Академический Документы
Профессиональный Документы
Культура Документы
Router>enable
Router#dir
# List Flash content
Router#dir nvram:
# List NVRAM content
Router#delete vlan.dat
Router#delete flash:multiple-fs
# Erases certificates
Router#erase startup-config / wr e # Erases flash:config.text and flash:privateconfig.text
Router#reload
# System configuration has been modified. Save? [yes/no]: no
# Proceed with reload? [confirm]
Router Basic Configuration
Router>enable
Router#config term
Router(config)#alias exec c config t
#Avoids typing config t
Router(config)#no ip domain-lookup
Router(config)#ip tcp synwait 5
#Avoid domain-lookup for
30 sec
Router(config)#ip classless / no ip classless
#no ip classless =
classfull
Router(config)#hostname R1
R1(config)#enable secret cisco
R1(config)#banner motd "Authorized Personnel Only"
R1(config)#line console 0
R1(config-line)#logging synchronous
R1(config-line)#no exec-timeout
#Timeouts Overload the CPU on
GNS3
R1(config-line)#password cisco
R1(config-line)#login
(Optional) R1(config-line)#no login
#Disables password
(Optional) R1(config-line)#privilege level 15
#Auto-privileged mode
R1(config-line)#line vty 0 4
R1(config-line)#password cisco
(Optional) R1(config-line)#no login
#Disables password
(Optional) R1(config-line)#privilege level 15
#Auto-privileged mode
R1(config-line)#login
R1(config-line)#interface fa0/0
R1(config-if)#description Connection to Mars
R1(config-if)#speed 100
R1(config-if)#duplex full
(Serial Link) R1(config-if)#clock rate 9600
R1(config-if)#ip address 192.168.7.126 255.255.255.128 / no ip address
192.168.7.126 255.255.255.128
R1(config-if)#no shutdown
R1(config-if)#interface fa0/1
R1(config-if)#description connection to switch1
R1(config-if)#ip address 192.168.7.190 255.255.255.192
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#copy running-config startup-config
S1(config)#interface vlan99
S1(config-if)#ip address 172.17.99.11 255.255.255.0
S1(config-if)#no shutdown
S1(config-if)#exit
S1(config)#copy running-config startup-config
S1#show ip interface brief
Note: The Mgmt ips won't be pingable until the trunks are active. Even to
themselves.
#allows only
ccmHistoryEventEntry.3.7 = 1
ccmHistoryEventEntry.4.7 = 2
ccmHistoryEventEntry.5.7 = 3
S1(config)#end
S1#undebug all
Switch SNMP View Commands
S1#show snmp
S1#show snmp view
S1#show snmp group
S1#show snmp user
S2#show snmp community
Switch DHCP IPv4
S1#config t
S1(config)#ip dhcp excluded-address 192.168.10.1 192.168.10.10
S1(config)#ip dhcp excluded-address 192.168.10.254
S1(config)#ip dhcp pool R1_LAN
S1(dhcp-config)#network 192.168.10.0 255.255.255.0
S1(dhcp-config)#default-router 192.168.10.1
#gateway
S1(dhcp-config)#dns-server 192.168.10.1
#dns
S1(dhcp-config)#exit
S1(config)#end
S1#show ip dhcp binding
Switch STATELESS DHCP IPv6
S1#config t
S1(config)#ipv6 dhcp pool MANAGEMENT_IPV6_DHCP
S1(config-dhcpv6)#dns-server 2001:db8:3115:99:100
S1(config-dhcpv6)#exit
# Associating IPv6 pool with interface vlan99
S1(config)#interface vlan 99
S1(config-if)#ipv6 dhcp server MANAGEMENT_IPV6_DHCP
S1(config-if)#ipv6 nd other-config-flag
S1(dhcp-config)#exit
S1(config)#end
Switch STATEFUL DHCP IPv6
S1#config t
S1(config)#ipv6 dhcp pool VLAN120_IPV6_DHCP
S1(config-dhcpv6)#address prefix 2001:db8:3115:120::/64
S1(config-dhcpv6)#dns-server 2001:db8:3115:99::100
S1(config-dhcpv6)#domain-name switch.ccnp
S1(config-dhcpv6)#exit
S1(config)#interface port-channel 2
S1(config-if)#ipv6 dhcp server VLAN120_IPV6_POOL
# Associating IPv6 pool with interface vlan120 on a different switch(S2)
S2(config)#interface vlan 120
S2(config-if)#ipv6 nd managed-config-flag
S2(dhcp-config)#exit
Switch DHCP Relay
S2(config)# int vlan 120
IP SLA:
IP SLA allows to monitor network performance using generated traffic between the
devices.
