CCNA 200-125 Portable Command Guide PDF

1
Contents
Introduction to Routers: ............................................................................................................................... 6
Router Models: ......................................................................................................................................... 6
Router RAM and Flash.............................................................................................................................. 7
ROUTER INTERFACES AND NAMING CONVENTIONS .............................................................................. 8
CONNECTING ROUTERS TO WAN: ......................................................................................................... 12
LAB SIMULATION TOOLS: ........................................................................................................................... 13
Packet Tracer: ......................................................................................................................................... 13
GNS3 ....................................................................................................................................................... 13
CHECKING ROUTER CONNECTIONS VIA CLI: .............................................................................................. 14
CHECKING ROUTER SPECIFICATIONS VIA CLI: ........................................................................................... 15
CISCO IOS CONFIGURATION MODES: ....................................................................................................... 16
GENERAL ROUTER CONFIGURATIONS: ...................................................................................................... 17
Setting Router Hostname:...................................................................................................................... 17
Setting the Enable Password ................................................................................................................. 17
Setting the Line console Login and Password: ...................................................................................... 18
Setting the Line vty login and password................................................................................................ 19
Setting the line idle-timer for line console and line vty........................................................................ 20
Configuring Banner Logins ..................................................................................................................... 20
PASSWORD SECURITY: ........................................................................................................................... 21
CONFIGURING INTERFACE IP ADDRESSES: ................................................................................................ 21
CONFIGURING LOOPBACK INTERFACES: ................................................................................................... 23
CONFIGURING STATIC ROUTING: .............................................................................................................. 24
EXIT INTERFACE WAY ............................................................................................................................. 25
NEXT HOP IP ADDRESS WAY SYNTAX: ................................................................................................... 26
CONFIGURING STATIC DEFAULT ROUTES: ............................................................................................. 27
CONFIGURING EIGRP .................................................................................................................................. 29
3 ways to Configure EIGRP: .................................................................................................................... 29
Configuring Interface Bandwidths for More accurate Routing Protocol Metric Computation: .......... 33
CONFIGURING EIGRP UNEQUAL COST LOAD BALANCING .................................................................... 35
CONFIGURING EIGRP SECURITY: ............................................................................................................ 36
3
PASSIVE INTERFACES .......................................................................................................................... 36

CONFIGURING EIGRP AUTHENTICATION ........................................................................................... 39
CONFIGURING OSPF ................................................................................................................................... 42
OSPF SYNTAX .......................................................................................................................................... 42
CONFIGURING OSPF ROUTER-ID............................................................................................................ 45
CONFIGURING OSPF SECURITY .............................................................................................................. 47
CONFIGURING OSPF PASSIVE INTERFACES: ...................................................................................... 47
CONFIGURING OSPF AUTHENTICATION: ........................................................................................... 50
CONFIGURING OSPF DR and BDR .......................................................................................................... 52
How to set OSPF interface priority: ................................................................................................... 53
CONFIGURING MULTI-AREA OSPF: ........................................................................................................ 55
To configure a Router to become an ABR, ........................................................................................ 55
To configure a router to become an ASBR: ....................................................................................... 56
PROPAGATING A DEFAULT ROUTE INTO OSPF: ................................................................................ 57
IPV6 ROUTING ............................................................................................................................................ 59
CONFIGURING IPv6 INTERFACE ADDRESSES: ........................................................................................ 59
To configure an EUI-64 Address: ............................................................................................................ 60
CONFIGURING IPV6 STATIC ROUTES: .................................................................................................... 62
EXIT INTERFACE WAY: ........................................................................................................................ 62
NEXT HOP IP ADDRESS WAY: ............................................................................................................. 62
CONFIGURING IPV6 STATIC DEFAULT ROUTE: ...................................................................................... 64
CONFIGURING OSPFv3 (OSPF for IPV6) ..................................................................................................... 65
CONFIGURING EIGRP FOR IPv6 .................................................................................................................. 72
CONFIGURING ACLs (Access Control List) .................................................................................................. 78
CONFIGURING STANDARD ACL ............................................................................................................... 78
SPECIAL ACL Keywords: ...................................................................................................................... 78
CONFIGURING A STANDARD ACL TO RESTRICT TELNET ACCESS: ......................................................... 82
CONFIGURING EXTENDED ACL: .............................................................................................................. 83
NETWORK ADDRESS TRANSLATION (NAT) ................................................................................................ 85
Configuring PAT (Port Address Translation) / Many Private IP to Many Public IP NAT ...................... 85
CONFIGURING STATIC NAT .................................................................................................................... 90
4
BGP (Border Gateway Protocol) Configuration ......................................................................................... 92

To activate BGP ...................................................................................................................................... 92
Advertising networks into BGP: ............................................................................................................. 93
REDUNDANCIES:: ........................................................................................................................................ 95
Configuring Floating Static Routes: ....................................................................................................... 95
FHRP (First Hop Redundancy Protocol) ................................................................................................. 96
Configuring HSRP ................................................................................................................................ 96
Configuring VRRP: ................................................................................................................................ 100
CONFIGURING GRE (Generic Routing Encapsulation) ............................................................................ 104
CONFIGURING DHCP ................................................................................................................................ 107
Configuring PPP (Point-to-Point Protocol) .............................................................................................. 112
Configuring PPP Authentication .......................................................................................................... 114
GENERAL SWITCH CONFIGURATIONS ...................................................................................................... 116
CONFIGURE SWITCH IP DEFAULT GATEWAY ........................................................................................... 117
CONFIGURE SWITCHPORT MODES: ......................................................................................................... 118
CONFIGURING SWITCHPORT SECURITY: ................................................................................................. 121
Configure a Static MAC Address for Port-Security .............................................................................. 122
Configuring VLANs: ................................................................................................................................... 123
VLAN CONFIGURATION MODE WAY: .................................................................................................. 123
VLAN DATABASE MODE WAY: ............................................................................................................. 124
ASSIGNING PORTS TO VLANS............................................................................................................... 125
TO APPLY SIMILAR COMMANDS OVER A RANGE OF PORTS – WE USE THE “INTERFACE RANGE
COMMAND” ..................................................................................................................................... 126
CONFIGURING VTP (Virtual Trunking Protocol) ..................................................................................... 127
VTP Configuration Mode Way: ............................................................................................................ 127
VTP Database Mode Way: ................................................................................................................... 128
TRUNKING ENCAPSULATIONS:................................................................................................................. 130
CONFIGURING NATIVE VLANs.................................................................................................................. 132
Configuring Inter-Vlan Routing / Router-on-a-Stick ............................................................................... 134
MULTILAYER SWITCHING: ........................................................................................................................ 141
CONFIGURING SPANNING TREE PROTOCOL (STP) .................................................................................. 156
5
Configuring Root Switch:...................................................................................................................... 159

Changing the Default STP Mode: ......................................................................................................... 160
STP ENCHANCEMENTS: ............................................................................................................................ 162
PORTFAST: ............................................................................................................................................ 162
BPDUGUARD:........................................................................................................................................ 163
ETHERCHANNEL: ....................................................................................................................................... 164
6
Introduction to Routers:
Router Models:
7
Router RAM and Flash

8
ROUTER INTERFACES AND NAMING CONVENTIONS

9
10
11
12
CONNECTING ROUTERS TO WAN:

13
LAB SIMULATION TOOLS:

To be able to do configuration labs at home, you can use network simulators.
There are 2 types of Network Simulators that you can use for your CCNA Study:
1. Packet Tracer
2. GNS3
Packet Tracer:
Packet Tracer is the network simulation tool created by Cisco.
This is the simulation tool used by students enrolled in Cisco Academies (Cisco Academies
offers 4 Module training authorized by Cisco)
I have a Youtube video for the instruction on how to install and use Cisco Packet Tracer, it
also includes the download link for Packet Tracer in the video description.
You can access the tutorial here → https://www.youtube.com/watch?v=yEEIweCaUSk
GNS3
This is one of the best network simulation tools available.
I also have a Youtube video for the instruction on how to install and use GNS3, it also
includes the show download link for GNS3 and an IOS in the video description.
You can access the tutorial here → https://youtu.be/A0d-6bm9nsc

14
CHECKING ROUTER CONNECTIONS VIA CLI:

To view the type of cable connected to an interface, whether it’s DTE, DCE, or if there’s no
cable plugged in:
#show controllers serial <interface number>
router>
router>enable
router#show controllers serial 0/0

