Configuring, commands and theory behind them. Flashcards
Explain what these modes allow. which symbol they have and how to go between them
User EXEC Mode
Priviliged EXEC Mode
Global Configuration Mode
Line Configuration Mode
Interface Configuration mode
- User EXEC Mode
- Used to access configuration options on the device
Priviliged EXEC Mode
Allows access to all commands and features.
Identified by the #
enable or exit from others
Global Configuration Mode
-Used to access configuration options on the device
Identified by config
Configure terminal
Line Configuration Mode
Used to configure console,SSH,Telnet or AUX access
line console 0
Interface Configuration mode
-Used to configre a switch port or router interface
interface (interface u want to access)
What can you do to get more information about a command?
Use “?”
Example Ping?
Word, Ip, Ipv6
What does the term “basic device configuration” mean? (Not router)
The different commands u need to use to configure a device.
Configure Hostname
Device(config)# hostname Device
Secure Privileged EXEC mode
Device(config)# enable secret password
Secure EXEC mode
Device(config)# line console 0
Device(config-line)# password password
Device(config-line)# login
Securing VTY line access:
Device(config-line)#line vty 0 15
Device(config-line)#password “password”
Device(config-line)#login
Device(config-line)#end
Device(config-line)#service password encryption
Device(config-line)#banner motd #message of the day#
Which config files do we have, how do you save them?
startup-config, saved in NVRAM
running-config, saved in RAM
copy running-config
startup-config
What is in Basic Router Configuration
Configure Hostname
R1(config)# hostname R1
Secure Privileged EXEC mode
Router(config)# enable secret password
Secure EXEC mode
Router(config)# line console 0
Router(config-line)# password password
Router(config-line)# login
Secure remote Telnet/SSH access.
Router(config)# line vty 0 4
Router(config-line)# password password
Router(config-line)# login
Router(config-line)# transport input {ssh | telnet}
Encrypt all plaintext passwords.
Router(config)# service password encryption
Provide legal notification and
save the configuration.
Router(config)# banner motd # message #
Router(config)# end
Router# copy running-config startup-config
How do you configure a router interface?
Choose interface
Router(config)# interface type-and-number
Give description
Router(config-if)# description description-text
Configure Ipv4 address with subnet mask and ipv6 address with prefix length
Router(config-if)# ip address ipv4-address subnet-mask
Router(config-if)# ipv6 address ipv6-address/prefix-length
Activate interface
Router(config-if)# no shutdown
Example
R1(config)# interface gigabitEthernet 0/0/0
R1(config-if)# description Link to LAN
R1(config-if)# ip address 192.168.10.1 255.255.255.0
R1(config-if)# ipv6 address 2001:db8:acad:10::1/64
R1(config-if)# no shutdown
R1(config-if)# exit
R1(config)#
*Aug 1 01:43:53.435: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/0, changed state to down
*Aug 1 01:43:56.447: %LINK-3-UPDOWN: Interface GigabitEthernet0/0/0, changed state to up
*Aug 1 01:43:57.447: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0/0,
changed state to up
What are the verification commands for interface? And what they show
Displays all interfaces, their IP addresses, and their current
status.
show ip interface brief
show ipv6 interface brief
Shows info about IP routing tables in RAM
show ip route
show ipv6 route
Displays statistics for all interfaces on the device. Only
displays the IPv4 addressing information
show interfaces
Displays the IPv4 statistics for all interfaces on a router.
show ip interfaces
Displays the IPv6 statistics for all interfaces on a router.
show ipv6 interfaces
How to configure Default Gateway on a switch
ip default-gateway ip-address
Which 5 boot steps does a Cisco switch go through after being powered on?
- POST(Power on self-test) stored in ROMChecks CPU, DRAM and portion of the flash device that makes upm the flash file system.
- Loads boot-loader, program stored in ROM that runs immediately after POST
- Boot loader performs low-level CPU initializatio. Initializes CPU registers, physical memory mapping , quantity of memor and speed.
