Cisco CCNA Commands

ROUTER Basic Configuration Security CDP SSH SDM Vlan RIP EIGRP OSPF PPP Frame Relay Frame Relay Switching Access Lists Standard ACLs Extended ACLs Named ACLs Dynamic ACLs Reflexive ACLs Time-Based ACLs NAT NAT Esttica NAT dinmica NAT 1 IP pblica NAT Varias IP pblicas VPN SWITCH Basic Configuration Vlan Security SSH VTP TFTP Spanning Tree

Version 6.7 31 Jul 12

ROUTER
# (config)# (config-if)# # (config)# (config-if)#

Basic Configuration Inicio

Banner login # Solo Personal Autorizado # Banner motd # Mantenimiento el viernes # Hostname XXXXXX Interface serial 0/0 duplex (auto,full,half) speed (10,100,1000) bandwidth xxxxx description xxxxx ip address X.X.X.X M.M.M.M no shut line con 0 exec-timeout 0 0 loggin synchronous line vty 0 4 exec-timeout 0 0 loggin synchronous no ip domain-lookup ip route X.X.X.X M.M.M.M (IP,Interface) Distanc clear ip route * ip accounting output-packets copy ubicacin-desde ubicacin-hasta copy running-config startup-config o wr copy startup-config running-config

Frame Relay Inicio Sin Sub Interfaces

interface serial X/X ip address X.X.X.X M.M.M.M encapsulation frame-relay ip ospf network point-to-multipoint

Con Sub Interfaces

interface serial X/X encapsulation frame-relay no ip address interface serial X/X.101 point-to-point ip address X.X.X.X M.M.M.M bandwith xxxxx frame-relay interface-dlci xxxxx show frame-relay map show frame-relay pvc show frame-relay lmi frame-relay map ip X.X.X.X (DLSI) broadcast cisco frame-relay lmi-type (cisco,ansi,q933a) clear frame-relay-inarp

Frame Relay Switching Inicio

frame-relay switching

logging buffered show Interface Serial 0/0 show Ip Interface Brief show protocols show controllers show CDP Neighbors show CDP Neighbors detail show running-config show startup-config show ip accounting show ip protocol show ip accounting show process show version show flash show ip arp show arp show ssh show users interface Serial 0/1 no ip address encapsulation frame-relay clockrate 64000 frame-relay intf-type dce frame-relay route 102 interface Serial 0/2 201 interface Serial 0/2 no ip address encapsulation frame-relay clockrate 64000 frame-relay intf-type dce frame-relay route 201 interface Serial 0/1 102

Access Lists Inicio

Standard ACLs access-list #(1-99) (permit,Deny) X.X.X.X W.W.W.W Extended ACLs access-list #(100-199) (permit,Deny) IP X.X.X.X W.W.W.W X.X.X.X W.W.W.W Named ACLs ip access-list extended XXXX (permit,Deny) host X.X.X.X (permit,Deny) X.X.X.X W.W.W.W (permit,Deny) tcp host X.X.X.X host X.X.X.X eq ssh Dynamic ACLs

Security Inicio
line console 0 password cisco login line vty 0 4 password cisco login enable password xxxxx enable secret xxxxx

access-list #(101-199) dynamic xxxxxx timeout 120 permit ip any any interface ethernet0 ip access-group #(101-199) (in,out) line vty 0 login local autocommand access-enable timeout 5

CDP Inicio
show cdp (entry,interface,neighbors,traffic) Global no cdp run cdp run Interfaz no cdp enable cdp enable

Reflexive ACLs interface Serial 0/0 description Access to the Internet via this interface ip access-group inboundfilters in ip access-group outboundfilters out ip reflexive-list timeout 120 ip access-list extended outboundfilters permit tcp any any reflect tcptraffic permit icmp any any reflect tcptraffic ip access-list extended inboundfilters permit ospf any any evaluate tcptraffic

SSH Inicio
hostname xxxxx ip domain-name xxxxx crypto key generate rsa (1024) ip ssh time-out (##) ip ssh authentication-retries (#) ip ssh version 2 username xxxxx privilege 15 password xxxxx line vty 0 4 transport input ssh login local ssh -l (UserName) X.X.X.X Auto Secure

show access-list

Time-Based ACLs time-range xxxxxxx periodic Monday Wednesday Friday 8:00 to 17:00 ip access-list extended xxxxxx permit ip any any time-range xxxxxx

SDM Inicio
ip http server ip http secure-server ip http authentication local username xxxxx privilege 15 secret xxxxx line vty 0 4 privilege level 15 transport input ssh login local

