Router(config-line)#login
Router(config-line)#loggin synchronous
Router(config)#line vty 0 4
Router(config)#enable secret class
Router(config)#service password-encryption
Router# sh run
Router#sh ip route
Router#sh ipv6 route
Router#sh ip interface brief
CONFIGURACION DHCP
Router(config)#ip dhcp pool nombre_de_piscina_de_direcciones
Router(dhcp-router)#network direccin_de_red mascara_de_red
Router(dhcp-router)#default-router direccin_ip_de_router
Router(dhcp-router)#dns-server direccion_del_dns
Router(dhcp-router)#domain-name nombre_de_dominio_de_red
Router(config)#ip dhcp excluded-address direccion_mas_baja direccion_mas_alta
Router(config)#ip dhcp excluded-address direccion_a_excluir
Router(config)#sh ip dhcp bindig
Router(config)#ipv6 unicast-routing
Router(config)#ipv6 dhcp pool nombre_de_piscina_de_direcciones
Router(dhcp-router)#dns-server direccin_ip
Router(dhcp-router)#domain-name nombre
Router(config)#interface conexion_por_donde_sale_dhcpv6
Router(config-if)#ipv6 dhcp server nombre_de_piscina_de_direcciones
First lets to declare our DHCP pool and name it as lan_pool:

Router(config)# ip dhcp pool lan_pool
Now configure the network parameters for the pool:
Router(dhcp-config)#network 192.168.1.64 255.255.255.192
Router(dhcp-config)#default-router 192.168.1.127
Router(dhcp-config)#dns-server 100.1.1.1
Now exclude the first three host IP addresses of the block:
Router(config)#ip dhcp excluded-address 192.168.1.65 192.168.1.67
Finally exclude the default gateway IP address:
Router(config)#ip dhcp excluded-address 192.168.1.127
First lets to enable in Router_0 the unicast routing for IPv6:
Then lets to declare our DHCP pool and name it as lan_pool:
Router(config)# ipv6 dhcp pool POOLv6
Now configure the network parameters for the pool:
Router(dhcp-config)#dns-server A:A:A:A::1
Router(dhcp-config)#domain-name ups.com
Finally associate the pool to the interface Fa0/0:
Router(config)#interface Fa0/0
Router(config-if)#ipv6 address B:B:B:B: :1
Router(config-if)#ipv6 dhcp server POOLv6
ACL - ACCESS CONTROL LIST
Router(config)#access-list number (deny-permit) direccion_IP wildcard
Router(config)#access-list number (deny-permit) direccion_IP wildcard direccion_IP_destino wildcard numero_puerto
Router(config)#ip access-list standard nombre
Router(config-std-nacl)#(deny-permit) direccion_IP wildcard
Router(config)#ip access-list extended nombre
Router(config-ext-nacl)#(deny-permit) direccion_IP wildcard direccion_IP_destino wildcard numero_puerto
Router(config)#ipv6 access-list nombre
Router(config-ipv6-acl)#(deny-permit) direccion_ipv6/prefijo direccion_destino_ipv6/prefijo numero_puerto
Router(config-if)#ip access-group numero_o_nombre_de_lista_de_acceso in/out
Router(config-if)#ipv6 traffic-filter nombre in/out
Example: The sentence:
Router(config)# access-list 1 permit 0.0.0.0 255.255.255.255
Router(config)# access-list 1 permit any
Example: The sentence:
Router(config)# access-list 1 permit 192.168.1.1 0.0.0.0
Router(config)# access-list 1 permit host 192.168.1.1
TASKs
Task 1. Configure a standard ACL to deny the access from any host on LAN1 to LAN3.
Task 2. Configure an extended IPv4 ACL to allow ftp connection from every host on LAN2 to LAN 1 and deny any other traffic
from LAN1 to any network, except telnet connection from PC3 to PC5 and also except web surfing.
Task 3. Deny any intent of IPv4 tftp transfer from any PC on LAN1, except PC1, to any network and allow all other type of
IPv4 traffic.
Task 4. Deny any IPv6 traffic from LAN 1 to LAN2, except smtp traffic when it is directed to PC2.
Task 1 resolution:
(Configure a standard ACL to deny the access from any host on LAN1 to LAN3)
o Using a numbered ACL:
The numbered standard IPv4 ACL that performs the packet filtering required in task 1 must be configured in Router2
(remember the rule: Put a standard ACL as close as possible to the destination network).
The first sentence must be that denying the packets coming from LAN1:
Router2(config)#access-list 1 deny 172.16.1.0 0.0.0.255
And then, it must be included a sentence that permits all other traffic:
Router2(config)#access-list 1 permit any
(Without this sentence, the implicit deny any sentence that is placed at the end of every ACL would deny also any packet
coming from any network trying to reach LAN3)
Then the ACL must be linked to the interface Fa0/0 on Router2 (as close as possible to the destination network):
Router2(config)#interface f0/0
Router2(config-if)#ip access-group 1 out
(Notice the ACL is set for filtering outside traffic. This is right because a packet going towards LAN3 is actually going out of
the F0/0 from the perspective of Router2)
o Using a named ACL:
The first step must be the declaration of the standard named ACL and then include the ACL correspondent sentences. Lets
use the name TASK1 for the ACL:
Router2(config)#ip access-list standard TASK1
Router2(config-std-nacl)# deny 172.16.1.0 0.0.0.255
Router2(config-std-nacl)# permit any
Then the ACL linking to Fa0/0 on Router2 may be performed using the commands:
Router2(config-if)#ip access-group TASK1 out
Task 2 resolution:
(Configure an extended IPv4 ACL to allow ftp connection from every host on LAN2 to LAN 1 and deny any other traffic from
LAN1 to any network, except telnet connection from PC3 to PC5 and also except web surfing)
The numbered extended IPv4 ACL that performs the packet filtering required in task 2 must be configured in Router1
(according to the rule: put an extended ACL as close as possible to the source network).
The first sentences must be those performing the most specific traffic filtering (according to the ACLs creation rule: the
ACLs sentences must be organized from the specific to the general matches):
Router1(config)#access-list 100 permit tcp 172.16.2.0 0.0.0.127 172.16.1.0 0.0.0.255 eq 20
Router1(config)#access-list 100 permit tcp 172.16.2.0 0.0.0.127 172.16.1.0 0.0.0.255 eq 21
(Notice they must be permitted ports 20 y 21 because both correspond to ftp service. The operator eq means equal to)
Router1(config)#access-list 100 permit tcp host 172.16.2.3 host 172.16.2.135 eq telnet
(It can be used also the protocol name: telnet, instead of the correspondent port: 23)
Router1(config)#access-list 100 permit tcp 172.16.2.0 0.0.0.127 any eq 80
(Thats all: theres no need of denying any other traffic due to the presence of the implicit deny ip any any at the end of
this extended ACL)
Then the ACL must be linked to the interface Fa0/0 on Router1 (as close as possible to the source network):
Router1(config-if)#ip access-group 1 in
(Notice the ACL is set for filtering inside traffic, it is traffic entering through the interface F0/0. This is right because a packet
leaving LAN2 is actually going inside the interface F0/0 from the perspective of Router1)
Router1(config)#ip access-list extended TASK2

