Anda di halaman 1dari 19

Basic

User exec
Router> ping
show (limited)
enable
etc.....
Privileged exec
Router# debug
reload
configure
show
(all user exec commands)
etc.....
Global Configuration
Router(config)# hostname
enable secret
ip route
interface fa0
router (rip,ospf,eigrp,ect...)
line (vty,console,etc...)
Interface
Router(config-if)# ip address
ipx network
encapsulation
shutdown/no shutdown
etc.....
Routing engine
Router(config-router)# network
version
auto summary
no auto summary
etc....
Line
Router(config-line)# password
login
modem
etc....

Show commands
Router#show version
protocols
running-config
memory
stacks
buffers
startup-config
flash
interfaces
Save to NVRAM
Router#copy run start
Hostname
Router(config)#hostname name
Console password
Router(config)#line con 0
Router(config-line)#password password
Router(config-line)#login
Logging synchronus
Router(config-line)#logging synch
Enable secret Password
Router(config)#enable secret password
Virtual terminal password
Router(config)#line vty 0 4
Router(config-line)#password password
Router(config-line)#login
Login banner
Router(config)#banner motd # message #
Checking config files
Router#sh running-config
Save
Router#copy run start
Back up on tftp
Router#copy running-config tftp
Router#copy startup-config tftp

Remove all configs


Router#erase statup-config

CONFIGURING ROUTER INTERFACES


Interfaces
Router(config)#interface type slot/sub slot/port
Turn router interface off
Router(config-if)#shutdown
Turn router interface on
Router(config-if)#no shutdown
Configuring router ethernet interfaces
Router(config)#interface fa0/0
Router(config)#ip address #.#.#.# #.#.#.#
Router(config)#no shut
Configuring router serial interfaces
Router(config)#interface s0
Router(config-if)#ip add #.#.#.# #.#.#.#
Router(config-if)#clock rate 64000
Router(config-if)#no shut
*clock rate is only in a lab envirment on DCE*
Description
Router(config)#int fa0
Router(config-if)#description description
Ping
Router>ping 127.0.0.1
Router>ping #.#.#.#
Traceroute
Router>traceroute #.#.#.#
Verifing basic router config
Router#sh run
Router#
sh startup-config
Router#sh ip route
Router#sh int
Router#sh ip int brief
Serial link
Router#sh controllers s0
Debug

Router#debug ip routing
Turn of
Router#undebug all
CDP (neighbors)
Router#sh cdp neigh
Router#sh cdp neighbors detail
Turn of
Router#no cdp run
Ip Route Cmd
Static Route
Serial
Router(config)#ip route #.#.#.# #.#.#.# s0
Fast Ethernet
Router(config)#ip route #.#.#.# #.#.#.# f0 #.#.#.#
Configure summary route
*you need to delete the other routes first*
Router(config)#no ip route #.#.#.# #.#.#.# s0
Router(config)#ip route #.#.#.# #.#.#.#
Default Static route
Router (config)#ip route 0.0.0.0 0.0.0.0 s0
Rip V1
Router(config)#router rip
Router(config)network #.#.#.#
Passive int
One int
Router(config)#router (rip,eigrp,ospf)
Router(config-router)#passive-interface fa0
Turn of all
Router(config)#router name
Router(config-router)#
Default route
Router(config)# ip route #.#.#.# #.#.#.# s0
Router(config)#router (rip,ospf)
Router(config-router)#default-information originate
Eigrp
Router(config)# router eigrp
Router(config-router)#redistribute static
Rip V2
Router(config)#router rip
Router(config-router)#version 2

Null interfaces
Router(config)#ip route #.#.#.# #.#.#.# null0
Router(config)#router rip
Router(config-router)#redistribute static
*This is for a practice lab envirment*
Disable auto summary
Router(config)#router (rip,eigrp)
Router(config-router)#no auto-summary
Troubleshoot Rip
Router#sh ip route
Router#
sh ip protocols
Router#
sh ip int brief
Router#show run
Router#ping #.#.#.#
Router#debug ip rip
EIGRP
*ALL process ids need to be the same*
R(config)#router eigrp (process ID #)
R(config-router)#network #.#.#.# wildcard #
R(config-router)#no auto-summary
Bandwidth cmd
R(config)#int s0
R(config-if)#Bandwidth (# in Kilobits)
Bandwidth utilization
R(config-if)#ip bandwidth-percent eigrp (as#) (%)
EIGRP manual summarization
R(config)#int s0
R(config-if)#ip summary-address eigrp (as#) #.#.#.# subnetmask #
Hello interval/Hold time
*These must be 3xs*
R(config)#int s0
R(config)#ip hello-interval eigrp (as#) #
R(config-if)#ip hold-time eigrp (as#) #
Show cmds
R#sh
R#sh
R#sh
R#sh
R#sh
R#sh
R#sh

