Scribd
Upload
14 views33 pages

CommandReference NET126 SRWEv7

Uploaded by

fallj366
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
14 views33 pages

CommandReference NET126 SRWEv7

Uploaded by

fallj366
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 33

Command Reference Guide for IOS

Commands

NET126
Routing and Switching Essentials
V7
17 December 2019

CommandReference-NET126-SRWEv7.docx 12/17/2019 Page 1 of 33


Configurations by Modules

Module 1 Basic Device Configuration

Basic Router Configurations


Router# configuration terminal
Router(config)# hostname R1
R1(config)# enable secret class
R1(config)# line console 0
R1(config-line)# password cisco Non-encrypted password of cisco
R1(config-line)# login
R1(config-line)# exit
R1(config)# line vty 0 4
R1(config-line)# password cisco Non-encrypted password of cisco
R1(config line)# login
R1(config-line)# exit
R1(config)# service password-encryption Encrypts all plain text passwords
R1(config)# banner #Authorized personnel only!#
R1(config)# end
R1# copy running-config startup-config

Configure an IPv4 LAN interface


R1(config)# interface gigabitethernet 0/1
R1(config-if)# description Link to LAN 1 Description for interface
R1(config-if)# ip address 192.168.1.1 255.255.255.0
R1(config-if)# no shutdown
R1(config-if)# do show ip route Use the do command to display show outputs

Configure an IPv4 WAN Interface


R1(config)# interface serial 0/0/0
R1(config-if)# description Link to R2 Description for interface
R1(config-if)# ip address 172.16.1.1 255.255.255.252
R1(config-if)# clockrate 128000 Change clock rate on DCE end only
R1(config-if)# no shutdown
R1(config-if)# do show ip route | begin Gateway Use the do command to display show outputs

Configure Global Unicast IPv6 Address


R1(config-if)# ipv6 address ipv6-address / prefix

CommandReference-NET126-SRWEv7.docx 12/17/2019 Page 2 of 33


R1(config-if)# ipv6 address ipv6-address / prefix eui-64 Using EUI-64
Configure Static Link-Local IPv6 Address
R1(config-if)# ipv6 address ipv6-address / prefix link-local

Enable Automatic Link-local IPv6 Address


R1(config-if)# ipv6 enable Interface will create link local automatically

Enable a Connected PC to Automatically Configure an IPv6 Address


R1(config)# ipv6 unicast-routing Allows PC to receive IPv6 address and default
gateway automatically without a DHCP server

Configure an IPv6 LAN Interface


R1(config)# Interface gigabitethernet 0/0
R1(config-if)# description Link to LAN 1
R1(config-if)# ipv6 address 2001:db8:acad:1::1/64
R1(config-if)# no shutdown

Configure an IPv6 WAN Interface


R1(config)# Interface serial 0/0/0
R1(config-if)# description Link to R2
R1(config-if)# ipv6 address 2001:db8:acad:3::1/64
R1(config-if)# clockrate 128000
R1(config-if)# no shutdown

Configure a Loopback Interface


R1(config)# interface loopback 0 or lo0
R1(config-if)# ip address 10..1.1 255.255.255.0

Router IPv4 Show Commands


R1# show ip interface brief Displays minimal interface data
R1# show ip route Displays the IPv4 routing table
R1# show running-config interface g0/0 Displays the configurations on interface G0/0
R1# show interfaces Displays interface information & packet flow
R1# show ip interfaces Displays IPv4 data on all interfaces

Router IPv6 Show Commands


R1# show ipv6 interface brief Displays minimal ipv6 interface data
R1# show ip route Displays the IPv6 routing table
R1# show ipv6 interface g0/0 Displays IPv6 data on interface g0/0

Number of Lines to Display


CommandReference-NET126-SRWEv7.docx 12/17/2019 Page 3 of 33
R1# terminal length NN Displays NN lines, NN is number of lines
R1# terminal length 0 This does not pause the output

Filtering the Show Command


section: show the entire section starting with filtering expression
include: Includes lines that match the filtering expression
exclusion: Excludes lines that match the filtering expression
begin: Show lines starting with the one that matches the filtering expression

R1# show run | section line vty Displays the line vty section only
R1# show ip int brief | include up Displays lines that are up
R1# show ip int brief | exclude unassigned Displays only assigned interfaces
R1# show ip route | begin Gateway Displays lines starting with the Gateway line

History
R1# show history Default history buffer size is 10
R1# terminal history size 200 sets the history buffer size to 200

Configuration for SSH Remote Management on a Live Switch


S1# show ip ssh Verifies the switch can do SSH
S1(config)# ip ssh version 1
S1(config)# ip ssh version 2
S1(config)# no ip ssh version
S1(config)# ip domain-name cisco.com Domain name is necessary for SSH configuration
S1(config)# crypto key generate rsa modulus 1024 1024 is the bit value for encryption
S1(config)# username admin secret cisco
S1(config)# line vty 0 15
S1(config-line)# transport input ssh Switches VTY line to SSH access
S1(config-line)# login local Require authentication through the local
database
Configuration for SSH Remote Management on a Packet Tracer Switch
S1# show ip ssh Verifies the switch can do SSH
S1# configure terminal
S1(config)# ip domain-name cisco.com Domain name is necessary for SSH configuration
S1(config)# crypto key generate rsa PT doesn’t recognize the work modulus
The name for the keys will be: S1.cisco.com
...
How many bits in the modulus [512]: 1024 1024 is the bit value for encryption
...
S1(config)# username admin secret cisco
S1(config)# line vty 0 15
CommandReference-NET126-SRWEv7.docx 12/17/2019 Page 4 of 33
S1(config-line)# transport input ssh Switches VTY line to SSH access
S1(config-line)# login local Require authentication through the local
Database