15
CHECKING ROUTER SPECIFICATIONS VIA CLI:

router>enable
router#show version
16
CISCO IOS CONFIGURATION MODES:

Router>
USER MODE
 LIMITED PRIVILEGE TO ISSUE SHOW COMMANDS
ENABLE MODE/PRIVILEGED MODE

 router>enable
router#
 ALL SHOW COMMANDS CAN BE ISSUED HERE.
GLOBAL CONFIGURATION MODE

 router#configure terminal
router#conf t
router(config)#
 ALL COMMANDS ISSUED IN THE GLOBAL CONFIG MODE AFFECTS THE ROUTER AS
A WHOLE.
17
GENERAL ROUTER CONFIGURATIONS:
General router configurations are initial configuration setup that you configure in your
router/switch when it is in its default state (no startup-configs are set).
GENERAL ROUTER CONFIGURATIONS:

1. Hostname
2. Enable Password
3. Line Console login and password
4. Line Vty (Virtual Terminal Lines for Telnet Connections) login and password
5. Idle-timer for Line console and Line Vty
6. Banner Logins
Setting Router Hostname:
en
conf t
hostname <router hostname>
Setting the Enable Password
en
conf t
enable password <password that you want>
18
Setting the Line console Login and Password:
en
conf t
line console 0
!
! informs the router to ask for a login information, i.e. password
login
!
! sets the console password
password <password that you want>
exit
19
Setting the Line vty login and password
en
conf t
!
line vty <starting line number> <end line number>
!
! informs the router to ask for a login information, i.e. password
login
!
! sets the line vty password
password <password that you want>
exit
20
Setting the line idle-timer for line console and line vty
en
conf t
line console 0
exec-timeout <timeout in minutes> <timeout in seconds>
exit
Configuring Banner Logins
en
conf t
banner login <delimiting character> <type whatever banner you want> <delimiting
character>
if my delimiting character is $
21
PASSWORD SECURITY:
How to configure an encrypted enable password
en
conf t
enable secret <password>
How to encrypt all passwords configured
en
conf t
service password-encryption
CONFIGURING INTERFACE IP ADDRESSES:
To view the IP Addresses set on the Router’s interfaces
#show ip interface brief

22
To configure interface IP Addresses:
en
conf t
!
! we need to indicate the interface that we will configure
interface <interface name>
!
! configure the ip address and subnet mask to be set on this interface
ip address <ip address> <subnet mask long format>
!
! turn on the interface
no shut
exit
Verify the configured IP Address:

23
CONFIGURING LOOPBACK INTERFACES:
To verify the configured IP Addresses:
To create a Loopback interface and configure its IP Address:
en
conf t
interface loopback <loopback #>
ip address <ip address> <subnet mask>
exit
To verify the configured loopback interfaces:

24
CONFIGURING STATIC ROUTING:
To view the ip routing table:
#show ip route
We have 2 ways to configure a Static Route:

1. Exit interface Way
2. Next hop IP Address Way
25
EXIT INTERFACE WAY
SYNTAX:
en
conf t
ip route <remote network address> <subnet mask> <exit interface>
Verify the configured static route:

26
NEXT HOP IP ADDRESS WAY SYNTAX:
en
conf t
ip route <remote network address> <subnet mask> <next hop ip address>
To verify the configured static route:

27
CONFIGURING STATIC DEFAULT ROUTES:
What is a Default Route?
DEFAULT ROUTE
==> THERE IS NO NEED TO INFORM A ROUTER ABOUT ALL REMOTE NETWORKS, AND
HOW TO GET TO THOSE REMOTE NETWORKS. IF A ROUTER SEES A PACKET GOING TO A
NETWORK THAT IS NOT ON THE ROUTING TABLE, IT WILL JUST FORWARD THAT PACKET
TO A PREDETERMINED EXIT INTERFACE OR A NEXT HOP IP ADDRESS.
( PAG ANG ROUTER, NAKARECEIVE NG PAPUNTA SA HINDI NYA ALAM, IPASA SA KATABI
[EXIT INT, NEXT HOP IP ADDR])
0.0.0.0/0
→ IP Subnet Zero
→ Default Route
→ All networks not in my routing table
DEFAULT ROUTE SYNTAX:
en
conf t
ip route 0.0.0.0 0.0.0.0 <exit interface/next hop ip address>
28
Verify the configured Default Route:
#show ip route
NOTE:
A static default route can only be configured if:
1. A router is a stub router

Stub Router → If a router only has 1 exit interface
2. If a router with multiple exit interfaces is the router that is connected to the
internet.
29
CONFIGURING EIGRP
Sample topology that will be used for the syntax examples:
3 ways to Configure EIGRP:
1. Basic Way (CCNA WAY)
en
conf t
router eigrp <autonomous system #>
!
! network advertisement line
network <directly connected network address>
no auto-summary
exit
30
2. ADVANCED WAY (Network advertisement line with Wildcard Masks)
en
conf t
network <directly connected network address> <wildcard mask>
no auto-summary
exit
3. MAS ADVANCED WAY (Network Advertisement line with summary wildcard mask)
en
conf t
router eigrp <autonomous system number>
network <directly connected network address> <summary wildcard mask>
no auto-summary
exit
Autonomous System Number

➔ The Autonomous system number must be the same on all routers to form
neighborship.
NOTE:
Although meron tayong 3 ways to configure, sa CCNA Exam ok lang na yung gamitin
mong method of configuration is the Basic Way (CCNA Way).
SAMPLE CONFIGS: (Let’s use Autonomous System # 100 for the configs)
1. Using the BASIC WAY:
For R1:
en
conf t
router eigrp 100
network 192.168.12.0
network 192.168.13.0
network 192.168.14.0
network 192.168.10.0
no auto-summary
exit
31
2. Using the Advanced Way
For R1:
en
conf t
router eigrp 100
network 192.168.10.0 0.0.0.255
network 192.168.11.0 0.0.0.255
network 192.168.12.0 0.0.0.255
network 192.168.13.0 0.0.0.255
no auto-summary
exit
3. Using the Mas Advanced Way 😉
For R1:
en
conf t
router eigrp 100
network 192.168.0.0 0.0.255.255
no auto-summary
exit
32
To view the routing table (supposing all routers are now configured with EIGRP 100)
#show ip route
33
Configuring Interface Bandwidths for More accurate Routing Protocol Metric Computation:
To view the interface defaults:
#show interface <interface name>
We can change the configured bandwidth of an interface using the ff. syntax:
en
conf t
interface serial 0/0
bandwidth <bandwidth in kbps>
exit
34
To view the new bandwidth configured on serial 0/0
#show interface serial 0/0

35
CONFIGURING EIGRP UNEQUAL COST LOAD BALANCING
We can configure unequal cost load balancing in EIGRP by using the variance command
SYNTAX:
en
conf t
router eigrp 100
variance <variance value>
exit
To configure, supposing variance = 4
To verify the variance configured,
#show ip protocols
36
CONFIGURING EIGRP SECURITY:
There are 2 ways to configure Security on a Routing Protocol:

1. Passive Interfaces
2. Authentication
PASSIVE INTERFACES
These are interfaces who network is advertised but is not sending out hellos. (Sending out
of Hellos are disabled on passive interfaces)
BEST PRACTICE: We need to make all interfaces passive first
To make all interfaces passive:
en
conf t
router eigrp 100
passive-interface default
exit
37
To verify passive interfaces:
#show ip protocols
When we issue the ‘passive-interface default’ command, it makes all router interfaces
passive – regardless if the interface is activated for eigrp or not.
NEXT, We need to make all interfaces that are connected to neighbor routers to be not
passive
SYNTAX – How to make interfaces not passive
en
conf t
no passive-interface <interface name>
exit
38
If serial 0/0 and fa0/0 is connected to a neighbor router, we need to make these interfaces
not passive
To configure:
To verify:
You can see that interfaces that are configured to be not passive is not included in the
Passive Interfaces list.
39
CONFIGURING EIGRP AUTHENTICATION
3 Steps to Configure:
1. Create Key Chain
2. We need to Activate EIGRP Authentication on an interface
3. We need to configure the keychain inside that interface
STEP1: Create Key Chain
SYNTAX:
en
conf t
key chain <key chain name>
key <key number>
key-string <key string/password>
exit
key chain → can be any name
key number → In EIGRP, we can have multiple passwords/key-string configured. We need

to have a different key number for every key-string that is set on the router.
key string → this is the password
Example:
Key chain name → mnetkey
Key number → 1
Password/Key-string → mnetpass
40
To verify:
#show key chain
STEP2: We need to activate the EIGRP Authentication on an interface & STEP3: We need to
configure the keychain inside the interface
We need to activate the EIGRP Authentication on the interface connected to the neighbor
router
SYNTAX:
en
conf t
!
!This command enable authentication on the interface
ip authentication mode eigrp <autonomous system #> md5
!
! This command configures the keychain inside the interface
ip authentication key-chain eigrp <autonomous system #> <key chain name>
exit
NOTE:
The keychain number and the key-string should be the same on interconnected interfaces for
the authentication to pass.
The keychain names doesn’t have to be the same on router neighbors.