Config For All types of ACLs

interface serial 0/0 ip access-group XXXX (in,out) interface line vty 0 4 access-class XXXX (in,out)

Vlan

interface vlan xxxxx ip address X.X.X.X M.M.M.M ip default-gateway X.X.X.X Interface fastEthernet 0/0.10 encapsulation dot1q xxxxx Interface fastEthernet 0/0.99 encapsulation dot1Q 99 native

NAT Inicio
NAT Esttica ip nat inside source static X.X.X.X X.X.X.X

NAT dinmica

RIP Inicio
Router RIP version (1,2) Network X.X.X.X passive-interface Serial X/X passive-interface default default-information originate redistribute ospf 1 metric 1 Only with RIP Version 2 key chain xxxx key # key-string xxxx Interface Serial X/X ip rip authentication mode md5 ip rip authentication key-chain xxxx

access-list #(1-99) permit X.X.X.X W.W.W.W ip nat pool xxxxxx X.X.X.X X.X.X.X netmask M.M.M.M ip nat inside source list #(1-99) pool no-overload

NAT 1 IP pblica access-list #(1-99) permit X.X.X.X W.W.W.W ip nat inside source list #(1-99) interface Serial 0/0 overload

NAT Varias IP pblicas access-list #(1-99) permit X.X.X.X W.W.W.W ip nat pool xxxxxx X.X.X.X X.X.X.X netmask M.M.M.M ip nat inside source list #(1-99) pool xxxxxx Reenvio de Puertos

EIGRP Inicio
Router EIGRP #A.S Network X.X.X.X M.M.M.M or X.X.X.X W.W.W.W passive-interface Serial X/X passive-interface default No auto-summary redistribute static show ip EIGRP topology show ip EIGRP Topology (all-links,X.X.X.X) show ip EIGRP neighbors Interface serial 0/0 Ip summary-address eigrp 1 X.X.X.X M.M.M.M Ip bandwith-percent EIGRP #A.S (%) Ip hello-interval EIGRP #A.S (Seconds) Ip hold-time EIGRP #A.S (Seconds) ip summary-address eigrp #A.S X.X.X.X M.M.M.M key chain xxxx key # key-string xxxx Interface Serial X/X ip authentication mode eigrp #A.S md5 ip authentication key-chain eigrp #A.S xxxxx

ip nat inside source static tcp X.X.X.X (port) X.X.X.X (port)

Configuracin para Todas las NAT

interface FastEthernet 0/0 ip nat inside interface serial 0/0 ip nat outside show ip nat translation show ip nat translation verbose show ip nat statistics show dhcp server clear ip nat translation * debug ip nat debug ip nat detail

VPN Inicio Simple VPN

hostname ADC ip domain-name xxxxx.com crypto key generate rsa (1024) ip ssh time-out 30 ip ssh authentication-retries 3 ip ssh version 2 username xxxxx privilege 15 password xxxxxx line vty 0 4 transport input ssh login local

OSPF Inicio
Router OSPF (#Process) network X.X.X.X W.W.W.W area (#Area) router-id X.X.X.X passive-interface Serial X/X passive-interface default default-information originate Ip OSPF cost # Ip OSPF priority # Ip OSPF hello-interval 5 Ip OSPF dead-interval 20 clear ip OSPF process

Advance VPN
aaa new-model aaa authentication login VPNUSERS local aaa authorization network VPNACCESOREMOTO local crypto isakmp policy 1 encryption 3des authentication pre-share group 2 crypto isakmp keepalive 20 10 crypto isakmp xauth timeout 20

Show ip OSPF Show ip OSPF interface serial X/X Show ip OSPF neightbor Router OSPF (#Process) area (#Area) authentication message-digest Interface Serial X/X ip ospf message-digest-key (#key) md5 xxxxx ip ospf authentication message-digest Router OSPF (#Process) redistribute rip subnets

crypto ipsec transform-set VPNTRANSFORM esp-3des esp-sha-hmac exit crypto dynamic-map DYNUSER 1 set transform-set VPNTRANSFORM reverse-route exit crypto map NOMBREMAPA client authentication list VPNUSERS crypto map NOMBREMAPA isakmp authorization list VPNACCESOREMOTO crypto map NOMBREMAPA client configuration address respond crypto map NOMBREMAPA 65535 ipsec-isakmp dynamic DYNUSER crypto isakmp client configuration group VPNACCESOREMOTO key clave_vpn dns 172.16.20.26 wins 172.16.20.48 domain midominio.com pool EMPRESA_REMOTA save-password exit username USUARIO1 secret 123456789 interface Loopback1 ip address 172.19.20.1 255.255.255.0 interface Serial 0/0 crypto map NOMBREMAPA exit ip local pool EMPRESA_REMOTA X.X.X.Inicial Y.Y.Y.Final

