Monday, June 4, 2012

Quick CCNA + CCNP switch command Review

Switch Basic commands:-



1).Clock set < hh:mm :ss > {global config mode}

2).hostname {global config mode}

3).interface <[fastethernet ] / [ vlan ] >:-{global config mode}

To set ip address in a switch go to vlan 1 by default otherwise go to your own created vlan.

In order to set ip address in router go to its port and give command ip address.

4). Ip address {switch: - vlan, router:-port}

5).no shutdown (to administratively up the port) {switch:- vlan, router:- port}

6).ip default-gateway {switch:- global configuration mode}

7).copy running-config startup-config {global configuration mode}:- to save current setting

8).show version {privilege mode}

9).enable password {global config mode}

10).enable secret {global config mode}:- it use MD5 HASH method

If password and secret are enabled than both must not have same password.

11).To protect the consol port give following sequence of commands.

Switch (config)# line consol <0/RANGE>

Switch (config-line)# password cisco

Switch (config-line)# login

12).To protect the telnet ports give following sequence of commands

Switch(config)# line vty <0 [RANGE]>{default is 0 to 15 or switch supported}

Switch(config-line)#password

Switch(config-line)#login

13). Service password-encryption {global config mode}:- it gives level 7 password encreption

14).banner []

15).to Enabling SSH session on switch use following commands

Switch(config)#username password

Switch(config)#ip domain-name cbtnuggets.com

Switch(config)#crypto key generate rsa

How many bits in the modulus [512]: 1024 {how strong the encryptions you want}

Switch(connfig)#ip ssh version 2

Switch(config)#line vty 0 4

Switch(config-line)# transport input [telnet] ssh {use telnet if u want to use both}



16). Show ip interface brief {privilege mode}

17).terminal monitor {global config mode}:- it will automatically update current status

18).show Mac address-table {privilege mode}:-it will show all STATIC and DYNEMIC Mac address connected to the switch.



19).to determine weather only the host or router to be allow or other switch to be allowed to specific port, use following command

Switch(config)#interface fastEthernet 0/[no]

Switch(config-if)#switchport mode [access/trunk]

20). If you want only some specific host is allowed by its mac address use following

Switch(config)#interface fastEthernet <0/[no] – [Rang no]>

Switch(config-if)# switchport mode access

Switch(config-if)# switchport port-security

Switch(config-if)# switchport port-security maximum [1-5120]

Switch(config-if)#switchport port-security violation

Switch(config-if)#switchport port-security mac-address <{MACADD}/sticky>

21).switch(config-if)# duplex {in interface port mode}

22).to fix the problem occurred by the Terminal monitor use following command

Switch(config-line)# logging synchronous {in any interface(vty, consol)}

23). Switch(config-line)#exec-timeout {it will automatically logout user after specific amount of time if no action is taken} (in any interface (consol, vty)).

24).no ip domain-lookup:- it helps you to not west your time when you typed something wrong.

25).switch(config)#alias exec {it will help to reduce keystroke of any command

which we are using frequently}

26). To save activity log on switch or router buffer use following command

S1(config)# logging buffered { recomodent 64000}

S1# show logging {to see all log information}

27). S1(config)# no cdp run

VLAN and VTP Configuration:


Vlan and VTP configuration steps

1) Configure Trunks

2) Configure VTP

3) Configure VLANs

4) Assign ports to VLANs

S1# Show VLAN



1). Configure Trunk ports and access porst

S1(Config)#show interface trunk

S1(Config)#interface range f0/4 - 23

S1(Config)#switchport mode access

S1(Config)#interface range f0/1 - 3

S1(Config)#switchport mode trunk encapsulation dot1q (we are using 802.1q trunking protocol in lower range switch there is no option for ISL so it will not support encapsulation command)

2). Configuring VTP(here we will configure VTP Name, Password, Mode)

S1# Show VTP status



S1(Config)# vtp domain {here name is case sensitive}

S1(Config)#vtp password {vtp will not replicate this password so u have to config. Password manually ni all switches}

S1(Config)#vtp mode client {Change mode to Server, Client, or Transparent according to your requirement}

S1(Config)# vtp pruning (if u want to start VLAN pruning).



3). Configuring VLANs

S1(Config)# Vlan (This command will work in only in server mode).