- Boot loader initizalizes the flash file system on the system board.
- Boot loader locates and loads default IOS operating system software image into memory and gives control of the switch over to the IOS.
How does the switch try to boot?
Switch attemps to automatically boot by using information in the BOOT environment variable, If this variable is not set, the swith happends to load and execute the first exectuble it can find.
The IOS operating system then initialzes the inferfaces using the Cisco IOS commands found in the startup-config file called config.txt and is located in flash.
Which LED indicatos does a switch have?
System LED (SYST): Functioning properly and getting power.
Redunants Power Supply LED(Shows the RPS status) (external power)
Port Status LED (STAT) If green, indicates port status mode is selected, default.
Port Duplex LED (DUPLX) When green, indicates port duplex mode is selected.
PORT Speed LED (SPEED)( When green, indicates port speed mode is selected.
Power over Ethernet LED (PoE) PoE status on the switch
The Mode button is used to move between the different modes – STAT,
DUPLX, SPEED, and PoE
How does a switch recover from a system crash?
- Connect PC by console cable. Use terminal emulation software to connect to the switch.
- Unplug the power
- Reconnect power, after 15 seconds, hold down mode while the SYSTEM LED is flashing green.
- Hold mode until System LED turns briefly amber and theng green.
5.The boot loader switch: prompt appears in terminal on PC.
Format flash file system, reinstall OS, recover lost or forgotten password.
What do you need to do before u can have remote management access on a switch?
The switch must be configured with an IP address(default gateway) and a subnet mask
Also consle cable
What are the steps to configuring SWITCH SVI? Which commands are being used?
- Configure management interface for Ipv4 and IPv6
S1# configure terminal
S1(config)# interface vlan 99
S1(config-if)# ip address 172.17.99.11 255.255.255.0
S1(config-if)# ipv6 address 2001:db8:acad:99::1/64
S1(config-if)# no shutdown
S1(config-if)# end
S1# copy running-config startup-config
2.Configure Default Gateway S1# configure terminal S1(config)# ip default-gateway 172.17.99.1 S1(config-if)# end S1# copy running-config startup-config
3.Verify Configuration
show ip interface brief
show ipv6 interface brief
Why is Full-Duplex useful, and half-duplex not so much <3 ?
Increases bandwidth efficiency by allowing both enbds of a connection to transmit and receive data simultaneously. Gigabit Ethernet and 10Gb NICs require full-duplex to operate. Collision detection gets disabled on NIC and Full-Duplex offers 100% efficiency.
Half-duplex communication is unidirectional. Creates performance issues because data can flow in only one direction at a time, resulting in collisions.
How to configure Full Duplex mode on a switch
Enter global configuration mode.
S1# configure terminal
Enter interface configuration mode.
S1(config)# interface FastEthernet 0/1
Configure the interface duplex and interface speed
S1(config-if)# duplex full
S1(config-if)# speed 100
Return to the privileged EXEC mode and save running config to startup config.
S1(config-if)# end
S1# copy running-config startup-config
What is Auto-MDIX? How do we configure it and check the settings on a specific interface=
When auto-MDIX is enabled, the interface automatically detects the required cable connection type (straight-through or crossover) and configures the connection appropriately.
S1(config-if)# mdix auto
S1# show controllers ethernet-controller fa0/1 phy | include MDIX
What are the 8 switch verification commands? What do they do?
Display interface status and configuration. S1# show interfaces [interface-id]
Display current startup configuration. S1# show startup-config
Display current running configuration. S1# show running-config
Display information about flash file system. S1# show flash
Display system hardware and software status. S1# show version
Display history of command entered. S1# show history
Display IP information about an interface.
S1# show ip interface [interface-id]
OR
S1# show ipv6 interface [interface-id]
Display the MAC address table.
S1# show mac-address-table
OR
S1# show mac address-table
Which Interface Input and Output Errors do we have?
Input Errors . Number of errors
Runts: Packets discarded becasue thy are smaller than minimum packet size for the medium
Giants: Too big for medium
CRC: Checksum is not the same as checksum received
Output errors: Sum of all errors that prevented the final transmission of datagrams
Collisions: Number of messages retransmieed because of collision
Late collisions: A collision that occurs after 512 bits of the frame has been transmitted.
What is Telnet?
Telnet is an older protocol that uses unsecure plaintext transmission of both the login authentication and the data transmitted between the communicating devies. Port 23
What is Secure Shell SSH? How to configure it? Verify if operational
Secure Shell(SSH) is a secure protocol that uses TCP port 22. SSH provides security for remote connections by providing strong encryption when a device is authenticated and also the transmitted data between the communicating devices.
1.Verify SSH Support
S1# show ip ssh
2.Configure IP domain.
S1(config)# ip domain-name cisco.com
3.Generate RSA key pairs.
S1(config)# crypto key generate rsa
How many bits in the modulus [512]: 1024 (Longer is more secure, but it takes longer to generate and to use.
4Configure user authentication.
S1(config)# username admin secret ccna
5Configure the vty lines. S1(config)# line vty 0 15 S1(config-line)# transport input ssh S1(config-line)# login local S1(config-line)# exit
Enable SSH version 2.
S1(config)# ip ssh version 2
show ip ssh
show ssh
What is Ipv4 Loopback Interfaces used for? How do you configure them?
Used to identify the device.
Router(config)# interface loopback number
Router(config-if)# ip address ip-address subnet-mask
What is extended ping and extended traceroute.
When you just write ping without destination IP. You will then be given several promts to customize the extended ping.
Same with traceroute
How do we assign a VLAN to the correct interfaces?
Enter global configuration mode.
Switch# configure terminal
Enter interface configuration mode.
Switch(config)# interface interface-id
Set the port to access mode.
Switch(config-if)# switchport mode
access
Assign the port to a VLAN.
Switch(config-if)# switchport access vlan vlan-id
Return to the privileged EXEC mode.
Switch(config-if)# end
example: S1# Configure terminal S1(config)# Interface fa0/18 S1(config-if)# Switchport mode access S1(config-if)# Switchport access vlan 20 S1(config-if)# end
How do you create a voice vlan?
Go to VLAN 150 name it voice, exit vlan config mode
S3(config-vlan)# vlan 150
S3(config-vlan)# name VOICE
S3(config-vlan)# exit
Go to the interface you want to give voice vlan
S3(config)# interface fa0/18
S3(config-if)# switchport voice vlan 150
S3(config-if)# end
How can you verify vlan information?
Display VLAN name, status, and its ports one VLAN per line.
brief
Display information about the identified VLAN ID number.
id vlan-id
Display information about the identified VLAN name.
The vlan-name
is an ASCII string from 1 to 32 characters.
name vlan-name
Display VLAN summary information. summary
How can you change the VLAN port membership
If the switch access port has been incorrectly assigned to a VLAN, then simply re-enter the switchport access vlan vlan-id interface configuration command with the correct VLAN ID
For instance, assume Fa0/18 was incorrectly configured to be on the default VLAN 1 instead of VLAN 20. To change the port to VLAN 20, simply enter switchport access vlan 20.
S1(config)# interface fa0/18
S1(config-if)# no switchport access vlan
S1(config-if)# end
How can u delete VLANs? What should u do before deleting and why?
Delete VLANs with the no vlan vlan-id command.
Delete all VLANs with delete flash:vlan.dat or delete vlan.dat
Caution: Before deleting a VLAN, reassign all member ports to a different VLAN first.
When a VLAN is deleted, any ports assigned to that VLAN become inactive. They remain associcated with the VLAN until you assign them to a new VLAN or recreate the missing VLAN. If recreated the missing VLAN would automatically reassign the hosts to it.
How can u configure a Trunk?
Enter global configuration mode.
Switch# configure terminal
Enter interface configuration mode.
Switch(config)# interface interface-id
Set the port to permanent trunking
mode.
Switch(config-if)# switchport mode trunk
Sets the native VLAN to something
other than VLAN 1.
