150 Vital CCNA Commands PDF

The Bryant Advantage
Cisco Certified Network Associate®

Command Reference
150 Commands Every CCNA

Must Know!
www.thebryantadvantage.com
Chris Bryant, CCIE™ # 12933
Copyright Information:
Cisco®, Cisco® Systems, CCIE™, and Cisco Certified Internetwork
Expert are registered trademarks of Cisco® Systems, Inc., and/or its
affiliates in the U.S. and certain countries.
All other products and company names are the trademarks, registered
trademarks, and service marks of the respective owners. Throughout
this Course Guide, The Bryant Advantage has used its best efforts to
distinguish proprietary trademarks from descriptive names by
following the capitalization styles used by the manufacturer.
Disclaimer:
This publication, The Bryant Advantage CCNA ® Command

Reference, is designed and intended to assist candidates in
preparation for the Intro and ICND exams for the Cisco Certified
Network Associate ® certification. All efforts have been made by the
author to make this book as accurate and complete as possible, but no
guarantee, warranty, or fitness are implied, expressly or implicitly.
The enclosed material is presented on an “as is” basis. Neither the
author, Bryant Instructional Services, or the parent company assume
any liability or responsibility to any person or entity with respect to
loss or damages incurred from the information contained in this
workbook.
This Course Guide is an original work by the Author. Any similarities

between materials presented in this Study Guide and actual CCNA®
exam questions are completely coincidental.
Copyright 2005 © The Bryant Advantage

LAN Switching Commands (2950):
Show interface trunk
SW1#show interface trunk
Port Mode Encapsulation Status Native vlan

Fa0/11 desirable 802.1q trunking 1
Fa0/12 desirable 802.1q trunking 1
Port Vlans allowed on trunk

Fa0/11 1-4094
Fa0/12 1-4094
Port Vlans allowed and active in management domain

Fa0/11 1
Fa0/12 1
Port Vlans in spanning tree forwarding state and not pruned

Fa0/11 1
Fa0/12 none
This command displays all ports that are actively trunking,

their trunking mode, the encapsulation type, and the native
VLAN. It also displays the VLANs that are allowed to have
traffic go across the trunk. CCNA candidates should note
that this is the command that displays the trunking protocol
in use – either 802.1Q (“dot1q) or ISL.
Show mac-address-table
SW1#show mac-address-table
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
All 000f.90e2.25c0 STATIC CPU
All 0100.0ccc.cccc STATIC CPU
All 0100.0ccc.cccd STATIC CPU
All 0100.0cdd.dddd STATIC CPU
1 000b.be2c.518b DYNAMIC Fa0/11
Total Mac Addresses for this criterion: 5
Chris Bryant, CCIE #12933 1 www.thebryantadvantage.com

© 2005 The Bryant Advantage Free CCNA and CCNP tutorials!
This command does just what it says; it shows you the MAC
address table that the switch has built. (You should know
how this table is built before you take any CCNA exam. If
you’re unsure, check Section Two of your copy of The Bryant
Advantage Ultimate CCNA Study Guide.) Note the dashes
that connect the three words.
Show spanning-tree vlan (VLAN_NUMBER)
SW2#show spanning-tree vlan 23
VLAN0023
Spanning tree enabled protocol ieee
Root ID Priority 32791
Address 000b.be2c.5180
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32791 (priority 32768 sys-id-ext 23)

Address 000b.be2c.5180
Aging Time 15
Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------
Fa0/3 Desg FWD 100 128.3 Shr
Fa0/11 Desg FWD 19 128.11 P2p
Fa0/12 Desg FWD 19 128.12 P2p
A vital LAN switching command, the command output shows

if this device is the root bridge for this particular vlan (“this
bridge is the root”), the hello, maxage, and forward delay
values for this VLAN, and the status (“sts”) of each port.
This will be listening, learning, forwarding, or blocking.

Show vlan brief
SW1#show vlan brief
VLAN Name Status Ports

---- -------------------------------- --------- ---------------------------
1 default active Fa0/1, Fa0/3, Fa0/4, Fa0/5
Fa0/6, Fa0/7, Fa0/8, Fa0/9
Fa0/10
23 VLAN0023 active Fa0/2
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
Quickly learn what ports are in what VLAN with this

command. Note the default VLAN is VLAN 1, which is also
the native VLAN.
Show vtp status
SW2#show vtp status

VTP Version :2
Configuration Revision :2
Maximum VLANs supported locally : 64
Number of existing VLANs :6
VTP Operating Mode : Server
VTP Domain Name : CCNA
VTP Pruning Mode : Enabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xE2 0xCC 0x1A 0xB8 0x8E 0x80 0x6F
0xF4
Configuration last modified by 0.0.0.0 at 3-1-93 00:52:40
Local updater ID is 0.0.0.0 (no valid interface found)
The main concerns here is that this is the command that

shows you the VTP operating mode of this device (server,
client, or transparent), the VTP domain name, and whether
pruning is enabled.

Spanning-tree vlan (VLAN_NUMBER) root primary
SW1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
SW1(config)#spanning vlan 23 root primary
SW1(config)#^Z
SW1#show spanning vlan 23
VLAN0023
Spanning tree enabled protocol ieee
Root ID Priority 20503
Address 000f.90e2.25c0
This bridge is the root
This one-line command can make a non-root bridge become

the root bridge. In this example, SW1 was configured with
the command. Where SW2 was the root bridge in the
previous command example, SW1 is now the root bridge.
Note the priority change from the default of 32768.
Vtp domain
Vtp password
Vtp pruning
SW1#conf t
SW1(config)#vtp domain CCNA
Changing VTP domain name from NULL to CCNA
SW1(config)#vtp password CISCO
Setting device VLAN database password to CISCO
SW1(config)#vtp pruning
Pruning switched on
Setting the VTP domain name, password, and enabling

pruning are done with these three commands. Note that the
VTP domain name changed from NULL in this example; this
means that there was no previous VTP domain membership,
not that the previous VTP domain was actually named
“NULL”.
Vlan database
SW2#vlan database
% Warning: It is recommended to configure VLAN from config mode,
as VLAN database mode is being deprecated. Please consult user
documentation for configuring VTP/VLAN in config mode.
SW2(vlan)#
In VLAN DATABASE mode, you can create and modify

VLANs. Note that Cisco is getting away from this mode, as
indicated by the console message received in IOS 12.2.
This is good, since most people using this mode use CTRL-Z
to save their changes. While this works in most
configuration modes, it does NOT work in vlan database
mode. You must enter the commands APPLY or EXIT
in vlan database mode to save your changes.

Frame Relay Commands:
Debug frame lmi
R1#debug frame lmi

Frame Relay LMI debugging is on
Displaying all Frame Relay LMI data
R1#
01:26:40: Serial0(out): StEnq, myseq 98, yourseen 97, DTE up
01:26:40: datagramstart = 0xE47328, datagramsize = 13
01:26:40: FR encap = 0xFCF10309
01:26:40: 00 75 01 01 01 03 02 62 61
01:26:40:
01:26:40: Serial0(in): Status, myseq 98
01:26:40: RT IE 1, length 1, type 1
01:26:40: KA IE 3, length 2, yourseq 98, myseq 98
R1#
01:26:50: Serial0(out): StEnq, myseq 99, yourseen 98, DTE up
01:26:50: datagramstart = 0xE476B8, datagramsize = 13
01:26:50: FR encap = 0xFCF10309
01:26:50: 00 75 01 01 01 03 02 63 62
01:26:50:
01:26:50: Serial0(in): Status, myseq 99
01:26:50: RT IE 1, length 1, type 1
01:26:50: KA IE 3, length 2, yourseq 99, myseq 99
R1#undebug all
All possible debugging has been turned off
Used to troubleshoot down frame relay connections, this

debug shows you whether the DTE is up or down, and also
the sequence numbers of the incoming and outgoing LMI.
When they’re equal or 1 apart, that’s good; any more
indicates why your frame relay is down in the first place – an
LMI mismatch.

