R2#terminal history size 256
R1(config)#encapsulation hdlc to restore default encapsulation
R2#show controllers s0/0/0 -verify serial is DCE
-----------------------------------------------------------------------------------------
_________________________________________________________________________________________
SECURITY
Router(config)#hostname R1
R1(config)#enable secret cisco
R1(config)#line console 0
R1(config-line)#password cisco
R1(config-line)#login
R1(config)#line vty 0 4
R1(config-line)#password cisco
R1(config-line)#login
R1(config)#service password-encryption
R1(config)#banner motd #
Enter TEXT message. End with the character '#'.
**********************************************************************************
!!! WARNING: Unauthorized access is prohibited !!!
**********************************************************************************
#
R1(config)#login block-for 180 attempts 3 within 60
R1(config-line)#exec-timeout 10
R1(config)#security passwords min-length 10
Switch(config)#interface range fa 0/2 - fa 0/24
-----------------------------------------------------------------------------------------
_________________________________________________________________________________________
SSH or TELNET
R1(config)#ip domain-name POLNAVY.COM
R1(config)#crypto key generate rsa (cryptokey zeroize rsa - for delete)
R1(config)#username Zibi secret cisco
R1(config)#username netadmin privilege 15 secret cisco
15 highest privilege
R1(config)#line vty 0 4
R1(config-line)#login local
R1(config-line)#transport input ssh /telnet /all - both
R1(config)#ip ssh version 2
R1#show ip ssh
R1#show ssh
-----------------------------------------------------------------------------------------
_________________________________________________________________________________________
ROUTER INTERFACES
R1(config-if)#interface gigabitEthernet 0/0
R1(config-if)#des Link to LAN 124
R1(config-if)#ip add 192.168.1.126 255.255.255.224
R1(config-if)#ipv6 address FE80::1 link-local
R1(config-if)#ipv6 address 2001:DB8:ACAD:A::1/64
R1(config-if)#no shut
R1(config-if)#interface gigabitEthernet 0/1
R1(config-if)#des Link to LAN 214
R1(config-if)#ip add 192.168.1.158 255.255.255.240
R1(config-if)#ipv6 address FE80::1 link-local
R1(config-if)#ipv6 address 2001:DB8:ACAD:B::1/64
R1(config-if)#no shut
R1(config)#ipv6 unicast-routing
-----------------------------------------------------------------------------------------
_________________________________________________________________________________________
CHECKER
R1(config)#do show run / R1(config)#do sh r
R1(config)#do show ip interface brief / R1(config)#do sh ip int br
R1(config)#do show ipv6 interface brief / R1(config)#do sh ipv6 int br
R1(config)#do show ip route
R1(config)#do show ipv6 route
R1(config)#show interfaces
R1(config)#do show ip interface
R1(config)#do show ipv6 interface
R> show version
-----------------------------------------------------------------------------------------
_________________________________________________________________________________________
Switch
Switch(config)#boot system flash:/c2960......
