CHAPTER 2: BASIC SWITCHING CONCEPTS AND CONFIGURATION
To create a VLAN with the vlan_id of 99, and associate it to an interface, use the following commands: S1(config)# vlan vlan_id S1(config-vlan)# name vlan_name S1(config-vlan)# exit S1(config)# interfaceinterface_id S1(config-if)# switchport access vlan vlan_id
[Cite your source here.] To configure switch management interface, use the following commands: S1(config)# interface vlan vlan_id S1(config-if)# ip address ip_address subnet_mask S1(config-if)# no shutdown S1(config-if)# end S1# copy running-config startup-config
[Cite your source here.] To configure switch management interface, use the following commands: S1(config)# ip default-gateway ip_address S1(config)# end
[Cite your source here.] To verify switch management interface, use the following commands: S1# show ip interface brief
[Cite your source here.]
mopgalicia2014
To configure duplex, speed and mdix, use the following commands: S1(config)# interface interface_id S1(config-if)# duplex {half|full} S1(config-if)# speed speed S1(config-if)# mdix auto S1(config-if)# end S1# copy running-config startup-config
[Cite your source here.] Verifying commands:
mopgalicia2014
To configure ssh, use the following commands: S1(config)# ip domain-name domain-name S1(config)# crypto key generate rsa S1(config)# username username secret password S1(config-line)# line vty 0 15 S1(config-line)# transport input ssh S1(config-line)# login local S1(config-line)# exit S1(config)# ip ssh version 2 S1(config)# exit
To verify ssh status and settings, use the following commands: S1# show ip ssh
[Cite your source here.] To enter range of ports, use the following commands: S1(config)# interface range type module/first-number last-number [Cite your source here.] To configure dhcp snooping, use the following commands: S1(config)# ip dhcp snooping S1(config)# ip dhcp snooping vlan number S1(config)# interface port S1(config-line)# ip dhcp snooping trust S1(config)# interface port S1(config-line)# ip dhcp snooping limit rate number S1(config-line)# exit
mopgalicia2014
To set the maximum number of the secure addresses allowed on the port, use the following commands: S1# show port-security interface port
To set the maximum number of the secure addresses allowed on the port, use the following commands: S1(config)# interface port S1(config-if)# switchport mode access S1(config-if)# switchport port-security S1(config-if)# switchport port-security maximum number
To change the violation mode on a switch port, use the following commands: S1(config)# interface port S1(config-if)# switchport mode access S1(config-if)# switchport port-security S1(config-if)# switchport port-security violation {protect|restrict|shutdown}
To secure mac address, use the following commands: S1(config)# interface port S1(config-if)# switchport mode access S1(config-if)# switchport port-security *static S1(config-if)# switchport port-security mac-address mac-address *sticky S1(config-if)# switchport port-security mac-address sticky S1(config-if)# switchport port-security mac-address sticky mac-address
S1(config)# interface port S1(config-line)# ip dhcp snooping limit rate number S1(config-line)# exit
mopgalicia2014 CHAPTER 3: VLANS To create a VLAN, use the following commands: S1(config)# vlan vlan_id S1(config-vlan)# name vlan_name S1(config-vlan)# end
To assign ports to VLANs, use the following commands: S1(config)# interface interface_id S1(config-if)# switchport mode access S1(config-if)# switchport access vlan vlan_id S1(config-if)# end
To configure trunk, use the following commands: S1(config)# interface interface_id S1(config-if)# switchport mode trunk S1(config-if)# switchport trunk native vlan vlan_id S1(config-if)# switchport trunk allowed vlan vlan_list S1(config-if)# end
To configure router-on-a-stick inter-vlan routing, use the following commands: S1(config)# interface interface_id subinterface_id S1(config-subif)# encapsulation dot1q vlan_id S1(config-subif)# ip address ip_address subnet_mask S1(config-subif)# no shutdown S1(config-subif)# end