Configure Local Username and Password with Privileges


S1(config)# username admin privilege 15 secret cisco

S1(config)# username admin ?


password Specify the password for the user The password is not encrypted
privilege Set user privilege level Sets the privilege level [0-15], 15 is highest
secret Specify the secret password for the user The password is encrypted

Modifying the Default SSH Configuration


S1(config)# ip ssh time-out 75 Disconnects session after 75 seconds
S1(config)# ip ssh authentication-retries 2 Allows 2 login attempts then resets

Removing the VTY Line Password


S1(config)# line vty 0 15
S1(config-line)# no password

Delete RSA Key Pairs


S1(config)# crypto key zeroized rsa Disables SSH

Verify SSH Status and Settings


S1# show ip ssh Version & configurations for SSH
S1# show ssh Check SSH connections to the device

CommandReference-NET126-SRWEv7.docx 12/17/2019 Page 5 of 33


Module 3 VLANs

Display Flash Directory


Switch# dir flash:

Create a VLAN & Associate it with an Interface


S1# configure terminal
S1(config)# vlan vlan-id vlan-id is the number associated with the
created vlan
S1(config-vlan)# name vlan-name vlan-name is the name associated with the
Created vlan
S1(config-vlan)# exit
S1(config)# interface vlan-id
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan vlan-id

VLAN Creation Example


S1# configure terminal
S1(config)# vlan 10
S1(config-vlan)# name Students
S1(config-vlan)# exit
S1(config)# interface 10
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 10

Configuring a Switch Management Interface


S1# configure terminal
S1(config)# vlan 99
S1(config-vlan)# name Managment
S1(config-vlan)# exit
S1(config)# interface 99
S1(config-if)# ip address 192.168.99.11 255.255.255.0 This will be the address to access the switch
S1(config-if)# no shutdown
S1(config-if)# exit

Configuring the Default Gateway for the Above example


S1(config)# ip default-gateway 192.168.99.1

Configuring Duplex and Speed


S1# configure terminal

CommandReference-NET126-SRWEv7.docx 12/17/2019 Page 6 of 33


S1(config)# interface g0/1
S1(config-if)# duplex full
S1(config-if)# speed 100

Enable Auto-MDIX on an Interface


S1# configure terminal
S1(config)# interface g0/1
S1(config-if)# duplex auto Autonegotiate duplex
S1(config-if)# speed auto Autonegotiate speed
S1(config-if)# mdix auto Autonegotiate mdix

Verify Auto-MDIX
S1# show controllers ethernet-controllers g0/1 phy | include Auto-MDIX

Verification Show Commands


S1# show interfaces interface-id
S1# show startup-config
S1# show running-config
S1# show flash
S1# show version
S1# show history
S1# show ip interface-id
S1# show ip interface brief
S1# show mac-address-table

Show Commands for VLAN Data


S1# show vlan
S1# show valn brief
S1# show interface fa0/18 switchport

Create a VLAN
S1(config)# vlan 10 VLAN created with an ID of 10
S1(config-vlan)# name Student VLAN 10 with the name of Student

Create Multiple VLANs


S1(config)# vlan 10-30 Creates VLANs 10 thru 30

Assign Ports to a VLAN


S1(config)# interface fa0/18
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 10 Assigns the interface to VLAN 10
CommandReference-NET126-SRWEv7.docx 12/17/2019 Page 7 of 33
Remove VLAN Assignment
S1(config)# interface fa0/18
S1(config-if)# no switchport access vlan Removes the interface from a vlan

Delete a VLAN
S1(config)# no vlan 10

Delete the VLAN Database from Flash


S1# delete flash:vlan.dat Deletes all VLAN data from flash

Verify VLAN Data


S1# show vlan brief
S1# show vlan id VLAN-ID
S1# show vlan name VLAN-Name
S1# show interfaces switchport

Trunk Configuration
S1(config)# interface fa0/1
S1(config-if)# switchport mode trunk Switches the interface into trunk mode
S1(config-if)# switchport trunk native vlan 88 Places the interface into the native VLAN of 88
S1(config-if)# switchport trunk allowed valn 10,20,30 Allows on traffic for VLANS 10, 20, 30

Removes Interface from Trunk Mode back to Default


S1(config)# interface fa0/1
S1(config-if)# no switchport trunk native vlan
S1(config-if)# no switchport trunk allowed vlan

Reset an Interface to Default


S1(config)# interface fa0/1
S1(config-if)# switchport mode access

Enabling Trunking that does not send DTP Traffic


S1(config-if)# switchport mode trunk
S1(config-if)# switchport nonnegotiate Will not generate DTP frames