S1(Config-vlan)#name

NOTE:- S1#Show int f0/1 switchport (will show all the switchport, pruning info,)

4). Assigning ports to the VLANs

S1(Config)#int f0/4

S1(Config-if)# switchport access vlan

5)Routing between VLANs

I). Layer 3 switching

S1(config)# int vlan 10

S1(config-if)#ip address 192.168.10.2 255.255.255.0

S1(config)#ip routing

Note:- Set the ip address of the host in 192.168.10.0 subnet and set the default getway as 192.168.10.2

Start the routing protocol in layer 3 switch and advertise the 192.168.10.0 network

II). Router-on-a-Stick configuration

a). Make sub interfaces of particular router port which must be a FastEthernet

R1(Config)#interface fastEthernet0/0.1

R1(Config-subif)#encapsulation dot1q 10

R1(Config-subif)# ip address 192.168.10.0 255.255.255.0

R1(Config)#interface fastEthernet0/0.2

R1(Config-subif)#encapsulation dot1q 20

R1(Config-subif)# ip address 192.168.20.0 255.255.255.0

6) Make Native VLAN

S1(Config)# interface f0/0

S1(Config-if)#switchport mode trunk [dynamic desirable
dynamic auto
nonegotiate]

S1(Config-if)# switchport trunk native vlan

III)CEF configuration in Layer 3 switch

1)Enable CEF

Switch(config)#ip cef

2)Show command

Switch#show ip cef vlan

Note:- It only track routed ports

7). Vlan troubleshooting show commands

S1# show interface 0/ switchport
trunk

S1# Show vtp counters

S1# show vtp status

S1# show interface trunk

S1# show vlan

Spanning Tree Configuration:


1). Useful show commands

S1#show spanning-tree

2). Commands to change root switch

a). Method 1

S1(config)# spanning-tree VLAN_# root
secondary>

b).Method 2

S1(Config)# spanning-tree VLAN_# priority <0-61440 inc/dec in 4096>

3). Enabling spanning tree portfast feature

NOTE:- enable this feature to only HOST ports and Router ports. Do not apply this command to redundant link otherwise spanning tree protocol will disable.

S1(config)# interface

S1(Config-if)#spanning-tree portfast [trunk]

OR

S1(config)#spanning-tree portfast default

S1(config-if)#spanning-tree bpduguard

4). Turn on the rapid spanning tree protocols

S1(Config)# spanning-tree mode rapid-pvst

5). To Troubleshot problems with PVST+ use following command

S1#debug spanning-tree pvst+

6).To troubleshot ports changing state within STP use

S1#debug spanning-tree switch state

S1#debug spanning-tree events

Redundancy Configuration


HSRP Configuration:

Hello timer: 3 sec, Dead timer: 10 sec

1) Create standby group and assign IP address:-

S1(config)#int vlan

S1(config-if)# standby ip {Virtual IP}

S1(config-if)#standby priority {to select Active router; higher is batter}

S1(config-if)#standby preempt [delay
relode
sync> ] {For Failback }

To track interface(WAN or LAN) and do failover based on link status

S1(config-if)#standby tracking

To optimize HSRP like VRRP use

S1(config-if)#standby timer

2) Show command

S1# show standby

VRRP Configuration


2 new features: 1) Master can use its IP as virtual ip 2) skew timer (256-/256)

S1(config)#vrrp ip

S1(config)#vrrp preempt

S1(config)#vrrp timers
learn> [msec]

Here advertise is only for Master Switch or router

S1(config)#show vrrp



GLBP


Here only 1 virtual IP will be assigned and multiple virtual MAC address

S1(config)# GLBP ip

S1(config)# GLBP priority

To select proper AVG (active virtual gateway)

S1(config)# GLBP timers [msec]

S1(config)# GLBP load-balancing
round-robin
weighted>

Weighted option to track other interface load and assign weight to AVF based on load

S1(config)# show GLBP

Router Basic Commands:-


1) Hostname (Config mode)

2) Banner motd @ @ (config mode)

3) Router1(config)# Line conso 0

Router1(config-line)# login

Router1(config-line)# password

Router1(config-line)# logging synchronous

Router1(config-line)# exec-timeout <0-35791 in minute>

4) Router1(config)# line vty 0 [?/]

Router1(config-line)#login

Router1(config-line)#password

Router1(config-line)#logging synchronous

Router1(config-line)#exec-timeout <0-35791 in minute>

<0-2147483 seconds>

5) Router1(Config)# enable secret [0/5/LINE/level]

6) Router1(config)# Show ip int [brief/]

7) Router1(Config)# interface

Router1(Config-if)# description

Router1(Config-if)# ip address

Router1(Config-if)# no shutdown

8) Configuring the Router with internet address which is a dynamic address

Router1(config-if)#ip address dhcp



NOTE : - in many router there may be several Ethernet pots available which works as a switch so to assign the ip address to that port give ip address to its VLan interface.

