Dynamic Routing Protocols :
bgp Border Gateway Protocol (BGP)
eigrp Enhanced Interior Gateway Routing Protocol (EIGRP)
ospf Open Shortest Path First (OSPF)
rip Routing Information Protocol (RIP)
RIP :
(config)# router rip
(config-router)# network <IP Range>
EIGRP :
(config)# router eigrp <AS num>
(config-router)# no auto-summary
(config-router)# network <IP Range> <Wildcard>
OSPF :
(config)#router ospf <num>
(config-router)# network <IP Range> <Wildcard> area <num>
area 0 -----> backbone area
bgp Border Gateway Protocol (BGP)
eigrp Enhanced Interior Gateway Routing Protocol (EIGRP)
ospf Open Shortest Path First (OSPF)
rip Routing Information Protocol (RIP)
RIP :
(config)# router rip
(config-router)# network <IP Range>
EIGRP :
(config)# router eigrp <AS num>
(config-router)# no auto-summary
(config-router)# network <IP Range> <Wildcard>
OSPF :
(config)#router ospf <num>
(config-router)# network <IP Range> <Wildcard> area <num>
area 0 -----> backbone area
NAT Configuration :
Source NAT:
Step 1) Define Inside and Outside Interfaces:
int fa <num>
ip nat inside
int fa <num>
ip nat outside
Step 2) Define Intersted Traffic:
access-list <num> permit <IP> <subnetmask>
Step 3)Define NAT role:
ip nat inside source list <num> interface fa|gig|eth|serial <num>
Step 4) Define Default Route:
ip route 0.0.0.0 0.0.0.0 int fa ?
Destination NAT or PortForward:
Step 1) Define Inside and Outside Interfaces:
int fa <num>
ip nat inside
int fa <num>
ip nat outside
Step2) ip nat inside source static <protocol> <ip private> <port> <ip public> <port>
For Example :
ip nat inside source static tcp 192.168.1.100 80 93.100.100.1 80
Source NAT:
Step 1) Define Inside and Outside Interfaces:
int fa <num>
ip nat inside
int fa <num>
ip nat outside
Step 2) Define Intersted Traffic:
access-list <num> permit <IP> <subnetmask>
Step 3)Define NAT role:
ip nat inside source list <num> interface fa|gig|eth|serial <num>
Step 4) Define Default Route:
ip route 0.0.0.0 0.0.0.0 int fa ?
Destination NAT or PortForward:
Step 1) Define Inside and Outside Interfaces:
int fa <num>
ip nat inside
int fa <num>
ip nat outside
Step2) ip nat inside source static <protocol> <ip private> <port> <ip public> <port>
For Example :
ip nat inside source static tcp 192.168.1.100 80 93.100.100.1 80
DHCP Relay or Helper Configuration :
int Vlan <num> OR int fa <num>.<num>
ip address <IP> <subnetmask>
ip helper-address <ip dhcp server>
int Vlan <num> OR int fa <num>.<num>
ip address <IP> <subnetmask>
ip helper-address <ip dhcp server>
DHCP Configuration :
(config)# ip dhcp pool <name>
(dhcp-config)# network <IP Range> <subnet mask>
(dhcp-config)# dns-server <IP>
(dhcp-config)# default-router <IP>
(config)# ip dhcp excluded-address <First IP> <Last IP>
(config)# ip dhcp pool <name>
(dhcp-config)# network <IP Range> <subnet mask>
(dhcp-config)# dns-server <IP>
(dhcp-config)# default-router <IP>
(config)# ip dhcp excluded-address <First IP> <Last IP>
Show commands :
#show running-config
#show startup-config
#show file systems
#show flash:
#show vtp status
#show vtp password
#show vtp counters
#show vlan
#show vlan brief
#show interfaces trunk
#show interfaces vlan <num>
#show interfaces switchport
#show interfaces fastEthernet <num>
#show interfaces fastEthernet <num> switchport
#show clock
#show clock detail
#show access-lists
#show access-lists <num>
#show mac address-table
#show mac address-table static
#show ip arp
#show ip access-lists
#show ip ssh
#show ip route
#show ip interface brief
#show ip eigrp interfaces
#show ip eigrp neighbors
#show ip eigrp topology
#show ip eigrp traffic
#show ip ospf database
#show ip ospf neighbor
#show ip ospf interface
#show ip protocols
#show ip nat statistics
#show ip nat translations
#show ip dhcp binding
#show ip dhcp conflict
#show ip dhcp pool
#show spanning-tree
#show spanning-tree detail
#show spanning-tree interface fastEthernet <num>
#show spanning-tree vlan <name or num>
#show spanning-tree summary
#show spanning-tree summary totals
#show running-config