Router1(config-ext-nacl)# permit tcp 172.16.2.0 0.0.0.127 172.16.1.0 0.0.0.255 eq 20
Router1(config-ext-nacl)# permit tcp 172.16.2.0 0.0.0.127 172.16.1.0 0.0.0.255 eq 21
Router1(config-ext-nacl)# permit tcp host 172.16.2.3 host 172.16.2.135 eq telnet
Router1(config-ext-nacl)# permit tcp 172.16.2.0 0.0.0.127 any eq 80
Router1(config-if)#ip access-group TASK2 in
Task 3 resolution:
(Deny any intent of IPv4 tftp transfer from any PC on LAN1, except PC1, to any network and allow all other type of IPv4
traffic for LAN1).
The numbered extended IPv4 ACL that performs the packet filtering required in task 3 must be configured in Router0
(according to the rule: put an extended ACL as close as possible to the source network).
Router0(config)#access-list 101 permit udp host 172.16.1.2 any eq tftp
Router0(config)#access-list 101 deny udp 172.16.1.0 0.0.0.255 any eq 69
Router0(config)#access-list 101 permit ip 172.16.1.0 0.0.0.255 any
(Notice this time the sentences referring to tftp specify udp as transport protocol, which is correct since tftp uses udp
instead of tcp)
(The last ACLs issued sentence is allowing all traffic from LAN1 to any network, as required by the task. Without this
sentence, the implicit deny ip any any sentence would deny all packets)
Router0(config-if)#ip access-group 1 in
Router0(config)#ip access-list extended TASK3
Router0(config-ext-nacl)# permit udp host 172.16.1.2 any eq tftp
Router0(config-ext-nacl)# deny udp 172.16.1.0 0.0.0.255 any eq 69
Router0(config-ext-nacl)# permit ip 172.16.1.0 0.0.0.255 any
Router0(config-if)#ip access-group TASK3 in
Task 4 resolution:
(Deny any IPv6 traffic from LAN 1 to LAN2, except smtp traffic when it is directed to PC2)
Router0(config)#ipv6 access-listTASK4
Router0(config-ipv6-acl)# permit tcp ABCD: : /120 host ABCD: :102 eq smtp
Router0(config-ipv6-acl)# deny ipv6 ABCD: : /120 ABCD: :100 /121
Router0(config-ipv6-acl)# permit ipv6 any any
(The task do not specify any other traffic denial, so the need of the last sentence)
Router0(config-if)#ipv6 traffic-filter TASK4 in
NAT configuracin estatico
Router(config)#ip nat inside source static IP_local IP_global
Router(config)#interface conexion_de_red //red conectada a la red privada
Router(config-if)#ip nat inside
Router(config)#interface conexion_de_red //red de salida de la red
Router(config-if)#ip nat outside
Router(config)#ip nat inside source static 192.168.1.1 200.100.15.1
Router(config)#interface Fa 0/0
Router(config-it)#ip nat inside
Router(config)#interface se 0/0/0
Router(config-it)#ip nat outside
NAT configuracion dinamico
Router(config)#ip nat pool nombre IP_inicial IP_final netmask mascara_de_red
Router(config)#access-list numero(1-99) permit direccion_IP wildcard
Router(config)#ip nat inside source list numero_de_ACL pool nombre
First lets to declare our pool and name it as one:
Router(config)# ip nat pool one 200.100.15.1 200.100.15.10 netmask 255.255.255.0
Now declare the private addresses network using an access list numbered with 1 (notice the wildcard mask is the binary
inverse of the standard network mask):
Router(config)#access-list 1 permit 192.168.1.0 0.0.0.255
Now configure the dynamic translation and the inside and outside interfaces:
Router(config)#ip nat inside source list 1 pool one
NAT WITH OVERLOADING
Router(config)#access-list numero(1-99) permit direccion_IP wildcard
Router(config)#ip nat inside source list numero_ACL pool nombre overload
Router(config)#ip nat inside source list numero_ACL interface conexion_de_red overload
Lets declare the private addresses network using an access list numbered with 1 (notice the wildcard mask is the binary
inverse of the standard network mask):
Router(config)#access-list 1 permit 192.168.1.0 0.0.0.255
Now configure the dynamic translation with overloading and the inside and outside interfaces:
Router(config)#ip nat inside source list 1 interface serial 0/0/0 overload