9) SSH configuration of a router for setting a SDM for router

- First we need to define domain name of that router

Router1(config)#ip domain-name

- Router1(Config-line)# Transport input telnet ssh [or all] (in vty ports)

- The we have to generate cryptography for encryption

Router1 (Config)# crypto key generate rsa general-keys





- Turn on http/https server on your router

Router1(config)# ip http server (it turn on port 80 on router)

Router1(config)# ip http secure-server (it will turn on port 443 HTTPS for security)

- Create Privilege level 15 account (Means enable mode account username password)

Router1(Config)# username privilege 15 secret

- Configure your VTY and HTTP access ports for privilege level 15 and to use local user database

Router1(config)# ip http authentication local (it uses local database where one or multiple username and passwords are created to manage this router)

Router1(Config)# line vty 0 4

Router1(config-line)# login local (now when we telnet to router it will check for local user database to authenticate it)



NOTE:- to use this we directly loged in Privilege mode.

- Install java to computer to run the SDM

10) Setting up DHCP server to the router to give dynamic ip address to the hosts

Router1(Config)# ip dhcp pool

Router1(dhcp-Config)# network 192.168.1.0 255.255.255.255

Router1(dhcp-Config)# dns-server 4.2.2.2

Router1(dhcp-Config)# default-router 192.168.1.1

Router1(dhcp-Config)# import all

Router1(dhcp-Config)# leas 3

Router1(dhcp-Config)# exit

Router1(Config)# ip dhcp excluded-address 192.168.1.20 192.168.1.100

Router1(Config)# ip dhcp excluded-address 192.168.1.101 192.168.1.254

Router1#show ip dhcp [binding/database/pool]

11) Router1# Show ip Route

12) Static routing configuration

- Router(config)# ip route (when we want to route between two offices)

- To set default route on a router

Router1(Config)# ip route 0.0.0.0 0.0.0.0



13) Ip name-server 4.2.2.2

It will allows us to resolve the dns names to ip address in to the router

14) Router# Show controllers serial 0/0 (using this command we can determine which type of serial connection is attached DTE or DCE)



- Now after determining the port is DCE or DTE set the clock pulse on the DCE side cable

- Router(Config)# clock rate <300-8000000 bits per second>

15) Router2# then to suspend the telnet/ssh session.



- Router1# Resume <1/2> or or {it will resume the suspended telnet/ssh session}

- Router1# Show sessions (it will show open session from your router)

- Router1# show user (it will show open session to your router)

- Router2#Disconnect

- Router2#clear line {it will used to disconnect any ssh/telnet session which are connected to your router (means unauthorized connection)}

16) Router2#Show cbt neighbor



17) Router2# show cbt entry <*/WORD>



18) Router1(config-if)# no cdp enable

19) Router1(config)#no cdp run

20) Copy running-config tftp



21) Show flesh(it will show all files in flesh memory)

22) Copy flesh: tftp://


23) Boot IOS from the TFTP server using boot system command

Router(config)# boot system tftp:///

(When next time Router reboots. it will first try to boot IOS from TFTP server)

24) RIP routing protocol

Router1(config)# router rip

Router1(config-router)# rip version 2

Router1(config-router)# network (it will advertise that ip address )

Router1(config-router)# no auto-summary (now rip is no longer a class full)

25) Removing static route shortcut

Router1#Show run
include ip route



Router1(config)#no ip route (removes the static route).

26) Router1# Show ip protocol (it will display which routing protocol we are using.)

27) Router1#debug ip rip (it will display real time router transition)

28) Router1#no debug ip rip [/u all] (trun off debug command)



OSPF Configuration:-


1). Turn on the routing protocol

R1(config)#router ospf <1-65535 Process ID>

2). Advertising network

R1(config-router)# network area

OR

R1(Config-router)# network 192.168.0.0 0.0.255.255 area 0 {it will care about 192.168. starting interface}

3). To show which type of protocol we are using type following

R1# show ospf protocol

4).To show OSPF neighbor type following command

R1# show ospf neighbor

5).to advertise default rout of internet router, go to net router type following command

R1(config-router)# default –information originate

6). Configuring router for multiple areas

R1(config-router)# network 172.30.0.0 0.0.7.255 area 1

R1(Config-router)# area 1 range 172.30.0.0 255.255.248.0

{here in area 1 range command ip and it’s mask should be summarized}

7). Creating loopback interface

R1(config)# int loopback

R1(config-if)# ip address 172.30.8.1 255.255.255.0
8).Default router ID of a router is highest interface ip address or highest loopback ip address if exist

There is a command to set the router id is:

R1(config)#router OSPF 1

R1(config)#router-id

R1#debug ip ospf adj

R1#clear ip ospf process

EIGRP configuration:-


1). Turn on the eigrp protocol

R1(config)# router eigrp <0-65535 autonomous number> {must be the same in all routers}

2). Advertising network

R1(config)# network []

3). Important show command

R1# show ip eigrp neighbors

4). To turn off the auto summary feature for discontinuous network

R1(config-router)# no auto-summary

5). Inject a manual summary rout to the interface where we need to send the summary rout.

