CCIE Flashcards
Memorize CCIE RS Commands
conform-action [set-prec-transmit $int] [transmit]
exceed-action [set-dscp-transmit $int]
violate-action [drop]
Three actions can be done when configuring a QoS policer and also actions such as marking can be linked to eaech of these actions. Mention them.
Configures the switch to automatically recover from a err-disable condition due to a specific reason in the specified time.
err-disable recovery cause $cause
err-disable recovery interval $int
Sets logs or debugs timestamps with the desired specified time format.
service timestamps log/debug uptime/datetime [msec/year]
A route-map matches the originator of a received
prefix.
match ip route-source $ACL/%PrefList
Permit an IGMP enabled interface to permit mcast hosts to join ONLY permitted mcast groups or specific S,G (extended ACLs)
ip igmp access-group $ACL
Selectively manipulate imported or exported NLRIs in order to get installed (or not) into a certain RIB.
export map $RMAP / import map $RMAP
Configures OSPF security as SHA-256 (Highest security encryption)
area $int authentication key-chain $string
A BGP prefix received will be installed from the specified neighbor even if its own AS number is included in the AS_PATH of that prefix.
neighbor x.x.x.x allowas-in
Configures a RIP enabled interface to send or receive specific RIP version packets.
ip rip send/receive version 1/2
Defines AS numbers that are to be considered confederation peerings.
bgp confederation peers $AS1 $AS2 $ASn…
Configures a police rate percent based and burst value
police rate percent % burst $ms
Enables CDP globally or in the interface, and configured CDP timers.
cdp enable/run
cdp timer $int
cdp holdtime $int
Sets the router as an Auto-RP RP candidate for specified groups.
ip pim send-rp announce $if scope $int group-list $ACL
Causes OSPF to form an adjacency with the specified peer but NOT advertise any prefix to it.
neighbor x.x.x.x database-filter all out
Sets the file system that will be used by the router to get the files requested by its HTTP clients.
ip http path $fs
Configures NAT to be applied to traffic ingressing a specific VRF interface.
ip nat inside source list $ACL interface $if [vrf $IngressVRF] [overload]
BGP TCP keepalive interval and timeout configuration.
bgp timers $Keepalives $Hold-time
Configures a vrf ospf instance to set a specific domain id when its prefixes are redistributed into MP-BGP.
domain-id x.x.x.x
Sets the maximum number of active HTTP connections in this router.
ip http max-connections $int
Sets the AD for inter, intra or external OSPF prefixes.
distance ospf inter/intra/external $int
Prune the specified VLANs from the trunk port.
switchport trunk pruning vlan $int….
{BGP} Advertises a set of prefixes to a specific neighbor if a route or a set of routes exist or not exist.
neighbor x.x.x.x advertise-map $RMAP exist-map/non-exist-map $RMAP
Configures a NAT rule to translate a whole network as another network space as in 1-1 translation
ip nat inside source static network $inLocal $inGlobal /xy
Configures the router to authenticate HTTP connections with the local user database.
ip http authentication local
Causes the potential OSPF adjacencies to ignore the MTU value as compatibility check.
ip ospf mtu-ignore
Configures an EIGRP stub router to not send any route to its EIGRP peers and only receive EIGRP prefixes from them
eigrp stub receive-only
Enables HTTP or HTTPS service on the router
ip http server / ip http secure-server
Configures the router to display the AS:NN format for prefix communities.
ip bgp-community new-format
Sets a NAT IP Addresses pool
ip nat pool $string $FirstIP $LastIP prefix-length $int
Enables the router to send communities to the BGP neighbor.
neighbor x.x.x.x send-community both
A switchport will passively wait to negotiate the trunk encapsulation with its neighbor.
switchport trunk encapsulation negotiate
Configures dynamic BGP. It will listen for peers with parameters as defined by the specified peer group.
bgp listen range $PrefixRange peer-group $name
Sets a syslog server where traps are to be sent. Also, the protocol and destination port number can be defined for this communication.
logging host $IPadd [transport tcp/udp] [port $int]
Signals the NSSA ABR to always translate type7 prefixes to type5 to the backbone network.
area $int nssa translate type7 always
Causes BGP best path selection process to always compare MED even if AS Path attribute is different among the competing prefixes.
bgp always-compare-med
Sets the Unique Local Address (ULA) to an interface.
ipv6 address FC00:x.x.x.x::/64
{BGP} Causes BGP session with an external peer to NOT be resetted in case the direct link to this peer goes down.
no bgp fast-external-fallover
Sets EIGRP’s weight values
metric weight $arb $BW 0 $Delay 0 0
Configures all DNS parameters to function as DNS server, function as DNS client or respond to DNS queries when DNS server is not reachable.
ip dns server
ip domain-lookup
ip name-server /$IPadd
ip dns spoofing $IPadd
Configures the interface to be used as source for all NTP communication.
ntp source $if
Modifies an aggregate prefix attribute parameters.
aggregate-address x.x.x.x/y attribute-map $RMAP
NHRP CONFIGURATION
ip nhrp network-id $int
ip nhrp authentication $string
ip nhrp nhs $Priv
ip nhrp map $Priv $NBMA
ip nhrp map multicast $NBMA
Causes IPv6 redistribution to include connected prefixes.
redistribute $RoutingProtocol include-connected [$options]
BGP lowest RID is best.
In iBGP, which is better lower or higher RID for best path tiebreaker. What is used by eBGP instead of this condition?
Statically defines the RP address for all or a specific set of groups.
ip pim rp-address x.x.x.x [$ACL] [override]
{BGP} Originates a default route using the regular advertisement method.
network 0.0.0.0 mask 0.0.0.0
Configures the router as a ntp time source and its stratum number.
ntp master $stratum
Configures a route-map to match a prefix in the RIB or the originator of a prefix.
match ip address prefix $Prefix/$ACL
match ip route-source prefix $Prefix/$ACL
Configures the best possible bridge prioirity for the switch.
spanning-tree vlan $vlan priority 0
Permits packets with destination address as the subnet network address to be processed.
ip directed-broadcast
Configures the time the router will delay the removal of a prefix from whch its next-hop got lost as reported by the underlying IGP.
bgp next-hop trigger delay $int
Causes EIGRP to authenticate using SHA-256 encryption over the interface.
authentication mode hmac-sha-256 $password
Both commands are needed to enable RIPng in an interface.
ipv6 router rip $name
ipv6 rip $name enable
Disables split horizon in an EIGRPv3 enabled interface
no ipv6 split-horizon eigrp $AS
ipv6 mld join-group FF3x::/96 source-list $ACL
Causes an IPv6 enabled interface to join a specific S,G SSM group.
Configures the port to detect unidirectional links and send a warning message or shutdown the port.
udld port [aggresive]
{BGP} Suppresses only specific prefixes belonging to the aggregate route.
aggregate-address x.x.x.x/y supress-map $RMAP
Limits the logging of messages to the syslog servers to the specified level.
logging trap $level
Causes the destination SPAN port to accept ingress frames and forward them based on the specified VLAN.
monitor-session $int destination interface $if ingress encapsulation dot1q vlan $int
Sets the port which will be used by the router to listen for incoming HTTP connections.
ip http port $int
WRED will mark packets exceeding min threshold with ECN bit instead of dropping it.
random-detect ecn
Advertises a summary address in a RIPng enabled interface.
ipv6 rip $name summary-address x.x.x.x/y
Sets AD for prefixes received by RIP from the specified peers.
distance $int $GWAddress $ACL
Configures the fast convergence features for STP in the switch.
spanning-tree uplinkfast/backbonefast
Setsthe cost used for the default route sent by an OSPF ABR when running totally stub config
area $int default-cost $int
Causes a P2P link to avoid the generation of constant hello packets and paranoid flooding.
ip ospf demand-circuit
Configures an AS_PATH access list.
ip as-path access-list $int permit/deny $regex
Statically configures the RP which will be used for Bidirectional PIM for specified groups.
ip pim rp-address x.x.x.x $ACL bidir
Sets a community to a BGP prefix used to avoid AS border routers to advertise this prefix out of the AS.
set community no-export
Sets SOO feature for EIGRP prefixes advertiesed and received by the MPLS network. Used as a loop prevention mechanism.
ip vrf sitemap $PMAP
Advertises (or not) a specific OSPF external aggregated prefix instead of the individual most specific prefixes.
summary-address x.x.x.x/y [tag/not-advertise]
ISATAP address formatting.
ipv6 address WWWW:XXXX:YYYY:ZZZZ:0:5EFE:32bits_ipv4_hex_address/64
Configures the router as a TFTP server and which hosts are permitted to access it.
tftp-server $fs $ACL
Configures the maximum rate an access-list can log hits in pps or per number of hits
ip access-list log-update threshold $int/pkts
Configures the router to get prefixes from spoke routers known via CDP.
router odr
Instructs EIGRP to not accept EIGRP updates with a hop count higher than the one scpecified.
metric maximum-hops $int
Configures the software clock to synchronize a peer or to be synchronized by a peer.
ntp peer $IPadd
Configures OSPF timers for values less than 1 for fast convergence time
ip ospf dead-interval minimal hello-multiplier $int
Avoids sending link state changes as a trap to snmp server(s).
no snmp trap link-states
Configures DSCP based WRED in a class based queue
random-detect dscp-based
random-detect dscp $DSCP $minT $MaxT
Configures an NTP client to synchronize time with the specified server and using the specified key.
ntp server $IPadd key $int
Causes to stop the default delay used by BGP to import NLRIs to the proper VRFs.
import path selection all
Sets a snmp-server to connect via SNMP and specifies SNMP parameters.
snmp-server host $IPadd [vrf $name] [traps] $community [version $1/2c/3]
Causes the router to send RA messages in the specified time in seconds or msecs.
ipv6 nd ra interval $int
Matches specific packet flows in a class-map based on an ACL.
match access-group [name] $ACL
Adds a PBR policy for local originated traffic.
ip local policy route-map $RMAP
Sets a distribute list in the router based on a route-map match.
distribute-list route-map in/out interface $if
Sets a community list for community attribute manipulation.
ip community-list [standard/extended] $int [permit/deny] $regex
Will cause the mrouter to withdraw the IGMP group as soon as an IGMP leave is received from a member of the specified group(s).
ip igmp immediate-leave group-list $ACL (Global/Interface)
{BGP} Performs prefix filtering based on an AS_PATH ACL match for ingress or egress direction.
neighbor x.x.x.x filter-list $AS_PATH ACL in/out
Causes an IPv6 enabled interface to join a specific MLD group.
ipv6 mld join-group FF02::x
Will move the port to err-disable condition if the amount of specified type of traffic exceeds the specified threshold.
storm-control unicast/broadcast/multicast $val
Configures the route-map to set bgp dampening values.
set dampening $halflife $reuse $supressval $maxsupresstime
Sets the router as an Auto-RP multicast announcer.
ip pim send-rp-discovery $if scope $int
A router will unicast forward the IGMP reports/leaves received in the interface to the specified IP address.
ip igmp helper-address $IPadd
Sets the unique global address to an interface.
ipv6 address 2001::/3
Sets the maximum number limit of AS numbers in the AS_PATH attribute that a prefix received must have in order to be processed.
bgp maxas-limit $int
Sets RIB scale value for EIGRP named mode
metric rib-scale $int
Configures a NAT rule, where packets hitting the specified interface are sent to the specified inside local address.
ip nat inside source static $insideLocal interface $if
Sets the cluster ID for Cluster Path when the router advertises a prefix to its RR client.
bg cluster-id x.x.x.x
Sets the port which will be used by the router to listen for incoming HTTPS connections.
ip http secure-port $int
Stops the automatic BGPv4 session to be automatically established if a peering through another AFI is desired.
np bgp default ipv4-unicast
Configures the router to CEF load balance BGP ECMPs based on interfaces bandwidth.
bgp dmzlink-bw
neighbor x.x.x.x dmzlink-bw
Causes the switch to configure portfast in all the access-ports.
spanning-tree portfast default
*** VRRP Configuration ***
vrrp $int ip $IPadd
vrrp $int priority $int
vrrp $int timers advertise $int
vrrp $int authentication text/md5 $string
Sets the maximum number of LSAs an OSPF process will accept.
max-lsa $int [threshold $int] [warning-only]
Configures an HSRP group to be able to use its own burned in address as group address
standby use-bia
Enables the router to use bidirectional PIM.
ip pim bidir-enable
Enables the generation of keepalive packets on idle outgoing network connections.
service tcp-keepalives in/out
An alternative to delete all matched prefixes communities, other than comm-list delete.
set community none
*** DHCP specific host address assignment ***
- Server -
ip dhcp pool $string
host $network $mask
client-identifier %hexStr
lease $days
- Client -
ip dhcp client client-id ascii $str
ip address dhcp
Limit the amount of messages per second that can be logged for specified level.
logging rate-limit [console] [$levels/all] $int
Sets the tunnel encapsulation as a VTI (Mcast capable IPsec). Note: VTIs automatically adjust their MTUs, only TCP MSS should be adjusted.
tunnel mode ipsec ipv4
Configures an ISAKMP pre-shared key authentication peering to a peer known over a VRF.
crypto keyring $name vrf $VRF
pre-shared address $peer key $string
Configures an offset-list for prefixes received via RIP.
offset-list $ACL in/out $offset $if
Configures rotary TCP flows NAT load balancing. Why is IP aliasing important here?
ip nat pool $string prefix-length $int type rotary
address $FirstIPadd LastIPadd
ip nat inside destination $ACL pool $string
ip alias x.x.x.x
Causes a router interface to join a specified MLD group.
ipv6 mld join-group FF08::/16
Disable paranoid flooding to occur in the interface.
ip ospf flood-reduction
Permits an EIGRP stub router to advertise specified non-stub prefixes to its peers.
eigrp stub $options leak-map $RMAP
*** PE ***
ipv6 dhcp pool $name1
> prefix-delegation pool $name2
ipv6 local pool $name2 $PrefixLength $Lifetime
interface $ifToCE
ipv6 dhcp server $name1
*** CE ***
interface $ifToPE
ipv6 client pd $anyName3
interface $ifToClient
ipv6 address $Name3 ::$host/xy
Configures IPv6 prefix delegation feature in CE and PE routers
ABR filters OSPF received or sent prefixes from area to area.
area $int filter-list prefix $PrefixList in/out
crypto keyring $name vrf $VRF
pre-shared address $peer key $string
Configures an ISAKMP pre-shared key authentication peering to a peer known over a VRF.
Configures the 3 must have MST parameters in order for the switches to have the same BPDU hashing.
instance $int vlan $vlan-range
name $name
revision $revision
Sets OSPF MD5 authentication for peers discovered over this interface.
ip ospf authentication message-digest
ip ospf authentication message-digest-key $int md5 $string
Configures the tunnel to classify and apply QoS actions to traffic before being GRE encapsulated.
qos pre-classify
Replaces AS ID in OpenSent messages. With option to also replace AS_PATH attribute in the update messages or use both AS_PATHs, the original and the new one.
neighbor x.x.x.x local-as $newAS [no-prepend] [replace-as] [dual-as]
Causes the router to install a default route with next hop to the router used for autoconfig in the interface.
ipv6 address autoconfig default
Causes the NSSA ABR to supress the forwarding address from Type7 to Type5 translated prefixes.
area $int nssa translate type7 supress-fa
Configures NBAR to match specific string in an web based traffic flow.
match protocol http url $regex
Causes the interface prefix to not be advertised as RA to hosts.
ipv6 nd prefix $Prefix no-advertise
A route map matches the next hop address of prefixes to be redistributed
match ip next-hop prefix $Pref
Sets statically the RPF interface for a given source address.
ip mroute $srcAddress $mask $NH/$if [AD]
Causes the NSSA ABR to redistribute the prefixes to the backbone area ONLY, these prefixes will not be injected over the NSSA interfaces.
area $int nssa no-redistribution
Will forward broadcast traffic (from permitted forward protocols configured) as mcast traffic using the specified mcast group address.
ip multicast-helper-map broadcast $McastGroup $ACL
{BGP} Selects which specific prefixes should be affected by the dampening parameters.
bgp dampening route-map $RMAP
Causes BGP to advertise summarized prefixes in regular advertisements (locally originated) and when redistributing.