DLS1(config)# ip sla 1
DLS1(config-ip-sla)# icmp-echo 172.16.100.101 # Server at the other side of a
l2 / l3 device
DLS1(config-ip-sla-echo)# exit
DLS1(config)# ip sla 2
DLS1(config-ip-sla)# icmp-echo 172.16.200.101 # Server at the other side of a
l2 / l3 device
DLS1(config-ip-sla-echo)# exit
DLS1(config)# ip sla 3
DLS1(config-ip-sla)# udp-jitter 172.16.99.101 5000
side
DLS1(config-ip-sla-jitter)# exit
DLS1(config)# ip sla 4
DLS1(config-ip-sla)# udp-jitter 172.16.99.102 5000
the other side
DLS1(config-ip-sla-jitter)# exit
DLS1(config)#
DLS1(config)#
DLS1(config)#
DLS1(config)#
ip
ip
ip
ip
sla
sla
sla
sla
schedule
schedule
schedule
schedule
1
2
3
4
life
life
life
life
forever
forever
forever
forever
#Another L2 switch at
start-time
start-time
start-time
start-time
now
now
now
now
#SPAN Vlan
#Traffic
HSRP Authentication:
DLS1(config)# int vlan 10
DLS1(config-if)# standby 10 authentication password
# Plain text 8
chars max
DLS1(config-if)# standby 10 authentication md5 key-string cisco123
#
Encryption enabled
HSRP Interface Tracking:
Enables the priority of a standby group router to be automatically adjusted, based
on the availability of the router interfaces. When a tracked interface becomes
unavailable, the HSRP priority of the router is decreased. HSRP tracking features
ensures a router with an unavailable key interface will relinquish the active router
role.
DLS1# conf t
DLS1(config)# ip sla 10
DLS1(config-ip- sla)# icmp-echo 209.165.200.254
DLS1(config-ip- sla-echo)# frequency 5
DLS1(config-ip- sla-echo)# ip sla schedule 10 life forever start-time now
DLS1(config)# track 100 ip sla 10
DLS1(config)# int vlan 10
DLS1(config-if)# standby 10 track 100 decrement 70
DLS1(config-if)# exit
DLS1# show ip sla configuration
DLS1# show ip sla statistics
DLS1# show standby
VRRP (Virtual Router Redundancy Protocol):
DLS1(config)# interface Vlan10
DLS1(config-if)# ip address 172.16.10.1 255.255.255.0
DLS1(config-if)# vrrp 10 ip 172.16.10.5
DLS1(config-if)# vrrp 10 priority 150
master forwarder
DLS1(config-if)# exit
brief
Pri
Time Own Pre
150 3414
Y
State
Master
150
Master
172.16.99.1
3414
VRRP Tracking:
VRRP can only perform object tracking.
DLS1(config)# track 1 int loop 200 line-protocol
DLS1(config-track)# int vlan 99
DLS1(config-if)# vrrp 99 track 1 decrement 60
Router NAT
Router>enable
Router#config term
Router(config)#alias
Configure an ACL to Permit NAT
R2(config)#ip access-list standard R2NAT
R2(config-std-nacl)#permit 192.168.10.0 0.0.0.255
R2(config)#ip access-list extended NAT
R2(config-std-nacl)#permit ip 192.168.10.0 0.0.0.255 any
R2(config-std-nacl)#permit ip 192.168.11.0 0.0.0.255 any
Configure static NAT for an inside web server
R2(config)#ip nat inside source static 192.168.20.254 209.165.202.131
Configure Dynamic NAT Overload
Define the address pool and configure dynamic NAT.