ip eigrp neighbors
ip int brief
ip route
ip protocols
run
int s0
ip eigrp topology

Debug
R#debug eigrp fsm
Log
R#eigrp log-neighbor-changes
OSPF
*all area need to be the same*
R(config)#router ospf #
R(config-router)#network #.#.#.# wildcard # area #
Router ID
*do this before network cmds or network ip will be used*
R(config)#router ospf #
R(config-router)#router-id #.#.#.#
Modifying the router ID
clear ip ospf process
loopback as the router ID
R(config)#int loopback #
R(config-if)#ip add #.#.#.# subnetmask#
Cost/bandwidth
Auto-cost reference-bandwidth #
Bandwidth
R(config-if)#bandwidth #
Cost
R(config-if)#ip ospf cost #
DR/BDR/DRother
*highest priorityis the DR*
R(config-if)#ip ospf priority (0-255)
*If this is not done it chooses the hight lan ip address
Force elections by
R(config-if)# shutdown
R(config-if)#no shutdown
Hello/Dead interval
*This is 4Xs*
R(config-if)#ip ospf hello-interval #
R(config-if)#ip ospf dead-interval #
Show cmds
R#sh
R#sh
R#sh
R#sh

ip
ip
ip
ip

protocols
ospf
ospf int s0
ospf neighbor

R#sh ip route
R#sh int
R#sh ip int brief
SWITCHING
History
S#terminal
S#terminal
S#terminal
S#terminal

history
history size #
no history size
no history

Config management interface


S(config)#int vlan #
S(config-if)#ip add #.#.#.# #.#.#.#
S(config-if)#no shut
Interface access
S(config)#int fa0
S(config-if)#switchport mode access
S(config-if)#switchport access vlan #
Config default gateway
S(config)#ip default-gateway #.#.#.#
Duplex and speed
S(config)#int fa0
S(config-if)#duplex auto
S(config-if)#speed auto
Web int
S(config)#ip http authentication(enable,local,tacacs)
S(config)#ip http server
Mac
Mac-address-table static # vlan # int fa#
Backup
S#copy startup-config flash:config.name
Restore
S#copy flash:config name startup-config
S#reload
*SAVE? NO!!!*
TFTP Server
Copy to tftp
S#copy system:running config tftp [location/directory/file name]
S#copy nvram: startup-config tftp [location/directory/filename]

Copy to switch
S#copy tftp [location/directory/filename] system: running-config
S#copy tftp [location/directory/filename]nvram:startup-config
Banner login
S(config)#banner login #message#
Config telnet
S(config)#line vty 0 15
S(config-line)# transport input telnet
Config ssh
Switch(config)#hostname S
S(config)#ip domain-name name.com
S(config)#crypto key generate rsa
S(config)#ip ssh version 2
S(config)#line vty 0 15
S(config)#transport input ssh
SSH timout/retries
S(config-line)#ip ssh timeout (0-120)
S(config-line)#ip ssh authentication (0-5)
Delete RSA key pair
S(config)#crypto key zeroize rsa
SSH SHOW cmds
S#sh ip ssh
S#sh ssh
DHCP spoofing
S(config)#ip dhcp spoofing
Vlan
S(config)#ip dhcp spoofing vlan number #
Ports
S(config-if)#ip dhcp snooping trust
Port security
Static
S(config-if)#switchport port security mac-address #
Dynamic
S(config-if)#switchport port-security
Sticky
S(config-if)#switchport port security
S(config-if)#switchport port-security mac-address sticky (mac#
optional)
Security violations
S(config-if)#switchport port-security violation

