Vous êtes sur la page 1sur 14

COMMAND NOTES

By aniloave

By default RTR opens in Enable mode


enable -> Privileged mode (#)

Every show commands works in Privileged mode.

#show interfaces -> Show interfaces information


#show ip interface brief -> show interfaces status

Ctrl + Z -> Goes back to Privilege mode


configure terminal (short: conf t) -> (config)#

Every configuration works here

PASSWORD ENABLING
#conf t
#enable password CISCO

# write -> Writes the configuration from running-config to startup-config


# copy running-config startup-config

Different memories in Router


RAM - Temporary - Running Config //# show running-config
NVRAM - Startup Config //# show startup-config
FLASH - IOS File
ROM - POST (Power on Self Test)

(config)# interface FastEthernet 0/0 -> (selects Fa0/0)


(config-if)# ip address 10.0.0.0 255.0.0.0 (assigns ip/mask to Fa0/0)
(config-if)# no shut (changes from off to on - default - SHUT)

(config)# ip route 30.0.0.0 255.0.0.0 10.0.0.2


-> (adds a static route - send all of n/w 30.0.0.0 through 10.0.0.2)
# show ip route -> shows available routes static/dynamic

FOR SWITCH
# show vlan -> shows Vlan information
(config)# interface FastEthernet 0/1 -> Select Trunk port
(config)# interface range FastEthernet 0/1 - 5 -> Selects range
(config)# switchport mode trunk - declare it trunk
(config)# vlan 10
(config-vlan)# name xyz
(config-vlan)# end -> Comes to privilege mode

# conf terminal
Page 1
COMMAND NOTES
(config)# interface FastEthernet 0/2
(config-if)# switchport mode access - declare it access
(config-if)# switchport access vlan 10

(config)# no vlan 10 -> Removes vlan 10

******FROM BOARDS******

VLANS
TRUNK ENCAPSULATION
ISL ISL HEADER (26B) DMAC
(6B) SMAC (6B) TYPE (2B) FCS (4B)
UNTAGGED
DMAC (6B) SMAC (6B) TYPE (2B)
802.1Q
DMAC (6B) SMAC (6B) 802.1Q (4B) TYPE (2B)

VLAN Creation
(config)# vlan 100
(config-vlan)# name Engineering

Access Port Configuration


Select port:
(config-if)# switchport mode access
(config-if)# switchport nonegotiate
(config-if)# switchport access vlan 100
(config-if)# switchport voice vlan 150

Trunk Port Configuration


Select Port:
(config-if)# switchport mode trunk
(config-if)# switchport trunk encapsulation dot1q
(config-if)# switchport trunk allowed vlan 10,20-30
(config-if)# switchport trunk native vlan 10

Switched Virtual Interface (SVI) Configuration


(config)# interface vlan100
(config-if)# ip address 192.168.100.1 255.255.255.0

VTP Configuration
(config)# vtp mode {server | client | transparent}
(config)# vtp domain <name>
(config)# vtp password <pwd>
(config)# vtp version {1 | 2}
(config)# vtp pruning

Page 2
COMMAND NOTES
Troubleshooting
show vlan
show interface [status | switchport]
show interface trunk
show vtp status
show vtp password

ROUTING
RIP V1 -> Broadcast, Classfull & V2 -> Multicast - 224.0.0.9, CLassless //
{AD = 120, Hop Max = 15, Distance Vector, Split Horizon Rule}
(config)# router rip
(config-router)# ver 2
(config-router)# network 10.0.0.0 -> IP Should be classful
(config-router)# network 20.0.0.0

#sh ip rip database -> Route Summary

SHOW CDP NEIGHBORS -> Shows all connected devices on switch port

(config)# hostname sw1 -> Names a router/switch


(config)# interface range fa 0/1, fa 1/1

# show spanning-tree vlan 20 -> Shows what spanning-tree is running on vlan 20


# show interfaces trunk -> Shows all trunk ports
(config)# spanning-tree mode rapid-pvst -> Enables RSTP
(config)# spanning-tree mode pvst -> Enables PVST
(config)# spanning-tree vlan 10,20 root primary -> Now it will be root bridge for
10, 20 {LESS 2 X 4096 from priority}

VTP:
(config)# vtp mode server -> To enable server mode vtp
(config)# vtp mode client -> To enable client mode vtp
(config)# vtp domain CISCO -> Domain names flows to other connected switch
(config)# vtp version 2 -> For running version 2
(config)# vtp password cisco -> Set VTP Password

