Cisco Router Commands introduced during CNAP Semesters 2, 3, 4 for CCNA Certification Examination

Updated 02-20-2001 by Leon Schram [email protected] Berkner High School Richardson Independent School District Richland College Dallas County Community College

Cisco Router & Switch Commands Page 1

This reference manual is compiled by Leon Schram from information provided by the Cisco Networking Academy Program curriculum and the Sybex CCNA Study Guide. CCNA (Cisco Certified Network Associate) Study Guide, Second Edition by Todd Lammle Published 2000 by Sybex ISBN: 0-7821-2647-2 This reference guide may be freely copied and distributed by Cisco instructors to students enrolled in any Cisco Networking Academy Program.

Do not be surprised if various commands are repeated in different sections. This router reference guide has tried to place commands in the same sequence as they are introduced during your CNAP course. At the same time the commands are grouped in some logical manner, which means that some commands will belong to multiple groups.

Cisco Router & Switch Commands Page 2

Semester 2 Router Lab Topology

Starting with Semester 2 the CNAP refers to a Router Lab Topology. This lab topology, which is shown on the next page, is used for Semester 2 lab sessions, the semester 2 lab final, and will also be used for some lab practices during Semester 3 and Semester 4 lab exercises. You will note that a switch is part of the lab topology. Switch commands, and switch configuration will not be introduced until semester 3. However, the switch needs to be attached to the Ethernet-1 port of the Lab-A router for proper port configuration. Please note that the configuration of router ports, both serial and ethernet, can be done with a single stand alone router. Testing router configurations, especially port configurations, is onlu possible is the port is attached to some device. For serial ports this means that the port is attached to another port via a serial cable. For the Ethernet ports this means that the port is connected to either a hub or a switch.

Cisco Router & Switch Commands Page 3

Cisco Router & Switch Commands Page 4

Physical Router Connections

01. Take the console (rollover) cable, usually flat, and connect the cable with the RJ45 plug into the console port of the router. Take the other end of the console cable and plug it into the serial adapter. Attach the serial adapter to one of the serial (com) ports of the computer. This com port needs to be the same port as the one specified in the hyper terminal properties. (Explained later) Attach a transceiver to the Attachment Unit Interface (AUI) Ethernet port on the router. Slide the AUI to the right when attaching or removing the transceiver. Slide the AUI to the left to lock the transceiver in place. Connect a cat-5 cable to the transceiver and a hub or a switch. The hub needs to be turned on for the Ethernet port to have line protocol up, meaning it can communicate. If a serial connection is made attach the female part of the DCE cable to the male part of the DTE cable. In many cases these two cables are already connected. A serial connection is made three times for Lab-A to Lab-B, Lab-B to Lab-C and Lab C to Lab-D. Attach the DCE end of the serial cable to the Serial-0 port on one router. Attach the DTE end of the serial cable to the Serial-1 port on the other connecting router. Connect Lab-D and Lab-E with Cat-5 cable using Ethernet ports and a hub.

02. 03. 04.

05. 06. 07.

Cisco Router & Switch Commands Page 5

Creating a Cisco Router Connection Keywords Hyper Terminal

First make or check the physical connection between a workstation and a Cisco Router. Connect console cable RJ45 plug to serial adapter and attach serial adapter to com1 serial workstation port. Connect the other RJ45 plug to the con port of the router. Note: Cisco 2500 will also work with aux port. Click <Start-Programs-Accessories-HyperTerminal> Click <Hypertrm.exe> Name: Cisco Router (or other appropriate icon name) Icon: Accept default icon or pick desired icon Click OK Connect using: Direct to Com1 (do not use dial up) Bits per second: 9600 Data bits: 8 Parity: none Flow control: Hardware Click OK Click <File-Save>

Bootup work station and go to Hyper Terminal folder Execute HyperTerminal program Connection Description window Select connection name and a connection icon Phone Number window Enter indicated settings: You are not creating a phone dial-up connection

Save the new connection: It is recommended to drag the router icon to the desktop for convenient future router access. Start a router session: Execute HyperTerminal: Connect to the router

Click <HyperTerminal> Click <File-Open> and select Router icon Press <Enter> You should see user-exec prompt like Router> Cisco Router & Switch Commands Page 6

Logging into the Router Keywords <enable> help <?> <^Z> <exit>
Correct, initial, router connection should provide user-exec mode prompt. The user-exec mode provides minimal router command access, which is mostly of the read-only variety. Router configurations cannot be changed in user mode. To display a list of available user-exec commands: To enter privileged-exec mode: The privileged-exec mode provides maximum router command access. A password prompt may not be seen the first time that a router is activated. You must provide the password for future logins. To display a list of available privileged-exec commands: To enter global configuration mode: (t is short for terminal) Return to privileged mode with <Ctrl-Z>: You can also return to privileged mode with exit: Return the router to user-exec mode: Note: Cisco routers automatically disconnect after an inactive time period. It will be necessary to repeat the login. If a user-exec prompt does not appear, try pressing the <Enter> key. Cisco Router & Switch Commands Page 7 Router>

Router> ? Router> enable Password: class (password is not displayed) Router#

Router# ? Router# config t Router(config)# Router(config)#^Z Router# Router(config)# exit Router# Router#disable

Using Clock and Getting Cisco Router Command Help Keywords <clock> <set> <show> <?>
The ? can be used to display a list of available options after a partial router command entry. To set the clock and only knowing the clock command: Router responds with: Enter the next step and ask for more help: Router responds with: Now enter new time: Router responds with: Ask for additional help: Router responds with: Add day and month information and ask for more help: Router responds with: Enter the complete clock command: To display date and time information: Router# clock ? set Set the time and date Router# clock set ? hh:mm:ss Current Time (hh:mm:ss) Router# clock set 10:29:30 % Incomplete command Router# clock set 10:29:30 ? <1-31> Day of the month MONTH Month of the year Router# clock set 10:29:30 10 October ? <1993-2035> Year Router# clock set 10:29:30 10 October 1999 Router# show clock 10:30:01.543 UTC Sun Oct 10 1999