Setting DTP Modes


S1(config-if)# switchport mode access Non-trunk mode (access)
S1(config-if)# switchport mode dynamic auto Default for newer interfaces
S1(config-if)# switchport mode dynamic desirable Default for older interfaces

CommandReference-NET126-SRWEv7.docx 12/17/2019 Page 8 of 33


S1(config-if)# switchport mode trunk Permanent trunk mode
S1(config-if)# switchport nonnegotiate Will not generate DTP frames

Show Current DTP mode


S1# show dtp interface

Troubleshooting Missing VLAN


S1# show vlan brief
S1# show mac address-table interface fa0/1
S1# show interface fa0/1 switchport

Troubleshoot Trunks
S1# show interface trunk
S1# show interface fa0/1 trunk
S1# show interface fa0/1 switchport

CommandReference-NET126-SRWEv7.docx 12/17/2019 Page 9 of 33


Module 4 Inter-VLAN routing Legacy

Legacy Inter-VLAN Routing

S1(config)# vlan 10 Create a VLAN name if required


S1(config-vlan)# vlan 30 Create a VLAN name if required
S1(config-vlan)# interface range f0/1,f0/6 Can be done separately or as a range of
interfaces
S1(config-rng-if)# switchport mode access
S1(config-rng-if)# switchport access vlan 10
S1(config-vlan)# interface range f0/2,f0/18 Can be done separately or as a range of
interfaces
S1(config-rng-if)# switchport mode access
S1(config-rng-if)# switchport access vlan 30

R1(config)# interface g0/0


R1(config-if)# ip address 172.16.10.1 255.255.255.0
R1(config-if)# no shutdown
R1(config)# interface g0/1
R1(config-if)# ip address 172.16.30.1 255.255.255.0
R1(config-if)# no shutdown

CommandReference-NET126-SRWEv7.docx 12/17/2019 Page 10 of 33


Module 4 Inter-VLAN Routing Router-on-a-Stick

S1(config)# vlan 10 Create VLAN name if necessary


S1(config-vlan)# vlan 30 Create VLAN name if necessary
S1(config-vlan)# interface fa0/6
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 10
S1(config-if)# interface fa0/18
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 30
S1(config-if)# interface fa0/1
S1(config-if)# switchport mode trunk

R1(config)# interface g0/0.10


R1(config-if)# encapsulation dot1q 10
R1(config-if)# ip address 172.16.10.1 255.255.255.0
R1(config-if)# interface g0/0.30
R1(config-if)# encapsulation dot1q 30
R1(config-if)# ip address 172.16.30.1 255.255.255.0
R1(config-if)# interface g0/0
R1(config-if)# no shutdown

CommandReference-NET126-SRWEv7.docx 12/17/2019 Page 11 of 33


Inter-VLAN Routing Router-On-A-Stick with Native VLAN Config
R1(config)# interface g0/0.10
R1(config-if)# encapsulation dot1q 88 native
R1(config-if)# ip address 172.16.88.1 255.255.255.0
R1(config-if)# interface g0/0
R1(config-if)# no shutdown

Display VLAN Information on a Router


R1# show vlan

Enable Routing on a Layer 3 Switch


S1(config)# ip routing
S1(config)# ipv6 unicast-routing

CommandReference-NET126-SRWEv7.docx 12/17/2019 Page 12 of 33


Module 5 STP Concepts

Changing Spanning-tree Protocol (STP) default Port Cost


S1 (config)# interface f0/1
S1 (config-if)# spanning-tree cost 25 *sets cost to 25

Verify STP Cost, Priority and Interface Roles and Status


S1# show spanning-tree

Configuring PVST+ (Per VLAN SPT – a form of Load Balancing)


S1 (config)# spanning-tree vlan 20 root primary *sets S1 as primary for VALN 20
S1 (config)# spanning-tree vlan 10 root secondary *sets S1 as secondary for VLAN 10
S2 (config)# spanning-tree vlan 10 root primary *sets S1 as primary for VALN 10
S2 (config)# spanning-tree vlan 20 root secondary *sets S1 as secondary for VLAN 20

Configuring PVST+ with lowest priority value possible (default is 32768 – lower the number the higher the
priority)
S1 (config)# spanning-tree vlan 10 priority 4096 *sets S1 as likely priority for
VLAN 10
S2 (config)# spanning-tree vlan 20 priority 4096 *sets S1 as likely priority for
VLAN 20

Configuring Rapid PVST+


S1 (config)# spanning-tree mode rapid-pvst

Configuring Rapid PVST+ with Designated VLAN priorities, Interface to a Link Type of Point-to-Point, and
Clear previously detected STP priorities
S1 (config)# spanning-tree mode rapid-pvst
S1 (config)# spanning-tree vlan 1 priority 24576
S1 (config)# spanning-tree vlan 10 priority 4096
S1 (config)# spanning-tree vlan 20 priority 28672
CommandReference-NET126-SRWEv7.docx 12/17/2019 Page 13 of 33
S1 (config)# interface f0/1
S1 (config-if)# spanning-tree link-type point-to-point
S1 (config)#end
S1# clear spanning-tree detected-protocols

