Basic Configuration Steps

SWITCH ROUTER
Configure the device name
 hostname name
Secure console
 line console 0
 password password
 login

Secure remote Telnet

 line vty 0 15
 password password
 login

Secure AUX
 line aux 0
 password password
 login
Secure privileged EXEC mode
 enable secret password
Secure all passwords in the config file
 service password-encryption
Provide legal notification
 banner motd #message#

Set Default Gateway IP

 ip default-gateway 192.168.1.1
Save the configuration
 copy running-config startup-config
 write (another way)

apagar o running config e load do default

 erase running-config
 reload
restart do dispositivo
 reload
Enable the router to forward IPv6 packets
 ipv6 unicast-routing
 Testing Commands

Verify interface configuration

 show ip interface brief

Displays statistics for all interfaces on the device

 show interfaces

Displays the IPv4 statistics for all interfaces on a router

 show ip interface

Displays the contents of the IPv4 routing table stored in RAM

 show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B – BGP, D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area, N1 - OSPF
NSSA external type 1, N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, E – EGP, i - IS-IS, L1 - IS-IS level-1, L2
- IS-IS level-2, ia - IS-IS inter area ; * - candidate default, U - per-user static route, o – ODR ; P - periodic downloaded static route

Visualizar MAC's Address em um Switch:

MAC dos interfaces

 show interfaces vlan 1

Tabela de mac-address do switch :

 show mac address-table
Visualizar MAC's Address em um PC:

Tabela ARP :
 show arp
 show arp –a
 show arp –d

Visualizar informações IP do PC:

 for IPv4: C:\> ipconfig /all
 for IPv6: C:\> ipv6config /all
Loopback Ping:
 for IPv4: 127.0.0.1
 for IPv6: ::1
To run EXEC commands in config mode:

 (config-if)# do show ip interface brief

Outros:

Windows PC : Obter o IP publico:

 nslookup myip.opendns.com. resolver1.opendns.com

Servidor: resolver1.opendns.com It uses resolver1.opendns.com dns server to

Address: 208.67.222.222 resolve the magical myip.opendns.com. hostname
Resposta não autoritativa: to your ip address. (Note: the trailing . on the lookup
Nome: myip.opendns.com prevents search domains from being appended,
Address: 89.115.22.149 which can yield incorrect results.)
 Configuration Commands
SWITCH ROUTER

Configure the in-band router interfaces

 interface GibabitEthernet 0/1
 description description-text
 ip address 192.168.1.2 255.255.255.0
 no shutdown
Configure the in-band router interfaces (IPV6):
 interface GibabitEthernet 0/1
 ipv6 address 2001:DB8:1:A001::2/64
 ipv6 address FE80::1 link-local
 no shutdown
Ativar roteamento IPv6
 ipv6 unicast-routing
Interface Description
 description text

Configure the management Switch SVI (telnet)

 interface vlan 1
 ip address 192.168.1.20 255.255.255.0
 ip default-gateway 192.168.1.1
 no shutdown

Configure default gateway:

 ip default-gateway 192.168.1.1
Secure remote SSH
 1) ip domain-name ninf.emfa.pt //definição do domínio
 2) username admin secret admin //criação de utilizador – privilégios!!!
username admin privilege 15 secret admin
 3) crypto key generate rsa [1024] //criação de chaves com 1024 bits

 4) line vty 0 15 //aceder lines vty

 5) login local //autenticação local - utilizador que
criado atrás
 6) transport input ssh //apenas tráfego encriptado

 7) exec-timeout m s //logout após m minutos e s segundos

(aplicável às linhas)
Other Definitions for Secure remote SSH:
 security password min-length 10 // tamanho minimo da pass

 login block-for 120 attempts 2 within 30 //bloquear durante 120s se falhar mais
que 2 logins em 30s

Desativar a tradução DNS

 no ip domain-lookup
 Comandos que podem ser importantes:

Teclas:

CTRL + SHIFT + 6 - Parar o “Translating "texto"...domain server (255.255.255.255)”

(pode ser usado o comando #no ip domain-lookup)

CTRL + D - apagar para trás (o mesmo que DEL)

analisar:

path ping

TELNET:

pc>telnet 192.168.0.254

ATENÇÃO: a password é de linha VTY

atenção ao ip default-gate, senão não será possível aceder remotamente ao switch/router de rede
Notes:

Cisco IOS Software have only one configurable IP management interface, which by default is
interface VLAN 1.

Switch needs IP or default-gateway ? Default Gateway for a Switch:

Typically, a workgroup switch that interconnects client computers is a Layer 2 device. As such,
a Layer 2 switch does not require an IP address to function properly. However, if you wish to
connect to the switch and administratively manage it over multiple networks, you will need to
configure the SVI with an IPv4 address, subnet mask, and default gateway address.

The default gateway address is typically configured on all devices that wish to communicate beyond
just their local network. In other words, to remotely access the switch from another network using SSH
or Telnet, the switch must have an SVI with an IPv4 address, subnet mask, and default gateway address
configured. If the switch is accessed from a host within the local network, then the default gateway
IPv4 address is not required.

A common misconception is that the switch uses its configured default gateway address to determine
where to forward packets originating from hosts connected to the switch and destined for hosts on
remote networks.

Actually, the IP address and default gateway information is only used for packets that originate from
the switch. Packets originating from host computers connected to the switch must already have the
default gateway address configured on their host computer operating systems.