Cisco Path Learning path to the CCNA/CCNP certification.

IOS Command Reference

This document is still a Work in Progress.
Last modified: 2011/Nov/11.

TODO: TFTP, more security, ACLs, Switch configuration, ...

Table of Contents

Router Basic Configuration

  • Router> enable (enter privileged mode)
  • Router# configure terminal
  • Router(config)# hostname CiscoPath
  • CiscoPath(config)# banner motd # message of the day #
  • Setting passwords:
    • CiscoPath(config)# enable secret password
    • CiscoPath(config)# line console 0
    • CiscoPath(config-line)# password password
    • CiscoPath(config-line)# login
    • CiscoPath(config)# line vty 0 4
    • CiscoPath(config-line)# password password
    • CiscoPath(config-line)# login
  • Gathering Router Info:
    • CiscoPath# show version
    • CiscoPath# show startup-config
    • CiscoPath# show running-config
    • CiscoPath# show ip route
    • CiscoPath# show ip interface brief
    • CiscoPath# show interfaces
  • Avoid IOS messages to interfere with user's entry
    • CiscoPath(config)#line console 0
    • CiscoPath(config-line)#logging synchronous
    • CiscoPath(config)#line aux 0
    • CiscoPath(config-line)#logging synchronous
    • CiscoPath(config)#line vty 0 4
    • CiscoPath(config-line)#logging synchronous
  • Reset a Cisco Router to Factory Default Settings
    • CiscoPath> enable
    • CiscoPath# write erase
    • CiscoPath# reload
    • ** In case of issues check out this link.
  • CiscoPath# disable (return to user mode from privileged, or just press CTRL + Z)
  • quit | exit (exit router)

Router Basic Security

  • User creation and privilege assignment:
    • CiscoPath(config)# username cisco secret 123
    • CiscoPath(config)# username cisco privilege 10
    • (By default, Cisco Devices are configured to use password only authentication and not usernames. This can be changed by instructing the the device to use local user database in console or line with "login local" or by using the "login" command when entering the router as default user)
  • Enable SSH
    • CiscoPath(config)# crypto key generate rsa general-keys modulus 1024
    • CiscoPath(config)# ip ssh version 2
    • CiscoPath(config)# ip ssh time-out 60
  • Basic Lan Security
    • Do not advertise yourself towards the user LAN as a router:
      • CiscoPath(config)#interface ethernet0
      • CiscoPath(config-if)#no cdp enable
    • Do not forward IP packets with source-routing header options enabled:
      • CiscoPath(config)#no ip source-route
    • Do not answer to ARP requests for hosts which are not on the user LAN:
      • CiscoPath(config)#interface ethernet0
      • CiscoPath(config-if)#no ip proxy-arp

Router Copy Operations

  • CiscoPath# copy running-config startup-config
    (save current config. from DRAM to NVRAM)
  • CiscoPath# copy startup-config running-config
    (merge NVRAM configuration to DRAM)
  • CiscoPath# copy runing-config tftp
    (copy DRAM configuration to a TFTP server)
  • CiscoPath# copy tftp runing-config
    (merge TFTP config. with current config. in DRAM)
  • CiscoPath# copy flash tftp
    (backup the IOS onto a TFTP server)
  • CiscoPath# copy tftp flash
    (upgrade the router IOS from a TFTP server)

Show Operations and Troubleshooting

  • ping
  • tracert
  • show version
  • show startup-config
  • show running-config
  • show flash
  • show log
  • show interfaces [interface]
  • show ip interface brief
  • show ip route
    • show ip route summary
    • show ip route supernets-only
  • show route-map
  • show ip policy
  • show ip cache policyshow ip local policy
  • show ip rip database
  • show ip protocols
  • show controllers 0
  • show access-lists
  • show isdn status
  • show frame-relay pvc
  • show frame-relay lmi
  • show frame-relay map
  • debug ip routing
    • undebug ip routing
    • undebug all
  • show cdp neighbors
    • show cdp neighbors detail
    • no cdp run
    • no cdp enable
  • TODO: Explain commands, add more...

Router Interface Configuration

  • Configuring a Loopback Interface:
    • CiscoPath> enable
    • CiscoPath# configure terminal
    • CiscoPath(config)# interface loopback 1
    • CiscoPath(config-if)# ip address 10.10.10.1 255.255.255.0
  • Configuring an Ethernet Interface (example):
    • CiscoPath> enable
    • CiscoPath# configure terminal
    • CiscoPath(config)# interface fastethernet 0/0
    • CiscoPath(config-if)# ip address 172.16.3.1 255.255.255.0
    • CiscoPath(config-if)# no shutdown
    • CiscoPath(config-if)# shutdown (disable the interface)
  • Configuring Serial Links (example):
    • CiscoPath> enable
    • CiscoPath# show controllers serial 0/0/0
      (DTE=male connector, DCE=female connector)
    • CiscoPath# configure terminal
    • CiscoPath(config-if)# interface serial 0/0/0
    • CiscoPath(config-if)# ip address 172.16.4.1 255.255.255.0
    • CiscoPath(config-if)# clock rate 64000 (only router with the DCE cable)
    • CiscoPath(config-if)# bandwidth 64 (logical bandwidth assignment of 64K)
    • CiscoPath(config-if)# no shutdown
    • CiscoPath(config-if)# shutdown (disable the interface)
  • Info about Interfaces on the Router:
  • CiscoPath# show interfaces [interface]
    • show interfaces
      • show interfaces ethernet 0/0
      • show interfaces fastethernet 0/0
      • show interfaces serial 0/0/0
      • show interfaces fddi
      • show interfaces hssi
      • show interfaces lex
      • show interfaces loopback
      • show interfaces port-channel
      • show interfaces pos
      • show interfaces tokenring
      • show interfaces tunnel
      • show interfaces vg-anylan

Static Routing

  • CiscoPath# show ip route (Displays the routing table)
  • CiscoPath# show ip interface brief (portion of the interface info)
  • CiscoPath# debug ip routing (Displays routing table processes for any route, whether that route is a directly connected network, a static route, or a dynamic | Remember to use "logging synchronous" to avoid loss of user input | to disable use "undebug ip routing" or "undebug all").
  • CiscoPath# show cdp neighbors (info about directly connected Cisco neighbors).
  • CiscoPath# show cdp neighbors detail
  • CiscoPath(config)# no cdp run
  • CiscoPath(config)# no cdp enable
  • Setting up Static Routes:
    • ip route [network-address] [subnet-mask] {ip-address | exit-interface}
      • CiscoPath(config)# ip route172.16.3.1 255.255.255.0 172.16.4.1
      • CiscoPath(config)# ip route 172.16.3.1 255.255.255.0 serial 0/0/0
  • Setting up Default Static Routes (Gateway of Last Resort):
    • ip route 0.0.0.0 0.0.0.0 {exit interface | ip address}
      • CiscoPath(config)# ip route 0.0.0.0 0.0.0.0 serial 0/0/0
      • CiscoPath(config)# ip route 0.0.0.0 0.0.0.0 172.16.3.1
    • ip default-network
    • ip default-gateway
    • ** Cisco has an article that explains the difference between the three.

DHCP Configuration

  • Exclude an address (gateway and DNS, for example)
    CiscoPath(config)# ip dhcp excluded-address 1.1.1.1
     
  • Create a DHCP IP address pool for the IP addresses you want to use.
    CiscoPath(config)# ip dhcp pool nameofpool
     
  • Specify the network and subnet for the addresses you want to use from the pool.
    CiscoPath(dhcp-config)# network 1.1.1.0 /8
     
  • Specify the default router (i.e., default gateway).
    CiscoPath(dhcp-config)#default-router 1.1.1.1
  • Specify the DNS domain name for the clients (optional).
    CiscoPath(dhcp-config)#domain-name mydomain.com
     
  • Specify the primary and secondary DNS servers (optional).
    CiscoPath(dhcp-config)#dns-server 1.1.1.10 1.1.1.11
     
  • Specify the lease duration for the addresses you're using from the pool (optional).
    CiscoPath(dhcp-config)#lease 7
     
  • Show command: View which DHCP IPaddresses currently have leases:
    • show ipdhcp bindings

(DHCP configuration can be very complex onCisco routers. You can configure backup servers, settings to prevent conflicts,secure DHCP, and many other options).


RIP Protocol

  • Enable RIP on all 172.16.x.y interfaces
    • CiscoPath(config)# router rip
    • CiscoPath(config-router)# version 2 (activates RIP ver. 2 instead of ver. 1)
    • CiscoPath(config-router)# network 172.16.0.0
  • Passive Interface , do not send updates
    • CiscoPath(config-router)# passive-interface FastEthernet 0/0 
  • Do not summarize networks (RIPv2 only, does it by default)
    • CiscoPath(config-router)# no auto-summary
  • Propagate the default route, if there is one in the routing table
    • CiscoPath(config-router)# default-information originate
    • CiscoPath(config-router)# no default-information originate
  • Propagate static routes
    • CiscoPath(config-router)# redistribute static
  • View RIP Database
    • CiscoPath# show ip rip database
  • Disable RIP Protocol
    • CiscoPath(config)# no router rip

IGRP Protocol

  • To enable IRGP with a AS of 200, to all interfaces
    • CiscoPath(config)# router igrp 200
    • CiscoPath(config-router)# network 172.16.0.0
  • Disable IGRP
    • CiscoPath(config)# no router igrp 200

EIGRP Protocol

  • Enabling EIGRP Routing (sintaxis):
    • Router(config)# router eigrp as-number (Same N° on all routers)
    • Router(config-router)# network network-address [wildcard mask]
    • Disable: 
      • Router(config)# no router eigrp as-number
  • Enabling EIGRP Routing (example):
    • CiscoPath(config)# router eigrp 240
    • CiscoPath(config-router)# network 192.168.16.0 0.0.0.255
    • Disable:
      • CiscoPath(config)# no router eigrp 240
  • EIGRP Interface commands
    • Router(config-if)# ip summary-address eigrp as-number network-address mask
      • Example:
        CiscoPath(config-if)#ip summary-address eigrp 240 2.1.0.0 255.255.0.0
    • Router(config-if)# no auto-summary
      (Auto-summary is ON by default. EIGRP summarizes automatically between classful boundaries. This must be used for VLSM to work).
       
    • Router(config-if)# bandwidth kilobits
      (Configures the bandwidth used by routing metrics on the outgoing interface).
       
    • Router(config-if)# ip bandwidth-percent eigrp as-number bandwidth-percentage
      (Change bandwidth used by EIGRP to exchange routing information. By default, EIGRP will use up to 50% of the bandwidth of an interface for this purpose).
       
    • Router(config-router)# eigrp log-neighbor-changes
      (This command enables the logging of neighbor adjacency changes to monitor the stability of the routing system and to help detect problems).
       
    • Router(config-router)# variance number
      (The variance command instructs the router to include routes with a metric less than or equal to n times the minimum metric route for that destination, where n is the number specified by the variance command).
       
    • Router(config-router)# default-metric 56 100 255 10 1500 {k values)
  • Show commands
    • CiscoPath# show ip eigrp neighbors
      (displays neighbors)
       
    • CiscoPath# sshow ip eigrp interfaces
       
    • CiscoPath# show ip eigrp topology
       
    • CiscoPath# show ip eigrp topology all links
      (displays topology, active/passive -well- state, successors)
      CiscoPath# debug eigrp fsm
       
    • CiscoPath# debug eigrp packet
       
    • CiscoPath# show ip route eigrp
      (EIGRP routes in routing table)
       
    • CiscoPath# show ip protocols
      (AS number, filtering, redistribution, neighbors, distance)

      Router# show ip eigrp traffic EIGRP
      (packets sent and received)

OSPF Protocol

  • Enable OSPF
    • Router(config)# router ospf process-id [vrf vpn-name]
      (process-id is any positive integer, unique for each OSPF routing process)
      Example:
      • CiscoPath(config)# router ospf 1
  • Defining OSPF Networks
    • Router(config-router)# network address wildcard-mask area area-number
      (note the "wildcard-mask" use and not the subnet mask)
    • Configuring all interfaces to participate in OSPF area 0:
      • CiscoPath(config-router)# network 0.0.0.0 255.255.255.255 area 0
    • Force only interfaces addressed from 192.168.0.0 to participate in OSPF:
      • CiscoPath(config-router)#network 192.168.0.0 0.0.255.255 area 0
    • Specifically force an interface to participate in OSPF area 0:
      • CiscoPath(config-router)#network 172.16.1.1 0.0.0.0 area 0
  • Manually configure the RID
    • CiscoPath(config)# router ospf process-number
    • CiscoPath(config-router)# router-id ip-address
  • Activate the RID on a router that is already running OSPF
    • CiscoPath(config)# clear ip ospf process
  • Configure a loopback interface. If no manual RID is specified, then the RID is taken from the highest IP address assigned to a loopback interface.
    • CiscoPath(config)# interface loopback 1
    • CiscoPath(config-if)# ip address 10.10.10.1 255.255.255.0
      (If no loopback interface is defined and there's no configured RID, then the highest IP address of an active interface is chosen as the RID)
  • Configuring the Cost of an Interface
    • CiscoPath(config-if)# ip ospf cost cost
  • Configuring the priority value of an interface
    • CiscoPath(config)# interface interface-number
    • CiscoPath(config-if)# ip ospf priority priority-value
  • Show commands
    • CiscoPath# show ip ospf neighbors
    • CiscoPath# show ip ospf interface
    • CiscoPath# show ip ospf topology
    • CiscoPath# show ip ospf database
    • CiscoPath# show ip ospf border-routers
    • CiscoPath# show ip protocols
    • CiscoPath# debug ip ospf events
  • Disable OSPF:
    • Router(config)# no router ospf process-id [vrf vpn-name]
      Example:
      • CiscoPath(config)# no router ospf 1

IS-IS Protocol

  • Pending....

Further reading

Comentarios (0) Trackbacks (0)

Aún no hay comentarios.


Leave a comment

Aún no hay trackbacks.