{BGP} auto-summary
Causes the switch to configure BPDU guard or BPDU filter in all interfaces that have portfast configured.
spanning-tree portfast bpduguard/bpdufilter default
Causes the router to accept only Join messages for the specified RP and only for the specified mcast groups.
ip pim accept-rp $RP $ACL
*** CHAP Configuration ***
username $PEER_HOSTNAME password $ARB1
interface serial x/x
ppp authentication chap
*** Password MUST match in both peer’s login DB ***
Sets a router as an MSDP peer.
ip msdp peer x.x.x.x [remote-as $AS] [connection-source $if] [originator-id x.x.x.x]
Configures Dynamic NAT based on an IP Address pool.
ip nat inside source list $ACL pool $string
The interface will directly filter all auto-rp packets being received or to be forwarded.
ip multicast boundary filter-autorp
{BGP} Performs prefix filtering based on a Route-Map match for ingress or egress direction.
neighbor x.x.x.x route-map $RMAP in/out
Causes the switchport to negotiate the voice VLAN marking with the phone based on the COS value.
switchport voice vlan dot1p
Causes a GRE tunnel to use IPv6 signaling to set the tunneling encapsulation. IPv6 address encapsulation.
tunnel mode ipv6/ipv6ip
{Set in a route-map} Adds specified communities to a prefix.
set community $AS:NN additive
Sets the source interface for telnet communication.
ip telnet source-interface $if
Next Hop trigger events as notified by the IGP are delayed by the specified time before withdrawing a BGP prefix from RIB.
bgp nexthop trigger delay $int
Configures a static PAT rule in the router. An option will cause the router to not install an alias for non directly assigned IP addres.
ip nat inside source static tcp/udp $InsideLocal $port $InsideGlobal $port [no-alias]
Determines a switchport willingness to become a trunk or not become a trunk.
switchport mode dynamic auto/desirable
Filters hosts that are permitted to access this router as a HTTP server.
ip http access-class $ACL
Enables an interface to register all packets/bytes received in the interface classified by protocol
ip nbar protocol-discovery
{BGP} Advertises a default route to a specific peer.
neighbor x.x.x.x default-information-originate [route-map $RMAP]
Enables the switch to send SNMP traps when there is a MAC address removed or added in the CAM.
snmp trap mac-notification change added/removed
Originates a Type7 default route for the NSSA area.
area $int nssa default-information-originate [metric $int]
Creates a reversible NAT rule where reversed entries are programmed so outside flows can reach inside hosts.
ip nat inside source route-map $RMAP pool $string reversible
Sets the global AS for a router inside a BGP confederation. This is the AS that the eBGP peers will use as remote-AS configuration.
bgp confederation identifier $GlobalAS
Disables split horizon in a RIPng enabled interface.
no split-horizon
Sets BGP peer SOO value.
neighbor x.x.x.x soo $value
Will forward a mcast packet as a broadcast directed packet or a subnet network address.
ip multicast helper-map $mcastGroup $DirectedBroadcastIP $ACL
*** CONFIGURES IGMP PROFILES. THIS IS THE SAME AS IGMP ACCESS-GROUP BUT FOR SWITCHES ***
ip igmp profile $int
permit
range $RangeMin $RangeMax
Configures a non CAR policer and all its parameters
police cir $int bc $int be $int
Configures an IPv6 sumamry address in an EIGRPv3 enabled interface.
ipv6 summary-address eigrp $AS
Sets the next-hop address and reliably verifies if it is reachable based on an IP SLA status or if the neighbor exists via CDP.
set ip next-hop verify-availability [x.x.x.x $int track $int]
Establishes a peer’s maximum prefixes limit to be received and the actions to take if a threshold under this limit is reached.
neighbor x.x.x.x maximum-prefix $int $threshold [warning/restart $rate]
Sets the maximum time an IGMP hosts should respond to a general query.
ip igmp query-max-response-time $int
Counts every syslog message and time-stamps, the occurrence of each message.
logging count
Sets a password for the VTP domain. This password cannot be seen in vlan.dat or in the running configuration.
vtp password $string hidden
Configures an interface to run microsoft chap authentication and encrypt packets based in this protocol too
ppp authentication ms-chapp[-v2]
ppp encrypt mppe $int [required]
PIM BSR messages are NOT processed or advertised by the interface.
pi pim bsr-border
Applies specified peer-group configuration to a BGP neighbor.
neighbor x.x.x.x peer-group $name
Permits an inside local address to be represented by multiple inside global addresses.
ip nat inside source static $InsideLocal $InsideGlobal extendable
Initializes a BGP peer group.
neighbor $name peer-group
Causes the router to advertise the BGP aggregate prefix as soon as it is generated, without delay.
bgp aggregate timer 0
private-vlan primary
private-vlan association [add/remove] $vlan
Configures the primary vlan.
Sets a protocol to be forwarded by interface helper-address parameters.
ip forward-protocol $protocol/$protocoNumber
BGP advertises an aggregate prefix without advertising the individual more specific prefixes.
aggregate-address x.x.x.x/y summary-only
Sets the source interface address used in packets sent to a syslog server.
logging source-interface $if
Reference BW / Interface BW
INTERFACE OSPF COST
Configures the router to accept time sync from sources sending a trsuted specified key.
ntp authenticate
ntp authentication-key $Key# md5 $string
ntp trusted-key $Key#
Sets the HSRP mode to be able to use a group value higher than 255
standby version 2
Sets the router as an IPv6 BSR candidate.
ipv6 pim bsr candidate bsr $IPadd [scope $int] [$int] [priority $int]
{BGP} Enables BGP event based events to withdraw BGP prefixes as soon as the next hop for these gets unreachable as informed by the IGP.
bgp nexthop trigger enable
Configures a static mac address entry in the CAM.
mac address-trable static $mac drop/$if
Prevents unauthorized sources from registering with the RP. An RP will ONLY accept register messages from the specified sources.
ip pim accept-register list $ExtACL
Configures a tracking object based on an existent IPSLA.
track $int ip sla $int reachability/state
Sets router’s SNMP community and specifies access privileges. You can also spcifies which snmp servers are allowed to connect with this router.
snmp-server community $string ro/rw $ACL
Causes LDP to stop advertising labels for known prefixes.
no mpls ldp advertise-labels
Defines a static cost to a specific OSPF neighbor.
