trunk config :
L2 Switches:
(config)# int fa <num>
(config-if)# switchport mode trunk
MLS Switches:
(config)# int fa <num>
(config-if)# switchport trunk encapsulation dot1q
(config-if)# switchport mode trunk
L2 Switches:
(config)# int fa <num>
(config-if)# switchport mode trunk
MLS Switches:
(config)# int fa <num>
(config-if)# switchport trunk encapsulation dot1q
(config-if)# switchport mode trunk
vtp config :
(config)# vtp domain <name>
(config)# vtp password <num>
(config)# vtp version <num>
(config)# vtp mode <client|server|transparent>
show vtp ?
counters VTP statistics
password VTP password
status VTP domain status
(config)# vtp domain <name>
(config)# vtp password <num>
(config)# vtp version <num>
(config)# vtp mode <client|server|transparent>
show vtp ?
counters VTP statistics
password VTP password
status VTP domain status
Vlan Filtering :
Manual config :
(config)# int fa <num>
(config-if)# switchport trunk allowed vlan <num>
Help:
add add VLANs to the current list
all all VLANs
except all VLANs except the following
none no VLANs
remove remove VLANs from the current list
Automatic config :
(config)# vtp pruning
Manual config :
(config)# int fa <num>
(config-if)# switchport trunk allowed vlan <num>
Help:
add add VLANs to the current list
all all VLANs
except all VLANs except the following
none no VLANs
remove remove VLANs from the current list
Automatic config :
(config)# vtp pruning
Port Security Config :
Enable feature :
(config)# int fa <num>
(config-if)# switchport port-security
Select manually :
(config-if)# switchport port-security mac-address <H.H.H>
Select Automatically :
(config-if)# switchport port-security mac-address sticky
Accept one or more mac Address per interface :
(config-if)# switchport port-security maximum <num>
By Default : one mac address
Select Port security Mode :
(config-if)# switchport port-security violation <protect|restrict|shutdown>
By Default Mode : Shutdown
Enable feature :
(config)# int fa <num>
(config-if)# switchport port-security
Select manually :
(config-if)# switchport port-security mac-address <H.H.H>
Select Automatically :
(config-if)# switchport port-security mac-address sticky
Accept one or more mac Address per interface :
(config-if)# switchport port-security maximum <num>
By Default : one mac address
Select Port security Mode :
(config-if)# switchport port-security violation <protect|restrict|shutdown>
By Default Mode : Shutdown
Spanning Tree Protocol Config(STP) :
By Default is Running
STP Protocols = No loop
STP Mode :
(config)# spanning-tree mode <>
PVST ----> By Default
Rapide pvst
Multiple stp (MSTP)
PVST and Rapide = per vlan
MSTP = no per vlan
Spanning tree Priority per vlans cmd :
(config)# spanning-tree vlan <num> priority <num>
<0-61440> bridge priority in increments of 4096
Allowed values are:
0 4096 8192 12288 16384 20480 24576 28672
32768 36864 40960 45056 49152 53248 57344 61440
By Default = 32768
STP Timers :
By Default = about 50 Second
For Decreased Timer = Use Portfast
Portfast config :
(config)# int fa <num>
(config-if)# spanning-tree portfast
Dont accept port as root :
(config-if)# spanning-tree guard root
Change port Priority :
(config)# int fa <num>
(config-if)# spanning-tree vlan <num> port-priority <num>
By Default is Running
STP Protocols = No loop
STP Mode :
(config)# spanning-tree mode <>
PVST ----> By Default
Rapide pvst
Multiple stp (MSTP)
PVST and Rapide = per vlan
MSTP = no per vlan
Spanning tree Priority per vlans cmd :
(config)# spanning-tree vlan <num> priority <num>
<0-61440> bridge priority in increments of 4096
Allowed values are:
0 4096 8192 12288 16384 20480 24576 28672
32768 36864 40960 45056 49152 53248 57344 61440
By Default = 32768
STP Timers :
By Default = about 50 Second
For Decreased Timer = Use Portfast
Portfast config :
(config)# int fa <num>
(config-if)# spanning-tree portfast
Dont accept port as root :
(config-if)# spanning-tree guard root
Change port Priority :
(config)# int fa <num>
(config-if)# spanning-tree vlan <num> port-priority <num>
ACL Types :
Extended Access List -------> <100-199> Extended IP access-list number
Standard Access List ------->
<1-99> Standard IP access-list number
IP access-list number
Create Standard accesslist :
(config)# ip access-list standard <name or num>
(config-std-nacl)# ?