Cisco Router & Switch Commands Page 8

Cisco Router Editing Commands Keywords <show> <terminal> <editing> <history> <size>
Move to the beginning of the command line: Move to the end of the command line: Move forward one character: Move backward one character: Repeat the entire (last) previous command: Most recent command recall: Move backward one word: Move forward one word: Show history of commands in the buffer: Set the history buffer size (up to 256): Disable advanced editing features: Enable advanced editing features: Completing a partial command with <tab> key: Router responds with: Typing a partial, but recognizable, command <Ctrl-A> <Ctrl-E> Right-Arrow or <Ctrl-F> Left-Arrow or <Ctrl-B> Up-Arrow or <Ctrl-P> Down-Arrow or <Ctrl-N> <Esc-B> <Esc-F> Router> show history Router> terminal history size Router> no terminal editing Router> terminal editing Router# show run <tab> Router# show running-config Router# sho clo

Cisco Router & Switch Commands Page 9

Configuration Modes and Prompts Keywords <config> <interface> <subinterface> <line> <router> <ipx>
User EXEC mode for limited examination of the router Privileged EXEC mode for detailed examination of the router, debugging, debugging, file manipulation and remote access All router configurations start by changing to the global configuration mode. This example changes to the configuration-interface mode for the e0 interface of the router: Note: The remainder of the example include a variety of Cisco router configuration modes. You will not know the meaning of many of these commands. Right now that does not matter. The main point is that many commands do not work because they are not entered from the correct configuration mode. Router> Router#

Router# config t Router(config)# Router(config)# int e0 Router(config-if)# Router(config)# int e0.100 Router(config-subif)# Router(config)# router rip Router(config-router)# Router(config)# line vty 0 4 Router(config-line)# Router(config)# ipx router rip Router(config-ipx-router)# Router(config)# map-list Qwerty Router(config-map-list)# Router(config)# map-map Secure 10 Router(config-rout-map)#

Cisco Router & Switch Commands Page 10

RXBOOT mode used to recover from lost passwords or accidental flash erasure SETUP mode prompted dialog to enter router configuration

Router Status Commands Keywords <show> <version> <processes> <mem> <stacks> <flash> <run> <start> <int>
Displays system configuration, software version, file names and the boot image: Displays information about the active processes: Displays the configured protocols: Monitors stack use, interrupt routines, and last system reboot: Displays buffer statistics: Displays flash memory information: Displays the active configuration file in RAM: This is one of the most useful router commands Displays the startup (backup) configuration file in NVRAM: Router#show interfaces Displays statistics for all router interfaces: Note: All command examples are shown in the privileged mode. Many of the show commands are also available in the user mode. Cisco Router & Switch Commands Page 11 Router#show version Router#show processes Router#show protocols Router#show stacks Router#show buffer Router#show flash Router#show running-config (usually just show run) Router#show startup-config (usually just show start)

Semester 2 Router Lab Topology

Lab-A E0: E1: S0: SM: Networks: E0: S0: S1: SM: Networks: E0: S0: S1: SM: Networks: E0: S0: S1: SM: Networks: E0: S0: / S1 SM: Networks: 192.5.5.1 205.7.5.1 201.100.11.1 (DCE) 255.255.255.0 192.5.5.0 205.7.5.0 201.100.11.0

Lab-B

219.17.100.1 199.6.13.1 (DCE) 201.100.11.2 255.255.255.0 219.17.100.0 199.6.13.0 223.8.151.1 204.204.7.1 199.6.13.2 255.255.255.0 223.8.151.0 204.204.7.0 210.93.105.1 Not configured 204.204.7.2 255.255.255.0 210.93.105.0 204.204.7.0 210.93.105.2 Not configured 255.255.255.0 210.93.105.0

201.100.11.0

Lab-C

199.6.13.0

Lab-D

Lab-E

Cisco Router & Switch Commands Page 12

Cisco Discovery Protocol Keywords <cdp> <interface> <neighbors> <detail> <entry> <enable> <traffic>
Show packets and holdtime: Shows information about the routers interface status, such as CDP timers, packets and encapsulation: Displays information about directly connected routers, such as device identifiers, address lists, port idenmtifiers and version: Router#show cdp neighbors detail Displays additional detailed information about directy connected routers, including their ip addresses: Router#show cdp entry * Displays the same information as the show cdp neighbors detail command: Router#show cdp entry LAB-B Displays information for a specified neighbor: Enabling CDP on a specified interface, which begins CDPs dynamic discovery and starts the exchange of CDP frames: Displays the amount of packets sent and received among router neighbors: Router#config t Router(config)#int s0 Router(config-if)#cdp enable Router#show cdp traffic Router#show cdp Router#show cdp interface Router#show cdp neighbors

Cisco Router & Switch Commands Page 13

Router Testing Keywords <telnet> <exit> <disconnect> <return> <sessions> <users> <ping> <trace> <ip route> <clear> <counters>
Starting a virtual terminal session with an IP address: Starting a virtual terminal session with a host name: Finish a telnet session connected to LAB-A router: Return to original router without terminating telnet session: Resume earlier telnet session: Displays open telnet sessions: Displays routers connected by telnet: Test end-to-end connectivity using ip address: Test end-to-end connectivity host name: Test each step from source to destination: Abort continuous trace attempts: Check if a router has a routing table: Check if a specific interafce is operational and display statistics since the last time counter were cleared: To reset counters which helps to get a current router picture: Router#telnet 172.16.50.1 Router#telnet Lab-A Lab-A#exit Lab-A#<Ctrl><Shift><6> Lab-A#return Router#show sessions Router#show users Router#ping 172.16.50.1 Router#ping LAB-A Router#trace 172.16.50.1 <Ctrl><Shift><6> Router#show ip route Router#show intyerfaces s1 Router#clear counters