To configure ipv4 static routing, use the following commands: R1(config)# Ip route destination-network-address subnet-mask {ip-add|exit-int}
To configure ipv4 default routing, use the following commands: R1(config)# Ip route 0.0.0.0 0.0.0.0 {ip-add|exit-int}
To verify routing table, use the following commands: R1 # show ip route
mopgalicia2014 CHAPTER 7: Routing Dynamically
To configure RIP, use the following commands: R1(config)# router rip R1(config-router)# network network-address
To configure RIPv2, use the following commands: R1(config)# router rip R1(config-router)# version-2 R1(config-router)# network network-address
To disable automatic summarization, use the following commands: R1(config)# router rip R1(config-router)# no auto-summary
To configure passive-interface, use the following commands: R1(config)# router rip R1(config-router)# passive-interface interface-id
To verify routing protocols, use the following commands: R1# show ip protocols
To originate default information, use the following commands: R1(config)# router rip R1(config-router)# default-information originate
mopgalicia2014 CHAPTER 8: Single-Area OSPF
To configure ospf, assign router id, use the following commands: R1(config)# router ospf process_id R1(config-router)# router-id rid R1(config-router)# network network-address wildcard-mask area area-id
To adjust the reference bandwidth, use the following commands: R1(config)# router ospf process_id R1(config-router)# auto-cost reference-bandwidth Mb/s
To adjust the interface bandwidth, use the following commands: R1(config)# interface interface_id R1(config-router)# bandwidth kb/s
To manually set the cost, use the following commands: R1(config)# interface interface_id R1(config-router)# ip ospf cost value
Verifying commands: R1# show ip ospf R1# show ip ospf neighbor R1# show ip ospf interface brief R1# show ip protocols
mopgalicia2014 CHAPTER 9: ACL
To configure standard numbered ACL, use the following commands: R1(config)# access-list access-list-number {deny|permit|remark} source wildcard-mask R1(config)# interface interface-id R1(config-if)# ip access-group access-list-number {in|out}
To configure named ACL, use the following commands: R1(config)# ip access-list {standard|extended} name R1(config-std-nacl)# {permit|deny|remark} source wildcard_mask R1(config)# interface interface-id R1(config-if)# ip access-group name {in|out}
To configure standard ACL to a secure VTY port, use the following commands: R1(config)# line vty 0 4 R1(config-line)# login local R1(config-line)# transport input ssh R1(config-line)# access-class access-list-number {in|out} R1(config)# access-list access-list-number {deny|permit|remark} source wildcard-mask
Verifying commands: R1# show access-lists
mopgalicia2014
CHAPTER 10: DHCP
To configure extended numbered ACL , use the following commands: R1(config)# access-list access-list-number {deny|permit|remark} protocol source wildcard-mask operator port R1(config)# interface interface-id R1(config-if)# ip access-group name {in|out}
To configure DHCP, use the following commands: R1(config)# ip dhcp excluded-address low_address high_address R1(config)# ip dhcp pool pool_name R1(dhcp-config)# network network-address subnet-mask R1(dhcp-config)# default-router ip_address R1(dhcp-config)# dns-server ip_address R1(dhcp-config)# domain-name name
Verifying commands: R1# show ip dhcp binding R1# show ip dhcp server statistics R1# show running-config | section dhcp
To assign ip helper-address, use the following commands: R1(config)# interface interface_id R1(config-if)# ip helper-address ip_address
To configure router as DHCP client, use the following commands: R1(config)# interface interface_id R1(dhcp-config)# ip address dhcp
mopgalicia2014 CHAPTER 11: NAT
To configure Static NAT, use the following commands:
Verifying commands: R1# show ip nat translations R1# show ip nat statistics
mopgalicia2014
To configure Dynamic NAT, use the following commands:
To configure PAT Pool, use the following commands:
mopgalicia2014
To configure Single Address PAT , use the following commands: