Cisco IOS Quick Reference

Change the Hostname

Router>enable
Router#conf t
Router(config)#hostname router1
router1(config)#exit
router1#
router1#? (Help with commands)


Restrict Access to Router

Privelege-mode
router1(config)#enable secret CISCO (hashed)


User-mode

router1(config)#line console 0
router1(config-line)#password Cisco1
router1(config-line)#login
router1(config-line)#exec-timeout 10 0 (min,sec)
router1(config)#line vty 0 4
router1(config-line)#password cisco2
router1(config-line)#login
router1(config-line)#exec-timeout 10 0 (min,sec) 
router1(config-line)#logging synchronous


Perform Password Encryption

router1(config)#service password-encryption  


Setup SSH and Disable Telnet

router1(config)#ip domain-name mydomain.com
router1(config)#crypto key generate rsa general-keys modulus 1024 
router1(config)#ip ssh time-out 180
router1(config)#ip ssh authentication-retries 2
router1(config)#line vty 0 4
router1(config-line)#transport input ssh


Do Command

No need to be in Priveleged-mode (router1#) 
router1(config)#do show run
router1(config)#do ping 10.0.10.1
router1(config)#do copy run start


View, Save, Erase

router1#show running-config
router1#show startup-config
router1#copy run start (Copies run as startup-config) 
router1#write
router1#erase start
router1#rload (Reboots the router)


Basic Setup for HTTP and HTTPS

(config)#int fa0/1
router1(config-if)#ip address 10.0.10.1 255.255.255.0
router1(config-if)#no shutdown
router1(config-if)#ip http server
router1(config)#ip http secure-server
router1(config)#ip http authentication local
router1(config)#username cisco privilege 15 password 0 cisco 
router1(config)#line console 0
router1(config-line)#login local
router1(config-line)#line vty 0 4
router1(config-line)#privilege level 15
router1(config-line)#login local
router1(config-line)#transport input ssh


Configure an Interface

router1(config)#int giga0/1
router1(config-if)#ip address 10.0.10.1 255.255.255.0
router1(config-if)#description LAN
router1(config-if)#no shutdown
router1(config-if)#clock rate 640000 (only for Serial DCE)  


PPP Encapsulation

router1(config-if)#encapsulation ppp  


PPP Authentication Using CHAP

router1(config)#username CISCO password cisco1  
router1(config)#ppp authentication chap


Troubleshooting

router1#show controllers serial 0/0/0 (layer 1 and layer 2 info)
router1#show ip int br
router1#show interface
router1#debug ppp negotiations (PPP packets during startup phase)  
router1#debug ppp packet (real-time PPP packet flow)


Connectivity Troubleshooting

router1#ping 10.0.10.1
router1#traceroute 10.0.10.1  
router1#telnet 10.0.10.1
router1#show int giga0/0
router1#show ip int giga0/0


Telnet

router1#telnet 10.0.101
router1#terminal monitor
router1#terminal no monitor 


Default and Static Routes

router1(config)#ip route 10.0.11.1 255.255.255.0 10.0.10.1 
router1#show ip route


DHCP Server

router1#
router1#conf t
router1(config)#ip dhcp excluded-address 10.0.10.1 10.0.10.10
router1(config)#ip dhcp pool CISCO
router1(dhcp-config)#network 10.0.10.0 255.255.255.0
router1(dhcp-config)#default-router 10.0.10.1
router1(dhcp-config)#dns-server 8.8.8.8
router1(dhcp-config)#exit


NAT

router1(config)#ip nat inside source static 10.0.10.1 209.168.200.224 
router1(config)#int giga0/1 (inside interface)
router1(config-if)#ip nat inside
router1(config-if)#exit
router1(config)#int giga0/0 (outside interface)
router1(config-if)#ip nat outside


Dynamic NAT

Router(config)#access-list 1 permit 10.0.10.0 0.0.0.255
Router(config)#ip nat pool pub-addr 209.165.201.130 209.165.201.132  
Router(config)#ip nat inside source list 1 pool pub-addr
Router(config)#int giga 0/1
Router(config-if)#ip address 10.0.10.1 255.255.255.0
Router(config-if)#ip nat inside
Router(config-if)#exit
Router(config)#int giga 0/0
Router(config-if)#ip address 209.165.201.1 255.255.255.0
Router(config-if)#ip nat outside
Router(config-if)#exit


PAT

Router(config)#access-list 1 permit 10.0.10.0 0.0.0.255
Router(config)#ip nat inside source list 1 int giga0/0 overload  
Router(config)#int giga 0/1
Router(config-if)#ip address 10.0.10.1 255.255.255.0
Router(config-if)#ip nat inside
Router(config-if)#exit
Router(config)#int giga 0/0
Router(config-if)#ip address 209.165.201.1 255.255.255.0  
Router(config-if)#ip nat outside
Router(config-if)#exit


