Spanning Tree Protocol Config(STP) :
By Default is Running
STP Protocols = No loop
STP Mode :
(config)# spanning-tree mode <>
PVST ----> By Default
Rapide pvst
Multiple stp (MSTP)
PVST and Rapide = per vlan
MSTP = no per vlan
Spanning tree Priority per vlans cmd :
(config)# spanning-tree vlan <num> priority <num>
<0-61440> bridge priority in increments of 4096
Allowed values are:
0 4096 8192 12288 16384 20480 24576 28672
32768 36864 40960 45056 49152 53248 57344 61440
By Default = 32768
STP Timers :
By Default = about 50 Second
For Decreased Timer = Use Portfast
Portfast config :
(config)# int fa <num>
(config-if)# spanning-tree portfast
Dont accept port as root :
(config-if)# spanning-tree guard root
Change port Priority :
(config)# int fa <num>
(config-if)# spanning-tree vlan <num> port-priority <num>
By Default is Running
STP Protocols = No loop
STP Mode :
(config)# spanning-tree mode <>
PVST ----> By Default
Rapide pvst
Multiple stp (MSTP)
PVST and Rapide = per vlan
MSTP = no per vlan
Spanning tree Priority per vlans cmd :
(config)# spanning-tree vlan <num> priority <num>
<0-61440> bridge priority in increments of 4096
Allowed values are:
0 4096 8192 12288 16384 20480 24576 28672
32768 36864 40960 45056 49152 53248 57344 61440
By Default = 32768
STP Timers :
By Default = about 50 Second
For Decreased Timer = Use Portfast
Portfast config :
(config)# int fa <num>
(config-if)# spanning-tree portfast
Dont accept port as root :
(config-if)# spanning-tree guard root
Change port Priority :
(config)# int fa <num>
(config-if)# spanning-tree vlan <num> port-priority <num>
ACL Types :
Extended Access List -------> <100-199> Extended IP access-list number
Standard Access List ------->
<1-99> Standard IP access-list number
IP access-list number
Create Standard accesslist :
(config)# ip access-list standard <name or num>
(config-std-nacl)# ?
<1-2147483647> Sequence Number
default Set a command to its defaults
deny Specify packets to reject
exit Exit from access-list configuration mode
no Negate a command or set its defaults
permit Specify packets to forward
remark Access list entry comment
For Example : (config-std-nacl)# <seq num> permit <IP> <wildcard or subnet mask>
Create Extended accesslist :
(config)# ip access-list extended <name or num>
For Example : (config-ext-nacl)# <seq num> deny <protocol> <IP> <wildcard or subnet mask> eq <port num> <IP> <wildcard or subnet mask> eq <port num>
Using ACL in Interface :
(config)# int fa <num>
(config-if)# ip access-group <name or num> input|output
Extended Access List -------> <100-199> Extended IP access-list number
Standard Access List ------->
<1-99> Standard IP access-list number
IP access-list number
Create Standard accesslist :
(config)# ip access-list standard <name or num>
(config-std-nacl)# ?
<1-2147483647> Sequence Number
default Set a command to its defaults
deny Specify packets to reject
exit Exit from access-list configuration mode
no Negate a command or set its defaults
permit Specify packets to forward
remark Access list entry comment
For Example : (config-std-nacl)# <seq num> permit <IP> <wildcard or subnet mask>
Create Extended accesslist :
(config)# ip access-list extended <name or num>
For Example : (config-ext-nacl)# <seq num> deny <protocol> <IP> <wildcard or subnet mask> eq <port num> <IP> <wildcard or subnet mask> eq <port num>
Using ACL in Interface :
(config)# int fa <num>
(config-if)# ip access-group <name or num> input|output
Telnet Configuration :
Create vlan :
(config)# vlan <num>
Create Virtual interface and Set ip address :
(config)# int vlan <num>
(config-if)# ip address <ip> <subnet mask>
Set vlan on interface :
(config)# int fa <num>
(config-if)# switchport mode access
(config-if)# switchport access vlan <num>
create accesslist(ACL) :
(config)# access-list <num> permit host <IP>
Enable Telnet :
(config)# line vty <num> <num>
(config-line)# login local
(config-line)# username <name> secret <num>
(config-line)# access group <ACL num> input
(config)# Enable secret <num>
Create vlan :
(config)# vlan <num>
Create Virtual interface and Set ip address :
(config)# int vlan <num>
(config-if)# ip address <ip> <subnet mask>
Set vlan on interface :
(config)# int fa <num>
(config-if)# switchport mode access
(config-if)# switchport access vlan <num>
create accesslist(ACL) :
(config)# access-list <num> permit host <IP>
Enable Telnet :
(config)# line vty <num> <num>
(config-line)# login local
(config-line)# username <name> secret <num>
(config-line)# access group <ACL num> input
(config)# Enable secret <num>
SSH Configuration :
(config)# line vty <num> <num>
(config-line)# login local
(config-line)# username <name> secret <num>
(config)# Enable secret <num>
Set domain-name :
(config)# ip domain-name <name>
Change Device name :
(config)# hostname <name>
Enable SSH :
(config)#crypto key generate rsa
key length : <num>
(config)# line vty <num> <num>
(config-line)# login local
(config-line)# username <name> secret <num>
(config)# Enable secret <num>
Set domain-name :
(config)# ip domain-name <name>
Change Device name :
(config)# hostname <name>
Enable SSH :
(config)#crypto key generate rsa
key length : <num>
Static Route :
(config)# ip route <IP> <Prefix mask> <IP> <Metric>
(config)# ip route <IP> <Prefix mask> <interface> <int num> <Metric>
(config)# ip route <IP> <Prefix mask> <IP> <Metric>
(config)# ip route <IP> <Prefix mask> <interface> <int num> <Metric>
Dynamic Routing Protocols :
bgp Border Gateway Protocol (BGP)
eigrp Enhanced Interior Gateway Routing Protocol (EIGRP)
ospf Open Shortest Path First (OSPF)
rip Routing Information Protocol (RIP)
RIP :
(config)# router rip
(config-router)# network <IP Range>
EIGRP :
(config)# router eigrp <AS num>
(config-router)# no auto-summary
(config-router)# network <IP Range> <Wildcard>
OSPF :
(config)#router ospf <num>
(config-router)# network <IP Range> <Wildcard> area <num>
area 0 -----> backbone area
bgp Border Gateway Protocol (BGP)
eigrp Enhanced Interior Gateway Routing Protocol (EIGRP)
ospf Open Shortest Path First (OSPF)
rip Routing Information Protocol (RIP)
RIP :
(config)# router rip
(config-router)# network <IP Range>
EIGRP :
(config)# router eigrp <AS num>
(config-router)# no auto-summary
(config-router)# network <IP Range> <Wildcard>
OSPF :
(config)#router ospf <num>
(config-router)# network <IP Range> <Wildcard> area <num>
area 0 -----> backbone area
NAT Configuration :
Source NAT:
Step 1) Define Inside and Outside Interfaces:
int fa <num>
ip nat inside
int fa <num>
ip nat outside
Step 2) Define Intersted Traffic:
access-list <num> permit <IP> <subnetmask>
Step 3)Define NAT role:
ip nat inside source list <num> interface fa|gig|eth|serial <num>
Step 4) Define Default Route:
ip route 0.0.0.0 0.0.0.0 int fa ?
Destination NAT or PortForward:
Step 1) Define Inside and Outside Interfaces:
int fa <num>
ip nat inside
int fa <num>
ip nat outside
Step2) ip nat inside source static <protocol> <ip private> <port> <ip public> <port>
For Example :
ip nat inside source static tcp 192.168.1.100 80 93.100.100.1 80
Source NAT:
Step 1) Define Inside and Outside Interfaces:
int fa <num>
ip nat inside
int fa <num>
ip nat outside
Step 2) Define Intersted Traffic:
access-list <num> permit <IP> <subnetmask>
Step 3)Define NAT role:
ip nat inside source list <num> interface fa|gig|eth|serial <num>
Step 4) Define Default Route:
ip route 0.0.0.0 0.0.0.0 int fa ?
Destination NAT or PortForward:
Step 1) Define Inside and Outside Interfaces:
int fa <num>
ip nat inside
int fa <num>
ip nat outside
Step2) ip nat inside source static <protocol> <ip private> <port> <ip public> <port>
For Example :
ip nat inside source static tcp 192.168.1.100 80 93.100.100.1 80
DHCP Relay or Helper Configuration :
int Vlan <num> OR int fa <num>.<num>
ip address <IP> <subnetmask>
ip helper-address <ip dhcp server>
int Vlan <num> OR int fa <num>.<num>
ip address <IP> <subnetmask>
ip helper-address <ip dhcp server>
DHCP Configuration :
(config)# ip dhcp pool <name>
(dhcp-config)# network <IP Range> <subnet mask>
(dhcp-config)# dns-server <IP>
(dhcp-config)# default-router <IP>
(config)# ip dhcp excluded-address <First IP> <Last IP>
(config)# ip dhcp pool <name>
(dhcp-config)# network <IP Range> <subnet mask>
(dhcp-config)# dns-server <IP>
(dhcp-config)# default-router <IP>
(config)# ip dhcp excluded-address <First IP> <Last IP>
Show commands :
#show running-config
#show startup-config
#show file systems
#show flash:
#show vtp status
#show vtp password
#show vtp counters
#show vlan
#show vlan brief
#show interfaces trunk
#show interfaces vlan <num>
#show interfaces switchport
#show interfaces fastEthernet <num>
#show interfaces fastEthernet <num> switchport
#show clock
#show clock detail
#show access-lists
#show access-lists <num>
#show mac address-table
#show mac address-table static
#show ip arp
#show ip access-lists
#show ip ssh
#show ip route
#show ip interface brief
#show ip eigrp interfaces
#show ip eigrp neighbors
#show ip eigrp topology
#show ip eigrp traffic
#show ip ospf database
#show ip ospf neighbor
#show ip ospf interface
#show ip protocols
#show ip nat statistics
#show ip nat translations
#show ip dhcp binding
#show ip dhcp conflict
#show ip dhcp pool
#show spanning-tree
#show spanning-tree detail
#show spanning-tree interface fastEthernet <num>
#show spanning-tree vlan <name or num>
#show spanning-tree summary
#show spanning-tree summary totals
#show running-config
#show startup-config
#show file systems
#show flash:
#show vtp status
#show vtp password
#show vtp counters
#show vlan
#show vlan brief
#show interfaces trunk
#show interfaces vlan <num>
#show interfaces switchport
#show interfaces fastEthernet <num>
#show interfaces fastEthernet <num> switchport
#show clock
#show clock detail
#show access-lists
#show access-lists <num>
#show mac address-table
#show mac address-table static
#show ip arp
#show ip access-lists
#show ip ssh
#show ip route
#show ip interface brief
#show ip eigrp interfaces
#show ip eigrp neighbors
#show ip eigrp topology
#show ip eigrp traffic
#show ip ospf database
#show ip ospf neighbor
#show ip ospf interface
#show ip protocols
#show ip nat statistics
#show ip nat translations
#show ip dhcp binding
#show ip dhcp conflict
#show ip dhcp pool
#show spanning-tree
#show spanning-tree detail
#show spanning-tree interface fastEthernet <num>
#show spanning-tree vlan <name or num>
#show spanning-tree summary
#show spanning-tree summary totals
Full Scenario Switches.pkt
211.1 KB
Username : admin
Password: 123
Password: 123
Sub interface config :
(Config)# int fa <num>
(Config-if)# no shut
(Config-if)# exit
(Config)# int fa <num>.<num>
(Config-subif)# encapsulation dot1q <vlan num>
(Config-subif)# ip address <IP> <subnet mask>
For Example :
Int fa 0/0
no shut
int fa 0/0.10
encapsulation dot1q 10
Ip address 192.168.10.254 255.255.255.0
(Config)# int fa <num>
(Config-if)# no shut
(Config-if)# exit
(Config)# int fa <num>.<num>
(Config-subif)# encapsulation dot1q <vlan num>
(Config-subif)# ip address <IP> <subnet mask>
For Example :
Int fa 0/0
no shut
int fa 0/0.10
encapsulation dot1q 10
Ip address 192.168.10.254 255.255.255.0
Router Reset password :
Step 1) Restart router :
#reload
Step 2) when device is starting :
Cntrl + break
(Go to rommon mode)
rommon> confreg 0x2142
rommon> boot
Please wait until device starting
Step 3 ) copy configuration from nvram to running-config :
# copy startup-config running config
Step 4) change username & password :
(Config)# username <name> pass <num>
(Config)# enable secret <num>
(Config)# do write
Step 5) Restart router :
# reload
Step 6) when device is starting :
Cntrl + break
(Go to rommon mode)
rommon> confreg 0x2102
rommon> boot
Step 1) Restart router :
#reload
Step 2) when device is starting :
Cntrl + break
(Go to rommon mode)
rommon> confreg 0x2142
rommon> boot
Please wait until device starting
Step 3 ) copy configuration from nvram to running-config :
# copy startup-config running config
Step 4) change username & password :
(Config)# username <name> pass <num>
(Config)# enable secret <num>
(Config)# do write
Step 5) Restart router :
# reload
Step 6) when device is starting :
Cntrl + break
(Go to rommon mode)
rommon> confreg 0x2102
rommon> boot
Time-based ACL :
Time-range config :
(Config)# time-range <name>
(Config-time-range)# periodic <weekdays or daily> <starting time> to <ending time>
Create ACL :
(Config)# ip access-list <type> <name>
(Config-ext-nacl)# permit <protocol> <source address> <wildcard> <Destination address> <wildcard> time-range <name>
Time-range config :
(Config)# time-range <name>
(Config-time-range)# periodic <weekdays or daily> <starting time> to <ending time>
Create ACL :
(Config)# ip access-list <type> <name>
(Config-ext-nacl)# permit <protocol> <source address> <wildcard> <Destination address> <wildcard> time-range <name>
CDP Filtering :
Create tlv-list :
(Config)# cdp tlv-list <name>
(Config-tlv-list)# <feature>
Using tlv-list in interfaces :
(Config)# int fa <num>
(Confif)# cdp filter-tlv-list <name>
Create tlv-list :
(Config)# cdp tlv-list <name>
(Config-tlv-list)# <feature>
Using tlv-list in interfaces :
(Config)# int fa <num>
(Confif)# cdp filter-tlv-list <name>
Trunk 802.1Q : all vlan tagged except vlan 1
Trunk ISL : all vlan tagged
Native vlan by default = vlan 1 (untagged)
Change native vlan :
(Config)# Int fa <num>
(Config)# switchport trunk native vlan <num>
Trunk ISL : all vlan tagged
Native vlan by default = vlan 1 (untagged)
Change native vlan :
(Config)# Int fa <num>
(Config)# switchport trunk native vlan <num>