You are on page 1of 14

S1# dir ? [flash:,...

]
S1# configure terminal
S1# hostname hostname
S1# enable secret secret_password
S1# service password-encryption
S1# banner motd # Authorized access only. Unauthorized access is prohibited and
violators will be prosecuted to the full extent of the law. #
S1# ip ssh version 2
S1# security passwords min-length number_of_carecters
S1# login block-for time_in_seconds attemp number_of_attemps within time_in_seconds
S1# username username secret secret_password
S1# ip domain-name domain_name
S1# crypto key generate rsa
Configure Switch Managenet Interface
*S1# ipv6 unicast-routing (enble for IPv6 addressing)
S1(config)# interface interface_id
S1(config-if)# ip address ip_address network_mask
S1(config-if)# ipv6 address ipv6_address
S1(config-if)# ipv6 address ipv6_address link-local
S1(config-if)# no shutdown
S1(config-if)# description description
S1(config-if)# duplex (auto | full | ...)
S1(config-if)# speed (auto | speed 10/100/ | ...)
S1(config-if)# mdix (auto | ...)
S1(config-if)# switchport access vlan vlan_id

S1(config)# interface loopback id
S1(config-if)# ip address ip_address network_mask
S1(config-if)# no shutdown
S1(config-if)# description description
*S1(config)# ip default-gateway default_gateway

S1(config)# line console 0
S1(config)# line vty 0 4 / 5 15
S1(config)# line aux 0
S1(config-line)# password password
S1(config-line)# login
S1(config-line)# exec-timeout 5 0
S1(config-line)# login local
S1(config-line)# transport input ssh telnet




Configure Switch Default Gateway
S1(config)# ip default-gateway default_gateway
Secure Remote Access
Configure SSH (Telnet) for Remote Management
S1(config)# ip domain-name domain_name
S1(config)# crypto key generate rsa
S1(config)# username username secret password
S1(config)# ip ssh version 2
S1(config)# line vty 0 15
S1(config-line)# transport input (ssh | telnet)
S1(config-line)# login local
Switch Port Security
Disable Unused Ports
S1(config)# interface range type_module/first_number last_number
S1(config-range)# shutdown
DHCP Snooping
S1(config)# ip dhcp shooping (enable_DHCP_snooping)
S1(config)# ip dhcp shooping vlan_id (enable_DHCP_snooping_for_specific_VLANs)
S1(config)# interface interface_id
S1(config-if)# ip dhcp snooping trust (defining_trusted_ports)
S1(config-if)# ip dhcp snooping limit rate number (Limit_rate_of_DHCP_attacks)
Sticky Secure & Violation Modes
S1(config)# interface interface_id
S1(config-if)# switchport mode access (set interface mode to access)
S1(config-if)# switchport port-security (enble port security)
S1(config-if)# switchport port-security maximum number (max. addresses on port)
S1(config-if)# switchport port-security mac-address sticky mac-address
S1(config-if)# switchport port-security violation (protect | restrict | shutdown)
Configuring NTP (Network Time Protocol)
S1(config)# ntp master (stratum number 1 to 15)
S1(config)# ntp server ip-address (software clock synchronized by NTP time server)
VLAN
Create a VLAN
S1(config)# vlan vlan_id
S1(config-vlan)# name vlan-name
Assign Port to VLAN
S1(config)# interface interface_id
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan vlan_id
Remove VLAN Assignment
S1(config-if)# no switchport access vlan

