Commands-MSN - Lecture notes 1-10 PDF

Preview

Summary

Cisco Configuration Commands from CCNA I, II, and III. These are examples to perform certain configurations on routers and switches.
Professors: Forrest Smith and Brenda Phillips

Note: These commands are only examples of how to perform certain tasks. These are NOT ANSWERS to any l...

Description

Michelle Sanchez Nava Professor Forrest Smith & Brenda Phillips CCNA 1, 2 & 3

CCNA COMMANDS To configure Hostname Router>enable Router#configure terminal Router(config)#hostname RTA To set up password for privileged EXEC mode RTA(config)#line console 0 RTA(config-line)#password cisco RTA(config-line)#login RTA(config-line)#exit To set up password Telnet session RTA(config)#line vty 0 4 RTA(config-line)#password cisco RTA(config-line)#login RTA(config-line)#exit RTA(config)#enable password cisco RTA(config)#enable secret class To encrypt password RTA(config)#service password-encryption To configure MOTD Banner RTA(config)#banner motd “Unauthorized access to this device is strictly prohibited!” To set up Gigabit Ethernet Connection RTA(config)#interface gigabitEthernet 0/0 RTA(config-if)#ip address 10.10.10.1 255.255.255.0 RTA(config-if)#no shutdown RTA(config-if)#exit RTA(config)#interface gigabitEthernet 0/1 RTA(config-if)#ip address 10.10.11.1 255.255.255.0 RTA(config-if)#no shutdown RTA(config-if)#exit 1

RTA(config)#exit To save configurations to NVRAM RTA#copy running-config startup-config Or copy run startup-config To erase configurations from NVRAM Router#erase startup-config To disable DNS lookup Router#no ip domain-lookup ASw-2#configure terminal ASw-2(config)#line console 0 ASw-2(config-line)#password cisco ASw-2(config-line)#login ASw-2(config-line)#exit ASw-2(config)#line vty 0 4 ASw-2(config-line)#password cisco ASw-2(config-line)#login ASw-2(config-line)#exit ASw-2(config)#enable password cisco ASw-2(config)#enable secret class ASw-2(config)#service password-encryption ASw-2(config)#banner motd “Unauthorized access to this device is strictly prohibited!” ASw-2(config)#interface vlan 1 ASw-2(config-if)#ip address 10.10.11.100 255.255.255.0 ASw-2(config-if)#no shutdown ASw-2(config-if)#description LAN connection to ASw-2 ASw-2(config-if)#exit ASw-2(config)#ip default-gateway 10.10.11.100 ASw-2(config)#exit ASw-2#copy running-config startup-config Remove ports from VLAN conf t int fastethernet [port no] no switchport mode access vlan [vlan number to remove] the default vlan is vlan 1 2

Basic Device Settings Configure IP settings on the router. R3(config)# interface s0/0/0 R3(config-if)# ip address 10.1.1.2 255.255.255.252 R3(config-if)# clock rate 128000 R3(config-if)# no shutdown

Static Route Configurations Configure a recursive static route. R1(config)# ip route 192.168.1.0 255.255.255.0 10.1.1.2

Configure a directly connected static route. R3(config)# ip route 192.168.0.0 255.255.255.0 s0/0/0 Remove static routes. R1(config)# no ip route 209.165.200.224 255.255.255.224 serial0/0/1 or R1(config)# no ip route 209.165.200.224 255.255.255.224 10.1.1.2 or R1(config)# no ip route 209.165.200.224 255.255.255.224

Default Route Configuration R3(config)# ip route 0.0.0.0 0.0.0.0 s0/0/0

Directly connected/ attached static route R2>en R2#conf t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#ipv6 route 2001:DB8:1:1::/64 s0/0/0 R2(config)#end Where 2001:DB8:1:1::/64 belongs to the LAN

3

IPv6 recursive static route to every network on R1 R1#conf t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#ipv6 route 2001:DB8:1:2::/64 2001:DB8:1:A001::2 R1(config)#ipv6 route 2001:DB8:1:A002::/64 2001:DB8:1:A001::2 R1(config)#ipv6 route 2001:DB8:1:3::/64 2001:DB8:1:A001::2 R1(config)#end  

Where 2001:DB8:1:A001::2 is the S0/0/0 interface available Where interfaces 2001:DB8:1:3::/64, 2001:DB8:1:A002::/64, and 2001:DB8:1:2::/64 represent the networks that are not directly connected.

Fully specific route R2#conf t Enter configuration commands, one per line.

End with CNTL/Z.

