Professional Documents
Culture Documents
Encrypting passwords:
1 SW1(config)# service password-encryption
Configuring banners:
1 SW1(config)# banner motd $
2 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
3 UNAUTHORIZED ACCESS IS PROHIBITED
4 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
$
5
Giving the switch an IP address:
1 SW1(config)# interface vlan 1
2 SW1(config-if)# ip address 172.16.1.11 255.255.255.0 ! or DHCP
3 SW1(config-if)# no shutdown
Shows the configuration file stored in NVRAM which is used at first boot process.
1 SW1# show startup-config
Lists the commands currently held in the history buffer.
1 SW1# show history
Shows an overview of all interfaces, their physical status, protocol status and ip address if
assigned.
1 SW1# show ip interface brief
Shows detailed information about the specified interface, its status, protocol, duplex, speed,
encapsulation, last 5 min traffic.
1 SW1# show interface vlan 1
Shows the status of all interfaces like connected or not, speed, duplex, trunk or access vlan.
1 SW1# show interfaces status
Shows information about the leased IP address (when an interface is configured to get IP
address via a dhcp server)
1 SW1# show dhcp lease
Configuring port security:
Make the switch interface as access port:
1 SW1(config-if)# switchport mode access
Configuring Trunks:
SW1(config)# interface fastEthernet 0/1
1 SW1(config-if)# switchport mode trunk ! options: access, trunk, dynamic auto, dyn
2 desirable
3 SW1(config-if)# switchport trunk allowed vlan add 10 ! options: add, remove, all,
except
Securing VLANs and Trunking:
Administratively disable unused interfaces:
1 SW1(config-if)# shutdown
Lists all the trunk ports on a switch including the trunk allowed VLANs:
1 SW1# show interfaces trunk
Lists VTP configuration (mode, domain-name, version, etc) and revision number:
1 SW1# show vtp status
Shows detailed information about the neighboring cisco devices including device address and
version of IOS they run:
1 SW1# show cdp neighbors detail
2 ! OR
3 SW1# show cdp entry *
Default Route:
1 R1(config)# ip route 0.0.0.0 0.0.0.0 199.1.1.1
RIPv2 Configuration:
1 R1(config)# router rip
2 R1(config-router)# version 2
3 R1(config-router)# network 10.0.0.0 ! written as an original class A
4 R1(config-router)# no auto-summary
R1(config-router)# passive-interface serial 0/0
5
RIPv2 Verification:
Shows information about the running routing protocol process:
1 R1# show ip protocols
Shows detailed information about the route to the specified destination network:
1 R1# show ip route 10.1.1.1
OSPF Configuration:
Enter OSPF router configuration mode:
1 R1(config)# router ospf 10 ! 10 = process ID
Configure one or more network commands to identify which interfaces will run OSPF:
1 R1(config-router)# network 10.0.0.0 0.255.255.255 area 0
2 R1(config-router)# network 172.16.8.0 0.0.7.255 area 0
3 R1(config-router)# network 192.168.1.254 0.0.0.0 area 1
Impact routing choices by tuning interface cost using one of the following ways (Optional):
Changing interface cost:
1 R1(config-if)# ip ospf cost 55
Changing interface bandwidth:
1 R1(config-if)# bandwidth 128 ! in Kbps
Changing the reference bandwidth that used by OSPF to calculate the cost:
1 R1(config-router)# auto-cost reference-bandwidth 1000 ! in Mbps
Shows all neighboring routers along with their respective adjacency state:
1 R1# show ip ospf neighbors
Configure one or more network commands to enable EIGRP on the specified interfaces:
1 R1(config-router)# network 10.0.0.0
2 R1(config-router)# network 172.16.0.0 0.0.3.255
3 R1(config-router)# network 192.168.1.1 0.0.0.0
4 R1(config-router)# network 0.0.0.0 255.255.255.255
EIGRP Authentication:
The key-string value and the mode must be the same on both routers. Lifetime options of the keys
requires the clock of the routers to be set correctly, better use NTP, or it can cause problems
Create an authentication key chain as follows:
Create a key chain and give it a name:
1 R1(config)# key chain MY_KEYS
Create one or more keys giving them numbers:
1 R1(config-keychain)# key 1
Define the key value:
1 R1(config-keychain-key)# key-string1stKEY
Define the life time of the keys (optional):
R1(config-keychain-key)# send-lifetime [start time] [end time]
1 R1(config-keychain-key)# accept-lifetime [start time] [end time]
2
Enable md5 authentication mode for EIGRP on the interface:
1 R1(config-if)# ip authentication mode eigrp121 md5
Lists statistics on numbers of EIGRP messages sent and received by the router:
1 R1# show ip eigrp traffic
Enjoy !
Access Control Lists:
Standard ACL: 1 – 99 and 1300 – 1999
Use a remark to describe the ACL (Optional):
1 R1(config)# access-list 1 remark ACL TO DENY ACCESS FROM SALES VLAN
Define network and mask to use in this pool and the default gateway:
1 R1(dhcp-config)# network 192.168.1.0 255.255.255.0
2 R1(dhcp-config)# default-router 192.168.1.1
Shows all the leased ip addresses from all configured DHCP pools:
1 R1# show ip dhcp binding
PPP Configuration:
1 R1(config)# interface serial 0/0
2 R1(config-if)# encapsulation ppp
PPP Authentication:
CHAP:
Configure the hostname:
1 R1(config)# hostname ALPHA
Configure the name of the other end router and the shared password:
! The password used is shared password, that means it must be the same on both
1
routers
2 ALPHA(config)# username BETA password XYZ
PAP:
Configure the hostname:
1 R1(config)# hostname ALPHA
Configure the name of the other end router and the shared password:
1 ALPHA(config)# username BETA password XYZ
Enable PAP authentication on the interface and define the username and password to be sent
by PAP:
1 ALPHA(config)# interface serial 0/0
2 ALPHA(config-if)# ppp authentication pap
3 ALPHA(config-if)# ppp pap sent-username ALPHA password XYZ
Useful for viewing the configuration of usernames and passwords used to authenticate PPP:
1 R1# show running-config
Frame Relay:
Lists messages about certain Frame Relay events, including Inverse ARP messaeges:
1 R1# debug frame-relay events
Dynamic NAT:
Define the outside and inside interfaces
Create an ACL that determines the IP addresses thatare allowed to be translated:
1 R1(config)# access-list 3 permit 192.168.1.0 0.0.0.255
Shows counters for packets and NAT table entries, as well as basic configuration information:
1 R1# show ip nat stasitics
Issues a log message describing each packet whose ip address is translated with NAT:
1 R1# debug ip nat
Enjoy !