Scribd
Upload
1K views4 pages

Ccna 2 Commands

The document outlines configuration steps for securing a switch including: creating VLANs, assigning ports to VLANs, enabling SSH and disabling CDP for security, configuring port security, setting the VTP domain and mode, enabling inter-VLAN routing with subinterfaces, adding a loopback interface, and configuring basic routing protocols like RIP, OSPF, and ACLs.

Uploaded by

Feiya Miguel
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
1K views4 pages

Ccna 2 Commands

The document outlines configuration steps for securing a switch including: creating VLANs, assigning ports to VLANs, enabling SSH and disabling CDP for security, configuring port security, setting the VTP domain and mode, enabling inter-VLAN routing with subinterfaces, adding a loopback interface, and configuring basic routing protocols like RIP, OSPF, and ACLs.

Uploaded by

Feiya Miguel
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd

//////// VLAN

int vlan1
ip add __.__.__.__ __.__.__.__
ip default-gateway __.__.__.__
//////// SSH
(config)# ip domain-name [Link]
(config)# crypto key generate rsa
1024
(config)# username ___ secret ____
(config)# line
(config-line)#
(config-line)#
(config-line)#

vty 0 15
transport input ssh
login local
exit

(config)#ip ssh version 2


*** Verify SSH ***
# show ip ssh
# show ssh
//////// Cisco Discovery Protocol
# show cdp neighbor
no cdp neighbor
//////// Switch Security
*** Switchport Mode ***
(config)# int fa0/1
(config-if)# sw mo [access, trunk, dynamic]
*** Shutdown Unused Ports ***
(config)# int range fa0/1 24
(config-if-range)# shut
*** Secure Switch Port ***
(config)# int fa0/1
(config-if)# sw mo access
(config-if)# sw port-security
(config-if)# sw po mac-address sticky
(config-if)# sw po maximum 1
(config-if)# sw po violation shut
//////// VLAN
#show vlan
*** Create & Name VLAN ***
(config)# vlan 10
(config-vlan)# name _______
(config-vlan)# exit
*** Assign Ports to VLAN ***
(config)# int range fa0/1 10

[EXAMPLE]

// sw po

(config-if-range)# sw mo acc
(config-if-range)# sw a v 10
(config-if-range)# exit
~ Mgmt / Native ~
(config)# int range fa0/11 15
(config-if-range)# sw mo trunk
(config-if-range)# sw trunk native vlan 99
(config-if-range)# exit
//////// VTP - VLAN Trunking Protocol
#show vtp status
(config)# vtp domain _____
vtp password ______

//set domain name

vtp mode [client, server, transparent]


//////// Inter-VLAN Routing
*** Router-on-a-Stick
(config)# int g0/0.10
// 0.__ <- preferably vlan #
(config-subif)# encapsulation dot1q 10
(config-subif)# ip add __.__.__.__ 255.255.__.__
~ Mgmt / Native ~
(config)# int g0/0.99
// 0.__ <- preferably vlan #
(config-subif)# encap dot1q 99 native
(config-subif)# ip add __.__.__.__ 255.255.__.__
//////// Loopback
(config)# int loopback 0
(config-if)# ip add _._._._ 255.__.__.__
//////// Static Route
(config)# ip route [dest. NA][SM][next hop/exit int][AD (optional)]
***Default Static Route
(config)# ip route [Link] [Link] [next hop/exit int]
***IPv6 Routing
(config)# ipv6 unicast-routing
(config)# ip route [DN]/[prefix][next hop/exit int]
(config)# ip route ::/0 [next hop/exit int]
//////// RIP
(config)# router rip
(config-router)# version 2
(config-router)# network __.__.__.__
(config-router)# passive-interface g0/0
(config-router)# default-information originate

***IPv6***
(config)# ipv6 unicast-routing
(config)# int g0/0
(config-if)# ipv6 rip [WORD] enable
//////// OSPF
show ip ospf [neighbor, database]
(config)# router ospf [1-65535]
(config-router)# passive-interface g0/0
***Modifying Router ID***
(config-rtr)# router-id [Link]
R1# clear ip ospf process
R1# show ip protocols
***Networks***
(config)# router ospf 10
(config-router)# network [Link] [Link] area 0
[net IP]
OR
(config-router)# network [Link] [Link] area 0
[int IP]
***Adjusting BW***
(config)# int s0/0/0
(config-if)# bandwidth ____
***Adjusting Reference BW***
auto-cost reference-bandwidth [100 default]
***Changing Cost***
(config)# int s0/0/0
(config-if)# ip ospf cost 10
>>>OSPFv3
(config)#ipv6 router ospf
(config)# int g0/0
(config-if)# ipv6 ospf 10 area 0
(config-if)# ipv6 add FE80::1 link-local
//////// ACL
#show access-lists ?
<1-199> ACL number
WORD
ACL name
(config)# no access-list 101
any - any address
host - host add
***Standard***
~Numbered~
(config)# access-list [#1-99; 1300-1999] [permit/deny] [source network/host ip a

dd] [wildcard mask]


(config)# int g0/0
(config-if)# ip access-group [#] [in/out]
(config)# line vty 0 4
(config-line)# access-class [#] [in/out]
~Named~
(config)# ip access-list [standard/extended] [name]
(config-std-nacl)# permit host [Link]
(config-std-nacl)# deny any
(config)# int g0/0
(config-if)# ip access-group [name] [in/out]
***Extended***
~Numbered~
(config)# access-list [#100-199; 2000-2699] [permit/deny] [protocol] [source add
] [source wildcard] [dest. add] eq [port#/keyword]
(config)# access-list [#100-199; 2000-2699] permit tcp any [Link] [Link]
5 established
(config)# int g0/0
(config-if)# ip access-group [#] [in/out]
~Named~
(config)# ip access-list extended [name]
(config-std-nacl)# permit [protocol] [source add/W.M.] [dest add/W.M.] eq [port#
/keyword]
(config)# int g0/0
(config-if)# ip access-group [name] [in/out]
int g0/0
ipv6 ospf 10 area 0
int s0/0/0
ipv6 ospf 10 area 0
int s0/0/1
ipv6 ospf 10 area 0
ipv6 router ospf 10
passive-interface g0/0
deny
deny
deny
deny
deny
deny
deny
deny

tcp host [Link] host [Link] eq


tcp host [Link] host [Link] eq
tcp host [Link] host [Link] eq
tcp host [Link] host [Link] eq
tcp host [Link] host [Link] eq
tcp host [Link] host [Link] eq
icmp host [Link] host [Link]
icmp host [Link] host [Link]

www
443
www
443
ftp
ftp

You might also like