Switch Basic commands:-
1).Clock set < hh:mm :ss >
2).hostname
3).interface <[fastethernet
To set ip address in a switch go to vlan 1 by default otherwise go to your own created vlan.
In order to set ip address in router go to its port and give command ip address.
4). Ip address
5).no shutdown (to administratively up the port) {switch:- vlan, router:- port}
6).ip default-gateway
7).copy running-config startup-config {global configuration mode}:- to save current setting
8).show version {privilege mode}
9).enable password
10).enable secret
If password and secret are enabled than both must not have same password.
11).To protect the consol port give following sequence of commands.
Switch (config)# line consol <0/RANGE>
Switch (config-line)# password cisco
Switch (config-line)# login
12).To protect the telnet ports give following sequence of commands
Switch(config)# line vty <0 [RANGE]>{default is 0 to 15 or switch supported}
Switch(config-line)#password
Switch(config-line)#login
13). Service password-encryption {global config mode}:- it gives level 7 password encreption
14).banner
15).to Enabling SSH session on switch use following commands
Switch(config)#username
Switch(config)#ip domain-name cbtnuggets.com
Switch(config)#crypto key generate rsa
How many bits in the modulus [512]: 1024 {how strong the encryptions you want}
Switch(connfig)#ip ssh version 2
Switch(config)#line vty 0 4
Switch(config-line)# transport input [telnet] ssh {use telnet if u want to use both}
16). Show ip interface brief {privilege mode}
17).terminal monitor {global config mode}:- it will automatically update current status
18).show Mac address-table {privilege mode}:-it will show all STATIC and DYNEMIC Mac address connected to the switch.
19).to determine weather only the host or router to be allow or other switch to be allowed to specific port, use following command
Switch(config)#interface fastEthernet 0/[no]
Switch(config-if)#switchport mode [access/trunk]
20). If you want only some specific host is allowed by its mac address use following
Switch(config)#interface fastEthernet <0/[no] – [Rang no]>
Switch(config-if)# switchport mode access
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security maximum [1-5120]
Switch(config-if)#switchport port-security violation
Switch(config-if)#switchport port-security mac-address <{MACADD}/sticky>
21).switch(config-if)# duplex
22).to fix the problem occurred by the Terminal monitor use following command
Switch(config-line)# logging synchronous {in any interface(vty, consol)}
23). Switch(config-line)#exec-timeout
24).no ip domain-lookup:- it helps you to not west your time when you typed something wrong.
25).switch(config)#alias exec
which we are using frequently}
26). To save activity log on switch or router buffer use following command
S1(config)# logging buffered
S1# show logging {to see all log information}
27). S1(config)# no cdp run
VLAN and VTP Configuration:
Vlan and VTP configuration steps
1) Configure Trunks
2) Configure VTP
3) Configure VLANs
4) Assign ports to VLANs
S1# Show VLAN
1). Configure Trunk ports and access porst
S1(Config)#show interface trunk
S1(Config)#interface range f0/4 - 23
S1(Config)#switchport mode access
S1(Config)#interface range f0/1 - 3
S1(Config)#switchport mode trunk encapsulation dot1q (we are using 802.1q trunking protocol in lower range switch there is no option for ISL so it will not support encapsulation command)
2). Configuring VTP(here we will configure VTP Name, Password, Mode)
S1# Show VTP status
S1(Config)# vtp domain
S1(Config)#vtp password
S1(Config)#vtp mode client {Change mode to Server, Client, or Transparent according to your requirement}
S1(Config)# vtp pruning (if u want to start VLAN pruning).
