Beruflich Dokumente
Kultur Dokumente
[User mode]
R1>enable
R1#
R1(config)# interface {}
R1(config-if)#
[interface mode]
R1(config-subif)#
[subinterface mode]
VLANs
Show information about all Vlans (VLAN name, status, and switch ports):
SW1# show vlan brief {brief | id | name | summary}
Create a new VLAN and give it a name:
SW1(config)# vlan 10
SW1(config-vlan)# name SALES
Create a series of Vlans:
SW1(config)# vlan 100,102,105-107
Configuring Trunks:
SW1(config)# int fa 0/1
SW1(config-if)# switchport mode trunk ! options: access, trunk, dynamic auto,
dynamic desirable
SW1(config-if)# switchport trunk native vlan 88
SW1(config-if)# switchport trunk allowed vlan 10,20,30 ! options: vlan-list, add,
remove, all, except
Delete a Vlan:
SW1(config)# no vlan 20
Changing a switch port back to VLAN 1 membership:
SW1(config)# int fa0/18
SW1(config-if)# no switchport access vlan
Resetting configured values on trunk links:
(trunk will allow all VLANs and will use VLAN 1 as the native VLAN)
SW1(config)# int fa0/1
SW1(config-if)# no switchport trunk allowed vlan
SW1(config-if)# no switchport trunk native vlan
Check the trunk ports (port, mode, status, native vlan):
SW1# show interfaces trunk
Determine the current DTP mode:
DTP: Dynamic Trunking Protocol
SW1# show dtp interface f0/1
Inter-VLAN Routing:
Configure Legacy Inter-VLAN Routing
we assign each router port (connected to different vlan ports on the switch) a
differernt subnet
Configuring Router-On-Stick for vlan routing:
R1(config)# interface fastEthernet 0/0
R1(config-if)# no shutdown
R1(config)# interface fastEthernet 0/0.10
R1(config-subif)# encapsulation dot1q 10
R1(config-subif)# ip address 192.168.10.1 255.255.255.0
R1(config-subif)# interface fastEthernet 0/0.20
R1(config-subif)# encapsulation dot1q 20
R1(config-subif)# ip address 192.168.20.1 255.255.255.0
_________________________________________________________________
10
OSPF Configuration:
Enter OSPF router configuration mode:
R1(config)# router ospf 10 ! 10 = process ID
Configure network commands to identify which interfaces will run OSPF:
R1(config-router)# network 10.0.0.0 0.255.255.255 area 0 {using network add}
R1(config-router)# network 172.16.8.0 0.0.7.255 area 0
R1(config-router)# network 192.168.1.254 0.0.0.0 area 1 {using interface ip-add}
wildcard-mask is the inverse of the subnet mask configured on the interface.
Disabling OSPF on a certain interface:
R1(config-router)# passive-interface serial 0/0
R1(config-router)# passive-interface default
{for all interfaces}
!! the network that the specified interface belongs to is still advertised in routing
messages but not throught that interface.
R1(config-router)# no passive-interface S0/0
{enable interface}
11
OSPF verification:
Shows information about the running routing protocol process:
R1# show ip protocols
Shows the entire routing table:
R1# show ip route
Shows routes learned via OSPF only:
R1# show ip route ospf
Shows all neighboring routers along with their respective adjacency state:
R1# show ip ospf neighbor
Shows all the information contained in the LSDB (Link-State Database):
R1# show ip ospf database
Shows detailed information about OSPF running on an interface:
R1# show ip ospf interface serial 0/0
!or
R1# show ip ospf interface brief
12
EIGRP Configuration:
Enter EIGRP configuration mode and define AS number:
R1(config)# router eigrp 121 ! 121 = AS number
Configure one or more network commands to enable EIGRP on the specified
interfaces:
R1(config-router)# network 10.0.0.0
R1(config-router)# network 172.16.0.0 0.0.3.255
R1(config-router)# network 192.168.1.1 0.0.0.0
R1(config-router)# network 0.0.0.0 255.255.255.255
Disable auto summarization (Optional):
R1(config-router)# no auto-summary
Disable EIGRP on a specific interface (Optional):
R1(config-router)# passive-interface serial 0/0
Configure load balancing parameters (Optional):