#show startup-config
#show file systems
#show flash:
#show vtp status
#show vtp password
#show vtp counters
#show vlan
#show vlan brief
#show interfaces trunk
#show interfaces vlan <num>
#show interfaces switchport
#show interfaces fastEthernet <num>
#show interfaces fastEthernet <num> switchport
#show clock
#show clock detail
#show access-lists
#show access-lists <num>
#show mac address-table
#show mac address-table static
#show ip arp
#show ip access-lists
#show ip ssh
#show ip route
#show ip interface brief
#show ip eigrp interfaces
#show ip eigrp neighbors
#show ip eigrp topology
#show ip eigrp traffic
#show ip ospf database
#show ip ospf neighbor
#show ip ospf interface
#show ip protocols
#show ip nat statistics
#show ip nat translations
#show ip dhcp binding
#show ip dhcp conflict
#show ip dhcp pool
#show spanning-tree
#show spanning-tree detail
#show spanning-tree interface fastEthernet <num>
#show spanning-tree vlan <name or num>
#show spanning-tree summary
#show spanning-tree summary totals
Full Scenario Switches.pkt
211.1 KB
Username : admin
Password: 123
Password: 123
Sub interface config :
(Config)# int fa <num>
(Config-if)# no shut
(Config-if)# exit
(Config)# int fa <num>.<num>
(Config-subif)# encapsulation dot1q <vlan num>
(Config-subif)# ip address <IP> <subnet mask>
For Example :
Int fa 0/0
no shut
int fa 0/0.10
encapsulation dot1q 10
Ip address 192.168.10.254 255.255.255.0
(Config)# int fa <num>
(Config-if)# no shut
(Config-if)# exit
(Config)# int fa <num>.<num>
(Config-subif)# encapsulation dot1q <vlan num>
(Config-subif)# ip address <IP> <subnet mask>
For Example :
Int fa 0/0
no shut
int fa 0/0.10
encapsulation dot1q 10
Ip address 192.168.10.254 255.255.255.0
Router Reset password :
Step 1) Restart router :
#reload
Step 2) when device is starting :
Cntrl + break
(Go to rommon mode)
rommon> confreg 0x2142
rommon> boot
Please wait until device starting
Step 3 ) copy configuration from nvram to running-config :
# copy startup-config running config
Step 4) change username & password :
(Config)# username <name> pass <num>
(Config)# enable secret <num>
(Config)# do write
Step 5) Restart router :
# reload
Step 6) when device is starting :
Cntrl + break
(Go to rommon mode)
rommon> confreg 0x2102
rommon> boot
Step 1) Restart router :
#reload
Step 2) when device is starting :
Cntrl + break
(Go to rommon mode)
rommon> confreg 0x2142
rommon> boot
Please wait until device starting
Step 3 ) copy configuration from nvram to running-config :
# copy startup-config running config
Step 4) change username & password :
(Config)# username <name> pass <num>
(Config)# enable secret <num>
(Config)# do write
Step 5) Restart router :
# reload
Step 6) when device is starting :
Cntrl + break
(Go to rommon mode)
rommon> confreg 0x2102
rommon> boot
Time-based ACL :
Time-range config :
(Config)# time-range <name>
(Config-time-range)# periodic <weekdays or daily> <starting time> to <ending time>
Create ACL :
(Config)# ip access-list <type> <name>
(Config-ext-nacl)# permit <protocol> <source address> <wildcard> <Destination address> <wildcard> time-range <name>
Time-range config :
(Config)# time-range <name>
(Config-time-range)# periodic <weekdays or daily> <starting time> to <ending time>
Create ACL :
(Config)# ip access-list <type> <name>
(Config-ext-nacl)# permit <protocol> <source address> <wildcard> <Destination address> <wildcard> time-range <name>
CDP Filtering :
Create tlv-list :
(Config)# cdp tlv-list <name>
(Config-tlv-list)# <feature>
Using tlv-list in interfaces :
(Config)# int fa <num>
(Confif)# cdp filter-tlv-list <name>
Create tlv-list :
(Config)# cdp tlv-list <name>
(Config-tlv-list)# <feature>
Using tlv-list in interfaces :
(Config)# int fa <num>
(Confif)# cdp filter-tlv-list <name>
Trunk 802.1Q : all vlan tagged except vlan 1
Trunk ISL : all vlan tagged
Native vlan by default = vlan 1 (untagged)
Change native vlan :
(Config)# Int fa <num>
(Config)# switchport trunk native vlan <num>
Trunk ISL : all vlan tagged
Native vlan by default = vlan 1 (untagged)