(shutdown,restrict,protect)
# of vlans
S(config-if)#switchport port-security maximum #
ALL TOGETHER
S(config)#int fa0
S(config-if)#switchport mode access
S(config-if)#switchport port-security
S(config-if)#switchport port-security maximum #
S(config-if)#switchport port-security mac-address sticky
S(config-if)#switchport port-security violation
(shutdown,restrict,protect)
VLAN
Access vlan port
S(config-if)#switch mode access
S(config-if)#switch access vlan #
Voice
S(config-if)#mls qos trust cos
S(config-if)#switch voice vlan #
S(config-if)#switch mode access
S(config-if)#switch access vlan #
Native vlan
S(config-if)#switch mode trunk
S(config-if)#switch trunk native vlan #
Add vlan
S(config)# vlan #
S(config)#name (vlan name)
Series or range of vlans
S(config)#vlan # - #
S(config)# vlan #,#,#,#....
Show vlan verify vlans and port numbers
S#sh vlan [brief|id#|name name |summary]
S#sh int [int id|vlan ID] switchport
Remove
S(config-if)#no switch access vlan
Allowed vlans on a trunk
S(config-if)#switch trunk allowed vlan [#|all]
Interface range cmd
S(config-if)#int range fa# - #

Show cmds
S#sh int # switchport
S#sh vlan brief
S#sh int trunk
DTP
Dynamic auto
S(config-if)#switch
On
S(config-if)#switch
Desirable
S(config-if)#switch
OFF
S(config-if)#switch

mode dynamic auto


mode trunk
mode dynamic desirable
nonegotiate

VTP
Name
S(config)#vtp domain name
Password
S(config)#vtp password password
Version
S(config)#vtp version [1|2]
Client/server
S(config)#vtp mode [client|server]
Show cmds
S#sh vtp status
S#sh vtp counters
STP
Set cost
S(config-if)#spanning-tree cost #
Config the bid/pvst+
S(config)spanning-tree vlan # root [primary|secondary]
Or
S(config)#spanning-tree vlan # priority #

Port priority
*Increments of 16*
S(config-if)spanning-tree port priority [0-240]
Portfast Cisco
*Access ports only*
S(config-if)#spanning-tree portfast

Rapid pvst+
S(config)#spanning-tree mode rapid-pvst
S(config)#int fa0
S(config-if)#spanning-tree link-type point-to-point
S#clear spanning-tree detected-protocols
STP show cmds
S#sh spanning-tree detail
S#sh run
INTER VLAN ROUTING
Router
R(config)#int fa0.vlan#
R(config-subif)#encap dot1q vlan# native
R(config-subif)#ip add #.#.#.# #.#.#.#
R(config-subif)# int fa0.20
R(config-subif)#encap dot1q vlan#
R(config-subif)#ip add #.#.#.# #.#.#.#
R(config-subif)#int fa0
R(config-subif)#no shut
Switch
S(config-if)#switch mode trunk
S(config-if)#switch trunk native vlan #
S(config-if)#switch access trunk allowed vlan [#/all]
Sh cmds
Router
R#sh ip route
R#sh run
R#sh int
Switch
S#sh int fa0 switchport
Basic switch show cmds
S#sh history
S#sh ip int brief
S#sh
S#sh
S#sh
S#sh
S#sh
S#sh
S#sh
S#sh
S#sh
S#sh
WAN

run
mac
int fa#
startup-config
flash
version
ip (http|arp)
mac-address-table
ip ssh
ssh

HDLC
R(config-if)#encap hdlc
Sh hdlc
R#sh int s0
R#sh controllers s0
PPP
R(config-if)#encap ppp
R(config-if)#compress [predictor|stac]
R(config-if)#ppp quality %#
R(config-if)#ppp multilink
Authenication
R(config-if)#ppp authentication (chap|pap)
Chap
R(config)#username (other hostname) password (sameone)
Pap
R(config-if)#ppp pap sent-username (other hostname) password
(sameone)
Sh cmds
R#sh int
R#sh int serial
Debug
R#debug ppp [packet |negotiation|error|authentication|compression|
cbcp]
Frame relay
Static
R(config-if)#encap frame-relay (cisco|ietf)
R(config-if)#no frame-relay inverse-arp
R(config-if)#frame-relay map ip #.#.#.# dlci # broadcast [cisco|ietf]
Lmi type
R(config-if)#frame-relay lmi-type (cisco|ansi|q933a)
Sub int
R(config-if)#int s0.dlci# (multipoint|point-to-point)
Point to point
R(config-subif)#frame-relay int-dlci#
Multipoint
R(config-subif)#frame-relay map ip #.#.#.# dlci# broadcast
(cisco|ietf)
*int s0 encap frame-relay,no ip add,no shut*

