Title | Commands-MSN - Lecture notes 1-10 |
---|---|
Author | Michelle Sanchez Nava |
Course | Cisco ccna 1 |
Institution | Southwest Tennessee Community College |
Pages | 173 |
File Size | 12.9 MB |
File Type | |
Total Downloads | 65 |
Total Views | 117 |
Cisco Configuration Commands from CCNA I, II, and III. These are examples to perform certain configurations on routers and switches.
Professors: Forrest Smith and Brenda Phillips
Note: These commands are only examples of how to perform certain tasks. These are NOT ANSWERS to any l...
Michelle Sanchez Nava Professor Forrest Smith & Brenda Phillips CCNA 1, 2 & 3
CCNA COMMANDS To configure Hostname Router>enable Router#configure terminal Router(config)#hostname RTA To set up password for privileged EXEC mode RTA(config)#line console 0 RTA(config-line)#password cisco RTA(config-line)#login RTA(config-line)#exit To set up password Telnet session RTA(config)#line vty 0 4 RTA(config-line)#password cisco RTA(config-line)#login RTA(config-line)#exit RTA(config)#enable password cisco RTA(config)#enable secret class To encrypt password RTA(config)#service password-encryption To configure MOTD Banner RTA(config)#banner motd “Unauthorized access to this device is strictly prohibited!” To set up Gigabit Ethernet Connection RTA(config)#interface gigabitEthernet 0/0 RTA(config-if)#ip address 10.10.10.1 255.255.255.0 RTA(config-if)#no shutdown RTA(config-if)#exit RTA(config)#interface gigabitEthernet 0/1 RTA(config-if)#ip address 10.10.11.1 255.255.255.0 RTA(config-if)#no shutdown RTA(config-if)#exit 1
RTA(config)#exit To save configurations to NVRAM RTA#copy running-config startup-config Or copy run startup-config To erase configurations from NVRAM Router#erase startup-config To disable DNS lookup Router#no ip domain-lookup ASw-2#configure terminal ASw-2(config)#line console 0 ASw-2(config-line)#password cisco ASw-2(config-line)#login ASw-2(config-line)#exit ASw-2(config)#line vty 0 4 ASw-2(config-line)#password cisco ASw-2(config-line)#login ASw-2(config-line)#exit ASw-2(config)#enable password cisco ASw-2(config)#enable secret class ASw-2(config)#service password-encryption ASw-2(config)#banner motd “Unauthorized access to this device is strictly prohibited!” ASw-2(config)#interface vlan 1 ASw-2(config-if)#ip address 10.10.11.100 255.255.255.0 ASw-2(config-if)#no shutdown ASw-2(config-if)#description LAN connection to ASw-2 ASw-2(config-if)#exit ASw-2(config)#ip default-gateway 10.10.11.100 ASw-2(config)#exit ASw-2#copy running-config startup-config Remove ports from VLAN conf t int fastethernet [port no] no switchport mode access vlan [vlan number to remove] the default vlan is vlan 1 2
Basic Device Settings Configure IP settings on the router. R3(config)# interface s0/0/0 R3(config-if)# ip address 10.1.1.2 255.255.255.252 R3(config-if)# clock rate 128000 R3(config-if)# no shutdown
Static Route Configurations Configure a recursive static route. R1(config)# ip route 192.168.1.0 255.255.255.0 10.1.1.2
Configure a directly connected static route. R3(config)# ip route 192.168.0.0 255.255.255.0 s0/0/0 Remove static routes. R1(config)# no ip route 209.165.200.224 255.255.255.224 serial0/0/1 or R1(config)# no ip route 209.165.200.224 255.255.255.224 10.1.1.2 or R1(config)# no ip route 209.165.200.224 255.255.255.224
Default Route Configuration R3(config)# ip route 0.0.0.0 0.0.0.0 s0/0/0
Directly connected/ attached static route R2>en R2#conf t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#ipv6 route 2001:DB8:1:1::/64 s0/0/0 R2(config)#end Where 2001:DB8:1:1::/64 belongs to the LAN
3
IPv6 recursive static route to every network on R1 R1#conf t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#ipv6 route 2001:DB8:1:2::/64 2001:DB8:1:A001::2 R1(config)#ipv6 route 2001:DB8:1:A002::/64 2001:DB8:1:A001::2 R1(config)#ipv6 route 2001:DB8:1:3::/64 2001:DB8:1:A001::2 R1(config)#end
Where 2001:DB8:1:A001::2 is the S0/0/0 interface available Where interfaces 2001:DB8:1:3::/64, 2001:DB8:1:A002::/64, and 2001:DB8:1:2::/64 represent the networks that are not directly connected.
Fully specific route R2#conf t Enter configuration commands, one per line.
End with CNTL/Z.