41
To configure the key chain mnetkey to serial 0/0
To verify the configuration:
#show run interface serial 0/0

42
CONFIGURING OSPF
I will be using this topology in the configuration samples:
OSPF SYNTAX:
en
conf t
router ospf <process#>
network <directly connected network address> <wildcard mask> area <area#>
exit
NOTE:
process# → This can be any number. It just indicates the ospf process number locally on
the router.
The process number doesn’t need to be the same on neighboring routers to form
neighborship.
area # → Routers must have the same area number to form neighborship.
43
Example:
Configuring R1: ( I will use process 100 and area 0 )

en
conf t
router ospf 100
network 192.168.10.0 0.0.0.255 area 0
network 192.168.12.0 0.0.0.255 area 0
network 192.168.13.0 0.0.0.255 area 0
network 192.168.14.0 0.0.0.255 area 0
exit
Configuring R2:
Configuring R3:
44
Verifying:
#show ip route
#show ip protocols
45
#show ip ospf neighbor
CONFIGURING OSPF ROUTER-ID
How do OSPF choose which router-id to user?

1. Use a manually configured router-id
2. If a router-id is not configured, use the highest loopback interface IP Address
3. If a router is is not configured, and there is no loopback interfaces configured, use
the highest IP Address of an “up up” physical interface.
SYNTAX:
en
conf t
router-id <router-id in x.x.x.x format>
exit
Take note that when we activate OSPF, it looks for a router-id.
If you didn’t manually configure a router-id, it will use either the loopback ip address or
the physical interface ip address (depending on what is available).
If OSPF has already assigned a router-ID before we did a manual configuration, we need to
issue the “clear ip ospf process” command for the new router-id configuration to take
effect.
46
To verify:
#show ip protocols
47
CONFIGURING OSPF SECURITY
We have 2 ways to configure routing protocol security:

1. Passive Interfaces
2. Authentication
CONFIGURING OSPF PASSIVE INTERFACES:
Best Practice:
We need to make all interfaces passive first.
To configure OSPF to make all interfaces passive:
en
conf t
router ospf <process #>
passive-interface default
exit
48
Verify the existence of passive intefaces:
#show ip protocols
To make interfaces with routers connected to be not passive:
en
conf t
no passive-interface <interface name>
exit
To make interface serial 0/0 not passive:

49
Verify:
You can see here that serial 0/0 is not anymore included in the passive interfaces list.
50
CONFIGURING OSPF AUTHENTICATION:
We have 2 Steps in configuring Authentication in OSPF:

1. We need to activate the OSPF authentication for an area
2. We need to configure the password inside an interface (this should be the interface
connected to the neighbor OSPF router)
STEP1: We need to activate the OSPF authentication for an area:
SYNTAX:
conf t
area <area#> authentication message-digest
exit
Example,
To activate OSPF authentication for all routers in area 0
STEP2: We need to configure the password inside an interface (this should be the interface
connected to the neighbor OSPF router)
SYNTAX:
en
conf t
ip ospf message-digest-key <key #> md5 <key-string>
exit
NOTE:
key # → same with EIGRP, we can have multiple passwords configured in an interface.
Each password have an identifier, that identifier is called a key.
51
key-string → this is the password. Take note that the key-string configured in an interface
must be the same key-string configured in the neighbor router’s interface connected to it.
To configure the password/keystring to interface serial 0/0 ( we will be using the keystring
‘mnetpass’ )
To verify:
#show ip ospf interface serial 0/0

52
CONFIGURING OSPF DR and BDR
When OSPF is activated in an ethernet interface, it automatically elects a DR and BDR for
that connection.
How do routers choose who is the DR and BDR?

1. The router that has the highest interface priority becomes the DR, the router with
the next highest interface priority becomes the BDR
2. If all router interfaces has equal priority, the router with the highest router-id
becomes the DR, the router with the next highest router-id becomes the BDR.
The OSPF interface priority be default is equal to 1 (one).
The router that is neither a DR or BDR is called a Drother.
To make sure that a router does not participate in the DR/BDR election, we need to set its
interface priority to 0 (zero)
How to verify the interface priority?
#show ip ospf interface <interface name>

53
We can see here that the routers have already elected the DR and BDR:
R3 became the DR because it has the highest router-id 3.3.3.3 (R2’s RID is 2.2.2.2, R1’s
RID is 1.1.1.1)
To manually set who will become the DR and BDR, we need to configure a higher priority.
How to set OSPF interface priority:
SYNTAX:
en
conf t
ip ospf priority <priority value>
exit
priority value range = 0 – 255
To configure R1’s fa0/0 interface with a higher priority of 100 to make sure it becomes the
DR:
54
We need to clear ip ospf process for the changes to take effect: (we also need to clear the
ip ospf process on the neighbor router)
Verify:
55
CONFIGURING MULTI-AREA OSPF:
NOTE:
A router that has all OSPF activated interfaces in a single area is called an Internal Router.
A router that has one interface connected to the backbone area Area 0 and another
interface on a regular area is called an ABR (Area Border Router).
A router that has an interface connected to either a Regular Area or the backbone area
Area 0 and is injecting routes into the OSPF domain from EIGRP, Static Routes, or from
another OSPF process is called an ASBR (Autonomous System Boundary Router)
To configure a Router to become an ABR,

- we need to activate one of its interfaces to be a member of a regular area, and
another interface to be a member of Area 0.
Example,
Configure R1 and advertise its 192.168.10.0/24 network to be in area 0, and the

172.16.10.0/24 network to be in area 50
56
Verify:
#show ip protocols
To configure a router to become an ASBR:
Take note that ASBR routers injects external routes into the OSPF domain.
External routes can be Static Routes, Default Routes, Routes learned from another routing
protocol like EIGRP, RIP, BGP or from another OSPF process.
Example,
Let’s make R2 an ASBR router.
I need to create an external route first, e.g. a Static Default Route pointing to serial 0/1
To inject this Static Default route into OSPF, we need to propagate this default route into
our OSPF domain:
57
PROPAGATING A DEFAULT ROUTE INTO OSPF:
Use the following syntax to propagate a default route into OSPF:
en
conf t
default-information originate
exit
NOTE: We use the ‘default-information originate’ command on the OSPF router connected to
the internet so that it would advertise the default route to all OSPF routers in the OSPF
domain.
To verify:
#show ip protocols
58
We can view the propagated default route in the neighboring OSPF routers:
#show ip route ospf

59
IPV6 ROUTING
CONFIGURING IPv6 INTERFACE ADDRESSES:
To view configured IPV6 interface addresses:
#show ipv6 interface brief
To configure an IPV6 address on an interface:
SYNTAX:
en
conf t
ipv6 adddress <ipv6 address>/<subnet mask>
no shut
exit
Example,
To set an IPV6 address on serial 0/0
60
Verify:
To configure an EUI-64 Address:
SYNTAX:
en
conf t
ipv6 address <ipv6 network address>/<subnet mask> eui-64
no shut
exit
Example,
To configure an EUI-64 address on serial 0/1

61
Verify:

62
CONFIGURING IPV6 STATIC ROUTES:
We have 2 ways to configure static routes:

1. Exit interface way
2. Next Hop IP Address way
EXIT INTERFACE WAY:
SYNTAX:
en
conf t
ipv6 route <remote ipv6 network address>/<subnet mask CIDR format> <exit interface>
NEXT HOP IP ADDRESS WAY:
SYNTAX:
en
conf t
ipv6 route <remote ipv6 network address>/<subnet mask CIDR format> <next hop Ipv6
address>
EXIT INTERFACE WAY SAMPLE CONFIGURATION:
NOTE:
When configuring IPV6 routing, you need TO ACTIVATE THE IPV6 ROUTING FUNCTION
FIRST!
To activate:
SYNTAX:
en
conf t
ipv6 unicast-routing
exit
63
Sample IPV6 Exit interface way config:
Verify:
64
Sample IPV6 Next Hop Ip Address way config:
Verify:
CONFIGURING IPV6 STATIC DEFAULT ROUTE:
The IPV6 Default Route is ::/0
SYNTAX;
en
conf t
ip route ::/0 <exit interface/next hop ip address>
65
CONFIGURING OSPFv3 (OSPF for IPV6)