Switch(config-if)# switchport trunk native
vlan vlan-id (all VLANs created on the switch will pass traffic on this trunk)
Specify the list of VLANs to be allowed
on the trunk link.
Switch(config-if)# switchport trunk allowed
vlan vlan-list
Return to the privileged EXEC mode.
Switch(config-if)# end
Example:
S1(config)# Interface fa0/1
S1(config-if)# Switchport mode trunk
S1(config-if)# Switchport trunk native vlan 99
S1(config-if)# Switchport trunk allowed vlan 10,20,30,99
S1(config-if)# end
How can you reset the trunk to the default state?
S1(config)# interface fa0/1
S1(config-if)# no switchport trunk allowed vlan
S1(config-if)# no switchport trunk native vlan
S1(config-if)# end
How can you verify the DTP mode?
show dtp interface
Which commands can we use to fix issues when working with Inter-VLAN
Missing VLANs
show vlan [brief]
show interfaces switchport
ping
Switch Trunk Port Issues
show interface trunk
show running-config
Switch Access Port Issues
show interfaces switchport
show running-config interface
ipconfig
Router Configuration Issues
show ip interface brief
show interfaces
What are the steps to confifuring a Cisco IOS DHCPv4 server?
Step 1. Exclude IPv4 addresses.
Router(config)# ip dhcp excluded-address low-address [high-address]
Step 2. Define a DHCPv4 pool name.
Router(config)# ip dhcp pool pool-name
Router(dhcp-config)#
Step 3. Configure the DHCPv4 pool.
Define the address pool.
network network-number [mask | / prefix-length]
Define the default router or gateway.
default-router address [ address2….address8]
Define a DNS server.
dns-server address [ address2…address8]
Define the domain name.
domain-name domain
Define the duration of the DHCP lease.
lease {days [hours [ minutes]] | infinite}
Define the NetBIOS WINS server.
netbios-name-server address [ address2…address8]
Example
R1(config)# ip dhcp excluded-address 192.168.10.1 192.168.10.9
R1(config)# ip dhcp excluded-address 192.168.10.254
R1(config)# ip dhcp pool LAN-POOL-1
R1(dhcp-config)# network 192.168.10.0 255.255.255.0
R1(dhcp-config)# default-router 192.168.10.1
R1(dhcp-config)# dns-server 192.168.11.5
R1(dhcp-config)# domain-name example.com
R1(dhcp-config)# end
R1#
How can u verify the DHCPv4
show running-config | section dhcp
Displays the DHCPv4 commands configured on the router.
show ip dhcp binding
Displays a list of all IPv4 address to MAC address bindings provided by the DHCPv4 service.
show ip dhcp server statistics
Displays count information regarding the number of DHCPv4 messages that have been sent and received
How do you Disable the Cisco IOS DHCPv4 Server?
R1(config)# no service dhcp
R1(config)# service dhcp
R1(config)#
What is DHCPv4 Relay? How dou configure it?
DHCPv4 Relay is when you configure a router to relay DHCPv4 messages to the DHCPv4 server.
If it is not configured, the broadcast is not getting forwarded to the server.
By using the ip-helper- server-address command
R1(config)# interface g0/0/0
R1(config-if)# ip helper-address 192.168.11.6
R1(config-if)# end
R1#
How do you configure a router as a DHCPv4 client?
SOHO(config)# interface G0/0/1
SOHO(config-if)# ip address dhcp
SOHO(config-if)# no shutdown
How do you configure a steless DHCpv6 server?
Step 1. Enable IPv6 routing.
R1(config)# ipv6 unicast-routing
Step 2. Define a DHCPv6 pool name.
R1(config)# ipv6 dhcp pool IPV6-STATELESS
R1(config-dhcpv6)#
Step 3. Configure the DHCPv6 pool.
R1(config-dhcpv6)# dns-server 2001:db8:acad:1::254
R1(config-dhcpv6)# domain-name example.com
R1(config-dhcpv6)# exit
R1(config)#
Step 4. Bind the DHCPv6 pool to an interface.
