Tables of content
This is a short summary of every kind of stuff from cisco's netacad courses and from Network Administration books:
Glance through Modes paragraph, it will help you to understand this guide better.
Each command has to be launched in specific scope, so here are every command used in this guide to enter into specific scope.
Example:
Show all VLANs (exec)
(means that "show all vlans" command can be launched only from
execmode)you have to type
enablein the console
Exec (exec)
enable
Configuration (config)
enable
configure terminal
Interface (config-if)
enable
configure terminal
interface {interface}{port}
choose interface range, for 1 and more interfaces
interface range {interface}{port_start} - {port_end}, {interface}{port_start} - {port_end}
Vlan (config-vlan)
enable
configure terminal
vlan {vlan_id}
Console Line (config-con)
enable
configure terminal
line con 0
Console VTY (config-vty)
enable
configure terminal
line vty 0 15
Router EIGRP (eigrp)
enable
configure terminal
router eigrp {process_id}
Ipv6 Router EIGRP (eigrp-ipv6)
enable
configure terminal
ipv6 router eigrp {process_id}
Router OSPF (ospf)
enable
configure terminal
router ospf {process_id}
Ipv6 Router OSPF (ospf-ipv6)
enable
configure terminal
router ospf {process_id}
-
Create Vlan and assign name (config)
vlan {number} name {vlan-name} -
Adding interfaces to Vlan
interface {interface}{port} switchport mode access switchport access vlan {number} -
Activating "Trunk Mode" for external interfaces
interface {ext_interface}{port} switchport mode trunkRouter - Switch connection interface
-
Create subinterfaces on the router and point them
interface {interface}{port}.{vlan_num} encapsulation dot1Q {vlan_num} ip address {ip} {subnet_mask} no shutIP of the router that we want to assign this interface to
-
Create VLANS
vlan {vlan-num} name {vlan-name} -
Configure Switch Virtual Interfaces on L3 Switch (config)
interface vlan {vlan-num} ip address {ip-address} {mask} -
Configure Trunking on L3 Switch.
interface {outside-interface} {port} switchport mode trunk switchport trunk native vlan {native-vlan-num} -
Enable routing.
ip rouing
Add native VLAN to trunk port (config)
inteface {exit_interface}{port}
switchport mode trunk
switchport trunk native vlan {number}
Enable Dynamic trunking protocol {DTP} (config-if)
switchport mode dynamic {desirable/auto}
Enable no negotiate (config-if)
switchport nonegotiate
Enable voice in VLAN (config-if)
mls qos trust cos
switchport voice vlan {number}
Secure Shell (SSH) is a protocol that provides remote Secure (encrypted) managed connection to the device.
-
IP domain configuration
ip domain-name {your.link}` -
RSA key pair generation
crypto key generate rsa -
User authentication configuration
username {name} secret {password} -
VTY lines configuration
line vty 0 15 transport input ssh login local exit -
Enable SSH ver. 2
ip ssh version 2 exit
See SSH configuration (exec)
show ip ssh
Delete RSA key
crypto key zeroize rsa
| RIPv1 | RIPv2 | IGRP | EIGRP | OSPF | IS-IS | |
|---|---|---|---|---|---|---|
| Speed Coverage | Slow | Slow | Slow | Fast | Fast | Fast |
| Scalability | Small | Small | Small | Large | Large | Large |
| Use of VLSM | No | Yes | No | Yes | Yes | Yes |
| Resource Usage | Low | Low | Low | Medium | High | High |
| Implementation | Simple | Simple | Simple | Complex | Complex | Complex |
ip route {destination_ip} {destination_subnet} {route - [ip/interface]}
Default route
ip route 0.0.0.0 0.0.0.0 {route - [ip/interface]}
Example:
172.16.2.0 / 26
172.16.1.128 / 25
172.16.1.0 / 25
172.16.0.0 / 24
each adress include 172.16
172.16.00000010.00000000
172.16.00000001.10000000
172.16.00000001.00000000
172.16.00000000.00000000
so to calculate the mask, we need to count numbers that adresses do not share.
in this case, after 172.16.000000 10 numbers are coming, subnet mask is 32 - 10 and we get ip summary of: 172.16.0.0 / 22
we get ip adress range from 172.16.0.0 to 172.16.3.255
(config)
-
Enable the EIGRP routing process.
router eigrp {process-num} -
Assign a router ID.
eigrp router-id {A.B.C.D}eigrp router-id 1.1.1.1
-
Advertise directly connected networks.
network {ip_address} {wildcard}add networks to router eigrp config, that are directly connected to router through interface ports
-
Configure passive interfaces. (eigrp)
passive-interface {interface}{port}`usually you should add ports, which are connected to switches or devices
Disable automatic summarization.
no auto-summary
Propagate the default route in EIGRP. (eigrp)
redistribute static
Hello interval
ip hello-interval eigrp {process-num} {interval}
Make every interface passive (eigrp)
passive-interface default
Display routing protocol parameters
show ip protocols
EIGRP investigation commands
show ip eigrp topology
show ip eigrp interfaces
show ip eigrp neighbors
config
-
Enable IPv6 routing. (config)
ipv6 unicast-routing -
Enable EIGRP for IPv6 routing.
ipv6 router eigrp {process-num} no shutdown -
Assign a router ID
eigrp router-id {A.B.C.D} -
Configure EIGRP for IPv6 on each interface (config)
interface {interface} {port} ipv6 eigrp {process-num} -
Configure passive interfaces. (ipv6-eigrp)
passive-interface {interface}{port}
router eigrp 1
metric weights tos
metric weights 0 0 0 0 0 0
in case ISP has static routing, run these commands to other routers
router eigrp {number}`
redistribute static`
Router (conf)
-
Configure router IDs. (config)
route ospf {num} router-id {process_id} -
Configure Networks for OSPF Routing
Configure networks with wildcard masks. (config-router)
network {ip_address} {wildcard_mask} area {number}Or Configure OSPF routing on router interfaces. (config)
interface {interface}{port} ip ospf {process-id} area {area-id} -
Configure Passive Interfaces (config) router ospf {num} passive-interface {outside-interface}{port}
Propagate the default route in ospf. (ospf)
default-information originate
Summarization between areas. (ospf)
area {area-id} range {ip} {mask}
Hello and Dead intervals (config-if)
ip ospf hello-interval {interval}
ip ospf dead-interval {interval}
config
-
Enable IPv6 routing. (config)
ipv6 unicast-routing -
Enable OSPF for IPv6 routing.
ipv6 router ospf {process-num} -
Assign a router ID
router-id {A.B.C.D} -
Configure EIGRP for IPv6 on each interface (config)
interface {interface} {port} ipv6 ospf {process-num} area {area} -
Configure passive interfaces. (ipv6-eigrp)
passive-interface {interface}{port}
DR - Designated Router
BDR - Backup Designated Router
DROTH - Designated Router OTHer\
DR is elected in ospf network by highest priority.
BDR is elected in ospf network by second highest priority.
DROTH is elected automatically if neither DR nor BDR is obtained\
in order to assign DR or BDR to specific routers
-
Assign highest priority to desired router port
interface {interface1}{port1} ip ospf priority {priority-num} -
Assign second highest priority to desired router port
interface {interface2}{port2} ip ospf priority {priority-num} -
Clear every neighbor router processes in order to start election (exec)
clear ip ospf processess -
Wait and check each router's ospf interface brief and neighbors
show ip ospf neighbor show ip ospf interface brief
Propagate the route in OSPF.
ip route {ip} {mask} {interface}{port}
router ospf 1
default-information originate
Make every interface passive (ospf)
passive-interface default
Show ip routes learned through OSPF.
show ip route ospf
show ip ospf neighbor {interface}{port}
show ip ospf interface {interface}{port}
Router (conf)
Run these commands to each router and network
route rip
version 2
network {neighbor_router_ip_address}
-
Configure static NAT statements.
inside ips are like 192.168.x.x / 172.16.x.x / 10.x.x.x
outside ips can be anything.ip nat inside source static {inside-ip} {outside-ip} -
Configure inside interfaces.
interface where user is connected to. Usually g0/0
interface {interface}{port} ip nat inside -
Configure outside interfaces.
interfaces where router reaches outside networks. Usually s0/0/0
interface {interface}{port} ip nat outside
-
Configure traffic that will be permitted. (config)
access-list {acl-num} permit {inside-network-ip} {wildcard-mask} -
Configure a pool of address for NAT. (config)
ip nat pool {any_pool_name} {nat-start-ip} {nat-end-ip} netmask {network-mask} -
Associate ACL with the NAT pool. (config)
ip nat inside source list {acl-num} pool {your-pool-name} -
Configure inside interfaces.
interface {interface}{port} ip nat inside -
Configure outside interfaces.
interface {interface}{port} ip nat outside
-
Configure traffic that will be permitted. (config)
access-list {acl-num} permit {inside-network-ip} {wildcard-mask} -
Configure a pool of address for NAT. (config)
ip nat pool {any_pool_name} {nat-start-ip} {nat-end-ip} netmask {network-mask} -
Associate ACL with the NAT pool and allow addresses to be reused. (config)
ip nat inside source list {acl-num} pool {your-pool-name} overload -
Configure inside interfaces.
interface {interface}{port} ip nat inside -
Configure outside interfaces.
interface {interface}{port} ip nat outside
-
Permit ip addressed other way (might be needed)
ip access-list standard {acl-name} permit {network-ip} {wildcard-mask} -
Step 3 alternative
Associate ACL with the NAT interface and allow addresses to be reused.ip nat inside source list {acl-num} interface {outside-interface-port} overload
NAT investigation commands. (exec)
show running-config | include nat
show ip nat translations
show ip nat statistics
Create standard ACL. (config)
ip access-list standard {word | 1-99}
Create extended ACL. (config)
ip access-list extended {word | 100-199}
Add record to standard ACL. (config)
ip access-list standard {word|1-99}
[permit|deny] {ip} {wildcard-mask}
Add record to standard ACL other way. (config)
access-list {1-99} [permit|deny] {ip} {wildcard-mask}
Add ip record to extended ACL. (config)
ip access-list extended {acl-name|100-199}
[permit|deny] {source-ip} {source-wildcard} {dest-ip} {dest-wildcard}
Add ip record to extended ACL other way. (config)
access-list {100-199} [permit|deny] {source-ip} {source-wildcard} {dest-ip} {dest-wildcard}
Use ACL inside interface. (config-if)
ip access-group {1-199 | acl-name} [in|out]
Use ACL inside line. (config-line)
ip access-class {acl-name} [in|out]
ACL investigation commands. (exec)
show ip access-lists
Router (conf)
ip dhcp pool {name}
default-router {target_ip}
network {ip-start-point} {subnet-mask}
dns-server {dns_address}`
network is usually like - 192.168.100.0 255.255.255.0
dns-server is usually like - 8.8.8.8
Exclude IPs
ip dhcp excluded -address {ip-start-point} {ip-end-point}
Server
Desktop -> IP Configuration: Static
and assign all needed IPsservices -> DHCP
pool name:
{name}
default geteway:{target}
DNS server:{address}
start IP Address :ip_start_point
subnet mask:{subnet}maximum numbers of Users:{0 - 255}Save
run these commands in router for each dhcp (if exists)
interface {interface} {port}ip helper-address {dhcp_server_ip
-
Enable ipv6 routing (config)
ipv6 unicast-routing -
Set ipv6 address
ipv6 address {address} -
Set link-local to ipv6
ipv6 address {address} link-local
Configure port-security(config-if)
Give mac address to port
switchport port-security mac-address {address/sticky}
sticky assigns mac-addresses dynamicly
Restrict maximum amount of given mac addresses
switchport port-security maximum {0-15}
Add action on security violation
switchport port-security violation {shutdown/restrict/protect}
Show all VLANs (exec)
show vlan brief
Show all interfaces (exec)
show ip interface brief
Verify ip routes (exec)
show ip route
Verify ipv6 routes (exec)
show ipv6 route
Show running config (exec)
show running-config
Save running config to startup config (exec)
copy running-config startup-config
Destination filename [startup-config]? [Enter]
Erase startup config (exec)
erase startup-config
reload
Show flash memory
show flash
Delete file
delete {file}
Show mac address table (exec)
show mac address-table (dynamic/static/NONE)
Display system hardware and software status (exec)
show version
Display history of command entered (exec)
show history
Clear dynamic mac address table (exec)
clear mac address-table dynamic
Hostname (config)
hostname {name}
Enable secret (config)
enable secret {password}
Enable password (config)
enable password {password}
Enable Password-Encryption (config)
service password-encryption
Set password min-length (config)
security passwords min-length
Banner (config)
banner motd #
{message}#
Enter TEXT message. End with the character #.