Sh frame relay cmds


R#sh frame-relay lmi
R#sh frame-relay map
R#sh frame-relay pvc dlci#
Clear iarp
R#clear frame-relay iarp
Debug
R#debug frame-relay lmi
Security
Password length
R(config)#security passwords min length #
Prevent logins on unused lines
R(config)#line (vty|aux)#
R(config-line)#no password
R(config-line)#login
SSH parameters
R(config)#hostname name
R(config)#ip domain-name name.com
R(config)#crypto key generate rsa #(1024)
R(config)#username name secret password
Optinal timeout/retries
R(config)#ip ssh tim-out (seconds)
R(config)#ip ssh authentication-retries #
Allow vty,ssh
R(config)#line vty 0 4
R(config-line)#no transport input
R(config-line)#transport input telnet ssh
R(config-line)#password password
R(config-line)#login local
Only ssh
R(config-line)#line vty 0 4
R(config-line)#no transport input
R(config-line)#transport input ssh
R(config-line)#login local
Exec timout
R(config)#line (con|vty) #min

Turn of unless used


Small servervices echo,discard,chargin
R(config)#no service (tcp|udp)-small-servers
Bootp
R(config)#no ip bootp server
Finger
R(config)#no service finger
SNMP
R(config)#no snmp-server
HTTP
R(config)#no ip http server
CDP
R(config)#no cdp run
Remote config
R(config)#no service config
Source routing
R(config)#no ip source-route
Classles routing
R(config)#no ip classless
Unused interface
R(config-if)#shutdown
No smurf attacks
R(config-if)#no ip directed-broadcast
Adhoc routing
R(config-)#no ip proxy-arp
Show cmds
R#sh running-config
Security routing protocols
Rip
R(config)#router (ospf,eigrp, rip)
R(config-router)#passvie interface default
R(config-router)#no passive interface (s0,fa0)
Key chain
R(config)#key chain name
R(config-keychain)#key #
R(config-keychain-key)# key-string password
Interface
R(config)#int s0
R(config-if)#ip rip authentication mode md5
R(config-if)#ip rip authentication key chain name
Sh cmds
R#sh ip route
EIGRP
R(config)#key chain name
R(config-keychain#)#key #

R(config-keychain-key)#key-string password
Interface
R(config)#int s0
R(config-if)#ip authentication mode eigrp (as#) md5
R(config-if)#ip authentication key-chain eigrp (as#) name
OSPF
R(config)#int s0
R(config-if)#ip ospf message-digest-key # md5 password
R(config-if)#ip ospf authentication message-digest
Router ospf
R(config)#router ospf #
R(config-router)#area # authentication message-digest
SDM support
R(config)#ip http server
R(config)#ip http secure-server
R(config)#ip http authentication local
R(config)#username name privilege 15 secret cisco
Line vty
R(config)#line vty 0 4
R(config-line)#privilege level 15
R(config-line)#password password
R(config-line)#login local
R(config-line)#transport input telnet ssh
Managing IOS Images
Syntax cmd srouce-url:destination-url:
Ram to nvram
R#copy running-config startup-config
Ram to remote
R#copy running-config tftp:
Remote to running
R#copy tftp: running config
Remote to startup
R#copy tftp: statup-config
URL prefixes
*location/directory/filename*
Ex. tftp://#.#.#.#/configs/backup-config
Saving an ios image
*check for remote(ping)*
R#sh flash
R#copy flash: tftp
Upgrading an IOS
R#copy flash: tftp
Restoring a cisco IOS