R2(config)#ipv6 route 2001:DB8:1:3::/64 S0/0/1 2001:DB8:1:A002::2

Recursive default route on R3 R3(config)#ipv6 route ::/0 2001:DB8:1:A002::1 R3(config)#end

Enable IPv6 routing R1(config)# ipv6 unicast-routing Assign IPv6 Link-local address R1(config-if)# ipv6 address fe80::1 link-local Configure IPv6 addresses R3(config)# interface gigabit 0/1 R3(config-if)# ipv6 address 2001:DB8:ACAD:B::/64 eui-64 R3(config-if)# no shutdown 4

R3(config-if)# interface serial 0/0/0 R3(config-if)# ipv6 address FC00::2/64 R3(config-if)# clock rate 128000 R3(config-if)# no shutdown R3(config-if)# exit 

Notice that IPv6 is enabled on each interface. The G0/1 interface has a globally routable unicast address and EUI-64 is used to create the interface identifier portion of the address. The S0/0/0 interface has a privately routable, unique-local address, which is recommended for point-topoint serial connections. The clock rate is set because it is the DCE end of the serial cable.

Configure default IPv6 static route R1(config)# no ipv6 route 2001:DB8:ACAD:B::/64 FC00::2 R1(config)# ipv6 route ::/0 serial 0/0/1 R1(config)# Configure IPv6 recursive static route Router(config)# ipv6 route



Delete the directly attached static route and add a recursive static route.

R1(config)# no ipv6 route 2001:DB8:ACAD:B::/64 serial 0/0/1 R1(config)# ipv6 route 2001:DB8:ACAD:B::/64 FC00::2 R1(config)# exit R3(config)# no ipv6 route 2001:DB8:ACAD:A::/64 serial 0/0/0 R3(config)# ipv6 route 2001:DB8:ACAD:A::/64 FC00::1 R3(config)# exit 

In a recursive IPv6 static route, the route entry has the next-hop router IPv6 address.

Configure a directly connected IPv6 static route

5

Router(config)# ipv6 route R1(config)# ipv6 route 2001:DB8:ACAD:B::/64 serial 0/0/1 R1(config)#

Command to verify the IPv6 configuration of a PC from Command Prompt 

Ipv6 config

Command to display the IPv6 addresses configured on a router’s interface 

Show ipv6 interface brief

Command to display the contents of the IPv6 routing table 

Show ipv6 route

Command that displays only directly connected networks 

Show ip route connected

Command that only displays the static routes listed in Routing Table 

Show ip route static

Command to verify that static routes are configured correctly 

Show ip route

Which commands display the status of the port? 

Show ip interface brief and show ip interface

Which command shows only the IP address (no subnet mask or prefix)? 

Show ip interface brief

Which command displays the description configured on the interface? 

Show interfaces

Which command displays the IP broadcast address? 

Show ip interface

Which command displays the MAC address of the interface? 

show interfaces 6

To view the subnet mask values for the interfaces  

show running-config

Hints - Command Summary Reference DOS Commands

ipconfig - The output of the default command contains the IP address, network mask and gateway for all physical and virtual network adapters.

ipconfig /all - This option displays the same IP addressing information for each adapter as the default option. Additionally, it displays DNS and WINS settings for each adapter.

Nslookup - Displays information that you can use to diagnose Domain Name System (DNS) infrastructure. Syntax: nslookup dns.name

Tracert - Determines the path taken to a destination by sending Internet Control Message Protocol (ICMP) Echo Request messages to the destination with incrementally increasing Time to Live (TTL) field values. The path displayed is the list of near-side router interfaces of the routers in the path between a source host and a destination. The near-side interface is the interface of the router that is closest to the sending host in the path. Used without parameters, tracert displays help. Syntax: tracert [TargetName/IP Address]

IOS Commands

show ip interface – Displays the IP interface status and configuration show ip interface brief – Displays a brief summary of IP status and configuration show ip route – Displays the full IP routing table

7

show ip route connected – Displays a list of active directly connected networks show running-config – Displays the current operating configuration traceroute – Trace route to destination

Entering Routing Configuration Mode R1# conf t Enter configuration commands, one per line. End with CNTL/Z. R1(config)# router rip 

 

To enable RIP routing for a network, use the network network-address router configuration mode command. Enter the classful network address for each directly connected network. This command: Enables RIP on all interfaces that belong to a specific network. Associated interfaces now both send and receive RIP updates. Advertises the specified network in RIP routing updates sent to other routers every 30 seconds.

To disable and eliminate RIP Use no router ip global configuration command

To advertise the R1 Networks R1(config)# router rip R1(config-router# network 192.168.1.0 R1(config-router# network 192.168.2.0  

Where network 192.168.1.0 is the lowest interface, a switch Where 192.168.2.0 is the next interface, R1.

8

RIP commands that can be configured

Verify RIP Routing R2# show ip protocols 1. RIP routing is configured and running on router R1.

