Everything

Implement Routing / OSPF Commands (IPv4)

USE OSPF PROCESS ID 8 AND AREA 20

R(config)# router ospf {Process ID}
R(config-router)# network {Network} {Mask} area {area number}

ROUTER ID 1.1.1.1

R(config-router)# router-id {router id}

PREVENT G0/0 INTERFACES FROM SENDING OUT OSPF MESSAGES.

R(config-router)# passive-interface {Interface}

CHANGE DEFAULT REFERENCE BANDWIDTH SETTING SO 10GB/S INTERFACES COST 1

R(config-router)# auto-cost reference-bandwidth {b/s}

SET THE ROUTER TO SHARE DEFAULT ROUTES

R(config-router)# default-information originate

MODIFY THE BANDWIDTH METRIC USED BY OSPF. CHANGE BANDWIDTH ON S0/0/0 TO 128KB/S.

R(config)# interface {interface}
R(config-if)# bandwidth {Kb/s}

CHANGE THE ROUTE COST OF AN INTERFACE.

R(config-if)# ip ospf cost {metric}

Implement Routing / OSPF Commands (IPv6)

CONFIGURE OSPFV6 WITH A ROUTER ID OF 1.1.1.1 AND PROCESS ID OF 1

R(config)# ipv6 router ospf {Process ID}
R(config-rtr)# router-id {router id}

ASSIGN THE INTERFACES PARTICIPATING IN OSPFV6

(OSPFV6 USES THIS INSTEAD OF THE NETWORK COMMAND)
R(config-if)# interface {Interface}
R(config-if)# ipv6 ospf {Process ID} area {area number}

CHANGE THE INTERFACE G0/0 TO PASSIVE

R(config)# ipv6 router ospf {Process ID}
R(config-rtr)# passive-interface {Interface}

SET PASSIVE INTERFACE AS THE DEFAULT ON THE ROUTER

R(config)# ipv6 router ospf {Process ID}
R(config-rtr)# passive-interface default

Configure a recursive static route.

CONFIGURE A STATIC ROUTE TO THE 198.133.219.0 NETWORK USING R3 AS THE NEXT-HOP ADDRESS

R(config)# ip route {destination network ip} {destination mask} {next-hop ip-address}

CONFIGURE A FLOATING STATIC ROUTE TO THE 198.133.219.0 NETWORK USING R3 AS THE NEXT-HOP ADDRESS

R(config)# ip route {destination network ip} {destination mask} {next-hop ip} {metric>1}

CONFIGURE A RECURSIVE STATIC IPV6 ROUTE

R(config)# ipv6 route {prefix/length} {next-hop ipv6}

Configure a directly connected static route.

CONFIGURE A STATIC ROUTE TO THE 198.133.219.0 NETWORK ON G0/0

R(config)# ip route {destination network ip} {destination mask} {exit interface}

CONFIGURE A STATIC IPV6 ROUTE

R(config)# ipv6 route {prefix/length} {exit interface type} {exit interface number}

VLANs and Management Interfaces (SVIs)

CREATE AND NAME A VLAN

S(config)# vlan {vlan number}
S(config-vlan)# name {vlan name}

CONFIGURE THE VLAN 99 MANAGEMENT INTERFACE IP ADDRESS

S(config)# interface vlan {vlan number}
S(config-if)# ip address {ip} {subnet}
S(config-if)# no shutdown

ASSIGN PORTS F0/5 TO VLAN 99 ON THE SWITCH.

S(config-if)# interface {Interface}
S(config-if)# switchport mode access
S(config-if)# switchport access vlan {vlan number}

Vlan Trunking

(All Trunking commands are run from a specific interface)
S(config-if)# interface {Interface}

CONFIGURE INTERFACE AS A TRUNK PORT

S(config-if)# switchport mode trunk

SET F0/1 ON S1 TO NEGOTIATE TRUNK MODE.

S(config-if)# switchport mode dynamic desirable

SET THE NATIVE VLAN ON THE TRUNK PORT

S(config-if)# switchport trunk native vlan {vlan number}

TURN OFF DTP (DYNAMIC TRUNKING PROTOCOL)

S(config-if)# switchport nonegotiate

RESTRICT THE TRUNKS ALLOWED VLANS

S(config-if)# switchport trunk allowed vlan {comma separated list of vlan numbers}

REMOVE THE TRUNK FROM A PORT/INTERFACE

S(config-if)# switchport mode access

Port Security

ENABLE PORT SECURITY

S(config)# interface {Interface}
S(config-if)# switchport port-security

CONFIGURE A STATIC ENTRY FOR THE MAC ADDRESS ON THE SWITCH PORT

S(config)# interface {Interface}
S(config-if)# switchport port-security mac-address {mac}