#show vtp status


(config)# spanning-tree vlan 10,20 root secondary -> {LESS 4096 from
priority}

Use 'do' to run show commands in different modes


-> do show vlan
INTER VLAN ROUTING
Make router connected port as Trunk
Create Vlans, add ports to them, run VTP
Page 3
COMMAND NOTES
@Router
(config)#interface fa 0/0
(config-if)# no shut
(config-if)# no ip address
(config)#int fa 0/0.10 -> Creates sub interface to configure
virtual interface for vlan
(config-subif)#encapsulation dot1q 10 -> encapsulate this
subinterface with vlan ID (Per VLAN) in order to assign IP
(config-subif)#ip add 10.0.0.10 255.0.0.0

ETHER CHANNEL
Creates a virtual channel and bundles the ports
All ports to be trunk
Runs on 2 protocols:
LACP (Link Aggregation Control Protocol) -> Active and Passive Mode
PAGP (Port Aggregation Group Protocol) -> Auto and Desirable Mode
for Creating Ether channel
int range fa 0/1 - 2
channel-group 1 mode active/passive -> LACP
channel-group 1 mode auto/desirable -> PAGP

To access ether channel


int port-channel 1

Show EtherChannel Information


show etherchannel summary

SWITCH PORT SECURITY


(config)#interface fastEthernet 0/2
(config-if)#switchport mode access -> As it works on access port
(config-if)#switchport port-security -> Enable port security
(config-if)#switchport port-security maximum 2 -> Set max mac address to 2
(config-if)#switchport port-security mac-address sticky -> Automatic binding
to 2
protect Security violation protect mode -
restrict Security violation restrict mode - ports shut down
shutdown Security violation shutdown mode - Ports errored down
(config-if)#switchport port-security violation shutdown
(config-if)#exit

SVI - Switch Virtual Interface


(config)# int vlan 10 -> will create SVI of VLAN10
(config-if)# ip address 10.0.0.1 255.0.0.0

(config)# ip routing -> Enable routing in switches

(config-if)# int trunk encapsulation dot1q -> Especially for Layer 3


Page 4
COMMAND NOTES
switches

Route Type AD
Connected 0
Static 1
BGP (External Routes) 20
EIGRP (Internal Routes) 90
IGRP 100
OSPF 110
IS-IS 115
RIP 120
EIGRP (External Routes) 170
BGP (Internal Routes) 200
Unusable 255

EXCEPTIONS IN CLASS A
0.0.0.0 Represents default network
127.0.0.0 Represents loopback address

EXCEPTIONS IN CLASS B
169.254.X.X Reserved for APIPA (Automatic Private IP Address) - If no IP address
is allotted through DNS/DHCP server

EXCEPTIONS IN CLASS D
224.0.0.5 OSPF Routers send hello messages
224.0.0.6 OSPF D Routers send routing information to Designated Routers on a
n/w segment
224.0.0.9 RIPV2 send routing information
224.0.0.10 EIGRP send routing information
224.0.0.18 Virtual Router Redundancy Protocol (VRRP)

IANA INTERNET ASSIGNED NUMBERS AUTHORITY (Global IP Allocations, Autonomous


System # Allocations, Root Zone Mgmt in DNS) -> Operated by ICANN
ICANN INTERNET CORPORATION FOR ASSIGNED NAMES AND NUMBERS
APIPA AUTOMATIC PRIVATE IP ADDRESSES
CIDR CLASSLESS INTER-DOMAIN ROUTING
IETF INTERNET ENGINEERING TASK FORCE
VLSM VARIABLE LENGTH SUBNET MASK

CLASSFULL
A 10.0.0.0 10.255.255.255
B 172.16.0.0 172.32.255.255
C 192.168.0.0 192.168.255.255

saurabhtyagi01@gmail.com
Page 5
COMMAND NOTES
amittyagi20@gmail.com

PORTFAST BPDU GUARD & BPDU FILTER (All for access ports)

In PORTFAST mode - Ports are up in 2 seconds


BPDU GUARD - If BPDU comes on access ports it becomes ERROR DISABLE
BPDU FILTER - If BPDU comes on access ports it reboots
All works on 2 modes:
All access ports of Switch
One by One access ports

Commands:
#spanning-tree portfast default
#spanning-tree portfast bpduguard default
#spanning-tree portfast bpdufilter default

ROUTING
STATIC
DYNAMIC - LINK STATE (Maintain complete cost table) & DISTANCE (doori - till
neighbour) VECTOR (Direction) - Link loss will take time to revert
TCN bit is sent to update the failure of link
DEFAULT

