====== Router Basic Configuration ====== ==== BASIC DEVICE COMMANDS ==== Show Running Configuration File >show running-config Show Startup Configuration File (NVRAM) >show startup-config Show Flash Memory Information >show flash Show Command History >show history Copy Changes from Running Config to the Startup Config #copy running-config startup-config Show Version (Platform Type / OS Revision / Last Boot / Memory / Interfaces /Conf Register) >show version Show Devices Clock (Time/Date) >show clock Show Users Connected to Device >show users ====DEVICE SECURITY==== Set password exec & non-exec (console / aux / telnet) >enable #configure terminal #enable password EnablePass1 #line console 0 #login #password ConsolePass1 #exit #line aux 0 #login #password AuxPass1 #exit #line vty 0 4 #login #password TelnetPass1 #exit Set Secret Password (recommended method) >enable #configure terminal #enable secret EnableSecret1 #exit ====BASIC SETINGS==== Set a Warning Banner For Login Prompt >enable #configure terminal #banner motd & #banner line1 #banner line2 & #exit Set hostname >enable #configure terminal #hostname router1 #prompt router01 #exit ====SAVING AND RESTORING CONFIGURATIONS==== ​Save Running Config to Startup Config ​#copy running-configuration startup-configuration ​Save Running Config to a Remote TFTP Server ​#copy running-configuration tftp ​ ​Save Config From Remote TFTP Server to the Running Config ​#copy tftp running-configuration ​ ​Erase NVRAM ​#erase nvram ====INTERFACE COMAMNDS==== Show Summary of All Interfaces (IP & Status) >show ip interface brief Show Detailed Interface Information (All Interfaces) >show interfaces Show Detailed Interface Information (Single Interface) >show interfaces serial 0 Show Detailed Interface Protocol Information (Single Interface) >show ip interface serial 0 Show Status of Interface Layer 3 Protocols >show protocols Show Information About IP Routing Protocols >show ip protocols Show IP Routes (Interfaces that are routing) >show ip route Show Cached Hosts List >show hosts Set description for an interface >enable #configure terminal #interface serial 0 #description this is the serial0 link to router2 #exit Configure an IP for an interface #configure terminal #interface Ethernet 0 #ip address 10.1.1.251 255.255.255.0 #exit Enable an Interface #configure terminal #interface Ethernet 0 #no shutdown #exit Disable an Interface (Administratively Down) #configure terminal #interface Serial 1 #shutdown #exit ====SERIAL INTERFACES==== Set Serial Interface Clock Rate (DCE Cable – Data Circuit-Terminating Equipment) R1#configure terminal R1#interface serial 0 R1#clock rate 56000 R1#no shut R2#configure terminal R2#interface serial 0 R2#no shut Set Serial Interface Bandwidth and Clock Rate #configure terminal #interface serial 0 #bandwidth 64 #clock rate 64000 #exit ====LOOPBACK INTERFACES==== Create a Loopback Interface and Set the IP Address and Mask R1#configure terminal R1#interface loopback 0 R1#ip address 10.1.100.1 255.255.255.0 R1#no shut ====CDP (Cisco Discovery Protocol)==== Show CDP General Information >show cdp Show CDP Interface Information >show cdp interface Show CDP Neighbors >show cdp neighbors Show CDP Neighbors Detail >show cdp neighbors detail Show Specific CDP Entry Details >show cdp entry R4 Set / Adjust the Time between CDP Updates #configure terminal (config)#cdp timer 45 Set / Adjust the CDP Information Hold Time #configure terminal (config)#cdp holdtime 60 Disable CDP on the Entire Router #configure terminal (config)#no cdp run Enable CDP on the Entire Router #configure terminal (config)#cdp run Disable CDP on an Interface #configure terminal (config)#interface Ethernet 0 (config-if)#no cdp run Enable CDP on an Interface #configure terminal (config)#interface Ethernet 0 (config-if)#cdp run ====ARP==== Show ARP Table >show arp Clear