neighbor x.x.x.x cost y
> ISAKMP policy
> ISAKMP pre-shared key
> IPSEC transform set
crypto-map $name [local-address $if]
crypto-map $name ipsec-isakmp
set transform-set $SET
set peer $peer
match address $ACL
IPSEC CRYPTO MAP CONFIGURATION
Sets MLD general query interval time.
ipv6 mld query-interval $int
Causes all prefixes received from a RIPng enabled interface to be added a metric value.
ipv6 rip $name metric-offset $int
Configures an ACL to provide detailed information of an entry being hit
access-list $int …………. log-input
Bypass OSPF default behavior when a virtual link is a non best path to a prefix and thus non bakcbone path is used to reach it.
no capability transit
Causes the OSPF router to NOT install a discard route when an aggregate prefix is advertised.
no discard-route [internal/external] [AD]
Sets an active CPU process monitoring at specified interval and for the specified threshold.
process cpu threshold type process/interrupt/total rising $int interval $int
Configures an interface to verify that unicast traffic is received by the expected interface
ip verify unicast source reachable-via rx/any [$ACL] [allow-default]
Both commands are used to set MD5 authentication in an EIGRPv3 enabled interface.
ipv6 authentication mode eigrp $AS md5
ipv6 authentication key-chain eigrp $AS $Key-Chain
{BGP} Monitors the IGP route to the peer, if this dissapears the session with this peer goes down. The specific route to monitor can also be selected to avoid issues when there is a default route.
neighbor x.x.x.x fall-over [route-map $RMAP] [bfd single/multi]
Sets the router as a BSR. The hash signals the BSR how to load balance the mcast groups among the available RP candidates.
ip pim bsr-candidate $if [$hash] [priority $int]
Sets the maximum number of prefixes that can be redistributed into OSPF.
redistribute maximum-prefix $int [threshold %int] [warning-only]
Specifies the mcast group range to use for PIM SSM traffic.
ip pim ssm [default/range $ACL]
**** HSRP Configurations ****
standby $int ip $IPadd
standby $int timers $hello $hold
standby $int preempt
standby $ mac-address $MACadd
standby $int priority $int
standby $int authentication text/md5 key-chain/key-string $string
standby $int track $int shutdown/decrement $int
Avoid L3 link to use ICMP messages to report better next hop or destination not reachable.
no ip redirects
no ip unreachables
Causes redistributed BGP prefixes into RIP to get advertised with original metric (as received by the ingress PE).
redistribute bgp $AS metric transparent
Configures the size and level of logs saved in buffer.
logging buffered [$size] [$level]
Might be used by RIP to advertise a default-route only through a specific interface.
set interface $if
Sets a community to prefixes, these will not be advertised out of its confederation AS.
set community local-as
Configures the mcast router to treat auto RP related signal groups with dense mode.
ip pim autorp listener
Causes OSPF to form adjacencies through the interface but NOT advertise any prefix over it.
ip ospf database-filter all out
Sets the link-local address of an interface.
ipv6 address FE80::/10 link-local
Configures the port to be a NTP multicast source or to listen to NTP multicast messages.
ntp multicast $Group [client $Group]
Configures private vlan port as a promiscuous port and maps primary to secondary VLANs.
switchport mode private-vlan promiscuous
private-vlan mapping $secondaryVLAN
Enbles the switch to display a log in case there is a change of a MAC address in the CAM and defines an interval limit for these messages to be logged.
mac address-table notification change [interval $int]
Sets metric and AD parameters to an EIGRP advertised summary-address.
summary-metric x.x.x.x/y $int distance $AD
Causes OSPF to advertise LSA type 1 with the maximum metric until certain specific conditions are met, this in order to avoid blackholing scenarios or help in migration scenarios.
max-metric router-lsa [on-startup] [summary-lsa] [external-lsa] $int [wait-for-bgp]
Causes AS_PATH attribute to be ignored in BGP’s best path selection process.
bgp bestpath as-path ignore
Removes private AS number from the AS_PATH before advertising the prefix to the CE router.
neighbor x.x.x.x remove-private-as
Sets the queue depth for CBWFQ queues.
queue-limit $int
Sets the timeout time to wait for the active querier response before taking querier role.
ip igmp querier-timeout $int
Causes the switch to detect unidirectional condition in all the fiber ports and send a warning message or shutdown the unidirectional link.
udld enable [aggressive]
Configures a track which will aggregate some other tracks and will condition based on a boolean operation og these more specific track objects.
track $int list boolean and/or
Specifies the vrf over which the tunnel destination endpoints are reachable. Tunnel control-traffic is carried over this VRF.
tunnel vrf $vrf
Sets a vrf static route which will lookup the Next Hop over the global/default RIB.
ip route vrf $VRF x.x.x.x/y $NH global
{BGP} Performs prefix filtering based on ACL match for ingress or egress direction.
neighbor x.x.x.x distribute-list $ACL in/out
Defines the interface used as source for tftp communication.
ip tftp source-interface $int
Will cause the OSPF router to ignore LSA type 6 advertisements.
ignore lsa mospf
Set matched prefixes route-target community value.
set extcommunity rt $AS:NN [additive]
{BGP} Originates a more specific prefix derived from an existent aggregate address.
bgp inject-map $RMAP exist-map $RMAP
HSRP MAC ADDRESS
0000.0c07.acxx
Sets OSPF text authentication to be used for peers discovered over this interface.
ip ospf authentication
ip ospf authentication-key $string
Specifies the MIBs that are allowed to be accessed and applies it to a specific SNMP community.
snmp-server view $string $MIB included
snmp-server community $string view $string ro/rw
Supresses sending RA messages in the interface.
ipv6 nd supress-ra
Configures router RIP convergence timers.
timers basic $interval $timeout $holddown $flush
Enables the interface to accept and process mcast packets but no PIM adjacency will occur over this interface.
ip pim passive
Limits the number of mroute states globally or per interface (Maximum number of groups).
ip igmp limit $int (global/interface)
In iBGP, which is better lower or higher RID for best path tiebreaker. What is used by eBGP instead of this condition?