ROUTED IPV4, IPV6, APPLETALK


ROUTING OSPF, RIP, EIGRP, BGP

TERMS
ADMINISTRATIVE DISTANCE - Tells reliability of router is better
METRIC - Burden to reach a destination (Link Cost)
AUTONOMOUS SYSTEM (AS) - Group of devices under single admin
AS NO. - 1 - 65535 (1-64931 - Public & Remaining - Private)
NETWORK - Its a command that enables link in Routing protocol
ADJACENCY - Negotiation -> Adjacency forms
NEIBOURSHIP - Update exchanges -> Neighbourship forms
PROCESS ID - In OSPF
TCN - Topology Change Notification
BEST PATH - Depends on routing protocol
BACKUP PATH - Depends on routing protocol

RIPV2
Metric - Hop Count
Multicast - 224.0.0.9
AD Value - 120
Version - V1 & V2
Hop Support - 15
Type of protocol - Distance Vector
UDP - Port 510

Page 6
COMMAND NOTES
TIMERS
UPDATE Timer - 30 Seconds
HOLD DOWN Timer - 180 Seconds
FLUSHED OUT Timer - 240 Seconds

ICMP - supports 128 hops

RIP ROUTING TABLE: Network ID, Next HOP, Outgoing Interface, AD Value, Metric
(config)# router rip
(config-router)# ver 2
(config-router)# no auto-summary
(config-router)# network 10.0.0.0 -> IP Should be classful
(config-router)# network 20.0.0.0

EIGRP
Enhanced Interior Gateway Routing Protocol
AD - 90/170
Metric - 5 Types
K1 Bandwidth
K2 Load
K3 Delay
K4 Reliability
K5 MTU
HOP Count - 255
Multicast - 224.0.0.10
IP Protocol RTP (Reliable Transport Protocol) - Protocol # 88

Tables:
Neighbour Table
Routing Table
Topology Table

Its a CISCO Proprietary

It uses Dual Algorithm named as DIFFUSING ALGORITHM


In this, 2 paths are selected viz. Best Path (Successor) and Backup Path
(Feasible Successor)

5 Types of Packets
HELLO Unreliable
UPDATE Reliable
QUERY Reliable
REPLY Reliable
ACK Unreliable

In Reliable packet - Acknowledge comes


In Unreliable packet - NO Acknowledge

Page 7
COMMAND NOTES
HELLO TIMER - 5 seconds
HOLD DOWN TIMER - 15 Seconds (3 Times HELLO TIMER)

FSM - Finite State Machine -> Utilizes all the Routed Protocols (IP, IPX, APPLETALK)
and keeps 3 tables for each routed protocols to keep compatibility

BANDWIDTH AND DELAY CALCULATION

(10^7 / BW + DELAY/10) X 256

FEASIBLE DISTANCE - Distance between Source and Destination


REPORTED DISTANCE - Distance between Neighbour and Destination
FEASIBLE CONDITION - When both Successor (Best path) and Feasible Successor (Backup
Path) exists

EIGRP selects backup path first. Its selected on the basis of lowest FEASIBLE
DISTANCE
Secondly Best path is selected on the basis of lowest REPORTED DISTANCE. If path
comes out to be same as Lowest FD, then next higher is selected

(config)# router EIGRP 10


(config-router)# no auto-summary
(config-router)# network 10.0.0.0
(config-router)# network 20.0.0.0
Router#sh ip eigrp topology

OSPF - Open Shortest Path First


Multicast - 224.0.0.5 & 224.0.0.6
AD - 110
Metric - Link Cost
Hop Limit - Unlimited
-> Link State
-> Area Based
-> Wildcard Mask

All areas must be connected to Area 0


Area 0 -> Backbone Area
ABR - Area Border Router (A0 & Ax)
Accepts wildcard mask -> Mandate to use specific network
DR - Designated Router
BDR - Backup Designated Router
Updates sent to DR and shares partially
Remaining routers are known as DR others (Internal Routers)

Network Types of OSPF


Broadcast - All Ethernet
Non-Broadcast - FR (Serial - 2.5 mbps)
Page 8
COMMAND NOTES
Point to Point - FR (Serial - 2.5 mbps)
Point to Multipoint - FR (Serial - 2.5 mbps)

(config)# router OSPF 1 1 ->


Process ID
(config-router)# router-id 1.1.1.1 Must be
different, may be any IPv4 address
(config-router)# network 10.1.1.0 0.0.0.255 Area 0
(config-router)# network 1.0.0.0 0.255.255.255 Area 0
Router#sh ip ospf database
Router#sh ip ospf int fa0/0