CommandReference-NET126-SRWEv7.docx 12/17/2019 Page 14 of 33


Module 6 Configuring the IOS CLI for Link Aggregation (Channeling)

Configuring an Etherchannel LACP with duplex and Link Speed


S1 (config)# interface range f0/1-2
S1 (config-if-range)# shutdown
S1 (config-if-range)# channel-group 1 mode active
S1 (config-if-range)# interface port-channel 1
S1 (config-if-range)# switchport mode trunk
S1 (config-if-range)# switchport trunk allowed vlan 1,2,20
S1 (config-if-range)# duplex auto
S1 (config-if-range)# speed 100
S1 (config-if-range)# no shutdown

Etherchannel Modes
S1 (config-if-range)# channel-group 1 mode desirable *enables PAgP
S1 (config-if-range)# channel-group 1 mode auto *enables PAgP if PAgP id detected
S1 (config-if-range)# channel-group 1 active *enables LACP
S1 (config-if-range)# channel-group 1 mode passive *enables LACP if LACP is detected
S1 (config-if-range)# channel-group 1 mode on *enables Etherchannel

Verifying Etherchannel configurations


S1# show interface port-channel 1
S1# show etherchannel summary
S1# show etherchannel port-channel
S1# show interface f0/1 etherchannel

CommandReference-NET126-SRWEv7.docx 12/17/2019 Page 15 of 33


Module 7 DHCPv4

Define DHCP Addresses to be Excluded from Pool


R1(config)# ip dhcp excluded-address ADDR ADDR IP address/es to be excluded
R1(config)# ip dhcp excluded-address Low-ADDR (High-ADDR) Address range from low to high

Define the DHCP Pool Name


R1(config)# ip dhcp pool Pool-Name
R1(dhcp-config)#

Define an Address Pool


R1(dhcp-config)# network NTWK-Number (MASK | /Prefix-Length)

Define the Default Router of Gateway


R1(dhcp-config)# default-router ADDR

Define Optional Itens for Configuration


R1(dhcp-config)# dns-server ADDR Defines DNS IP address
R1(dhcp-config)# domain-name Domain Name Defines Domain Name
R1(dhcp-config)# lease {days [hours] [minutes] | infinite} Defines DHCP Lease time
R1(dhcp-config)# netbios-name-server ADDR Defines Netbios server address

EX: DHCP Configuration


R1(config)# ip dhcp excluded-address 192.168.1.1 192.168.1.9
R1(config)# ip dhcp excluded-address 192.168.1.254
R1(config)# ip dhcp pool LAN-POOL-1
R1(dhcp-config)# network 192.168.1.0 255.255.255.0
R1(dhcp-config)# dns-server 10.10.10.10
R1(dhcp-config)# domain-name cisco.com
R1(dhcp-config)# lease 2 12 30
R1(dhcp-config)# end

Verifying DHCP Operations


R1# show ip dhcp bindings
R1# show ip dhcp server statistics

CommandReference-NET126-SRWEv7.docx 12/17/2019 Page 16 of 33


DHCP Relay Agent
R1(config)# interface g0/0
R1(config-if)# ip helper-address 192.168.21.6

Configuring an Interface as a DHCP Client


R1(config)# interface g0/0
R1(config-if)# ip address dhcp Receives a DHCP address instead of Static
R1(config-if)# no shutdown

Troubleshooting DHCP
R1# show ip dhcp conflict Verifies there aren’t any IP address conflicts
R1# show interface g0/0
R1# show running-config Verify DHCP configurations
R1# debug ip dhcp server events Reports address assignments, updates, etc..

Enables/Disables DHCP
R1# service dhcp Enables DHCP
R1# no service dhcp Disables DHCP

CommandReference-NET126-SRWEv7.docx 12/17/2019 Page 17 of 33


Module 8 SLAAC and DHCPv6

Enables IPv6 SLAAC Autoconfiguration


R1(config)# ipv6 unicast-routing
R1(config)# interface g0/0
R1(config-if)# ipv6 address 2001:db8:acad:1::1/64 Enables SLAAC by adding an IPv6 address
R1(config-if)# no shutdown

Configuring Stateless DHCPv6


R1(config)# ipv6 unicast-routing
R1(config)# ipv6 dhcp pool POOL-NAME
R1(config-dhcpv6)# dns-server 2001:db8:acad:3::10
R1(config-dhcpv6)# domain-name cisco.com
R1(config-dhcpv6)# exit
R1(config)# interface Interface-Number
R1(config-if)# ipv6 dhcp server POOL-NAME
R1(config-if)# ipv6 nd other-config-flag

EX: Stateless DHCPv6 Example


R1(config)# ipv6 unicast-routing
R1(config)# ipv6 dhcp pool IPV6-STATELESS
R1(config-dhcpv6)# dns-server 2001:db8:acad:3::10
R1(config-dhcpv6)# domain-name cisco.com
R1(config-dhcpv6)# exit
R1(config)# interface g0/1
R1(config-if)# ipv6 address 2001:db8:acad:1::1/64
R1(config-if)# ipv6 dhcp server IPV6-STATELESS
R1(config-if)# ipv6 nd other-config-flag Assert Other flag; 0 = 1