Delete a VLAN
S1(config)# no vlan vlan_id
Trunk Configuration
S1(config)# interface interface_id
S1(config-if)# switchport mode trunk
S1(config-if)# switchport trunk native vlan native_vlan id (99 standard)
S1(config-if)# switchport trunk allowed vlan vlan-list
Resetting Configured Values on Trunk links
S1(config)# interface interface_id
S1(config-if)# no switchport trunk native vlan
S1(config-if)# no switchport mode trunk allowed vlan
Return Port to Access Mode
S1(config)# interface interface_id
S1(config-if)# switchport mode access vlan
DTP (Dynamic Trunking Protocol) Negotiated Interface Modes
S1(config)# interface interface_id
S1(config-if)# switchport mode access (interface becomes a nontrunk interface)
S1(config-if)# switchport mode trunk (interface becomes a trunk interface)
S1(config-if)# switchport nonegotiate (prevents from generating DTP frames.
You can use this command only in switchport mode is access or trunk)
S1(config-if)# switchport mode dynamic auto (interface is able to convert the
link to a trunk link)
S1(config-if)# switchport mode dynamic desirable (interface becomes a trunk
interface if the neighboring interface is set to
trunk, desirable, or auto mode) vlan
VLAN Serurity
S1(config)# interface interface_id
S1(config-if)# switchport protected (configure the PVLAN Edge [Private VlAN])
Troubleshoot VLANs and Trunks
S1# show mac address-table [interface interface_id]
S1# show interfaces trunk
S1# show interfaces interface_id switchport
S1# show interfaces interface_id trunk
Show
S1# show interfaces [interface_id | vlan vlan_id | switchport]
S1# show vlan [brief | id vlan_id | name vlan_id | summary]
S1# show dtp interface interface_id

Inter-VLAN Routing (Chapter 5)

Configure Legacy Inter-VLAN Routing
5.1.2.2. Switch Configuration
S1(config)# vlan vlan_id
S1(config-vlan)# name vlan_name
S1(config)# interface interface_id
S1(config-if)# switchport access vlan vlan_id
5.1.2.3 Router Interface Configuration
R1(config)# interface interface_id
R1(config-if)# ip address ip_address network_mask
R1(config-if)# no shutdown
Configure Routeronstick
5.1.3.2. Switch Configuration
S1(config)# vlan vlan_id
S1(config-vlan)# name vlan_name
S1(config)# interface interface_id
S1(config-if)# switchport mode trunk
5.1.2.3 Router Subinterface Configuration
R1(config)# interface interface_id.vlan_id
R1(config-if)# encapsulation dot1Q vlan_id
R1(config-if)# ip address ip_address network_mask
R1(config)# interface interface
R1(config-if)# no shutdown
Verifying
Verifying Subinterfaces
R1# show vlans
R1# show ip route
Verifying Routing
PC1> ping ip_address
PC1> tracert ip_address
Verifying Switch Configuration
S1# show interfaces interface_id switchport
S1# show running-config
Verify Router Configuration
R1# show interface
R1# show ip interface
R1# show running-config
Verifying IP Address and Subnet Mask Configuration Issues
PC1>ipconfig


5.3.1.5 Configuring Static Routes on a Catalyst 2960
S1# show sdm prefer
S1# configure terminal
S1(config)# sdm prefer ?
S1(config)# sdm prefer lanbase-roouting
S1(config)# do reload
S1# show sdm prefer
S1(config)# interface interface_id
S1(config-if)# switchport access vlan vlan_id
S1(config-if)# interface vlan vlan_id
S1(config-if)# ip address ip_addres network_mask
S1(config)# ip routing
S1(config)# do show ip route

R1# show ip route
R1# configure terminal
R1(config)# ip route 0.0.0.0 0.0.0.0 ip_address
R1(config)# do show ip route
R1(config)# ip route ip_address network_mask interface_id
R1(config)# do show ip route



Static Routing (Chapter 6)