ARP Table #clear arp ====TELNET==== Telnet to another Device >telnet 10.1.1.2 password: **** Show Sessions >show sessions Disconnect from a session >disconnect 1 Setup to Allow Telnet Logins #conf term (config)#line vty 0 4 (config-line)#login (config-line)#password Pass1 ====HOSTS TABLE==== ​Add an Entry to the Hosts Table #conf term (config)#ip host California 192.168.10.1 ====STATIC ROUTING==== ​Show IP Routes (S = Static) ​>show ip route ​Add a Static Route ​#conf term ​#ip route 10.1.1.0 255.255.255.0 192.168.10.1 Remove a Static Route ​#conf term ​#no ip route 10.1.1.0 255.255.255.0 192.168.10.1 ====DEFAULT ROUTING==== ​Show IP Routes (S = Static * = Default Candidate) ​>show ip route ​Add a Default Route ​#conf term #ip route 0.0.0.0 0.0.0.0 192.168.10.1 Remove a Default Route ​#conf term ​#no ip route 0.0.0.0 0.0.0.0 192.168.10.1 ====RIP (Routing Information Protocol)==== Uses UDP port 520 Show IP Routes (R = RIP) ​>show ip route Show Information About IP Routing Protocols >show ip protocols ​Enable RIP ​#conf term ​#router rip ​Disable RIP ​#conf term ​#no router rip ​Add a Network for RIP Advertisements/Receives (Delay <30secs) ​ #conf term ​#router rip ​#network 10.0.0.0 Remove a Network from RIP Advertisements/Receives ​#conf term #router rip ​#no network 10.0.0.0 ​Turn on RIP Debugging ​#debug ip rip Turn off RIP Debugging ​#no debug ip rip Clear and Re-Create IP Routing Table ​#clear ip route * ====IGRP (Interior Gateway Routing Protocol)==== Show IP Routes (I = IGRP) ​>show ip route Show Information About IP Routing Protocols >show ip protocols ​Enable IGRP ​#conf term ​#router igrp 100 ​Add Networks Directly Connected to Router for IGRP Routing #conf term ​#router igrp 100 ​#network 10.0.0.0 Remove Networks Directly Connected to Router for IGRP Routing #conf term ​#router igrp 100 ​#no network 10.0.0.0 ====EIGRP (Enhanced Interior Gateway Routing Protocol)==== Show IP Routes (D = EIGRP) ​>show ip route Show Information About IP Routing Protocols >show ip protocols Show EIGRP Neighbours >show ip eigrp neighbours Show EIGRP Traffic, Shows EIGRP Packet Types Sent and Recieved >show ip eigrp traffic ​Enable EGRP 100 ​#conf term ​#router eigrp 100 ​Add Networks Directly Connected to Router for EIGRP Routing #conf term ​#router eigrp 100 ​#network 10.0.0.0 Remove Networks Directly Connected to Router for EIGRP Routing #conf term ​#router eigrp 100 ​#no network 10.0.0.0 ====OSPF (Open Shortest Path First) Routing==== Show Routing Table (O = OSPF) >show ip route Show Routing Protocol Information >show ip protocols Show the OSPF Database >show ip ospf database Show OSPF Neighbours >show ip ospf neighbour Show Interfaces Running OSPF – Detailed Information >show ip ospf interface Configure OSPF Routing and Set the Process Number R1#conf term R1(config)#router ospf 100 R2#conf term R2(config)#router ospf 100 R3#conf term R3(config)#router ospf 100 Configure Networks that the Router is Connected to R1#conf term R1(config)#router ospf 100 R1(config-router)#network 10.1.20.0 0.0.0.255 area 0 R1(config-router)#network 192.16.1.0 0.0.255.255 area 0 R2#conf term R2(config)#router ospf 100 R2(config-router)#network 10.1.20.0 0.0.0.255 area 0 R3#conf term R3(config)#router ospf 100 R3(config-router)#network 192.16.1.0 0.0.255.255 area 0 ====PPP (Point-to-Point Protocol)==== ===With CHAP Authentication (Challenge-Handshake Authentication Protocol)=== ==R1== Set the Enable Secret on R1 R1#conf term R1#enable secret secretPassR1 Create a User on R1 with Same Password as R2’s Enable Secret R1#username R2 password secretPassR2 Set an IP and Enable the Serial Interface on R1 R1#interface serial 0 R1#ip address 10.1.0.1 255.255.255.0 R1#no shutdown Set Encapsulation for the Serial Interface to PPP on R1 R1#encapsulation ppp Set PPP Authentication to CHAP for the Serial Interface on R1 R1#ppp