3). Configuring VLANs
S1(Config)# Vlan
S1(Config-vlan)#name
NOTE:- S1#Show int f0/1 switchport (will show all the switchport, pruning info,)
4). Assigning ports to the VLANs
S1(Config)#int f0/4
S1(Config-if)# switchport access vlan
5)Routing between VLANs
I). Layer 3 switching
S1(config)# int vlan 10
S1(config-if)#ip address 192.168.10.2 255.255.255.0
S1(config)#ip routing
Note:- Set the ip address of the host in 192.168.10.0 subnet and set the default getway as 192.168.10.2
Start the routing protocol in layer 3 switch and advertise the 192.168.10.0 network
II). Router-on-a-Stick configuration
a). Make sub interfaces of particular router port which must be a FastEthernet
R1(Config)#interface fastEthernet0/0.1
R1(Config-subif)#encapsulation dot1q 10
R1(Config-subif)# ip address 192.168.10.0 255.255.255.0
R1(Config)#interface fastEthernet0/0.2
R1(Config-subif)#encapsulation dot1q 20
R1(Config-subif)# ip address 192.168.20.0 255.255.255.0
6) Make Native VLAN
S1(Config)# interface f0/0
S1(Config-if)#switchport mode trunk [dynamic desirable
dynamic auto
nonegotiate]
S1(Config-if)# switchport trunk native vlan
III)CEF configuration in Layer 3 switch
1)Enable CEF
Switch(config)#ip cef
2)Show command
Switch#show ip cef vlan
Note:- It only track routed ports
7). Vlan troubleshooting show commands
S1# show interface
trunk
S1# Show vtp counters
S1# show vtp status
S1# show interface trunk
S1# show vlan
Spanning Tree Configuration:
1). Useful show commands
S1#show spanning-tree
2). Commands to change root switch
a). Method 1
S1(config)# spanning-tree VLAN_# root
secondary>
b).Method 2
S1(Config)# spanning-tree VLAN_# priority <0-61440 inc/dec in 4096>
3). Enabling spanning tree portfast feature
NOTE:- enable this feature to only HOST ports and Router ports. Do not apply this command to redundant link otherwise spanning tree protocol will disable.
S1(config)# interface
S1(Config-if)#spanning-tree portfast [trunk]
OR
S1(config)#spanning-tree portfast default
S1(config-if)#spanning-tree bpduguard
4). Turn on the rapid spanning tree protocols
S1(Config)# spanning-tree mode rapid-pvst
5). To Troubleshot problems with PVST+ use following command
S1#debug spanning-tree pvst+
6).To troubleshot ports changing state within STP use
S1#debug spanning-tree switch state
S1#debug spanning-tree events
Redundancy Configuration
HSRP Configuration:
Hello timer: 3 sec, Dead timer: 10 sec
1) Create standby group and assign IP address:-
S1(config)#int vlan
S1(config-if)# standby
S1(config-if)#standby priority
S1(config-if)#standby
relode
sync>
To track interface(WAN or LAN) and do failover based on link status
S1(config-if)#standby
To optimize HSRP like VRRP use
S1(config-if)#standby
2) Show command
S1# show standby
VRRP Configuration
2 new features: 1) Master can use its IP as virtual ip 2) skew timer (256-
S1(config)#vrrp
S1(config)#vrrp
S1(config)#vrrp
learn> [msec]
Here advertise is only for Master Switch or router
S1(config)#show vrrp
GLBP
Here only 1 virtual IP will be assigned and multiple virtual MAC address
S1(config)# GLBP
S1(config)# GLBP
To select proper AVG (active virtual gateway)
S1(config)# GLBP
S1(config)# GLBP
round-robin
weighted>
Weighted option to track other interface load and assign weight to AVF based on load
S1(config)# show GLBP
Router Basic Commands:-
1) Hostname
2) Banner motd @
3) Router1(config)# Line conso 0
Router1(config-line)# login
Router1(config-line)# password
Router1(config-line)# logging synchronous
Router1(config-line)# exec-timeout <0-35791 in minute>
4) Router1(config)# line vty 0 [?/
Router1(config-line)#login
Router1(config-line)#password
Router1(config-line)#logging synchronous
Router1(config-line)#exec-timeout <0-35791 in minute>
<0-2147483 seconds>
5) Router1(Config)# enable secret [0/5/LINE/level]
6) Router1(config)# Show ip int [brief/
7) Router1(Config)# interface
Router1(Config-if)# description
Router1(Config-if)# ip address
Router1(Config-if)# no shutdown
8) Configuring the Router with internet address which is a dynamic address
Router1(config-if)#ip address dhcp
NOTE : - in many router there may be several Ethernet pots available which works as a switch so to assign the ip address to that port give ip address to its VLan interface.