Router Interface as a Stateless DHCPv6 Client


R1(config)# interface g0/1
R1(config-if)# ipv6 enable Allows a link-local address to be created
automatically
R1(config-if)# ipv6 address autoconfig Enables automatic config of a IPv6 SLAAC
address

Verifying the Stateless DHCPv6 Server

CommandReference-NET126-SRWEv7.docx 12/17/2019 Page 18 of 33


R1# show ipv6 dhcp pool
R1# show running-config

Verifying the Stateless Client


R1# show ipv6 interface g0/1
R1# debug ipv6 dhcp detail

EX: Stateful DHCPv6


R1(config)# ipv6 unicast-routing
R1(config)#ipv6 dhcp pool IPV6-STATEFUL
R1(config-dhcpv6)# address prefix 2001:db8:acad:1::/64 lifetime infinite
R1(config-dhcpv6)# dns-server 2001:db8:acad:3::1
R1(config-dhcpv6)# domain-name example.com
R1(config-dhcpv6)# exit
R1(config)# interface g0/1
R1(config-if)# ipv6 address 2001:db8:acad:1::1/64
R1(config-if)# ipv6 dhcp server IPV6-STATEFUL
R1(config)# ipv6 nd managed-config-flag
Router Interface as a DHCPv6 Stateful Client
R1(config)# interface g0/1
R1(config-if)# ipv6 enable
R1(config-if)# ipv6 address dhcp

Verifying the Stateful DHCPv6 Server


R1# show ipv6 dhcp pool
R1# show ipv6 dhcp binding

Verifying the Stateful DHCPv6 Client


R1# show ipv6 interface g0/1

Configuring and Verifying DHCPv6 Relay Agent


R1(config)# interface g0/0
R1(config-if)# ipv6 dhcp relay destination 2001:db8:acad:3::1
R1(config-if)# end
R1# show ipv6 dhcp interface g0/0

MISC
IPv6 all-node multicast address FF02::1
CommandReference-NET126-SRWEv7.docx 12/17/2019 Page 19 of 33
IPv6 all-router multicast address FF02::2
All relay and server multicast address FF01::1:2

CommandReference-NET126-SRWEv7.docx 12/17/2019 Page 20 of 33


Module 9 Configuring the IOS CLI for First Hop Routing Protocol (FHRP)

Hot Standby Router Protocol (HSRP)

Configuring Hot Standby Router Protocol (HSRP): R1 (Active) and R2 (Standby)


R1 (config)# int f0/1
R1 (config-if)# ip address 192.168.1.2 255.255.255.0
R1 (config-if)# standby version 2 *sets HSRP version to 2
R1 (config-if)# standby 1 ip 192.168.1.1
R1 (config-if)# standby priority 150 *default priority is 100- highest
Priority # is primary
R1 (config-if)# standby 1 preempt
R1 (config-if)# no shutdown

R2 (config)# int f0/1


R2 (config-if)# ip address 192.168.1.3 255.255.255.0
R2 (config-if)# standby version 2
R2 (config-if)# standby 1 ip 192.168.1.1
R2 (config-if)# no shutdown

Verify HSRP data and configuration


R1# show standby
R1# show standby brief

Disables or Removes HSRP from a Router


R1 (config)# int f0/1
R1 (config-if)# no standby 1

CommandReference-NET126-SRWEv7.docx 12/17/2019 Page 21 of 33


Module 11 Switch Security Configurations

Configuring Dynamic Port Security


S1(config)# interface fastethernet 0/11
S1(config-if)# switchport mode access Sets the interface in access mode
S1(config-if)# switchport port-security Enables port security
S1(config-if)# switchport port-security violation shutdown Optional default, will shut down interface

Configuring sticky Port Security


S1(config)# interface fastethernet 0/11
S1(config-if)# switchport mode access Sets the interface in access mode
S1(config-if)# switchport port-security Enables port security
S1(config-if)# switchport port-security maximum 50 Will learn 50 MAC addresses max
S1(config-if)# switchport port-security mac-address sticky Will dynamically learn 50 MAC addresses max
S1(config-if)# switchport port-security violation shutdown Optional default, will shut down interface

Configure Sticky Port Security Manually


S1(config-if)# switchport port-security mac-address sticky MAC-Addr Will statically learn the provided MAC Address

Port-Security Violation Modes


S1(config-if)# switchport port-security violation shutdown Shuts down Port
S1(config-if)# switchport port-security violation protect Drops unknown MAC-addr traffic
S1(config-if)# switchport port-security violation restrict Logs event and drop unknown MAC-addr traffic

Verify Port Security


S1# show port-security interface fa0/18
S1# show port-security address
S1# show interface fa0/18 status
S1# show run | begin FastEthernet 0/18

Enable Disabled Port After Violation of Shutdown


S1(config)# interface fa0/18
S1(config-if)# no shutdown

DHCP Snooping Security


S1 (config)# ip dhcp snooping Enables DHCP Snooping
S1 (config)# ip dhcp snooping vlan 10 Enables DHCP Snooping on VLAN 10
S1 (config)# interface f0/1
S1 (config-if)# ip dhcp snooping trust Trust interface F0/1 for DHCP