BGP lowest RID is best.
Causes the interface to stop forwarding or processing BSR packets.
ip pim bsr-border
Configures rip to run over a specified VRF instance.
router rip
address-family ipv4 unicast vrf $name
Configures a static ARP entry.
arp x.x.x.x $mac arpa $if
Sets the tunnel to use 6to4 dynamic tunneling.
tunnel mode ipv6ip 6to4
Sets the time EIGRP will wait for a prefix Reply before declaring it SIA.
timers active-time $time
Sets all the BPDU related timers for the switch.
spanning-tree vlan $vlan hello-time/forward-time/max-age $int
{Set in route-map} Deletes matching communities of a prefix.
set comm-list $int delete
Causes the swichport to move to err-disable state in case BPDU stop being received in the blocked port for the max-age time.
spanning-tree guard loop
Limits the TFTP servers used via Simple Network Management Protocol (SNMP) controlled TFTP operations.
snmp-server tftp-server-list $ACL
Configures a static NAT rule
ip nat inside source static $InsideLocal $InsideGlobal
Configures MST port cost and priority in the interface.
spanning-tree mst $int cost $int
spanning-tree $int port-priority $int
Configures a specific NTP peer or server to be reachable through a specified interface
ntp peer/server $IPadd source $if
Configures an accessport as host port and maps it to a primary and secondayy vlan.
switchport mode private-vlan host
switchport private-vlan host-association $primary $secondary
Enables the router to send syslog messages as SNMP traps.
snmp-server enable traps syslog
Sets the router as a BSR candidate RP for the specified groups.
ip pim rp-candidate $if [group-list $ACL] [priority $int]
Configured a QoS policer and defines all possible attributes
police rate $int bps [burst $bytes] [peak-rate $bps] [peak-burst $bytes]
Enables mst and enters mst configuration mode.
spanning-tree mode mst
spanning-tree mst configuration
Mroute states are created only for the permitted groups when an MLD report is received in the interface.
ipv6 mld access-group $ACL
Causes RIPv2 to bypass the peer in the same subnet check to accept routing updates.
no validate-update-source
*** IRB configuration ***
bridge irb
!
interface $if
bridge-group $int
!
interface bvi $int
!
bridge $int protocol ieee
bridge $int route ip
*** SNMPv3 configuration ***
snmp-server user $username $groupName v3 auth md5/sha $string priv 3des/aes $string
snmp-server group $groupName v3 auth read/write $view access $ACL
snmp-server host $IPadd traps version 3 priv $user
Forces the LDP session to identify via password otherwise these do not get formed bidirectionally.
mpls ldp password required
Booth commands are used to enable EIGRPv3 in an interface.
ipv6 router eigrp $AS
ipv6 eigrp $AS
Inspects AutoRP packet and modifies reported mcast groups by mcast announcer
ip multicast boundary $ACL filter-autorp
Three actions can be done when configuring a QoS policer and also actions such as marking can be linked to eaech of these actions. Mention them.
conform-action [set-prec-transmit $int] [transmit]
exceed-action [set-dscp-transmit $int]
violate-action [drop]
Enables ECN capability in TCP local sessions.
ip tcp ecn
Configures BGP to be able to use a Next hop IPv6 address even if BGP peers are defined as IPv4
bgp default ipv6-nexthop
Configures the mapping agent to accept Auto RP messages only from the specified candidates and only for the specified groups.
ip pim rp-announce-filter rp $ACL group $ACL
Causes the router’s RA messages to be considered valid for the specified amount of time.
ipv6 nd ra lifetime $Time
BSR RP Candidate will advertise itself for bidirectional PIM for specified groups.
ip pim rp-candidate $if [group-list $ACL] bidir
Enables IPv6 processing in the interface.
ipv6 enable
Attributes for a BGP aggregate address are taken from the route-map matched prefixes.
aggregate-address x.x.x.x y.y.y.y as-set advertise-map $RMAP
Permits loopback to loopback BGP adjacency between directly connected peers.
neighbor x.x.x.x disable-connected-check
Creates a queue for class specified traffic and defines reserved bandwidth for it.
bandwidth $kbps [remaining/percent %]
Sets the TOS field value for locally originated telnet traffic.
ip telnet tos $hex
Configures a conditional static NATing rule
ip nat inside source static $insideLocal $InsideGlobal route-map $RMAP
{BGP} Causes a flapping prefix to stop being advertised. Name the values name and its usage.
bgp dampening $Half-life $ReUseVal $SupressVal $MaxSuppressTime
Advertises an aggregate prefix including the AS_SET attribute.
aggregate-address x.x.x.x/y as-set
MD5 password added in OpenSent, a match with the peer data sent will permit the adjacency formation.
neighbor x.x.x.x password $PASSWORD
Advertises a summary address in a RIP enabled interface.
ip summary-address rip x.x.x.x/y
Sets the router as an IPv6 BSR RP candidate.
ipv6 pim bsr candidate rp $IPadd [group-list $ACL] [priority $int]
*** Configures GLBP parameters ***
glbp $int ip $IPadd
glbp $int preempt
glbp $int priority $int
glbp $int authentication md5 key-string/key-chain $string
Forces RIPv2 to send routing updates via broadcast through the interface.
ip rip v2-broadcast
Sets BGP SOO extended community value for matched prefixes.
set extcommunity soo $AS:NN
Specifies the limit for the number of log messages that may be queued for a remote system logging (syslog).
logging queue-limit trap $int
Specifies the interface from which a SNMP trap should originate.