Encapsulation frame-relay
R1#conf t
R1(config)#interface serial0
R1(config-if)#encapsulation frame-relay
The first step in configuring frame relay is enabling it on the

interface. This command changes the encapsulation type to
frame relay from the default of HDLC.
Frame map ip <remote_IP> <local_DLCI>

<broadcast>
R1#conf t
R1(config)#int s0
R1(config-if)#frame map ip 172.12.123.2 122 broadcast
R1(config-if)#frame map ip 172.12.123.3 123 broadcast
This command is used to create manual frame mappings,

the preferred method in production networks. Frame relay
must be configured first, as shown.
Note that the mapping is the remote IP address to the local

DLCI. Also, since broadcasts are not sent across frame relay
by default, the broadcast keyword is needed to enable this.

No frame-relay inverse-arp
R1#conf t
R1(config-if)#no frame-relay inverse-arp
By default, frame relay will use Inverse ARP to dynamically

create frame maps. Using InARP can lead to incomplete
frame map tables, and many production networks turn it off
when using frame relay. You do so with this command. It’s
generally done right after enabling frame-relay.
Show frame lmi
R1#show frame lmi
LMI Statistics for interface Serial0 (Frame Relay DTE) LMI TYPE =
CISCO
Invalid Unnumbered info 0 Invalid Prot Disc 0
Invalid dummy Call Ref 0 Invalid Msg Type 0
Invalid Status Message 0 Invalid Lock Shift 0
Invalid Information ID 0 Invalid Report IE Len 0
Invalid Report Request 0 Invalid Keep IE Len 0
Num Status Enq. Sent 167 Num Status msgs Rcvd 168
Num Update Status Rcvd 0 Num Status Timeouts 2
There are 12 fields here, but the ones to be most concerned

about are the highlighted ones. Here, 167 status messages
have been sent, and 168 received. These numbers should
be no more than one apart, or the line protocol is getting
ready to drop. There were two timeouts earlier as well.
Bonus command: To set all your router counters back to

zero, run the command clear counters.

R1#clear counters
Clear "show interface" counters on all interfaces [confirm]
R1#show frame lmi
LMI Statistics for interface Serial0 (Frame Relay DTE) LMI TYPE =
CISCO
Invalid Unnumbered info 0 Invalid Prot Disc 0
Invalid dummy Call Ref 0 Invalid Msg Type 0
Invalid Status Message 0 Invalid Lock Shift 0
Invalid Information ID 0 Invalid Report IE Len 0
Invalid Report Request 0 Invalid Keep IE Len 0
Num Status Enq. Sent 0 Num Status msgs Rcvd 0
Num Update Status Rcvd 0 Num Status Timeouts 0
Show frame map
R1#show frame map

Serial0 (up): ip 172.12.123.2 dlci 122(0x7A,0x1CA0), static,
broadcast,
CISCO, status defined, active
Serial0 (up): ip 172.12.123.3 dlci 123(0x7B,0x1CB0), static,
broadcast,
CISCO, status defined, active
This command will show you both your dynamically and

statically configured frame maps and their status. It will
also show whether broadcasts have been enabled for that
mapping.

Show frame pvc
R1#show frame pvc
PVC Statistics for interface Serial0 (Frame Relay DTE)
Active Inactive Deleted Static

Local 2 0 0 0
Switched 0 0 0 0
Unused 0 0 0 0
DLCI = 122, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE,

INTERFACE = Serial0
input pkts 0 output pkts 0 in bytes 0

out bytes 0 dropped pkts 0 in pkts dropped 0
out pkts dropped 0 out bytes dropped 0
in FECN pkts 0 in BECN pkts 0 out FECN pkts 0
out BECN pkts 0 in DE pkts 0 out DE pkts 0
out bcast pkts 0 out bcast bytes 0
pvc create time 01:40:05, last time pvc status changed 00:29:52
This command shows you how many PVCs you have on your
router, the DLCIs in use, their status, and the interface
they’re configured on.
It also shows your FECN, BECN, and DE statistics. You must

know what these are before taking the CCNA exams. Check
the Frame Relay section of my Ultimate CCNA Study Guide
for a refresher.

ISDN and Point-to-Point Serial Connection Commands
Clock rate <x>
R3#conf t
R3(config)#int s1
R3(config-if)#ip address 172.12.13.2 255.255.255.252
R3(config-if)#clock rate 56000
R3(config-if)#no shut
01:47:59: %LINK-3-UPDOWN: Interface Serial1, changed state to up
R3(config-if)#z
01:48:00: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Serial1, changed state to up
Here, R3’s S1 interface is directly connected to R1’s S1

interface. R3’s S1 interface is the DCE. When two Cisco
routers are directly connected by serial interface, the DCE
must supply a clock rate to the DTE. This command is
configured at the interface level. Once the clock rate is
entered, the line protocol will come up. To see the other
values for this command, use IOS Help after the clock rate
command.
Show controller serial <x>
R1#show controller serial 1

HD unit 1, idb = 0x1DBFEC, driver structure at 0x1E35D0
buffer size 1524 HD unit 1, V.35 DTE cable
I truncated about 20 lines of hexadecimal information that

this command results in, because the key information is in
the second line. This command tells you whether you have
the DTE or DCE end of the DTE/DCE cable connected to this
particular interface.

Debug ppp negotiation
R1#debug ppp negotiation

PPP protocol negotiation debugging is on
R1#ping 172.12.12.2
Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.12.12.2, timeout is 2 seconds:
02:12:01: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up

02:12:01: BR0:1 PPP: Using dialer call direction
02:12:01: BR0:1 PPP: Treating connection as a callout
02:12:01: BR0:1 PPP: Phase is ESTABLISHING, Active Open [0 sess, 0
load]
02:12:01: BR0:1 LCP: O CONFREQ [Closed] id 1 len 14
02:12:01: BR0:1 LCP: AuthProto PAP (0x0304C023)
02:12:01: BR0:1 LCP: MagicNumber 0xE0974794
(0x0506E0974794)
02:12:01: BR0:1 LCP: I CONFREQ [REQsent] id 1 len 14
02:12:01: BR0:1 LCP: MagicNumber 0xE0973A66
(0x0506E0973A66)
02:12:01: BR0:1 LCP: O CONFACK [REQsent] id 1 len 14
02:12:01: BR0:1 LCP: MagicNumber 0xE0973A66
(0x0506E0973A66)
02:12:01: BR0:1 LCP: I CONFACK [ACKsent] id 1 len 14
02:12:01: BR0:1 LCP: MagicNumber 0xE0974794
(0x0506E0974794)
02:12:01: BR0:1 LCP: State is Open
02:12:01: BR0:1 PPP: Phase is AUTHENTICATING, by both [0 sess, 0
load]
02:12:01: BR0:1 AUTH: Started process 0 pid 66
02:12:01: BR0:1 PAP: O AUTH-REQ id 1 len 12 from "R1"
02:12:01: BR0:1 PAP: I AUTH-ACK id 1 len 5
02:12:01: BR0:1 PAP: I AUTH-REQ id 1 len 12 from "R2"
02:12:01: BR0:1 PAP: Authenticating peer R2
02:12:01: BR0:1 PAP: O AUTH-ACK id 1 len 5
02:12:01: BR0:1 PPP: Phase is UP [0 sess, 0 load]
02:12:01: BR0:1 IPCP: O CONFREQ [Closed] id 1 len 10
02:12:01: BR0:1 IPCP: Address 172.12.12.1 (0x0306AC0C0C01)
02:12:01: BR0:1 CDPCP: O CONFREQ [Closed] id 1 len 4
02:12:01: BR0:1 IPCP: I CONFREQ [REQsent] id 1 len 10

02:12:01: BR0:1 IPCP: O CONFACK [REQsent] id 1 len 10
02:12:01: BR0:1 CDPCP: I CONFREQ [REQsent] id 1 len 4
02:12:01: BR0:1 CDPCP: O CONFACK [REQsent] id 1 len 4
02:12:01: BR0:1 IPCP: I CONFACK [ACKsent] id 1 len 10
02:1.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 36/36/36
ms
R1#2:01: BR0:1 IPCP: State is Open
02:12:01: BR0:1 CDPCP: I CONFACK [ACKsent] id 1 len 4
02:12:01: BR0:1 CDPCP: State is Open
02:12:01: BR0 IPCP: Install route to 172.12.12.2
02:12:02: %LINEPROTO-5-UPDOWN: Line protocol on Interface
BRI0:1, changed statto up
Speaking from experience, I can tell you that it’s easy to

make an error when configuring PPP password
authentication, either PAP or CHAP. A null space can make
the entire process fail. You simply must know this command
in order to begin troubleshooting ISDN. It’s kind of hard to
spot a null space with the naked eye, but when there’s a
problem with PPP, this command will point you in the right
direction.
The output shown is a successful PAP authentication.
Dialer-group
R1#conf t
R1(config)#interface bri0
R1(config-if)#dialer-group 1
This interface-level command links the interface to the

dialer-list command, which defines interesting traffic. The
number used here must match the number used in the
dialer-list command.