Cisco Router & Switch Commands Page 14

Commands related to Router Startup and Configurations Keywords <run> <run> <reload> <setup> <write> <erase> <term>
Display running configuration in RAM: Cisco IOS 10.3 and earlier: Display startup (backup) configuration in NVRAM: Cisco IOS 10.3 and earlier: Erase the startup configuration in NVRAM: Cisco IOS 10.3 or earlier: Restart the entire startup process with start-up configuration: Enter router-prompted running configuration sequence: Copy the running configuration to the startup configuration: Cisco IOS 10.3 or earlier: Copy the startup configuration to the running configuration: Cisco IOS 10.3 or earlier: Router#show running-config (or show run) Router#write term Router#show startup-config (or show start) Router#show config Router#erase start-up config (or erase start) Router#write erase Router#reload Router#setup Router#copy run start Router#write mem Router#copy start run Router#config mem

Note: the setup command can be used only for creating a minimal router configuration. Many configurations cannot be entered or altered with setup

Cisco Router & Switch Commands Page 15

Setting Cisco Router Passwords Keywords <config> <enable> <secret> <password> <line> <vty> <aux> <con> <login> <service> <password-encryption>
Setting the privileged password: Used for non-encrypted privileged mode and older IOS All password settings must be done in global configuration Setting the privileged-exec mode password: Setting the virtual terminal password: This password is used for telnet sessions into your router. line vty 0 4 specifies that up to 5 telnet sessions are allowed: Setting the auxiliary password: This password is used to control access to the router through the aux port via a modem for remote console connections. Setting the console password: This password controls access to the router through the standard con router port Manually encrypting all password configurations that follow: Router# config t Router(config)# enable password cisco Router(config)# enable secret class Router(config)# line vty 0 4 Router(config-line)# login Router(config-line)# password cisco Router(config)# line aux 0 Router(config-line)# login Router(config-line)# password cisco Router(config)# line con 0 Router(config-line)# login Router(config-line)# password cisco Router(config)#service password-encryption

Cisco Router & Switch Commands Page 16

Hostnames and Login Banners Keywords <hostname> <banner> <motd>

Changing the routers hostname from current Router to the new name Lab-A: Note: Casual changing of host names can cause problems. You will see in later router commands that host names are used in various router configurations that are stored for future use. The ability to do something like Telnet may not be possible anymore when host names are arbitrarily changed. Router#config t Router(config)#hostname Lab-A

You can add a banner that will be displayed with login. The motd commands stands for message of the day. Start with the command with a delimiting charcter, like # Both end and <Ctrl-Z> return to the priviliged mode:

Router#config t Router(config)#banner motd # Enter TEXT message: End with the chracter # Have a nice day# Router(config)#end Router# Router(config)#^Z Router#

Cisco Router & Switch Commands Page 17

Bootstrap options Keywords <boot system> <flash> <tftp>

Loading Cisco IOS from flash memory (this is default) with a specified file name: Loading Cisco IOS from TFTP server with a specified file name and TFTP server ip address: Loading Cisco IOS from ROM, which is only a subset of the completye IOS: Router#config t Router(config)#boot system flash gsnew-image Router(config)#boot system tftp test.exe 172.16.13.111 Router(config)#boot system rom

Cisco Router & Switch Commands Page 18

Working with a TFTP server Keywords <flash> <copy> <tftp>

Determining memory available in flash, as well as IOS file name that is stored in flash: Router#show flash 4096K bytes of flash memory sized on embedded flash File name/status 0 mater/California//i11/bin/gs7-j-mz.112-0.11 [deleted] Router#copy flash tftp IP address of remote host [255.255.255.255]? 172.16.13.111 filename to write on tftp host? c4500-i Router#copy tftp flash IP address of remote hosts [255.255.255.255]? 172.16.13.111 Name of tftp filename to copy into flash []? c4500-aj-m Router#copy run tftp Router#copy start tftp Router#copy tftp run Router#copy tftp start

Upload copying the system image from flash to a tftp server:

Downloading a new image from a tftp server to flash:

Upload running configuration to a tftp server: Upload startup configuration to a tftp server: Download running configuration from a tftp server: Download startup configuration from a tftp server:

Cisco Router & Switch Commands Page 19

Recovering a router from lost password Keywords Hyper Terminal

Restart the router Interrupt the bootup sequence: Read the configuration registers original value: Record this value for later, like 0x2102 Change the configuration register and tell the router to ignore the startup config in NVRAM: Initialize and reboot the router: Type n not to enter initial configuration Press <Enter> to see Router> prompt Enter privileged mode: Restore original startup configuration: You will not be able to see the secret password. Reset the secret password. Change to the original configuration register: Save new configuration: Restart the computer with the new startup configuration: Check the new configuration: Check if configuration register is set to original settings: Turn off router for a short period of time and turn it back on Press the <Ctrl> <Break> keys >o >o/r 0x2142 >i (Little letter o not zero)

Router>enable Router#copy start run Router#config t Router(config)#config-register 0x2102 Router#copy run start Router#reload Router#show run Routershow version

Cisco Router & Switch Commands Page 20

Configuring router ports Keywords <description> <int> <ip address> <no> <shutdown> >clock rate>
Enter specific port interface Ethernet 0: Provide optional comment for router port: Enter ip address for e0 followed by subnet mask: Activate e0 port from default down to up: Change to port interface Ethernet 1: Provide optional comment for router port: Enter ip address for e1 followed by subnet mask: Activate e1 port from default down to up: Change to port interface Serial 0: Provide optional comment for router port: Enter ip address for s0 followed by subnet mask: Enter clockrate for DCE serial interface: Activate s0 port from default down to up: Removing an ip address: Change an interface from up to down: Lab-A(config)#int e0 Lab-A(config-if)#description E0 link to Sales LAN Lab-A(config-if)#ip address 192.5.5.1 255.255.255.0 Lab-A(config-if)#no shutdown Lab-A(config-if)#int e1 Lab-A(config-if)#description E1 link to switch Lab-A(config-if)#ip address 205.7.5.1 255.255.255.0 Lab-A(config-if)#no shutdown Lab-A(config-if)#int s0 Lab-A(config-if)#description S0 WAN link (DCE) to Lab-B Lab-A(config-if)#ip address 201.100.11.1 255.255.255.0 Lab-A(config-if)#clock rate 56000 Lab-A(config-if)#no shutdown Lab-A(config-if)#no ip address Lab-A(config-if)#shutdown Cisco Router & Switch Commands Page 21

