Saturday, 22 June 2019

Cisco IOS Command List (Notes from ICND1 Scenario Specific Examples)


After a Cisco ICND1 refresher course (I did my CCNA back in 2005), a refresher of Cisco IOS commands.

Implementing the Initial Switch Configuration

enableenters privileged EXEC mode.
configure terminalenters global configuration mode.
hostname nameconfigures a hostname to the device.
interface interface slot/numberenters interface configuration mode for the specified interface.
ip address ip_address subnet_maskconfigures an IP address with the specified subnet mask.
description name-stringan interface configuration command to describe or name an interface.
no shutdownbrings up the interface. Uses this command in interface configuration mode. To shutdown the interface, use this command without the no in front.
ip default-gateway ip_addressset the default gateway of the switch.
show running-configa privileged EXEC command to display the list of configuration commands that modify the default configuration of the system.
show interface statusdisplays the interface line status

Implementing the Initial Router Configuration

enableenters privileged EXEC mode.
configure terminalenters global configuration mode.
hostname nameconfigures a hostname to the device.
interface interface slot/numberenters interface configuration mode for the specified interface.
ip address ip_address subnet_maskconfigures an IP address with the specified subnet mask.
description name-stringan interface configuration command to describe or name an interface.
no shutdownbrings up the interface. Uses this command in interface configuration mode. To shutdown the interface, use this command without the no in front.
show running-config interface interface slot/numberprivileged EXEC command to display the running configuration for a specific interface.
show interface statusdisplays the interface line status
show ip interface [type number]displays the usability status of interfaces that are configured for IP.

Implementing Static Routing

enableenters privileged EXEC mode.
configure terminalenters global configuration mode.
interface interface slot/numberenters interface configuration mode for the specified interface.
ip address ip_address subnet_maskconfigures an IP address with the specified subnet mask.
no shutdownbrings up the interface. Uses this command in interface configuration mode. To shutdown the interface, use this command without the no in front.
ip route network-number network-mask {ip-address | interface}sets as static route in the IP routing table.

Implementing Basic Numbered and Named ACLs

ip access-list {standard|extended} {access-list-name|access-list-number}used in global configuration mode to define an IP access list by name or number.
permit source [source-wildcard]used in ACL configuration mode to set conditions to allow a packed to pass a named IP ACL. To remove a permit condition from an ACL, use the no form of this command.
deny source [source-wildcard]used in ACL configuration mode to set conditions in a named IP ACL that will deny packets. To remove a deny condition from an ACL, use the no form of this command.
ping {hostname|system-address} [source source-address]used in privileged EXEC mode to diagnose basic network connectivity.

Implementing PAT

ip address dhcpused in interface configuration mode to acquire an IP address on an interface via DHCP
ip access-list {standard|extended} {access-list-name|access-list-number}used in global configuration mode to define an IP access list by name or number.
permit source [source-wildcard]used in ACL configuration mode to set conditions to allow a packed to pass a named IP ACL. To remove a permit condition from an ACL, use the no form of this command.
ip nat [inside|outside]used in interface configuration mode to designate that traffic originating from or destined for the interface is subject to NAT.
ip nat inside source {list {access-list-number|access-list-name}} interface type number [overload]used in global configuration mode to establish dynamic source translation. Use of the list keyword enables you to use an ACL to identify the traffic that will be subject to NAT. The overload option enables the route to use one global address for many local addresses.
ip nat inside source static local-ip global-ipused in global configuration mode to establish a static translation between an inside local address and an inside global address.

Troubleshooting VLANs and Trunks

vlancreates VLAN and enters VLAN configuration mode for further definitions.
nameassigns a name to the VLAN. The length of the name can be from 1 to 32 characters.
switchport access vlansets the VLAN that the interface belongs to.
switchport trunk encapsulation dot1qspecifies 802.1Q encapsulation on the trunk link.
switchport mode trunkputs the interface into permanent trunking mode and negotiates to convert the link into a trunk link.
switchport accessassigns this port to a VLAN.
show vlandisplays VLAN information.
show vlan briefdisplays VLAN information in brief.
show interfaces trunkdisplays the trunk information on the switch.
pingto diagnose basic network connectivity.

Implement Multiple VLANs and Basic Routing Between the VLANs

enableenters privileged EXEC mode.
configure terminalenters global configuration mode.
interface interface slot/numberenters interface configuration mode for the specified interface.
ip address ip_address subnet_maskconfigures an IP address with the specified subnet mask.
vlancreates VLAN and enters VLAN configuration mode for further definitions.
switchport mode {access|trunk}configures the VLAN membership of a port. The access port is set to access unconditionally and operates as a nontrunking, single VLAN interface that sends and receives nonencapsulated (nontagged) frames. An access port can be assigned to only one VLAN. The trunk port sends and receives encapsulated (tagged) frames that identify the VLAN of origination. A trunk is a point-to-point link between two switches or between a switch and a router.
switchport trunk {encapsulation {dot1q}}the command sets the trunk characteristics when the interface is in trunking mode. Sets the encapsulation format on the trunk port to IEEE 802.1Q. With this format, the switch supports simultaneous tagged and untagged traffic on a port.
encapsulation dot1q vlan-idto define the matching criteria to map 802.1Q frames ingress on an interface to the appropriate service instance, uses the encapsulation dot1q command in interface configuration mode.
show vlandisplays VLAN information.

Implementing a DHCP Server in a Cisco IOS Device

ip dhcp pool nameused in global configuration mode to configure a DHCP address pool on a DHCP server and enter DHCP pool configuration mode.
domain-name domainused in DHCP pool configuration mode to specify the domain name for a DHCP client.
network network-number [mask]used in DHCP pool configuration mode to configure the network number and mask for a DHCP address pool primary or secondary subnet on a Cisco IOS DHCP server.
ip dhcp excluded-address ip-address [last-ip-address]used in global configuration mode to specify IP addresses that a DHCP server should not assign to DHCP clients.
ip helper-address addressused in interface configuration mode to enable forwarding of UDP broadcasts, including BOOTP, that are received on an interface.
default-router address [address2 ... address8]used in DHCP pool configuration mode to specify the default router list for a DHCP client.

Implementing RIPv2

ip route prefix maskuses the ip route command in global configuration mode to configure static routes. Prefix denotes IP route prefix for the destination and mask denotes prefix mask for the destination.
router ripenables a RIP routing process which places you in router configuration mode.
network ip-addressassociates a network with a RIP routing process.
version 2configures the software to receive and send only RIPv2 packets.
no auto-summarydisables automatic summarization.
default-information originategenerates a default route into RIP and uses the default-information originate command in router configuration mode.
passive-interface interfacespecifying an interface name sets only this interface to passive RIP mode. In passive mode, RIP routing updates are accepted by, but not sent out of the specified interface.
show ip rip databasedisplays the contents of the RIP routing database.

Securing Device Administrative Access

line console 0changes the context to console configuration mode.
line vty 1st-vty 2nd-vtychanges the context to vty configuration mode for the range of vty lines listed in the command.
loginenables console and vty configuration mode; tells Cisco IOS Software to prompt for a password.
login localenables console and vty configuration mode; tells Cisco IOS Software to prompt for a username and password to be changed against locally configured username global configuration commands on this switch or router.
password pass-valueenables console and vty configuration mode; lists the password that is required if the login command (with no other parameters) is configured.
username name password pass-valueenables the global command; defines one of possible multiple usernames and associated passwords that are used for user authentication. It is used when the login local line configuration command has been used.
enablea user in user mode can gain access to enable mode by using the enable command.
enable password actual-passwordif the enable password actual-password global configuration command is used, it defines the password that is required when using the enable EXEC command.
enable secret pass-valueenables the global command, sets the switch password that is required for any user to reach enable mode.
service password-encryptionthe service password-encryption global configuration command directs Cisco IOS Software to encrypt the passwords, CHAP secrets, and similar data that are saved in its configuration file.
ip domain-name nameconfigures a DNS domain name with the ip domain-name name global configuration command.
crypto key generate rsa – enables the global command; creates and stores (in a hidden location in flash memory) the keys that are required by SSH.
transport input {telnet|ssh}used in vty line configuration mode; defines whether telnet or SSH access, or both, is allowed into this switch. Both values can be configured on one command to allow both Telnet and SSH access (the default.)
access-list access-list-number {deny|permit} source [source-wildcard]to define a standard IP access list, uses the standard version of the access-list command in global configuration mode.
access-classrestricts incoming and outgoing connections between a particular vty (into a Cisco device) and the address in an access list.

Implementing Device Hardening

ntp server ip-addressused in global configuration mode to allow the software clock to be synchronized by an NTP time server.
ntp peer ip-addressused in global configuration mode to configure the software clock to synchronize a peer or to be synchronized by a peer.
interface type numberused in global configuration mode to enter configuration mode for an interface.
shutdown used in interface configuration mode to shut down the interface.
vlan {vlan-id|vlan-range}used in global configuration mode to add a VLAN and enter configuration mode for the VLAN.
name name used in VLAN configuration mode to name a VLAN.
switchport access vlan vlan-idused in interface configuration mode to assign the interface to a VLAN.
switchport port-securityused in interface configuration mode to enable port security on the interface.
switchport port-security maximum maximumused in interface configuration mode to set the maximum number of secure MAC addresses on the port.
switchport port-security mac-address {mac-addr|{sticky [mac-addr]}}used in interface configuration mode to add a MAC address to the list of secure MAC addresses. The sticky option configures the MAC addresses as sticky on the interface.
switchport port-security violation {shutdown|restrict|protect}used in interface configuration mode to set the action to be taken when a security violation is detected.

Configuring System Message Logging

logging ip addressconfigures the IP address of the host that will receive the system logging (syslog) messages.
logging trap levelto limit messages that are logged to the syslog servers based on severity, use the logging trap command in global configuration mode. The number or name of the desired severity level is which messages should be logged.
show loggingdisplays the state of system logging (syslog) and the contents of the standard system logging buffer. Use the show logging command in privileged EXEC mode.

Implement IPv6 Static Routing

ipv6 unicast-routingused in global configuration mode to enable the forwarding of IPv6 unicast datagrams.
ipv6 address {ipv6-address/prefix-length | prefix-name sub-bits/prefix-length}used in interface configuration mode to configure an IPv6 address based on an IPv6 general prefix and to enable IPv6 processing on an interface.
show ipv6 routeused in user EXEC or privileged EXEC mode to display the current contents of the IPv6 routing table.
ipv6 route ipv6-prefix/prefix-length ipv6-addressused in global configuration mode to create static IPv6 routes. To remove a previously configured static route, use the no form of this command.
ipv6 address autoconfig [default]used in interface configuration mode to enable automatic configuration of IPv6 addresses using stateless autoconfiguration on an interface and to enable IPv6 processing on the interface. To remove the address from the interface, use the no form of this command.

No comments:

Post a Comment