Dialer-list
R1#conf t
R1(config)#dialer-list 1 protocol ip permit
The dialer-list command defines interesting traffic, which is

the traffic that causes one router to dial another.
Interesting traffic also resets the dialer idle-timer. The
dialer-list is defined globally and is linked to the interface
with the dialer-group command. The number used in the
dialer-list command must match the dialer-group number.
Dialer-list has many options, including the option to define

interesting traffic with access-lists. Use IOS Help to further
explore these options. The dialer-list shown defines all IP
traffic as interesting.
Dialer idle-timeout
R1#conf t
R1(config-if)#dialer idle-timeout 60
By default, when interesting traffic brings up the ISDN link,

an idle-timer of 120 seconds begins to run. Only interesting
traffic resets the idle-timer. To change this default time, use
this command.
EXAM NOTE: Notice that the command value is in seconds,

not minutes.

Dialer load-threshold, ppp multilink
R1#conf t
R1(config-if)#ppp multilink
R1(config-if)#dialer load-threshold 191 outbound
By default, the second b-channel in a BRI interface will not

be used until the first is at capacity. To change this, first
enable ppp multilink. Second, use the dialer load-threshold
command to define the capacity level of the first channel
before the second channel is brought up. Finally, define the
direction you want to consider – inbound, outbound, or both.
EXAM NOTE: The numeric value of this command is NOT a

ratio of 100; it’s a ratio of 255. For example, to bring the
second b-channel up when the first reaches 75% outbound
capacity, you must enter a value that is 75% of 255 – which
is 191. (191 x .75)
Dialer map
R2#conf t
R2(config-if)#dialer map ip 172.12.12.1 name R1 broadcast 5553333
There are no dynamic dialer maps; they must be configured

manually with the dialer map command.
Note that you map the remote IP address to the remote

phone number; 5553333 is R1’s phone number.
As with frame, broadcasts will not be sent over the ISDN link
by default; this must be enabled with the broadcast
keyword.

Dialer pool
Dialer pool-member
Dialer string
Dialer remote-name
Interface dialer0
R1#conf t
R1(config)#interface dialer0
R1(config-if)#ip address 172.12.12.1 255.255.255.252
R1(config-if)#encapsulation ppp
R1(config-if)#dialer pool 1
R1(config-if)#dialer remote-name R2
R1(config-if)#dialer string 5554444
R1(config-if)#interface bri0
R1(config-if)#no ip address
R1(config-if)#dialer pool-member 1
These commands are used to create a dialer profile, which is

a logical dial interface that will be bound to a physical BRI
interface when that particular number is dialed. You need to
know the basics of dialer profile configuration for the CCNA
exams.
Notice that the IP address is on the logical interface Dialer0,

not the physical interface bri0. PPP encapsulation is enabled
on both. The dialer pool, dialer remote-name, and dialer
string commands all go on the dialer0 interface, as does
dialer-group. The dialer pool-member command is
configured on the physical interface.

Encapsulation ppp
No encapsulation ppp
R2#conf t
The default encapsulation type of BRI interfaces is HDLC.

Before you can enable PAP or CHAP authentication, you
must enable PPP encapsulation with this command. To
revert to the default HDLC encapsulation, run no
encapsulation ppp.
Isdn switch-type basic-ni
R2#conf t
R2(config)#isdn switch-type basic-ni
OR
R2(config-if)#isdn switch-type basic-ni
Required for ISDN. You cannot have a working configuration

without this command. You can enter this globally or at the
BRI interface level, as shown. You may see it in your
running configuration under the BRI configuration even
when you enable it globally. That’s the normal behavior.
Ppp authentication chap
R2#conf t
R2(config-if)#ppp authentication chap
Enables chap authentication. There is no “ppp chap sent-

username” command. Passwords must be the same on both
routers when using CHAP.
Ppp authentication pap
Ppp pap sent-username <name> password <password>
R2#conf t
R2(config-if)#ppp authentication pap
R2(config-if)#ppp pap sent-username R2 password cisco
PPP PAP authentication is unencrypted; the passwords go

across the ISDN link in clear-text. The passwords can be
different on each router, though, due to the ppp pap sent-
username command. This command is required for PAP.
Show dialer
R2#show dialer
BRI0 - dialer type = ISDN
Dial String Successes Failures Last DNIS Last status

5553333 6 1 00:00:04 successful
0 incoming call(s) have been screened.
0 incoming call(s) rejected for callback.
BRI0:1 - dialer type = ISDN

Idle timer (120 secs), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is data link layer up
Dial reason: ip (s=172.12.12.2, d=172.12.12.1)
Time until disconnect 117 secs
Connected to 5553333 (R1)
BRI0:2 - dialer type = ISDN

Idle timer (120 secs), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (15 secs)
Dialer state is idle
The key with this important command is that the output

shows you the source and destination of the traffic that
caused the router to dial. If you see 224.0.0.5, 224.0.0.9,

224.0.0.10, or 255.255.255.255 here, you have a great idea
of what traffic brought the link up.
Don’t take the CCNA exam without knowing what kind of

traffic each of those IP addresses represents. Here’s a quick
refresher.
224.0.0.5, OSPF. 224.0.0.9, RIP version 2. 224.0.0.10,

EIGRP. 255.255.255.255, broadcast traffic (routing
protocols IGRP and RIP version 1 send broadcast updates).
Show interface bri0
R2#show interface bri0

BRI0 is up, line protocol is up (spoofing)
Hardware is BRI
Internet address is 172.12.12.2/30
MTU 1500 bytes, BW 64 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, loopback not set
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters 02:20:49
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops:
0
Queueing strategy: weighted fair
Notice the word “spoofing” in parenthesis after the physical

and line protocols are shown as up. There is no active call
on this link, and the ISDN connection is not up. “spoofing”
refers to the fact that the interface is acting as though there
were an active connection.

Show isdn history
R2#show isdn history

-------------------------------------------------------------------------------
-
ISDN CALL HISTORY
-------------------------------------------------------------------------------
-
Call History contains all active calls, and a maximum of 100 inactive
calls.
Inactive call data will be retained for a maximum of 15 minutes.
-------------------------------------------------------------------------------
-
Call Calling Called Remote Seconds Seconds Seconds
Charges
Type Number Number Name Used Left Idle
Units/Currency
-------------------------------------------------------------------------------
-
Out ---N/A--- 5553333 0 0
Out ---N/A--- 5553333 0 0
Out ---N/A--- 5553333 0 0
Out ---N/A--- 5553333 0 0
Out ---N/A--- 5553333 0 0
In 5553333 5554444 0
In 5553333 5554444 0
In 5553333 5554444 0
In 5553333 5554444 2
Out ---N/A--- 5553333 R1 121 0
As the name implies, this command shows the last 10 calls

and the numbers to which they were made.

Show isdn status
R2#show isdn status

Global ISDN Switchtype = basic-ni
ISDN BRI0 interface
dsl 0, interface ISDN Switchtype = basic-ni
Layer 1 Status:
ACTIVE
Layer 2 Status:
TEI = 66, Ces = 1, SAPI = 0, State =
MULTIPLE_FRAME_ESTABLISHED
Layer 3 Status:
1 Active Layer 3 Call(s)
CCB:callid=8008, sapi=0, ces=1, B-chan=1, calltype=DATA
Active dsl 0 CCBs = 1
The Free Channel Mask: 0x80000002
Total Allocated ISDN CCBs = 1
A vital command for ISDN troubleshooting. This command

indicates whether you have defined the ISDN switch-type,
and whether layers 1, 2, and 3 are active. These layers map
to the OSI model.