Privilege Level Account

router1(config)#username CISCO privilege 15 password 0 cisco1  


Switch Basics

Switch#erase start
Switch#delete vlan.dat
Switch#reload
Switch#show run
Switch#reloadshow ip int 


Port Security

Switch(config)#int range fa0/1-24
Switch(config-if-range)#switchport port-security mac-address sticky  
Switch(config-if-range)#switchport port-security maximum 1
Switch(config-if-range)#switchport port-security violation shutdown


Disable Port Security

Switch#conf t
Switch(config)#int fa0/18
Switch(config-if)#no switchport port-security 


Troubleshoot and View Status

Switch#show port-security address
Switch#show port-security interface fa0/22 
Switch#show mac-address table


Create VLAN

Switch#conf t
Switch(config)#vlan 20
Switch(config)#name ACCOUNTING 


Assign Ports to a VLAN

Switch#conf t
Switch(config)#int fa0/11
Switch(config-if)#switchport access vlan 20 


Remove VLAN

Switch#conf t
Switch(config)#no vlan 20 


Remove VLAN on an Interface

Switch#conf t
Switch(config)#int fa0/11
Switch(config-if)# no switchport access vlan 20 


Verify VLAN

Switch#show vlan 


Configure a Trunk Port

Switch#conf t
Switch(config)#int fa0/24
Switch(config-if)#switchport trunk encapsulation dot1q 
Switch(config-if)#switchport mode trunk


Configure Port to Detect Trunk Link

Switch#conf t
Switch(config)#int fa0/24
Switch(config-if)#switchport trunk encapsulation dot1q 
Switch(config-if)#switchport mode dynamic auto


Configure native VLAN on a Trunk Port

Switch#conf t
Switch(config)#int fa0/24
Switch(config-if)#dot1q native vlan 20 


Remove a Trunk Port

Switch#conf t
Switch(config)#int fa0/24
Switch(config-if)#no switchport mode trunk 


Configure VTP Server

Switch#conf t
Switch(config)#vtp domain MYCISCO 
Switch(config)#vtp mode server
Switch(config)#vtp version 2
Switch(config)#vtp password CISCO1 


Configure VTP Client

Switch#conf t
Switch(config)#vtp mode client
Switch(config)#vtp domain MYCISCO 
Switch(config)#vtp password CISCO1 


Inter-VLAN Routing

Router#conf t
Router(config)#int fa0/1
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#int fa0/1.10
Router(config-subif)#encapsulation dot1q10
Router(config-subif)#ip address 10.0.10.1 255.255.255.0 


BGP

Router#conf t
Router(config)#router bgp 14
Router(config-router)#neighbor 10.0.10.25 remote-as 13
Router(config-router)#network 192.168.10.0 255.255.255.0 


EIGRP

Router#conf t
Router(config)#router eirgp 10
Router(config-router)#no auto-summary
Router(config-router)#network 192.168.15.0 
Router(config-router)#network 10.0.10.0


EIGRP - Information and Troubleshooting

Router#show ip eigrp topology 
Router#show ip eigrp traffic
Router#show ip route
Router#debug ip eigrp
Router#debug ip route


OSPF

Router#conf t
Router(config)#router ospf 1
Router(config-router)#network 192.168.10.0 0.0.0.255 area 0 
Router(config-router)#network 192.168.50.0 0.0.0.255 area 0 


OSPF - Information and Troubleshooting

Router#show ip protocols 
Router#show ip ospf
Router#show ip route
Router#debug ip ospf


Access List (ACL) Standard

Router(config)#access-list [1-99/1300-1999][deny/permit][source][mask] 
Router(config)#access-list 10 permit 192.168.10.0 0.0.0.255
Router(config)#access-list 11 deny 192.168.5.0 0.0.0.255
Router(config)#access-list 12 permit any


Extended

Router(config)#access-list [100-199/2000-2699][permit/deny][tcp/ip/ospf][source][mask] host[destination][mask][eq/gt/lt][tcp_port]
Router(config)#access-list 100 permit ip host 192.168.1.10 host 192.168.10.1
Router(config)#access-list 101 permit tcp any host 192.168.20.10 eq 80


Modern

Router(config)#ip access-list standard ACCOUNTING
Router(config-std-nacl)#permit 192.168.10.2 0.0.0.255
Router(config)#ip access-list extended MARKETING
Router(config-ext-nacl)#permit ip host 192.168.10.2 host 192.168.10.1  


Troubleshooting

Router#show access-lists
Router#clear access-list counters  
Router#debug ip packet


Assign the ACL to an interface

Router#conf t
Router(config)#int fa0/1
Router(config-if)#ip access-group [ACL number][in/out]  
Router(config-if)#ip access-group 100 in


Set Clock

Router#clock set 15:00:00 Feb 21 2019  



0 comments:

Post a Comment