SAVE ALL LEARNED MAC-ADDRESSES TO THE RUNNING CONFIG

S(config)# interface {Interface}
S(config-if)# switchport port-security mac-address sticky

Misc Commands

SET THE CLOCK RATE ON AN INTERFACE

S(config)# interface {Interface}
S(config-if)# clock rate {rate}

Setup DHCP

SETUP A DHCP RELAY/HELPER

(This needs to be done on the interface between host and the server's router)
R(config-if)# interface {Interface}
R(config-if)# ip helper-address {IP of DHCP server}

EXCLUDE IP RANGE FROM DHCP ASSIGNMENT

(This needs to be done before creating a dhcp pool)
R(config)# ip dhcp excluded-address {First IP} {Last IP}

SETUP DHCP ADDRESS POOL AND ADDITIONAL PARAMETERS

R(config)# ip dhcp pool {name of DHCP IP pool}
R(dhcp-config)# network {Network} {Mask}
R(dhcp-config)# default-router {Default gateway IP for hosts on the network}
R(dhcp-config)# dns-server {IP of DNS server}
R(dhcp-config)# domain-name {Domain name of the DHCP server}
R(dhcp-config)# lease {Number of Days}
R(config)# service dhcp

TURN OFF DHCP

R(config)# no service dhcp

Router sub interfaces

CREATE A SUB INTERFACE

R(config)# interface {Interface}.{vlan number}
R(config-subif)# encapsulation dot1Q {vlan number}
R(config-subif)# ip address {Network} {Mask}

HTTP Web Server

SETUP THE HTTP WEB SERVER

R(config)# ip http server
R(config)# ip http authentication local

SHUTOFF THE HTTP SERVER

R(config)# no ip http server

ACLs

Interface ACL Commands

ASSIGN AN EXISTING ACL TO AN INTERFACE

R(config)# interface {interface}
R(config-if)# ip access-group {name or number of access list} {in OR out}

REMOVE AN EXISTING ACL

R(config)# no ip access-group {ACL type} {ACL name/number}

Standard ACLs

CREATE A COMMENT/REMARK/DESCRIPTION IN AN EXISTING ACL

R(config)# access-list {ACL Number} remark {comment/remark/description}

PERMIT PACKETS FROM A NETWORK

R(config)# access-list {ACL Number} permit {Source Network} {Wildcard Mask}

DENY PACKETS FROM A NETWORK

R(config)# access-list {ACL Number} deny {Source Network} {Wildcard Mask}

Named ACLs

CREATE A NAMED ACL

R(config)# ip access-list {ACL Type} {ACL Name}
R(config-std-nacl)# permit host {Source IP}
R(config-std-nacl)# permit {Source Network} {Wildcard Mask}

ADD TO A EXISTING NAMED ACL

R(config)# ip access-list {ACL Type} {ACL Name}
R(config-std-nacl)# {Line number} permit {Source Network} {Wildcard Mask}

Extended ACLs

CREATE AN EXTENDED ACL

R(config)# ip access-list extended {ACL Name/Number}
R(config-std-nacl)# permit host {Source IP}
R(config-std-nacl)# permit {Protocol} {Src Net IP} {Wildcard} {Dest Net IP} {Wildcard} eq {port}

You can replace "{Source Network} {Wildcard Mask}" with "any" to match any packet

NAT

General NAT Commands

SETUP NAT ON INTERFACES

R(config)# interface {interface}
R(config-if)# ip nat inside
R(config-if)# interface {interface}
R(config-if)# ip nat outside

CLEAR NATS

R# clear ip nat translation *
R# clear ip nat statistics
R(config)# no ip nat inside source static {private ip} {public ip}

VERIFY NAT

R# show ip nat statistics
R# show ip nat translations

Static NAT

CONFIGURE NAT MAPPING

R(config)# ip nat inside source static {private ip} {public ip}

CONFIGURE PORT FORWARDING

R(config)# ip nat inside source static {tcp/udp} {private ip} {local port} {public ip} {global port}

Dynamic NAT

SETUP DYNAMIC NAT

R(config)# ip nat pool {pool name} {First IP} {Last IP} netmask {Mask}
R(config)# access-list {ACL Number/Name} permit {Src Net IP} {Wildcard}
R(config)# ip nat inside source list {ACL Number/Name} pool {pool name}

PAT / Dynamic NAT Overload

SETUP NAT OVERLOAD

Syslog

CONFIGURE LOGGING TIMESTAMPS

R(config)# service timestamps log datetime {Various options, use ?}

SET THE SYSLOG SERVER

R(config)# logging {Server IP}

SET THE SYSLOG TRAP LEVEL AND FACILITY TYPE

R(config)# logging trap {level number 0,1,2,3,4,5,6,7}
R(config)# logging facility {facility-type}