Static and Distance-Vector Commands:
Bandwidth <x>
R2#conf t
R2(config)#int s0
R2(config-if)#bandwidth 512
IGRP makes a default assumption that any Serial interface

running IGRP is connected to a T1 line, which runs at 1544
KBPS. With equal-cost load-balancing enabled by default,
this may be an undesirable assumption.
To alter IGRP’s assumption, use the bandwidth command on

the serial interface in question. Note that this command
does NOT actually affect the bandwidth available to the
interface; it merely changes IGRP’s assumption of the
bandwidth.
Clear ip route *
R2#clear ip route *
This command clears your routing table of all non-static and

non-connected routes. In a lab environment, it’s very
handy; it forces your routers running routing protocols to
send and request updates, rather than waiting for the
regularly scheduled updates.

Debug ip igrp events
R2#debug ip igrp event

IGRP event debugging is on
R2#clear ip route *
06:02:51: IGRP: broadcasting request on BRI0
06:02:51: IGRP: broadcasting request on Serial0.123
Debug ip igrp events allows you to see IGRP updates being

sent and requested. Here, the debug is run and then the
routing table is cleared. The router immediately broadcasts
update requests via the IGRP-enabled interfaces.
Debug ip igrp transactions
R2#debug ip igrp transactions

IGRP protocol debugging is on
R2#clear ip route *
06:05:33: IGRP: received update from 172.12.123.1 on Serial0.123
06:05:33: subnet 172.12.123.0, metric 10476 (neighbor 8476)
06:05:33: network 1.0.0.0, metric 8976 (neighbor 501)
06:05:33: IGRP: edition is now 3
06:05:33: IGRP: sending update to 255.255.255.255 via BRI0
(172.12.12.2)
06:05:33: network 1.0.0.0, metric=8976
06:05:33: IGRP: sending update to 255.255.255.255 via Serial0.123
(172.12.123.2) - suppressing null update
06:05:34: IGRP: received update from 172.12.12.1 on BRI0
06:05:34: subnet 172.12.13.0, metric 160250 (neighbor 8476)
06:05:34: network 1.0.0.0, metric 158750 (neighbor 501)
To configure IGRP unequal-cost load-sharing with the

variance command, you’ve got to know the metric of the
less-desirable routes. EIGRP keeps these in its topology
table; IGRP has no such table.
To get the metrics of routes not in the routing table, run

debug ip igrp transactions. To force IGRP updates, the
routing table was cleared with clear ip route *.

Debug ip packet
R2#debug ip packet
IP packet debugging is on
R2#ping 172.12.123.2
R2#ping 172.12.123.2
Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.12.123.2, timeout is 2
seconds:
06:10:04: IP: s=172.12.12.2 (local), d=172.12.123.2, len 100,

unroutable.
06:10:06: IP: s=172.12.12.2 (local), d=172.12.123.2, len 100,
unroutable.
06:10:08: IP: s=172.12.12.2 (local), d=172.12.123.2, len 100,
unroutable.
06:10:10: IP: s=172.12.12.2 (local), d=172.12.123.2, len 100,
unroutable.
06:10:12: IP: s=172.12.12.2 (local), d=172.12.123.2, len 100,
unroutable.
Success rate is 0 percent (0/5)
If you have a problem sending a ping, this command will

give you a good idea where the problem is. Here, the
message indicates that there is no route to the destination.
Debug ip rip
2#debug ip rip
IP protocol debugging is on
2#clear ip route *
6:14:53: RIP: received v2 update from 172.23.23.3 on Ethernet0
6:14:53: 1.0.0.0/8 via 0.0.0.0 in 16 hops (inaccessible)
6:14:53: 1.1.1.1/32 via 0.0.0.0 in 2 hops
6:14:53: 172.12.12.2/32 via 0.0.0.0 in 2 hops
6:14:53: 172.12.13.0/30 via 0.0.0.0 in 1 hops
6:14:53: 172.12.123.0/24 via 0.0.0.0 in 1 hops

Run debug ip rip to troubleshoot routing update problems,
RIP authentication problems, and to view the routing update
contents. Clear ip route * was run to clear the routing table
and to force a RIP update. Note that poison reverse is in
operation. (A route that is unavailable is not just dropped
from updates; it is advertised with an unreachable metric.)
Ip route <destination> <mask> <next-hop IP>
OR
Ip route <destination> <mask> <exit interface>
R2#conf t
R2(config)#ip route 1.1.1.1 255.255.255.255 172.12.123.1
OR
R2(config)#ip route 1.1.1.1 255.255.255.255 serial0
To configure a static route to a given destination IP address,

use the ip route command. The destination is followed by a
subnet mask, and that can be followed by either the next-
hop IP address or the exit interface on the local router.
Ip route 0.0.0.0 0.0.0.0 <next-hop-IP-address>

Ip route 0.0.0.0 0.0.0.0 <exit interface>
R2#conf t
R2(config)#ip route 0.0.0.0 0.0.0.0 172.12.123.1
OR
R2(config)#ip route 0.0.0.0 0.0.0.0 ethernet0

To configure a default static route, use either of these two
commands.
You could have any number for the first “0.0.0.0”, since the
second set of zeroes is the subnet mask. This means that
any destination will match this route statement.
Maximum-paths <x>
R2#conf t
R2(config)#router rip
R2(config-router)#maximum-paths 6
By default, distance-vector routing protocols perform equal-

cost load-balancing over four paths. This default can be set
from a minimum of 1 to a maximum of 6 with this
command.
Note: If you configure maximum-paths 1, you are in effect

disabling equal-cost load-balancing.
Network
R2#conf t
R2(config-router)#network 172.12.0.0
The network command indicates that interfaces in the

indicated network will run this particular routing protocol.
The network command is used in RIP, IGRP, EIGRP, and
OSPF.

No auto-summary
R2#conf t
R2(config-router)#version 2
R2(config-router)#no auto-summary
Both RIP version 2 and EIGRP perform summarization of

routes when those routes are advertised across a network
border. (For a complete, illustrated explanation of this
concept, please check the EIGRP section of my Ultimate
CCNA Study Guide.) This default behavior is generally
disabled. To do so, run no auto-summary as shown.
Passive-interface
R2#conf t
R2(config-router)#passive-interface bri0
An interface configured as passive will continue to accept

routing updates, but will no longer send them.
Exam Note: Even though this command affects an interface,

it is NOT configured at the interface level. It’s configured as
part of the routing protocol configuration.

Router igrp 1
R2#conf t
R2(config)#router igrp 1
This command enables IGRP on the router.
Exam Tip: The number in the command is the Autonomous

System number.
Exam Tip: The only automatic route redistribution between

protocols is between IGRP and EIGRP if the AS number for
each is the same.
Router rip
Version 1
Version 2
R2#conf t
Router rip enables RIP on your router. RIP runs two

versions, 1 and 2, and you must know the differences
between the two before succeeding on the CCNA exams.
By default, RIP sends version 1 updates and accepts version

1 and 2 updates. To change this default to accept and send
updates of only one of the two versions, configure version 1
or version 2 under the RIP routing process.

Show ip protocols
R2#show ip protocols
Routing Protocol is "rip"
Sending updates every 30 seconds, next due in 20 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Redistributing: rip
Default version control: send version 2, receive version 2
Interface Send Recv Triggered RIP Key-chain
Serial0.123 2 2
Automatic network summarization is not in effect
Maximum path: 4
Routing for Networks:
172.12.0.0
Passive Interface(s):
BRI0
Routing Information Sources:
Gateway Distance Last Update
172.12.12.1 120 00:00:24
Distance: (default is 120)
A lot of information here! First, you see the update timers.

Auto-summarization has been turned off; maximum-paths is
set to four; BRI0 has been made a passive-interface; finally,
RIP has been kept at its default Administrative Distance of
120. Also, interface s0.123 is sending and receiving RIP
version 2 only.
Exam Tip: Know all the information that can be seen in this
command’s output.