Hello Timer - 10 seconds


Hold Down - 40 seconds
Wait Timer - 40 seconds

Hello Timer needs same network ID and Same Area ID, same MTU
In 40 seconds those available then only election happens

NAT

Source NAT
Destination NAT
Always hide internal IP

NAT & PAT (NAT Overload)

Static Natting - 1 to 1
Dynamic Natting - Pool to Pool mapping

Inside Local - Source NAT Internal IP


Inside Global - Source NAT External IP
Outside Local - Destination NAT External IP
Outside Global - Destination NAT Internal IP

Define Boundary
R2 will NATTING -> f0/0 Inside F0/1

For internal boundary:


int f0/1
ip nat inside

For External Boundary


int f0/0
ip nat outside
Page 9
COMMAND NOTES

R5(config)#ip nat inside source static 10.0.0.1 100.0.0.11 -> Bind internal IP to
external IP statically

Enabling Telnet
R3(config)#line vty 0 4
R3(config-line)#password cisco
R3(config-line)#login
R3(config-line)#end

#Show IP NAT translation

DYNAMIC NAT
From Pool
#conf t

We will create access List (ACL)


TO whom

Now bind them:


R2(config)#ip route 0.0.0.0 0.0.0.0 10.0.0.6
R6(config)#ip nat pool NAT_POOL 11.0.0.100 11.0.0.200 prefix-length 24 -> NAT_POOL
can be anything, here we define IP pool
R6(config)#access-list 10 permit 10.0.0.0 0.0.0.255 <- IPs which will be NATTED
R6(config)#ip nat inside source list 10 pool NAT_POOL -> NVI0 interface is created
for NATTING (NVI - Natting Virtual Interface)

Sequence:
First declare interfaces as inside or outside
set default route accordingly
For static - Do Natting only
For Dynamic:
Create outside pool
Create Inside Access List
Map the pool and list using Source Inside NAT

If we include PAT to avoid multi request congestion:


R6(config)#ip nat inside source list 10 interface fastEthernet 1/0 overload -> Now
all requests will be handled using interface IP but with Source Ports for
differentiation

ACL's (Access Control List)


Two Types
Standard 1-99 -> Filters either Source IP or Destination IP's
Extended 100-199 -> Source IP, Destination IP, Source Port,
Destination Port & Protocol
Page 10
COMMAND NOTES

Theoretically Standard to apply nearby Source/Traffic Initiator & Extended near


Destination/Sink

Now to block ping from host 1.1.1.1 to 4.4.4.4


R2(config)#access-list 101 deny icmp host 1.1.1.1 host 4.4.4.4 -> This will deny any
ping from source 1.1.1.1 to destination 4.4.4.4, ACL - 101 (Extended)
R2(config)#access-list 101 permit ip any any -> Except above all ok
R2(config-if)#ip access-group 101 in -> To apply Access List on which direction (IN
or OUT)
R2#show ip access-lists

To Block Telnet:
R3(config)#access-list 10 deny host 1.1.1.1 -> Create Standard access-list as only 1
IP to be blocked
R3(config)#line vt 0 4
R3(config-line)#access-class 10 in
R3(config-line)#end

R1#telnet 3.3.3.3 /source-interface loopback 0


Trying 3.3.3.3 ...
% Connection refused by remote host

After trying telnet:


R3#sh access-lists 10
Standard IP access list 10
10 deny 1.1.1.1 (1 match)
20 permit any

To block complete 1.0.0.0 to be blocked on 4.4.4.4


R4(config)#access-list 101 deny ip 1.1.1.0 0.0.0.255 host 4.4.4.4
R4(config)#access-list 101 permit ip any any
R4(config)#int f0/0
R4(config-if)#ip access-group 101 in

R1#telnet 4.4.4.4 /source-interface loopback 0


Trying 4.4.4.4 ...
% Destination unreachable
gateway or host down

FRAME RELAY
WAN Technology to communicate multi sites with each other
Purely layer 2 technology
DLCI - Data Link Connection Identifier
DELHI, BOMBAY, CHENNAI -> Through FR Cloud (3 Way connection)
-> PVC - Permanent Virtual Circuit
-> PVC0 -> DELHI-CHENNAI
-> PVC1 -> CHENNAI-BOMBAY
Page 11
COMMAND NOTES
-> PVC2 -> BOMBAY-DELHI
Only work on Serial link
Serial link has 2 ends viz DCE (Data Connection Equipment) @ SP end & DTE
(Data Terminal Equipment) @ Client end
@DCE clock-rate is defined (Eg: 128 kbps out of 1.5 mbps will be defined by
clock-rate)
Two Protocols:
FRAME RELAY ARP - IP -> DLCI
FRAME RELAY INVERSE ARP - DLCI -> IP
LMI - Local Management Interface - DLCI mappings from FR Switch to Client
AUTOMATIC DOWNLOAD - DYNAMIC MAPPING
STATIC DOWNLOAD - STATIC MAPPING (FRARP & FRIARP disabled)