authentication chap ==R2== Set the Enable Secret on R2 R2#conf term R2#enable secret secretPassR2 Create a User on R2 with Same Password as R1’s Enable Secret R1#username R1 password secretPassR1 Set an IP and Enable the Serial Interface on R2 R2#interface serial 0 R2#ip address 10.1.0.2 255.255.255.0 R2#no shutdown Set Encapsulation for the Serial Interface to PPP on R2 R2#encapsulation ppp Set PPP Authentication to CHAP for the Serial Interface on R2 R2#ppp authentication chap Show Serial Interface Details including Encapsulation Type >show interfaces serial 0 ===Without CHAP Authentication=== ==R1== Set an IP and Enable the Serial Interface on R1 R1#conf term R1#interface serial 0 R1#ip address 10.1.0.1 255.255.255.0 R1#no shutdown Set Encapsulation for the Serial Interface to PPP on R1 R1#encapsulation ppp ==R2== Set an IP and Enable the Serial Interface on R2 R2#conf term R2#interface serial 0 R2#ip address 10.1.0.2 255.255.255.0 R2#no shutdown Set Encapsulation for the Serial Interface to PPP on R2 R2#encapsulation ppp Show Serial Interface Details including Encapsulation Type >show interfaces serial 0 ====ISDN (Integrated Services Digital Network)==== ​Show ISDN Status (Check Layer1 = Active, Layer2 = Multi-Frame Established) ​>show isdn status ​Show ISDN Interface Information ​>show interface bri 0 Specify the ISDN Switch Type #conf term ​#isdn switch-type basic-ni ​Set the SPID for the Interface ​#interface bri 0 ​#isdn spid1 32177820010100 ​Set the Dialler String on the Interface to Establish Layer 3 ​#interface bri 0 ​#dialer string 7782002 ​Setup a Dialer-list to Permit All IP Traffic ​#dialer-list 1 protocol ip permit ===ISDN BRI-BRI using Legacy DDR (Dial on Demand Routing)=== ​Show ISDN Status (Check Layer1 = Active, Layer2 = Multi-Frame Established) ​>show isdn status ​Configure ISDN BRI-BRI using Legacy DDR ​R1(config)#isdn switch-type basic-ni R1(config)#dialer-list 1 protocol ip permit R1(config)#username R2 password cisco R1(config)#interface bri0 R1(config-if)#encapsulation ppp R1(config-if)#ip address 200.10.1.1 255.255.255.0 R1(config-if)#isdn spid1 32177820010100 R1(config-if)#dialer-group 1 R1(config-if)#dialer map ip 200.10.1.2 name R2 broadcast 7782001 R1(config-if)#ppp authentication chap R1(config-if)#no shut R2(config)#isdn switch-type basic-ni R2(config)#dialer-list 1 protocol ip permit R2(config)#username R1 password cisco R2(config)#interface bri0 R2(config-if)#encapsulation ppp R2(config-if)#ip address 200.10.1.1 255.255.255.0 R2(config-if)#isdn spid1 32177820020100 R2(config-if)#dialer-group 1 R2(config-if)#dialer map ip 200.10.1.1 name R1 broadcast 7782002 R2(config-if)#ppp authentication chap R2(config-if)#no shut ===ISDN BRI-BRI using Dialer Profiles=== ​Show ISDN Status (Check Layer1 = Active, Layer2 = Multi-Frame Established) ​>show isdn status ​Configure ISDN BRI-BRI using Dialer Profiles ​R1(config)#isdn switch-type basic-ni R1(config)#dialer-list 1 protocol ip permit R1(config)#username R2 password cisco R1(config)#int bri0 R1(config-if)#encap ppp R1(config-if)#ppp authentication chap R1(config-if)#isdn spid1 32177820010100 R1(config-if)#dialer pool-member 1 R1(config-if)#no shut R1(config-if)#int dialer 1 R1(config-if)#no shut R1(config-if)#ip address 200.10.1.1 255.255.255.0 R1(config-if)#encap ppp R1(config-if)#dialer-group 1 R1(config-if)#dialer pool 1 R1(config-if)#dialer remote-name R2 R1(config-if)#dilaer string 7782001 R1(config-if)#ppp authentication chap R2(config)#isdn switch-type basic-ni R2(config)#dialer-list 1 protocol ip permit R2(config)#username R1 password cisco R2(config)#int bri0 R2(config-if)#encap ppp R2(config-if)#ppp authentication chap R2(config-if)#isdn spid1 32177820020100 R2(config-if)#dialer pool-member 1 R2(config-if)#no shut R2(config-if)#int dialer 1 R2(config-if)#no shut R2(config-if)#ip address 200.10.1.2 