Show ip route
R2#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter
area * - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
1.0.0.0/32 is subnetted, 1 subnets

S 1.1.1.1 [1/0] via 172.12.123.1
172.12.0.0/16 is variably subnetted, 4 subnets, 3 masks
C 172.12.12.0/30 is directly connected, BRI0
R 172.12.13.0/30 [120/1] via 172.12.12.1, 00:00:10, BRI0
C 172.12.12.1/32 is directly connected, BRI0
R 172.12.123.0/24 [120/1] via 172.12.12.1, 00:00:10, BRI0
172.23.0.0/27 is subnetted, 1 subnets
C 172.23.23.0 is directly connected, Ethernet0
S* 0.0.0.0/0 is directly connected, Ethernet0
[1/0] via 172.12.123.1
This command displays the entire routing table. To see only

the routes of a given protocol, enter the protocol name at
the end of this command, such as show ip route rip:
R2#show ip route rip

172.12.0.0/16 is variably subnetted, 4 subnets, 3 masks
R 172.12.13.0/30 [120/1] via 172.12.12.1, 00:00:20, BRI0
R 172.12.123.0/24 [120/1] via 172.12.12.1, 00:00:20, BRI0
Exam Tip: Note that the letter indicating EIGRP routes is

“D”. “E” was already taken by EGP when EIGRP came along.
☺

Traffic-share balanced
R3#conf t
R3(config-router)#traffic-share balanced
R3#conf t
R3(config)#router eigrp 1
R3(config-router)#traffic-share balanced
When EIGRP and IGRP perform unequal-cost load-sharing,

the load is shared in proportion to the metrics by default;
that is, if one path has a metric that is three times better
than the other path in use, that path will carry roughly three
times as much data.
To divide the load equally among all the paths, configure

traffic-share balanced.
Variance
R3#conf t
R3(config-router)#variance 3
Variance is used to configure unequal-cost load-balancing.

Variance is simply a multiplier. The metric of the best path
is multiplied by the variance; any path with a lower metric
than the result will be used for unequal-cost load-balancing.
Example: Three paths to a destination exist, with the

following metric:
Path 1: 4000
Path 2: 7500
Path 3: 8100

By default, IGRP and EIGRP will use only Path 1. A variance
value of 2 would result in any path with a metric of less than
8000 being used (4000 x 2), so Path 1 and Path 2 would be
used. A variance of 3 would result in all three paths being
used for unequal-cost load-balancing.

OSPF Commands
Area <x> stub
R2#conf t
R2(config)#router ospf 1
R2(config-router)#area 23 stub
To configure an area as stub, configure it as Area 23 has

been configured here.
Exam Tip: For an area to be configured as stub, all routers

with an interface in that area must be so configured.
Exam Tip: A virtual link cannot be configured with a stub

area as the transit area.
Area <x> stub no-summary
R2#conf t
R2(config-router)#area 23 stub no-summary
To configure an area as a total stub area, use the

configuration shown here.
Exam Tip: A virtual link cannot use a stub or total stub area
as a transit area.
Area <x> virtual-link <remote-router-RID>
R2#conf t
R2(config-router)#area 13 virtual-link 1.1.1.1

A virtual link is created to logically connect a router to Area
0 when no physical connection exists.
Watch the syntax carefully. The area specified is the transit

area, or the area through which the virtual link will form.
This area cannot be a stub or total stub area.
The IP address shown is the OSPF RID (Router ID) of the

remote router. This command must be configured on both
sides of the transit area.
Debug ip ospf adjacency
R3# debug ip ospf adjacency

09:58:43: %SYS-5-CONFIG_I: Configured from console by console
R3#
09:58:48: OSPF: Rcv DBD from 2.2.2.2 on Ethernet0 seq 0xEEF opt
0x42 flag 0x7 len 32 mtu 1500 state INIT
09:58:48: OSPF: 2 Way Communication to 2.2.2.2 on Ethernet0, state
2WAY
09:58:48: OSPF: Neighbor change Event on interface Ethernet0
09:58:48: OSPF: DR/BDR election on Ethernet0
09:58:48: OSPF: Elect BDR 0.0.0.0
09:58:48: OSPF: Elect DR 172.23.23.3
09:58:48: DR: 172.23.23.3 (Id) BDR: none
09:58:48: OSPF: Send DBD to 2.2.2.2 on Ethernet0 seq 0x13F3 opt
0x42 flag 0x7 len 32
09:58:48: OSPF: First DBD and we are not SLAVE
09:58:48: OSPF: Rcv DBD from 2.2.2.2 on Ethernet0 seq 0x13F3 opt
0x42 flag 0x2 l
en 132 mtu 1500 state EXSTART
09:58:48: OSPF: NBR Negotiation Done. We are the MASTER
09:58:48: OSPF: Database request to 2.2.2.2
09:58:48: OSPF: sent LS REQ packet to 172.23.23.2, length 60
R3# mtu 1500 state EXCHANGE
0x42 flag 0x0 l
en 32 mtu 1500 state EXCHANGE
09:58:48: OSPF: Exchange Done with 2.2.2.2 on Ethernet0
09:58:48: OSPF: Synchronized with 2.2.2.2 on Ethernet0, state FULL
09:58:48: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on Ethernet0
from LOADING to FULL, Loading Done
09:58:48: OSPF: Build router LSA for area 23, router ID 172.23.23.3,
seq 0x80000002
09:58:48: OSPF: Build network LSA for Ethernet0, router ID
172.23.23.3
09:58:53: OSPF: Neighbor change Event on interface Ethernet0
09:58:53: OSPF: DR/BDR election on Ethernet0
09:58:53: OSPF: Elect BDR 2.2.2.2
09:58:53: OSPF: Elect DR 172.23.23.3
09:58:53: DR: 172.23.23.3 (Id) BDR: 2.2.2.2 (Id)
debug ip ospf adjacency allows you to watch the adjacency

formation process, and to spot problems preventing
adjacency. In this example, you can see the stages of
OSPF adjacency, and see the DR and BDR election at the
end.
Ip ospf hello <x>

Ip ospf dead <x>
R1#conf t
R1(config)#int s0
R1(config-if)#ip ospf hello 30
R1(config-if)#ip ospf dead 100
OSPF hello and dead timers have different defaults on

different network types; review the OSPF section of The
Bryant Advantage Ultimate CCNA Study Guide for a
refresher on these.
No matter the network types, the default is that the OSPF

deadtime is four times the hello time. One way to change
the deadtime is to change the hello time; no matter what

you set the hello time to, the dead time will change to four
times the new hello value.
You can also set the dead time manually, as shown.
This is done on the interface level, and the timers must

match on both sides of the link. If you change the timers on
one side and not the other, the adjacency will drop.
Ip ospf demand-circuit
R2#conf t
R2(config-if)#ip ospf demand-circuit
Throughout your CCNA and CCNP studies, you’ll be faced

with the ISDN link coming up when you don’t want it to. By
using show dialer to determine the destination of the
interesting traffic that brought the link up, you’ll see that
many times, it’s routing update packets or Hello packets that
brought the link up.
OSPF has a mechanism to allow the ISDN link to have an

adjacency form over the ISDN link, and keep that adjacency
even when the link comes down. By using the ip ospf
demand-circuit command, OSPF will keep the adjacency
without sending Hellos that might otherwise keep resetting
the ISDN idle-timer.
Note that this is an interface-level command.
While you generally see this configured on both sides of the

ISDN link in most books, it’s only needed on one side.

Ip ospf priority 0
R2#conf t
R2(config)#int s0.123
R2(config-subif)#ip ospf priority 0
OSPF hub-and-spoke networks are common, and require

extra configuration on both the hubs and the spokes.
In a hub-and-spoke configuration, the spokes cannot under

any circumstances become the Designated Router (DR) or
Backup Designated Router (BDR). The only way to do this is
to set the spoke’s OSPF interface priority to zero, as shown
above.
Since the OSPF default interface priority is 1, configuring this

on all spokes will ensure that the hub becomes the DR and
that no BDR will be elected.
Ip ospf network non-broadcast
R3#conf t
R3(config)#int s0.31 point-to-point
R3(config-subif)#ip ospf network non-broadcast
Keep in mind that a major reason for OSPF neighbors not forming an
adjacency is a mismatch in the network types. Serial interfaces
default to non-broadcast, but a point-to-point interface will always
default to OSPF network type “point-to-point”. If you have a physical
serial interface on one side of a link and a point-to-point interface on
the other side, the adjacency will not form You can change the OSPF
network type as shown to allow the adjacency to form.