#int s1/0
#encap frame-relay
#frame-relay interface-type DCE -> Now its SP end
#clock rate 128000 -> Out of 1.5 mbps
#frame-relay lmi-type NC -> NC - open standard &
CISCO - Cisco standard
#frame-relay route 103 int s1/2 301

Enable FR in all connected interfaces

#sh frame-relay route


#sh frame-relay pvc
#sh frame-relay map

interface Serial1/0
no ip address
encapsulation frame-relay
serial restart-delay 0
clock rate 128000
frame-relay lmi-type cisco
frame-relay intf-type dce
frame-relay route 102 interface Serial1/1 201
frame-relay route 103 interface Serial1/2 301
!
interface Serial1/1
no ip address
encapsulation frame-relay
serial restart-delay 0
clock rate 128000
frame-relay lmi-type cisco
frame-relay intf-type dce
frame-relay route 201 interface Serial1/0 102
frame-relay route 203 interface Serial1/2 302
!
interface Serial1/2
Page 12
COMMAND NOTES
no ip address
encapsulation frame-relay
serial restart-delay 0
clock rate 128000
frame-relay lmi-type cisco
frame-relay intf-type dce
frame-relay route 301 interface Serial1/0 103
frame-relay route 302 interface Serial1/1 203

FRAME RELAY SWITCH - MULTIPOINT CASE


R3(config)#frame-relay switching
R3(config)#interface serial 1/1
R3(config-if)#no ip add
R3(config-if)#no shut
R3(config-if)#encapsulation frame-relay
R3(config-if)#frame-relay intf-type dce
R3(config-if)#frame-relay route 405 int se 1/0 504
R3(config-if)#frame-relay route 406 int se 1/2 604
R3(config-if)#exit
R3(config)#int se 1/0
R3(config-if)#no ip add
R3(config-if)#no shut
R3(config-if)#encap fram
R3(config-if)#encap frame-relay
R3(config-if)#frame-relay intf-type dce
R3(config-if)#frame-relay route 504 int se 1/1 405
R3(config-if)#exit
R3(config)#int se 1/2
R3(config-if)#no ip add
R3(config-if)#no shut
R3(config-if)#encapsulation frame-relay
R3(config-if)#frame-relay intf-type dce
R3(config-if)#frame-relay route 604 int se 1/1 406
R3(config-if)#^Z
R3#show frame-relay route
Input Intf Input Dlci Output Intf Output Dlci Status
Serial1/0 504 Serial1/1 405 active
Serial1/1 405 Serial1/0 504 active
Serial1/1 406 Serial1/2 604 active
Serial1/2 604 Serial1/1 406 active

RTR WITH SUB INTERFACE FOR FR


R4#conf terminal
R4(config)#int se 1/0
R4(config-if)#no ip add
R4(config-if)#no shu
R4(config-if)#encapsulation frame-relay
R4(config-if)#exit
Page 13
COMMAND NOTES
R4(config)#int se 1/0.1 multipoint
R4(config-subif)#ip add 172.16.1.1 255.255.255.0
R4(config-subif)#no shut
R4(config-subif)#frame-relay interface-dlci 405
R4(config-fr-dlci)#exit
R4(config-subif)#exit
R4(config)#int se 1/0.2 multipoint
R4(config-subif)#ip add 172.16.2.1 255.255.255.0
R4(config-subif)#frame-relay interface-dlci 406
R4(config-fr-dlci)#exit
R4(config-subif)#exit
R4(config)#^Z

REMAINING 2 RTRS
R5#conf terminal
R5(config)#int se 1/0
R5(config-if)#ip add 172.16.1.2 255.255.255.0
R5(config-if)#no shut
R5(config-if)#encapsulation frame-relay
R5(config-if)#^Z

R6#conf terminal
R6(config)#int se 1/0
R6(config-if)#ip add 172.16.2.2 255.255.255.0
R6(config-if)#no shut
R6(config-if)#encapsulation frame-relay
R6(config-if)#exit
R6(config)#^Z

BFD Feature enable - Immediately flushes out neighbour table - When neighbourship is
down.

Page 14