9) SSH configuration of a router for setting a SDM for router
- First we need to define domain name of that router
Router1(config)#ip domain-name
- Router1(Config-line)# Transport input telnet ssh [or all] (in vty ports)
- The we have to generate cryptography for encryption
Router1 (Config)# crypto key generate rsa general-keys
- Turn on http/https server on your router
Router1(config)# ip http server (it turn on port 80 on router)
Router1(config)# ip http secure-server (it will turn on port 443 HTTPS for security)
- Create Privilege level 15 account (Means enable mode account username password)
Router1(Config)# username
- Configure your VTY and HTTP access ports for privilege level 15 and to use local user database
Router1(config)# ip http authentication local (it uses local database where one or multiple username and passwords are created to manage this router)
Router1(Config)# line vty 0 4
Router1(config-line)# login local (now when we telnet to router it will check for local user database to authenticate it)
NOTE:- to use this we directly loged in Privilege mode.
- Install java to computer to run the SDM
10) Setting up DHCP server to the router to give dynamic ip address to the hosts
Router1(Config)# ip dhcp pool
Router1(dhcp-Config)# network 192.168.1.0 255.255.255.255
Router1(dhcp-Config)# dns-server 4.2.2.2
Router1(dhcp-Config)# default-router 192.168.1.1
Router1(dhcp-Config)# import all
Router1(dhcp-Config)# leas 3
Router1(dhcp-Config)# exit
Router1(Config)# ip dhcp excluded-address 192.168.1.20 192.168.1.100
Router1(Config)# ip dhcp excluded-address 192.168.1.101 192.168.1.254
Router1#show ip dhcp [binding/database/pool]
11) Router1# Show ip Route
12) Static routing configuration
- Router(config)# ip route
- To set default route on a router
Router1(Config)# ip route 0.0.0.0 0.0.0.0
13) Ip name-server
It will allows us to resolve the dns names to ip address in to the router
14) Router# Show controllers serial 0/0 (using this command we can determine which type of serial connection is attached DTE or DCE)
- Now after determining the port is DCE or DTE set the clock pulse on the DCE side cable
- Router(Config)# clock rate <300-8000000 bits per second>
15) Router2#
- Router1# Resume <1/2> or
- Router1# Show sessions (it will show open session from your router)
- Router1# show user (it will show open session to your router)
- Router2#Disconnect
- Router2#clear line
16) Router2#Show cbt neighbor
17) Router2# show cbt entry <*/WORD>
18) Router1(config-if)# no cdp enable
19) Router1(config)#no cdp run
20) Copy running-config tftp
21) Show flesh(it will show all files in flesh memory)
22) Copy flesh:
23) Boot IOS from the TFTP server using boot system command
Router(config)# boot system tftp://
(When next time Router reboots. it will first try to boot IOS from TFTP server)
24) RIP routing protocol
Router1(config)# router rip
Router1(config-router)# rip version 2
Router1(config-router)# network
Router1(config-router)# no auto-summary (now rip is no longer a class full)
25) Removing static route shortcut
Router1#Show run
include ip route
Router1(config)#no ip route
26) Router1# Show ip protocol (it will display which routing protocol we are using.)
27) Router1#debug ip rip (it will display real time router transition)
28) Router1#no debug ip rip [/u all] (trun off debug command)
OSPF Configuration:-
1). Turn on the routing protocol
R1(config)#router ospf <1-65535 Process ID>
2). Advertising network
R1(config-router)# network
OR
R1(Config-router)# network 192.168.0.0 0.0.255.255 area 0 {it will care about 192.168. starting interface}
3). To show which type of protocol we are using type following
R1# show ospf protocol
4).To show OSPF neighbor type following command
R1# show ospf neighbor
5).to advertise default rout of internet router, go to net router type following command
R1(config-router)# default –information originate
6). Configuring router for multiple areas
R1(config-router)# network 172.30.0.0 0.0.7.255 area 1
R1(Config-router)# area 1 range 172.30.0.0 255.255.248.0
{here in area 1 range command ip and it’s mask should be summarized}
7). Creating loopback interface
R1(config)# int loopback
R1(config-if)# ip address 172.30.8.1 255.255.255.0
8).Default router ID of a router is highest interface ip address or highest loopback ip address if exist
There is a command to set the router id is:
R1(config)#router OSPF 1
R1(config)#router-id
R1#debug ip ospf adj
R1#clear ip ospf process
EIGRP configuration:-
1). Turn on the eigrp protocol
R1(config)# router eigrp <0-65535 autonomous number> {must be the same in all routers}
2). Advertising network
R1(config)# network
3). Important show command
R1# show ip eigrp neighbors
4). To turn off the auto summary feature for discontinuous network
R1(config-router)# no auto-summary
5). Inject a manual summary rout to the interface where we need to send the summary rout.