Router-id x.x.x.x
R1#conf t
R1(config-router)#router-id 11.11.11.11
Reload or use "clear ip ospf process" command, for this to take effect
R1#clear ip ospf process
Reset ALL OSPF processes? [no]: yes
10:22:19: OSPF: Interface Serial0 going Down
10:22:19: OSPF: 1.1.1.1 address 172.12.123.1 on Serial0 is dead,
state DOWN
10:22:19: OSPF: Neighbor change Event on interface Serial0
First, what is the default OSPF Router ID (RID)? The rules

are a little odd, so let’s review them.
If a router running OSPF has one or more loopback

addresses, the numerically highest address is the OSPF RID,
even if that interface is not running OSPF.
If a router running OSPF has no loopback addresses, the

numerically highest IP address of the physical interfaces is
the OSPF RID, even if that interface is not running OSPF.
I know it’s second nature to think the interface bearing the

OSPF RID must be running OSPF, but it’s not true.
To change the RID, use the router-id command under the

OSPF process as shown.
Note that to make this command take effect, the router

prompts you to reload or run the “clear ip ospf process”
command. That command is going to restart ALL your OSPF
processes. In other words, don’t try this at work. ☺
Also note that the prompted answer for “reset ALL OSPF
processes?” is no. When the router default for a question is
“no”, the router’s trying to tell you you’re about to do

something fairly drastic. I always take a second look before
I answer “yes” to a question like that.
Show ip ospf
R1#show ip ospf
Routing Process "ospf 1" with ID 11.11.11.11
Supports only single TOS(TOS0) routes
Supports opaque LSA
It is an area border router
SPF schedule delay 5 secs, Hold time between two SPFs 10 secs
Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs
Number of external LSA 0. Checksum Sum 0x000000
Number of opaque AS LSA 0. Checksum Sum 0x000000
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 3. 3 normal 0 stub 0 nssa
External flood list length 0
Area BACKBONE(0)
Number of interfaces in this area is 1
Area has no authentication
SPF algorithm executed 4 times
Area ranges are
Number of LSA 13. Checksum Sum 0x10123B
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0
Area 1
Number of interfaces in this area is 1
Area has no authentication
SPF algorithm executed 2 times
Area ranges are
Number of LSA 6. Checksum Sum 0x02FD14
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0

There’s a lot of output to this command, but the keys for
CCNA and CCNP exam success are that you see the OSPF
RID here, you see the router type (this is an ABR), and you
see the different areas and how many times the SPF
algorithm has been executed.
Since the SPF algorithm (also known as the Dijkstra

algorithm) only runs on a network topology change, a
constantly advancing counter here indicates a flapping link
in the network – one that goes up and down continually, and
which will make the SPF algorithm run every time it does so.
Show ip ospf interface <interface name and number>
R1#show ip ospf interface serial0

Serial0 is up, line protocol is up
Internet Address 172.12.123.1/24, Area 0
Process ID 1, Router ID 11.11.11.11, Network Type
NON_BROADCAST, Cost: 64
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 11.11.11.11, Interface address 172.12.123.1
No backup designated router on this network
Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit
5
Hello due in 00:00:08
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 6
Last flood scan time is 4 msec, maximum is 8 msec
Neighbor Count is 2, Adjacent neighbor count is 2
Adjacent with neighbor 172.23.23.3
Adjacent with neighbor 2.2.2.2
Suppress hello for 0 neighbor(s)
Note that this command shows you the RID, the network
type, what the state is (DR, BDR, DROTHER), the RID of the
DR and BDR, and what adjacencies this interface has
formed.

Show ip ospf neighbor
R1#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface

172.23.23.3 0 FULL/DROTHER 00:01:37 172.12.123.3 Serial0
2.2.2.2 0 FULL/DROTHER 00:01:53 172.12.123.2 Serial0
172.23.23.3 1 FULL/ - 00:00:38 172.12.13.2 Serial1’
A vital OSPF command, you see the RIDs of the router’s

OSPF neighbors, the state of the adjacency, the dead time
(which in a healthy adjacency will decrement for while, then
increment upon receipt of an OSPF Hello), the IP address of
that neighbor, and the neighbor’s interface with which the
adjacency has formed.
Note the state “DROTHER”. This means that the neighbor is

neither the DR nor the BDR for that segment.
Note the state “ – “. This state is seen when the link is

point-to-point. Since a point-to-point link by definition can
only have two hosts, there’s no need for a DR or BDR.
There is no DR or BDR election on a point-to-point link.

EIGRP Command Reference
Network
R3#conf t
R3(config-router)#network 172.12.123.0 0.0.0.255
You enable EIGRP on router interfaces with the network

command. Note that the network command in EIGRP
includes wildcard masks, just as OSPF does.
Exam Tip: As with IGRP, the number following “router

eigrp” is the Autonomous System (AS) number.
Exam Tip: When IGRP and EIGRP are running on the same
router, routes will be automatically redistributed between
the two if the AS number of both is the same; that is, IGRP
100 and EIGRP 100 would automatically redistribute routes;
IGRP 200 and EIGRP 100 would not.
No ip split-horizon eigrp <AS_NUMBER>
R1#conf t
R1(config-if)#no ip split-horizon eigrp 100
Split horizon is enabled by default on interfaces running

EIGRP. (Remember that EIGRP is a hybrid; it has some
characteristics of distance-vector protocols and some of link-
state protocols. Split horizon is a distance-vector behavior.)
Occasionally, you may need to turn split horizon off in a

hub-and-spoke network to have full network reachability.
You turn split horizon off at the interface level as shown.

Router eigrp <AS_NUMBER>
R2#conf t
Enable EIGRP on a router with the router eigrp command.

The number defined is the Autonomous System number.
Show ip eigrp neighbors
R1#show ip eigrp neighbors

IP-EIGRP neighbors for process 100
H Address Interface Hold Uptime SRTT RTO Q Seq Type
(sec) (ms) Cnt Num
0 172.12.123.3 Se0 13 00:01:53 52 312 0 5
1 172.12.123.2 Se0 149 00:03:18 51 306 0 2
EIGRP neighbors are shown for each EIGRP process with this single
command. Note that you can also see how long each adjacency has
been up.
Show ip eigrp topology
R1#show ip eigrp topology

IP-EIGRP Topology Table for AS(100)/ID(1.1.1.1)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,

r - reply Status, s - sia Status
P 3.3.3.3/32, 1 successors, FD is 2297856

via 172.12.123.3 (2297856/128256), Serial0
via 172.12.123.2 (2323456/409600), Serial0
via Connected, Loopback0
via 172.12.123.2 (2297856/128256), Serial0
via 172.12.123.3 (2323456/409600), Serial0
via 172.12.123.3 (2195456/281600), Serial0
via 172.12.123.2 (2195456/281600), Serial0
via Connected, Serial0

To configure unequal-cost load-balancing with the variance
command, you need to know the metrics of the less-
desirable routes. With EIGRP, this is easy if you know where
to look. All these routes are kept in the EIGRP Topology
Table.
The Successor (the best route) is seen here, and this is the
route you’ll see in the routing table with show ip route. The
Feasible Successor (less-desirable, but still valid) is seen
only in the topology table.
Exam Tip: EIGRP has three tables; the route table, seen
with show ip route; the topology table, seen with show ip
eigrp topology; and the neighbor table, seen with show ip
eigrp neighbor.
Note that the routes in the topology table are seen as

Passive, indicated by the letter “P”. There are no active
routes. At first glance, this may not seem good, but this is
actually what you want.
Routes marked as Passive are not currently being calculated

by DUAL (EIGRP’s algorithm), and are available to carry
data. Routes marked as Active are being calculated by
DUAL and cannot currently be used to carry data.
In a perfectly working network, routes that go into Active

don’t stay there very long. If you see one that stays there,
the acronym used for that is SIA – Stuck-In-Active. Start
looking for solutions in Google for that one. ☺

Advanced TCP/IP Topics Command Summary
(Access-lists, NAT, Route Summarization)
Standard Access List Format and Application:
R1#conf t
R1(config)#access-list 5 permit 172.1.0.0 0.0.255.255
R1(config-if)#ip access-group 5 in
First, the access-list (abbreviated as “ACL”) is written.