255.255.255.0 R2(config-if)#encap ppp R2(config-if)#dialer-group 1 R2(config-if)#dialer pool 1 R2(config-if)#dialer remote-name R1 R2(config-if)#dilaer string 7782002 R2(config-if)#ppp authentication chap ===ISDN PRI using Dialer Profiles=== ​Show ISDN Status (Check Layer1 = Active, Layer2 = Multi-Frame Established) ​>show isdn status ​Configure ISDN PRI using Dialer Profiles ​R1(config)#isdn switch-type basic-ni R1(config)#dialer-list 1 protocol ip permit R1(config)#username R2 password cisco R1(config)#interface bri0 R1(config-if)#encap ppp R1(config-if)#ppp authentication chap R1(config-if)#isdn spid1 32177820010100 R1(config-if)#dialer pool-member 1 R1(config-if)#no shut R1(config-if)#int dialer 2 R1(config-if)#no shut R1(config-if)#ip add 201.10.1.1 255.255.255.0 R1(config-if)#encap ppp R1(config-if)#dialer-group 1 R1(config-if)#dialer pool 1 R1(config-if)#dialer remote-name R2 R1(config-if)#dialer string 7782001 R1(config-if)#ppp authentication chap R2(config)#isdn switch-type primary-5ess R2(config)#dialer-list 1 protocol ip permit R2(config)#username R1 password cisco R2(config)#controller tl 0/0 R2(config-contoller)#framing esf R2(config-contoller)#linecode b8zs R2(config-contoller)#pri-group timeslots 1-24 R2(config-contoller)#exit R2(config)#interface serial0/0:23 R2(config-if)#encapsulation ppp R2(config-if)#ppp authentication chap R2(config-if)#dialer pool-member 2 R2(config-if)#no shut R2(config-if)#interface dialer 2 R2(config-if)#ip add 201.10.1.2 255.255.255.0 R2(config-if)#encaps ppp R2(config-if)#dialer-group 1 R2(config-if)#dialer pool 2 R2(config-if)#dialer remote-name R1 R2(config-if)#dialer string 7782002 R2(config-if)#ppp authentication chap R2(config-if)#no shut ====IPX (Internetwork Packet Exchange)==== ​Show IPX Interface Information ​>show ipx interface Show IPX Interface Information Brief ​>show ipx interface brief ​Show IPX Traffic ​>show ipx traffic Enable IPX Routing on Both Routers #conf term #ipx routing Assign an IPX Network to the Ethernet Interfaces on the Routers #interface Ethernet 0 (config-if)#ipx network AAA (config-if)#no shut ====FRAME RELAY==== Show Global Frame-Relay Traffic Statistics >show frame-relay traffic Show Frame-Relay LMI (Local Management Interface) Traffic >show frame-relay lmi Show Frame-Relay Mappings of DLCI (Layer 2) to the IP Address (Layer 3) >show frame-relay map Show Frame-Relay PVC (Permanent Virtual Circuit) Mappings between Router and the Frame-Relay Switch >show frame-relay pvc Set the Interfaces Encapsulation to Frame-Relay on Both Routers #interface serial 0 #encapsulation frame-relay #no shut Set the Frame-Relay Interface DLCI (Data Link Connection Identifer) for the Connection R1(config-if)#frame-relay interface-dlci 102 R2(config-if)#frame-relay interface-dlci 202 Create Sub Interface and IP for Each Connection and Set DLCI on Connections R1(config-if)#interface serial 0.100 point-to-point R1(config-subif)#frame-relay interface-dlci 102 R1(config-subif)#ip address 172.16.1.1 255.255.255.0 R1(config-if)#interface serial 0.200 point-to-point R1(config-subif)#frame-relay interface-dlci 103 R1(config-subif)#ip address 172.16.1.2 255.255.255.0 R2(config-if)#interface serial 0.100 point-to-point R2(config-subif)#frame-relay interface-dlci 201 R2(config-subif)#ip address 172.16.2.1 255.255.255.0 R3(config-if)#interface serial 0.100 point-to-point R3(config-subif)#frame-relay interface-dlci 301 R3(config-subif)#ip address 172.16.2.1 255.255.255.0 Set the LMI (Local Management Interface) Type #conf term (config)#int serial1 (config-if)#frame-relay lmi-type ansi Set Frame Relay Map IP #conf term (config)#int serial1 (config-if)#frame-relay map ip 10.50.1.1 105 broadcast ====STANDARD ACCESS LISTS==== Show Access Lists >show access-lists >show access-lists 1 >show access-lists 99 View Access Lists Applied to an Interface >show ip interface access-list [#(1-99) ] [permit | deny] [source-address | keyword any] [source mask] Create an Access List to Deny #conf term (config)#access-list 1 deny host 192.168.20.1 (config)#access-list 1 deny 192.168.20.2 (config)#access-list 1 deny 192.168.20.3 0.0.0.0 Create an Access List to Permit #conf term (config)#access-list 1 permit any Delete an Access List #conf term (config)#no access-list 1 ip access-group [access-list] [in | out] Add the Access Group to an Interface (in/out) #conf term (config)#interface ethernet 0 (config-if)#ip access-group 1 in (config-if)#ip access-group 20 out Remove the Access Group from an Interface (in/out) #conf term (config)#interface ethernet 0 (config-if)#no ip access-group 1 in ====EXTENDED ACCESS LISTS==== Show Access Lists >show access-lists >show access-lists 101 (100-199 and 2000-2699) View Access Lists Applied to an Interface >show ip interface Create an Extended Access List #conf term (config)#access-list 101 deny icmp any any echo (config)#access-list 101 permit tcp 24.17.2.16 0.0.0.15 any eq telnet log (config)#access-list 102 permit tcp 24.17.2.0 0.0.0.15 any log (config)#access-list 103 permit ip host 192.168.1.123 host 192.168.1.12 log Delete an Extended Access List #conf term (config)#no access-list 101 permit tcp 24.17.2.16 0.0.0.15 any eq telnet log Add the Access Group to an Interface (in/out) ip access-group [access-list] [in | out] #conf term (config)#interface ethernet 0 (config-if)#ip access-group 101 in (config-if)#ip access-group 102 out Remove the Access Group from an Interface (in/out) #conf term (config)#interface ethernet 0 (config-if)#no ip access-group 101 in ====NAMED ACCESS CONTROL LISTS==== Show Access Lists >show access-lists Create a Named Access List to Deny Ping and Log #conf term (config)#ip access-list extended deny_icmp_ping (config-ext-acl)#deny icmp host 192.168.1.20 192.168.1.1 0.0.0.0 log (config-ext-acl)#permit ip any any log Delete a Named Access List #conf term (config)#no ip access-list extended deny_icmp_ping Add the Named Access Group to an Interface (in/out) #conf term (config)#interface FA0/0 (config-if)#ip access-group deny_icmp_ping in Remove the Named Access Group from an Interface (in/out) #conf term (config)#interface FA0/0 (config-if)#no ip access-group deny_icmp_ping in ====NAT/PAT (Network Address Translation/Port Address Translation)==== Show IP NAT Translations >show ip nat translations Clear IP NAT Translations #clear ip nat translation * Show IP NAT Statistics >show ip nat statistics ===STATIC NAT=== Add a Static NAT #conf term (config)#ip nat inside source static 10.50.1.2 10.70.1.2 (config)#interface ethernet 0 (config-if)#ip nat inside (config-if)#interface serial 0 (config-if)#ip nat outside Remove a Static NAT #conf term (config)#no ip nat inside source static 10.50.1.2 10.70.1.2 ===MANY-TO-ONE NAT=== Add a Many-To-One NAT #conf term (config)#access-list 11 permit 10.50.1.0 0.0.0.255 (config)#ip nat inside source list 11 interface serial 0 overload (config)#interface ethernet 0 (config-if)#ip nat inside (config-if)#interface serial 0 (config-if)#ip nat outside Remove a Many-To-One NAT #conf term (config)#no ip nat inside source static 10.50.1.2 10.70.1.2 ===DYNAMIC NAT (Using Pools)=== Add a Dynamic NAT #conf term (config)#ip nat pool poolname1 10.50.1.100 10.50.1.150 netmask 255.255.255.0 (config)#ip nat inside source list 2 pool poolname1 (config)#interface ethernet 0 (config-if)#ip nat inside (config-if)#interface serial 0 (config-if)#ip nat outside Remove a Dynamic NAT #conf term (config)#no ip nat pool pool1 10.50.1.100 10.50.1.150 netmask 255.255.255.0 ===PAT (Port Address Translation)=== Add a PAT #conf term (config)#ip nat inside source list 2 interface serial 0 overload Remove a PAT #conf term (config)#no ip nat inside source list 2 interface serial 0 overload