CCNA
The first IOS was written by William
Yeager in 1986 and enabled networked applications. It runs on most Cisco
routers as well as a growing number of Cisco Catalyst switches, like the
Catalyst 2960 and 3560 series switches used in this book.
Here’s a short list of some important things that
the Cisco router IOS software is
responsible for:
Ø Carrying network protocols
and functions
Ø Connecting high-speed
traffic between devices
Ø Adding security to control
access and stop unauthorized network use
Ø Providing scalability for
ease of network growth and redundancy
Ø Supplying
network reliability for connecting to network resources
Cisco IOS Access:
Ø through the console port of a router or
switch,
Ø through the auxiliary (or aux) port on a
router,
Ø through Telnet and Secure Shell (SSH).
Bringing Up a Switch / Booting Process
of CISCO IOS
When
you first bring up a Cisco IOS device, it will run a power-on self-test—a POST.
Upon
passing that, the machine will look for and then load the Cisco IOS from flash memory if an IOS file is present, then expand it into RAM. As you probably know, flash memory is electronically erasable programmable read-only memory—an EEPROM. The next step is for the IOS to locate and load a valid configuration known as the startup-config that will be stored in nonvolatile RAM (NVRAM). Once the IOS is loaded and up and running, the startup-config will be copied from NVRAM into RAM and from then on referred to as the running-config.9
Bringing Up an Interface
You
can disable an interface with the interface command shutdown and
enable it with the
no shutdown commands.
Just to remind you, all switch ports are enabled by default and all
router
ports are disabled by default, so we’re going to talk more about router ports
than
switch
ports in the next few sections.
If
an interface is shut down, it’ll display as administratively down when you use
the show
interfaces command
(sh int for
short):
Router#sh int f0/0
FastEthernet0/1 is
administratively down, line protocol is down
The Internal Components of a Cisco Router
and Switch
The configuration register is a 16-bit number, represented in
hexadecimal, which controls everything from the way in which a CISCO router
boots to whether or not it will process the contents of the startup
configuration file. By default, the configuration register on a router is set
to a value of 0×2102. The “0x” portion represents the value as hexadecimal, while the “2102” portion is the hexadecimal
representation of the 16-bit value.
·
0x2142 boots from flash without using NVRAM contents
good for password recovery.
·
0x2101 boots from boot prom image not flash, good for
upgrading image on flash.
·
0x2102 is the factory-default configuration register
value.
ROUTER INITIALIZATION
=======================
Continue with configuration dialog? [yes/no]: no
Router>enable
Router#configure terminal
CONFIGURING HOSTNAME
=======================
Router(config)#hostname ArmyHQ
CONFIGURE LINE CONSOLE PASSWORD
===============================
ArmyHQ(config)#line console 0
ArmyHQ(config-line)#password cisco
ArmyHQ(config-line)#login
ArmyHQ(config-line)#exiten
CONFIGURING ENABLE PASSWORD
===========================
ArmyHQ(config)#enable password class ---------Saved in PLAIN TEXT
ArmyHQ(config)#enable secret ccna ------------ MD5 ENCRYPTION FORMAT
ENCRYPT ALL THE PASSWORD IN ROUTER
==================================
ArmyHQ(config)#service password-encryption
CONFIGURING LINE VTY PASSWORD
=============================
ArmyHQ(config)#line vty 0 4
ArmyHQ(config-line)#pass
ArmyHQ(config-line)#password football
ArmyHQ(config-line)#login
ArmyHQ(config-line)#exit
CONFIGURING INTERFACE WITH IP
==============================
ArmyHQ(config)#interface fastEthernet 0/0
ArmyHQ(config-if)#ip address 172.16.0.1 255.255.254.0
ArmyHQ(config-if)#no shutdown
ArmyHQ(config-if)#exit
ArmyHQ(config)#interface fastEthernet 0/1