Switch(config)#show bootvar (or sh boot) -to see what the current IOS boot file is set to
Switch#dir flash - to view a list of files within a specified directory
-----------------------------------------------------------------------------------------
_________________________________________________________________________________________
SWITCH VLANs S1 / The switch virtual interface (SVI) on S1
S2(config)#interface range fa 0/1 - fa 0/24
Switch(config)#interface vlan 1
Switch(config-if)#des LAB 214-A Switch
Switch(config-if)#ip ad 192.168.1.157 255.255.255.240
Switch(config-if)#no shut
Switch(config)#ip default-gateway 192.168.1.158
Switch(config)#vlan 20
Switch(config-vlan)#name VLAN20_admin
Switch(config)#int fa 0/20
Switch(config-if)#switchport access vlan 20
Switch(config)#int vlan 20
Switch(config-if)#ip address 192.168.1.156 255.255.255.0
Switch(config-if)#no shut
vlan 150 is commonly used for VoIP
S1#delete VLAN.dat
S1(config)# vlan 20
S1(config-vlan)#name LAB20
S1(config)#int f0/20
S1(config-if)#switchport mode access
S1(config-if)#switchport access vlan 20
S1(config-if)#no switchport access vlan
S1(config)#no vlan 20
S1(config-if)#switchport trunk native vlan 99
R1(config-subif)#encapsulation dot1Q 99 native - for router
S1(config-if)#switchport trunk allowed vlan 10,20,99
S1(config-if)#show interfaces f0/1 switchport
S1(config-if)#switchport mode trunk
S1(config-if)#switchport nonegotiate
S1(config-if)#switchport mode accessint vlan
S1(config-if)#switchport mode dynamic auto
S1(config-if)#switchport mode dynamic desirable
S1(config-if)#switchport mode trunk
S1(config-if)#switchport nonegotiate
S1(config-if)#dtp interface
R1(config)#int g0/0.20
R1(config-subif)#encapsulation dot1Q 20
R1(config-subif)#ip add 172.31.20.1 255.255.255.240
R1(config)#int g0/0
R1(config-if)#no shut
Switch(config)#ip dhcp snooping
Switch(config)#ip dhcp snooping vlan 20
Switch(config)#interface fa 0/1
Switch(config-if)#ip dhcp snooping trust
Switch(config)#interface fa 0/2
Switch(config-if)#ip dhcp snooping limit rate rate 5
Switch(config-if)#switchport port-security mac-address (mac-address)
Switch(config-if)#switchport port-security mac-address sticky
Switch(config-if)#switchport port-security mac-address sticky (mac-address)
Switch(config-if)#no switchport port-security mac-address sticky
Switch(config-if)#switchport port-security violation {protect | restrict |shutdown}
Switch(config)#interface fa 0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport port-security
Switch(config-if)#switchport port-security maximum 2
Switch(config-if)#switchport port-security mac-address sticky
S1#show port-security int fa 0/1
S1#show int fa 0/1 switchport
S1#show vlan brief
S1#show vlan name LAB20
S1#show vlan summary
S1#show mac address-table
S1#sow int vlan 20
S1#show vlan
S1#show interfaces switchport
S1#show interface f0/1 switchport
S1#show interfaces trunk - native vlan
Switch(config)#int fa 0/20
Switch(config-if)#duplex full
Switch(config-if)#speed 100
Switch(config-if)#mdix auto - medium-dependent interface crossover (auto-MDIX)
Switch#show controllers ethernet-controller fa 0/1 phy | include Auto-MDIX
Switch(config)#ntp master [stratum] -Network Time Protocol (NTP
Switch(config)#ntp server ip-address
Switch(config)#Switch#show ntp status
Switch(config)#show ntp associations
-----------------------------------------------------------------------------------------
_________________________________________________________________________________________
Static routing
R1(config)# ip route 172.16.1.0 255.255.255.0 172.16.1.2 NEX-HOP
R1(config)# ip route 172.16.1.0 255.255.255.0 s0/0/0 Directed connected Static Route
R1(config)# ip route 192.168.2.0 255.255.255.0 G0/0 172.16.1.2 Fully Specified Static Route
R1(config)# ip route 0.0.0.0 0.0.0.0 172.16.1.2 Gatewat of last resort
R1(config)# ip route 0.0.0.0 0.0.0.0 10.10.10.2 5 Floating(EIGRP=90, IGRP=100, OSPF=110, IS-IS=115, RIP=120)
R1(config)# ipv6 route 2001:DB8:ACAD:2::/64 2001:DB8:ACAD:4::2/64 NEX-HOP Static IPv6 Route
R1(config)# ipv6 route 2001:DB8:ACAD:2::/64 S0/0/0 Directed connected Static IPv6 Route
R1(config)# ipv6 route 2001:DB8:ACAD:2::/64 S0/0/0 FE80::2 Fully Specified Static IPv6 Route
R1(config)# ipv6 route ::/0 2001:DB8:ACAD:4::2 Gatewat of last resort
-------------------------------------------------------------------------------
show ip route
show ip route | begin Gateway
show ip route | include C
show ip route static
show ipv6 route static
show ip route network
show ip route | begin Gateway
show ip int brief
show ip route 192.168.2.1
show running-config | section ip route
ping 192.168.2.1 source g0/0
ping 192.168.2.1 source 172.16.3.1
traceroute 192.168.2.1
show cdp neighbors
--------------------------------------------------------------------------------
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0/0
ip route 10.10.16.0 255.255.255.0 Serial0/1/1
ip route 64.100.100.0 255.255.255.0 Serial0/0/1 2
!