Router(config)#show ip nat translations
Router(config)#show ip nat statistics
RIPv1 y RIPv2
Router(config)#router rip
Router(config-router)#network direccion_ip_red
Router(config-router)#version 2
Router(config-router)#passive-interface conexion_de_red
RIPng
Router(config-if)#ipv6 rip nombre_enrutamiento enable //dentro de la interface de red
UIO(config)#router rip
UIO(config-router)#version 2
UIO(config-router)#network 172.16.0.0
UIO(config-router)#network 172.19.0.0
UIO(config-router)#passive-interface f0/0
UIO(config)#ipv6 unicast-routing
UIO(config)#int s0/0/0
UIO(config-if)#ipv6 rip RIPng1 enable
UIO(config-if)#int f0/0
UIO(config-if)#ipv6 rip RIPng1 enable
EIGRP
Router(config)#router eigrp numero_AS
Router(config-router)#network direccion_IP_red
Router(config-if)#bandwidth valor_kbps
Quito(config)#router eigrp 1
Quito(config-router)#network 192.168.0.0
Quito(config-router)#end
router(config)#int s0/0/0
router(config-if)#clock rate 56000
router(config-if)#bandwidth 56
router(config)#int s0/0/1
router(config-if)#clock rate 1000000
router(config-if)#bandwidth 1000
OSPFv2
Router(config)#router ospf process_id
Router(config-router)#network direccion_IP_red wildcard area area_id
Quito(config)#router ospf 232

Quito(config-router)#network 192.168.0.168 0.0.0.3 area 0
Quito(config-router)#network 192.168.0.0 0.0.0.127 area 0
Quito(config-router)#end
Router(config)#interface s0
Router(config-int)#ip address 10.64.0.1 255.255.255.0
Router(config)#router ospf 1
Router(config-router)#network 10.64.0.0 0.0.0.255 area 0
OSPFv3
Configurar id del router link local todas las interfaces sino hay redistribucion
Router(config-if)#ipv6 ospf process_id area area_id
Quito(config)#ipv6 unicast-routing
Quito(config)#int f0/0
Quito(config-if)#ipv6 ospf 50 area 0
Quito(config)#int s0/0/0
Quito(config-if)#ipv6 ospf 50 area 0
Router(config)#interface f0/0
Router(config-if)#ipv6 ospf 50 area 0
BGP
Router(config)# router bgp numero_AS
Router(config-router)#neighbor ip_enlace_siguiente_salto remote-as numero_AS(igual IBGP diferente EBGP)
Router(config-router)#network direccion_red_propia
RouterA(config)# router bgp 300