R1(config)# int s0/0

R1(config-if)# ip summary-address eigrp 10 172.30.0.0 255.255.248.0

Access Control List (ACL) Configuration


-Standard access List


1). Creating Access list

R1(config)# access-list <0-99
1300-1999>
permit
remark > [host
any]

2). Appling access-list to port or line

a).in port type following

R1(config)# int s0/0

R1(config-if)#ip access-group
out>

b).in line

R1(config)# line vty 0 4

R1(config-line)# ip access-class
out>

NOTE:- In Standard access list put as closest as you can to the destination

-Extended Access List


1). Creating the extended access-list

R1(config)# access-list <100-199>
permit> [any] [[host][willd card mask]] [[eq ]
[any eq ] [[host][]]

Ex:

R1(config)#access-list 150 deny tcp host 192.168.10.5 host 128.164.136.5 eq 80

-Named Access list

R1(config)# ip access-list
Extended>

R1(config-ext-nacl)#
deny> [host] [] [host][]

R1(config-ext-nacl)#
deny>

R1(config-ext-nacl)#no

NOTE:- we can also modify numbered access list using ip access-list command

-Reflexive Access-list

R1(config)# ip access-list extended INTERNET_TRAFFIC

R1(config-ext-nacl)#permit tcp any any established



-Useful Show command:-

1). Show [ip] access-list

NAT Configuration:-


NAT Overload:-


1) Labeling the interface

R1(config)#int f0/1

R1(config-if)# ip nat inside

R1(config)# int e0/1/0

R1(config-if)#ip nat outside

2) Creating Access list to permit specific host to be nated

R1(config)# ip access-list standard NAT_ACC

R1(config-std-nacl)# deny 192.168.3.0 0.0.0.255

R1(config-std-nacl)# deny 192.168.0.0 0.0.255.255

3) Enabling NAT Overload

R1(config)# ip nat inside source list NAT_ACC interface e 0/1/0 overload

Static NAT Mapping:-


1) Create label for the interface

R1(config)# interface TYPE 0/PORT_#

R2(config-if)# ip nat
outside>

2) Enable static NAT

R1(config)# ip nat inside source static

OR

Static Port NAT mapping to use same overloading ip address for static entry

1) Create label for the interface

R1(config)# interface TYPE 0/PORT_#

R2(config-if)# ip nat
outside>

2) Appling static NAT mapping

R1(config)# ip nat inside source static tcp interface e 0/1/0

Dynamic NAT:-


1) Create label for the interface

R1(config)# interface TYPE 0/PORT_#

R2(config-if)# ip nat
outside>

2) Creating IP NAT pool

R1(config)# ip nat pool
prefix-length>
bit notation>

3) Appling the NAT

R1(config)# ip nat inside source list
name> pool overload







FRAME RELAY configuration:-


Multi-point design config:-


1).S1(config)#int s0/0/0

S1(config-if)#ip address 192.168.1.1 255.255.255.0

S1(config-if)# encapsulation frame-relay

S1(config-if)#frame-relay lmi-type
anci
q933a> {in newer router it will detect automatically }

S1(config-if)# frame-relay map ip broadcast

S1# show frame-relay map

NOTE:- Remember you have to configure the all map to all the router statically and you must have to stop split horizon to work with multi-point frame relay design

Point-to-point frame-relay network design


1).you need to create multiple sub interface where connection to multi routers

S1(config)#int s0/0

S1(Config-if)# encapsulation frame-relay

S1(config)#int s0/0.301 point-to-point

S1(config-subif)#ip address 192.168.1.1 255.255.255.0

S1(Config-subif)# frame-relay interface-delci 301{DELCI No.}







IEEE 802.6 =Distributed queue duel bus DQDB (MAN)

IEEE 802.3 = Local area network

IEEE 802.4=Token Bus

IEEE 802.5=Token Ring By IBM

IEEE 802.1q=VLAN tagging standard

IEEE 802.1d=STP protocol

IEEE 802.1x= Authentication

IEEE 802.11a/b/g/n = Wireless standards