Beruflich Dokumente
Kultur Dokumente
www.thebryantadvantage.com
Copyright Information:
Cisco®, Cisco® Systems, CCIE™, and Cisco Certified Internetwork
Expert are registered trademarks of Cisco® Systems, Inc., and/or its
affiliates in the U.S. and certain countries.
All other products and company names are the trademarks, registered
trademarks, and service marks of the respective owners. Throughout
this Course Guide, The Bryant Advantage has used its best efforts to
distinguish proprietary trademarks from descriptive names by
following the capitalization styles used by the manufacturer.
Disclaimer:
Show mac-address-table
SW1#show mac-address-table
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
All 000f.90e2.25c0 STATIC CPU
All 0100.0ccc.cccc STATIC CPU
All 0100.0ccc.cccd STATIC CPU
All 0100.0cdd.dddd STATIC CPU
1 000b.be2c.518b DYNAMIC Fa0/11
Total Mac Addresses for this criterion: 5
VLAN0023
Spanning tree enabled protocol ieee
Root ID Priority 32791
Address 000b.be2c.5180
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
SW1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#spanning vlan 23 root primary
SW1(config)#^Z
SW1#show spanning vlan 23
VLAN0023
Spanning tree enabled protocol ieee
Root ID Priority 20503
Address 000f.90e2.25c0
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Vtp domain
Vtp password
Vtp pruning
SW1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#vtp domain CCNA
Changing VTP domain name from NULL to CCNA
SW1(config)#vtp password CISCO
Setting device VLAN database password to CISCO
SW1(config)#vtp pruning
Pruning switched on
SW2#vlan database
% Warning: It is recommended to configure VLAN from config mode,
as VLAN database mode is being deprecated. Please consult user
documentation for configuring VTP/VLAN in config mode.
SW2(vlan)#
This is good, since most people using this mode use CTRL-Z
to save their changes. While this works in most
configuration modes, it does NOT work in vlan database
mode. You must enter the commands APPLY or EXIT
in vlan database mode to save your changes.
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#interface serial0
R1(config-if)#encapsulation frame-relay
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#int s0
R1(config-if)#encapsulation frame-relay
R1(config-if)#frame map ip 172.12.123.2 122 broadcast
R1(config-if)#frame map ip 172.12.123.3 123 broadcast
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#interface serial0
R1(config-if)#encapsulation frame-relay
R1(config-if)#no frame-relay inverse-arp
LMI Statistics for interface Serial0 (Frame Relay DTE) LMI TYPE =
CISCO
Invalid Unnumbered info 0 Invalid Prot Disc 0
Invalid dummy Call Ref 0 Invalid Msg Type 0
Invalid Status Message 0 Invalid Lock Shift 0
Invalid Information ID 0 Invalid Report IE Len 0
Invalid Report Request 0 Invalid Keep IE Len 0
Num Status Enq. Sent 167 Num Status msgs Rcvd 168
Num Update Status Rcvd 0 Num Status Timeouts 2
LMI Statistics for interface Serial0 (Frame Relay DTE) LMI TYPE =
CISCO
Invalid Unnumbered info 0 Invalid Prot Disc 0
Invalid dummy Call Ref 0 Invalid Msg Type 0
Invalid Status Message 0 Invalid Lock Shift 0
Invalid Information ID 0 Invalid Report IE Len 0
Invalid Report Request 0 Invalid Keep IE Len 0
Num Status Enq. Sent 0 Num Status msgs Rcvd 0
Num Update Status Rcvd 0 Num Status Timeouts 0
This command shows you how many PVCs you have on your
router, the DLCIs in use, their status, and the interface
they’re configured on.
R3#conf t
R3(config)#int s1
R3(config-if)#ip address 172.12.13.2 255.255.255.252
R3(config-if)#clock rate 56000
R3(config-if)#no shut
01:47:59: %LINK-3-UPDOWN: Interface Serial1, changed state to up
R3(config-if)#z
01:48:00: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Serial1, changed state to up
Dialer-group
R1#conf t
R1(config)#interface bri0
R1(config-if)#dialer-group 1
R1#conf t
R1(config)#dialer-list 1 protocol ip permit
R1(config)#interface bri0
R1(config-if)#dialer-group 1
Dialer idle-timeout
R1#conf t
R1(config)#interface bri0
R1(config-if)#dialer idle-timeout 60
R1#conf t
R1(config)#interface bri0
R1(config-if)#ppp multilink
R1(config-if)#dialer load-threshold 191 outbound
Dialer map
R2#conf t
R2(config)#interface bri0
R2(config-if)#dialer map ip 172.12.12.1 name R1 broadcast 5553333
As with frame, broadcasts will not be sent over the ISDN link
by default; this must be enabled with the broadcast
keyword.