RouterA(config-router)# neighbor 130.1.50.34 remote-as 200
RouterA(config-router)# neighbor 200.200.200.66 remote-as 400
RouterA(config-router)#network 193.10.2.0
RouterB(config)# router bgp 200

RouterB(config-router)# neighbor 130.1.50.33 remote-as 300
RouterB(config-router)#network 12.0.0.0
RouterC(config)# router bgp 400

RouterC(config-router)#neighbor 200.200.200.65 remote-as 300
RouterC(config-router)#network 11.0.0.0
Routes distribution
Router(config)#router protocolo numero_as(si lo tiene)
Router(config-router)#redistribute static
Router(config)# router eigrp 10
Router(config-router)# redistribute static
Router(config)#router protocolo numero_as(si lo tiene)
Router(config-router)#redistribute protocolo_redistribuido
Router(config-router)#redistribute rip subnets
SIRVE PARA OSPF REDISTRIBUYA RIP
REDISTRIBUCION DE OSPF
Router(config)# router ospf 100
Router(config-router)# redistribute rip subnets
Router(config)#router protocolo
Router(c9nfig-router)# passive-interface interface_apagada_redistribucion
Router(config)# router rip

Router(config-router)# passive-interface serial 0
Router(config-router)# passive-interface serial 1
REDISTRIBUCION DE RIP
Router(config)#router rip
Router(config-router)#redistribute ospf 109 match internal external 1 external 2
Router(config-router)#default-metric 10
VLANS
Switch(config)#vlan numero_vlan
Switch(config-vlan)#name nombre_vlan
Switch(config)#interface interface_asignada_vlan
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan numero_vlan_deseado_a_la_interface
Switch(config)#interface interface_asignada_vlan
Switch(config-if)#switchport mode trunk
Switch(config-if)#switchport mode encapsulation dot1q
Switch(config)#int vlan1
Switch(config-if)#ip add direccion_ip_vlan mascara_de_red
Switch(config-if)#no shutdown
Switch(config)#ip default gateway direccion_gateway_salida
2950(config)#interface range f0/8 f0/12
2950(config-if-range)#switchport mode access
2950(config-if-range)#switchport access vlan 3
2950(config-if-range)#exit
2950(config)#interface fastethernet 0/1
2950(config-if)#switchport mode trunk
Enrutamiento VLANS
Router(config)#interface interface_ruteable Puerto

Router(config-if)#no shutdown
Router(config)#interface interface_ruteable Puerto.subinterface
Router(config-if)#encapsulation dot1q numero_vlan
Router_A(config)#interface fastethernet 0/0
Router_A(config-if)#no shutdown
Router_A(config-if)#interface fastethernet 0/0.1
Router_A(config-subif)#encapsulation dot1q 1
Router_A(config-subif)#ip address 192.168.1.1 255.255.255.0
Router_A(config-if)#interface fastethernet 0/0.20
Router_A(config-subif)#encapsulation dot1q 20
Router_A(config-subif)#ip address 192.168.7.1 255.255.255.0
Router_A(config-subif)#end
STP
Switch(config)#spanning-tree vlan [nmero_de_la_VLAN] priority [valor_de_prioridad]
Switch(config)#spanning-tree vlan 10 priority 16384

no cablear los enlaces antes de haber configurado la prioridad
S1#show spanning-tree
Ponga los switches en modo spanning tree debug con el comando debug spanning-tree events.
S1#debug spanning-tree events
Spanning Tree event debugging is on
SWITCH CAPA 3
Switch# configure terminal
Switch(config)# ip routing
Switch(config)# interface fe0/1
Switch(config-if)# no switchport
Switch(config-if)# ip address 10.10.1.1 255. 255.255.0
Switch(config-if)# no shutdown
Switch(config-if)# interface fe0/2
Switch(config-if)# no switchport
Switch(config-if)# ip address 10.20.1.1 255.255.255.0
Switch(config-if)# no shutdown

Comandos - Importantes de Cisco CCNA

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Comandos - Importantes de Cisco CCNA

Uploaded by

Copyright:

Available Formats

CONFIGURACION BASICA

First lets to declare our DHCP pool and name it as lan_pool:

Router1(config)#ip access-list extended TASK2

Router(config-it)#ip nat outside

Quito(config)#router ospf 232

RouterA(config)# router bgp 300

RouterB(config)# router bgp 200

RouterC(config)# router bgp 400

Router(config-router)#redistribute rip subnets

SIRVE PARA OSPF REDISTRIBUYA RIP

Router(config)# router rip

Router(config)#interface interface_ruteable Puerto

Switch(config)#spanning-tree vlan 10 priority 16384

You might also like