Second, the ACL is applied to the interface.
A standard ACL is straightforward, but there are a lot of

details in that little configuration. Mastery of these details
will make you a CCNA and CCNP. Let’s take a look at these
details.
• Remember that every ACL ends with an implicit deny.

If traffic is not explicitly permitted, it is implicitly
denied.
• ACLs run from top to bottom; when there is a match,
the ACL no longer runs. This makes the order of the
ACL’s lines vital.
• Standard ACLs can be numbered 1 – 99 and 1300 –
1399.
• Exam Tip: Note the command applying the ACL to the
interface. It begins with “ip”. It ends with the
direction of traffic this ACL will be matched against –
inbound or outbound. An interface can have two ACLs
applied at one time, with one affecting incoming traffic
and another affecting outgoing traffic.
• ACLs always use wildcard masks, just as OSPF and
EIGRP do.
• Standard ACLs consider only the source IP address.

ACLs using “host”, “any”, and “remark”
R1#conf t
OR
R1#conf t
R1(config)#access-list 5 permit host 172.1.13.1
These two ACLs perform the same task. Traffic matching

the single IP address 172.1.13.1 will be permitted, with all
other traffic denied by the implicit deny.
The word “host” can be used in place of the wildcard mask

0.0.0.0. Exam Tip: Note that while a wildcard mask of
0.0.0.0 follows the address, the word “host” precedes it.
R1#conf t
R1(config)#access-list 5 permit any
OR
R1#conf t
These two ACLs perform the same task. All traffic will
match. (You could put any address in for the source IP
address as long as the wildcard mask is 255.255.255.255.)
The word “any” can be used in place of the source IP

address and wildcard mask 255.255.255.255.
R1#conf t
R1(config)#access-list 5 remark This ACL blocks telnet traffic.
Use the remark command to add comments to your ACL.

Extended Access Lists Configuration and Application
R1#conf t
R1(config)#access-list 105 permit ip 172.50.50.0 0.0.0.255 210.1.1.0 0.0.0.255
R1(config-if)#ip access-group 105 out
Exam Tips:
Extended ACLs have numeric ranges of 100 – 199 and 2000

– 2699.
Extended ACLs can match against source IP address,

destination IP address, protocol type, and well-known port
number (for example, port 80 to block web traffic).
Extended ACLs run from top to bottom; once a match is

found, the ACL stops running.
Extended ACLs have an implicit deny at the end.
Extended ACLs are applied in the same fashion as standard

ACLs. Watch the “ip” that the command begins with, and
that the direction of traffic this ACL will be matched against
must be specified. Overall, you can have two ACLs applied
on an interface – one applied to inbound traffic and the
other to outbound traffic.
The keywords host and any can be used for the source,
destination, or both.

Named ACL Configuration And Application
R1#conf t
R1(config)#ip access-list extended NO_WEB_TRAFFIC
R1(config-ext-nacl)#deny tcp any any eq www
R1(config-ext-nacl)#permit ip any any
R1(config-ext-nacl)#interface ethernet0
R1(config-if)#ip access-group NO_WEB_TRAFFIC in
R1(config-if)#ip access-group NO_WEB_TRAFFIC out
Named ACLs can be either standard or extended, and this is

defined when the ACL is created.
Here, an ACL blocking WWW traffic is created. The line

“permit ip any any” will permit any traffic, regardless of
source or destination, as long as the traffic didn’t match the
first line.
Named ACLs are applied to interfaces in much the same

fashion as numbered ACLs. Note that this ACL was applied
to both inbound and outbound traffic, which does require
two separate lines; there’s no “both” option.
Limiting Telnet Access With ACLs
R1#conf t
R1(config)#access-list 99 permit host 110.1.1.1
R1(config)#line vty 0 4
R1(config-line)#login
% Login disabled on line 5, until 'password' is set
R1(config-line)#password cisco
R1(config-line)#access-class 99 in

ACLs can be applied to the VTY lines (used for Telnet) to
limit who can telnet in to the router, regardless of whether
they know the password or not.
First, ACL 99 was written, and the “host” option is used to

permit only the IP address 110.1.1.1. The implicit deny will
deny all other source addresses.
Login has been allowed and a password of cisco has been

set. The ACL is now applied to the VTY lines with the
access-class command. Note that command – it’s different
than the command used to apply an ACL to interfaces.
Tip: I entered “login” first to show you the message you’ll

get if you enter that command before setting the required
Telnet password. As long as you set a password after
enabling login, there’s no problem. There is no “right” or
“wrong” order to use the login and password commands.
Route Summarization Commands
R1#conf t
R1(config-if)#ip summary-address rip 110.1.0.0 255.252.0.0
R1#conf t
R1(config-if)#ip summary-address eigrp 100 110.1.0.0 255.252.0.0

Route summarization is covered thoroughly in my Ultimate
CCNA Study Guide. It’s the process of taking several
network numbers and summarizing them into one single
routing update statement. It must be done carefully. If
you’re not familiar with the subject, please refer to Section
Ten of my CCNA Study Guide, which contains several clearly
illustrated examples.
The command to send the summarization is a little odd. It

does not go under the routing process configuration; it’s an
interface-level command. Know how to perform this
summarization before taking the CCNA exams, and be
familiar with the syntax as well.
NAT
Static and dynamic NAT Pre-Configuration
R1#conf t
R1(config-if)#ip nat outside
R1(config-if)#interface ethernet0
R1(config-if)#ip nat inside
Whether you’re configuring static or dynamic NAT, you’ve

got to define your inside and outside addresses.
The inside NAT interface is the one closest to the devices

using RFC 1918 addresses; usually, that’s going to be an
Ethernet interface.
The outside NAT interface is the one facing the Internet from
the organization’s point of view; that’s going to be a Serial
interface.
Exam Tip: The addresses on the inside segment,

represented by RFC 1918 addresses, are referred to as

inside local addresses; the address on the outside interface
is the inside global address.
Static NAT configuration
R1#conf t
R1#conf t
R1(config)#ip nat inside source static 10.5.5.5 210.1.1.2
Static mappings first name an inside local address, and map

that address directly to a inside global address. No other
addresses will use NAT (you often hear this referred to as an
address or user being “natted out”).
To view the mappings, run show ip nat translations .
R3#show ip nat translations

Pro Inside global Inside local Outside local Outside global
--- 210.1.1.2 10.5.5.5 --- ---
--- 210.1.1.3 10.5.5.6 --- ---
--- 210.1.1.4 10.5.5.7 --- ---
To view the active translations and number of static and

dynamic mappings, run show ip nat statistics.
R3#show ip nat statistics

Total active translations: 3 (3 static, 0 dynamic; 0 extended)
Outside interfaces: Serial0
Inside interfaces: Ethernet0
Hits: 0 Misses: 0
Expired translations: 0

Dynamic NAT Configuration
R1#conf t
R1#conf t
R1(config)#ip nat inside source list 1 pool NATPOOL
R1(config)#ip nat pool NATPOOL 200.1.1.2 200.1.1.5 netmask 255.255.255.0
This looks like an intimidating configuration, but by taking it

apart piece by piece, you will see it’s not really complicated.
First, as with static NAT, the inside and outside addresses

had to be defined.
Next, the NAT inside addresses are defined by the ip nat

inside source command. The next part of that command,
“list 1”, refers to access-list 1. In this example, any inside
host with an IP address in the 10.5.5.0 /24 network can use
NAT. Finally, the pool of NAT addresses to be used is named
– the pool NATPOOL.
On the next line, the pool of NAT addresses is defined. The

two addresses listed are the first and last addresses in the
range to be used. Here, the valid NAT outside addresses are
200.1.1.2, 200.1.1.3, 200.1.1.4, and 200.1.1.5. The subnet
mask for these addresses is defined with the netmask
command.
Exam Tip: Take care not to include the actual IP address of

the NAT outside interface in the NAT pool.
Make sure you know NAT inside and out before taking the
CCNA exams. It’s an important concept for both the exam
room and the real world, and judging from internet posts

and my email, most CCNA books do a poor job of explaining
NAT, if they explain it at all. I do have a free NAT tutorial on
my website, www.thebryantadvantage.com, and NAT is
covered in detail in my Ultimate CCNA Study Guide.
PAT – Port Address Translation Configuration
R3#conf t
R3(config)#interface ethernet0
R3(config-if)#interface serial0
R3(config-if)#ip nat inside source list 1 interface serial0 overload
PAT uses a single outside IP address to allow multiple NAT session.