R2(config)#ip nat pool R2POOL 209.165.202.128 209.165.202.130 netmask
255.255.255.252
R2(config)#ip nat inside source list R2NAT pool R2POOL overload
Configure PAT (Port Address Translation = only 1 inside global IP)
R2(config)#ip nat inside source list NAT interface S0/0/1 overload
Specify inside and outside NAT interfaces
R2(config-if)#int f0/0
R2(config-if)#ip nat inside
R2(config-if)#int s0/1/0
R2(config-if)#ip nat outside
Seeing and Clearing Pools
R2#show ip nat translations
R2#clear ip nat translation *
Router RIP
R1(config)#ip classless / no ip classless
#no ip classless =
classful
R1(config)#router rip / no router rip
R1(config-router)#version 2 / version 1 / no version
#no version = default =
version 1
R1(config-router)#network 192.168.1.0
#For RIPv1 specify the directlyconnected-classful-ntw
R1(config-router)#passive-interface fastethernet 0/0 #no send advertisement
on this link
R1(config)#ip route 0.0.0.0 0.0.0.0 serial 0/0/1
#default static route
R1(config-router)#default-information originate
#propagates default
routes
R1(config-router)#redistribute static
# sends static route
through RIP updates
R1(config-if)#no ip split-horizon
#disable split-horizon for
RIP
Securing RIP Updates
Add the following to all routers that will receive RIP updates
R1(config)#key chain RIP_KEY
R1(config-keychain)#key 1
R1(config-keychain-key)#key-string cisco
R1(config)#int s0/0/0
R1(config-if)#ip rip authentication mode md5
R1(config-if)#ip rip authentication key-chain RIP_KEY
Router EIGRP
R1(config)#ip classless / no ip classless
#no ip classless =
classful
R1(config)#router eigrp 1
#1=autonomous-system
number
R1(config-router)#no auto-summary
#disables auto-summary
R1(config-router)#network 0.0.0.0
#sends/listens on all interfaces
R1(config-router)#network 10.10.10.0
#sends/listens on
10.x.x.x interfaces
R1(config-router)#network 172.16.10.0
#sends/listens on
172.16.x.x interfaces
R1(config-router)#network ntw-address [wildcard-mask] #advertises specific
subnet only
R1(config-router)#network 172.16.10.0 0.0.0.255 #sends/listens on 172.16.10.x
interfaces
R1(config-router)#network 192.168.10.8 0.0.0.3
#sends/listens on
192.168.10.8 interfaces
R1(config-router)#redistribute connected
AD=170 (external)
R1(config-router)#redistribute static
through EIGRP updates
R1(config-router)#passive-interface <int-name>
on specific interface
or
R1(config-router)#passive-interface default
passive
R1(config-router)#no passive-interface <int-name>
specific interface
#enable passive
#set all interfaces to
#Set router-id
#disable passive on
#2500 = 25000
#
#disable split-horizon on
R1(config-if)#bandwidth <value>
#eigrp messages will use 50%
by default
R1(config-if)#ip bandwidth-percent eigrp <as#> <percentage> #set
bandwidth for eigrp messages
R1(config-if)#ip hello interval eigrp <as#> <interval>
hello frequency
R1(config-if)#ip hold-time eigrp <as#> <interval>
long to wait to consider R1 dead
R1#show ip protocol
interfaces, variance, filtering
R1#show ip eigrp interface detail f0/0
dead intervals
R1#show ip eigrp neighbors
intervals
R1#show ip eigrp neighbor detail
R1#show ip interface <int-name>
R1#show ip eigrp topology
feasible successors
R1#show ip eigrp topology x.x.x.x/y
for a subnet
R1#show ip eigrp topology all-links
#will apply to R1
# tells R2 how
#K values, passive
#shows hello /
#shows hello / dead
#see static neighbor
#see split-horizon settings
#FD / RD for successors and
#see Feasible Distance
#
EIGRP Stub
R1(config-router)#eigrp stub
#advertises by default
connected and summary
R1(config-router)#eigrp stub connected summary static redistributed
#advertise the options given
R1(config-router)#eigrp stub receive-only
#does not advertise anything
EIGRP Offset-List
R1(config)#access-list 1 permit 1.1.1.0 0.0.0.255
#offset access list
R1(config)#router eigrp 10
R1(config-router)# offset-list {access-list-# | access-list-name} {in | out}
<offset value> [int-type int-#]
R1(config-router)#offset-list 1 in <offset value>
#affects local router +
advertised routes + all int
R1(config-router)#offset-list 1 out <offset value> #affects advertised routes
metric only
EIGRP Authentication
R1(config)#key chain <key-chain name>
#name does not need to
match
R1(config-keychain)#key <key#>
#pair key# + password in same
order
R1(config-keycain-key)#key-string <string (password)>
#passwords must
match exactly on both ends
R1(config-keycain-key)#accept-lifetime / send-lifetime <hh:mm:ss>
#requires times in synced
R1(config-if)#ip authentication mode eigrp <as#> md5
R1(config-if)#ip authentication key-chain eigrp <as#> <key-chain name>
#all keys will be evaluated
R1#show key chain <key-chain name>
#time
must match
EIGRP Summarization
R1(config)#router eigrp 10
R1(config-router)# auto-summary
#classful network autosummarization
R1(config-if)#ip summary-address eigrp asn <subnet prefix> <mask>
#manual summarization on int.