ip route Command Syntax
R1(config)# ip route network-address subnet-mask {ip-address | interface-type interface-
number [ip-address]} [distance] [name name] [permanent] [tag tag]
R1(config)# ip route network-address subnet-mask {ip-address | exit-intf}
Configure
Next-Hop Static Route
R1(config)# ip route network_ip_address network_mask next_hop_ip_address
Directly Connected Static Route
R1(config)# ip route network_ip_address network_mask interface_id_address
Fully Specified Static Route
R1(config)# ip route network_ip_address network_mask interface_id address
next_hop_ip_address
Verify a Static Route
R1# show ip route
R1# show ip route static | begin Gateway
R1# show ip route network_ip_address
R1# show running-config | section ip route
Configure a Default Static Route
R1(config)# ip route 0.0.0.0 0.0.0.0 { ip-address | exit-intf }
Verify a Default Static Route
R1# show ip route static
Configure a Floating Static Route
R1(config)# ip route 0.0.0.0 0.0.0.0 ip-address (1, defult exit-intf)
R1(config)# ip route 0.0.0.0 0.0.0.0 ip-address higher_exit-intf
(higher administrative distance)
Verify a Default Static Route
R1# show ip route static | begin Gateway
Troubleshoot
a Missing Route
R1# ping destination_ip_address source source_ip_address
R1# traceroute ip_address
R1# show ip route | begin Gateway
R1# show ip interface brief
R1# show cdp neighbors [detail]
Solve a Connectivity Problem
R1# ping destination_ip_address source interface_id
R1# traceroute ip_address
R1# show ip route | begin Gateway
R1# show running-config | section ip route
6.4.1 Configuring IPv4 Summary Route
R1(config)# ip route summary_ip_address summary_network_Mask {ip-address | exit-intf}

The IPv6 route Command
R1(config)# ipv6 unicast-routing
R1(config)# ipv6 route ipv6-prefix/prefix-length { ipv6-address | exit-intf }
Verify the Ipv6 Routing Table
R1# show ipv6 route
Connectivity
R1# ping ipv6_address
Configure a Next-Hop Static IPv6 Route
R1(config)# ipv6 unicast-routing
R1(config)# ipv6 route ipv6-prefix/prefix-length next_hop_ipv6_address
Verify the Ipv6 Next-Hop
R1# show ipv6 route
Configure a Directly Connected Static IPv6 Route
R1(config)# ipv6 unicast-routing
R1(config)# ipv6 route ipv6-prefix/prefix-length interface_ipv6_address
Verify the Ipv6 Next-Hop
R1# show ipv6 route
Configure a Fully Specified Static IPv6 Route
R1(config)# ipv6 unicast-routing
R1(config)# ipv6 route ipv6-prefix/prefix-length interface_id address
next_hop_ipv6_address
Verify the Ipv6 Next-Hop
R1# show ipv6 route static | begin gateway
Verify IPv6 Static Routes
R1# show ipv6 route
R1# show ipv6 route static | begin gateway
R1# show ipv6 route network_ipv6_address
R1# show running-config | section ipv6 route
Default Static Ipv6 Route Syntax
R1(config)# ipv6 route ::/0 { ipv6-address | exit-intf }
Verify a Default Static Route
R1# show ipv6 route static

6.4.2 Configuring Ipv6 Summary Route
R1(config)# ip route summary_ipv6_address {ipv6-address | exit-intf}


Verification Commands Show ?
S1# show ip interface brief
S1# show interfaces [interface_id | vlan vlan_id | switchport]
S1# show startup-config
S1# show running-config
S1# show flash
S1# show version
S1# show history
S1# show ip ssh
S1# show ssh
S1# show mac-address-table
S1# show controllers ethernet-controller interface_id | include (Auto-MDIX)
S1# show port-security interface interface-id
S1# show port-security address
S1# show ntp associations
S1# show ntp status
S1# show vlan [brief | id vlan_id | name vlan_id | summary]
S1# show dtp interface interface_id
S1# show arp
S1# show ip route
R1(config)# do show ip route
S1# show protocols
S1# show version
S1# show sdm prefer
Verifying Subinterfaces
R1# show vlans
R1# show ip route
R1(config)# do show ip route
Verifying Routing
PC1> ping ip_address
PC1> tracert ip_address
Verifying Switch Configuration
S1# show interfaces interface_id switchport
S1# show running-config
Verify Router Configuration
R1# show interface
R1# show ip interface
R1# show running-config

Saving configuration
S1# copy running-config startup-config
S1# copy running-config tftp:
Address or name of remote host [ ]

Classful Network Addressing

Class High Order Bits Start End
Class A 0xxxxxxx 0.0.0.0 127.255.255.255
Class B 10xxxxxx 128.0.0.0 191.255.255.255
Class C 110xxxxx 192.0.0.0 223.255.255.255
Class D (Multicast) 1110xxxx 224.0.0.0 239.255.255.255
Class E (Reserved) 1111xxxx 240.0.0.0 255.255.255.255