CommandReference-NET126-SRWEv7.docx 12/17/2019 Page 22 of 33


S1 (config)# interface f0/18
S1 (config-if)# ip dhcp snooping limit rate 5 On untrusted interface f0/18, limit the number
of DHCP discovery messages to 5 per second

DHCP Snooping Verification


S1# show ip dhcp snooping
S1# show ip dhcp snooping binding

ARP Inspection Validation


S1 (config)# interface f0/11
S1 (config-if)# ip arp inspection trust Interface is configure as ARP trust

S1 (config)# ip arp inspection vlan 10 VLAN 10 has ARP inspection enabled for end
devices within VLAN 10
S1 (config)# ip arp inspection validate src-mac Checks source MAC in Ethernet header against
sender MAC address in ARP body
S1 (config)# ip arp inspection validate dst-mac Checks destination MAC in Ethernet header
Against target MAC address in ARP body
S1 (config)# ip arp inspection validate ip Checks ARP body for invalid and unexpected IP
addressing to include multicast addresses

Configuring PortFast on an EdgePort Interface


S1 (config)# interface f0/11
S1 (config-if)# spanning-tree portfast *sets portfast on interface f0/1

Configuring PortFast on all Non-trunking Interfaces


S1 (config)# spanning-tree portfast default

Configuring Bridge Protocol Data Unit (BPDU) Guard on an Access Port/Interface


S1 (config)# interface f0/1
S1 (config-if)# spanning-tree bpduguard enable

Configuring BPDU on all PortFast enabled Ports/Interfaces


S1 (config)# spanning-tree portfast bpduguard default

CommandReference-NET126-SRWEv7.docx 12/17/2019 Page 23 of 33


Verifying PortFast and BPDU Configurations
S1# show running-config

CommandReference-NET126-SRWEv7.docx 12/17/2019 Page 24 of 33


Module 14 Routing Concepts

Enabling and Disabling RIP RIPv1 is a classful routing protocol


R1(config)# router rip Enables access to router config mode for RIP
R1(config-router)# network 192.168.1.0 Network statement using classful addressing
R1(config-router)# network 192.168.2.64 Converts network to classful 192168.2.0
R1(config-router)# no router rip Disables RIP and erases all statements

Configuring RIP Versions (RIPv1, RIPv2)


R1(config)# router rip Enables access to router config mode for RIP
R1(config-router)# version 2 Enables RIP version 2
R1(config-router)# version 1 Switches back to RIP v1 (this is default as RIP)
R1(config-router)# no router rip Disables RIP and erases all statements

R1(config)# router rip Enables access to router config mode for RIP
R1(config-router)# version 2 Enables RIP version 2 (Classless subnetting
allowed, custom subnetting, or VLSM)
R1(config-router)# network 192.168.1.64 192.168.1.64 will now use configured
subnetmask and not switch to Class C default
mask
Show Commands
R1# show ip protocols Displays configured IPv4 routing protocols
R1# show ip protocols | section default Filters to the running version of RIP
R1# show ip route Displays the routes in the routing table
R1# show ip route | begin Gateway Displays routes in the routing table starting at
the gateway of last resorts or default route

Disables Automatic Summarization on RIPv2


R1(config)# router rip
R1(config-router)# version 2
R1(config-router)# no auto-summary Does not work on RIP v1
R1# show ip protocols | section Automatic
Passive Interfaces
R1(config)# router rip
R1(config-router)# passive-interface g0/0 Do not send routing updates via g0/0

R1(config)# router rip


R1(config-router)# passive-interface default Makes all interfaces passive
R1(config-router)# no passive-interface g0/0 Disables passive on g0/0

Propagating a RIP Default Route or Gateway of Last Resorts


CommandReference-NET126-SRWEv7.docx 12/17/2019 Page 25 of 33
R1(config)# ip route 0.0.0.0 0.0.0.0 s0/0/0 209.165.200.226
R1(config)# router rip
R1(config-router)# default-information originate Passes default route to all routers in network

RIPv2 Example
R1(config)# router rip
R1(config-router)# version 2
R1(config-router)# no auto-summary
R1(config-router)# network 192.168.1.0
R1(config-router)# network 192.168.2.64
R1(config-router)# passive-interface g0/0
R1(config-router)# default-information originate

Enabling Debug
R1# debug ip rip
R1# debug ip routing
R1# no debug ip rip
R1# no debug ip routing

Change RIP Administrative Distance


R1(config)# router rip
R1(config-router)# distance 70 Admin distance changed from default to 70

RIPng IPv6 version of RIP


R1(config)# ipv6 unicast-routing
R1(config)# interface g0/0
R1(config-if)# ipv6 rip RIP-AS enable RIP-AS is an arbitrary domain name
R1(config-if)# exit
R1(config)# interface s0/0/0
R1(config-if)# ipv6 rip RIP-AS enable RIP-AS is an arbitrary domain name
Show the IPv6 Routes that are Installed
R1# show ipv6 protocols
R1# show ipv6 route
R1# show ipv6 route rip

Propagating a RIPng Default Route or Gateway of Last Resort


R1(config)# ipv6 unicast-routing
R1(config)# interface s0/0/0
R1(config-if)# ipv6 rip RIP-AS enable
R1(config-if)# exit