ArmyHQ(config-if)#ip address 172.16.2.1 255.255.255.224
ArmyHQ(config-if)#no shutdown
ArmyHQ(config-if)#exit
CONFIGURING INTERFACE WITH
DESCRIPTION
======================================
ArmyHQ(config-if)#description UserLAN
SAVING ALL THE COMMANDS
=========================
ArmyHQ#copy running-config startup-config
ERASE (DELAT) FOr ALL THE
COMAND
================================
Router#erase startup-config
Router#reload
CONFIGURING SSH
================
Router(config)#hostname ArmyHQ
ArmyHQ(config)#ip domain-name army.net
ArmyHQ(config)#crypto key generate rsa
The name for the keys will be: ArmyHQ.army.net
How many bits in the modulus [512]: 1048
ArmyHQ(config)#line vty 0 4
ArmyHQ(config-line)#tran
ArmyHQ(config-line)#transport input ssh
ArmyHQ(config-line)#login local
ArmyHQ(config-line)#exit
ADDITIONAL COMMAND FOR SSH
=============================
Army(config)#ip ssh version 2
Army(config)#ip ssh time-out 60
Army(config)#ip ssh authentication-retries 3
SET THE BANNER
==============
Army(config)#banner motd #hackers will be hacked#
SET THE BACKUP TFTP
==================
Army(config)#copy run tftp:
CONFIGURING VLAN 1
==================
Switch(config)#interface vlan 1
Switch(config-if)#ip add 172.16.0.10 255.255.254.0
Switch(config-if)#no sh
Switch(config-if)#exit
Switch(config)#ip default-gateway 172.16.0.1
Switch(config)#exit
CONFIGURATION ROUTER RIP &
RIPNG
====================================
CONFIGURE RIP for IPv4
====================
Router>enable
Router#conf t
Router(config)#interface gigabitEthernet 0/0
Router(config-if)#ip address 172.16.5.1 255.255.255.0
Router(config-if)#no sh
Router(config-if)#exit
Router(config)#interface serial 0/0/0
Router(config-if)#ip address 172.16.9.2 255.255.255.0
Router(config-if)#no sh
Router(config-if)#exit
Router>enable
Router#show ip route connected
Router#conf t
Router(config)#router rip
Router(config-router)#version 2
Router(config-router)#network 172.16.5.0
Router(config-router)#network 172.16.9.0
Router(config-router)#network 172.16.10.0
Router(config-router)#network 172.16.12.0
Router(config-router)#no auto-summary
Router(config-router)#exit
CONFIGURE RIP for IPv6
====================
Router>enable
Router#conf t
Router(config)#ipv6 unicast-routing
Router(config)#interface gigabitEthernet 0/0
Router(config-if)#ipv6 address 2001:211:1:5::1/64
Router(config-if)#no sh
Router(config-if)#ipv6 rip br5 enable
Router(config-if)#exit
Router(config)#interface serial 0/0/0
Router(config-if)#ipv6 address 2001:211:1:9::2/64
Router(config-if)#no sh
Router(config-if)#ipv6 rip br6 enable
Router(config-if)#exit
Router#copy running-config startup-config
CONFIGURATION
ROUTER EIGRP
================================
CONFIGURING EIGRP IPV4 &
IPV6
=============================
Router>enable
Router#configure t
Router(config)#ipv6 unicast-routing
Router(config)#ipv6 router eigrp 100
Router(config-rtr)#no sh
Router(config-rtr)#exit
Router(config)#interface serial 0/2/0
Router(config-if)#ip address 172.16.8.2 255.255.255.252
Router(config-if)#ipv6 address 2001:211:71:2::2/64
Router(config-if)#no sh
Router(config-if)#ipv6 eigrp 100
Router(config-if)#exit
Router(config)#interface serial 0/3/0
Router(config-if)#ip address 172.16.20.1 255.255.255.252
Router(config-if)#ipv6 address 2001:211:71:A::1/64
Router(config-if)#no sh
Router(config-if)#ipv6 eigrp 100
Router(config-if)#exit
Router#show ip route connected
C 172.16.2.0/26 is directly connected, Loopback0
C 172.16.8.0/30 is directly connected, Serial0/2/0
C 172.16.20.0/30 is directly connected, Serial0/3/0
C 172.16.24.0/30 is directly connected, Serial0/2/1
Router#conf t
Router(config)#router eigrp 100
Router(config-router)#network 172.16.2.0
Router(config-router)#network 172.16.8.0
Router(config-router)#network 172.16.20.0
Router(config-router)#network 172.16.24.0
Router(config-router)#no auto-summary
Router(config-router)#exit
Router#copy running-config startup-config
CONFIGURATION
ROUTER EIGRP/WILD CARD MASK
