CCNA Study Material

Cisco® Router Basics
The Router
Router Components (internal)
Router Components (external)
Router's Startup Procedure
Configuration Register
Cisco® CLI Command Modes
User Exec Mode
Privileged Exec Mode
Setup Mode
ROM Monitor Mode
The Router:- A Router is a layer 3 network device that moves data between different network
segments and can look into a packet header to determine the best path for the packet to travel.
Routers can connect network segments that use different protocols. They also allow all users in a
network to share a single connection to the Internet or a WAN. It is used to improve network
performance by:• segmenting the network and creating separate collision & broadcast domains.
• reducing competition for bandwidth.
• Broadcasts are not forwarded to other network segments.
• Increases security by using Access Lists.
Router Components (internal)
ROM :- ROM is used to store the router's bootstrap startup program, operating system software,
and power-on diagnostic tests programs. In order to perform ROM upgrades you remove and replace
pluggable chips on the motherboard.
Flash Memory :- It holds operating system image(s). Flash memory is erasable, reprogrammable
ROM. You can perform Cisco® IOS software upgrades without having to remove and replace chips.
Flash content is retained when you switch off or restart the router.
RAM:- RAM is used to store operational information such as routing tables, router's running
configuration file. RAM also provides caching and packet buffering capabilities. Its contents are lost
when you switch off or restart the router.
NVRAM :- NVRAM (nonvolatile RAM), is used to store the router's startup configuration file. It does
not lose data when power is switched off. So the contents of the startup configuration file are
maintained even when you switch off or restart the router.
Network Interfaces :-The router's network interfaces are located on the motherboard or on
separate interface modules. You configure Ethernet or Token Ring interfaces to allow connection to a
LAN. The synchronous serial interfaces are configured to allow connection to WANs. You can also
configure ISDN BRI interfaces to allow connection to an ISDN WAN..

http://www.mcmcse.com/

CCNA Study Material

Router Components (External)
A router can be configured over any of its network interfaces. You can supply configuration information
to a router using:TFTP servers : Trivial File Transfer Protocol; A simplified version of FTP that allows files to be
transferred from one computer to another over a network.
virtual terminals
network management stations
Router's Startup Procedure
Each time you switch on the router, it goes through power-on self-test diagnostics to verify basic
operation of the CPU, memory and network interfaces.
The system bootstrap software in ROM (boot image) executes and searches for valid router
operating system software (Cisco® IOS image). IOS is acronym for Internetwork Operating System.
There are three places to find the Cisco® IOS image to load:
• Flash memory
• A TFTP server on the network
• ROM
The source of the Cisco® IOS image is determined from the boot field setting of the router's
configuration register.
Configuration Registration: A 16-bit register used to control how the router boots up, where the IOS
image, how to deal with the NVRAM configuration, setting the console baud rate and enabling or
disabling the break function.
The default setting for the configuration register indicates that the router should attempt to
load a Cisco® IOS image from flash memory.
If the router finds a valid IOS image, it searches for a valid configuration file. If your router
does not find a valid system image, or if its configuration file is corrupted at startup, and the
configuration register (bit 13) is set to enter ROM monitor mode, the system will bypass the NVRAM
setting and enters ROM monitor mode. This also allow access to the router in the event a password is
lost.
The configuration file, saved in NVRAM, is loaded into main memory and executed one line at
a time. These configuration commands start routing processes, supply addresses for interfaces, and
set media characteristics.
If no configuration file exists in NVRAM, the operating system executes a question-driven
initial configuration routine called the system configuration dialog.
This special mode is also called the Setup mode.
Cisco® CLI Command Modes
The Cisco® IOS software provides you with access to several different command modes.
Each command mode provides a different group of related commands.

http://www.mcmcse.com/

CCNA Study Material

The Cisco® Command Line Interface (CLI) is called EXEC. EXEC has two modes:• User mode
• Privileged mode
For security purposes the two EXEC modes serve as two levels of access to Cisco® IOS
commands.
EXEC user commands allow you to
• connect to remote devices
• make temporary changes to terminal settings
• perform basic tests
• list system information
If you want to access privileged mode you have to enter a password. The commands
available in Privileged mode also include all those available in User mode. You can use
Privileged EXECcommands to:• set operating parameters
• perform a detailed examination of the router's status
• test and debug router operation
• access global and other included configuration modes
From Privileged mode you can enter global configuration mode. This gives you access to
configuration commands that affect the system as a whole, and to other configuration modes.
You can specify the source of the configuration commands as being from :• a terminal

• memory

• the network

You can access many other specific configuration modes from Global Configuration mode
that allow complex configurations to be performed.
Setup Mode: If the router does not have a configuration file it will automatically enter Setup mode
when you switch it on. Setup mode presents you with a prompted dialog, called the system
configuration dialog, in which you establish an initial configuration.
Rom Monitor Mode: If the router does not find a valid operating system image, or if you interrupt the
boot sequence, the system may enter ROM monitor mode. From ROM monitor mode you can boot
the device or perform diagnostic tests.

Cisco® IOS Basics
Cisco® IOS
IOS Command Modes
Context Sensitive Help
Keyboard

Editing

&

Hot

keys

Cisco® IOS
Cisco® Internetwork Operating System software. The proprietary Cisco® software that provides
common functionality, scalability, and security for Cisco® products.

http://www.mcmcse.com/

User-level EXEC is the initial mode entered upon logging into the router. Exec Mode A console. It is indicated by the > prompt: Router1> Privileged-level EXEC mode. provides access to configuration mode. Each command mode permits you to configure different configuration components. There are two primary levels to the EXEC mode: user-level EXEC mode. To enter the privileged-level EXEC mode. modem. as shown in the table below: Command Mode Prompt Command to enter mode User EXEC Router1> login Privileged EXEC Router1# enable Global configuration Router1(config)# configure terminal Interface configuration Router1(config-if)# interface type (from global configuration mode) number Sub interface Router1(configconfiguration subif)# interface type number (to configure a sub interface from within interface configuration mode) Router configuration Router1(configrouter)# router routing_protocol (from global configuration mode) Line configuration Router1(config-line)# line line_type ending_line_number (from global configuration mode) Table-1: Cisco® CLI Command Modes. Command Modes A hierarchical level of Cisco® IOS software. and privileged EXEC mode. you configure global parameters in global configuration mode. interface parameters in interface configuration mode. and press Return. or Telnet command-line session to the router. and line parameters in line configuration mode. The prompt changes to the pound sign (#) as shown in the following example: Router1>   enable Password:   netserv3 Router1# Global Configuration Mode http://www. enter the enable password. There are five command modes. which permits authorized users to configure and manage the router. For example.CCNA Study Material CLI (Command Line Interface): The screen interface that allows the user to interact with the operating system by entering commands and optional arguments. enter the enable command. and allows access only to basic monitoring commands. Each mode is represented by a different prompt.com/ . respective prompts line_number and commands.mcmcse. sometimes called enable mode.

Here are the steps from Privileged EXEC mode:- Router1# configure terminal OR Router1# config t The result will be: Router1(config)# Interface Mode The commands entered in this mode affect the current interface only.mcmcse.CCNA Study Material The commands entered in Global Configuration Mode affect the whole router. one auxiliary line. and five virtual (network) lines:- Router1(config)# line con 0 OR Router1(config)# line vty 0 4 The result will be: Router1(config-line)# Other configuration modes will be explored in their respective configuration. enter a question mark (?) at the system prompt. Here are the steps from Global Configuration mode:- Router1(config)# interface serial 0 OR Router1(config)# int serial 0 The result will be: Router1(config-if)# Line Mode The router has three types of terminal lines: one console line. Context Sensitive Help  To list all commands available for a particular command mode.com/ .  To obtain a list of commands that begin with a particular character string. This form of help is http://www. enter the abbreviated command entry immediately followed by a question mark (?).

Allows user to scroll backward through previous commands. One option is to add a wildcard mask. Router# configure connect copy     co?  To list a command's associated keywords or arguments. Up Arrow . TAB .com/ . followed by all the characters typed at the Ctrl-R last one.D <cr>     access­list Mask     99   deny of   bits     10.Allows user to scroll forward through previous commands. because it lists only the keywords or arguments that begin with the abbreviation you entered. keyword.Finishes a partial command. . Basic Router Configuration http://www.B.24   ?  to   ignore  Note: If you enter an incorrect command.Moves the cursor to the beginning of next word.g. e. Ctrl-A . Esc-B . and arguments you have already entered . This error location facility together with the interactive help system allows you to find and correct syntax errors easily. Router(config)#    A. keywords. The following example shows how to use command syntax help to display the next argument of a partially complete access-list command.Moves the cursor to the beginning of previous word. The <cr> symbol indicates that the other option is to press Return to execute the command. Backspace .5.Removes one character to the right of the cursor.Erases a line from the command prompt and also from memory buffer. This is useful for syslog messages. This form of help is called command syntax help.mcmcse. or argument.8. Esc-F .CCNA Study Material called word help. Ctrl-N . Notice that the caret symbol character is displayed at the point in the command string where the IOS detected that you entered an incorrect command. Down Arrow .Ends configuration mode and returns to the EXEC mode.Moves the cursor to the beginning of the current line. e.C. Ctrl-W . Ctrl-U .g. Ctrl-Z .Creates new command prompt.Erases a word. enter a question mark (?) in place of a keyword or argument on the command line. because it lists the keywords or arguments that apply based on the command.Forwards the history buffer. the caret symbol (^) and help response indicate the error.Removes one character to the left of the cursor. Keyboard Editing & Hot Keys The following table offers a comprehensive list of the hot keys and some other keyboard editing functions. Delete .

the system clock is manually set to 1:32 p. on May 12.com/ set   13:32:00   12   May   2001 . Router(config)# hostname How2Pass The factory-assigned default host name is router.m. use one of the formats of the clock set EXEC command. The system clock can be set from a number of sources. The host name is used in prompts and default configuration filenames. clock set hh:mm:ss clock set hh:mm:ss month day yyyy day month yyyy In the following example. To manually set the system clock. Setting the System Clock The system clock runs from the moment the system starts up and keeps track of the current date and time based on Coordinated Universal Time (UTC). also known as Greenwich Mean Time (GMT).CCNA Study Material Rename the router Setting system clock Show system time Setting banner for router Setting the description for an interface Setting line password Setting privileged access password Rename the Router To specify or modify the host name for the router. and in turn can be used to distribute the current time through various mechanisms to other systems. global configuration command HOSTNAME is used.mcmcse. Hostname is case sensitive. 2001: Router#   clock   Top http://www.

Use the no form of this command to remove the description. The string can contain any alphanumeric characters. You can use any character. Router(config)# line console 0 http://www. The first character cannot be a number. The description command is meant solely as a comment to be put in the configuration to help you remember what certain interfaces are used for.128 Kb/s" appears in the output of the following EXEC commands: show startup-config.   # Here (#) sign is used as delaminating character.mcmcse. use the description interface configuration command. up to 80 characters. When someone connects to the router. Setting the Description for an Interface To add a description to an interface configuration. Router#   show   clock Setting the Banner To specify a message-of-the-day (MOTD) banner.com/ . Console Password Console password is needed when logging into router at user EXEC mode from console. The no form of this command deletes the MOTD banner. and show running-config Top Setting the Line Password To specify a password on a line. use the show clock EXEC command. show interfaces.CCNA Study Material Show System Time To display the system clock.128 Kb/s The description "T1 line to How2Pass . The following example shows how to add a description for a T1 interface: Router(config)# interface serial 0 Router(config-if)# description T1 line to How2Pass . the MOTD Router(config)#   banner banner appears   motd before the     # login message prompt. Use the no form of this command to remove the password. If time has not been set by the clock set command then this command will show the time lapsed since router is up. use the banner motd global configuration command. use the password line configuration command. including spaces.

Router(config)# enable password How2Pass2004 Setting Secret (Encrypted) Password To set an encrypted local password to control access to various privilege levels. Use the no form of this command to remove the password requirement.com/ . use the enable password global configuration command.mcmcse. intermediate and trailing spaces are recognized. but they are ignored.  Can have leading spaces.  Must not have a number as the first character. However. The router has five virtual terminal lines by default. Use the no form of this command to remove the password requirement. Router(config)# enable secret How2pass2004 Switching & Bridging The Switch Steps of Switch Functioning Switching Methods The Bridge http://www. Router(config)# line vty 0 4 Router(config-line)# password How2Pass2004 Setting Privileged Access Password To set a local password to control access to various privilege levels.CCNA Study Material Router(config-line)# password How2pass2004 vty lines password Virtual terminal lines (vty) are used to allow remote access to the router (by telneting through its interfaces). use the enable secret global configuration command. An enable password is defined as follows:  Must contain from 1 to 25 uppercase and lowercase alphanumeric characters.

Top Steps of Switch Functioning Learning When switch starts. Forwarding & Filtering When a MAC address for a port is learnt. Top Switching Methods http://www. ASIC technology allows a silicon chip to be programmed to perform specific functions much faster than that of a chip programmed by software. In a switch frame forwarding is handled by specialized hardware called "Application Specific Integrated Circuit" (ASIC). packets addressed to that MAC address are forwarded only to the port associated with it. In this way all the MAC addresses are learned by respective ports and these entries remain in the cache for a specific time. When a node transmits data on its wire the MAC address of the node is learned by Switch Port connected to that node. If during this specific time no new frame arrives from a node MAC address entry for that node is dropped from cache. to prevent loops. using one of the Switching Methods. the MAC address table has no entry. It is used to improve network performance by:• segmenting the network and creating separate collision domains.CCNA Study Material The Switch A switch is a layer 2 network device that forwards frames using MAC addresses in the header of frames.com/ .1d. Loop Avoidance Switches and Bridges use Spanning Tree Protocol (STP). specified by IEEE 802. • reducing competition for bandwidth.mcmcse.

This method has following features:• Highest latency (delay in forwarding of frame) but may vary depending upon the length of frame. Packets having destination address on the same network segment are dropped. Bridges use "Store and Forward" method to inspect the whole packet. Cut Through: In this method forwarding starts as soon as destination address of the frame is received in header. • Sufficient error checking. • Lowest error checking. Advantages: Using a bridge to segment network can provide:• Reliability. This method has following features:• Latency approx 60Sec. Also known as WIRE SPEED. This method has following features:• Lowest latency. Top The Bridge It is a layer 2 device used to connect different network types or networks of the same type. • Highest error checking. • Lowest frame forwarding speed.CCNA Study Material Store & Forward: In this method complete frame is received by the switch.com/ . Fragment Free (Modified Cut Through): In this method forwarding starts as soon as first 64 bytes of the frame are received as fragmentation occurs usually in first 64 bytes. http://www. Catalyst 500 switch uses this method. source address and destination address are checked. • Highest frame forwarding speed. • Moderate frame forwarding speed. CRC.mcmcse.

Let us take a closer look at the PVC between Dallas and FortWorth. each PVC needs only one DLCI—the local one. Frame Relay Frame Frame Frame Frame Frame Relay Overview Relay Relay Relay NBMA Configuration Sub interface Configuration Relay Configuration and and Configuration Verification Verification Summary Frame Relay Overview Connection to a frame relay network is done with a local loop from the serial interface of a router to one of a service provider’s frame relay switches. There are three routers—Dallas. some people say that DLCIs are locally significant. We use only PVCs in this chapter. Disadvantages: • A bridge cannot filter out broadcast traffic. For this reason. Communication across a frame relay network uses virtual circuits. • Scalability. which are built by a service provider from a router’s serial interface.mcmcse. Many PVCs can be built on a single local loop. Each router has a local loop to the frame relay network. Figure 1 shows a basic frame relay network. • It introduces 20 to 30 % latency. IOS also supports switched virtual circuits(SVCs). to another router’s serial interface.com/ . and Austin.CCNA Study Material • Manageability. each PVC has two DLCIs— one at each end. through a collection of frame relay switches. • Only 2 networks can be linked with a bridge. which become active only when they are used. FortWorth. PVCs are addressed with Data Link Connection Identifiers (DLCIs) at layer 2. Virtual circuits that are programmed into a service provider’s network to stay active all the time are called permanent virtual circuits (PVCs). There are two PVCs— one from Dallas to FortWorth and one from Dallas to Austin. When a router wants to transmit a packet to another router across a PVC. however. From a router’s perspective. From our perspective. SVCs are not yet widely available from frame relay service providers. The Dallas end of the PVC has DLCI 100 and the http://www. the router must know the local DLCI of the PVC on which the packet is to be transmitted.

About every 10 seconds. 100. since they are on different local loops. these PVCs must have different local DLCIs. Dallas must transmit the packet out the serial interface that contains the PVC.CCNA Study Material FortWorth end has DLCI 101. A fully meshed network has PVCs running between all of the router pairs. Frame Relay Configuration http://www. The router and the local switch must agree on the type of LMI they will use between them. The Gang of Four LMI was jointly developed by Cisco. the router makes the line protocol of its interface up so the interface state will be up/up. By default.com/ . that the frame came in on the PVC with local DLCI 101. routers and switches send an LMI keepalive across the local loop. If a Cisco router interface is connected to a frame relay network and the state of the interface is up/up. and Stratacom. The switch connected to FortWorth knows the path of the PVC extends across the local loop to FortWorth and the DLCI of the PVC on the local loop is 101. a Cisco router uses LMI to request a status report from the switch every six keepalives (about once a minute). their DLCIs. The status report contains a list of each of the local loop’s PVCs. When Dallas wants to send a packet to FortWorth. There are two types of LMI that are widely used between routers and switches: Annex D and Gang of Four. Annex D is from the American National Standards Institute (ANSI). The frame relay topology shown in Figure 1 is called a partialmeshednetwork because not all of the routers have PVCs to all of the other routers. and their status. we would have to add a PVC between FortWorth and Austin.mcmcse.Basic Frame Relay Network Dallas has two PVCs coming in on the same local loop. therefore. anyway. do not have to be different. but they usually are. when it receives the frame. The switch puts the DLCI 101 into the frame header so the FortWorth router knows. Intel. DIGITAL. We could also call this particular topology a hub-and-spoke network because there is one router (the hub) that has a connection to each of the other routers (the spokes). These DLCIs. If a router is receiving LMI keepalives from a switch. the router has a communication path to a frame relay switch. The switch knows that the path of the PVC with DLCI 100 on the Dallas side is supposed to go to the switch connected to FortWorth. Routers and switches maintain contact with each other using Local Management Interface(LMI). and the frame header must contain the local DLCI. and traffic from a spoke router must go through the hub to reach another spoke router. This has nothing to do with being able to reach another router on the other end of a PVC. to make the Figure 1 frame relay topology into a fully meshed network. Figure 1 .

End with CNTL/Z. frame relay nonbroadcast multiaccess (NBMA) model. All of the routers connected to the NBMA network share a network address such as an IP subnet address or an AppleTalk cable range. 3) Dallas(config)#no router ospf 100 http://www. unlike a LAN. and we are going to stop the current IP routing protocol. we are going to do something that is not normally recommended in a production network. a frame relay network has no broadcast capability. which was configured inChapter 7. To do this. however. In this configuration.CCNA Study Material There are two ways of configuring frame relay on a Cisco router. The first configuration method uses the classic.com/ . Of the two methods. We are going to remove the IP addresses from the point-to-point serial links. Figure 13-2 shows the IP configuration changes on Dallas. Both configuration methods are briefly described in the following sections. OSPF. and Austin. We are going to move our IP traffic from the point-to-point serial links to a frame relay network. The sub interface method requires more network addresses because each PVC has its own network address. There is no frame relay broadcast address. which is done by creating a sub interface for each PVC. one per line. the sub interface method is usually the recommended one.mcmcse. 1) Dallas#configure terminal 2) Enter configuration commands. The second configuration method involves treating each of the PVCs as a separate logical point-topoint network. the frame relay network is treated as a multiaccess network like a LAN. FortWorth.

mcmcse. 13) FortWorth(config)#no router ospf 200 14) FortWorth(config)#interface serial0 15) FortWorth(config-if)#no ip address 16) FortWorth(config-if)#interface serial1 17) FortWorth(config-if)#no ip address 18) FortWorth(config-if)#<Ctrl-Z> http://www.CCNA Study Material 4) Dallas(config)#interface serial0 5) Dallas(config-if)#no ip address 6) Dallas(config-if)#interface serial1 7) Dallas(config-if)#no ip address 8) Dallas(config-if)#<Ctrl-Z> 9) Dallas# 10) ————— 11) FortWorth#configure terminal 12) Enter configuration commands. one per line. End with CNTL/Z.com/ .

one per line.CCNA Study Material 19) FortWorth# 20) ————— 21) Austin#configure terminal 22) Enter configuration commands. http://www. IP is no longer being routed across our WANs.mcmcse. After issuing the commands in Figure 2. 23) Austin(config)#no router ospf 300 24) Austin(config)#interface serial0 25) Austin(config-if)#no ip address 26) Austin(config-if)#interface serial1 27) Austin(config-if)#no ip address 28) Austin(config-if)#<Ctrl-Z> 29) Austin# Figure 2: Removal of IP from point-to-point serial links.com/ . We will restore IP connectivity by configuring frame relay on the routers. End with CNTL/Z.

255. aux…)  Router(config-router)#: router configuration mode Changing switch hostname: 1 Switch(config)# hostname SW1 Configuring passwords: 1 2 SW1(config)# enable secret cisco ! MD5 hash SW1(config)# enable password notcisco ! Clear text Securing console port: 1 2 3 SW1(config)# line con 0 SW1(config-line)# password cisco SW1(config-line)# login Securing terminal lines: 1 2 3 SW1(config)# line vty 0 4 SW1(config-line)# password cisco SW1(config-line)# login Encrypting passwords: 1 SW1(config)# service password-encryption Configuring banners: 1 2 3 4 5 SW1(config)# banner motd $ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=UNAUTHORIZED ACCESS IS PROHIBITED -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=$ Giving the switch an IP address: 1 2 SW1(config)# interface vlan 1 SW1(config-if)# ip address 172. vty.255.0 SW1(config-if)# no shutdown http://www.mcmcse.1.com/ ! or DHCP .11 255.16.CCNA Study Material Router Modes:  Router>: User mode = Limited to basic monitoring commands  Router#: Privileged mode (exec-level mode) = Provides access to all other router commands  Router(config)#: global configuration mode = Commands that affect the entire system  Router(config-if)#: interface mode = Commands that affect interfaces  Router(config-subif)#: subinterface mode = Commands that affect subinterfaces  Router(config-line)#: line mode = Commands that affect in lines modes (console.

also valid for line con 0.com 1  Configure a username and password: SW1(config)# username admin password cisco  Generate encryption keys: The size of the key modulus in the range of 360 to 2048 1 2 SW1(config)# crypto key generate rsa How many bits in the modulus [512]: 1024 1  Define SSH version to use: SW1(config)# ip ssh version 2 1 2 3 4  Enable vty lines to use SSH: SW1(config)# line vty 0 4 SW1(config-line)# login local ! You can set vty lines to use only telnet or only ssh or both as in the example.mcmcse. SW1(config-line)# transport input telnet ssh Aliases: Used to create shortcuts for long commands. history.CCNA Study Material 3 Setting the default gateway: 1 SW1(config)# ip default-gateway 172. SW1# wr Building configuration… [OK] Working environment: name lookup.16. http://www. exec-timeout and logging behavior….1 Saving configuration: 1 2 3 4 5 6 7 8 9 SW1# copy running-config startup-config Destination filename [startup-config]? name. 1 2 3 4 5 SW1(config)# no ip domain-lookup SW1(config)# line vty 0 4 SW1(config-line)# history size 15 SW1(config-line)# exec-timeout 10 30 SW1(config-line)# logging synchronous Configuring switch to use SSH: 1  Configure DNS domain name: SW1(config)# ip domain-name example.1.com/ . Building configuration… [OK] ! Press enter to confirm file ! Short for write memory.

protocol status and ip Shows information about the leased IP address (when an interface is configured to get IP address via a dhcp server) SW1# show dhcp lease http://www.CCNA Study Material 1 2 3 SW1(config)# alias exec c configure terminal SW1(config)# alias exec s show ip interface brief SW1(config)# alias exec sr show running-config Description. duplex. full. NVRAM. SW1# show version 1  Shows the current configuration file stored in DRAM. IOS. etc. their physical status. SW1# show interface vlan 1  1 Shows an overview of all interfaces. SW1# show startup-config 1  Lists the commands currently held in the history buffer. protocol. SW1# show crypto key mypubkey rsa  1 Shows detailed information about the specified interface. 100. flash. SW1# show interfaces status  Shows the public encryption key used for SSH. encapsulation. last 5 min traffic. RAM. auto) Verify Basic Configuration:  1 Shows information about the switch and its interfaces. SW1# show history  1 address if assigned. auto ! The range keyword used to set a group of interfaces at once. SW1(config)# interface range fastEthernet 0/5 – 10 SW1(config-if-range)# duplex full (options: half. duplex. trunk or access vlan.mcmcse. SW1# show ip interface brief  1 1 1  Shows the description of all interfaces SW1# show interfaces description Shows the status of all interfaces like connected or not. speed and duplex: 1 2 3 4 5 6 SW1(config)# interface fastEthernet 0/1 SW1(config-if)# description LINK TO INTERNET ROUTER SW1(config-if)# speed 100 ! Options: 10.com/ . its status. speed. SW1# show running-config 1  Shows the configuration file stored in NVRAM which is used at first boot process. speed.

can be entered at the Config-if level Clock:  Config# clock timezone Central -6 # clock set hh:mm:ss dd month yyyy .changes the format of subnet masks Host Name:  Config# hostname ROUTER_NAME Banner:  Config# banner motd # TYPE MESSAGE HERE # .com/ .Example: clock set 14:35:00 25 August 2003 Changing The Register: http://www.allows for enhanced editing commands  Config# terminal monitor .CCNA Study Material CCNA Router and Catalyst Switch IOS Command Reference By Jamison Schmidt This reference guide provides router and switch commands to help you prepare for Cisco's CCNA certification exam.shows output on telnet session  Config# terminal ip netmask-format hexadecimal|bit-count|decimal . Reference Quick Links Router Commands Show Commands Catalyst Commands Router Commands Terminal Controls:  Config# terminal editing . This guide covers IOS version 11 and higher.# can be substituted for any character.mcmcse. must start and finish the message Descriptions:  Config# description THIS IS THE SOUTH ROUTER . We will try to get VLSM and Supernetting commands added for the new 640-801 CCNA exam.

Location of DNS server  Config# ip domain-name cisco.com .2  Config# boot system ROM  Config# boot system flash .Config# reload CDP:  Config# cdp run .Sets the time that a device remains.22.2 199.14.Example: ip host lab-a 192.ROM Monitor Mode  Config# config-register 0x2101 .2 .2.1 205.1 -or-  Config# ip host RTR_NAME INT_ADD1 INT_ADD2 INT_ADD3 .bin 192.168.Turns CDP on  Config# cdp holdtime 180 .Enables cdp on the interface  Config-if# no cdp enable .168.mcmcse.5.2 .Boot from NVRAM Boot System:  Config# boot system tftp FILENAME SERVER_IP .com/ . s0.ROM boot  Config# config-register 0x2102 .Example: ip host lab-a 192.(for e0.5.Then .Domain to append to end of names http://www.Sets the update timer.Tell router to lookup domain names  Config# ip name-server 122.2. s1) DNS:  Config# ip domain-lookup .CCNA Study Material  Config# config-register 0x2100 .168.The default is 60  Config# int Ethernet 0  Config-if# cdp enable .4.3.Turns CDP off Host Table:  Config# ip host ROUTER_NAME INT_Address .Example: boot system tftp 2600_ios.Disables CDP on the interface  Config# no cdp run .23. Default is 180  Config# cdp timer 30 .

Gateway LAN network IP Routing:  Config# ip routing .0.com/ .Maximum equal metric paths used  Config-if# ipx network 222 encapsulation sap .Enabled by default  Config# router rip -or-  Config# router igrp 100  Config# interface Ethernet 0  Config-if# ip address 122. ARPA on Ethernet.0 205.2  Config# ip route 0.CCNA Study Material Clearing Counters:  # clear interface Ethernet 0 .Default route -or-  Config# ip default-network Net_Add .0 255. Encapsulation HDLC on serial  Config-if# no shutdown Access Lists: IP Standard 1-99 IP Extended 100-199 http://www.Example: ip route 192.168.0  Config-if# no shutdown IPX Routing:  Config# ipx routing  Config# interface Ethernet 0  Config# ipx maximum-paths 2 .0.0.0.15.255.255.5.255.Clears counters on the specified interface  # clear counters .2. SNAP.0 0.Clears CDP counters Static Routes:  Config# ip route Net_Add SN_Mask Next_Hop_Add .5.Also Novell-Ether.3.0 Next_Hop_Add .255.2 255.Clears all interface counters  # clear cdp counters .mcmcse.

0.0 -or-  Config# access-list 10 permit host 133.255. gt. 21 or ftp. icmp.255 eq telnet -protocols: tcp.0.0. among others -source then destination address -eq.2.mcmcse.allows any address  Config# int Ethernet 0  Config-if# ip access-group 10 in .0.3.2.2.2.0.23.2.0.allow all src ip’s on network 133.0 0.255 . etc) -or-  Config# access-list 101 deny tcp any host 133.2.255 122.2 .also available: out IP Extended:  Config# access-list 101 permit tcp 133.2.com/ .specifies a specific host -or-  Config# access-list 10 permit any . ip (no sockets then).0 0.CCNA Study Material IPX Standard 800-899 IPX Extended 900-999 IPX SAP Filters 1000-1099 IP Standard:  Config# access-list 10 permit 133.0 0.12. lt for comparison -sockets can be numeric or name (23 or telnet.3 eq www -or-  Config# access-list 101 permit ip any any  Config# interface Ethernet 0  Config-if# ip access-group 101 out http://www. udp.2.

“3” is the service type -or Config# access-list 1000 permit 4aa 0 .service type of “0” matches all services  Config# interface Ethernet 0  Config-if# ipx input-sap-filter 1000 . or can use socket numbers -or-  Config# access-list 901 permit any any all any all -Permits any protocol with any address on any socket to go anywhere  Config# interface Ethernet 0  Config-if# ipx access-group 901 in IPX SAP Filter:  Config# access-list 1000 permit 4aa 3 .com/ .source network/host then destination network/host -or-  Config# access-list 801 permit -1 -1 .mcmcse.filter applied to incoming packets -or- http://www.CCNA Study Material IPX Standard:  Config# access-list 801 permit 233 AA3 .“-1” is the same as “any” with network/host addresses  Config# interface Ethernet 0  Config-if# ipx access-group 801 out IPX Extended:  Config# access-list 901 permit sap 4AA all 4BB all .Permit protocol src_add socket dest_add socket -“all” includes all sockets.

then connection is terminated  Config-if# exit  Config# username Lab-b password 123456 -username is the router that will be connecting to this one -only specified routers can connect -or-  Config-if# ppp chap hostname ROUTER  Config-if# ppp chap password 123456 -if this is set on all routers. then any of them can connect to any other -set same on all for easy configuration ISDN Setup:  Config# isdn switch-type basic-5ess .isdn “phonenumber” of line 2 http://www.isdn “phonenumber” of line 1  Config-if# isdn spid2 2705554565 .determined by telecom  Config# interface serial 0  Config-if# isdn spid1 2705554564 . standard or extended -followed by the permit or deny list  Config# permit any  Config-if# ip access-group LISTNAME in -use the list name instead of a list number -allows for a larger amount of access-lists PPP Setup:  Config-if# encapsulation ppp  Config-if# ppp authentication chap pap -order in which they will be used -only attempted with the authentification listed -if one fails.mcmcse.filter applied to outgoing packets Named Access Lists:  Config# ip access-list standard LISTNAME -can be ip or ipx.CCNA Study Material  Config-if# ipx output-sap-filter 1000 .com/ .

5 255.3. can change to ietf http://www.5.or HDLC.mcmcse.specifies how to get to network 192.use the access-list 101 as the dialer list 5. Other Options Config-if# hold-queue 75 . LAPD DDR .cisco by default. where % load is x/255 (ie 125/255 is about 50%) -can check by in.35.applies dialer-list to this interface Config-if# dialer map ip 192.queue 75 packets before dialing Config-if# dialer load-threshold 125 either -load needed before second line is brought up -“125” is any number 1-255. Configure Interface Config-if# ip address 192.0 to 192.4.3.6 if there is interesting traffic can also use “dialer string 5551212” instead if there is only one router to connect to 4.4 Steps to setting up ISDN with DDR 1.3. Specify interesting traffic Config# dialer-list 1 ip permit any -orConfig# dialer-list 1 ip list 101 .can be done at interface config 2.3. Configure switch type Config# isdn switch-type basic-5ess .6 name Lab-b 5551212 connect to lab-b at 5551212 with ip 192.5 Config# ip route 192.0 Config-if# no shutdown Config-if# encapsulation ppp Config-if# dialer-group 1 .5 (through bri0) 3.sends traffic destined for 123.5.5.3.255.0 192.255.35.5.5.0 255. Configure static routes Config# ip route 123.3.4.5 .3.5 255.255 bri0 . or either Config-if# dialer idle-timeout 180 -determines how long to stay idle before terminating the session -default is 120 Frame Relay Setup  Config# interface serial 0  Config-if# encapsulation frame-relay .255.5.com/ .255. out.CCNA Study Material  Config-if# encapsulation PPP .255.5.255.

other stats  Show flash . good to do  Config-if# frame-relay map ip 122.1.cdp packets sent and received  Show controllers serial 0 .1.0  Config-if# frame-relay interface-dlci 100 -maps the dlci to the interface -can add BROADCAST and/or IETF at the end  Config-if# interface serial 1.subinterface  Config-if# ip address 122.turns IARP off.DTE or DCE status  Show dialer .same as next  Show cdp neighbors detail .details of neighbor with ip add and ios version  Show cdp neighbors .1.255.static and dynamic maps for PVC’s http://www.mcmcse. also ansi.com/ .all access lists on the router  Show cdp .cdp timer and holdtime frequency  Show cdp entry * .1.lmi stats  Show frame-relay map .255. holdtime.files in flash  Show frame-relay lmi .100 point-to-point .100 multipoint  Config-if# no inverse-arp .id. platform portid  Show cdp interface .number of times dialer string has been reached.1. capability.int’s running cdp and their encapsulation  Show cdp traffic . q933a  Config-if# bandwidth 56  Config-if# interface serial 0.3 54 broadcast Show Commands  Show access-lists .cisco by default.1 255.1.CCNA Study Material  Config-if# frame-relay lmi-type cisco . local interface.2 48 ietf broadcast -maps an IP to a dlci (48 in this case) -required if IARP is turned off -ietf and broadcast are optional  Config-if# frame-relay map ip 122.

stats of f0/26  Show interface Ethernet 0 .commands entered  Show hosts . IPX addresses  Show ipx route .mcmcse. uptime. address of switch  Show vlan .ipx routes in the table  Show ipx servers .same.nvram config file  Show terminal .dram config file  Show sessions . only ipx  Show ipx interfaces .number with active status  Show isdn status .all configured vlan’s  Show vlan-membership .shows if SPIDs are valid. if connected  Show mac-address-table .ip access-lists on switch  Show ip interface .pvc’s and dlci’s  Show history .show stats of Ethernet 0  Show ip .ip config of interface  Show ip protocols .vtp configs http://www.contents of host table  Show int f0/26 .Displays IP routing table  Show ipx access-lists .shows history size  Show trunk a/b .routed protocols and net_addresses of interfaces  Show running-config .SAP table  Show ipx traffic .routing protocols and timers  Show ip route .trunk stat of port 26/27  Show version .RIP and SAP info  Show isdn active .connections via telnet to remote device  Show startup-config .contents of the dynamic table  Show protocols .CCNA Study Material  Show frame-relay pvc .vlan assignments  Show vtp .ios info.ip config of switch  Show ip access-lists .RIP and SAP info being sent and received.com/ .

also.com/ .CCNA Study Material Catalyst Commands For Native IOS .2 255.only this mac will work on this port  Config# mac-address-table restricted static aaab.000f. half | auto | full-flow-control Switching Mode:  Config# switching-mode store-and-forward .also.255.ffef e0/2 e0/3 -port 3 can only send data out port 2 with that mac -very restrictive security  Config-if# port secure max-mac-count 5 .ffef e0/2 . off | auto | desirable | nonegotiate  Config-if# no trunk-vlan 2 -removes vlan 2 from the trunk port -by default.Not CatOS Switch Address:  Config# ip address 192.000f.also.10.168.1 Duplex Mode:  Config# interface Ethernet 0/5 .mcmcse.10.255. fragment-free MAC Address Configs:  Config# mac-address-table permanent aaab.“fastethernet” for 100 Mbps ports  Config-if# duplex full . all vlans are set on a trunk port http://www.0  Config# ip default-gateway 192.168.allows only 5 mac addresses mapped to this port VLANS:  Config# vlan 10 name FINANCE  Config# interface Ethernet 0/3  Config-if# vlan-membership static 10 Trunk Links:  Config-if# trunk on .

1195 H.mcmcse. sticky Verify and troubleshoot port security: 1  Shows the entries of the mac address table: SW1# show mac-address-table http://www.5. 1 SW1(config-if)# switchport port-security mac-address 68b5.com/ ! options: .H.limits vtp broadcasts to only switches affected  Config# vtp pruning disable Flash Upgrade  Config# copy tftp://192.5/configname.H.ios opcode .“opcode” for ios upgrade. “nvram” for startup config Delete Startup Config:  Config# delete nvram Configuring port security: 1  Make the switch interface as access port: SW1(config-if)# switchport mode access 1  Enable port security on the interface: SW1(config-if)# switchport port-security 1  Specify the maximum number of allowed MAC addresses: SW1(config-if)# switchport port-security maximum 1 1  Define the action to take when violation occurs: SW1(config-if)# switchport port-security violation shutdown protect.9965. just so all switches use the same  Config# vtp password 1234 . Specify the allowed MAC addresses: The sticky keyword is used to let the interface dynamically learns and configures the MAC addresses of the currently connected hosts.should be done prior to adding to a network  Config# vtp server .the default is server.5. restrict  ! options: shutdown.CCNA Study Material Configuring VTP:  Config# delete vtp .limited security  Config# vtp pruning enable . also client and transparent  Config# vtp domain Camp .name doesn’t matter.

com/ .CCNA Study Material 1  Overview of port security of all interfaces: SW1# show port-security 1  Shows detailed information about port security on the specified interface: SW1# show port-security interface fa0/5 Configuring VLANs: 1 2  Create a new VLAN and give it a name: SW1(config)# vlan 10 SW1(config-vlan)# name SALES 1 2 3  Assign an access interface to access a specific VLAN: SW1(config)# interface fastEthernet 0/5 SW1(config-if)# switchport mode access SW1(config-if)# switchport access vlan 10 Configuring an auxiliary VLAN for cisco IP phones: 1 2 3 4 SW1(config)# interface fastEthernet 0/5 ! accessing vlan 10 (data) and 12 (VoIP) SW1(config-if) #switchport access vlan 10 SW1(config-if) #switchport voice vlan 12 Configuring Trunks: 1 2 3 SW1(config)# interface fastEthernet 0/1 SW1(config-if)# switchport mode trunk ! options: access. all. remove. dyn desirable SW1(config-if)# switchport trunk allowed vlan add 10 ! options: add. dynamic auto. transparent 1  Configure VTP domain name: SW1(config)# vtp domain EXAMPLE ! case-sensitive 1  Configure VTP password (optional): SW1(config)# vtp password cisco ! case-sensitive http://www. client.mcmcse. trunk. except Securing VLANs and Trunking: 1  Administratively disable unused interfaces: SW1(config-if)# shutdown 1 2  Prevent trunking by disabling auto negotiation on the interface: SW1(config-if)# nonegotiate ! or hardcode the port asan access port SW1(config-if)# switchport mode access 1  Assign the port to an unused VLAN: SW1(config-if)# switchport access vlan 222 Configuring VTP:  Configure VTP mode: The transparent VTP mode is used when an engineer wants to deactivate VTP on a particular switch 1 SW1(config)# vtp mode server ! options: server.

etc) and revision number: SW1# show vtp status 1  Shows the VTP password: SW1# show vtp password STP optimization:  1 2 3 4 1 Hard coding the root bridge (changing bridge priority): SW1(config)# spanning-tree vlan 1 root primary SW1(config)# spanning-tree vlan 1 root secondary ! Priority must be a multiply of 4096 SW1(config)# spanning-tree [vlan 1]priority 8192  Changing the STP mode: SW1(config)# spanning-tree mode rapid-pvst pvst  ! options: mst.mcmcse. version. rapid- Enabling portfast and BPDU guard on an interface: Portfast and BPDU guard are enabled only on interfaces connected to end user hosts 1 2 SW1(config-if)# spanning-tree portfast SW1(config-if)# spanning-tree bpduguard enable 1  Changing port cost: SW1(config-if)# spanning-tree [vlan 1] cost 25 1  Bundling interfaces into an etherchannel: SW1(config-if)# channel-group 1 mode on STP verification and troubleshooting: 1  Shows detailed info about STP state: SW1# show spanning-tree 1  Shows STP info only on a specific port: SW1# show spanning-tree interface fa0/2 1  Shows STP info only for a specific VLAN: SW1# show spanning-tree vlan 1 1  Shows info about the root switch: SW1# show spanning-tree [vlan 1] root http://www.com/ ! options: auto.CCNA Study Material 1  Configure VTP pruning (optional): SW1(config)# vtp pruning ! only works on VTP servers 1  Enable VTP version 2 (optional): SW1(config)# vtp version 2 Verify and troubleshoot VLANs and VTP: 1  Lists information about administrative setting and operation status of interface: SW1# show interfaces if switchport 1  Lists all the trunk ports on a switch including the trunk allowed VLANs: SW1# show interfaces trunk 1  Lists information about the VLANs: SW1# show vlan {brief | id | name | summary} 1  Lists VTP configuration (mode. desirable. on . domain-name. pvst.

mcmcse.CCNA Study Material 1  Shows info about the local switch: SW1# show spanning-tree [vlan 1] bridge 1  Show the state of the etherchannels: SW1# show etherchannel 1 1  Provides informational messages about the changes in the STP topology: SW1# debug spanning-tree events Enabling or disabling CDP: 1  Enabling CDP globally on a switch: SW1(config)# cdp run 1  Disabling CDP on a given interface: SW1(config-if)# no cdp enable Using CDP for network verification and troubleshooting: 1  Shows global information about CDP itself: SW1# show cdp 1  Shows information about CDP on a specific interface: SW1# show cdp interface fa0/2  1 names capabilities: SW1# show cdp neighbors  1 2 3 1 Shows information about the directly connected cisco devices including interfaces Shows detailed information about the neighboring cisco devices including device address and version of IOS they run: SW1# show cdp neighbors detail ! OR SW1# show cdp entry *  Shows detailed information about the specified entry only: SW1# show cdp entry SW2 http://www.com/ .