Change Device Name :
Hostname
For Example : (config)# hostname sw1
Hostname
For Example : (config)# hostname sw1
Set Password on Device :
Line con 0
For example : (config)# line con 0
(Config-line)# login local
(Config-line)# username admin password 123
(Config-line)# exit
Set password enable mode :
(config)# enable secret 123
Secret —-> md5 —->encryped
Password —> cleartext
Line con 0
For example : (config)# line con 0
(Config-line)# login local
(Config-line)# username admin password 123
(Config-line)# exit
Set password enable mode :
(config)# enable secret 123
Secret —-> md5 —->encryped
Password —> cleartext
Change Device Time :
Clock time zone <name> <hours> <minutes>
For example : (config)# clock time zone cisco 11 30
Clock time zone <name> <hours> <minutes>
For example : (config)# clock time zone cisco 11 30
Create vlan :
Vlan <number>
Vlan <name>
For example : (config)# vlan 10
(Config-vlan)# name srv
show created vlan :
(Config)# do show vlan brief
Vlan <number>
Vlan <name>
For example : (config)# vlan 10
(Config-vlan)# name srv
show created vlan :
(Config)# do show vlan brief
select one or multiple interfaces and set vlan :
(config)# interface fastEthernet <num>
(config)# interface range fa <num>
(config-if)# switchport mode access
(config-if)# switchport access vlan <num>
(config)# interface fastEthernet <num>
(config)# interface range fa <num>
(config-if)# switchport mode access
(config-if)# switchport access vlan <num>
trunk config :
L2 Switches:
(config)# int fa <num>
(config-if)# switchport mode trunk
MLS Switches:
(config)# int fa <num>
(config-if)# switchport trunk encapsulation dot1q
(config-if)# switchport mode trunk
L2 Switches:
(config)# int fa <num>
(config-if)# switchport mode trunk
MLS Switches:
(config)# int fa <num>
(config-if)# switchport trunk encapsulation dot1q
(config-if)# switchport mode trunk
vtp config :
(config)# vtp domain <name>
(config)# vtp password <num>
(config)# vtp version <num>
(config)# vtp mode <client|server|transparent>
show vtp ?
counters VTP statistics
password VTP password
status VTP domain status
(config)# vtp domain <name>
(config)# vtp password <num>
(config)# vtp version <num>
(config)# vtp mode <client|server|transparent>
show vtp ?
counters VTP statistics
password VTP password
status VTP domain status
Vlan Filtering :
Manual config :
(config)# int fa <num>
(config-if)# switchport trunk allowed vlan <num>
Help:
add add VLANs to the current list
all all VLANs
except all VLANs except the following
none no VLANs
remove remove VLANs from the current list
Automatic config :
(config)# vtp pruning
Manual config :
(config)# int fa <num>
(config-if)# switchport trunk allowed vlan <num>
Help:
add add VLANs to the current list
all all VLANs
except all VLANs except the following
none no VLANs
remove remove VLANs from the current list
Automatic config :
(config)# vtp pruning
Port Security Config :
Enable feature :
(config)# int fa <num>
(config-if)# switchport port-security
Select manually :
(config-if)# switchport port-security mac-address <H.H.H>
Select Automatically :
(config-if)# switchport port-security mac-address sticky
Accept one or more mac Address per interface :
(config-if)# switchport port-security maximum <num>
By Default : one mac address
Select Port security Mode :
(config-if)# switchport port-security violation <protect|restrict|shutdown>
By Default Mode : Shutdown
Enable feature :
(config)# int fa <num>
(config-if)# switchport port-security
Select manually :
(config-if)# switchport port-security mac-address <H.H.H>
Select Automatically :
(config-if)# switchport port-security mac-address sticky
Accept one or more mac Address per interface :
(config-if)# switchport port-security maximum <num>
By Default : one mac address
Select Port security Mode :
(config-if)# switchport port-security violation <protect|restrict|shutdown>
By Default Mode : Shutdown
Spanning Tree Protocol Config(STP) :
By Default is Running
STP Protocols = No loop
STP Mode :
(config)# spanning-tree mode <>
PVST ----> By Default
Rapide pvst
Multiple stp (MSTP)
PVST and Rapide = per vlan