ip flow-export version 9
!
ipv6 route 2001:DB8:1:A::/63 Serial0/1/0
ipv6 route ::/0 Serial0/0/1
!
-----------------------------------------------------------------------------------------
_________________________________________________________________________________________
Dynamic routing
R1(config)# router rip
R1(config-router)#network 64.0.0.0
R1(config-router)#version 2
R1(config-router)#auto-summary - network summarization
R1(config-router)#passive-interface passive-interface default (for all interfaces)
R1(config-router)# default-information -control distribution
R1(config)#ip route 0.0.0.0 0.0.0.0 s0/0/1 10.10.16.0
R1(config-router)#default-information originate
R1(config)#int g0/0
R1(config-if)#ipv6 rip RIP-AS enable
R1(config-if)#ipv6 route 0::/0 2001:DB8:FEED:1::1 global configuration command
R1(config-if)#ipv6 rip RIP-AS default-information originate
R2#debug ip rip
R2#debug ip routing
R1#show ip route rip
R1#show ip protocols | section Default
R1#show ip route | begin Gateway
------------------------------------------------------------------
OSPF
R1(config)#router ospf 1
R1(config-router)#network 192.168.1.0 0.0.0.255 area 0 - for singels interface
R1(config-router)#network 1.1.1.1 0 0.0.0.0 area 0 for loopback
R1(config-router)#network 0.0.0.0 0.0.0.0 area 0 for all network directed connected
R1(config-router)#passive-interface fa0/0 - no hello msgs
R1(config-router)#auto-cost reference-bandwith 10000 - Mbps
R1(config-router)#bandwidth 10000000 - kilobits
R1(config-router)#ip ospf cost 10
R1(config-router)#router-id 1.1.1.1 - optional (if not set router id = loopback 0 ip)
R1(config-if)#ip ospf priority 2 -for win election to o DR (not BDR)
R1(config)#clear ip ospf process
R1(config)#ip route 0.0.0.0 0.0.0.0 192.168.10.10
R1(config)#router ospf 1
R1(config-router)#defualt-information originate - Propagating a Default Static Route
R1(config-router)#ip ospf message-digest-key 1 md5 cisco123 -authentication md5
R1(config-router)#area 0 authentication message-digest
R1(config-if)#ip ospf authentication message-digest
R1(config-if)#ip ospf message-digest-key 1 md5 cisco123
R1#show ip ospf int fa 0/1
R1(config)#ip ospf hello-interval seconds
R1(config)#ip ospf dead-interval seconds
R1(config)#ipv6 ospf hello-interval seconds
R1(config)#ipv6 ospf dead-interval seconds
R1#show ip ospf neighbor -sequence for troubleshooting
R1#show ip int brief
R1#show ip ospf int
R1#debug ip routing
R1#u all (udebug all)
R1#show running-config | section router ospf
R1#show ip route
R1#show ip protocols
R1#show ip ospf int brief
R1#show ip ospf int fa 0/1
R1#show ip ospf rib
R1#show ip ospf database
!
ip cef
no ipv6 cef
!
interface GigabitEthernet0/0
description Link to LAN 1
ip address 172.16.1.1 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
description Link to R2
ip address 172.16.3.1 255.255.255.252
clock rate 128000
!
interface Serial0/0/1
description Link to R3
ip address 192.168.10.5 255.255.255.252
!