Working with ARP tables Keywords Hyper Terminal

Display the ARP table: This will show the IP address address, MAC address and the interface Clear the ARP table: Router#show arp

Router#clear arp

Cisco Router & Switch Commands Page 22

Host Name to address mapping and Name server configuration Keywords <ip host> <hosts> <domain> <lookup> <name-server>
Set up host name, address mapping on Lab-A router: Lab-A(config)#ip host Lab-A 205.7.5.1 201.100.11.1 192.5.5.1 Lab-A(config)#ip host Lab-B 219.17.100.1 201.100.11.2 199.6.13.1 Lab-A(config)#ip host Lab-C 199.6.13.2 223.8.151.1 204.204.7.1 Lab-A(config)#Ip host Lab-D 204.204.7.2 210.93.105.1 Lab-A(config)#ip host Lab-E 210.93.105.2 Lab-B(config)#ip host Lab-A 205.7.5.1 201.100.11.1 192.5.5.1 Lab-B(config)#ip host Lab-B 219.17.100.1 201.100.11.2 199.6.13.1 Lab-B(config)#ip host Lab-C 199.6.13.2 223.8.151.1 204.204.7.1 Lab-B(config)#Ip host Lab-D 204.204.7.2 210.93.105.1 Lab-B(config)#ip host Lab-E 210.93.105.2 Lab-A#show hosts Or Lab-A#show run Remove mapping for router Lab-B on router Lab-A: Turn on ip domain lookup (turned on by default): Set the IP address of the DNS server: Append the domain name to the hostname: (will also include mappings)

Set up host name, address mapping on Lab-B router:

Note: you can enter a maximum of eight addresses Display the list of host name, address mappings:

Lab-A(config)#no ip host Lab-B Router(config)#ip domain-lookup Router(config)#ip name-server 192.168.0.70 Router(config)#ip domain-name schnook.com

Cisco Router & Switch Commands Page 23

Configuring Routing Information Protocol (RIP) Keywords Hyper Terminal

Add RIP to update routing tables dynamically: Network 172.16.0.0 is being advertised by the router: Network 221.50.32.0 is being advertised by the router: View contents of routing tables: : View contents of RIP routes only: Holding back routing updates through a specified interface: To make RIP broadcast on non-broadcast networks: View RIP information about routing timers and network information associated with the entire router: Remove RIP routing: Display routing updates as they happen: Remove debugging: Remove all debugging: Router(config)#router rip Router(config-router)#network 172.16.0.0 Router(config-router)#network 21.50.32.0 Router#show ip route Router#show ip route rip Router(config-router)#passive-interface serial 0 Router(config-router)#neighbor 172.18.3.10 Router#show ip protocol Router(config)#no router rip Router#debug ip rip Router#no debug ip rip Router#undebug all

Cisco Router & Switch Commands Page 24

Configuring static routes Keywords <ip route> <show ip route>

Set static route to 172.16.30.0 with subnet mask 255.255.255.0 via gateway 172.16.20.2 Set static route to 172.16.50.0 with subnet mask 255.255.255.0 via gateway 172.16.20.2 Set static route to 172.16.40.0 with subnet mask 255.255.255.0 via interface e0 with administrative distance 10: View static route information: Removing a static route: Note: It is not possible to state: no ip route to remove a static route. It is an incomplete command. The entire set of ip addresses needs to be provided. Keep in mind that there can be multiple static routes. Router(config)#ip route 172.16.30.0 255.255.255.0 172.16.20.2 Router(config)#ip route 172.16.50.0 255.255.255.0 172.16.20.2 Router(config)#ip route 172.16.40.0 255.255.255.0 e0 10

Router#show run Router(config)#no ip route 172.16.50.0 255.255.255.0 172.16.20.2

Cisco Router & Switch Commands Page 25

Configuring default routing Keywords <ip route> <ip classless>

Default route to 172.16.49.1 with subnet mask 0.0.0.0 via gateway 0.0.0.0: Default is like a static route with wild cards. Default is used if the router does not know how to move a packet. Sometimes default routing fails to forward to appriate subnets. Specifying ip classless will forward packets to the best route according to default specifications. Normally classless is used with IP unless RIP is used for erouting: Remove default route: Alternative default routing commands: Router(config)#ip route 0.0.0.0 0.0.0.0 172.16.49.1

Router(config)#ip route 0.0.0.0 0.0.0.0 172.16.49.2 Router(config)#ip classless

Router(config)#no ip route 0.0.0.0 0.0.0.0 172.16.49.2 Router(config)#router rip Router(config-router)#router rip Router(config-router)#network 172.16.0.0 Router(config-router)#network 192.168.17.0 Router(config-router)#ip default network 192.168.17.0

Cisco Router & Switch Commands Page 26

Cisco Router & Switch Commands Introduced During CNAP Semester 3 Used For Semester 3 Lab Exam

Students are responsible for knowing all routing commands that were introduced during semester 2 in addition to the new routing and switching commands introduced during semester 3.

Semester 3 introduced switch commands. Switches can be configured with menu driven selections or command line interface (CLI) commands. The CCNA exam tests switch CLI commands for the 1900 switch only, which is what will be presented in this reference guide.

Cisco Router & Switch Commands Page 27

New Topics for the CCNA 640-507 Exam

Configure the Catalyst 1900 Switch CLI (Command Line Interface) Configure the Catalyst 1900 Switch hostname and passwords Configure the Catalyst 1900 Switch security Configure Virtual LANs Configure ISL Routing

NOTE The Catalyst 1900 Switch, upgraded with the Enterprise Edition IOS, can be configured using both menu selection options and Command Line Interface (CLI). CLI commands are very similar to routing commands. You can also use the same type of abbreviations that you used with the router commands, like ena for enable. The CCNA 640-507 Exam 2.0 will test only CLI commands for the testing objectives listed on this page.