MSTP = no per vlan
Spanning tree Priority per vlans cmd :
(config)# spanning-tree vlan <num> priority <num>
<0-61440> bridge priority in increments of 4096
Allowed values are:
0 4096 8192 12288 16384 20480 24576 28672
32768 36864 40960 45056 49152 53248 57344 61440
By Default = 32768
STP Timers :
By Default = about 50 Second
For Decreased Timer = Use Portfast
Portfast config :
(config)# int fa <num>
(config-if)# spanning-tree portfast
Dont accept port as root :
(config-if)# spanning-tree guard root
Change port Priority :
(config)# int fa <num>
(config-if)# spanning-tree vlan <num> port-priority <num>
By Default is Running
STP Protocols = No loop
STP Mode :
(config)# spanning-tree mode <>
PVST ----> By Default
Rapide pvst
Multiple stp (MSTP)
PVST and Rapide = per vlan
MSTP = no per vlan
Spanning tree Priority per vlans cmd :
(config)# spanning-tree vlan <num> priority <num>
<0-61440> bridge priority in increments of 4096
Allowed values are:
0 4096 8192 12288 16384 20480 24576 28672
32768 36864 40960 45056 49152 53248 57344 61440
By Default = 32768
STP Timers :
By Default = about 50 Second
For Decreased Timer = Use Portfast
Portfast config :
(config)# int fa <num>
(config-if)# spanning-tree portfast
Dont accept port as root :
(config-if)# spanning-tree guard root
Change port Priority :
(config)# int fa <num>
(config-if)# spanning-tree vlan <num> port-priority <num>
ACL Types :
Extended Access List -------> <100-199> Extended IP access-list number
Standard Access List ------->
<1-99> Standard IP access-list number
IP access-list number
Create Standard accesslist :
(config)# ip access-list standard <name or num>
(config-std-nacl)# ?
<1-2147483647> Sequence Number
default Set a command to its defaults
deny Specify packets to reject
exit Exit from access-list configuration mode
no Negate a command or set its defaults
permit Specify packets to forward
remark Access list entry comment
For Example : (config-std-nacl)# <seq num> permit <IP> <wildcard or subnet mask>
Create Extended accesslist :
(config)# ip access-list extended <name or num>
For Example : (config-ext-nacl)# <seq num> deny <protocol> <IP> <wildcard or subnet mask> eq <port num> <IP> <wildcard or subnet mask> eq <port num>
Using ACL in Interface :
(config)# int fa <num>
(config-if)# ip access-group <name or num> input|output
Extended Access List -------> <100-199> Extended IP access-list number
Standard Access List ------->
<1-99> Standard IP access-list number
IP access-list number
Create Standard accesslist :
(config)# ip access-list standard <name or num>
(config-std-nacl)# ?
<1-2147483647> Sequence Number
default Set a command to its defaults
deny Specify packets to reject
exit Exit from access-list configuration mode
no Negate a command or set its defaults
permit Specify packets to forward
remark Access list entry comment
For Example : (config-std-nacl)# <seq num> permit <IP> <wildcard or subnet mask>
Create Extended accesslist :
(config)# ip access-list extended <name or num>
For Example : (config-ext-nacl)# <seq num> deny <protocol> <IP> <wildcard or subnet mask> eq <port num> <IP> <wildcard or subnet mask> eq <port num>
Using ACL in Interface :
(config)# int fa <num>
(config-if)# ip access-group <name or num> input|output
Telnet Configuration :
Create vlan :
(config)# vlan <num>
Create Virtual interface and Set ip address :
(config)# int vlan <num>
(config-if)# ip address <ip> <subnet mask>
Set vlan on interface :
(config)# int fa <num>
(config-if)# switchport mode access
(config-if)# switchport access vlan <num>
create accesslist(ACL) :
(config)# access-list <num> permit host <IP>
Enable Telnet :
(config)# line vty <num> <num>
(config-line)# login local
(config-line)# username <name> secret <num>
(config-line)# access group <ACL num> input
(config)# Enable secret <num>
Create vlan :
(config)# vlan <num>
Create Virtual interface and Set ip address :
(config)# int vlan <num>
(config-if)# ip address <ip> <subnet mask>
Set vlan on interface :
(config)# int fa <num>
(config-if)# switchport mode access
(config-if)# switchport access vlan <num>
create accesslist(ACL) :
(config)# access-list <num> permit host <IP>
Enable Telnet :
(config)# line vty <num> <num>
(config-line)# login local
(config-line)# username <name> secret <num>
(config-line)# access group <ACL num> input
(config)# Enable secret <num>
SSH Configuration :
(config)# line vty <num> <num>
(config-line)# login local
(config-line)# username <name> secret <num>
(config)# Enable secret <num>
Set domain-name :
(config)# ip domain-name <name>
Change Device name :
(config)# hostname <name>
Enable SSH :
(config)#crypto key generate rsa
key length : <num>
(config)# line vty <num> <num>
(config-line)# login local
(config-line)# username <name> secret <num>
(config)# Enable secret <num>
Set domain-name :
(config)# ip domain-name <name>
Change Device name :
(config)# hostname <name>
Enable SSH :
(config)#crypto key generate rsa
key length : <num>
Static Route :
(config)# ip route <IP> <Prefix mask> <IP> <Metric>
(config)# ip route <IP> <Prefix mask> <interface> <int num> <Metric>
(config)# ip route <IP> <Prefix mask> <IP> <Metric>
(config)# ip route <IP> <Prefix mask> <interface> <int num> <Metric>
Dynamic Routing Protocols :
bgp Border Gateway Protocol (BGP)
eigrp Enhanced Interior Gateway Routing Protocol (EIGRP)
ospf Open Shortest Path First (OSPF)
rip Routing Information Protocol (RIP)
RIP :
(config)# router rip
(config-router)# network <IP Range>
EIGRP :
(config)# router eigrp <AS num>
(config-router)# no auto-summary
(config-router)# network <IP Range> <Wildcard>
OSPF :
(config)#router ospf <num>
(config-router)# network <IP Range> <Wildcard> area <num>
area 0 -----> backbone area
bgp Border Gateway Protocol (BGP)
eigrp Enhanced Interior Gateway Routing Protocol (EIGRP)
ospf Open Shortest Path First (OSPF)
rip Routing Information Protocol (RIP)
RIP :
(config)# router rip
(config-router)# network <IP Range>
EIGRP :
(config)# router eigrp <AS num>
(config-router)# no auto-summary
(config-router)# network <IP Range> <Wildcard>
OSPF :
(config)#router ospf <num>
(config-router)# network <IP Range> <Wildcard> area <num>
area 0 -----> backbone area
NAT Configuration :
Source NAT:
Step 1) Define Inside and Outside Interfaces:
int fa <num>
ip nat inside
int fa <num>
ip nat outside
Step 2) Define Intersted Traffic:
access-list <num> permit <IP> <subnetmask>
Step 3)Define NAT role:
ip nat inside source list <num> interface fa|gig|eth|serial <num>
Step 4) Define Default Route:
ip route 0.0.0.0 0.0.0.0 int fa ?
Destination NAT or PortForward:
Step 1) Define Inside and Outside Interfaces:
int fa <num>
ip nat inside
int fa <num>
ip nat outside
Step2) ip nat inside source static <protocol> <ip private> <port> <ip public> <port>
For Example :
ip nat inside source static tcp 192.168.1.100 80 93.100.100.1 80
Source NAT:
Step 1) Define Inside and Outside Interfaces:
int fa <num>
ip nat inside
int fa <num>
ip nat outside
Step 2) Define Intersted Traffic:
access-list <num> permit <IP> <subnetmask>
Step 3)Define NAT role:
ip nat inside source list <num> interface fa|gig|eth|serial <num>
Step 4) Define Default Route:
ip route 0.0.0.0 0.0.0.0 int fa ?
Destination NAT or PortForward:
Step 1) Define Inside and Outside Interfaces:
int fa <num>
ip nat inside
int fa <num>
ip nat outside
Step2) ip nat inside source static <protocol> <ip private> <port> <ip public> <port>
For Example :
ip nat inside source static tcp 192.168.1.100 80 93.100.100.1 80
DHCP Relay or Helper Configuration :
int Vlan <num> OR int fa <num>.<num>
ip address <IP> <subnetmask>
ip helper-address <ip dhcp server>
int Vlan <num> OR int fa <num>.<num>
ip address <IP> <subnetmask>
ip helper-address <ip dhcp server>
DHCP Configuration :
(config)# ip dhcp pool <name>
(dhcp-config)# network <IP Range> <subnet mask>
(dhcp-config)# dns-server <IP>
(dhcp-config)# default-router <IP>
(config)# ip dhcp excluded-address <First IP> <Last IP>
(config)# ip dhcp pool <name>
(dhcp-config)# network <IP Range> <subnet mask>
(dhcp-config)# dns-server <IP>
(dhcp-config)# default-router <IP>
(config)# ip dhcp excluded-address <First IP> <Last IP>