==============================================
CONFIGURING EIGRP FOR
IPV4
=========================
Router>en
Router#conf t
Router(config)#interface loopback 0
Router(config-if)#ip address 172.16.1.1 255.255.255.0
Router(config-if)#exit
Router(config)#int s0/0/0
Router(config-if)#ip address 172.16.2.1 255.255.255.252
Router(config-if)#no sh
Router(config-if)#exit
EIGRP FOR
IPV4
==============
Router(config)#do show ip route conn
Router(config)#router eigrp 100
Router(config-router)#network 172.16.2.0
Router(config-router)#network 172.16.3.0
Router(config-router)#no auto-summary
Router(config-router)#exit
CONFIGURING WILDCARD MUSK FOR
IPV4
===================================
Router(config)#show ip route conn
Router(config)#router eigrp 100
Router(config-router)#net 172.16.1.0 0.0.0.255
Router(config-router)#net 172.16.2.0 0.0.0.3
Router(config-router)#exit
CONFIGURING EIGRP (IPV6)
========================
Router>enabal
Router#config tarminal
Router(config)#ipv6 unicast-routing
Router(config)#ipv6 router eigrp 100
Router(config-rtr)#no shutdown
Router(config-rtr)#exit
Router(config)#interface loopback 0
Router(config-if)#ipv6 address 2001:211:71:2::2/64
Router(config-if)#ipv6 eigrp 100
Router(config-if)#exit
Router(config)#interface serial 0/0/0
Router(config-if)#ipv6 address 2001:211:71:2::2/64
Router(config-if)#ipv6 eigrp 100
Router(config-if)#exit
Router#copy running-config startup-config
CONFIGURING OSPF
=====================
CONFIGURE OSPF FOR
IPV4
========================
Router>enable
Router#conf t
Router(config)#interface gigabitEthernet 0/0
Router(config-if)#ip address 172.16.5.1 255.255.255.0
Router(config-if)#no sh
Router(config-if)#exit
Router(config)#interface serial 0/0/0
Router(config-if)#ip address 172.16.9.2 255.255.255.0
Router(config-if)#no sh
Router(config-if)#exit
Router(config)#show ip route conn
Router(config)#router ospf 1
Router(config-router)#network 172.16.1.0 0.0.0.255 area 0
Router(config-router)#network 172.16.8.0 0.0.0.7 area 0
Router(config-router)#exit
CONFIGURE DR
===============
Router>ena
Router#conf t
Router(config)#interface fastEthernet
0/0
Router(config-if)#ip ospf priority 100
Router(config-if)#exit
CONFIGURE BDR
===============
Router>ena
Router#conf t
Router(config)#interface fastEthernet
0/0
Router(config-if)#ip ospf priority 50
Router(config-if)#exit
PASSIVE INTERFACE CONFIGURING
=============================
Router(config)#router ospf 10
Router(config-router)#passive-interface fa0/1
Router(config-router)#exit
DEFAULT STATIC ROUTE
=====================
router(config)#ip route 0.0.0.0 0.0.0.0 fa1/0
Router(config)#router ospf 10
Router(config-router)#default-information originate
Router(config-router)#exit
To Advertise Static route (summary
ip)
=================================
router(config)#ip route 172.16.0.0 255.255.255.252 fa1/0
Hello Interval (Updat time)
==========================
Router>ena
Router#conf t
Router(config)#interface fastEthernet
0/0
Router(config-if)#ip ospf
hello-interrial 20
Router(config-if)#exit
CREATING VLAN ON SWITCH
========================
CREATING VLAN ON SWITCH
========================
CONFIGURING VTP
===============
FOR SERVER SW
Switch(config)#vtp mode server
Switch(config)#vtp domain army
Switch(config)#vtp password class
Switch(config)#exit
FOR SERVER SW
Switch(config)#VLan 2
Switch(config-vlan)#name sales
Switch(config-vlan)#exit
Switch(config)#vlan 3
Switch(config-vlan)#name mkt
Switch(config-vlan)#exit
Switch(config)#vlan 4
Switch(config-vlan)#name hr
Switch(config-vlan)#exit
FOR CLIENT CLENT SW
Switch(config)#vtp mode client
Switch(config)#vtp domain army
Switch(config)#vtp password class
Switch(config)#exit
CONFIGURING TRUNK PORT
=======================
FOR SW TO SW CONNECTION PORT
Switch(config)#interface range fa0/1-3
Switch(config-if-range)#switchport mode trunk
Switch(config)#exit
To show vlan and trunk port
========================
Switch#show vlan brief
Switch#show interfaces trunk