R1(config)# interface GigabitEthernet0/0/1
R1(config-if)# description Link to LAN
R1(config-if)# ipv6 address fe80::1 link-local
R1(config-if)# ipv6 address 2001:db8:acad:1::1/64
R1(config-if)# ipv6 nd other-config-flag
R1(config-if)# ipv6 dhcp server IPV6-STATELESS
R1(config-if)# no shut
R1(config-if)# end
Step 5. Verify hosts received IPv6 addressing information.
ipconfig /all
Configuring a stateless DHCPv6 Client
Step 1. Enable IPv6 routing.
R3(config)# ipv6 unicast-routing
Step 2. Configure the client router to create an LLA.
R3(config)# interface g0/0/1
R3(config-if)# ipv6 enable
R3(config-if)#
Step 3. Configure the client router to use SLAAC.
R3(config-if)# ipv6 address autoconfig
R3(config-if)# end
Step 4. Verify client router is assigned a GUA.
R3# show ipv6 interface brief
Step 5. Verify client router received other DHCPv6 information.
R3# show ipv6 dhcp interface g0/0/1
How to configure a DHCPv6 Relay Agent?
R1(config)# interface gigabitethernet 0/0/1
R1(config-if)# ipv6 dhcp relay destination 2001:db8:acad:1::2 G0/0/0
R1(config-if)# exit
R1(config)#
How to configure and verify static NAT?
• Step 1 - Create a mapping between the inside local address and the inside global
addresses using the ip nat inside source static command.
R2(config)# ip nat inside source static 192.168.10.254 209.165.201.5
R2(config)#
• Step 2 - The interfaces participating in the translation are configured as inside or
outside relative to NAT with the ip nat inside and ip nat outside commands.
R2(config)# interface serial 0/1/0
R2(config-if)# ip address 192.168.1.2 255.255.255.252
R2(config-if)# ip nat inside
R2(config-if)# exit
R2(config)# interface serial 0/1/1
R2(config-if)# ip address 209.165.200.1 255.255.255.252
R2(config-if)# ip nat outside
Verify
R2# show ip nat translations
R2# show ip nat statistics
Configure Dynamic NAT
Step 1 - Define the pool of addresses that will be used for translation using the ip
nat pool command.
R2(config)# ip nat pool NAT-POOL1 209.165.200.226 209.165.200.240 netmask 255.255.255.224
Step 2 - Configure a standard ACL to identify (permit) only those addresses that
are to be translated.
R2(config)# access-list 1 permit 192.168.0.0 0.0.255.255
• Step 3 - Bind the ACL to the pool, using the ip nat inside source list command.
R2(config)# ip nat inside source list 1 pool NAT-POOL1
Identify which interfaces are inside and outside R2(config)# interface serial 0/1/0 R2(config-if)# ip nat inside R2(config-if)# interface serial 0/1/1 R2(config-if)# ip nat outside
Verify shop ip nat translations verbose shop ip net statistics show running-config Can use verbose to get additional info
Configure PAT on single Ipv4 address
R2(config)# ip nat inside source list 1 interface serial 0/1/0 overload
R2(config)# access-list 1 permit 192.168.0.0 0.0.255.255
R2(config)# interface serial0/1/0
R2(config-if)# ip nat inside
R2(config-if)# exit
R2(config)# interface Serial0/1/1
R2(config-if)# ip nat outside
Configure PAt on Address Pool
R2(config)# ip nat pool NAT-POOL2 209.165.200.226 209.165.200.240 netmask 255.255.255.224
R2(config)# access-list 1 permit 192.168.0.0 0.0.255.255
R2(config)# ip nat inside source list 1 pool NAT-POOL2 overload
R2(config)# interface serial0/1/0
R2(config-if)# ip nat inside
R2(config-if)# interface serial0/1/0
R2(config-if)# ip nat outside
Verify
R2#Show ip nat translations
R2#shop ip nat statistics