R1(config-router)# maximum-paths 6
R1(config-router)# variance 4
Change interface Hello and Hold timers (Optional):
R1(config-if)# ip hello-interval eigrp 121 3
R1(config-if)# ip hold-time eigrp 121 10
Impacting metric calculations by tuning BW and delay of the interface (Optional):
R1(config-if)# bandwidth 265 ! in Kbps)
R1(config-if)# delay 120 ! tens of microseconds
EIGRP Authentication:
The key-string value and the mode must be the same on both routers. Lifetime
options of the keys requires the clock of the routers to be set correctly, better use
NTP, or it can cause problems
Create an authentication key chain as follows:
Create a key chain and give it a name:
R1(config)# key chain MY_KEYS
Create one or more keys giving them numbers:
R1(config-keychain)# key 1
13
EIGRP Verification:
Shows routes learned via EIGRP only:
R1# show ip route eigrp
Shows EIGRP neighbors and status:
R1# show ip eigrp neighbors
Shows EIGRP topology table, including successor and feasible successor:
R1# show ip eigrp topology
Shows interfaces that run EIGRP:
R1# show ip eigrp interfaces
Lists statistics on numbers of EIGRP messages sent and received by the router:
R1# show ip eigrp traffic
14
15
Named ACL:
Named ACLs use names to identify ACLs rather than numbers, and commands that
permit or deny traffic are written in a sub mode called named ACL mode (nacl).
Named ACL enables the editing of the ACL (deleting or inserting statements) by
sequencing statements of the ACL.
Named standard ACL:
R1(config)# ip access-list standard MY_STANDARD_ACL
R1(config-std-nacl)# permit 10.1.1.0 0.0.0.255
R1(config-std-nacl)# remark Do not allow access
R1(config-std-nacl)# deny 10.2.2.2
R1(config-std-nacl)# permit any
R1(config)# interface fastEthernet 0/1
R1(config-if)# ip access-group MY_STANDARD_ACL out
Named extended ACL:
R1(config)# ip access-list extended MY_EXTENDED_ACL
R1(config-ext-nacl)# deny icmp 10.1.1.1 0.0.0.0 any
R1(config-ext-nacl)# deny tcp host 10.1.1.0 host 10.0.0.1 eq 80
R1(config-ext-nacl)# permit ip any any
R1(config)# interface fastEthernet 0/1
R1(config-if)# ip access-group MY_EXTENDED_ACL in
16
Verifying ACLs:
Shows all ACLs configured on a router with counters at the end of each
statement:
R1# show access-lists
! OR
R1# show ip access-list
Shows only the specified ACL:
R1# show ip access-list 101
Includes a reference to the ACLs enabled on that interface either in or out:
R1# show ip interface f0/0
17
DHCP Server
Define a DHCP pool and give it a name:
R1(config)# ip dhcp pool MY_POOL
R1(dhcp-config)#
Define network and mask to use in this pool and the default gateway:
R1(dhcp-config)# network 192.168.1.0 255.255.255.0
R1(dhcp-config)# default-router 192.168.1.1
Define one or more DNS server (OPTIONAL):
R1(dhcp-config)# dns-server 213.131.65.20 8.8.8.8
Confine the lease time (OPTIONAL):
R1(dhcp-config)# lease 2 ! Days
Define one or more scopes of excluded (reserved) addresses (OPTIONAL):
R1(config)# ip dhcp excluded-address 192.168.1.1 192.168.1.100
{range}
R1(config)# ip dhcp excluded-address 192.168.1.200
Configure router as a DHCPv4 relay agent: (the server is on a remote network)
R1(config)# int g0/0
R1(config-if)# ip helper-address {DHCP server ip-address}
Configure router as a DHCPv4 client:
R1(config)# int g0/1
R1(config-if)# ip address dhcp
R1(config-if)# no shutdown
18
Dynamic NAT:
Define the outside and inside interfaces:
R1(config)# interface serial 0/0
R1(config-if)# ip nat outside
R1(config)# interface FastEthernet 1/1
R1(config-if)# ip nat inside
Create an ACL that determines the IP addresses that are allowed to be
translated:
R1(config)# access-list 3 permit 192.168.1.0 0.0.0.255
Create a pool of public IP addresses:
R1(config)# ip nat pool PUB 200.1.1.1 200.1.1.6 netmask 255.255.255.248
Configure NAT statement:
R1(config)# ip nat inside source list 3 pool PUB
19
20
21