CISCO Routing and Switching Configuration Sheet

Router>enable Router#configure terminal Router#terminal monitor Router#clock set hh:mm:ss dd month yyyy Router#show running-config Router#show startup-config Router#copy running-config startup-config Router#copy startup-config running-config Router#copy startup-config tftp Router#copy tftp startup-config Router#show flash Router#copy flash tftp Router#copy tftp flash Router#erase startup-config Router#show flash Router#delete flash Router#show history Router#show version Router(config)#banner motd *MESSAGE* Router(config)#hostname NAME Router(config)#enable secret PASSWORD Router(config)#service password-encryption Router(config)#line con 0 Router(config-line)#password PASSWORD Router(config-line)#login Router(config)#line aux 0 Router(config-line)#password PASSWORD Router(config-line)#login Router(config)#line vty 0 4 Router(config-line)#password PASSWORD Router(config-line)#login Router(config)#interface fastethernet ?/? Router(config-if)#description DESCRIPTION Router(config-if)#ip address ADDRESS SUBNET Router(config-if)#no shutdown rommon 1 >confreg 0x2142 rommon 2 >reset Router>enable Router#configure terminal Router(config)#config-register 0x2102 Router#show access-lists Router#show ip route Router#show interface fastethernet ?/? Router#traceroute ADDRESS Router#debug ip PROTOCOL Router#undebug all Router#show ip protocols Switch from user-mode to privileged-mode Switch to terminal configuration-mode Enable terminal log messages Set time and date Display running configuration Display startup configuration Copy running configuration to startup configuration Copy startup configuration to running configuration Backup startup configuration to TFTP server Restore configuration from TFTP server Backup software to TFTP server Restore software from TFTP server Erase startup configuration from NVRAM Delete software from FLASH Display last 10 commands entered Display software version and other information Display custom banner message at start Change device name Set encrypted password for privileged mode Encrypt clear text passwords Change console password

Change auxiliary password

Change telnet password

Select interface, add description, IP address, subnet mask and bring it online

Restore lost password by connecting to console port, physically reboot router, press CTRL+Break, bypass NVRAM configuration load, copy old configuration, get interfaces up, make new passwords, save modified configuration, execute last line then reload Display access lists Display routing table Display a specific interface information Trace a specific address route Turn on live debugging for routing protocols such as [RIP, OSPF and EIGRP] then shut it down Display routing protocols and interfaces

Router#auto secure Router(config)#ip domain-name NAME Router(config)#crypto key generate rsa Router(config)#ip ssh time-out 30 Router(config)#ip ssh authentication-retries 3 Router(config)#line vty 0 4 Router(config-line)#transport input ssh Router(config)#ip route DESTINATION SUBNET GATEWAY Router(config)#ip route DESTINATION SUBNET fastethernet ?/? Router(config)#ip route 0.0.0.0 0.0.0.0 GATEWAY Router(config)#ip route 0.0.0.0 0.0.0.0 fastethernet ?/? Router(config)#router rip Router(config-router)#version NUMBER Router(config-router)#network ADDRESS Router(config-router)#passive-interface fastethernet ?/? Router(config)#interface loopback 0 Router(config-if)#ip address ADDRESS SUBNET /32 Router(config)#interface fastethernet ?/? Router(config-if)#ip ospf priority NUMBER Router(config)#router ospf PROCESS Router(config-router)#network ADDRESS WILD AREA Router(config)#router eigrp AS Router(config-router)#network ADDRESS Router(config-router)#passive-interface fastethernet ?/? Router(config)#access-list 100:199 deny [ip/tcp] host LOCAL ADDRESS host REMOTE ADDRESS eq PORT Router(config)# access-list NUMBER permit [ip/tcp] any any Router(config)#interface fastethernet ?/? Router(config-if)#ip access-group NUMBER [in/out] Router(config)#ip access-list [standard/extended] NUMBER Router(config)#access-list 1:99 permit host ADDRESS Router(config)#line vty 0 4 Router(config-line)#access-class NUMBER in Router(config)#interface fastethernet ?/? Router(config-if)#ip nat inside Router(config-if)#exit Router(config)#interface fastethernet ?/? Router(config-if)#ip nat outside Router(config-if)#exit Router(config)#ip nat inside source static PRAVITE PUBLIC Router(config)#interface fastethernet ?/? Router(config-if)#ip nat inside Router(config-if)#exit Router(config)#interface fastethernet ?/? Router(config-if)#ip nat outside Router(config-if)#exit Router(config)#access-list NUMBER permit PRAVITE WILD Router(config)#ip nat pool NAME PUBLIC netmask SUBNET Router(config)#ip nat inside source list NUMBER pool NAME Router(config)#interface fastethernet ?/? Router(config-if)#ip nat inside Router(config-if)#exit Router(config)#interface fastethernet ?/? Router(config-if)#ip nat outside Router(config-if)#exit Router(config)#access-list NUMBER permit PRAVITE WILD Router(config)#ip nat pool NAME PUBLIC netmask SUBNET Router(config)#ip nat inside source list NUMBER pool NAME overload Router#show ip nat translations Router(config)#interface serial ?/? Router(config-if)#encapsulation frame-relay