Rommon1>IP_Address=#.#.#.#
Rommon2>IP_subnet_mask=#.#.#.#
Rommon3>Default_gateway=#.#.#.#
Rommon4>tftp_server=#.#.#.#
Rommon5>tftp_file=filename
Rommon7>tftp dnld
IOS show cmds
R#Sh protocols
R#Debug ip (rip,ospf,eigrp)
Cmds related to debug
R(config)#service (timestamps|log)debug datetime
R#sh processes
R#undebug all
R#terminal monitor
Router password recovery
*get config register #/turn router of/turn on press break cmds*
Rommon1>confreg 0x2142
Rommon2>reset
Router>enable
R#copy startup-config running-config
R(config)#enable secret password
R(config)#config-register 0x2102
ACLS
Standard
R(config)#access-list (1-99) or (1300-1999) (deny|permit|remark) source
(source wildcard) (log)
Int config apply acl
R(config-if)#ip access-group (group #) (in|out)
Line vty
R(config)#line vty 0 4
R(config-line)#password password
R(config-line)#login
R(config-line)#access-class #(in|out)
Named acl
R(config)#ip access-list (standard |extended) name
R(config-std-nacl)#(permit ,deny,remark) source [source
wildcard] (log)
Int apply named acl
R(config-if)#ip access-group name (in,out)
Extended acl
R(config)#access-list # (deny,permit,remark) [protocol] source [source
wildcard] destination [destination wildcard] (operand) (Port #or name)
Ex. R(config)#access-list 103 permit 192.168.10.0 0.0.0.255 any eq 80

Sh cmds
R#sh access-list (#|name)
DHCP
R(config)#ip dhcp exclude-address [lowest (high)]
R(config)# ip dhcp pool [pool name]
R(dhcp-config)#network #.#.#.# #.#.#.#
R(dhcp-config)#default-router #.#.#.#
R(dhcp-config)#domain-name name.com
Dhcp client
R(config-if)#ip add dhcp
R(config-if)#no shut
Dhcp relay
R(config)#int fa0
R(config-if)#ip helper-address (dhcp server add #.#.#.#)
Nat
Static Nat
R(config)#ip nat inside source static local-ip global-ip
Apply to int
R(config-if)#ip nat (inside/outside)
Dynamic nat
R(config)#ip nat pool name [start ip #][end ip #] netmask #.#.#.#
R(config)#access-list (permit,deny) inside ip allowed (ex. 192.168.0.0
0.0.255.255)
R(config)#ip nat inside source list # pool name
Apply to int
R(config-if)#ip nat (inside,outside)
Nat overload
R(config)#access-list #(permit,deny) inside ip allowed
R(config)#ip nat inside source list # int inside global overload
R(config-if)#ip nat (inside,outside)
Overload using a pool
R(config)#access-list #(permit,deny) (eligible #.#.#.# wildcard
#)
R(config)#ip nat pool name (start #- end #)
R(config)#ip nat inside source list # pool name overload
Int
R(config-if)# ip nat (inside,outside)
Nat sh cmds
R#sh ip nat translation
R#sh ip nat translation verbose
R#sh ip nat stat

Clear nat
R#clear ip nat translation *
R#sh ip nat translation
Debug ip nat
R#debug ip nat
Ipv6
Manual int id assignment /eui-64
R(config-if)#ipv6 address 2001:db8:2222:7272::/64 eui-64
Dual stack
*to turn on ipv6*
R(config)#ipv6 unicast-routing
Interface
R(config-if)#ip add #.#.#.#
R(config-if)#ipv6 add 3fe:boo:c18:1::3/127
Ipv6 name resolustion
*up to 4*
Static
R(config)#ipv6 host name (port) (ipv6 address#)
Dns ipv6 name server
*up to 6*
R(config)#ip name-server (dns address)
Ripng ipv6
R(config)#ipv6 router rip name
Int
R(config-if)#ipv6 rip name enable
All together
R(config)#ipv6 unicast-routing
R(config)#ipv6 router rip name
Int
R(config-if)#ipv6 address #
R(config-if)#ipv6 rip name enable
Ipv6 sh cmds
R#sh ipv6 int e0
R#sh ipv6 int brief
R#sh ip v6 neighbors
R#sh ipv6 rip
R#sh ipv6 route
R#sh ipv6 route summary

R#sh
R#sh
R#sh
R#sh

ipv6
ipv6
ipv6
ipv6

routers
static
static detail
static int s0

Troubleshooting
R#clear ipv6 rip
R#clear ipv6 route *
R#clear ipv6 route address
R#clear ipv6 traffic
R#clear ipv6 packet
R#debug ipv6 rip
R#debug ipv6 routing