CommandReference-NET126-SRWEv7.docx 12/17/2019 Page 26 of 33


R1(config)# ipv6 route ::0/0 2001:db8:acad:1::1
R1(config)# interface s0/0/0
R1(config-if)# ipv6 rip RIP-AS default-information originate Sends default route out int s0/0/0 only
R1(config)# interface s0/0/1
R1(config-if)# ipv6 rip RIP-AS default-information originate Sends default route out int s0/0/1 only

RIPng Example
R1(config)# ipv6 unicast-routing
R1(config)# ipv6 router rip CISCO CISCO is the RIP-AS
R1(config-router)# exit
R1(config)# interface s0/0/0
R1(config-inf)# ipv6 rip CISCO enable
R1(config-inf)# interface s0/0/1
R1(config-inf)# ipv6 rip CISCO enable
R1(config-inf)# interface g0/0
R1(config-inf)# ipv6 rip CISCO enable

CommandReference-NET126-SRWEv7.docx 12/17/2019 Page 27 of 33


Module 15 IP Static Route

Configure a Static IPv4 Default Route


R1(config)# ip route 0.0.0.0 0.0.0.0 serial0/0/0
R1(config)# exit
R1# show ip route | begin Gateway

Configure Static IPv4 Routes


R1(config)# ip route Network Address Subnet Mask {Next Hop Address or Exit Interface or Both}

R1(config)# ip route 192.168.1.0 255.255.255.0 s0/0/0 Directly connected static route (exit interface)
R1(config)# ip router 192.168.2.0 255.255.255.0 172.16.1.2 Next Hop static route (with next hop address)
R1(config)# ip route 192.168.3.0 255.255.255.0 s0/0/0 172.16.2.2 Fully Specified static route (exit interface and
next hop address)

Configure Static IPv6 Default Route


R1(config)# ipv6 route ::/0 {exit interface or next hop address}
R1(config)# ipv6 route ::/0 s0/0/0
Configure Static IPv6 Routes
R1(config)# ipv6 route Network Address / Prefix {Next Hop Address or Exit Interface or Both}

R1(config)# ipv6 route 2001:db8:acad:1::/64 s0/0/0 Directly connected static route (exit interface)
R1(config)# ipv6 router 2001:db8:acad:2::/64 2001:db8:acad:a::1 Next Hop static route (with next hop address)
R1(config)# ipv6 route 2001:db8:acad:b::/64 s0/0/0 2001:db8:acad:a::1 Fully Specified static route (exit interface and
next hop address)

To Determine Supported Routing Protocol


R1(config)# router ?
R1(config)# ipv6 router ?

Commands to Verify IPv4 Static Routes


R1# show ip route
R1# show ip route connected
R1# show ip route static
R1# show ip route static | begin Gateway
R1# show ip route [network address]
R1# show ip route 192.168.1.0
R1# show running-config | section ip route

Commands to Verify IPv6 Static Routes

CommandReference-NET126-SRWEv7.docx 12/17/2019 Page 28 of 33


R1# show ipv6 route
R1# show ipv6 route connected
R1# show ipv6 route static
R1# show ipv6 route static | begin Gateway
R1# show ipv6 route [network address]
R1# show ipv6 route 2001:db8:acad:1::
R1# show running-config | section ipv6 route

To Remove an IPv4 Static Route


R1(config)# no ip route 192.168.1.0 255.255.255.0 s0/0/0

To Remove an IPv6 Static Route


R1(config)# no ipv6 route 2001:db8:acad:1::/64 s0/0/0

Configuring a Floating Static Route


R1(config)# ip route 192.168.1.0 255.255.255.0 s0/0/0 5 The 5 is a custom administrative distance for
the route

Static Host Route Configuration

Branch (config)# ip route 209.165.200.238 255.255.255.255 198.51.100.2 ISP router external interface to server

Branch (config)# ipv6 route 2001:db8:acad:2::238/128 2001:db8:acad:1::2 ISP router external interface to server

IPv6 Static Host Route with Link-Local Next-Hop

Branch (config)# ipv6 route 2001:db8:acad:2::238/128 serial s0/1/0 fe80::2

Device Discovery, Management, and Maintenance

CommandReference-NET126-SRWEv7.docx 12/17/2019 Page 29 of 33


Cisco Discovery Protocol Configuration
R1(config)# cdp run Enables CDP globally
R1(config)# no cdp run Disables CDP globally
R1(config)# interface g0/0
R1(config-if)# cdp enable Enables CDP on the specified interface
R1(config-if)# no cdp enable Disables cdp on the interface

Verifying CDP
R1# show cdp neighbors
R1# show cdp neighbors detail
R1# show cdp interface

Link Layer Discovery Protocol (LLDP)


S1(config)# lldp run
S1(config)# no lldp run
S1(config)# interface g0/0
S1(config-if)# lldp transmit
S1(config-if)# lldp receive
S1(config-if)# no lldp transmit
S1(config-if)# no lldp receive

Verifying LLDP
S1# show lldp
S1# show lldp neighbors
S1# show lldp neighbors detail