Change native vlan :
(Config)# Int fa <num>
(Config)# switchport trunk native vlan <num>
VTP Advertisements :
1- Summary Advertisements
* Every 5 minutes by a VTP server or client to inform neighboring VTP-enabled switches of the current VTP configuration revision number for its VTP domain
*Immediately after a configuration has been made
2- Subset Advertisements :
A subset advertisement contains VLAN information. Changes that trigger the subset advertisement include:
Creating or deleting a VLAN
Suspending or activating a VLAN
Changing the name of a VLAN
Changing the MTU of a VLAN
3- Request Advertisements:
When a request advertisement is sent to a VTP server in the same VTP domain, the VTP server responds by sending a summary advertisement and then a subset advertisement. Request advertisements are sent if:
The VTP domain name has been changed
The switch receives a summary advertisement with a higher configuration revision number than its own
A subset advertisement message is missed for some reason
The switch has been reset
1- Summary Advertisements
* Every 5 minutes by a VTP server or client to inform neighboring VTP-enabled switches of the current VTP configuration revision number for its VTP domain
*Immediately after a configuration has been made
2- Subset Advertisements :
A subset advertisement contains VLAN information. Changes that trigger the subset advertisement include:
Creating or deleting a VLAN
Suspending or activating a VLAN
Changing the name of a VLAN
Changing the MTU of a VLAN
3- Request Advertisements:
When a request advertisement is sent to a VTP server in the same VTP domain, the VTP server responds by sending a summary advertisement and then a subset advertisement. Request advertisements are sent if:
The VTP domain name has been changed
The switch receives a summary advertisement with a higher configuration revision number than its own
A subset advertisement message is missed for some reason
The switch has been reset
Etherchannel Configuration :
A) Static (Manual) : no auto negotiate
B) Dynamic : auto negotiate
B-1 ) PAGP (Port Aggregation Protocol) ----> Cisco
B-2 ) LACP ----> Standard
Static Config :
(Config)# int ra fa <num>-<num>
(config-if-range)# channel-group <num> mode on
Dynamic Config Help & Config:
active Enable LACP unconditionally
auto Enable PAgP only if a PAgP device is detected
desirable Enable PAgP unconditionally
on Enable Etherchannel only
passive Enable LACP only if a LACP device is detected
Use LACP Protocol :
switch1:
(Config)# int ra fa <num>-<num>
(config-if-range)# duplex auto
(config-if-range)# channel-group <num> mode active
switch2:
(Config)# int ra fa <num>-<num>
(config-if-range)# duplex auto
(config-if-range)# channel-group <num> mode passive
Change Priority In LACP Protocol :
(config)# lacp system-priority priority <num>
By Default = 32,768
When Priority is similar then Lower mac address is better
Use PAGP Protocol :
switch1:
(Config)# int ra fa <num>-<num>
(config-if-range)# duplex auto
(config-if-range)# channel-group <num> mode auto
switch2:
(Config)# int ra fa <num>-<num>
(config-if-range)# duplex auto
(config-if-range)# channel-group <num> mode desirable
new interface created By Channel-group :
(config)# int port-channel <num>
Show Cmds :
#show etherchannel
#show etherchannel load-balance
#show etherchannel summary
#show etherchannel port-channel
A) Static (Manual) : no auto negotiate
B) Dynamic : auto negotiate
B-1 ) PAGP (Port Aggregation Protocol) ----> Cisco
B-2 ) LACP ----> Standard
Static Config :
(Config)# int ra fa <num>-<num>
(config-if-range)# channel-group <num> mode on
Dynamic Config Help & Config:
active Enable LACP unconditionally
auto Enable PAgP only if a PAgP device is detected
desirable Enable PAgP unconditionally
on Enable Etherchannel only
passive Enable LACP only if a LACP device is detected
Use LACP Protocol :
switch1:
(Config)# int ra fa <num>-<num>
(config-if-range)# duplex auto
(config-if-range)# channel-group <num> mode active
switch2:
(Config)# int ra fa <num>-<num>
(config-if-range)# duplex auto
(config-if-range)# channel-group <num> mode passive
Change Priority In LACP Protocol :
(config)# lacp system-priority priority <num>
By Default = 32,768
When Priority is similar then Lower mac address is better
Use PAGP Protocol :
switch1:
(Config)# int ra fa <num>-<num>
(config-if-range)# duplex auto
(config-if-range)# channel-group <num> mode auto
switch2:
(Config)# int ra fa <num>-<num>
(config-if-range)# duplex auto
(config-if-range)# channel-group <num> mode desirable
new interface created By Channel-group :
(config)# int port-channel <num>
Show Cmds :
#show etherchannel
#show etherchannel load-balance
#show etherchannel summary
#show etherchannel port-channel
HSRP States :
1) Initial: The beginning state. The initial state indicates that HSRP does not run. This
state is entered via a configuration change or when an interface first comes
up.
2) Listen: The router knows the virtual IP address, but the router is neither the active
router nor the standby router. It listens for hello messages from those
routers.
3) Speak: The router sends periodic hello messages and actively participates in the
election of the active or standby router. A router cannot enter speak state
unless the router has the virtual IP address.
4)Standby: The router is a candidate to become the next active router and sends periodic
hello messages. With the exclusion of transient conditions, there is, at most,
one router in the group in standby state.
5)Active :The router currently forwards packets that are sent to the group virtual MAC
address. The router sends periodic hello messages. With the exclusion of
transient conditions, there must be, at the most, one router in the active state
in the group.
HSRP Configuration :
(config)# int vlan <num>
(config-if)# standby <num> ip <> --------> (Virtual ip)
(config-if)# standby <num> priority <num>
(config-if)# standby <num> preempt
(config-if)# standby <num> preempt delay minimum <num>
(config-if)# standby <num> authentication md5 key-string <num>
(config-if)# standby <num> timers <num> ---> Hello <num> ----> Hold
(config-if)# standby <num> version <num>
(config-if)# standby <num> track fa|gig|... <num>
Default Timers = Hello time 3 sec, hold time 10 sec
HSRP Reserved MAC Address : 0000.0c07.acXX
Default Priority = 100
Show Cmds :
#show standby
#show standby brief
1) Initial: The beginning state. The initial state indicates that HSRP does not run. This
state is entered via a configuration change or when an interface first comes
up.
2) Listen: The router knows the virtual IP address, but the router is neither the active
router nor the standby router. It listens for hello messages from those
routers.
3) Speak: The router sends periodic hello messages and actively participates in the
election of the active or standby router. A router cannot enter speak state
unless the router has the virtual IP address.
4)Standby: The router is a candidate to become the next active router and sends periodic
hello messages. With the exclusion of transient conditions, there is, at most,
one router in the group in standby state.
5)Active :The router currently forwards packets that are sent to the group virtual MAC
address. The router sends periodic hello messages. With the exclusion of
transient conditions, there must be, at the most, one router in the active state
in the group.
HSRP Configuration :
(config)# int vlan <num>
(config-if)# standby <num> ip <> --------> (Virtual ip)
(config-if)# standby <num> priority <num>
(config-if)# standby <num> preempt
(config-if)# standby <num> preempt delay minimum <num>
(config-if)# standby <num> authentication md5 key-string <num>
(config-if)# standby <num> timers <num> ---> Hello <num> ----> Hold
(config-if)# standby <num> version <num>
(config-if)# standby <num> track fa|gig|... <num>
Default Timers = Hello time 3 sec, hold time 10 sec
HSRP Reserved MAC Address : 0000.0c07.acXX
Default Priority = 100
Show Cmds :
#show standby
#show standby brief