Automatic security actions Use secure shell instead of telnet by creating a domain name, generate RSA key, define a time-out and authentication wrong retries

Set a static route by defining destination network, subnet mask and gateway or interface [2 WAY] Set a default route to any network Set a dynamic route of RIP by defining the version number, network address and optionally prevent an interface from fully participating in routing process Set a dynamic route of OSPF, first two lines are for setting a loopback interface for router ID, second two lines are for manually choosing DR and BDR and the last two lines are for using OSPF by defining a process number, network address, wild card which is [255.255.255.255 SUBNET] and area number Set a dynamic route of EIGRP by defining autonomous system number and network address Set extended access list by defining a number between 100 and 199, protocol, local address, remote address, port in case of TCP protocol and data direction

Set a named access list by defining type and name Control telnet via standard access list by defining a number between 1 and 99 and host address Set static NAT by defining nat inside and nat outside interfaces on gateway router, private IP for server and public IP for first router interface

Set dynamic NAT by defining nat inside and nat outside interfaces on gateway router, create standard access list, permit private network address with wild card which is [255.255.255.255 SUBNET], create pool name with start and end public addresses Example: PUBL = 192.168.1.1 192.168.1.5

Set overload NAT by defining nat inside and nat outside interfaces on gateway router, create standard access list, permit private network address with wild card which is [255.255.255.255 SUBNET], create pool name with public interface address Example: PUBL = 192.168.1.1 192.168.1.1

Display NAT table Set point to point frame relay connection by choosing serial interface, enable frame relay, bring it online, create sub interface

Router(config-if)#no shutdown Router(config-if)#exit Router(config)#interface serial ?/?.NO point-to-point Router(config-subif)#ip address ADDRESS SUBNET Router(config-if)#exit Router#show cdp neighbors detail Router#no ip domain-lookup Router#show frame-relay map Switch#show vlan Switch#show vtp status Switch#show spanning-tree Switch#vlan database Switch(vlan)#vlan NUMBER name NAME Switch#vlan database Switch(vlan)#no vlan NUMBER Switch#vlan database Switch(vlan)#vtp domain NAME Switch(vlan)#vtp password PASSWORD Switch#vlan database Switch(vlan)#vtp [server/client/transparent] Switch(config)#interface fastethernet ?/? Switch(config-if)#switchport mode trunk Switch(config)#interface range fastethernet ?/? - NUMBER Switch(config-if-range)#switchport mode access Switch(config-if-range)#switchport access vlan NUMBER Switch(config)#interface vlan NUMBER Switch(config-if)#ip address ADDRESS SUBNET Switch(config)#interface range fastethernet ?/? - NUMBER Switch(config-if-range)#channel-group 1 mode on Switch(config)#interface fastethernet ?/? Switch(config-if)#spanning-tree portfast Router(config)#interface fastethernet ?/? Router(config-if)#no ip address Router(config-if)#no shutdown Router(config-if)#exit Router(config)#interface fastethernet ?/?.NUMBER Router(config-subif)#encapsulation dot1q NUMBER Router(config-subif)#ip address ADDRESS SUBNET Switch#show mac address-table Switch(config)#interface fastethernet ?/? Switch(config-if)#switchport port-security mac-address sticky Switch(config-if)#switchport port-security maximum NUMBER Switch(config-if)#switchport port-security violation shutdown

for as many as needed of routers in the other side of cloud and finally use static route to make it all reachable

Display output of all directly connected Cisco devices Disable IP domain lookup Display frame relay map Display VLAN information Display VTP information Display spanning tree information Create new VLAN Delete existing VLAN Change VTP domain name and set password, this action will reset revision number Change VTP mode to server, client or transparent, changing to transparent will reset revision number Select interface and switch port mode to trunk Select interface range , switch port mode to access and add ports to VLAN number Select VLAN interface, add IP address, subnet mask and bring it online Bind physical interfaces to one virtual interface Kill usual 50 seconds delay for port to come up Configure Inter-VLAN on router by selecting interface, remove existing IP address, bring it online, select sub interface, set DOT1Q encapsulation with VLAN number, interface must be trunk in switch

Display MAC address table Enable dynamic port security in switch