(PAT uses port numbers to keep the conversations separate.) The
configuration for PAT is almost the same as it is for dynamic NAT; the
difference is that a NAT pool is not created; instead, the outside
interface is indicated and the “overload” keyword is added.
Telnet Password Creation
R1#conf t
R1(config)#line vty 0 4
R1(config-line)#password CCNA
You add the login command and configure a password on the VTY lines
to protect Telnet with a password.
Tip: Telnet connections are required to be password

protected. If a user attempts to connect to a router that
does not have a VTY password set, the user will receive a
message that says “password required, but none set”.
Tip: Telnet allows five simultaneous connections, not four.

(The lines are 0, 1, 2, 3, and 4 – that’s five!

Setting The Enable Password And Enable Secret
R1#conf t
R1(config)#enable password cisco
R1(config)#enable secret ccna
Both the enable password and enable secret protect

privileged exec mode, more commonly referred to as enable
mode. There are several keys to remember:
• The enable secret is encrypted in the running-
configuration by default, where the enable password is
not.
• If both are configured, the enable secret takes
precedence over the enable password.
• The enable password exists primarily for backwards
compatibility.
Creating An IP Host Table
R2#conf t
R2(config)#ip host R1 172.12.123.1
R2#R1
Trying R1 (172.12.123.1)... Open
User Access Verification
Username: CBRYANT
Password:
R1#
IP Host tables allow you to Telnet to devices by using a

name or word rather than typing the full IP address in.
They’re created with the ip host command.

DNS Commands
Ip name-server
R1#configure terminal
R1(config)#ip name-server 10.1.1.1
The ip name-server command tells the router where a DNS

server can be found.
By default, a Cisco router will perform a DNS lookup on

anything that typed in at the console that is not an IOS
command. This means that if you mistype a command, the
router will attempt to find a DNS server to translate this
mistyped entry:
R2#abcdef
Translating "abcdef"...domain server (255.255.255.255)
% Unknown command or computer name, or unable to find computer
address
This default behavior can be turned off with the no ip

domain-lookup command. Once turned off, it can be
reenabled with the ip domain-lookup command.
It’s a good idea to turn this behavior off in a lab

environment, but be careful about doing this at work !
R2#conf t
R2(config)#no ip domain-lookup
R2#abcdef
Translating "abcdef"
% Unknown command or computer name, or unable to find computer
address
The router is no longer sending out a broadcast to find a

DNS server.

Password Protecting The Console
R1#configure terminal
R1(config)#line con 0
R1(config-line)#password cisco
The first line of defense is password protecting your router

console. To do so, configure “login” and the password on
line con 0.
Encrypting All Passwords In The Running-Config
R1#show config
!
enable secret 5 $1$F0NM$qmLAeyofJm/MxmeawGkEI1
enable password cisco
Notice that the enable password is in clear text.

The enable secret is always encrypted.
R1(config)#service password-encryption
R1#show config
Using 1842 out of 32762 bytes
!
enable secret 5 $1$F0NM$qmLAeyofJm/MxmeawGkEI1
enable password 7 070C285F4D06
To encrypt all passwords in the running configuration, run

service password-encryption.

Cisco Discovery Protocol
Cdp enable
Cdp run
No cdp enable
No cdp run
You need to have these four commands down cold. You

must know how to enable and disable CDP at the interface
level as well as globally.
CDP is enable globally and on all interfaces by default.
Interface-level commands:
R1#conf t
R1(config-if)#no cdp enable
R1(config)#cdp enable
Global commands:
R1#conf t
R1(config)#no cdp run
R1(config)#cdp run

Show commands:
R1#show cdp neighbor

Capability Codes: R - Router, T - Trans Bridge, B - Source Route
Bridge S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID

R3 Ser 1 159 R 2500 Ser 1
R1#show cdp neighbor detail

-------------------------
Device ID: R3
Entry address(es):
IP address: 172.12.13.2
Platform: cisco 2500, Capabilities: Router
Interface: Serial1, Port ID (outgoing port): Serial1
Holdtime : 154 sec
Version :
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-D-L), Version 12.2(13), RELEASE
SOFTWARE (fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Tue 19-Nov-02 20:25 by pwade
advertisement version: 2
Note that while both show the directly connected devices,

only the “detail” command reveals the IP address of the
directly connected device.


150 Vital CCNA Commands PDF

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

150 Vital CCNA Commands PDF

Hochgeladen von

Copyright:

Verfügbare Formate

The Bryant Advantage

Cisco Certified Network Associate®

150 Commands Every CCNA

Chris Bryant, CCIE™ # 12933

This publication, The Bryant Advantage CCNA ® Command

This Course Guide is an original work by the Author. Any similarities

Copyright 2005 © The Bryant Advantage

Show interface trunk

SW1#show interface trunk

Port Mode Encapsulation Status Native vlan

Port Vlans allowed on trunk

Port Vlans allowed and active in management domain

Port Vlans in spanning tree forwarding state and not pruned

This command displays all ports that are actively trunking,

Chris Bryant, CCIE #12933 1 www.thebryantadvantage.com

Show spanning-tree vlan (VLAN_NUMBER)

SW2#show spanning-tree vlan 23

Bridge ID Priority 32791 (priority 32768 sys-id-ext 23)

Interface Role Sts Cost Prio.Nbr Type

A vital LAN switching command, the command output shows

Chris Bryant, CCIE #12933 2 www.thebryantadvantage.com

SW1#show vlan brief

VLAN Name Status Ports

Quickly learn what ports are in what VLAN with this

Show vtp status

SW2#show vtp status

The main concerns here is that this is the command that

Chris Bryant, CCIE #12933 3 www.thebryantadvantage.com

This one-line command can make a non-root bridge become

Setting the VTP domain name, password, and enabling

In VLAN DATABASE mode, you can create and modify

Chris Bryant, CCIE #12933 5 www.thebryantadvantage.com

Debug frame lmi

R1#debug frame lmi

Used to troubleshoot down frame relay connections, this

Chris Bryant, CCIE #12933 6 www.thebryantadvantage.com

The first step in configuring frame relay is enabling it on the

Frame map ip <remote_IP> <local_DLCI>

This command is used to create manual frame mappings,

Note that the mapping is the remote IP address to the local

Chris Bryant, CCIE #12933 7 www.thebryantadvantage.com

By default, frame relay will use Inverse ARP to dynamically

Show frame lmi

R1#show frame lmi

There are 12 fields here, but the ones to be most concerned

Bonus command: To set all your router counters back to

Chris Bryant, CCIE #12933 8 www.thebryantadvantage.com

Show frame map

R1#show frame map

This command will show you both your dynamically and

Chris Bryant, CCIE #12933 9 www.thebryantadvantage.com

R1#show frame pvc

PVC Statistics for interface Serial0 (Frame Relay DTE)

Active Inactive Deleted Static

DLCI = 122, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE,

input pkts 0 output pkts 0 in bytes 0

It also shows your FECN, BECN, and DE statistics. You must

Chris Bryant, CCIE #12933 10 www.thebryantadvantage.com

Clock rate <x>

Here, R3’s S1 interface is directly connected to R1’s S1

Show controller serial <x>

R1#show controller serial 1

I truncated about 20 lines of hexadecimal information that