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#interface dialer0
R1(config-if)#ip address 172.12.12.1 255.255.255.252
R1(config-if)#encapsulation ppp
R1(config-if)#dialer pool 1
R1(config-if)#dialer remote-name R2
R1(config-if)#dialer string 5554444
R1(config-if)#dialer-group 1
R1(config-if)#interface bri0
R1(config-if)#no ip address
R1(config-if)#dialer pool-member 1
R1(config-if)#encapsulation ppp
R2#conf t
R2(config)#interface bri0
R2(config-if)#encapsulation ppp
R2#conf t
R2(config)#isdn switch-type basic-ni
OR
R2(config)#interface bri0
R2(config-if)#isdn switch-type basic-ni
R2#conf t
R2(config)#interface bri0
R2(config-if)#ppp authentication chap
R2#conf t
R2(config)#interface bri0
R2(config-if)#ppp authentication pap
R2(config-if)#ppp pap sent-username R2 password cisco
Show dialer
R2#show dialer
Bandwidth <x>
R2#conf t
R2(config)#int s0
R2(config-if)#bandwidth 512
Clear ip route *
R2#clear ip route *
R2#debug ip packet
IP packet debugging is on
R2#ping 172.12.123.2
R2#ping 172.12.123.2
Debug ip rip
2#debug ip rip
IP protocol debugging is on
2#clear ip route *
6:14:53: RIP: received v2 update from 172.23.23.3 on Ethernet0
6:14:53: 1.0.0.0/8 via 0.0.0.0 in 16 hops (inaccessible)
6:14:53: 1.1.1.1/32 via 0.0.0.0 in 2 hops
6:14:53: 172.12.0.0/16 via 0.0.0.0 in 16 hops (inaccessible)
6:14:53: 172.12.12.2/32 via 0.0.0.0 in 2 hops
6:14:53: 172.12.13.0/30 via 0.0.0.0 in 1 hops
6:14:53: 172.12.123.0/24 via 0.0.0.0 in 1 hops
6:14:53: 172.23.0.0/16 via 0.0.0.0 in 16 hops (inaccessible)
OR
R2#conf t
R2(config)#ip route 1.1.1.1 255.255.255.255 172.12.123.1
OR
R2#conf t
R2(config)#ip route 0.0.0.0 0.0.0.0 172.12.123.1
OR
You could have any number for the first “0.0.0.0”, since the
second set of zeroes is the subnet mask. This means that
any destination will match this route statement.
Maximum-paths <x>
R2#conf t
R2(config)#router rip
R2(config-router)#maximum-paths 6
Network
R2#conf t
R2(config)#router rip
R2(config-router)#network 172.12.0.0
R2#conf t
R2(config)#router rip
R2(config-router)#version 2
R2(config-router)#no auto-summary
Passive-interface
R2#conf t
R2(config)#router rip
R2(config-router)#passive-interface bri0
R2#conf t
R2(config)#router igrp 1
Router rip
Version 1
Version 2
R2#conf t
R2(config)#router rip
R2(config-router)#version 1
R2(config-router)#version 2
R2#show ip protocols
Routing Protocol is "rip"
Sending updates every 30 seconds, next due in 20 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Redistributing: rip
Default version control: send version 2, receive version 2
Interface Send Recv Triggered RIP Key-chain
Serial0.123 2 2
Automatic network summarization is not in effect
Maximum path: 4
Routing for Networks:
172.12.0.0
Passive Interface(s):
BRI0
Routing Information Sources:
Gateway Distance Last Update
172.12.12.1 120 00:00:24
Distance: (default is 120)
Exam Tip: Know all the information that can be seen in this
command’s output.
R2#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter
area * - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
R3#conf t
R3(config)#router igrp 1
R3(config-router)#traffic-share balanced
R3#conf t
R3(config)#router eigrp 1
R3(config-router)#traffic-share balanced
Variance
R3#conf t
R3(config)#router igrp 1
R3(config-router)#variance 3
Path 1: 4000
Path 2: 7500
Path 3: 8100
R2#conf t
R2(config)#router ospf 1
R2(config-router)#area 23 stub
R2#conf t
R2(config)#router ospf 1
R2(config-router)#area 23 stub no-summary
Exam Tip: A virtual link cannot use a stub or total stub area
as a transit area.