2. The values of various timers; for example, the next routing update, is sent by R1 in 16 seconds.

3. The version of RIP configured is currently RIPv1.

4. R1 is currently summarizing at the classful network boundary.

5. The classful networks are advertised by R1. These are the networks that R1 includes in its RIP updates.

6. The RIP neighbors are listed, including their next-hop IP address, the associated AD that R2 uses for updates sent by this

9

neighbor, and when the last update was received from this neighbor.

Display routing table R2# show ip route

Enable and verify RIPv2 on R1 R1(config)# router rip R1(config-router)# version 2 R1(config-router)#end R1# 

 

Configuring version 1 enables RIPv1 only, while configuring no version returns the router to the default setting of sending version 1 updates but listening for version 1 and version 2 updates. By default, when a RIP process is configured on a Cisco router, it is running RIPv1. Use the version 2 router configuration mode command to enable RIPv2.

 To revert to version 1 10

R1(config)# router rip R1(config-router)# no version R1(config-router)#end R1#

Disable Auto Summarization R1(config)# router rip R1(config-router)# no auto-summary R1(config-router)# end   

This command has no effect when using RIPv1. When automatic summarization has been disabled, RIPv2 no longer summarizes networks to their classful address at boundary routers. The show ip protocols now states that “automatic network summarization is not in effect”. RIPv2 must be enabled before automatic summarization is disabled.

Configure Passive interfaces R1(config)# router rip R1(config-router)# passive-interface g0/0 R1(config-router)# end To be in default setting use passive-interface default To remove a passive interface setting from S0/0/1 use no passiveinterface S0/0/1 

 

Use the passive-interface router configuration command to prevent the transmission of routing updates through a router interface, but still allow that network to be advertised to other routers. The show ip protocols command is then used to verify that the Gigabit Ethernet interface was passive. Interfaces that should not be passive can be re-enabled using the no passive-interface command.

Propagate a Default Route

11

To propagate a default route in RIP, the edge router must be configured with:  

A default static route using the ip route 0.0.0.0 0.0.0.0 command. The default-information originate router configuration command. This instructs R1 to originate default information, by propagating the static default route in RIP updates.

The example in Figure 2 configures a fully-specified default static route to the service provider and then the route is propagated by RIP. Notice that R1 now has a Gateway of Last Resort and default route installed in its routing table.

R1#conf t Enter configuration commands, one per line.

End with CNTL/Z.

R1(config)#ip route 0.0.0.0 0.0.0.0 s0/0/1 R1(config)#router rip R1(config-router)#default-information originate R1(config-router)#^Z

Configure the interface that contains no routers so that it does not send out routing information. R2(config)#router rip R2(config-router)#no auto-summary 12

R2(config-router)#end

To Examine the startup configuration file in NVRAM Switch# show startup-config startup-config To Examine the characteristics of the SVI for VLAN 1 Switch# show interface vlan1

Assign all user ports to VLAN 99. S1(config)# interface range f0/1 – 24,g0/1 - 2 S1(config-if-range)# switchport access vlan 99 S1(config-if-range)# exit S1(config)# %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan99, changed state to up

To verify that all ports are in VLAN 99. S1# show brief

To prevent console messages from interrupting commands, use the logging synchronous option. S1(config)# line con 0 S1(config-line)# password cisco S1(config-line)# login S1(config-line)# logging synchronous S1(config-line)# exit S1(config)#

To Create VLAN 99 on the switch and name it Management. 13

S1(config)# vlan 99 S1(config-vlan)# name Management S1(config-vlan)# exit S1(config)#

To Assign ports F0/5 and F0/6 to VLAN 99 on the switch. S1# config t S1(config)# interface f0/5 S1(config-if)# switchport mode access S1(config-if)# switchport access vlan 99 S1(config-if)# interface f0/6 S1(config-if)# switchport mode access S1(config-if)# switchport access vlan 99 S1(config-if)# end

To Configure the transport input for the vty lines to allow SSH connections only, and use the local database for authentication. S1(config)# line vty 0 15 S1(config-line)# transport input ssh S1(config-line)# login local S1(config-line)# exit

SSH Authentication Limit ip ssh authentication-retries 3 login block-for 300 attempts 5 within 50 ip ssh {[timeout seconds]} | [authentication-retries integer]} no ip ssh {[timeout seconds]} | [authentication-retries integer]}

Configuring SSH

14

To Generate an RSA crypto key using a modulus of 1024 bits. S1(config)# crypto key generate rsa modulus 1024 The name for the keys will be: S1.CCNA-Lab.com % The key modulus size is 1024 bits % Generating 1024 bit RSA keys, keys will be non-exportable... [OK] (elapsed time was 3 seconds) S1(config)# S1(config)# end