INTER VLAN ROUTING
====================
FOR HQ
ROUTER
Router(config)#interface fastEthernet 0/0.1
Router(config-subif)#encapsulation dot1Q 1
Router(config-subif)#ip address 172.16.1.1 255.255.255.0
Router(config-subif)#exit
Router(config)#interface fastEthernet 0/0.2
Router(config-subif)#encapsulation dot1Q 2
Router(config-subif)#ip address 172.16.2.1 255.255.255.128
Router(config-subif)#exit
Router(config)#interface fastEthernet 0/0.3
Router(config-subif)#encapsulation dot1Q 3
Router(config-subif)#ip address 172.16.3.1 255.255.255.192
Router(config-subif)#exit
Router(config)#interface fastEthernet 0/0.4
Router(config-subif)#encapsulation dot1Q 4
Router(config-subif)#ip address 172.16.4.1 255.255.255.224
Router(config-subif)#exit
ASSIGNING THE PORT TO THEIR
CORRESPONDING VLANS
================================================
FOR ALL CLIENT SW
Switch(config)#interface fastEthernet 0/3
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 2
Switch(config-if)#exit
DHCP POOL
==========
FOR HQ
ROUTER
Router(config)#ip dhcp pool voice
Router(dhcp-config)#network 172.16.1.0 255.255.255.0
Router(dhcp-config)#default-router 172.16.1.1
Router(dhcp-config)#exit
Router(config)#ip dhcp excluded-address 172.16.1.0 172.16.1.10
Router(config)#exit
ASSINGING A PORT TO VOICE VLAN
==============================
FOR SERVER
CONNECT SW
Switch(config)#int fastEthernet 0/8
Switch(config-if)#switchport mode access
Switch(config-if)#switchport voice vlan 1
Switch(config-if)#exit
BLOCK PRIVATE IP RANGE WITH
STANDARD ACL
========================================
FOR ISP
ROUTER
ISP(config)#ip access-list standard RST-PRIVATE
ISP(config-std-nacl)#deny 10.0.0.0 0.255.255.255
ISP(config-std-nacl)#deny 172.16.0.0 0.15.255.255
ISP(config-std-nacl)#deny 192.168.0.0 0.0.255.255
ISP(config-std-nacl)#permit any
ISP(config-std-nacl)#exit
APPLYING ACL
============
FOR ISP
TO INTERNET PORT
ISP(config)#interface fa0/0
ISP(config-if)#ip access-group RST-PRIVATE out
ISP(config-if)#exit
NAT
========
1. DEFINE WHOM TO NAT
FOR HQ
ROUTER
HQ(config)#ip access-list standard NAT-SOURCE
HQ(config-std-nacl)#permit 172.16.0.0 0.15.255.255
HQ(config-std-nacl)#exit
2. CONFIGURE NAT
FOR HQ
ROUTER
HQ(config)#ip nat inside source list NAT-SOURCE interface fa1/0
overload
3. APPLY NAT
FOR HQ
ROUTER
HQ(config-if)#interface range fa0/0.1,fa0/0.2,fa0/0.3,fa0/0.4,fa0/0.5,fa0/0.6,fa0/0.7
HQ(config-if-range)#ip nat inside
HQ(config-if-range)#exit
HQ(config)#interface fa1/0
HQ(config-if)#ip nat outside
HQ(config-if)#exit
DEFAULT
STATIC ROUTE
=====================
FOR HQ
ROUTER OUT SAID PORT
router(config)#ip route 0.0.0.0 0.0.0.0 fa1/0
Router(config-router)#exit
ACCESS LISTS ALL COMMANDS
==========================
Router>ena
Router#conf t
Router(config)#ip access-list extended
100
Router(config-ext-nacl)#deny icmp any
host 172.16.2.2 echo
Router(config-ext-nacl)#permit ip any
any
Router(config-ext-nacl)#exit
Router(config)#interface fastEthernet
0/0
Router(config-if)#ip access-group 100
in
Router(config-if)#exit
Router#show access-lists
Router(config)#ip access-list extended
100
Router(config-ext-nacl)#5 permit icmp
host 172.16.1.10 host 172.16.2.2 echo
Router(config-ext-nacl)#exit
Router(config)#ip access-list extended
100
Router(config-ext-nacl)#15 deny tcp any
host 172.16.2.2 eq 80
Router(config-ext-nacl)#ex
Router(config)#ip access-list extended
100
Router(config-ext-nacl)#12 permit tcp
host 172.16.1.10 host 172.16.2.2 eq 80
Router(config-ext-nacl)#exit
Router#show access-lists
PORTFIRST
=============
Switch(config)#interface range fa0/5-10
Switch(config-if-range)#switchport mode
access
Switch(config-if-range)#spanning-tree
portfast
Switch(config-if-range)#spanning-tree
bpduguard enable
Switch(config-if-range)#exit
RPVST
======
Switch(config)#spanning-tree mode
rapid-pvst
Switch(config)#spanning-tree vlan 1,3
root primary
Switch(config)#spanning-tree vlan 2,4
root secondary
ETHERCHANNEL
==============