R2(config)#ipv6 route 2001:DB8:1:3::/64 S0/0/1 2001:DB8:1:A002::2
Recursive default route on R3 R3(config)#ipv6 route ::/0 2001:DB8:1:A002::1 R3(config)#end
Enable IPv6 routing R1(config)# ipv6 unicast-routing Assign IPv6 Link-local address R1(config-if)# ipv6 address fe80::1 link-local Configure IPv6 addresses R3(config)# interface gigabit 0/1 R3(config-if)# ipv6 address 2001:DB8:ACAD:B::/64 eui-64 R3(config-if)# no shutdown 4
R3(config-if)# interface serial 0/0/0 R3(config-if)# ipv6 address FC00::2/64 R3(config-if)# clock rate 128000 R3(config-if)# no shutdown R3(config-if)# exit
Notice that IPv6 is enabled on each interface. The G0/1 interface has a globally routable unicast address and EUI-64 is used to create the interface identifier portion of the address. The S0/0/0 interface has a privately routable, unique-local address, which is recommended for point-topoint serial connections. The clock rate is set because it is the DCE end of the serial cable.
Configure default IPv6 static route R1(config)# no ipv6 route 2001:DB8:ACAD:B::/64 FC00::2 R1(config)# ipv6 route ::/0 serial 0/0/1 R1(config)# Configure IPv6 recursive static route Router(config)# ipv6 route
Delete the directly attached static route and add a recursive static route.
R1(config)# no ipv6 route 2001:DB8:ACAD:B::/64 serial 0/0/1 R1(config)# ipv6 route 2001:DB8:ACAD:B::/64 FC00::2 R1(config)# exit R3(config)# no ipv6 route 2001:DB8:ACAD:A::/64 serial 0/0/0 R3(config)# ipv6 route 2001:DB8:ACAD:A::/64 FC00::1 R3(config)# exit
In a recursive IPv6 static route, the route entry has the next-hop router IPv6 address.
Configure a directly connected IPv6 static route
5
Router(config)# ipv6 route R1(config)# ipv6 route 2001:DB8:ACAD:B::/64 serial 0/0/1 R1(config)#
Command to verify the IPv6 configuration of a PC from Command Prompt
Ipv6 config
Command to display the IPv6 addresses configured on a router’s interface
Show ipv6 interface brief
Command to display the contents of the IPv6 routing table
Show ipv6 route
Command that displays only directly connected networks
Show ip route connected
Command that only displays the static routes listed in Routing Table
Show ip route static
Command to verify that static routes are configured correctly
Show ip route
Which commands display the status of the port?
Show ip interface brief and show ip interface
Which command shows only the IP address (no subnet mask or prefix)?
Show ip interface brief
Which command displays the description configured on the interface?
Show interfaces
Which command displays the IP broadcast address?
Show ip interface
Which command displays the MAC address of the interface?
show interfaces 6
To view the subnet mask values for the interfaces
show running-config
Hints - Command Summary Reference DOS Commands
ipconfig - The output of the default command contains the IP address, network mask and gateway for all physical and virtual network adapters.
ipconfig /all - This option displays the same IP addressing information for each adapter as the default option. Additionally, it displays DNS and WINS settings for each adapter.
Nslookup - Displays information that you can use to diagnose Domain Name System (DNS) infrastructure. Syntax: nslookup dns.name
Tracert - Determines the path taken to a destination by sending Internet Control Message Protocol (ICMP) Echo Request messages to the destination with incrementally increasing Time to Live (TTL) field values. The path displayed is the list of near-side router interfaces of the routers in the path between a source host and a destination. The near-side interface is the interface of the router that is closest to the sending host in the path. Used without parameters, tracert displays help. Syntax: tracert [TargetName/IP Address]
IOS Commands
show ip interface – Displays the IP interface status and configuration show ip interface brief – Displays a brief summary of IP status and configuration show ip route – Displays the full IP routing table
7
show ip route connected – Displays a list of active directly connected networks show running-config – Displays the current operating configuration traceroute – Trace route to destination
Entering Routing Configuration Mode R1# conf t Enter configuration commands, one per line. End with CNTL/Z. R1(config)# router rip
To enable RIP routing for a network, use the network network-address router configuration mode command. Enter the classful network address for each directly connected network. This command: Enables RIP on all interfaces that belong to a specific network. Associated interfaces now both send and receive RIP updates. Advertises the specified network in RIP routing updates sent to other routers every 30 seconds.
To disable and eliminate RIP Use no router ip global configuration command
To advertise the R1 Networks R1(config)# router rip R1(config-router# network 192.168.1.0 R1(config-router# network 192.168.2.0
Where network 192.168.1.0 is the lowest interface, a switch Where 192.168.2.0 is the next interface, R1.
