Cisco_Command_Guide

CCNA Command Guide
IP Address
N P
OSI Layer Layer 2 M
Layer 3 IP P Class
- Class A , Class B Class C IP Decimal (human
language) Binary,Octel and Hexa (Machine Language)
Decimal to Hexa and Binary
M
- - - - -
0000 0000-0010 - - - - b
b b
8 bit = 1 Byte
1024 B = 1 Kilobyte (KB)
1024KB = 1 Megabyte (MB)
1024MB = 1 Gigabyte (GB)
b b b
P P -b -
N
b -b -b
P P
Class A = 1.0.0.0 to 126.255.255.255
Class B = 128.0.0.0 to 191.255.255.255
CCNA 640-802 Page 1 of 128
P
-
P b
O P IANA (Internet Assigned Numbers Authority)
P N P
High Order Bit
b b b
b b
bit
b
Loop back address b
b b b b
N b
N N Network Addres N
O
N b
N -
O
N b N
-
Private
Address P N P L O
CCNA 640-802 Page 2 of 128

P P Internet
P N P Pri P L N P
P P b
IP Subnetting
IP Subnetting Building Building Small
Office 4 IP IANA IANA
register N APNIC
website http://www.apnic.net/ site b
N IP - 203.81.162.22 Yatanarpon Teleport Name Register
Small Office Office Computer 50

Class C
Cost IP Class C
254 IP 54 Office Class C IP
IP Cost
ISP Internet
IP IP Router N IP
Computer
Subnetting Subnetting Subnet Mask
Class A Default Subnet Mask Octet 255 Network
Host Octet 8 bit
255 '1' '1' Network '0' Host
Class A 10.0.0.0/8 Subnet Mask
Slash Notation Class B Default Subnet Mask
Octet 172.16.0.0/16 Class C
Default Subnet Mask Octet 192.168.0.0/24
IP Address Post Network Network Address Broadcast Address
192.168.0.0 '0' Address Network Add
192.168.0.255 '255' Address Broadcast Address 255
O -
CCNA 640-802 Page 3 of 128

Computer1 IP- 10.0.0.1 Computer2 IP - 11.0.0.1
SM- 255.0.0.0 SM- 255.0.0.0
Computer 10.0.0.1 11.0.0.2 Computer
Octet Network ID Network Network Octet
Class A Class B Octet 255 Octet
Class C Octet Subnet Mask Subnetting
b P P
P P b M
b
b
P b
b
b b M P
N O -b
b N
N N N
b M
Network Host ID
b N b M O
b M N
P b M O -
Network First IP Last IP Broadcast

192.168.0.0 192.168.0.1 192.168.0.62 192.168.0.63
192.168.0.64 192.168.0.65 192.168.0.126 192.168.0.127
192.168.0.128 192.168.0.129 192.168.0.190 192.168.0.191
192.168.0.192 192.168.0.193 192.168.0.254 192.168.0.255
CCNA 640-802 Page 4 of 128

Class B subnet Class B Subnet Mask subnet
Octet Class C Octet
172.16.0.0/16 subnet
Network - 172.16.0.0 172.16.128.0
First IP - 172.16.0.1 172.16.128.1
Last IP - 172.16.127.254 172.16.255.254
Broadcast - 172.16.127.255 172.16.255.255
1 bit Host Network
Default Subnet Mask 255.255.0.0 1 bit
0 00000000.00000000 10000000.00000000 1 bit
Decimal '/' 172.16.0.0/17
172.16.0.0/18 172.16.64.0/18 172.16.128.0/18 172.16.192.0/17
CCNA 640-802 Page 5 of 128

8 16 32 Host /30
Class A Subnet Mask 255.0.0.0 Octet
/9 /30
http://subnettingquestions.com/
Question: How many subnets and hosts per subnet can you get from the network 172.29.0.0/23?
Networks Network Hosts

IP 172 Class B Class B Subnet Mask
255.255.0.0 /23 '255' 16 bits, Third Octet Network
23 16 7 bit Host 2^7 128 Sub Networks
Host 32 bits Subnet Mask 23 9
2^9 512 Hosts 512 Network 510 Hosts
Answer: 128 subnets and 510 hosts

----------------------------------------------------------------------------------------------------------------------------- ----------
Question: You are designing a subnet mask for the 172.26.0.0 network. You want 110 subnets with up to 300
hosts on each subnet. What subnet mask should you use?
172.26.0.0 Network N 110 Network 300 Hosts

Subnet Mask
Hosts Hosts 300 2^8 256
2^9 /23 Network Host 1 bit
7 bit 2^7 128 Network 110
Answer: 255.255.254.0
----------------------------------------------------------------------------------------------------------------------------- ----------
Question: What valid host range is the IP address 172.16.205.218/26 a part of?
IP
IP 172 Class B Default /16 10 bits Host
/26 255.255.255.192 Octet 256
192 64 64 series 172.16.205.0/26 172.16.205.64 172.16.205.128
172.16.205.192 IP 172.16.205.218 172.16.205.192 Network
Network Broadcast 172.16.205.193 172.16.205.254
CCNA 640-802 Page 6 of 128

Answer: 172.16.205.193 through to 172.16.205.254
---------------------------------------------------------------------------------------------------------------------------------------
Question: What is the last valid host on the subnetwork 10.121.32.0 255.255.240.0?
IP Subnet Mask Third Octet