router ospf 10
router-id 1.1.1.1
log-adjacency-changes
passive-interface GigabitEthernet0/0
network 172.16.1.0 0.0.0.255 area 0
network 172.16.3.0 0.0.0.3 area 0
network 192.168.10.0 0.0.0.3 area 0
!
end
--------------------------------------------
ipv6
R1(config)#int loopback 0 The FF02::5 -OSPF, FF02::6 -DR/BDR multicast address
R1(config-if)#ip add 1.1.1.1 255.255.255.255 R1(config-if)#ipv6 add FE80::1 - link local
R1(config-if)#2000:11::1111/64
R1(config)#ipv6 unicast-routing
R1(config)#int fa 0/0
R1(config-if)#ipv6 ospf 1 area 0
R1(config)#int fa 0/1
R1(config-if)#ipv6 ospf 1 area 0
R1(config)#int lo0
R1(config-if)#ipv6 ospf 1 area 0
R1(config)#router osp 1
R1(config-router)#auto-cost reference-bandwith 10000
R1(config-router)#passive-interface fa0/0 - no hello msgs
R1#show ipv6 protocols
R1#show ipv6 ospf neighbor
R1#show ipv6 ospf int
R1#show ipv6 ospf
R1#show ipv6 route ospf
R1#show ipv6 int brief
R1#show ipv6 ospf int brief
R1#show ipv6 ospf int fa 0/1
R1#show ipv6 ospf rib
R1#clear ipv6 ospf 10 process
-----------------------------------------------------------------------------------------
_________________________________________________________________________________________
EIGRP
R1(config)# router eigrp 1
R1(config-router)# auto-summary
R1(config-router)#no auto-summary
R1(config)#int s0/0/0
Router(config-if)# ip summary-address eigrp 1 192.168.0.0 255.255.252.0
Router(config-if)# ipv6 summary-address eigrp 1 2001:db8:acad::/48
R1(config)#ip route 0.0.0.0 0.0.0.0 s0/0/0 (EIGRP external AD=170)
R1(config)# router eigrp 1
R1(config-router)#redistribute static
R2(config)# ipv6 route ::/0 serial 0/1/0
R1(config)# router eigrp 2
R1(config-router)#redistribute static
R1(config-if)# ip bandwidth-percent eigrp 1 40 (40%)
Router(config-if)# ip hello-interval eigrp 1 50
Router(config-if)# ip hold-time eigrp 1 150
Router(config-router)# maximum-paths 1 ( 1 = load balancing is disabled)
Router(config-router)#traf?c-share balanced 2 (route with a metric less than 2 times the successor metric will be installed in the local routing table)
Router(config)# key chain EIGRP_KEY (name-of-chain)
Router(config-keychain)# key 1 (key-id)
Router(config-keychain-key )# key-string CISCO123 (key-string-text)
Router(config)# interface S0/0/0
Router(config-if)# ip authentication mode eigrp 1 md5
Router(config-if)# ip authentication key-chain eigrp 1 EIGRP_KEY
R1(config-router)#passive-interface s0/0/0
R1#show ip eigrp neighbors
R1#show ip route eigrp
R1#show ip protocols
R1#show ip interface brief
R1#show ip eigrp topology all-links
R1#show ipv6 protocols
R1#show ipv6 eigrp interfaces
R1#
-----------------------------------------------------------------------------------------
_________________________________________________________________________________________
ACL
R1#no access-list
R1(config)#access-list 10 deny icmp any any echo
R1(config)#access-list 10 permit host 192.168.10.10
R1(config)#int fa 0/0
R1(config-if)#ip access-group 1 in or out
R1(config)#ip access-list standard name (NO_ACCESS)
R1(config)#access-list 10 remark bla bla bla
R1#clear access-list counters 1
R1(config-std-nacl)#
R2(config-std-nacl)#no 10
R2(config-std-nacl)#10 permit 172.16.0.0 0.0.255.255
R1(config)#access-list 21 permit host 192.168.10.10
R1(config)#access-list 21 deny any
R1(config)#line vty 0 4
R1(config-line)#login local
R1(config-line)#transport input ssh
Router(config-line)#access-class 21 in
!
ip access-list standard NO_ACCESS
remark Do NOT allow from PC2
remark Allow from all other networks
deny host 192.168.11.10
permit any
!