Cisco Router & Switch Commands Page 28

Creating a Cisco Catalyst 1900 Switch Connection Keywords Hyper Terminal

First make or check the physical connection between a workstation and a Cisco 1900 Switch. Connect console cable RJ45 plug to serial adapter and attach serial adapter to com1 serial workstation port. Connect the other RJ45 plug to the con port of the router. Note: Some switches require a null-modem cable that has a serial connector on each end. Click <Start-Programs-Accessories-HyperTerminal> Click <Hypertrm.exe> Name: Cisco Router (or other appropriate icon name) Icon: Accept default icon or pick desired icon Click OK Connect using: Direct to Com1 (do not use dial up) Bits per second: 9600 Data bits: 8 Parity: none Stop bits: 1 Flow control: None Click OK Click <File-Save> It is recommended to drag the switch icon to the desktop for convenient future switch access. Start a switch session: Execute HyperTerminal: Connect to the router Click <HyperTerminal> Click <File-Open> and select Switch icon Press <Enter> You should see CATALYST 1900 Management Console

Bootup work station and go to Hyper Terminal folder Execute HyperTerminal program Connection Description window Select connection name and a connection icon Phone Number window Enter indicated settings: You are not creating a phone dial-up connection

Save the new connection:

Cisco Router & Switch Commands Page 29

Setting Catalyst 1900 Switch passwords Keywords <enable> <config> <password> <level> <secret> <show run>
Execute hyper terminal and initiate a Switch session: 1 user(s) now active on Management Console User Interface Menu [M] [K] [I] Change from Menu Selection mode to the CLI: (Command Line Interface) Menus Command Line IP Configuration K

Enter Selection:

CLI session with the switch is open. To end the CLI session, enter [Exit]. > >enable #config t (config)#enable password level 1 cisco (config)#enable password level 15 class (config)#enable secret class #show run

Enter privileged mode: (If this is the first time a password is not required) Enter global configuration mode: Set the user mode password: Set the enable (privileged) mode password: (non encrypted) Set the secret enable (privileged) mode password: (encrypted) View the passwords in the switch configuration: (note that the user and enable passwords are visible)

Cisco Router & Switch Commands Page 30

Important Catalyst 1900 Switch password notes: Passwords must be between 4 and 8 characters. The enable and secret passwords can be the same.

There is no password recovery for a 1900 switch.

Cisco Router & Switch Commands Page 31

Setting a Catalyst 1900 Switch Host Name and IP Information Keywords <hostname> <show ip> <ip address> <ip default-gateway>
Go to privileged mode: Go to global configuration mode: Set the host name for the switch: >enable #config t (config)#hostname Switch-A Switch-A(config)#

Note: The hostname on a switch, as well on a router, is only locally significant. This means that it does not have any function on the network or name resolution whatsoever. However, it is helpful to set a hostname on a switch so that you can identify the switch when connecting to it. Display the default ip address and gateway: Switch-A#show ip IP Address: 0.0.0.0 Subnet Mask: 0.0.0.0 Default Gateway: 0.0.0.0

Note there will be additional information displayed like VLAN Management, Domain name and other details. Setting ip address on the switch: Setting the default gateway on the switch: Note: On a switch you set ip information so that the switch can be accessed via Telnet or if the switch needs to be configured with different VLANs Switch-A(config)#ip address 172.16.10.16 255.255.255.0 Switch-A(config)#ip default-gateway 172.16.10.1 Switch-A#show ip IP Address: 172.16.10.16 Subnet Mask: 255.255.255.0 Default Gateway: 172.16.10.0

Cisco Router & Switch Commands Page 32

Configuring Switch Interfaces Keywords <int> <0/1-27> <ethernet> <fast> <description> <show>
Note: Configuring switch interfaces is a combination of a slot number/port number. The 1900 switch only has one slot, which will always be 0. Configuring 10BaseT interfaces: Or use abbreviation: Configuring 100Mbps interfaces: Or use abbreviation: (fast ethernet ports are only 26 and 27 even if the switch has a total of 14 ports) Setting a port description: (Note that the description must be one word) View interface information: The main intention is to show the description of the port. You will also see additional information that you will not Understand right now. Keep in mind that switch configuration is only introduced At the CCNA level, and is not fully investigated until the CCNP program. Switch-A(config)#int ethernet 0/1 Switch-A(config)#int e0/1 Switch-A(config)#int fast 0/26 Switch-A(config)#int f0/26

Switch-A(config-if)#description Marketing_VLAN Switch-A#show int e0/1 Ethernet 0/1 is Suspended-no-linkbeat Hardware is Built-in 10Base-T Address is 0001.96DF.78C1 MTU 1500 bytes, BW 10000 Kbits 802.1d STP State: Forwarding Forward Transitions: 1 Port Monitoring : Disabled Unknown unicast flooding: Enabled Unregistered multicast flooding: Enabled Description: MARKETING VLAN Duplex setting: Half duplex Back pressure: Disabled

Cisco Router & Switch Commands Page 33

Configuring the Port Duplex Keywords <int> <0/1-27> <fast> <duplex> <auto> <full> <full-flow-control> <half>
Change to Ethernet port 0/1 Configuring the port duplex mode for an ethernet port: Options are: auto full full-flow-control half Configure port for half-duplex mode: (default for 10BaseT ports) Attempt to configure ports for auto or full-flow-control. Even though the question mark specified these options they will only work with fast ethernet ports. Switch-A(config)#int e0/1 Switch-A(config-if)#duplex ? auto Enable auto duplex configuration full Force full duplex configuration full-flow-control Force full duplex with with flow control half Force half duplex operation Switch-A(config-if)#duplex half

Switch-A(config-if)#duplex auto Error: Invalid configuration for this interface Switch-A(config-if)#duplex full-flow-control Error: Invalid configuration for this interface Switch-A(config-if)#int f0/26 Switch-A(config-if)#duplex auto Switch-A(config-if)#int f0/27 Switch-A(config-if)#duplex full-flow-control

Change to Fast Ethernet port 0/26: Configure port for auto-negotiation mode: (default for fast ethernet ports) Change to second Fast Ethernet port 0/27: Configure for full-flow-control to prevent buffer overflow:

Cisco Router & Switch Commands Page 34

Verifying IP Connectivity Keywords <ping> <telnet>

Test connectivity to an ip address with ping: Switch-A#ping 172.50.100.25 Sending 5, 100-byte ICMP Echos to 172.50.100.25, time out is 2 seconds: !!!!! Success rate is 100 percent (5/5) Switch-A#telnet 172.50.100.25 ^ % Invalid input detected at ^ marker.