R2#conf t
R2(config)#router ospf 1
R2(config-router)#area 13 virtual-link 1.1.1.1
R1#conf t
R1(config)#int s0
R1(config-if)#ip ospf hello 30
R1(config-if)#ip ospf dead 100
Ip ospf demand-circuit
R2#conf t
R2(config)#interface bri0
R2(config-if)#ip ospf demand-circuit
R2#conf t
R2(config)#int s0.123
R2(config-subif)#ip ospf priority 0
R3#conf t
R3(config)#int s0.31 point-to-point
R3(config-subif)#ip ospf network non-broadcast
Keep in mind that a major reason for OSPF neighbors not forming an
adjacency is a mismatch in the network types. Serial interfaces
default to non-broadcast, but a point-to-point interface will always
default to OSPF network type “point-to-point”. If you have a physical
serial interface on one side of a link and a point-to-point interface on
the other side, the adjacency will not form You can change the OSPF
network type as shown to allow the adjacency to form.
R1#conf t
R1(config)#router ospf 1
R1(config-router)#router-id 11.11.11.11
Reload or use "clear ip ospf process" command, for this to take effect
R1#clear ip ospf process
Reset ALL OSPF processes? [no]: yes
10:22:19: OSPF: Interface Serial0 going Down
10:22:19: OSPF: 1.1.1.1 address 172.12.123.1 on Serial0 is dead,
state DOWN
10:22:19: OSPF: Neighbor change Event on interface Serial0
Also note that the prompted answer for “reset ALL OSPF
processes?” is no. When the router default for a question is
“no”, the router’s trying to tell you you’re about to do
Show ip ospf
R1#show ip ospf
Routing Process "ospf 1" with ID 11.11.11.11
Supports only single TOS(TOS0) routes
Supports opaque LSA
It is an area border router
SPF schedule delay 5 secs, Hold time between two SPFs 10 secs
Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs
Number of external LSA 0. Checksum Sum 0x000000
Number of opaque AS LSA 0. Checksum Sum 0x000000
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 3. 3 normal 0 stub 0 nssa
External flood list length 0
Area BACKBONE(0)
Number of interfaces in this area is 1
Area has no authentication
SPF algorithm executed 4 times
Area ranges are
Number of LSA 13. Checksum Sum 0x10123B
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
Area 1
Number of interfaces in this area is 1
Area has no authentication
SPF algorithm executed 2 times
Area ranges are
Number of LSA 6. Checksum Sum 0x02FD14
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
Note that this command shows you the RID, the network
type, what the state is (DR, BDR, DROTHER), the RID of the
DR and BDR, and what adjacencies this interface has
formed.
Network
R3#conf t
R3(config)#router eigrp 100
R3(config-router)#network 172.12.123.0 0.0.0.255
Exam Tip: When IGRP and EIGRP are running on the same
router, routes will be automatically redistributed between
the two if the AS number of both is the same; that is, IGRP
100 and EIGRP 100 would automatically redistribute routes;
IGRP 200 and EIGRP 100 would not.
R1#conf t
R1(config)#interface serial0
R1(config-if)#no ip split-horizon eigrp 100
R2#conf t
R2(config)#router eigrp 100
EIGRP neighbors are shown for each EIGRP process with this single
command. Note that you can also see how long each adjacency has
been up.
The Successor (the best route) is seen here, and this is the
route you’ll see in the routing table with show ip route. The
Feasible Successor (less-desirable, but still valid) is seen
only in the topology table.
Exam Tip: EIGRP has three tables; the route table, seen
with show ip route; the topology table, seen with show ip
eigrp topology; and the neighbor table, seen with show ip
eigrp neighbor.
R1#conf t
R1(config)#access-list 5 permit 172.1.0.0 0.0.255.255
R1(config)#interface serial0
R1(config-if)#ip access-group 5 in
R1#conf t
R1(config)#access-list 5 permit 172.1.13.1 0.0.0.0
OR
R1#conf t
R1(config)#access-list 5 permit host 172.1.13.1
R1#conf t
R1(config)#access-list 5 permit any
OR
R1#conf t
R1(config)#access-list 5 permit 172.1.13.1 255.255.255.255
These two ACLs perform the same task. All traffic will
match. (You could put any address in for the source IP
address as long as the wildcard mask is 255.255.255.255.)
R1#conf t
R1(config)#access-list 5 remark This ACL blocks telnet traffic.
R1#conf t
R1(config)#access-list 105 permit ip 172.50.50.0 0.0.0.255 210.1.1.0 0.0.0.255
R1(config)#interface serial0
R1(config-if)#ip access-group 105 out
Exam Tips:
The keywords host and any can be used for the source,
destination, or both.