<1-2147483647> Sequence Number
default Set a command to its defaults
deny Specify packets to reject
exit Exit from access-list configuration mode
no Negate a command or set its defaults
permit Specify packets to forward
remark Access list entry comment
For Example : (config-std-nacl)# <seq num> permit <IP> <wildcard or subnet mask>
Create Extended accesslist :
(config)# ip access-list extended <name or num>
For Example : (config-ext-nacl)# <seq num> deny <protocol> <IP> <wildcard or subnet mask> eq <port num> <IP> <wildcard or subnet mask> eq <port num>
Using ACL in Interface :
(config)# int fa <num>
(config-if)# ip access-group <name or num> input|output
Extended Access List -------> <100-199> Extended IP access-list number
Standard Access List ------->
<1-99> Standard IP access-list number
IP access-list number
Create Standard accesslist :
(config)# ip access-list standard <name or num>
(config-std-nacl)# ?
<1-2147483647> Sequence Number
default Set a command to its defaults
deny Specify packets to reject
exit Exit from access-list configuration mode
no Negate a command or set its defaults
permit Specify packets to forward
remark Access list entry comment
For Example : (config-std-nacl)# <seq num> permit <IP> <wildcard or subnet mask>
Create Extended accesslist :
(config)# ip access-list extended <name or num>
For Example : (config-ext-nacl)# <seq num> deny <protocol> <IP> <wildcard or subnet mask> eq <port num> <IP> <wildcard or subnet mask> eq <port num>
Using ACL in Interface :
(config)# int fa <num>
(config-if)# ip access-group <name or num> input|output
Telnet Configuration :
Create vlan :
(config)# vlan <num>
Create Virtual interface and Set ip address :
(config)# int vlan <num>
(config-if)# ip address <ip> <subnet mask>
Set vlan on interface :
(config)# int fa <num>
(config-if)# switchport mode access
(config-if)# switchport access vlan <num>
create accesslist(ACL) :
(config)# access-list <num> permit host <IP>
Enable Telnet :
(config)# line vty <num> <num>
(config-line)# login local
(config-line)# username <name> secret <num>
(config-line)# access group <ACL num> input
(config)# Enable secret <num>
Create vlan :
(config)# vlan <num>
Create Virtual interface and Set ip address :
(config)# int vlan <num>
(config-if)# ip address <ip> <subnet mask>
Set vlan on interface :
(config)# int fa <num>
(config-if)# switchport mode access
(config-if)# switchport access vlan <num>
create accesslist(ACL) :
(config)# access-list <num> permit host <IP>
Enable Telnet :
(config)# line vty <num> <num>
(config-line)# login local
(config-line)# username <name> secret <num>
(config-line)# access group <ACL num> input
(config)# Enable secret <num>
SSH Configuration :
(config)# line vty <num> <num>
(config-line)# login local
(config-line)# username <name> secret <num>
(config)# Enable secret <num>
Set domain-name :
(config)# ip domain-name <name>
Change Device name :
(config)# hostname <name>
Enable SSH :
(config)#crypto key generate rsa
key length : <num>
(config)# line vty <num> <num>
(config-line)# login local
(config-line)# username <name> secret <num>
(config)# Enable secret <num>
Set domain-name :
(config)# ip domain-name <name>
Change Device name :
(config)# hostname <name>
Enable SSH :
(config)#crypto key generate rsa
key length : <num>
Static Route :
(config)# ip route <IP> <Prefix mask> <IP> <Metric>
(config)# ip route <IP> <Prefix mask> <interface> <int num> <Metric>
(config)# ip route <IP> <Prefix mask> <IP> <Metric>
(config)# ip route <IP> <Prefix mask> <interface> <int num> <Metric>
Dynamic Routing Protocols :
bgp Border Gateway Protocol (BGP)
eigrp Enhanced Interior Gateway Routing Protocol (EIGRP)
ospf Open Shortest Path First (OSPF)
rip Routing Information Protocol (RIP)
RIP :
(config)# router rip
(config-router)# network <IP Range>
EIGRP :
(config)# router eigrp <AS num>
(config-router)# no auto-summary
(config-router)# network <IP Range> <Wildcard>
OSPF :
(config)#router ospf <num>
(config-router)# network <IP Range> <Wildcard> area <num>
area 0 -----> backbone area
bgp Border Gateway Protocol (BGP)
eigrp Enhanced Interior Gateway Routing Protocol (EIGRP)
ospf Open Shortest Path First (OSPF)
rip Routing Information Protocol (RIP)
RIP :
(config)# router rip
(config-router)# network <IP Range>
EIGRP :
(config)# router eigrp <AS num>
(config-router)# no auto-summary
(config-router)# network <IP Range> <Wildcard>
OSPF :
(config)#router ospf <num>
(config-router)# network <IP Range> <Wildcard> area <num>
area 0 -----> backbone area
NAT Configuration :
Source NAT:
Step 1) Define Inside and Outside Interfaces:
int fa <num>
ip nat inside
int fa <num>
ip nat outside
Step 2) Define Intersted Traffic:
access-list <num> permit <IP> <subnetmask>
Step 3)Define NAT role:
ip nat inside source list <num> interface fa|gig|eth|serial <num>
Step 4) Define Default Route:
ip route 0.0.0.0 0.0.0.0 int fa ?
Destination NAT or PortForward:
Step 1) Define Inside and Outside Interfaces:
int fa <num>
ip nat inside
int fa <num>
ip nat outside
Step2) ip nat inside source static <protocol> <ip private> <port> <ip public> <port>
For Example :
ip nat inside source static tcp 192.168.1.100 80 93.100.100.1 80
Source NAT:
Step 1) Define Inside and Outside Interfaces:
int fa <num>
ip nat inside
int fa <num>
ip nat outside
Step 2) Define Intersted Traffic:
access-list <num> permit <IP> <subnetmask>
Step 3)Define NAT role:
ip nat inside source list <num> interface fa|gig|eth|serial <num>
Step 4) Define Default Route:
ip route 0.0.0.0 0.0.0.0 int fa ?
Destination NAT or PortForward:
Step 1) Define Inside and Outside Interfaces:
int fa <num>
ip nat inside
int fa <num>
ip nat outside
Step2) ip nat inside source static <protocol> <ip private> <port> <ip public> <port>
For Example :
ip nat inside source static tcp 192.168.1.100 80 93.100.100.1 80
DHCP Relay or Helper Configuration :
int Vlan <num> OR int fa <num>.<num>
ip address <IP> <subnetmask>
ip helper-address <ip dhcp server>
int Vlan <num> OR int fa <num>.<num>
ip address <IP> <subnetmask>
ip helper-address <ip dhcp server>
DHCP Configuration :
(config)# ip dhcp pool <name>
(dhcp-config)# network <IP Range> <subnet mask>
(dhcp-config)# dns-server <IP>
(dhcp-config)# default-router <IP>
(config)# ip dhcp excluded-address <First IP> <Last IP>
(config)# ip dhcp pool <name>
(dhcp-config)# network <IP Range> <subnet mask>
(dhcp-config)# dns-server <IP>
(dhcp-config)# default-router <IP>
(config)# ip dhcp excluded-address <First IP> <Last IP>
Show commands :
#show running-config
#show startup-config
#show file systems
#show flash:
#show vtp status
#show vtp password
#show vtp counters
#show vlan
#show vlan brief
#show interfaces trunk
#show interfaces vlan <num>
#show interfaces switchport
#show interfaces fastEthernet <num>
#show interfaces fastEthernet <num> switchport
#show clock
#show clock detail
#show access-lists
#show access-lists <num>
#show mac address-table
#show mac address-table static
#show ip arp
#show ip access-lists
#show ip ssh
#show ip route
#show ip interface brief
#show ip eigrp interfaces
#show ip eigrp neighbors
#show ip eigrp topology
#show ip eigrp traffic
#show ip ospf database
#show ip ospf neighbor
#show ip ospf interface
#show ip protocols
#show ip nat statistics
#show ip nat translations
#show ip dhcp binding
#show ip dhcp conflict
#show ip dhcp pool
#show spanning-tree
#show spanning-tree detail
#show spanning-tree interface fastEthernet <num>
#show spanning-tree vlan <name or num>
#show spanning-tree summary
#show spanning-tree summary totals
#show running-config
#show startup-config
#show file systems
#show flash:
#show vtp status
#show vtp password
#show vtp counters
#show vlan
#show vlan brief
#show interfaces trunk
#show interfaces vlan <num>
#show interfaces switchport
#show interfaces fastEthernet <num>
#show interfaces fastEthernet <num> switchport
#show clock
#show clock detail
#show access-lists
#show access-lists <num>
#show mac address-table
#show mac address-table static
#show ip arp
#show ip access-lists
#show ip ssh
#show ip route
#show ip interface brief
#show ip eigrp interfaces
#show ip eigrp neighbors
#show ip eigrp topology
#show ip eigrp traffic
#show ip ospf database
#show ip ospf neighbor
#show ip ospf interface
#show ip protocols
#show ip nat statistics
#show ip nat translations
#show ip dhcp binding
#show ip dhcp conflict
#show ip dhcp pool
#show spanning-tree
#show spanning-tree detail
#show spanning-tree interface fastEthernet <num>
#show spanning-tree vlan <name or num>
#show spanning-tree summary
#show spanning-tree summary totals
Full Scenario Switches.pkt
211.1 KB
Username : admin
Password: 123
Password: 123
Sub interface config :
(Config)# int fa <num>
(Config-if)# no shut
(Config-if)# exit
(Config)# int fa <num>.<num>
(Config-subif)# encapsulation dot1q <vlan num>
(Config-subif)# ip address <IP> <subnet mask>
For Example :
Int fa 0/0
no shut
int fa 0/0.10
encapsulation dot1q 10
Ip address 192.168.10.254 255.255.255.0
(Config)# int fa <num>
(Config-if)# no shut
(Config-if)# exit
(Config)# int fa <num>.<num>
(Config-subif)# encapsulation dot1q <vlan num>
(Config-subif)# ip address <IP> <subnet mask>
For Example :
Int fa 0/0
no shut
int fa 0/0.10
encapsulation dot1q 10
Ip address 192.168.10.254 255.255.255.0