Test connectivity to an ip address with telnet: Note it is not possible to telnet from a switch, like you have done with a router. However, it is possible to telnet into a switch from a router.

Cisco Router & Switch Commands Page 35

Erasing Switch Configuration Keywords <delete> <nvram> <vtp>

Erase the configuration in NVRAM: Note that the switch has no commands to save the running configuration to the startup configuration. This is done automatically. Do not assume that this command can be used to recover from lost-password problems. Erasing the configuration in NVRAM erases existing passwords, but this command in only available in priviliged mode where it is possible to change the password. Reset the VTP (VLAN Trunk Protocol) configuration to its default values: witch-A#delete vtp Switch-A#delete nvram

Cisco Router & Switch Commands Page 36

Managing the MAC Address Table Keywords <mac-address-table> <permanent> <restricted> <static> <show> <version>
Display the switch MAC address table: Switch-A#show mac-address-table Number of permanent addresses : 0 Number of restricted static addresses : 0 Number of dynamic addresses : 0 Switch-A#clear mac-address-table Switch-A#clear mac-address-table ? dynamic Clear 802.1d dynamic address permanent Clear 802.1d permanent address restricted Clear 802.1d restricted static address Switch-A#clear mac-address-table dynamic Switch-A(config)#mac-address-table permanent 00A0.2448.60A5 e0/4

Clear all the entries in the mac-address-table: Clear specific types of entries:

Clear dynamic mac-address-table entries: Configure a permanent mac address to port 4 The mac-address-table had three options: dynamic permanent restricted Restricting a path for source hardware address. In this case port 0/5 is restricted to sending frames only to port 0/2. Display basic information about a switch, like how long the switch has been running, IOS version, and base MAC address:

Switch-A#mac-address-table restricted static 00A0.246E.0FA8 e0/2 e0/5

Switch-A#show version

Cisco Router & Switch Commands Page 37

Changing the LAN Switch Type Keywords <int> <0/1-27> <ethernet> <fast> <description> <show> <duplex> <delete> <nvram> <port> <switching-mode> <fragment-free> <store-and-forward>
Display the current switching mode: (this is the default switching mode) Display the switching-mode options: Switch-A(config)#switching-mode ? fragment-free Fragment Free mode store-and-forward Store-and-Forward mode Change the switching mode to store-and-forward: Change switching mode to fragment-free: Switch-A(config)#switching-mode store-and-forward Switch-A(config)#switching-mode fragment-free Switch-A#show port system Switching mode: FragmentFree Use of store and forward for multicast: disabled

Switching-Mode Warning If you change the LAN switch type, you change it for all ports on the switch. Configuring VLANs Keywords <vlan> <name> <vlan-membership> <static>
Cisco Router & Switch Commands Page 38

Note: A switch can be configured for static or dynamic VLAN membership. THE CCNA exam objectives only require static configuration.
Check the VLAN number options: Number 1 is reserved for the default VLAN. The Inter-Switch Link routing number identifies the VLAN. Make VLAN 2 Production Make VLAN 3 Marketing Make VLAN 4 Accounting Change to port e0/2: Display the vlan-membership options: Switch-A(config)#vlan ? <2-1001> ISL VLAN index Switch-A(config)#vlan 2 name Production Switch-A(config)#vlan 3 name Marketing Switch-A(config)#vlan 4 name Accounting Switch-A(config)#int e0/2 Switch-A(config-if)#vlan-membership ? dynamic set VLAN membership as dynamic static set VLAN membership as static Switch-A(config-if)#vlan-membership static 2 Assign the three VLANs (Production, Marketing and Accounting) to specif ports using the vlan index numbers: Switch-A(config-if)#int eo/4 Switch-A(config-if)#vlan-membership static 3 Switch-A(config-if)#int e0/5 Switch-A(config-if)#vlan-membership static 4 Switch-A#show vlan Display all the VLANs assigned to their respective ports: Display VLAN 2 information only: Display VLAN information along with static or dynamic info: Switch-A#show vlan 2 Switch-A#show vlan-membership

Cisco Router & Switch Commands Page 39

Configuring trunk ports Keywords <trunk> <auto> <desirable> <nonnegotiate> <off> <on> <trunk-allowed>
Note that trunking is only available on FastEthernet ports running Dynamic Inter-Switch Link (DISL) encapsulation. Configuring trunking with DISL set to AUTO: (trunk port if connected device is on or desirable) Configuring trunking with DISL set to DESIRABLE: (trunk port if connected device is on, desirable or auto) Configuring trunking with DISL set to NONEGOTIATE: (becomes permanent ISL trunk port; will not negotiate with any attached device) Configuring trunking with DISL set to OFF: (interface is disabled from running trunking) Configuring trunking with DISL set to ON: (becomes permanent ISL trunk port; can negotiate with a connected device to convert to trunk mode) Display the trunk ports: Display trunking on interface 26: Display trunking on interface 27: Display allowed VLANs on a trunked port a: Clearing a VLAN 5 from being communicated on a trunked line: Switch-A(config)#int f0/26 Switch-A(config-if)#trunk auto Switch-A(config-if)#trunk desirable Switch-A(config-if)#trunk nonnegotiate

Switch-A(config-if)#trunk off Switch-A(config-if)#trunk on

Switch-A#show trunk Switch-A#show trunk a Switch-A#show trunk b Switch-A#show trunk a allowed-vlans Switch-A#no trunk-vlan 5