Configure Network Time Protocol (NTP) and Verify


R1# clock set 20:15:00 aug 30 2019
R1# show clock detail

Configuring an NTP server and verify


R1(config)# ntp server 10.10.10.10 Synchronize time with server at 10.10.10.10
R1# show clock detail
R1# show ntp status
R1# show ntp associations
Configure a Syslog Timestamp to log an Interface
R1(config)# interface g0/0
R1(config-if)# shutdown
R1(config-if)# exit
R1(config)# service timestamps log datetime msec
CommandReference-NET126-SRWEv7.docx 12/17/2019 Page 30 of 33
R1(config)# interface g0/0
R1(config-if)# no shutdown A Syslog timestamp will be generated now

Syslog Configuration
R1(config)# logging 192.168.1.3 Sends Syslog traffic to 192.168.1.3 server
R1(config)# logging trap 4 Logs severity trap levels 4 and below
R1(config)# logging source-interface g0/0 Sets source interface

Verify Syslog
R1# show logging
R1# show logging | include changed state to up Shows logging info for interface in up status
R1# show logging | begin Jun 12 22:35 Shows logging at/after the designated time

View Component File System


R1# show file system
S1# show file system

View file Directories and Directory movement


R1# dir

R1# cd nvram Change to nvram directory


R1# dir Views nvram directory

Backing Up and Restoring Configurations to and from an TFTP Server


Copying to server:

R1# copy running-config tftp Copy running-config file to TFTP server


Address or name of remote host []? 192.168.10.3 TFTP server Ip address (192.168.10.3
Destination filename [r1-config]? R1-Jan-2019 File name (R1-Jan-2019)
Write file R1-Jan-2019 to 192.168.10.3? [confirm]
Writing R1-Jan-2019!!!!!! [OK]

AND

R1# copy startup-config tftp Copy startup-config file to TFTP server


Address or name of remote host []? 192.168.10.3 TFTP server Ip address (192.168.10.3
Destination filename [r1-config]? R1-Jan-2019 File name (R1-Jan-2019)
Write file R1-Jan-2019 to 192.168.10.3? [confirm]
CommandReference-NET126-SRWEv7.docx 12/17/2019 Page 31 of 33
Writing R1-Jan-2019!!!!!! [OK]

Restoring:
R1# copy tftp running-config Retrieve running-config file from TFTP
Address or name of remote host []? 192.168.10.3 TFTP server Ip address (192.168.10.3)
Destination filename [r1-config]? R1-Jan-2019 File name (R1-Jan-2019)
Write file R1-Jan-2019 to 192.168.10.3? [confirm]
Writing R1-Jan-2019!!!!!! [OK]

AND

R1# copy TFTP startup-config Retrieve startup-config file from TFTP server
Address or name of remote host []? 192.168.10.3 TFTP server Ip address (192.168.10.3
Destination filename [r1-config]? R1-Jan-2019 File name (R1-Jan-2019)
Write file R1-Jan-2019 to 192.168.10.3? [confirm]
Writing R1-Jan-2019!!!!!! [OK]

Display Contents of Flash


R1# show flash:

Copy IOS to TFTP Server IPv4


R1# copy flash: tftp: -Copy IOS file to TFTP server
Source filename []? c1900-universalk9-mz.SPA.152-4.M3.bin -Source file name
Address or name of remote host []? 192.168.10.3 -TFTP server Ip address (192.168.10.3)
Destination filename [c1900-universalk9-mz.SPA.152-4.M3.bin]? -Destination file name
Write c1900-universalk9-mz.SPA.152-4.M3.bin…
!!!!!!!!!!!!!!!!!!!!!!!
<output omitted>
688831808 bytes copied in 363.468 secs (269058 bytes/sec)
R1#

Copy IOS to TFTP Server IPv6


R1# copy flash: tftp: -Copy IOS file to TFTP server
Source filename []? c1900-universalk9-mz.SPA.152-4.M3.bin -Source file name
Address or name of remote host []? 2001:db8:acad:1::1 -TFTP server IP address
Destination filename [c1900-universalk9-mz.SPA.152-4.M3.bin]? -Destination file name
Write c1900-universalk9-mz.SPA.152-4.M3.bin…
!!!!!!!!!!!!!!!!!!!!!!!
CommandReference-NET126-SRWEv7.docx 12/17/2019 Page 32 of 33
<output omitted>
688831808 bytes copied in 363.468 secs (269058 bytes/sec)
R1#

Activating the New IOS (Boot System Command) – After Copying the New IOS to Flash
R1(config)# boot system flash: //c1900-universalk9-mz.SPA.152-4.M3.bin
R1#(config)# end
R1# copy running-config startup-config
R1# reload

Display the License Unique Device Identifier (UDI)


R1# show license udi

Permanent License Installation and Verification


R1# License install flash:seck9-C1900-SPE150_k9-FHH12250057.xml
R1# reload

R1# show version


R1# show license

Accept the EULA Agreement


R1(config)# license accept end user agreement

Backup the License and Verify


R1# license save flash:all_licenses.lic
R1# show flash:

CommandReference-NET126-SRWEv7.docx 12/17/2019 Page 33 of 33

You might also like