R1#show access-lists
R1#show ip interface gigabitethernet 0/0
-----------------------------------------------------------------------------------------
_________________________________________________________________________________________
NAT
STATIC
R1(config)#ip nat inside source static 172.16.16.1 64.100.50.1
R1(config)#int g0/0
R1(config-if)#ip nat inside
R1(config-if)#in s0/0/0
R1(config-if)#ip nat outside
DYNAMIC
R2(config)#ip nat pool PUBLIC-POOL 209.165.76.197 209.165.76.197 netmask 255.255.0.0
R2(config)#access-list 1 permit 172.16.0.0 0.0.255.255
R2(config)#ip nat inside source list 1 pool PUBLIC-POOL
R2(config)#int s0/0/1
R2(config-if)#ip nat inside
R2(config-if)#int s0/0/0
R2(config-if)#ip nat outside
PAT (PORT)
R2(config)#ip nat inside source list R2NAT interface s0/1/0 overload
R2# show ip nat translations
R2# show ip nat statistics
R2# clear ip nat statistics
R2# clear ip nat translation
R2# show ip nat translations verbose
-----------------------------------------------------------------------------------------
_________________________________________________________________________________________
DHCP
R2(config)#ip dhcp excluded-address 192.168.10.1 192.168.10.10
R2(config)#ip dhcp excluded-address 192.168.30.1 192.168.30.10
R2(config)#ip dhcp pool R1-LAN - DHCP server
R2(dhcp-config)#network 192.168.10.0 255.255.255.0 (ip add pool for R1-LAN)
R2(dhcp-config)#default-router 192.168.10.1
R2(dhcp-config)#dns-server 192.168.20.254
R1(config)#int g0/0 DHCP relay agent
R1(config-if)#ip helper-address 192.168.10.1 (ip add for int R2 - default gateway)
R2(config-if)#ip address dhcp -DHCP client
R2(config-if)#no shut
R2(config-if)#do sh ip int br
R2(config-if)#do sh ip int g0/1
show ip dhcp conflict
show running-config | include no service dhcp
no service dhcp
running-config | include no service dhcp
debug ip packet
debug ip dhcp server events 100 (access list 100)
show running-config | section dhcp
show ip dhcp binding
show ip dhcp server statistics
---------------------------------
Router(config-if)# no ipv6 nd managed-config-flag
Router(config-if)# no ipv6 nd other-config-flag
Router(config-if)# ipv6 nd other-config-flag
Router(config-if)# ipv6 nd managed-config-flag
ipv6 dhcp server pool-name
ipv6 dhcp pool pool-nam
ipv6 nd other-config-flag.