R1(config-if)#ip summary-address eigrp 100 1.1.0.0 255.255.0.0
#multiple
summary addresses
R1(config-if)#ip summary-address eigrp 100 2.2.0.0 255.255.0.0
#are
allowed
R1#show ip route
#to see summarized
routes
R1#show ip route x.x.x.x/y
#to see summarized routes
R1#show ip eigrp topology x.x.x.x/y
#to see summarized
routes
EIGRP Default Route
R1(config)#ip route 0.0.0.0 0.0.0.0 <next-hop-ip> <out-int>
#default route
R1(config)#router eigrp 10
#
R1(config-router)#redistribute static
or
R1(config)#ip route 0.0.0.0 0.0.0.0 null0
#creates a directly
connected default route
R1(config)#router eigrp 10
R1(config-router)#network 0.0.0.0
#will advertised the default
route to neighbors
or
R1(config)#ip default-network <default classful ntw>
#default classful network
to be advertised
R1(config)#router eigrp 10
R1(config-router)#network <default classful ntw> #classful ntw must be directed
connected to R1
R1(config-router)#network 4.0.0.0
#in order to be advertised as
default route to
or
R1(config-if)#ip summary-address eigrp as# 0.0.0.0 0.0.0.0 #thats it this is
all is required
EIGRP Distribute list w/ACLs
#EIGRP Filtering
R1(config)#access-list 1 deny 1.1.1.0 0.0.0.255
#Standard ACL to be
used with EIGRP
R1(config)#router eigrp 10
#filters based on subnet
prefixes
R1(config-router)#distribute-list {ACL} {in | out} {interface}
R1(config-router)# distribute-list 1 in
#int is optional
R1(config)#access-list 101 deny ip host 2.2.2.2 1.1.1.0 0.0.0.255 #Extended
ACL filters based on
R1(config)#router eigrp 10
#subnet prefixes (1.1.1.x) and
specific
R1(config-router)# distribute-list 101 in
#neighbor (2.2.2.2)
EIGRP Distribute list w/Prefix-List
#EIGRP Filtering
R1(config)#ip prefix-list <name> seq <#> permit 1.1.1.0/24
#Prefix-list
R1(config)#ip prefix-list INE seq 10 permit 1.1.1.0/24 # exactly this subnet
#There is an implicit
Router OSPF
R1(config)#ip classless / no ip classless
#no ip classless =
classful
R1(config)#router ospf 1
#1=ospf process does not need
to match
R1(config-router)#no auto-summary
#disables auto-summary
R1(config-router)#network ntw-address [wildcard-mask] [area #] #advertises
specific subnet only
R1(config-router)#network 1.0.0.0 0.255.255.255 area 0 #
R1(config-router)#network 10.10.10.10 0.0.0.0 area 1
#OSPF will take
the subnet from this int ip
or
R1(config)#interface f0/0
R1(config-if)#ip ospf 1 area 1
#OSPF enabled at the interface
level
R1(config-if)#ip ospf hello-interval <interval>
#will apply to R1 hello
frequency (default =10s)
R1(config-if)#ip ospf dead-interval <interval>
#tells R2 how long
to wait to consider R1 dead
R1(config-if)#ip ospf dead-interval minimal hello-multiplier <value> # subsecond hellos (hello < 1sec)
R1#show ip ospf interface <int>
#see intervals
R1#show ip ospf database
R1#show ip ospf database router
R1#show ip ospf database router <router-id>
particular router
R1#show ip ospf database summary x.x.x.x
advertised by ABR
R2(config-line)#access-class Task-4 in
Verify ACLs
R1#show access-lists
Extended IP access list 110
deny tcp 192.168.10.0 0.0.0.255 any eq telnet
deny udp 192.168.10.0 0.0.0.255 host 192.168.20.254 eq tftp
permit ip any any
Extended IP access list 111
permit tcp 192.168.11.0 0.0.0.255 host 192.168.20.254 eq www
permit udp 192.168.11.0 0.0.0.255 host 192.168.20.254 eq tftp
deny ip 192.168.11.0 0.0.0.255 192.168.20.0 0.0.0.255
permit ip any any