8
RIP commands that can be configured
Verify RIP Routing R2# show ip protocols 1. RIP routing is configured and running on router R1.
2. The values of various timers; for example, the next routing update, is sent by R1 in 16 seconds.
3. The version of RIP configured is currently RIPv1.
4. R1 is currently summarizing at the classful network boundary.
5. The classful networks are advertised by R1. These are the networks that R1 includes in its RIP updates.
6. The RIP neighbors are listed, including their next-hop IP address, the associated AD that R2 uses for updates sent by this
9
neighbor, and when the last update was received from this neighbor.
Display routing table R2# show ip route
Enable and verify RIPv2 on R1 R1(config)# router rip R1(config-router)# version 2 R1(config-router)#end R1#
Configuring version 1 enables RIPv1 only, while configuring no version returns the router to the default setting of sending version 1 updates but listening for version 1 and version 2 updates. By default, when a RIP process is configured on a Cisco router, it is running RIPv1. Use the version 2 router configuration mode command to enable RIPv2.
To revert to version 1 10
R1(config)# router rip R1(config-router)# no version R1(config-router)#end R1#
Disable Auto Summarization R1(config)# router rip R1(config-router)# no auto-summary R1(config-router)# end
This command has no effect when using RIPv1. When automatic summarization has been disabled, RIPv2 no longer summarizes networks to their classful address at boundary routers. The show ip protocols now states that “automatic network summarization is not in effect”. RIPv2 must be enabled before automatic summarization is disabled.
Configure Passive interfaces R1(config)# router rip R1(config-router)# passive-interface g0/0 R1(config-router)# end To be in default setting use passive-interface default To remove a passive interface setting from S0/0/1 use no passiveinterface S0/0/1
Use the passive-interface router configuration command to prevent the transmission of routing updates through a router interface, but still allow that network to be advertised to other routers. The show ip protocols command is then used to verify that the Gigabit Ethernet interface was passive. Interfaces that should not be passive can be re-enabled using the no passive-interface command.
Propagate a Default Route
11
To propagate a default route in RIP, the edge router must be configured with:
A default static route using the ip route 0.0.0.0 0.0.0.0 command. The default-information originate router configuration command. This instructs R1 to originate default information, by propagating the static default route in RIP updates.
The example in Figure 2 configures a fully-specified default static route to the service provider and then the route is propagated by RIP. Notice that R1 now has a Gateway of Last Resort and default route installed in its routing table.
R1#conf t Enter configuration commands, one per line.
End with CNTL/Z.
R1(config)#ip route 0.0.0.0 0.0.0.0 s0/0/1 R1(config)#router rip R1(config-router)#default-information originate R1(config-router)#^Z
Configure the interface that contains no routers so that it does not send out routing information. R2(config)#router rip R2(config-router)#no auto-summary 12
R2(config-router)#end
To Examine the startup configuration file in NVRAM Switch# show startup-config startup-config To Examine the characteristics of the SVI for VLAN 1 Switch# show interface vlan1
Assign all user ports to VLAN 99. S1(config)# interface range f0/1 – 24,g0/1 - 2 S1(config-if-range)# switchport access vlan 99 S1(config-if-range)# exit S1(config)# %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan99, changed state to up
To verify that all ports are in VLAN 99. S1# show brief
To prevent console messages from interrupting commands, use the logging synchronous option. S1(config)# line con 0 S1(config-line)# password cisco S1(config-line)# login S1(config-line)# logging synchronous S1(config-line)# exit S1(config)#
To Create VLAN 99 on the switch and name it Management. 13
S1(config)# vlan 99 S1(config-vlan)# name Management S1(config-vlan)# exit S1(config)#
To Assign ports F0/5 and F0/6 to VLAN 99 on the switch. S1# config t S1(config)# interface f0/5 S1(config-if)# switchport mode access S1(config-if)# switchport access vlan 99 S1(config-if)# interface f0/6 S1(config-if)# switchport mode access S1(config-if)# switchport access vlan 99 S1(config-if)# end
To Configure the transport input for the vty lines to allow SSH connections only, and use the local database for authentication. S1(config)# line vty 0 15 S1(config-line)# transport input ssh S1(config-line)# login local S1(config-line)# exit
SSH Authentication Limit ip ssh authentication-retries 3 login block-for 300 attempts 5 within 50 ip ssh {[timeout seconds]} | [authentication-retries integer]} no ip ssh {[timeout seconds]} | [authentication-retries integer]}