ipv6 enabl
ipv6 address autoconfig
show ipv6 interface
debug ipv6 dhcp detail
address prefix lifetime
ipv6 dhcp relay destination
-----------------------------------------------------------------------------------------
_________________________________________________________________________________________
LACP/PAGP
s1(config)#interface range f0/1-2
s1(config-if-range)#channel-group 1 mode active
s1(config)#interface port-channel 1 -creating a port channel interface Port-channel 1
s1(config-if)#switchport mode trunk ETHERCHANNEL must be asigned to same VLAN on both switches OR configured as a TRUNK
s1(config-if)#switchport trunk allowed vlan 1,2,20 (allowed range of VLANs must be the same on both Switches)
S1(config)#spanning-tree vlan 1 root primary
S1#show spanning-tree vlan 1
S1#show interface port-channel 1
S1#show etherchannel summary
S1#show etherchannel port-channel
S1#show interfaces f0/1 etherchannel
R1#show arch conf diff flash:config.text.renamed nvram:startup-config
R1#sho int desc
-----------------------------------------------------------------------------------------
_________________________________________________________________________________________
VPN
R1(config)#interface tunnel1 0
R1(config-if)#tunnel mode gre ip
R1(config-if)#ip address 192.168.2.1 255.255.255.0
RA(config-if)# tunnel source s0/0/0 or R1(config-if)#tunnel source 209.165.201.1
R1(config-if)#tunnel destination 192.133.219.87
R1(config-if)#tunnel router ospf 1
R1(config-router)#network 192.168.2.0 0.0.0.255 area 0
RA(config)# ip route 192.168.2.0 255.255.255.0 10.10.10.2
RB(config)# ip route 192.168.1.0 255.255.255.0 10.10.10.1int
R1#show ip interface brief | include Tunnel
R1#show interface tunnel 0
R1#show ip ospf neighbor
-----------------------------------------------------------------------------------------
_________________________________________________________________________________________
VPN IPSEC Activate securityk9 module
R1(config)#license boot module c2900 technology-package securityk9
R1(config)#end
R1#copy running-config startup-config
R1#reload
R1#show version (security securityk9 Evaluation securityk9)
R1(config)# access-list 110 permit ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
Configure the ISAKMP Phase 1
R1(config)# crypto isakmp policy 10
R1(config-isakmp)# encryption aes
R1(config-isakmp)# authentication pre-share
R1(config-isakmp)# group 2
R1(config-isakmp)# exit
R1(config)# crypto isakmp key cisco address 10.2.2.2
Configure the ISAKMP Phase 2
R1(config)# crypto ipsec transform-set VPN-SET esp-3des esp-sha-hmac
R1(config)# crypto map VPN-MAP 10 ipsec-isakmp
R1(config-crypto-map)# description VPN connection to R3
R1(config-crypto-map)# set peer 10.2.2.2
R1(config-crypto-map)# set transform-set VPN-SET
R1(config-crypto-map)# match address 110
R1(config-crypto-map)# exit
Configure the crypto map on the outgoing interface
R1(config)# interface S0/0/0
R1(config-if)# crypto map VPN-MAP
R1# show crypto ipsec sa (#pkts encaps: 3, #pkts encrypt: 3, #pkts digest: 0 #pkts decaps: 3, #pkts decrypt: 3, #pkts verify: 0)
-----------------------------------------------------------------------------------------
_________________________________________________________________________________________
Restore password from Router
Reload Router and hold Break button on keyboard
ROMMON 1>confreg 0x2142 - to make logging into router without password
ROMMON 2>i
ROMON>confreg 0x2102 restore default settings
-----------------------------------------------------------------------------------------
_________________________________________________________________________________________
Frame-Relay BackToBack
R1
!
interface Serial0/0/0
description Frame-relay Connection to R2
ip address 192.168.1.1 255.255.255.252
encapsulation frame-relay
frame-relay map ip 192.168.1.1 100
frame-relay map ip 192.168.1.2 100 broadcast
no keepalive
clock rate 64000
!
R3
!
interface Serial0/0/0
ip address 192.168.1.2 255.255.255.252
encapsulation frame-relay
frame-relay map ip 192.168.1.2 100
frame-relay map ip 192.168.1.1 100 broadcast
no keepalive
!
-----------------------------------------------------------------------------------------
_________________________________________________________________________________________
F
Wyszukiwarka
Podobne podstrony:
Cisco Router CommandsCisco 1900 Catalyst Switch Commandscisco router commandsCisco 2900 Catalyst Switch Commandssw gimnazjum 6Cisco 1CO ZYSKUJE SAMOBÓJCA (Słowa mistyków Kościoła św )cisco?naCISCO CCNA Certifications CCNA 2 Module 6ŻYCIE I MISJA ŚW BERNADETTY SOUBIROUSEditor commandsGodzinki ku czci Św Michała Archanioła tekstSpis norm do RTCisco 9Cisco Press CCNP Routing Exam Certification Guide AppendixSW Bwięcej podobnych podstron