Cisco Router & Switch Commands Page 40

Configuring ISL Routing on a Router Keywords <encapsulation> <isl> <ip address>

The example below will support four VLANs on one interface, which requires creating four subinterfaces. Note: Inter-Switch Link (ISL) routing is only available on a fast ethernet interface. Configure the first subinterface: Enable Inter-Switch Link (ISL) encapsulation for VLAN 1 Assign an IP address to the subinterface: Configure the second subinterface: Enable Inter-Switch Link (ISL) encapsulation for VLAN 2 Assign an IP address to the subinterface: Configure the third subinterface: Enable Inter-Switch Link (ISL) encapsulation for VLAN 3 Assign an IP address to the subinterface: Configure the fourth subinterface: Enable Inter-Switch Link (ISL) encapsulation for VLAN 4 Assign an IP address to the subinterface: Return to global configuration mode: Enter interface mode for FastEthernet 0: Make FastEthernet interface 0 active: Router(config)#int f0/0.1 Router(config-subif)#encapsulation isl 1 Router(config-subif)#ip address 172.16.10.1 255.255.255.0 Router(config)#int f0/0.2 Router(config-subif)#encapsulation isl 2 Router(config-subif)#ip address 172.16.20.1 255.255.255.0 Router(config)#int f0/0.3 Router(config-subif)#encapsulation isl 3 Router(config-subif)#ip address 172.16.30.1 255.255.255.0 Router(config)#int f0/0.4 Router(config-subif)#encapsulation isl 4 Router(config-subif)#ip address 172.16.40.1 255.255.255.0 Router(config-subif)#exit Router(config)#int f0/0 Router(config-if)#no shutdown

Cisco Router & Switch Commands Page 41

Configuring Interior Gateway Routing Protocol (IGRP) Keywords <router> <igrp> <network> <ip route> <protocol> <events> <transactions>
Activate IGRP routing protocol with AS number 10 (0-65535): Specify attached network addresses: Router(config)#router igrp 10 Router(config-router)#network 172.16.0.0 Router(config-router)#network 172.25.0.0 Router#show ip route Router#show protocol Router#show ip protocol Router#debug igrp events Router#debug igrp transactions Router#un all

Check IGRP routing table information: Useful command to see ip addresses for each interface and determine if routing protocol is enabled: Verifying which routing protocol is active: Display a summary of IGRP routing information: Display message requests and broadcasts: Turn off all debugging:

Cisco Router & Switch Commands Page 42

Configuring IPX routing Keywords <ipx routing> <network> <encapsulation> <secondary>

Enable IPX routing: Change to interface mode: Add network number: To change the IPX frame type to sap (802.2): Configuring IPX on a router with three interfaces: Router(config)#ipx routing Router(config)#int e0 Router(config-if)#ipx network 10 Router(config-if)#ipx network 10 encapsulation sap Router(config)#ipx routing Router(config)#int e0 Router(config-if)#ipx network 30 Router(config-if)#int s0 Router(config-if)#ipx network 20 Router(config-if)#int s1 Router(config-if)#ipx network 40 Router(config)#int e0 Router(config-if)#ipx network 10a encapsulation sap secondary Router(config)#int e0.10 Router(config-subif)#ipx network 10a encap sap

Configuring multiple IPX frame types using a secondary address: Configuring multiple IPX frame types using subinterfaces: Note: use the following Cisco keywords novell-ether (default) sap arpa snap Ethernet_802.3 Ethernet_802.2 Ethernet_II Ethernet_snap

Cisco Router & Switch Commands Page 43

Monitoring IPX Keywords Hyper Terminal

Display IPX routing table information: Display all the IPX servers and SAP table: Display summary of IPX packets received and transmitted: Display IPX status for each interface: display IPX status of e0 interface Display routed protocols and interface addresses: Enable load balancing across two equal costs paths: Monitor IPX routing updates as it is running: Display IPX SAP packets that are transmitted and received: Router#show ipx route Router#show ipx servers Router#show ipx traffic Router#show ipx interface Router#show ipx int e0 Router#show protocol Router#ipx maximum-paths 2 Router#debug ipx routing activity Router#dedub ipx routing events Router#debug ipx sap activity

Cisco Router & Switch Commands Page 44

Configuring standard IP access lists Keywords <access-list> <deny> <permit> <hosts> <any> <in> <out> <access-group>
Deny any packets from host 172.16.30.2 Permit access to all other ip addresses: Change to interface mode: Attach access list 10 to Ethernet 0 outgoing: Permit any packets from network 172.16.0.0: Permit any packets from subnet 172.16.4.0: Permit only host 172.16.30.2 using wild card: Deny only host 200.23.45.78: Permit all other addresses using wild cards: Permit all other addresses using any: Permit only even-numbered hosts of network 220.100.50.0: Permit only ip addresses in the range 172.16.16.0 through 172.16.19.0: Permit only ip addresses in the range 172.16.16.0 through 172.16.23.0: Permit only ip addresses in the range 172.16.32.0 through 172.16.63.0: Router(config)#access-list 10 deny host 172.16.30.2 Router(config)#access-list 10 permit any Router(config)#int e0 Router(config-if)#ip access-group 10 out Router(config)#access-list 20 permit 172.16.0.0 0.0.255.255 Router(config)#access-list 30 permit 172.16.4.0 0.0.0.255 Router(config)#access-list 40 permit 172.16.30.2 0.0.0.0 Router(config)#access-list 50 deny host 200.23.45.78 Router(config)#access-list 50 permit 0.0.0.0 255.255.255.255 same as: Router(config)#access-list 50 permit any Router(config)#access-list 60 permit 220.100.50.0 0.0.0.254 Router(config)#access-list 70 permit 172.16.16.0 0.0.3.255 Router(config)#access-list 80 permit 172.16.16.0 0.0.7.255 Router(config)#access-list 90 permit 172.16.32.0 0.0.31.255

Cisco Router & Switch Commands Page 45

Controlling VTY (Telnet) access and viewing access lists Keywords <line vty 0 4> <access-class>
Create a standard access list permitting only 172.16.10.3: Change to telnet line mode: Apply the access list to the VTY line: Display all the access lists: Display only access list 75: Shows only the IP access lists: Shows which interfaces have access lists: Shows the access lists and which interfaces have access lists: Router(config)#access-list 50 permit 172.16.10.3 Router(config)#line vty 0 4 Router(config-line)#access-class 50 in Router#show access-list Router#show access-list 75 Router#show ip access-list Router#show ip interface Router#show run

Cisco Router & Switch Commands Page 46

Access list main number ranges Keywords

IP standard access list IP extended access list Appletalk access list IPX standard access list IPX extended access list IPX SAP access list 1-99 100-199 600-699 800-899 900-999 1000-1099

