Pages

Pages

Tuesday, November 10, 2015

Command Guide CCNA Routing and Switching

Command Guide CCNA Routing and Switching

Learning the Basics


“Would you like to enter the initial configuration dialog? [yes/no]:”

- Where am I?



Command Modes

Cisco IOS has three main command modes – user EXEC, privileged EXEC and global configuration. Each command mode has its own set of commands for specific purposes.You’ll start at user EXEC mode.

User execution mode

Some verification and troubleshooting commands are available. Often used by 1st level helpdesk personnel.

You can identify user execution mode by the following prompt:

Router>

There’s not much to do in this command mode for a network administrator, elevate to next command mode by typing in enable command:

Router> enable
Moves to privileged execution mode.

Privileged execution mode

All verification and troubleshooting commands are available. Used by network administrators.

The “greater than” prompt changes to hash:

Router#

If you are looking to verify or troubleshoot something, you’ll find all the necessary commands available in this command mode. If you are looking to apply a configuration change, then elevate to the global configuration mode.

Router# configure terminal
Moves to global configuration mode.

Global configuration mode

Majority of configuration changes are applied here. Entering this command mode requires user to be in privileged execution mode, there are no shortcuts.

You can easily tell if you are in global configuration mode by the following prompt:

Router(config)#

This concludes the three main command modes of Cisco IOS. Type in “exit” or “end”, to move back to privileged execution mode:

Router(config)# exit
Moves back to privileged EXEC mode.

Saving Configurations

When you make a configuration change it’s only the “running-config” (contents of DRAM) that gets updated. All configuration changes are lost in case of power outages or system reboots unless changes were also written to “startup-config” (NVRAM).

For saving configurations navigate to privileged execution mode and use one of the commands below:

Router# write memory
Building configuration...
[OK]

Or

Router# copy running-config startup-config
Building configuration...
[OK]


Both of these commands copy contents of “running-config” to NVRAM. There’s no functional difference.

Show Commands for Information Gathering

Show commands help you verify configurations and troubleshoot. Some of them are listed below.

Router> enable
Navigates to privileged execution mode.

Router# show interfaces description
Lists all interfaces and their descriptions.
Router# show interfaces summary
Shows counter summary on all interfaces.
Router# show ip interface brief
Lists all interfaces and IP address information.
Router# show interface gigabitEthernet 0/1
Shows counter summary and status of the interface specified.
Router# show running-config interface gigabitEthernet 0/1
Shows configuration of the interface specified.
Router# show version
Shows brief system hardware information, including IOS version and configuration register value.
Router# show cdp neighbors detail
Shows detailed information of neighboring devices that have Cisco Discovery Protocol enabled.

Setting Hostname

Let’s take a look at how you can apply your very first configuration change. You can change the router hostname in global configuration mode.

Router> enable
Navigates to privileged execution mode.
Router# configure terminal
Navigates to global configuration mode.
Router(config)# hostname CupOfTea
Sets router hostname to “CupOfTea”.

Terminal prompt will change:
CupOfTea(config)#

Starting to feel like a network engineer already? Don’t forget to save the configuration!

CupOfTea(config)# exit
Navigates back to privileged execution mode.
CupOfTea# write memory
Saves changes to NVRAM.




Configuring an Ethernet Interface

“Easy! Just use the ‘no shut’ command.
 If the interface still doesn’t come up – try to reboot the router.” 

Assigning an IP Address

Router# show ip interface brief
Lists all available interfaces on the router. In this sample we’re going to modify configuration of the gigabitEthernet 0/0 interface.
Router# configure terminal
Moves to global configuration mode.

Router(config)# interface gigabitEthernet 0/0
Moves to interface configuration mode.
Router(config-if)# ip address 192.168.101.1 255.255.255.0
Sets IPv4 address and network mask.
Router(config-if)# ipv6 address 2001:0db8:3c4d:0015:0011:0000:abcd:ed1a/64
Sets IPv6 address and network mask.
Router(config-if)# no shutdown
Enables the interface.