I will be using the topology below in the configuration examples:
2 Steps to configure:
1. Activate the OSPFv3 routing protocol, and configure the router-ID
2. Activate the interface whose network is to be advertised
STEP1: Activate the OSPFv3 routing protocol, and configure the router-ID
SYNTAX:
en
conf t
ipv6 router ospf <process #>
exit
66
STEP2: Activate the interface whose network is to be advertised
SYNTAX:
en
conf t
ipv6 ospf <process #> area <area#>
exit
Example,
Take note that unlike OSPF for Ipv4 where the router-id is an optional command since
OSPF can automatically find its own router-id (either from a loopback interface IP address
or a physical interface), the router-id in OSPFv3 is a mandatory configuration.
Let’s use the following Router-IDs:

R1 – 1.1.1.1
R2 – 2.2.2.2
R3 – 3.3.3.3
STEP1: Activate the OSPFv3 routing protocol, and configure the router-ID
67
R1 configs:
To verify configs:
#show ipv6 protocols

68
To view the IPV6 Routing Table:
#show ipv6 route
R2 CONFIGS:
69
Verify:
#show ipv6 route

70
R3 CONFIGS:
VERIFY:

71
#show ipv6 route ospf

72
CONFIGURING EIGRP FOR IPv6

I will be using the topology below for the configuration example:
1. Activate the EIGRP Routing protocol and configure the Router-ID
2. Activate the interface whose network is to be advertised.
STEP1: Activate the EIGRP Routing Protocol and configure the Router-ID
Syntax:
en
conf t
ipv6 router eigrp <autonomous system #>
no shut
exit
NOTE: We need the ‘no shut’ command to turn on the routing protocol.
73
Syntax:
en
conf t
ipv6 eigrp <autonomous system #>
exit
Configuration Example:
Again, compared with implementing EIGRP or IPV4, EIGRP for IPV6 requires us to
configure a router-id - this is a mandatory command.
Let’s use the following router-IDs
R1 – 1.1.1.1
R2 – 2.2.2.2
R3 – 3.3.3.3
STEP1: Activate the EIGRP Routing Protocol and configure the Router-ID
R1 configs:
R2 configs:
74
R3 configs:
R1 configs:
Verify:

75
R2 configs:
Verify:

76
#show ipv6 route eigrp
R3 configs:
77
Verify:
#show ipv6 route eigrp

78
CONFIGURING ACLs (Access Control List)

We have 2 Types of ACL:
1. Standard ACL
2. Extended ACL
ACL Number Range for both Types:

1. Standard ACL
➔ 1 – 99
➔ 1300 – 1999
2. Extended ACL
➔ 100 – 199
➔ 2000 – 2699
CONFIGURING STANDARD ACL
SYNTAX;
en
conf t
access-list <acl#> permit/deny <source ip/net address> <wildcard mask>
SPECIAL ACL Keywords:
1. Host keyword
➔ Use the host keyword when declaring a specific IP Address
Instead of this command:

permit/deny 172.16.18.1 0.0.0.0
We can do this using the Host Keyword

permit/deny host 172.16.18.1
79
2. Any Keyword
➔ Use the any keyword when declaring all networks
Instead of this command:

permit/deny 0.0.0.0 255.255.255.255
We do this using the Any keyword

permit/deny any
We have 2 Steps when Configuring ACLs:

1. Create the ACL based on the requirement
2. Apply the ACL inside an interrface for the ACL to take effect.
Example,
SCENARIO: (This will be configured on a router R1)
1. Allow the network 192.168.10.0/24 to access R1

2. Allow the network 172.16.17.0/24 to access R1
3. Allow the entire network 172.16.18.0/24 to access R1 except the IP Address
172.16.18.1/24
4. Deny all other networks
80
STEP1: Create the ACL based on the requirement:
SYNTAX:
en
conf t
NOTE: The ACL number range is from 1 – 100. I will be using ACL # 50 for this example.
Verify:
#show access-lists
81
STEP2: Apply the ACL inside an interface for the ACL to take effect
When we apply an ACL inside an interface, we need to specify if the ACL rule if for the
inbound direction (in) of traffic, or outbound direction (out) of traffic.
ACL Application rule: You can only apply 2 ACLs inside an interface, one ACL per direction
only. 1 in and 1 out.
SYNTAX:
en
conf t
ip access-group <acl#> in/out
exit
From our previous example, the ACL that we’re creating are rules for incoming traffic from
outside R1 – so we will specify the traffic direction here as in.
To apply the ACL on the serial 0/0 interface
Verify:
#show run interface serial 0/0

82
CONFIGURING A STANDARD ACL TO RESTRICT TELNET ACCESS:
This type of configuration will only restrict telnet access to the router, all other services will
be allowed.
1. Create the Standard ACL based on the requirement
2. Apply the ACL inside Line VTY
Example,
1. Allow the network 201.52.60.0/24 to telnet the router

2. Allow the network 192.168.12.0/24 to telnet the router
STEP1: Create the Standard ACL based on the requirement
Verify:
#show access-lists
STEP2: Apply the ACL inside Line Vty
SYNTAX:
en
conf t
line vty 0 4
83
access-class <acl#> in
CONFIGURING EXTENDED ACL:
SYNTAX:
en
conf t
access-list <acl #> permit/deny <source protocol tcp/udp> <source ip/network
address> <source wildcard mask> <destination ip/network address> <destination
wildcard mask> eq <destination port/application>
Extended ACL number range → 100 – 199
1. Create the ACL based on the requirement
2. Apply the ACL on an interface for the ACL to take effect
Example,
1. Allow the network 192.168.10.0/24 to telnet R1’s IP Address 192.168.10.1/24

2. Allow the entire network 172.16.16.0/24 to telnet R1’s IP Address
192.168.10.1/24 except the IP Address 172.16.16.18
STEP1: Create the ACL based on the requirement
en
conf t
access-list 150 permit tcp 192.168.10.0 0.0.0.255 host 192.168.10.1 eq 23
access-list 150 deny tcp host 172.16.16.18 host 192.168.10.1 eq 23
access-list 150 permit tcp 172.16.16.0 0.0.0.255 host 192.168.10.1 eq 23
Verify:
#show access-lists
84
STEP2: Apply the ACL on an interface for the ACL to take effect
85
NETWORK ADDRESS TRANSLATION (NAT)
Configuring PAT (Port Address Translation) / Many Private IP to Many Public IP NAT
I will be giving the steps to configure PAT using the following scenario:
Public Network IP Address Range → 185.32.50.81/29 – 185.32.50.84/29

Private Network Range → 172.16.18.0/24
STEP1: Create a Pool of Public IP Addresses to be leased out

[ Pool = Container ]
SYNTAX:
en
conf t
ip nat pool <poolname> <lower ip limit> <upper ip limit> netmask <subnet mask>
poolname
➔ any name to identify the range of IP Addresses to be leased out.
lower ip limit
➔ when given a range of Public IP Addresses to be leased out, the Lower IP Limit is
the lowest IP Address in the range
upper ip limit
➔ when given a range of Public IP Addresses to be leased out, the higher IP limit is
the highest IP address in the range
NOTE: If isang pirasong public IP Address lang ang ili-lease out, the lower and upper IP limit
is the same
subnet mask
➔ This is the subnet mask of the Public IP Addreses to be leased out
86
So,
Based on my scenario, this is the Pulic IP Addreses that I need to lease out:
Public Network IP Address Range → 185.32.50.81/29 – 185.32.50.84/29
lower ip limit = 185.32.50.81

upper ip limit = 185.32.50.84
subnet mask = 255.255.255.248
poolname ➔ kapool (this can be any name)
STEP2: Create an ACL permitting the private network that will borrow the public IP
Addreses.
SYNTAX: (You need a standard ACL here)

en
conf t
So,
Based on the my previous scenario, this is the private network that will borrow the public
IP Addresses:
Private Network Range → 172.16.18.0/24