Classful Subnet Masks

Class A Network
1st Octet 2nd Octet 3rd Octet 4th Octet
Always starts with binnary 0 0xxx xxxx
Decimal equivalent 0 - 127

Network Host Host Host
Subnet Mask 255 .0 .0 .0

Class B Network
1st Octet 2nd Octet 3rd Octet 4th Octet
Always starts with binnary 10 10xx xxxx xxxx xxxx
Decimal equivalent 128 191 0 - 255

Network Network Host Host
Subnet Mask 255 .255 .0 .0

Class C Network
1st Octet 2nd Octet 3rd Octet 4th Octet
Always starts with binnary 110 110x xxxx xxxx xxxx xxxx xxxx
Decimal equivalent 192 223 0 - 255 0 - 255

Network Network Network Host
Subnet Mask 255 .255 .255 .0




SVI Switch Virtual Interface
PDU Protocol Data Unit
ping
tracert
ipconfig /all
ipconfig /displaydns (pohranjene adrese DNS servera)
ipconfig /flushdns (brie listu pohranjenih adresa DNS servera)
nslookup (tool to lookup and find IP address information in the DNS (Domain Name System))

Unicast MAC address starts with: 00:07:E9 (00-07-E9)
Multicast MAC address starts with: 01:00:5E (01-00-5E)
Broadcast MAC address: FF:FF:FF:FF:FF:FF (ff-ff-ff-ff-ff-ff)




1 1 1 1 1 1 1 1
2^7 2^6 2^5 2^4 2^3 2^2 2^1 2^0
128 64 32 16 8 4 2 1

Mask Subnet Broj Adresa /
Bits Mask Broj Hostova
/16 255.255.0.0 65536 / 65534
/17 255.255.128.0 32768 / 32766
/18 255.255.192.0 16384 / 16382
/19 255.255.224.0 8192 / 8190
/20 255.255.240.0 4096 / 4094
/21 255.255.248.0 2048 / 2046
/22 255.255.252.0 1024 / 1022
Mask Subnet Broj Adresa /
Bits Mask Broj Hostova
/24 255.255.255.0 256 / 254
/25 255.255.255.128 128 / 126
/26 255.255.255.192 64 / 62
/27 255.255.255.224 32 / 30
/28 255.255.255.240 16 / 14
/29 255.255.255.248 8 / 6
/30 255.255.255.252 4 / 2
/23 255.255.254.0 512 / 510

/x = Mask bits -> Host bits = 32 x

Broj adresa = 2^(Host bits) Broj Host adresa = [2^(Host bits)] 2

Summarize Ipv4 Network Addresses

Korak 1: Ispisati mrene adrese / prefikse i identificirati dio koji je razlliit
192.168.65.0/28
192.168.65.32/28
192.168.65.64/28

Korak 2: Pretvoriti razliiti dio iz dekadskog u binarni
192.168.65.0000 0000
192.168.65.0010 0000
192.168.65.0100 0000

Korak 3: Izbrojati brojeve (binarne pozicije) s lijeva gdje se brojevi podudaraju kako bi
smo odredili duljinu prefiksa saete rute
8 + 8 + 8 + 1 = /25 (new prefix-length)

Korak 4: Kopirati bitove koji su usklaeni, te dodati nul-bitove na pozicije koje su bile
razliite, dodati prefiks saete rute (rezultat koraka 3)
192.168.65.0000 0000/25

Korak 6: Pretvoriti binarni dio u dekadski zapis, zapisati prefiks Mrene Maske u
dekadskom obliku
Sumarized Network
192.168.65.0/25 255.255.255.128


PRIMJERI
172.16.1.0 / 24 172.16.0000 0001.0000 0000
172.16.2.0 / 24 172.16.0000 0010.0000 0000
172.16.3.0 / 24 172.16.0000 0011.0000 0000
172.16.0.0 / 22 255.255.252.0

10.15.0.0. /27 10.0000 1111.0000 0000.0000 0000
10.20.0.0. /27 10.0001 0100.0000 0000.0000 0000
10.25.0.0. /27 10.0001 1001.0000 0000.0000 0000
10.30.0.0. /27 10.0001 1110.0000 0000.0000 0000
10.0.0.0 / 11 255.224.0.0

192.168.16.0 / 27 192.168.0001 0000.0
192.168.70.0 / 30 192.168.0100 1010.0
192.168.1.0 / 30 192.168.0000 0001.0
192.168.0.0 / 17 255.255.128.0

Summarize IPv6 Network Addresses

Korak 1: Ispisati mrene adrese / prefikse i identificirati dio koji je razlliit
2001:0DB8:ACAD:1::/64
2001:0DB8:ACAD:2::/64
2001:0DB8:ACAD:3::/64
2001:0DB8:ACAD:4::/64

Korak 2: Proiriti Ipv6, ako je zapisan skraeno
2001:0DB8:ACAD:0001::/64
2001:0DB8:ACAD:0002::/64
2001:0DB8:ACAD:0003::/64
2001:0DB8:ACAD:0004::/64

Korak 3: Pretvoriti razliiti dio iz heksadecimalnog u binarni
Heksa binary
2001:0DB8:ACAD:0000 0000 0000 0001::/64
2001:0DB8:ACAD:0000 0000 0000 0010::/64
2001:0DB8:ACAD:0000 0000 0000 0011::/64
2001:0DB8:ACAD:0000 0000 0000 0100::/64

Korak 4: Izbrojati brojeve (binarne pozicije) s lijeva gdje se brojevi podudaraju kako bi
smo odredili duljinu prefiksa saete rute
16 + 16 + 16 + 13 = /61 (new prefix-length)

Korak 5: Kopirati bitove koji su usklaeni, te dodati nul-bitove na pozicije koje su bile
razliite, dodati prefiks saete rute (rezultat koraka 4)
2001:0DB8:ACAD:0000 0000 0000 0000::/61

Korak 6: Pretvoriti binarni dio u heksadecimalni zapis
2001:0DB8:ACAD:0000::/61

Sumarized Network
2001:0DB8:ACAD:0000::/61 proirena
2001:DB8:ACAD:0::/61
2001:DB8:ACAD::/61 skraena

PRIMJERI Ipv6

2001:0DB8:ACAD:000E::/64
2001:0DB8:ACAD:000F::/64
2001:0DB8:ACAD:0000 0000 0000 1110::/64
2001:0DB8:ACAD:0000 0000 0000 1111::/64
16 + 16 + 16 + 15 = /63
2001:0DB8:ACAD:0000 0000 0000 1110::/63
2001:0DB8:ACAD:000E::/63
2001:0DB8:ACAD:E::/63

2001:0DB8:ACAD:1::/64
2001:0DB8:ACAD:2::/64
2001:0DB8:ACAD:0001::/64
2001:0DB8:ACAD:0002::/64
2001:0DB8:ACAD:0000 0000 0000 0001::/64
2001:0DB8:ACAD:0000 0000 0000 0010::/64
16 + 16 + 16 + 14 = /62 (prefix-length)
2001:0DB8:ACAD:0000 0000 0000 0000::/62
2001:DB8:ACAD:0::/62
2001:DB8:ACAD::/62

2001:0DB8:ACAD:0009::/64
2001:0DB8:ACAD:000A::/64
2001:0DB8:ACAD:0000 0000 0000 1001::/64
2001:0DB8:ACAD:0000 0000 0000 1010::/64
16 + 16 + 16 + 14 = /62
2001:0DB8:ACAD:0000 0000 0000 1000::/62
2001:0DB8:ACAD:0008::/62
2001:0DB8:ACAD:8::/62

2001:0DB8:ACAD:000E::/63
2001:0DB8:ACAD:0000::/62
2001:0DB8:ACAD:0008::/62
2001:0DB8:ACAD:0000 0000 0000 1110::/63
2001:0DB8:ACAD:0000 0000 0000 0000::/62
2001:0DB8:ACAD:0000 0000 0000 1000::/62
16 + 16 + 16 + 12 = /60
2001:0DB8:ACAD:0000 0000 0000 0000::/60
2001:0DB8:ACAD:0::/60
2001:0DB8:ACAD::/60