Note: “Administratively down” is the default state of all Ethernet interfaces on Cisco routers.

Interface Speed and Duplex

According to best practice it’s recommended to only change interface speed and duplex settings if you suspect that there might be a problem with auto negotiation. By default all Ethernet interfaces are configured with auto negotiation setting for interface speed and duplex.

Router# show interface gigabitEthernet 0/0
Shows interface speed and duplex settings.
Router# configure terminal
Moves to global configuration mode.

Router(config)# interface gigabitEthernet 0/0
Moves to interface configuration mode.
Router(config-if)# speed auto
Enables speed auto-negotiation. This is default setting.
Router(config-if)# speed 1000
Forces interface into 1000Mbit/s operation mode.
Router(config-if)# speed 100
Forces interface into 100Mbit/s operation mode.
Router(config-if)# duplex auto
Enables duplex auto-negotiation. This is default setting.
Router(config-if)# duplex full
Forces interface into full duplex operation mode.
Router(config-if)# duplex half
Forces interface into half duplex operation mode.

Subinterfaces

One physical interface can be divided into multiple virtual interfaces.
 
Router# show ip interface brief
Lists all available interfaces on your router (including subinterfaces).
Router# configure terminal
Moves to global configuration mode.

Router(config)# interface gigabitEthernet 0/0.1
Creates subinterface (.1) on gigabitEthernet 0/0 and moves to subinterface configuration mode.
Router(config-subif)# ip address 192.168.1.1 255.255.255.0
Assigns IPv4 address and network mask.
Router(config-subif)# encapsulation dot1q 1
Assigns subinterface to VLAN1 broadcast domain. Sets VLAN encapsulation method to dot1q.
Router(config-subif)# exit
Moves back to global configuration mode.

Router(config)# interface gigabitEthernet 0/0.2
Creates another subinterface (.2) on gigabitEthernet 0/0 and moves to subinterface configuration mode.
Router(config-subif)# ip address 192.168.2.1 255.255.255.0
Assigns IPv4 address and network mask.
Router(config-subif)# encapsulation dot1q 2
Assigns subinterface to VLAN2 broadcast domain. Sets VLAN encapsulation method to dot1q.



Remote Management

This chapter teaches you how to enable Telnet and SSH protocols.

Enabling Telnet

Telnet enables you to remotely manage router. It’s unencrypted and not very secure; the reason it’s still being used is that not all devices support SSH.

Note: Telnet sessions are prohibited by default. Without vty password configured you’ll notice a following message, when you attempt to log in to your router, using Telnet:

“Password required, but none set.”

Configuring vty password:

Router(config)# line vty 0 4
Enters into vty line configuration mode for lines 0 - 4.
Router(config-line)# password cookie
Sets password to “cookie” on vty lines 0,1,2,3 and 4.
Router(config-line)# login
Enables vty password authentication.

Enabling SSH

If your device also supports SSH it’s recommended that you use it instead of Telnet for remote management.

As a first step you must create RSA crypto key pairs.

Note: RSA crypto keys are non-exportable on Cisco routers and switches.

Router(config)# crypto key generate rsa
The name for the keys: MyRSA-Keys
How many bits in the modulus: 1024
Generates RSA crypto key pairs. These will be used for SSH encryption.

Router(config)# ip ssh version 2
Enables SSH version 2.
Router(config)# line vty 0 4
Enters into vty line configuration mode for lines 0 - 4.
Router(config-line)# password cookie
Sets password to “cookie” on vty lines 0,1,2,3 and 4.
Router(config-line)# login
Enables vty password authentication.


Optional: Prohibit Telnet and permit only SSH

Router(config)# line vty 0 4
Enters into vty line configuration mode for lines 0 - 4.
Router(config-line)# transport input ssh
Permits remote management over vty lines 0 – 4 only via SSH protocol.


at

No comments:

Post a Comment