R1#conf t
R1(config)#ip access-list extended NO_WEB_TRAFFIC
R1(config-ext-nacl)#deny tcp any any eq www
R1(config-ext-nacl)#permit ip any any
R1(config-ext-nacl)#interface ethernet0
R1(config-if)#ip access-group NO_WEB_TRAFFIC in
R1(config-if)#ip access-group NO_WEB_TRAFFIC out
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#access-list 99 permit host 110.1.1.1
R1(config)#line vty 0 4
R1(config-line)#login
% Login disabled on line 5, until 'password' is set
% Login disabled on line 6, until 'password' is set
% Login disabled on line 7, until 'password' is set
% Login disabled on line 8, until 'password' is set
% Login disabled on line 9, until 'password' is set
R1(config-line)#password cisco
R1(config-line)#access-class 99 in
R1#conf t
R1(config)#interface serial0
R1(config-if)#ip summary-address rip 110.1.0.0 255.252.0.0
R1#conf t
R1(config)#interface serial0
R1(config-if)#ip summary-address eigrp 100 110.1.0.0 255.252.0.0
NAT
R1#conf t
R1(config)#interface serial0
R1(config-if)#ip nat outside
R1(config-if)#interface ethernet0
R1(config-if)#ip nat inside
The outside NAT interface is the one facing the Internet from
the organization’s point of view; that’s going to be a Serial
interface.
R1#conf t
R1(config)#interface serial0
R1(config-if)#ip nat outside
R1(config-if)#interface ethernet0
R1(config-if)#ip nat inside
R1#conf t
R1(config)#ip nat inside source static 10.5.5.5 210.1.1.2
R1(config)#ip nat inside source static 10.5.5.6 210.1.1.3
R1(config)#ip nat inside source static 10.5.5.7 210.1.1.4
R1#conf t
R1(config)#interface serial0
R1(config-if)#ip nat outside
R1(config-if)#interface ethernet0
R1(config-if)#ip nat inside
R1#conf t
R1(config)#ip nat inside source list 1 pool NATPOOL
R1(config)#ip nat pool NATPOOL 200.1.1.2 200.1.1.5 netmask 255.255.255.0
R1(config)#access-list 1 permit 10.5.5.0 0.0.0.255
Make sure you know NAT inside and out before taking the
CCNA exams. It’s an important concept for both the exam
room and the real world, and judging from internet posts
R3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#interface ethernet0
R3(config-if)#ip nat inside
R3(config-if)#interface serial0
R3(config-if)#ip nat outside
R3(config-if)#ip nat inside source list 1 interface serial0 overload
R3(config)#access-list 1 permit 10.5.5.0 0.0.0.255
R1#conf t
R1(config)#line vty 0 4
R1(config-line)#login
R1(config-line)#password CCNA
You add the login command and configure a password on the VTY lines
to protect Telnet with a password.
R1#conf t
R1(config)#enable password cisco
R1(config)#enable secret ccna
R2#conf t
R2(config)#ip host R1 172.12.123.1
R2#R1
Trying R1 (172.12.123.1)... Open
User Access Verification
Username: CBRYANT
Password:
R1#
Ip name-server
R1#configure terminal
R1(config)#ip name-server 10.1.1.1
R2#abcdef
Translating "abcdef"...domain server (255.255.255.255)
% Unknown command or computer name, or unable to find computer
address
R2#conf t
R2(config)#no ip domain-lookup
R2#abcdef
Translating "abcdef"
% Unknown command or computer name, or unable to find computer
address
R1#configure terminal
R1(config)#line con 0
R1(config-line)#login
% Login disabled on line 0, until 'password' is set
R1(config-line)#password cisco
R1#show config
!
enable secret 5 $1$F0NM$qmLAeyofJm/MxmeawGkEI1
enable password cisco
R1(config)#service password-encryption
R1#show config
Using 1842 out of 32762 bytes
!
enable secret 5 $1$F0NM$qmLAeyofJm/MxmeawGkEI1
enable password 7 070C285F4D06
Cdp enable
Cdp run
No cdp enable
No cdp run
Interface-level commands:
R1#conf t
R1(config)#interface serial0
R1(config-if)#no cdp enable
R1(config)#cdp enable
Global commands:
R1#conf t
R1(config)#no cdp run
R1(config)#cdp run
Version :
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-D-L), Version 12.2(13), RELEASE
SOFTWARE (fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Tue 19-Nov-02 20:25 by pwade
advertisement version: 2