Configuring SSH
14
To Generate an RSA crypto key using a modulus of 1024 bits. S1(config)# crypto key generate rsa modulus 1024 The name for the keys will be: S1.CCNA-Lab.com % The key modulus size is 1024 bits % Generating 1024 bit RSA keys, keys will be non-exportable... [OK] (elapsed time was 3 seconds) S1(config)# S1(config)# end
To Verify the SSH configuration. S1# show ip ssh
To shut down all unused ports on the switch. Use the interface range command. S1(config)# interface range f0/1 – 4 S1(config-if-range)# shutdown S1(config-if-range)# interface range f0/7 – 24 S1(config-if-range)# shutdown S1(config-if-range)# interface range g0/1 – 2 S1(config-if-range)# shutdown S1(config-if-range)# end 15
S1#
To know which ports are being used or not used S2#sh int | i (FastEthernet|0 packets input)
Not being used S2#sh int | i is down Configuring IEEE 802.1Q Trunk Links
Resetting the Trunk to Default State
16
Verifying Trunk Configuration
Assigning Ports to VLANs
17
18
Changing VLAN Port Membership
Deleting VLANs
19
To disable the HTTP service running on the switch S1(config)# no ip http server
To verify port security on certain port S1# show port-security interface f0/5
To verify interfaces connected S1# sh ip int bri | include up
To configure default-gateway ASw-2(config)#ip default-gateway 10.10.11.100
20
Basic configuration for Switch no ip domain-lookup service password-encryption enable secret class banner motd # Unauthorized access is strictly prohibited. # line con 0 password cisco login logging synchronous line vty 0 15 password cisco login exit
Basic configuration for Router no ip domain-lookup hostname R1 service password-encryption enable secret class banner motd # Unauthorized access is strictly prohibited. # Line con 0 password cisco login logging synchronous line vty 0 4 password cisco login
Appendix A – Configuration Commands Switch S1 21
S1(config)# vlan 10 S1(config-vlan)# name Students S1(config-vlan)# vlan 20 S1(config-vlan)# name Faculty S1(config-vlan)# exit S1(config)# interface f0/1 S1(config-if)# switchport mode trunk S1(config-if)# interface f0/5 S1(config-if)# switchport mode trunk S1(config-if)# interface f0/6 S1(config-if)# switchport mode access S1(config-if)# switchport access vlan 10
Switch S2 S2(config)# vlan 10 S2(config-vlan)# name Students S2(config-vlan)# vlan 20 S2(config-vlan)# name Faculty S2(config)# interface f0/1 S2(config-if)# switchport mode trunk S2(config-if)# interface f0/18 S2(config-if)# switchport mode access S2(config-if)# switchport access vlan 20
Router R1 Subinterface to:
G0/1 for VLAN 1 Operate on VLAN 1 Conf with the ip address from address table
R1(config)# interface g0/1.1 R1(config-subif)# encapsulation dot1Q 1 22
R1(config-subif)# ip address 192.168.1.1 255.255.255.0 R1(config-subif)# interface g0/1.10 R1(config-subif)# encapsulation dot1Q 10 R1(config-subif)# ip address 192.168.10.1 255.255.255.0 R1(config-subif)# interface g0/1.20 R1(config-subif)# encapsulation dot1Q 20 R1(config-subif)# ip address 192.168.20.1 255.255.255.0 R1(config-subif)# exit R1(config)# interface g0/1 R1(config-if)# no shutdown
To set the native vlan on trunks int range g0/1 – 2 switchport trunk native vlan 56 23
Configure the following named ACL on R1. R1(config)# ip access-list standard File_Server_Restrictions R1(config-std-nacl)# permit host 192.168.20.4 R1(config-std-nacl)# deny any
Apply the named ACL. Apply the ACL outbound on the interface Fast Ethernet 0/1. R1(config)#int f0/1 R1(config-if)# ip access-group File_Server_Restrictions out
Command to verify the ACL configuration Show access-lists Use the show run or show ip interface fastethernet 0/1 command to verify that the ACL is applied correctly to the interface
Configure and apply a numbered standard ACL on R2. Create an ACL using the number 1 on R2 with a statement that denies access to the 192.168.20.0/24 network from the 192.168.11.0/24 network. R2(config)# access-list 1 deny 192.168.11.0 0.0.0.255 By default, an access list denies all traffic that does not match any rules. To permit all other traffic, configure the following statement: R2(config)# access-list 1 permit any For the ACL to actually filter traffic, it must be applied to some router operation. Apply the ACL by placing it for outbound traffic on the Gigabit Ethernet 0/0 interface. R2(config)# interface GigabitEthernet0/0 R2(config-if)# ip access-group 1 out
Configure and apply a numbered standard ACL on R3.
24
Create an ACL using the number 1 on R3 with a statement that denies access to the 192.168.30.0/24 network from the PC1 (192.168.10.0/24) network. R3(config)# access-list 1 deny 192.168.10.0 0.0.0.255 By default, an ACL denies all traffic that does not match any rules. To permit all other traffic, create a second rule for ACL 1. R3(config)# access-list 1 ...