snmp-server source-interface traps $if
Controls which hosts are permitted to synchronize the time with the router as a NTP server or permitted to peer with it.
ntp access-group peer/serve-only $ACL
Will query for OSPF neighbor host names to display on OSPF show commands.
ip ospf name-lookup
This type of port will cause frames received to NOT be forwarded through ports of this same type.
switchport protected
Causes the switch to remove mgroup entry as soon as a leave is received in an interface.
ip igmp snooping vlan $int [immediate-leave]
Enables OSPF authentication for the specified area.
area $int authentication [message-digest]
Sets Router Advertisements interval
ipv6 nd ra-interval $int
Sets the IGMP general query interval in seconds.
ip igmp query-interval $int
Causes the VTPv3 server to become the primary server for STP or MST domains.
vtp primary vlan/mst
Configures a private vlan as either community or isolated.
private-vlan [community/isolated]
To hide IP address or host name information when a Telnet session is established.
ip telnet hidden addresses/hostnames
Configures a static NAT rule to add a static route for the return packets
ip nat inside source static …. add-route
Sets a PBR policy in the interface.
ip policy route-map $RMAP
Causes the router to permanently assign a OID to the local interfaces.
snmp-server ifindex persist
Sets the gre tunnel encapsulation as ISATAP.
tunnel mode ipv6ip isatap
Supresses the display of sensitive information of Telnet connection messages.
ip telnet quiet
Configures BFD parameters to be used over an specific interface.
bfd interval $hello-interval min $int multiplier $int
> Sham link loopbacks MUST be known by iBGP *ONLY* (Filtered from OSPF)
> Sham links must be configured to point to peer sham link loopback, even if these learned via iBGP according to RIB
> The area defined in the sham link configuration is the area which will have its prefixes changed to intra area type.
SHAM LINKS FORMATION RULES
Advertises a default route over a RIPng enabled interface. If a keyword is used, only a default route is originated and all other prefixes suppressed.
ipv6 rip $name default-information originate [only] [metric $int]
Allow redistribution of iBGP into IGPs (dangerous). By default this is not possible, only eBGP prefixes get redistributed.
bgp redistribute-internal
Causes the interface prefix to not be advertised through RA to hosts for use as autoconfig parameter.
ipv6 nd prefix $Prefix $ValidLifeTime $PreferredLifeTime [no-autoconfig]
Establishes a password for LDP sessions with the specified neighbor.
mpls ldp neighbor x.x.x.x password $int $password
Causes a directed broadcast to be forwarded using the specified address instead of normal broadcast destination address
ip broadcast-address x.x.x.x
Configures a GRE tunnel with a backup interface. Reliably configures the tunnel to go down if rechability to the tunnel endpoint is lost.
backup interface $if
backup delay $KickInTime $KickOutTime
keepalives $Interval $RetriesBeforeTunnelDown
Configured WFQ queueing method for default-queue
fair-queue
Configures a precedence based WRED and also Max probability Discriminator 1/x
random-detect
random-detect precedence $int $min $max $MPD
Forces the redistribution of OSPF Type-5 prefixes into BGP/IGP.
redistribute ospf $PID match external internal
Disables any authentication over this OSPF interface.
ip ospf authentication null
Makes unsolicited logging messages to appear after (not interrupt) solicited outputs.
logging synchronous
Enables the router to send a trap to snmp server if a link goes down or up
snmp-server enable traps snmp linkdown/linkup
snmp trap link-status
Applies an Ipv6 ACL in an interface.
ipv6 traffic-filter $name in/out
*** PPPoE server configuration ***
bba-group pppoe global
virtual-template $intx
interface virtual-template $intx
mtus 1492
ip address x.x.x.x/y
peer default ip address dhcp-pool $string
ppp authentication chap/pap
interface ethernet x/x
pppoe enable group global
Allows the software clock to be synchronized by a time server.
ntp server $IPadd
Enables/disables RR client reflection of prefixes based on their cluster ID or affect all clients.
[no] bgp client-to-client reflection [all/cluster-id]
Enable the router to send traps based in syslog messages
snmp-server enable traps syslog
Configures the router BGP scanner interval.
bgp scan-time $int
{BGP} Performs prefix filtering based on a Prefix List match for ingress or egress direction.
neighbor x.x.x.x prefix-list $PrefL in/out
The OSPF router redistributes a default route for the OSPF entire domain.
default-information originate [metric $int] [metric-type $int] [route-map $RMAP] [always]
Stores all prefixes before Loc-Adj-RIB in order to manipulate them without forcing the peer to send all BGP prefixes again by tearing down the BGP session.
neighbor x.x.x.x soft-reconfiguration inbound
Causes an IPv6 enabled interface to join a specific S,G SSM group.
ipv6 mld join-group FF3x::/96 source-list $ACL
Advertises a summary-address over an EIGRPv3 enabled interface.
ipv6 summary-address eigrp $AS x.x.x.x/y
Causes the switchport to move to err-disable state in case a superior BPDU is received.
spanning-tree guard root
Sets a shaping action for a class based queue in specific rate or percent rate
shape average $bps [percent %]
Configures the router to use the maximum specified number of ECMPs for the specified BGP entries.
maximum-paths [ibgp/eibgp] $int
Uses NBAR to match specific packet length
match packet length min x max y
SHAM LINKS FORMATION RULES
> Sham link loopbacks MUST be known by BGP *ONLY*
> Sham links must be configured to point to peer sham link loopback
area 0 sham-link $SourceLoopback $DestinationLoopback
Permits OSPF to override the D bit loop prevention behavior when receiving a prefix advertised by the MPLS network.
capability vrf-lite
Configures a filter for prefixes received via RIP based on a list of prefixes and/or neighbors.