87
STEP3: Link the Pool and the Standard ACL together ( Pagsamahin natin yung manghihiram
<acl> sa hihiramin <pool> )
SYNTAX:
en
conf t
ip nat inside source list <acl#> pool <poolname> overload
*NOTE: BASTA ANG NAT AY MAY “MANY” , WE NEED TO USE PORT NUMBERINGS, WE NEED
TO INFORM OUR ROUTER TO USE PORT NUMBERS, WE USE THE “OVERLOAD” KEYWORD,
SINCE ANG NAT NA MAY “MANY” AY GUMAGAMIT NG OVERLOAD NA KEYWORD, IS ALSO
KNOWN AS “NAT WITH OVERLOAD” , OR PORT ADDRESS TRANSLATION [PAT]
So,
Based on our previous configurations, we used ACL #50, and poolname kapool
STEP4: Configure Inside and Outside NAT Interfaces:
Inside Interface
➔ Interface ng router mo kung saan nakadikit yung private network na manghihiram
ng public IP Addresses ( Pwede tayong magkaroon ng maraming inside interfaces)
Outside Interafce
➔ Interface ng router mo na connected papuntang internet.
➔ Interface kung saan magaganap ang translation
SYNTAX for Inside Interface:

en
conf t
ip nat inside
exit
SYNTAX for Outside Interface:

en
conf t
outside nat interface
exit
88
So, based on the topology below:
My inside interface is Loopback 0.
My outside interface is Serial 0/0

To configure:
To test:
We do an extended ping on R1, using the loopback 0’s ip address as the source IP.
Check the translation table:
#show ip nat translations

89
We know that our NAT configuration is working if we see entries here.
Why is there no ping?
Take note that the source IP Address is now translated into 172.16.18.1. Based on my
topology, I need to inform and configure the router connected to the internet cloud that
the Public IP Addresses 185.32.50.81/29 – 185.32.50.84/29 (network address for these
IP addresses is 185.32.50.80/29) is located in R1 – we need to configure a Static route to
do that.
Internet Router:
en
conf t
ip route 185.32.50.80 255.255.255.248 192.168.10.1
We can try to do the extended ping again:

90
CONFIGURING STATIC NAT
We configure Static NAT if we want to have a public IP Address to be exclusively used by a

single private IP Address (this is most commonly used for servers)
For the configuration steps, we will use the following scenario:
Private IP Address → 172.16.16.1

Public IP Address → 50.0.0.1
Step1: Link the private IP and the public IP Addresses together
SYNTAX:
en
conf t
ip nat inside source static <private IP Address> <public IP Address>
Step2: Configure Inside and Outside NAT Interfaces
Based on my topology above,

Inside NAT Interface → Loopback 1
Outside NAT Interface → Serial 0/0
SYNTAX for Inside Interface

en
conf t
ip nat inside
exit
91
SYNTAX for Outside Interface

en
conf t
ip nat outside
exit
Testing:
Let’s create a Static route first in the Internet Router for the Public IP Address 50.0.0.1
Do an extended ping from R1 using 172.16.16.1 as the source IP
Check the translation table:
#show ip nat translations

92
BGP (Border Gateway Protocol) Configuration

I will be using this topology for the configuration examples:
To activate BGP;
SYNTAX:
en
conf t
router bgp <local autonomous system #>
neighbor <ip address of neighbor> remote-as <autonomous system# of neighbor>
exit
Verify:
#show ip bgp summary

93
Advertising networks into BGP:
SYNTAX:
en
conf t
router bgp <local autonomous system #>
network <network address> <mask> <subnet mask>
exit
Verify:
#show ip bgp
94
#show ip route bgp

95
REDUNDANCIES::
Configuring Floating Static Routes:
A floating static route, is a backup static route configured such that if the main static route
fails, the floating static route will automatically be used by the router.
We can do this by adding a static route with a slightly higher Administrative distance
SYNTAX;
en
conf t
ip route <remote network address> <subnet mask> <administrative distance>
Example,
To create a Main default route going to the exit interface serial 0/0 and a backup Floating
Static Default route going to the exit interface serial 0/1
Verify:
You can see from the output that although we configured 2 static routes, the Floating
static route is not showing (thus the term floating).
The only time that you will see the floating static route in the routing table is if the main
path fails.
96
FHRP (First Hop Redundancy Protocol)
We have 3 Types of FHRP:

1. HSRP (Hot Standby Routing Protocol)
2. VRRP (Virtual Router Redundancy Protocol)
3. GLBP (Gateway Load Balancing Protocol)
Note : GLBP is not included in the CCNA exam.
Configuring HSRP
I will be using the following topology in my configuration examples:
I will be using the following scenario in the configuration and syntax discussion:
Main router → Main

Backup Router → Backup
Virtual IP → 192.168.10.10
Note: HSRP is configured on the router interface that supposedly has the default gateway IP
Address
97
Configuring the HSRP Main Router:
MAIN:
en
conf t
interface fa0/0
!
! We need to configure the HSRP Group # and the Virtual IP Address
!
! SYNTAX:
! standby <group #> ip <virtual IP Address>
! use group # 1, Virtual IP = 192.168.10.10
!
standby 1 ip 192.168.10.10
!
!
! To make sure that main is the the Main router, we need to configure the HSRP priority
! value.
! The priority value by default = 100.
! The router with the highest priority would be the Main router.
!
! SYNTAX:
! standby <group#> priority <priority value>
!
! use Priority = 120, Group # 1
!
standby 1 priority 120
!
!
! To make sure na si Main ay Main router pa rin pag sya ay namatay at nabuhay ulit, we
! need to configure the HSRP preemption
!
! SYNTAX:
! standby <group#> preempt
!
standby 1 preempt
!
exit
98
Configuring the HSRP Backup router:
Backup:
en
conf t
interface fa0/0
!
! We need to configure the Group # and the Virtual IP Address.
! Note: The group # and Virtual IP Address must be the same with the Main router
!
! SYNTAX:
! standby <group#> ip <virtual IP Address>
!
! Group # 1, Virtual IP Address = 192.168.10.10
!
standby 1 ip 192.168.10.10
!
exit
99
Verify on Backup:
#show standby
Verify on Main:
#show standby
100
Configuring VRRP:
I will be using the following topology for the configuration example:
Scenario:
Main Router → Main
Backup Router → Backup
Virtual IP Address → 192.168.10.20
101
VRRP Main Router Config:
Main:
en
conf t
interface fa0/0
!
! We need to configure the VRRP Group # and the Virtual IP Address
!
! SYNTAX:
! vrrp <group #> ip <virtual IP Address>
!
! Use Group # 2, Virtual IP Address = 192.168.10.20
!
vrrp 2 ip 192.168.10.20
!
! To make sure the Main is the Main router, we need to configure the VRRP Priority value
! The priority value by default = 100.
! The router with the highest priority is the Main Router
!
! SYNTAX:
! vrrp <group#> priority <priority value>
!
! Use Priority value = 150
!
vrrp 2 priority 150
!
! To make sure that the main router would still be the Main router, if it fails and comes
! back up again, we need to configure router preemption.
!
! SYNTAX
! vrrp <group#> preempt
!
vrrp 2 preempt
!
exit
102
Verify:
#show vrrp
VRRP Backup Config:
Backup:
en
conf t
interface fa0/0
!
! Configure the VRRP Group # and Virtual IP Address
!
! SYNTAX:
! vrrp <group #> ip <virtual ip address>
!
! Use the Same group # with the Main router, and same Virtual IP address
!
vrrp 2 ip 192.168.10.20
exit
103
Verify:
#show vrrp
104
CONFIGURING GRE (Generic Routing Encapsulation)

I will be using the following topology in the configuration examples:
R1 config:
en
conf t
! To create the GRE Tunnel
! SYNTAX:
! interface tunnel <tunnel #>
!
interface tunnel 0
!
! Configure the tunnel encapsulation mode to GRE over IP
!
tunnel mode gre ip
!
! Configure the Tunnel IP Address
!
ip address 192.168.10.1 255.255.255.0
!
! Configure the Tunnel Source
! Tunnel Source → Public IP Address ng Local Router mo.
!
! SYNTAX:
! tunnel source <public ip address>
!
tunnel source 50.0.0.1
!
! Configure the Tunnel Destination
! Tunnel Destination → Public IP Address ng Router na didikitan mo
!
! SYNTAX:
! tunnel destination <public IP Address of remote router>
!
tunnel destination 60.0.0.1
105
exit
Verify:
R2 config:
en
conf t
! create the Tunnel interface
interface tunnel 0
!
! Configure the Tunnel Encapsulation Mode
tunnel mode gre ip
!
! Configure the tunnel IP Address
ip address 192.168.10.2 255.255.255.0
!
! Configure the Tunnel Source
tunnel source 60.0.0.1
!
! Configure the Tunnel Destination
tunnel destination 50.0.0.1
exit
106
Verify:
#show ip int brief
Test
107
CONFIGURING DHCP
We will be using this Scenario for the configuration exaple:
Private Network Address to be leased out → 192.168.10.0/24