Cisco Router & Switch Commands Page 47

Configuring extended ip access lists Keywords <access-list> <deny> <permit> <eq> <any> <ftp> <telnet>
Deny acces from any source to host 172.16.10.5 Deny access from any ftp and any telnet source to host 172.16.10.5 Same access list as above, but using port names (ftp and telnet) in place of numbers (21 and 23) Permit access from source network 150.50.0.0 to destination network 200.1.1.0 Router(config)#access-list 110 deny ip any host 172.16.10.5 Router(config)#access-list 120 deny tcp any host 172.16.10.5 eq 21 Router(config)#access-list 120 deny tcp any host 172.16.10.5 eq 23 Router(config)#access-list 120 permit ip any any Router(config)#access-list 120 deny tcp any host 172.16.10.5 eq ftp Router(config)#access-list 120 deny tcp any host 172.16.10.5 eq telnet Router(config)#access-list 120 permit ip any any Router(config)#access-list 130 permit ip 150.50.0.0 0.0.255.255 200.1.1.0 0.0.0.255

Cisco Router & Switch Commands Page 48

Configuring IPX Access Lists Keywords <access-list> <permit> <deny> <ipx access-group> <in> <out>
Standard IPX access list, which permits IPX packets from IPX network 20 out inetrface e0 to IPX network 40 Router(config)#access-list 810 permit 20 40 Router(config)#int e0 Router(config-if)#ipx access-group 810 out

Cisco Router & Switch Commands Page 49

Cisco Router Commands Introduced During CNAP Semester 4 Used For Semester 4 Lab Exam

Students are responsible for knowing all routing & switching commands that were introduced during semesters 2 & 3 in addition to the new routing commands introduced during semester 4.

Cisco Router & Switch Commands Page 50

Configuring PPP Keywords <encapsulation> <ppp> <chap> <pap>

Change to serial 0 router interface: Enable Point-To-Point (PPP) encapsulation: Change to Ethernet 0 router interface: Try to enable PPP encapsulation: Note: WAN protocols are enabled at serial ports only and must be enabled at both ends of the serial connection. Configure PPP CHAP authentication: (Challenge Handshake Authentication Protocol) (more secure and encrypted password authentication) Configure PPP PAP authentication: (Password Authentication Protocol) (less secure unencrypted password authentication) Verify that PPP encapsulation is enabled: More information is provided than shown here. Much of the information will not make sense. The keep issue here is to verify that PPP encapsulation is enabled. Router(config)#int s0 Router(config-if)#encapsulation ppp Router(config-if)#int e0 Router(config-if)#encapsulation ppp ^ % Invalid input detected at ^ marker

Router(config-if)#ppp authentication chap

Router(config-if)#ppp authentication pap

Router#show int s0 Serial0 is up, line protocol is up Hardware is HD64570 Internet address is 172.16.20.1/24 MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255 Encapsulation PPP, loopback not set, keepalive set (10 sec)

Configuring FrameRelay Keywords <encapsulation> <frame-relay> <ietf> <interface-dlci> <lmi-type>

Cisco Router & Switch Commands Page 51

Change to serial 0 router interface: Enable Frame Relay encapsulation for Cisco routers: Enable Frame Relay IETF encapsulation for non-cisco routers or one cisco router connected to a non-cisco device: (Internet Engineering Task Force)

Router(config)#int s0 Router(config-if)#encapsulation frame-relay Router(config-if)#encapsulation frame-relay ietf

Permanent virtual circuits (PVCs) like Frame Relay virtual circuits are identified by Data Link Connection Identifiers (DLCIs). Check available DLCI numbers for interface s0: Configure DLCI number 16 to the interface: The Local Management Interface (LMI) is a signaling standard responsible for managing and maintaining status between a CPE router and a frame switch. Beginning with IOS 11.2 the LMI type is auto-sensed. There are three LMI types. Determine the three LMI types: Router(config)#int s0 Router(config-if)#frame-relay lmi-type ? cisco ansi q933a Router(config-if)#frame-relay lmi-type q933a Router(config)#int s0 Router(config-if)#frame-relay interface-dlci ? <16-1007> Define a DLCI as part of the current subinterface Router(config-if)#frame-relay interface-dlci 16

Setting the LMI type to q933a:

Cisco Router & Switch Commands Page 52

Configuring Subinterfaces for Frame Relay Keywords <int s1.?> <multipoint> <point-to-point>
You have multiple virtual circuits on a single serial interface, but each must be treated as a separate interface. This is accomplished by creating subinterfaces. First set Frame Relay encapsulation to a serial interface: Check available subinterface numbers: Create subinterface 16 in Serial 1 interface: Router(config)#int s1 Router(config-if)#encapsulation frame-relay Router(config-if)#int s1.? <0-4294967295> Router(config-if)#int s1.16 Router(config-subif)# Router(config)#int s0.16 ? multipoint Treat as multipoint link point-to-point Treat as point-to-point link Router(config)#int s0.16 multipoint Router(config-subif)#

Determine the two types of subinterfaces: Multipoint is used when the router is at the center of a star of virtual circuits. Point-to-Point is used when a single virtual circuit connects one router to another. Create subinterface 16 with multipoint type:

Cisco Router & Switch Commands Page 53

Mapping Frame Relay Keywords

IIP devices at the ends of virtual circuits must have their address mapped to Data Link Connection Identifiers (DLCIs). There are two mapping approaches: Use the Frame Relay map command Use the inverse-arp function Frame Relay map command example Enable (default Cisco) Frame Relay encapsulation: Create subinterface with point-to-point link: Disable inverse arp: Configure ip address and subnet mask for subinterface: Router(config)#int s0 Router(config-if)#encapsulation frame-relay Router(config-if)#int s0.16 point-to-point Router(config-subif)#no inverse arp Router(config-subif)#ip address 172.16.30.1 255.255.255.0 Router(config)#access-list 810 permit 20 40 Router(config)#int e0 Router(config-if)#ipx access-group 810 out

Cisco Router & Switch Commands Page 54