To Verify the SSH configuration. S1# show ip ssh

To shut down all unused ports on the switch. Use the interface range command. S1(config)# interface range f0/1 – 4 S1(config-if-range)# shutdown S1(config-if-range)# interface range f0/7 – 24 S1(config-if-range)# shutdown S1(config-if-range)# interface range g0/1 – 2 S1(config-if-range)# shutdown S1(config-if-range)# end 15

S1#

To know which ports are being used or not used S2#sh int | i (FastEthernet|0 packets input)

Not being used S2#sh int | i is down Configuring IEEE 802.1Q Trunk Links

Resetting the Trunk to Default State

16

Verifying Trunk Configuration

Assigning Ports to VLANs

17

18

Changing VLAN Port Membership

Deleting VLANs

19

To disable the HTTP service running on the switch S1(config)# no ip http server

To verify port security on certain port S1# show port-security interface f0/5

To verify interfaces connected S1# sh ip int bri | include up

To configure default-gateway ASw-2(config)#ip default-gateway 10.10.11.100

20

Basic configuration for Switch no ip domain-lookup service password-encryption enable secret class banner motd # Unauthorized access is strictly prohibited. # line con 0 password cisco login logging synchronous line vty 0 15 password cisco login exit

Basic configuration for Router no ip domain-lookup hostname R1 service password-encryption enable secret class banner motd # Unauthorized access is strictly prohibited. # Line con 0 password cisco login logging synchronous line vty 0 4 password cisco login

Appendix A – Configuration Commands Switch S1 21

S1(config)# vlan 10 S1(config-vlan)# name Students S1(config-vlan)# vlan 20 S1(config-vlan)# name Faculty S1(config-vlan)# exit S1(config)# interface f0/1 S1(config-if)# switchport mode trunk S1(config-if)# interface f0/5 S1(config-if)# switchport mode trunk S1(config-if)# interface f0/6 S1(config-if)# switchport mode access S1(config-if)# switchport access vlan 10

Switch S2 S2(config)# vlan 10 S2(config-vlan)# name Students S2(config-vlan)# vlan 20 S2(config-vlan)# name Faculty S2(config)# interface f0/1 S2(config-if)# switchport mode trunk S2(config-if)# interface f0/18 S2(config-if)# switchport mode access S2(config-if)# switchport access vlan 20

Router R1 Subinterface to:

  

G0/1 for VLAN 1 Operate on VLAN 1 Conf with the ip address from address table

R1(config)# interface g0/1.1 R1(config-subif)# encapsulation dot1Q 1 22

R1(config-subif)# ip address 192.168.1.1 255.255.255.0 R1(config-subif)# interface g0/1.10 R1(config-subif)# encapsulation dot1Q 10 R1(config-subif)# ip address 192.168.10.1 255.255.255.0 R1(config-subif)# interface g0/1.20 R1(config-subif)# encapsulation dot1Q 20 R1(config-subif)# ip address 192.168.20.1 255.255.255.0 R1(config-subif)# exit R1(config)# interface g0/1 R1(config-if)# no shutdown

To set the native vlan on trunks int range g0/1 – 2 switchport trunk native vlan 56 23

Configure the following named ACL on R1. R1(config)# ip access-list standard File_Server_Restrictions R1(config-std-nacl)# permit host 192.168.20.4 R1(config-std-nacl)# deny any

Apply the named ACL. Apply the ACL outbound on the interface Fast Ethernet 0/1. R1(config)#int f0/1 R1(config-if)# ip access-group File_Server_Restrictions out

Command to verify the ACL configuration Show access-lists Use the show run or show ip interface fastethernet 0/1 command to verify that the ACL is applied correctly to the interface

Configure and apply a numbered standard ACL on R2. Create an ACL using the number 1 on R2 with a statement that denies access to the 192.168.20.0/24 network from the 192.168.11.0/24 network. R2(config)# access-list 1 deny 192.168.11.0 0.0.0.255 By default, an access list denies all traffic that does not match any rules. To permit all other traffic, configure the following statement: R2(config)# access-list 1 permit any For the ACL to actually filter traffic, it must be applied to some router operation. Apply the ACL by placing it for outbound traffic on the Gigabit Ethernet 0/0 interface. R2(config)# interface GigabitEthernet0/0 R2(config-if)# ip access-group 1 out

Configure and apply a numbered standard ACL on R3.

24

Create an ACL using the number 1 on R3 with a statement that denies access to the 192.168.30.0/24 network from the PC1 (192.168.10.0/24) network. R3(config)# access-list 1 deny 192.168.10.0 0.0.0.255 By default, an ACL denies all traffic that does not match any rules. To permit all other traffic, create a second rule for ACL 1. R3(config)# access-list 1 ...