PPP Inicio
- Autenticacion pap R1 username Username2 password 12345 interface serial X/X/X ip address X.X.X.X M.M.M.M encapsulation ppp ppp authentication pap ppp pap sent-username Username1 password 12345 R2 username Username1 password 12345 interface serial X/X/X ip address X.X.X.X M.M.M.M encapsulation ppp ppp authentication pap ppp pap sent-username Username2 password 12345 - Autenticacion Chap R1 username (Hostname-R2) password xxxxx interface serial X/X/X ip address X.X.X.X M.M.M.M encapsulation ppp ppp authentication chap R2 username (Hostname-R1) password xxxxx interface serial X/X/X ip address X.X.X.X M.M.M.M encapsulation ppp ppp authentication chap ppp quality 80 ppp multilink compress (predictor,stac) debug ppp (authentication,error,multilink,negotiation,packet)

debug crypto isakmp - Displays errors during Phase 1. debug crypto ipsec - Displays errors during Phase 2. debug crypto engine - Displays information from the crypto engine. debug ip ssh show crypto map clear crypto isakmp - Clears the Phase 1 security associations. clear crypto sa - Clears the Phase 2 security associations. show ip ssh show ssh logging on logging console exit disconnect ssh 4 Clear Line 4

Acceso desde otro router

ssh -l (Username) X.X.X.X

Inicio

SWITCH
# (config)# (config-if)# # (config)# (config-if)#

Basic Configuration
Banner login Solo Personal Autorizado Banner motd Mantenimiento el viernes Hostname XXXXXX Interface fastEthernet 0/0 duplex (auto,full,half) speed (10,100,1000) description xxxxx ip address X.X.X.X M.M.M.M no shut line con 0 exec-timeout 0 0 loggin synchronous line vty 0 4 exec-timeout 0 0 loggin synchronous

Security
interface range fastEthernet 0/6-10 switchport port-security switchport port-security maximum (#) switchport port-security mac-address stiky switchport port-security violation (protect,restrict...) show port-security (interfaceinterface-id) ip http authentication enable ip http server mac-address-table static XX:XX:XX:XX: vlan (#Vlan) interface ID de interfaz service password-encryption

SSH
hostname ADC ip domain-name xxxxx.com crypto key generate rsa 1024

show mac address-table (dynamic,static) show port-security erase startup-config Delete flash:vlan.dat reload

ip SSH time-out 30 ip SSH authentication-retries 3 ip SSH version 2 username xxxxx privilege 15 password xxxxx line vty 0 4 transport input ssh login local ip dhcp snooping ip dhcp snooping trust

Vlan
vlan (# Vlan) name xxxxx interface vlan (# Vlan) ip address X.X.X.X M.M.M.M no shutdown interface range fastEthernet 0/1 - 10 switchport mode access switchport access vlan (# Vlan) interface range fastEthernet 0/1-5 switchport mode trunk switchport trunk native vlan (# Vlan) ------ Switch Capa 3 -----switchport trunk encapsulation dot1q switchport mode trunk switchport trunk native vlan (# Vlan) show interface trunk switchport acess trunk allowed vlan add (# Vlan) switchport trunk allowed vlan (add,all,except,remove) switchport voice vlan (# Vlan) show vlan brief show vlan summary show interface fa0/1 switchport show mac-address-table ip default-gateway X.X.X.X Delete flash:vlan.dat

VTP
show vtp status vtp domain xxxx vtp mode (server,client,transparent) vtp password xxxxx vtp pruning

TFTP
copy running-config tftp://X.X.X.X copy flash tftp://X.X.X.X rename flash:XXXXXX.Old flash:XXXXX.New spanning-tree vlan 10 priority 4096 spanning-tree vlan 10 root (primary,Secondary) spanning-tree port-priority 112 spanning-tree vlan (#Vlan) root primary diameter (#)

Spanning Tree
interface fastEthernet 0/1 spanning-tree portfast spanning-tree mode rapid-pvst interface fastEthernet 0/1 spanning-tree link-type point-to-point end clear spanning-tree detected-protocols show spanning-tree

Inicio Version Google Docs: https://docs.google.com/document/d/15Tm8AjsKNbc4PBGF2qD6pNVpFKimZ5uiiu613TThT4M/edit By: Daniel Benavides