R1(config)# int s0/0
R1(config-if)# ip summary-address eigrp 10 172.30.0.0 255.255.248.0
Access Control List (ACL) Configuration
-Standard access List
1). Creating Access list
R1(config)# access-list <0-99
1300-1999>
permit
remark > [host
any]
2). Appling access-list to port or line
a).in port type following
R1(config)# int s0/0
R1(config-if)#ip access-group
out>
b).in line
R1(config)# line vty 0 4
R1(config-line)# ip access-class
out>
NOTE:- In Standard access list put as closest as you can to the destination
-Extended Access List
1). Creating the extended access-list
R1(config)# access-list <100-199>
permit>
[any eq
Ex:
R1(config)#access-list 150 deny tcp host 192.168.10.5 host 128.164.136.5 eq 80
-Named Access list
R1(config)# ip access-list
Extended>
R1(config-ext-nacl)#
deny>
R1(config-ext-nacl)#
deny>
R1(config-ext-nacl)#no
NOTE:- we can also modify numbered access list using ip access-list command
-Reflexive Access-list
R1(config)# ip access-list extended INTERNET_TRAFFIC
R1(config-ext-nacl)#permit tcp any any established
-Useful Show command:-
1). Show [ip] access-list
NAT Configuration:-
NAT Overload:-
1) Labeling the interface
R1(config)#int f0/1
R1(config-if)# ip nat inside
R1(config)# int e0/1/0
R1(config-if)#ip nat outside
2) Creating Access list to permit specific host to be nated
R1(config)# ip access-list standard NAT_ACC
R1(config-std-nacl)# deny 192.168.3.0 0.0.0.255
R1(config-std-nacl)# deny 192.168.0.0 0.0.255.255
3) Enabling NAT Overload
R1(config)# ip nat inside source list NAT_ACC interface e 0/1/0 overload
Static NAT Mapping:-
1) Create label for the interface
R1(config)# interface TYPE 0/PORT_#
R2(config-if)# ip nat
outside>
2) Enable static NAT
R1(config)# ip nat inside source static
OR
Static Port NAT mapping to use same overloading ip address for static entry
1) Create label for the interface
R1(config)# interface TYPE 0/PORT_#
R2(config-if)# ip nat
outside>
2) Appling static NAT mapping
R1(config)# ip nat inside source static tcp
Dynamic NAT:-
1) Create label for the interface
R1(config)# interface TYPE 0/PORT_#
R2(config-if)# ip nat
outside>
2) Creating IP NAT pool
R1(config)# ip nat pool
prefix-length>
bit notation>
3) Appling the NAT
R1(config)# ip nat inside source list
name> pool
FRAME RELAY configuration:-
Multi-point design config:-
1).S1(config)#int s0/0/0
S1(config-if)#ip address 192.168.1.1 255.255.255.0
S1(config-if)# encapsulation frame-relay
S1(config-if)#frame-relay lmi-type
anci
q933a> {in newer router it will detect automatically }
S1(config-if)# frame-relay map ip
S1# show frame-relay map
NOTE:- Remember you have to configure the all map to all the router statically and you must have to stop split horizon to work with multi-point frame relay design
Point-to-point frame-relay network design
1).you need to create multiple sub interface where connection to multi routers
S1(config)#int s0/0
S1(Config-if)# encapsulation frame-relay
S1(config)#int s0/0.301 point-to-point
S1(config-subif)#ip address 192.168.1.1 255.255.255.0
S1(Config-subif)# frame-relay interface-delci 301{DELCI No.}
IEEE 802.6 =Distributed queue duel bus DQDB (MAN)
IEEE 802.3 = Local area network
IEEE 802.4=Token Bus
IEEE 802.5=Token Ring By IBM
IEEE 802.1q=VLAN tagging standard
IEEE 802.1d=STP protocol
IEEE 802.1x= Authentication
IEEE 802.11a/b/g/n = Wireless standards