distribute-list prefix $PrefixList [gateway $ACL] in/out interface
Causes prefixes without explicit MED attribute set to be set with the maximum possible metric instead of zero.
bgp bestpath med missing-as-worst
Configures MD5 or plain text authentication for RIP enabled interface.
ip rip authentication mode md5/text
ip rip authentication key-chain $name
Specifies the transport address for TCP sessions formed due to LDP peerings.
mpls ldp discovery transport-address {interface/$IPaddress}
Configures the primary vlan.
private-vlan primary
private-vlan association [add/remove] $vlan
Enables LDP in all OSPF enabled interfaces.
mpls ldp autoconfig
Configures ORF to signal the peer to avoid the advertisement of specific prefixes.
neighbor x.x.x.x capability orf prefix -list send/receive/both
Configures the router to be a multicast or broadcast NTP source and use the specified key in the NTP messages.
ntp broadcast/multicast key $int
A BGP prefix received will not be installed in the RIB if it has traversed more hops than the specified in the configuration.
bgp neighbor x.x.x.x ttl-security hops $int
match protocol icmp
Causes a BGP router to advertise the specified eBGP prefix AD as 200. This also affectes own router’s AD for this prefix.
network x.x.x.x mask y.y.y.y backdoor
Causes the eBGP prefix to be advertised with a metric of 200 to the IGP domain in order for the IGP routers to prefer the IGP metric for the same prefix.
network x.x.x.x backdoor
Controls which prefixes are labeled and advertised to specified LDP peers.
mpls ldp advertise-labels for $ACL to $ACL
*** PAP Authentication configuration ***
username $ARB1 password $ARB2
interface serial x/x
ppp authentication pap
ppp pap sent-username $ARB1 password $ARB2
*** Sent credentials MUST match with the a peer’s login DB entry ***
Sets a class based queue as a LLQ in specific rate or percent rate
priority $kbps [percent $int]
Causes the switch to immediately remove the interface from the forwarding interfaces from a group as soon as an IGMP leave message is received in the interface.
ip igmp snooping immediate-leave
Enables visible sequence numbering of system logging messages.
service sequence-numbers
Avoid PIM adjacencies with specified neighbors.
ip pim neighbor-filter $ACL
Configures an interface as a NTP broadcast source or to listen to NTP broadcast messages.
ntp broadcast [client]
Causes mcast groups without a valid RP to NOT fall back to dense mode and thus, be flooded.
no ip pim dm-fallback
Configures EIGRP to log any neighbor status changes and also, rate limit the time the neighbor change status are reported.
eigrp log-neighbor-changes
eigrp log-neighbor-warnings $TimeInterval
Sets maximum hops value for accepted EIGRP prefixes in named mode
topology base> metric maximum-hops $int
Configures EIGRP to install a static default route based on an EIGRP’s candidate prefix
ip default-network x.x.x.x
Configures the router to drop all packets with IP Options set
ip options drop
Sets router timezone
config t
clock timezone EST $offset
Sets subinterface encapsulation for native VLAN
encap dot1q $int native
Configures a NAT rule to statically translate addresses based on their egress interface
ip nat inside source static route-map $RMAP interface/$InsideGlobal
ip nat inside source static $InLocal $InGlobal route-map $RMAP
Configures a NAT rule to statically translate based on specific flows destination
Counts traffic that has traversed an interface in ingress or egress direction and its precedence marking.
ip accounting precedence input
ip accounting precendence ouptut
Causes NAT configured between two HSRP peers to auntomatically create a redundant entry for TCP flows from NATd sources
ip nat inside source static $inLocal $inGlobal redundancy group $int/$name
In root bridge, you can set the diameter number, this will auto generate appropriate STP values. However, there is an option to modify this values.
spanning-tree vlan $int root primary diameter $int [hello-timer $int]
Configures an EPC in the router
monitor capture buffer $name1 circular
monitor capture point ip cef $name2 $if in/out/both
monitor capture point associate $name2 $name1
monitor capture point start $name2
monitor capture point start $name1
clear monitor session buffer $name1
ipv6 ospf authentication ipsec spi $int sha1/MD5 $HexShaCode/string
Configures a Spoke’s SVTI
crypto isakmp po 10
auth pre
encr 3des
hash md5
!
crypto keyring ISAKMP_PROF
pre-share address 172.16.214.2 key CIERS2
!
crypto isakmp profile CIERS2_vti_isakmp_profile
keyring ISAKMP_PROF
match identity address 172.16.214.2
local-address tunnel 214
!
crypto ipsec transform CIERS2_vti_transform esp-3des esp-md5-hmac
!
crypto ipsec profile CIERS2_vti_profile
set transform CIERS2_vti_transform
set isakmp-pro CIERS2_vti_isakmp_profile
!
int tun214
tunnel mode ipsec ipv4
tunnel source lo214
ip unnumber lo214
tunnel destination 172.16.214.2
tunnel protection ipsec prof CIERS2_vti_profile
!
Configures Hub’s DVTI
crypto isakmp po 10
auth pre
encr 3des
hash md5
!
crypto keyring ISAKMP_PROF
pre-share address 0.0.0.0 0.0.0.0 key CIERS2
!
crypto isakmp profile CIERS2_vti_isakmp_profile
keyring ISAKMP_PROF
match identity address 0.0.0.0 0.0.0.0
virtual-template 124
!
crypto ipsec transform CIERS2_vti_transform esp-3des esp-md5-hmac
!
crypto ipsec profile CIERS2_vti_profile
set transform CIERS2_vti_transform
set isakmp-pro CIERS2_vti_isakmp_profile
!
int virtual-template 124 type tunnel
tunnel mode ipsec ipv4
tunnel source lo214
ip unnumber lo214
tunnel protection ipsec prof CIERS2_vti_profile
!