Description (config-if)
description {text}
Restrict unwanted DNS lookup (config)
no ip domain-lookup
Block line logins after unsuccessful attempts (config)
login block-for {seconds} attempts {num_of_tries} within {second}
Set clock (config)
clock set 15:20:00 12 Nov 2020
Enable Duplex (config-if)
Full-duplex communication increases bandwidth efficiency by allowing both ends of a connection to transmit and receive data simultaneously
duplex full
speed {value}
val is usually - 100
Auto-MDIX (config-if)
With auto-MDIX enabled, either type of cable can be used to connect to other devices, and the interface automatically adjusts to communicate successfully
mdix auto
See mdix state
show controllers ethernet-controller {interface}{port} phy | include MDIX
Disconect after inactivity
exec-timeout {minutes} {seconds}
Enable Synchronous logging(con):
logging synchronous
| CIDR | SUBNET MASK | WILDCARD MASK | # OF IP ADDRESSES | # OF HOSTS |
|---|---|---|---|---|
| /32 | 255.255.255.255 | 0.0.0.0 | 1 | 1 |
| /31 | 255.255.255.254 | 0.0.0.1 | 2 | 2* |
| /30 | 255.255.255.252 | 0.0.0.3 | 4 | 2 |
| /29 | 255.255.255.248 | 0.0.0.7 | 8 | 6 |
| /28 | 255.255.255.240 | 0.0.0.15 | 16 | 14 |
| /27 | 255.255.255.224 | 0.0.0.31 | 32 | 30 |
| /26 | 255.255.255.192 | 0.0.0.63 | 64 | 62 |
| /25 | 255.255.255.128 | 0.0.0.127 | 128 | 126 |
| /24 | 255.255.255.0 | 0.0.0.255 | 256 | 254 |
| /23 | 255.255.254.0 | 0.0.1.255 | 512 | 510 |
| /22 | 255.255.252.0 | 0.0.3.255 | 1,024 | 1,022 |
| /21 | 255.255.248.0 | 0.0.7.255 | 2,048 | 2,046 |
| /20 | 255.255.240.0 | 0.0.15.255 | 4,096 | 4,094 |
| /19 | 255.255.224.0 | 0.0.31.255 | 8,192 | 8,190 |
| /18 | 255.255.192.0 | 0.0.63.255 | 16,384 | 16,382 |
| /17 | 255.255.128.0 | 0.0.127.255 | 32,768 | 32,766 |
| /16 | 255.255.0.0 | 0.0.255.255 | 65,536 | 65,534 |
| /15 | 255.254.0.0 | 0.1.255.255 | 131,072 | 131,070 |
| /14 | 255.252.0.0 | 0.3.255.255 | 262,144 | 262,142 |
| /13 | 255.248.0.0 | 0.7.255.255 | 524,288 | 524,286 |
| /12 | 255.240.0.0 | 0.15.255.255 | 1,048,576 | 1,048,574 |
| /11 | 255.224.0.0 | 0.31.255.255 | 2,097,152 | 2,097,150 |
| /10 | 255.192.0.0 | 0.63.255.255 | 4,194,304 | 4,194,302 |
| /9 | 255.128.0.0 | 0.127.255.255 | 8,388,608 | 8,388,606 |
| /8 | 255.0.0.0 | 0.255.255.255 | 16,777,216 | 16,777,214 |
| /7 | 254.0.0.0 | 1.255.255.255 | 33,554,432 | 33,554,430 |
| /6 | 252.0.0.0 | 3.255.255.255 | 67,108,864 | 67,108,862 |
| /5 | 248.0.0.0 | 7.255.255.255 | 134,217,728 | 134,217,726 |
| /4 | 240.0.0.0 | 15.255.255.255 | 268,435,456 | 268,435,454 |
| /3 | 224.0.0.0 | 31.255.255.255 | 536,870,912 | 536,870,910 |
| /2 | 192.0.0.0 | 63.255.255.255 | 1,073,741,824 | 1,073,741,822 |
| /1 | 128.0.0.0 | 127.255.255.255 | 2,147,483,648 | 2,147,483,646 |
| /0 | 0.0.0.0 | 255.255.255.255 | 4,294,967,296 | 4,294,967,294 |