Default Gateway IP address → 192.168.10.1
DNS Server → 2.2.2.2
Excluded Addresses → 192.168.10.1 – 192.168.10.9
Step1: Create a DHCP Pool
Poolname can be any name you want.
The DHCP pool will include the range of IP Addresses to be leased out.
I will use the poolname r1networkpool
Router:
en
conf t
!
! Create the Pool
! SYNTAX:
! ip dhcp pool <poolname>
!
ip dhcp pool r1networkpool
!
! Specify the network address that would be leased out. Note that the IP addresses that
! will be leased out will be the usable IP addreses from this network address.
!
! SYNTAX
! network <network address> <subnet mask>
!
network 192.168.10.0 255.255.255.0
!
! Configure the Default Gateway IP address
!
! SYNTAX
! default-router <default gateway IP address>
108
!
default-router 192.168.10.1
!
! Configure the DNS Server
! SYNTAX
! dns-server <dns server IP Address>
!
dns-server 2.2.2.2
exit
!
! Configure the Excluded IP Addresses
! These are IP Addresses that won’t be leased out (usually these are Server and Router
! IP addresses)
!
! SYNTAX:
! ip dhcp excluded-address <lower limit> <upper limit>
!
ip dhcp excluded-address 192.168.10.1 192.168.10.9
109
Router:
en
conf t
!
! We need to configure a username and a password
!
! SYNTAX: username <username> secret <password>
!
username admin secret cisco
!
! We need to create a Host domain for the Router/Switch
!
! SYNTAX: ip domain-name <domain name>
!
ip domain-name mnet-it.com
!
! Generate an RSA Key pair [ USE 1024]
!
! SYNTAX: crypto key generate rsa
!
crypto key generate rsa
!
! Enable SSH Version 2 on this Router
!
! SYNTAX: ip ssh version 2
!
ip ssh version 2
!
line vty 0 4
!
! We need to inform our router to ask for a username and a password
!
login local
!
! Inform our router to only accept SSH connections
!
transport input ssh
exit
110
Example,
Connecting to R1 via telnet (if SSH is not configured yet)
Configuring SSH to R1:
Trying to telnet R1 (after the SSH config)

111
To connect remotely to R1 using SSH:
SYNTAX: ssh -l <username> <ip address of remote router/switch>

112
Configuring PPP (Point-to-Point Protocol)

SYNTAX:
en
conf t
interface <serial interface name>
encapsulation ppp
exit
To verify the WAN Encapsulation set on a serial interface:
#show interface <serial interface name>
Note: The Default Serial Encapsulation set on Cisco routers is HDLC.
To change the encapsulation type to PPP:

113
Verify:
114
Configuring PPP Authentication
We have 2 types of PPP Authentication:

1. CHAP (Challenge Handshake Authentication Protocol)
2. PAP (Password Authentication Protocol)
To configure:
SYNTAX:
en
conf t
!
! Configure the username and password to be used for PPP authentication
!
! SYNTAX: username <username must be the Hostname of the neighbor router>
! password <password ; this must be the same on both routers for auth to pass>
!
username R2 password cisco
!
!
! We need to change the encapsulation type first to PPP
encapsulation ppp
!
! To change the Authentication type to PAP
! SYNTAX: ppp authentication pap
!
! To change the Authentication type to CHAP
! SYNTAX: ppp authentication chap
!
! To try the authetication type to CHAP first, then if it fails, use PAP
! SYNTAX: ppp authentication chap pap
!
! To try the authentication type to PAP first, then if it fails, use CHAP
! SYNTAX: ppp authentication pap chap
!
exit
115
116
GENERAL SWITCH CONFIGURATIONS

These are the General router configurations that we can configure to a switch:
1. Hostname
2. Enable password/Enable Secret
3. Line console 0 login, password and exec-timeout
4. Line Vty login and password
5. Interface Vlan 1 IP Address (Management Vlan)
6. IP Default Gateway
7. Switchport Modes
8. Switchport Security
To configure:
en
conf t
! To configure the hostname
! SYNTAX: hostname <hostname>
!
hostname Sw1
!
! To configure the Enable Password
! SYNTAX: enable password <password> ; enable secret <password>
!
enable secret cisco
!
! To configure line console 0 login, password, and exec-timeout
!
line console 0
login
password cisco
exec-timeout 0 0
exit
!
line vty 0 4
login
password cisco
exec-timeout 0 0
exit
!
! To configure Vlan 1 IP Address
117
!
interface vlan 1
ip address 192.168.1.10 255.255.255.0
no shut
exit
CONFIGURE SWITCH IP DEFAULT GATEWAY

SYNTAX:
en
conf t
ip default-gateway <ip adress of default gateway>
exit
118
CONFIGURE SWITCHPORT MODES:

SYNTAX:
en
conf t
!
interface fa0/2
!
! To make this interface a static trunk
! SYNTAX: switchport mode trunk
!
! To make this interfacce a static access port
! SYNTAX: switchport mode access
!
! To make this interface a Dynamic Auto Interface
! SYNTAX: switchport mode dynamic auto
!
! To make this interface a Dynamic Desirable Interface
! SYNTAX: switchport mode dynamic desirable
exit
119
Example,
To configure fa0/2 as an Access Port:
Verify:
120
To configure fa0/1 as a Trunk port
Verify:
To view active trunk interfaces:

121
CONFIGURING SWITCHPORT SECURITY:

SYNTAX:
en
conf t
interface fa0/3
!
! We need to make this interface an Access port first. NOTE: switchport security can only
! be configured on manually configured access ports
!
switchport mode access
!
! Enable switchport security
! SYNTAX: switchport port-security
!
switchport port-security
!
! We can now configure the maximum number of MAC addresses to be learned
! on this port
!
! SYNTAX: switchport port-security maximum <maximum number of MAC Addresses>
!
switchport port-security maximum 1
!
! We need to configure what will happen if a violation occurs
! SYNTAX: switchport port-security violation protect/restrict/shutdown
!
switchport port-security violation shutdown
!
exit
122
Verify:
Configure a Static MAC Address for Port-Security

123
Configuring VLANs:
We have 2 ways to configure VLANs:
1. VLAN Configuration Mode way
o Supported by newer Cisco switches
2. VLAN Database mode way

o Supported by older Cisco Switches
VLAN CONFIGURATION MODE WAY:
SYNTAX:
en
conf t
vlan <vlan #>
name <Vlan Name>
exit
Example,
To create Vlan 10 for Engineering
Verify:
124
VLAN DATABASE MODE WAY:
SYNTAX:
en
vlan database
vlan <vlan #> name <Vlan Name>
exit
Example,
To create Vlan 20 for Sales
Verify:
125
ASSIGNING PORTS TO VLANS
SYNTAX:
en
conf t
interface fa0/4
!
! Configure this interface as an access port first
!
switchport mode access
!
! To assign this port to a VLAN
! SYNTAX: switchport access vlan <vlan#>
!
! To assign this port to Vlan 10
switchport access vlan 10
exit
Verify:
126
TO APPLY SIMILAR COMMANDS OVER A RANGE OF PORTS – WE USE THE “INTERFACE RANGE
COMMAND”
To assign ports f0/5 – 10 to Vlan 20
Verify:
127
CONFIGURING VTP (Virtual Trunking Protocol)
2 Ways to Configure:
1. VTP Configuration Mode way
o This is supported by newer Cisco Switches
2. VTP Database Mode Way

o Supported by older Cisco switches
VTP Configuration Mode Way:
SYNTAX:
en
conf t
!
! To make this a VTP Server
! SYNTAX: vtp mode server
!
! To make this a VTP Client
! SYNTAX: vtp mode client
!
! To make this a VTP Transparent Switch
! SYNTAX: vtp mode transparent
!
! To configure this switch into a VTP domain
! SYNTAX: vtp domain <domain name>
!
! To configure the password for VTP
! SYNTAX: vtp password <vtp password>
exit
128
VTP Database Mode Way:
SYNTAX:
en
vlan database
!
! To make this a VTP Server
! SYNTAX: vtp server
!
! To make this a VTP Client
! SYNTAX: vtp client
!
! To configure the VTP domain name
! SYNTAX: vtp domain <domain name>
!
! To configure the VTP password
! SYNTAX: vtp password <password>
exit
Example,
To configure this switch as VTP Server, use the VTP domain ccnatraining, and VTP
password passvtp using the VTP Configuration Mode way:
Verify:
129
Another Example,
To configure this switch as VTP Client, with VTP domain ccnaguide , and password
guidepass using VTP Database Mode way:
Verify:
130
TRUNKING ENCAPSULATIONS:
We have 2 Trunking Encapsulation Types:

1. ISL ( Inter-Switch Link)
2. Dot1Q (802.1q)
SYNTAX:
en
conf t
interface fa0/1
!
! Configure this interface as a static Trunk
switchport mode trunk
!
! Configure the Trunking Encapsulation type
! SYNTAX: switchport trunk encapsulation isl/dot1q
!
exit
Note: In some Cisco switches, if we configure their ports as trunks – it will automatically
assign the trunking encapsulation type to dot1q (In some switches, the ISL Encapsulation
is not supported so if we enter the command to change the encapsulation type – it will be
marked as an Invalid Input – See figure below)
131
To verify the Trunking encapsulation used by an interface:
#show interfaces trunk
#show interface fa0/2 switchport

132
CONFIGURING NATIVE VLANs
Note: The Native Vlan by default is Vlan 1
Verify:
To change the Native Vlan used by a Trunk Port:
SYNTAX:
en
conf t
interface fa0/1
!
! SYNTAX: switchport trunk native vlan <vlan#>
!
! To change the native vlan for this trunk port to Vlan 20
!
switchport trunk native vlan 20
exit
133
Verify:
NOTE: The Native Vlan configured on the switch domain must be the same.
If the Native Vlan configured is different, we will see a Native Vlan mismatch. See figure
below:
134
Configuring Inter-Vlan Routing / Router-on-a-Stick

To enable Host devices to communicate with other Devices in different VLANs – we need
to Configure Inter-Vlan Routing.
SCENARIO:
To configure the network scenario above:
1. We need to configure the Vlans on the switch

135
Verify:
2. Assign the ports where the PCs are connected to their proper VLANs
Verify:
136
3. Configure the Switch interface connected to the Router as a Trunk interface
Verify:
Note: The ‘show interfaces trunk’ output only shows active trunks – We haven’t configured
the router yet so fa0/1 is not yet active, that’s why fa0/1 is not yet showing in the output.
We will check this output later after the router configuration.
137
4. We can now configure Router-on-a-Stick
SYNTAX;
R1;
en
conf t
!
! We need to turn on the router interface that is connected to the switch
!
interface fa0/0
no shut
exit
!
! We need to create the sub-interface
! SYNTAX: interface fa0/0.<sub-interface number>
! Best practice that the sub-interface number that we use equals the Vlan#
!
interface fa0/0.10
!
! Configure the trunking encapsulation to use and assign this sub-interface to a Vlan
! SYNTAX: encapsulation dot1q <vlan#>
!
! To configure the dot1q encapsulation and assign this sub-interface to Valn 10
!
encapsulation dot1q 10
!
! Configure the IP Address
ip address 192.168.10.1 255.255.255.0
exit
138
Verify:
Note that although we have only configured 1 sub-interface, the trunk port on our switch
will now be active, as can be seen by the output below:
139
Let’s configure the remaining sub-interfaces
Verify:
Configurations complete!
Now let’s test:
We know that the router-on-a-stick setup is correct if all host devices can ping their default
gateway IP Address, and ping other PC that’s assigned to other VLANs.
Let’s test that using Pc1:
Ping the default gateway IP:

140
Ping PC2
Ping PC0
141
MULTILAYER SWITCHING:
Sa Multilayer switching, nililipat natin yung functions ng Router with regards sa Intervlan
routing sa isang tinatawag na Layer 3 Switch.
A Layer 3 Switch is a switch that has both Layer 2 and Layer 3 Functions.
Sa Intervlan routing (Router-on-a-Stick) configuration, nagko-configure tayo ng Sub-

interfaces. Bawat isang subinterface ay ina-assign natin sa bawat isang Vlan, at nilalagyan
natin ng IP Address na nagsisilbing Default Gateway IP address na ginagamit ng mga
workstations na assigned sa kani-kanilang Vlans.
Sa Multilayer Switching, imbes na mag-configure tayo ng subinterfaces – ang inilalagay

natin sa kanya ay ang mga tinatawag na SVI (Switched Virtual Interface).
Ilalagay natin sa SVI yung IP Address na gagamitin ng mga Host Devices natin as their
Default Gateway IP Addresses.
142
Scenario:
Gamit yung almost similar topology na ginamit natin sa Intervlan Routing, i-configure natin
itong network topology using a Multilayer (L3) Switch.
1. Note that all Vlans should be available on all switches – kaya dapat yung Vlan 10, 20
and 30 natin ay nakikita natin on all switches. We can do that by using VTP to
automatically propagate the Vlans. Or, in this instance since hindi tayo nag-setup ng VTP,
let’s just configure the VLANs in L3SW manually.
143
Verify:
2. We need to configure the interface connected to a neighboring switch as a Trunk port

(In our scenario, this is F0/1 of L3SW)
Notice the output – in some switches, like the 3560 switch that I used here, to be able to
manually configure an interface as a trunk port, we need to configure the trunking
encapsulation first.
Take note, iba-ibang switch model, iba-ibang configuration minsan – depende kasi sa IOS.
May mga ibang switch model na switchport mode trunk lang yung ilagay ninyo pwede na –
automatic na agad yung dot1q encapsulation. May mga ibang switch model na gusto nila,
i-set niyo muna yung dot1q encapsulation.
144
Verify:
NOTE: Remember. Bago natin i-configure yung mga SVIs, dapat nagawa niyo na ito -
Nakalagay na sa L3 Switch ninyo lahat ng Vlans and naka-configure na tayo ng trunk sa
lahat ng mga switches na connected sa kanya.
3. We can now configure the SVIs (Switched Virtual Interface)
Ano nga ulit yung SVI? Eto ay mga logical interfaces sa switch mo (equivalent sya ng mga
sub-interfaces na ginawa natin sa Router-on-a-Stick natin) kung saan natin iko-configure
yung mga IP Addresses na gagamiting Default Gateway IP address ng mga workstations
natin.
Yung Default Gateway IP ng lahat ng mga workstations na members ng Vlan 10 - ay

ilalagay natin sa Vlan 10 SVI.
Yung Default Gateway IP ng mga workstations na members ng Vlan 20 ay nakalagay

naman sa Vlan 20 SVI, and so on..
SYNTAX:
en
conf t
interface vlan <vlan#>
ip address <ip address> <subnet mask>
no shut
exit
145
Verify:
4. We can now test yung connectivity ng mga workstations sa Default Gateway IP nila.
Test tayo from PC0:

146
Test from Pc1:
Test from Pc2:

147
5. We can also test Intervlan connectivity
Pag sinabing Intervlan connectivity, ibig sabihin yung mga PC from a Vlan can ping PCs on
a different Vlan.
To test,
From PC2 ping PC0
From PC2 ping PC1
Bakit walang ping??!! - Hindi pa tayo tapos. Kailangan pa natin mag-configure ng Inter-
Vlan Routing.
148
6. Configure Inter-Vlan Routing
Ano yung Intervlan routing? This is when we inform our switch to act as a Router.
Paano yun?
SYNTAX:
en
conf t
! This command will activate the routing function on your switch.
ip routing
Verify first:
Yan yung output pag hindi pa naka-activate yung routing function ng switch. Also, if hindi
yan naka-activate, yung mga Pc from different Vlans though kaya nilang i-ping yung
default gateway nila cannot ping PCs from a different Vlan.
Activate na natin:
Verify:
149
150
Test tayo ng Intervlan connectivity between workstations:
From PC2 ping PC0
From PC2 ping PC1:

151
7. Configure L3SW to advertise Vlan Networks to R1
Para magkaroon ng connectivity yung mga Vlan workstations natin sa ibang Branch
offices, and para maka-connect sila sa internet (Take note that though meron na tayong
L3Switch, yung internet and connectivity to other Branch offices is still done by the router).
Based on my scenario, configure tayo ng EIGRP between L3SW and R1.
Configure muna natin si R1:
Verify:
Wala pang laman yung routing table ni R1 kasi hindi pa sila neighbor ni L3SW.
152
Configure na natin si L3SW for Routing:
Kailangan nating lagyan ng IP Address yung interface ni L3SW na nakadikit kay R1:
May error. Ayaw tanggapin nung switch yung command.
Bakit?
Kasi hindi tayo pwedeng maglagay ng IP Address sa switch interface or switchport.
To override, we need to inform the switch na hindi na switch interface etong interface na
to. Kailangan nating sabihin na this is already a routed port.
SYNTAX:
en
conf t
! to tell the switch na hindi na ito switchport at routed port na
!
no switchport
exit
Once malagay na natin yung ‘no switchport’ command, papayagan na tayo ng switch
maglagay ng IP Address sa switch interface:
153
Verify:
Test natin yung connectivity from L3SW to R1:
We can then configure EIGRP 100 sa L3SW. Advertise natin lahat ng Vlan networks.
Verify natin yung routing table ni L3SW:

154
Verify natin yung routing table ni R1;
Notice na nakikita na natin sa routing table ni R1 yung mga Vlan networks.
Testing:
Create tayo ng Loopback interface kay R1 para yan yung iping ng mga workstations natin.
Advertise natin yan thru EIGRP:
Check natin kung natanggap ni L3SW yung bagong network advertisement:

155
Test tayo ng connectivity.
From PC2 ping 80.0.0.1
From PC1 ping 80.0.0.1

156
CONFIGURING SPANNING TREE PROTOCOL (STP)

I will be using this topology in my configuration and explanation scenarios:
STP is enabled by default.
And in Cisco Switches - PVST ( Per Vlan Spanning Tree) is turned on by default.
If hindi tayo mag-manual configuration sa STP, yung mga switches natin would
automatically elect their own Root Bridge and assign their respective STP Port Roles.
157
To verify the Spanning Tree Status:
#show spanning-tree
Based lang dyan sa output sa taas, makikita mo na agad na merong iba-ibang instances ng
STP yung SW1 ko - meaning, the switch is running PVST.
158
Based on my topology and its automatic elections - si SW3 ang elected root bridge for all
Vlans as can be seen here:
159
We can configure our switches to use a Different Root Bridge per Vlan.
Configuring Root Switch:
SYNTAX:
en
conf t
spanning-tree vlan <vlan#> root <primary/secondary>
SCENARIO:
To configure SW1 as Root Bridge for Vlan 10, and SW2 as secondary root bridge for Vlan
10.
Verify:
160
Changing the Default STP Mode:
Ang default STP mode ng mga Cisco switches natin is PVST.
But, we can change the spanning-tree mode to either PVST or RPVST (Rapid PVST)
SYNTAX:
en
conf t
spanning-tree mode <pvst/rapid-pvst>
exit
Example,
To change the Spanning-Tree mode of SW2 to RPVST.
161
Verify:
162
STP ENCHANCEMENTS:
PORTFAST:
To Enable Portfast in an Interface:
SYNTAX:
en
conf t
spanning-tree portfast
exit
Example,
To enable portfast in SW2’s fa0/10 interface
Verify:
#show spanning-tree interface <interface name> portfast

163
BPDUGUARD:
To enable BPDUGUARD on an interface:
SYNTAX:
en
conf t
spanning-tree bpduguard enable
exit
To disable BPDUGUARD on an interface:
SYNTAX:
en
conf t
spanning-tree bpduguard disable
exit
Example,
To enable BPDUGUARD on SW2’S f0/10 interface

164
ETHERCHANNEL:
I will be using the following topology in the syntax and configuration examples:
Things to Remember when configuring Etherchannels:
1. Bundled interfaces MUST have the identical configurations
2. Hindi mo pwedeng i-bundle ang Fast Ethernet Interface sa Gigabit Ethernet Interface.
Yung mga bundled interfaces must have the same speed.
3. Hindi mo pwedeng pagsamahin ang PagP sa LACP.
4. If PagP ang gagamitin mo yung two sides must be either:

* Auto – Desirable
* Desirable – Desirable
5. If LACP ang gagamitin mo, yung two sides must be either:

* Active – Active
* Active – Passive
165
Configuration Syntax and Example:
SW1:
en
conf t
!
! To make sure na identical yung configuration natin sa mga interfaces na kasama sa
! Etherchannel Bundle – we use the interface range command to configure
!
interface range fa0/3 – 4
!
! BEST PRACTICE: Shutdown the interfaces first bago tayo mag-configure
!
shutdown
!
! Inform the switch what interface negotiation protocol to use
! SYNTAX: channel-protocol <lacp/pagp>
!
! For this example, let’s use LACP
!
channel-protocol lacp
!
! We can now create the Port-Channel
! SYNTAX: channel-group <group #> mode <mode>
! Modes for PAGP : Auto or Desirable
! Modes for LACP : Active or Passive
! Modes for Static Etherchannel : On
!
! For this example, let’s use the Active mode, and Group # 1
!
channel-group 1 mode active
!
! We can then turn on the interfaces
!
no shut
exit
166
Let’s configure SW3:
SW3:
en
conf t
!
! We use the interface range command to make sure that all interfaces included in the
! Etherchannel bundle have identical configurations
!
interface range fa0/3 – 4
!
! I-shutdown muna natin yung mga interfaces
!
shutdown
!
! Configure natin kung anong Etherchannel Negotiation protocol ang gagamitin
!
! Since LACP yung ginamit natin dun sa katapat nya, dapat LACP din ang gagamitin natin
! dito:
!
channel-protocol lacp
!
! Configure natin yung channel-group. Take note na hindi required na magkapareha
! ng group number yung mga switches. So for this config – let’s use Group # 2
!
! Kasama din sa config yung mode. Since active yung ginawa natin kanina sa SW1,
! active na rin yung ilagay natin dito sa SW3
!
167
channel-group 2 mode active

!
no shut
exit
Verify:
#show etherchannel summary
On SW3:
168
On SW1:
169

CCNA 200-125 Portable Command Guide PDF

Uploaded by

Copyright:

Available Formats

CCNA 200-125 Portable Command Guide PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CCNA 200-125 Portable Command Guide PDF

Uploaded by

Copyright:

Available Formats

1

PASSIVE INTERFACES .......................................................................................................................... 36

BGP (Border Gateway Protocol) Configuration ......................................................................................... 92

Configuring Root Switch:...................................................................................................................... 159

Router RAM and Flash

ROUTER INTERFACES AND NAMING CONVENTIONS

CONNECTING ROUTERS TO WAN:

LAB SIMULATION TOOLS:

Packet Tracer is the network simulation tool created by Cisco.

You can access the tutorial here → https://www.youtube.com/watch?v=yEEIweCaUSk

This is one of the best network simulation tools available.

You can access the tutorial here → https://youtu.be/A0d-6bm9nsc

CHECKING ROUTER CONNECTIONS VIA CLI:

#show controllers serial <interface number>

router#show controllers serial 0/1

router#show controllers serial 0/0

CHECKING ROUTER SPECIFICATIONS VIA CLI:

CISCO IOS CONFIGURATION MODES:

ENABLE MODE/PRIVILEGED MODE

GLOBAL CONFIGURATION MODE

GENERAL ROUTER CONFIGURATIONS:

GENERAL ROUTER CONFIGURATIONS:

Setting Router Hostname:

Setting the Enable Password

Setting the Line console Login and Password:

Setting the Line vty login and password

Configuring Banner Logins

How to configure an encrypted enable password

How to encrypt all passwords configured

CONFIGURING INTERFACE IP ADDRESSES:

To view the IP Addresses set on the Router’s interfaces

#show ip interface brief

To configure interface IP Addresses:

Verify the configured IP Address:

CONFIGURING LOOPBACK INTERFACES:

To verify the configured IP Addresses:

#show ip interface brief

To create a Loopback interface and configure its IP Address:

To verify the configured loopback interfaces:

CONFIGURING STATIC ROUTING:

To view the ip routing table:

We have 2 ways to configure a Static Route:

EXIT INTERFACE WAY

Verify the configured static route:

NEXT HOP IP ADDRESS WAY SYNTAX:

To verify the configured static route:

CONFIGURING STATIC DEFAULT ROUTES:

What is a Default Route?

DEFAULT ROUTE SYNTAX:

Verify the configured Default Route:

1. A router is a stub router

Sample topology that will be used for the syntax examples:

3 ways to Configure EIGRP:

1. Basic Way (CCNA WAY)

2. ADVANCED WAY (Network advertisement line with Wildcard Masks)

Autonomous System Number

1. Using the BASIC WAY:

2. Using the Advanced Way

To view the interface defaults: