KEMBAR78
Network Configuration Commands | PDF | Network Switch | Telecommunications Standards
Scribd
Upload
148 views20 pages

Network Configuration Commands

- The document provides configuration examples for various networking and routing protocols and features including VLANs, trunking, etherchannels, spanning tree, DHCP, routing, EIGRP, OSPF, access control lists, and network address translation. - Examples are given for showing VLAN configurations, port assignments, operational modes, trunks, etherchannels, spanning tree status and configurations, DHCP server creation, routing tables, EIGRP interface status, neighbor tables, topology tables, OSPF neighbor status, interface configurations, access control list configurations for various protocols, and dynamic network address translation configuration.

Uploaded by

Norbert Ong
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
148 views20 pages

Network Configuration Commands

- The document provides configuration examples for various networking and routing protocols and features including VLANs, trunking, etherchannels, spanning tree, DHCP, routing, EIGRP, OSPF, access control lists, and network address translation. - Examples are given for showing VLAN configurations, port assignments, operational modes, trunks, etherchannels, spanning tree status and configurations, DHCP server creation, routing tables, EIGRP interface status, neighbor tables, topology tables, OSPF neighbor status, interface configurations, access control list configurations for various protocols, and dynamic network address translation configuration.

Uploaded by

Norbert Ong
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 20

VLAN SHOW:

To Show vlan lists and port assignments (access ports only)


SwitchA#show vlan
SwitchA#show vlan id <10> specific

To Show operational mode:


SwitchA#show interfaces fa0/1 switchport (specific)
SwitchA#show interfaces switchport (all interfaces)

To Show Trunks
SwitchA#show interfaces trunk

SwitchA#show vtp status

To show Etherchannel
SwitchA#show etherchannel <1> port-channel (specific)
SwitchA#show etherchannel summary (all etherchannels)

To show if interface is bundled


SwitchA#show interfaces fa0/14 etherchannel

Port Channel:
SwitchA#show etherchannel load-balance (to show load balancing mechanism)
src-mac default
SwitchA(config)#port-channel load-balance dst-mac (to change loadbalacing
mechanism)

Usually from router side of switch load balancing mechanism is changed to


dst-MAC

Spanning Tree

SwitchA#show spanning-tree

SwitchA(config)#spanning-tree vlan 1 root primary ( to automatically change


local switch to become root bridge)

SwitchA(config)#spanning-tree vlan 1 priority 4096 (Manually set priority)

SwitchB(config)#interface fa0/14
SwitchB(config-if)#spanning-tree cost 500 (to change path cost per interface)

SwitchA(config)#interface fa0/14
SwitchA(config-if)#spanning-tree port-priority 16 (to change port priority)
SwitchA(config)interface fa0/1
SwitchA(config-if)#spanning-tree portfast (enable portfast)

SwitchB(config)#spanning-tree portfast default (enable portfast on all


accessport)

To create DHCP Server


DHCP(config)#ip dhcp pool MYPOOL
DHCP(dhcp-config)#network 192.168.12.0
DHCP(dhcp-config)#default-router 192.168.12.254
DHCP(dhcp-config)#dns-server 8.8.8.8
DHCP(dhcp-config)#exit

DHCP(config)#ip dhcp excluded-address 192.168.12.10 192.168.12.20

DHCP#show ip dhcp binding

ROUTING

Show ip route
Show ip protocols

EIGRP

router#show ip eigrp interfaces -> shows interfaces of where EIGRP is


activated

R2#show ip eigrp interfaces detail -> Show keep alive

R2#sh ip eigrp neighbors -> Neighbor Table


R2#show ip eigrp topology -> Topology Table

P 172.16.16.0/24, 1 successors, FD is 2297856


via 201.52.60.2 (2297856/128256), Serial0/1
via 192.168.10.1 (2323456/409600), Serial0/0

2297856 -> FD 128256-> AD


201 – Successor 192 -> Feasible Successor
P 50.0.0.0/24, 2 successors, FD is 2195456
via 192.168.10.1 (2195456/281600), Serial0/0
via 201.52.60.2 (2195456/281600), Serial0/1

R2#show ip eigrp topology 50.0.0.0/24 -> specific network and computation of


metric

To configure bandwidth
R1(config)#interface serial 0/0
R1(config-if)#bandwidth 512 -> in Kbps
R1(config-if)#exit

R2(config)#router eigrp 100


R2(config-router)#maximum-paths ?
<1-16> Number of paths
 To configure max paths

R2(config)#router eigrp 100


R2(config-router)#variance ?
<1-128> Metric variance multiplier
 To configure variance

PASSIVE INTERFACE

R2(config)#router eigrp 100


R2(config-router)#passive-interface default
R2(config-router)#no passive-interface serial 0/1

EIGRP Authentication
1) Configure Key Chain -> container of key strin or password
2) Activate eigrp authentication on an interface
3) Configure keychain on the activated interface

1) Configure Key Chain


R1(config)#key chain ?
WORD Key-chain name

R1(config-keychain)#key ?
<0-2147483647> Key identifier

R1(config)#key chain mnetkey


R1(config-keychain)#key 1
R1(config-keychain-key)#key-string mnetpass

R1#show key chain


Key-chain mnetkey:
key 1 -- text "mnetpass"
accept lifetime (always valid) - (always valid) [valid now]
send lifetime (always valid) - (always valid) [valid now]

2) Activate eigrp authentication on an interface


3) Configure keychain on the activated interface

R1(config)#interface serial 0/0


R1(config-if)#ip authentication mode eigrp 100 md5
R1(config-if)#ip authentication key-chain eigrp 100 mnetkey

OSPF
Configure Router ID

Router ospf <process id>


Router-id <A.A.A.A>
network NA WM area <area number>
Exit

R3#clear ip ospf process


Reset ALL OSPF processes? [no]: yes

(to clear ospf process)

R2#show ip ospf neighbor and show ipospf topology


AUTHENTICATION OSPF (PER AREA ACTIVATION)
R1(config)#router ospf 100
R1(config-router)#area 0 authentication message-digest
Exit

R1(config)#interface serial 0/0


R1(config-if)#ip ospf message-digest-key 1 md5 <mnetpass> ->
keystring
Exit

To Change OSPF interface priority


router2(config)#interface fa0/0
router2(config-if)#ip ospf priority 200
router2(config-if)#exit

router3(config)#interface fa0/0
router3(config-if)#ip ospf priority 255
router3(config-if)#exit

router5(config)#interface fa0/0
router5(config-if)#ip ospf priority 0
router5(config-if)#exit

priotrity values 0-255:


higher will be DR
0 will be DRother

To configure default originate

router5(config)#router ospf 100


router5(config-router)#default-information originate
router5(config-router)#exit
LSDB

 Summary of router id
R1#sh ip ospf interface brief -> show activated ospf interface
ACCESS CONTROL LIST

STANDARD -> 1 TO 99, 1300 TO 1999


EXTENDED -> 100 TO 199,2000 TO 2699

Standard
conft
R1(config)#access-list 50 permit 19.168.10.0 0.0.0.255
R1(config)#access-list 50 permit 172.16.17.0 0.0.0.255
R1(config)#access-list 50 deny host 172.16.18.1
R1(config)#access-list 50 permit 172.16.18.0 0.0.0.255
(IMPLICIT deny any)

R1(config)#interface serial 0/0


R1(config-if)#ip access-group 50 in
R1(config-if)#exit

To restrict TELNET using standard ACL


R3(config)#no access-list 60
R3(config)#access-list 60 permit 201.52.60.0 0.0.0.255
R3(config)#access-list 60 permit 192.168.12.0 0.0.0.255
R3(config)#access-list 60 deny 192.168.13.128 0.0.0.31
R3(config)#access-list 60 permit 192.168.13.0 0.0.0.255
R3(config)#access-list 60 permit 192.168.14.8 0.0.0.7
R3(config)#access-list 60 deny 192.168.14.0 0.0.0.255
R3(config)#exit

R3(config)#line vty 0 4
R3(config-line)#access-class 60 in
R3(config-line)#exit

Show command:
R1#show access-list
EXTENDED ACL

access-list 150 permit tcp 192.168.10.0 0.0.0.0 host 192.168.10.1


eq 23
access-list 150 deny tcp 172.16.16.16 0.0.0.15 host 192.168.10.1
eq 23
access-list 150 permit tcp 172.16.16.0 0.0.0.255 host
192.168.10.1 eq 23
access-list 150 permit tcp any host 192.168.12.1 eq 25
access-list 150 permit tcp any host 192.168.13.1 eq 80
access-list 150 permit tcp 172.16.17.192 0.0.0.31 host
192.168.14.1 eq 21
exit

interface serial 0/0


ip access-group 150 in
exit

R1(config)#access-list 150 permit eigrp any any


R1(config)#access-list 150 permit icmp any any

If telnet lang ang bawal (sample):

R1(config)#access-list 150 deny tcp any any eq 23


R1(config)#access-list 150 permit ip any any

NAMED STANDARD ACL

Ip access-list standard/extended <acl NAME>


 New conf mode under acl name
Permit/deny <src address> <src wm>

R3(config)#ip access-list standard std-rules


R3(config-std-nacl)# -> the new conf mode

R3(config)#ip access-list standard std-rules


R3(config-std-nacl)#permit 201.52.60.0 0.0.0.255
R3(config-std-nacl)#permit 192.168.13.0 0.0.0.255
R3(config-std-nacl)#deny 192.168.14.4 0.0.0.3
R3(config-std-nacl)#permit 192.167.14.0 0.0.0.255
R3(config-std-nacl)#15 deny host 192.168.13.5

 To add another rule use a sequence number to match the desired


placement

 To delete an existing sequence


Under conf mode of acl name
No <seq#>
R3(config-std-nacl)#no 30

To apply to interface:
Ip access-grup <acl name> <in/out>
R3(config)#interface serial 0/1
R3(config-if)#ip access-group std-rules in
R3(config-if)#exit
R3(config)#

To delete entire ACL


R3(config)#no ip access-list standard std-rules

@interface
No ip access-group <acl#/group> <in/out>

Named Extended ACL


Ip access-list extended <acl NAME>
 New conf mode under acl name
Permit/deny <src protocol tcp/udp> <src address> <src wm> <dst
address> <dst wm> eq <dst port>
R1(config)#ip access-list extended ext-rules
R1(config-ext-nacl)#ip access-list extended ext-rules
R1(config-ext-nacl)#permit tcp 192.168.10.0 0.0.0.255 any eq 23
R1(config-ext-nacl)#permit tcp any host 192.168.14.1 eq 80
R1(config-ext-nacl)#deny tcp 172.16.17.16 0.0.0.15 host 192.168.13.1
eq 25
R1(config-ext-nacl)#permit tcp any host 192.168.13.1 eq 25
R1(config-ext-nacl)#exit

Apply to interface
NETWORK ADDRESS TRANSLATION

DYNAMIC NAT
Step 1: Create a pool of Public IP address

Conf t
R3(config)#ip nat pool <poolname> <lower ip limit> <upper ip limit>
netmask <subnetmask>
Note: if 1 public only, it will become both the lower and upper
limit

R3(config)#ip nat pool kapool1 185.32.50.81 185.32.50.84 netmask


255.255.255.248
R3(config)# ip nat pool kapool2 185.32.50.85 185.32.50.86 netmask
255.255.255.248

Step 2: Create ACL permitting the private IP to be translated to


Public IP address (isolate the private range)

Syntax
Access-list <acl#> permit <src ip/net ad> <WM>
Exit

Note: ACL permits the private range. 1 nat range 1 acl

R3(config)#access-list 10 permit 172.16.16.0 0.0.0.255


R3(config)#access-list 20 permit 172.16.18.0 0.0.0.255

Step 3: Link the Public Pool and the standard ACL together

Ip nat inside source list <acl#> pool <poolname>

Note if NAT is “Many” (many to one, one to many, many to many) use
port numbering (PAT)port address translation

Ip nat inside source list <acl#> pool <poolname> overload (overload


activates port numbering)

R3(config)#ip nat inside source list 10 pool kapool1 overload


R3(config)#ip nat inside source list 20 pool kapool2 overload

Step 4: Create inside AND outside interface

Interface <int>
Ip nat inside/outside
Exit

INSIDE
R3(config)#interface lo0
R3(config-if)#ip nat inside
Exit

R3(config-if)#interface lo2
R3(config-if)#ip nat inside
Exit

OUTSIDE

R3(config-if)#interface serial 0/1


R3(config-if)#ip nat outside
Exit

STATIC NAT
Step 1 link the private and public together

ip nat inside source static <priv ip> <public ip>

R3(config)#ip nat inside source static 172.16.16.1 185.100.45.9


R3(config)#ip nat inside source static 172.16.17.1 50.0.0.1

Step 2: Create inside AND outside interface


Interface <int>
Ip nat inside/outside
Exit

R3(config)#interface lo 0
R3(config-if)#ip nat inside
R3(config-if)#exit

R3(config)#interface lo1
R3(config-if)#ip nat inside
R3(config-if)#exit

R3(config)#interface serial 0/1


R3(config-if)#ip nat outside
R3(config-if)#exit
HSRP
Step1 configure HSRP group number and virtual ip
Step2 configure priority
Step3 configure preempt

Conf t
Interface fa0/0
Standby <group#> ip <virtual ip>
(group # should be same with redundant routers)
Standby <group#> priority <priority value>
(highest priority is the main router)

Main router

MAIN(config)#interface fa0/0
MAIN(config-if)#standby 1 ip 192.168.10.10
MAIN(config-if)#standby 1 priority 120
MAIN(config-if)#standby 1 preempt
MAIN#show exit
Preempt -> to force the active status

MAIN#show standby

backup router
BACKUP(config)#interface fa0/0
BACKUP(config-if)#standby 1 ip 192.168.10.10
BACKUP(config-if)#exit
(since this is backup 1.we can leave the priority at default 2.Preempt should not be
configured since it is backup)

Note
Failover will effect after deadtimer 10secs
Status of standby will become main
Status of active will become init
VRRP
Step1 configure VRRP group number and virtual ip
Step2 configure priority
Step3 configure preempt

Conf t
Interface fa0/0
vrrp <group#> ip <virtual ip>
(group # should be same with redundant routers)
vrrp <group#> priority <priority value>
(highest priority is the main router)
MAIN#conf t
Enter configuration commands, one per line. End with CNTL/Z.
MAIN(config)#interface fa0/0
MAIN(config-if)#vrrp 2 ip 192.168.10.10
MAIN(config-if)#vrrp 2 priority 150
MAIN(config-if)#vrrp 2 preempt
MAIN(config-if)#exit

MAIN#show vrrp

BACKUP#conf t
BACKUP(config)#interface fa0/0
BACKUP(config-if)#vrrp 2 ip 192.168.10.10
BACKUP(config-if)#exit
GRE Tunnel
Step 1 create tunnel interface and configure ip address
Step 2 configure gre tunnel
Step 3 configure source and destination ip (public ip)

Interface tunnel <#>


Ip address <ip> <SM>
Tunnel mode gre ip
Tunnel source <public ip local>
Tunnel destination <public ip destination>

R1(config)#interface tunnel 0
R1(config-if)#ip address 192.168.10.1 255.255.255.0
R1(config-if)#tunnel mode gre ip
R1(config-if)#tunnel source 50.0.0.1
R1(config-if)#tunnel destination 60.0.0.1
R1(config-if)#exit

R2(config)#interface tunnel 0
R2(config-if)#ip address 192.168.10.2 255.255.255.0
R2(config-if)#tunnel source 60.0.0.1
R2(config-if)#tunnel destination 50.0.0.1
R2(config-if)#exit
CDP

SW1#configure terminal
SW1(config)#interface Fas0/1
SW1(config-if)#no cdp enable

SW1#show cdp interface -> will show which interface runs cdp
SW1#show cdp neighbor -> will show table of neighbors
SW1#show cdp neighbor detail -> will show IOS version also

To enable the CDP, use the cdp run command in global configuration mode. To disable CDP, use the no
form of this command. cdp run & no cdp run

You might also like