Switch(config)#interface range fa0/1-2
Switch(config-if-range)#channel-group 1
mode active
Switch(config-if-range)#exit
Switch(config)#interface range fa0/3-4
Switch(config-if-range)#channel-group 2
mode desirable
Switch(config-if-range)#exit
STATIC NAT & TELNET
========================
STATIC NAT For ISP Router
ISP isp>en
ISP isp#conf t
ISP isp(config)#ip route
21.21.21.0 255.255.255.248 fa1/0
STATIC NAT For HQ Router
HQ hq>en
HQ hq#conf t
HQ hq(config)#ip nat inside
source static 172.16.2.2 21.21.21.1
HQ hq(config)#exit
TELNAT For HQ Router
HQ hq#conf t
HQ hq(config)#enable secret
class
HQ hq(config)#line vty 0 4
HQ hq(config-line)#password
cisco
HQ hq(config-line)#login
HQ hq(config-line)#exit
HQ hq>enab
HQ hq#conf t
HQ hq(config)#ip access-list
standard RST-TELNET
HQ hq(config-std-nacl)#permit
host 172.16.1.10
HQ hq(config-std-nacl)#exit
HQ hq(config)#line vty 0 4
HQ hq(config-line)#access-class
RST-TELNET in
HQ hq(config-line)#exit
NAT POLL
==============
FOR HQ ROUTER
Router(config)#interface fastEthernet 0/0
Router(config-if)#ip address 172.16.1.1 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#exit
hq(config)#interface fastEthernet 0/1
hq(config-if)#ip address 172.16.2.1 255.255.255.240
hq(config-if)#no shutdown
hq(config-if)#exit
Router(config)#interface serial 0/0/0
Router(config-if)#ip address 11.11.11.1 255.255.255.252
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#hostname hq
hq(config)#exit
hq#copy running-config startup-config
FOR ISP ROUTER
Router>en
Router#conf t
Router(config)#interface serial 0/0/0
Router(config-if)#ip address 11.11.11.2 255.255.255.252
Router(config-if)#no sh
Router(config-if)#exit
Router(config)#interface fastEthernet 0/0
Router(config-if)#ip address 4.4.4.1 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#hostname isp
isp(config)#exit
isp#copy running-config startup-config
isp(config)#ip access-list standard RST-PRIVATE
isp(config-std-nacl)#deny 172.16.0.0 0.15.255.255
isp(config-std-nacl)#permit any
isp(config-std-nacl)#exit
isp(config)#ip access-list standard RST-PRIVATE
isp(config-std-nacl)#deny 172.16.0.0 0.15.255.255
isp(config-std-nacl)#permit any
isp(config-std-nacl)#exit
FOR HQ ROUTER
hq(config)#ip nat pool NAT-POOL 21.21.21.2 21.21.21.5 netmask
255.255.255.248
hq(config)#ip access-list standard NAT-SOURCE
hq(config-std-nacl)#permit 172.16.0.0 0.15.255.255
hq(config-std-nacl)#exit
hq(config)#ip nat inside source list NAT-SOURCE pool NAT-POOL overload
hq(config)#interface range fa0/0-1
hq(config-if-range)#ip nat inside
hq(config-if-range)#exit
hq(config)#interface serial 0/0/0
hq(config-if)#ip nat outside
hq(config-if)#exit
hq(config)#ip route 0.0.0.0 0.0.0.0 serial 0/0/0
hq(config)#exit
FOR ISP ROUTER
isp(config)#ip route 21.21.21.0 255.255.255.248 serial 0/0/0
isp(config)#exit
PASSWORD RECOVERY
======================
Router
physicaly off then on
Control+pause/break
rommon 1 > confreg 0x2142
rommon 2 > reset
Continue with configuration dialog?
[yes/no]: no
Router>ena
Router#copy startup-config running-config
Router#conf t
Router(config)#line console 0
Router(config-line)#password 123456
Router(config-line)#login
Router(config-line)#exit
Router(config)#config-register 0x2102
Router(config)#exit
Router#copy running-config
startup-config
Router#reload
ALL SHOW COMD
Router#show vtp
status
Router#show vtp
password
Router#show
vlan-switch
Router#show vlan
brief
Router#show
interfaces trank
Router#show
running-config
Router#show ip route
connected
SWITCHPORT SECURITY
====================
Switch(config)#int r fa0/3-4
Switch(config-if-range)#switchport mo
Switch(config-if-range)#switchport mode
ac
Switch(config-if-range)#switchport
port-security
Switch(config-if-range)#switchport
port-security maximum 1
Switch(config-if-range)#switchport
port-security mac-address sticky
Switch(config-if-range)#switchport
port-security violation shutdown
Switch(config-if-range)#exit
Switch(config)#ex it
No comments