256 240 16 series 10.121.0.0 10.121.16.0 10.121.32.0
IP IP 10.121.48.0 Host IP 10.121.32.0 Broadcast
10.121.47.255 10.121.47.254
Answer: 10.121.47.254
----------------------------------------------------------------------------------------------------------------------------- ----------
Question: What is the first valid host on the subnetwork that the node 172.22.154.105/24 belongs to?
IP Network IP Subnet Mask

/24 255.255.255.0 Class C IP
Class B Third Octer 256 255 1 series 172.22.0.0 1 series
172.22.154.0 First IP 172.22.154.1
Answer: 172.22.154.1
----------------------------------------------------------------------------------------------------------------------------- ----------
Question: What is the broadcast address of the network 172.21.60.0/22?
IP Broadcast Address Subnet Mask

255.255.252.0 256 252 4 series Network 4 Subnet
Third Octet Third Octet 60 series 4
Network 60 4 Network Address Network
4 172.21.64.0 Broadcast Address 172.21.63.255
Answer: 172.21.63.255
----------------------------------------------------------------------------------------------------------------------------------- ----
Question: Which subnet does host 172.18.62.52/27 belong to?
IP Network Subnet Mask

255.255.255.224 256 224 32 series Network 32 172.18.62.0
172.18.62.32 172.18.62.64 IP 172.18.62.32 Network
Answer: 172.18.62.32
CCNA 640-802 Page 7 of 128

Self Study
VLSM(Variable Length Subnet Mask)
b b
Router A - 60 hosts
Router B - 25 hosts
Router C - 25 hosts
Router D - 10 hosts
b oct b b b
M O
b
192.168.0.0/26 192.168.0.64/26 192.168.0.128/26 192.168.0.192/26
b
b
b b
192.168.0.128/28 192.168.0.144/28 192.168.0.160/28 192.168.0.176/28

L P - -P L
L
CCNA 640-802 Page 8 of 128

L
P
P
Route Summarization or CIDR (Classless Inter-Domain Route)
Routing
N N
b
b
172.16.64.0 10101100.00010000.01000000.00000000
172.16.65.0 10101100.00010000.01000001.00000000
172.16.66.0 10101100.00010000.01000010.00000000
172.16.67.0 10101100.00010000.01000011.00000000
Common bits: 10101100.00010000.010000xx.00000000
CCNA 640-802 Page 9 of 128

Step 2 -
172.16.68.0 10101100.00010000.01000100.00000000
172.16.69.0 10101100.00010000.01000101.00000000
172.16.70.0 10101100.00010000.01000110.00000000
172.16.71.0 10101100.00010000.01000111.00000000
Common bits: 10101100.00010000.010001xx
172.16.68.0/22
Step 3 -
172.16.72.0 10101100.00010000.01001000.00000000
172.16.73.0 10101100.00010000.01001001.00000000
172.16.74.0 10101100.00010000 01001010.00000000
172.16.75.0 10101100.00010000 01001011.00000000
172.16.76.0 10101100.00010000.01001100.00000000
172.16.77.0 10101100.00010000.01001101.00000000
172.16.78.0 10101100.00010000.01001110.00000000
172.16.79.0 10101100.00010000.01001111.00000000
Common bits: 10101100.00010000.01001xxx
172.16.72.0/21
CCNA 640-802 Page 10 of 128

Router Commands
Shortcuts To Entering Commands
Command
Router>enable = Router>en
Short Key
Router#configure terminal
Router#conf t
Tab Key Command
Router#sh = Router#show
? Question Mark Command
Router#? Admin Mode Command

List
Router#c? c Command List
clear clock
Router#cl? cl Command List
Router#clock clock Command parameters
% Incomplete Command
Router#clock ? Date/Time Subcommands
set
Router#clock set 13:56:00 26 July Enter Key Command
Date/Time
2012
Command
Router#
Router(config)#clock timezone YGN 0 0
enable Command
Router>enable User Mode Admin Mode

Router#
configure terminal Command
Router#configure terminal Global Configuration Mode

Router(config)#
exit Command
Router#exit L
Router>exit
Router(config-if)#exit Current Mode
Router(config)#
Router(config)#exit Current Mode
Router#
CCNA 640-802 Page 11 of 128

disable Command
Router#disable User Mode

Router>
logout Command
Router#logout exit Command

show Command
Router#show ? Command
List
Router#show interfaces Interfaces
Router#show interface serial 0/0 Serial 0/0 interface
Router#show ip interface brief Interfaces summary
Router#show controllers serial 0 DCE/DTE Clock Rate
Router#show clock
*13:56:00 YGN Thu 26 July 2012
Router#show history command
Router#show flash Flash memory info
Router#show version Firmware version
Router#show arp ARP Table
YGN#show running-config config file
YGN#show startup-config N M config file
YGN#sh users
Line User Host(s) Idle Location
0 con 0 idle 00:04:09
*67 vty 0 idle 00:00:00 192.168.1.20 Active User
YGN#show ip route Routing Table
do Command
YGN(config)#do show running-config Mode

Saving Configuration
YGN#copy running-config startup-config = config file

YGN#write (Remark- ’
YGN#copy run tftp tftp server running config file
CCNA 640-802 Page 12 of 128

Erasing Configuration
YGN#erase start NVRAM startup config file

N
Router(config)#hostname YGN N
YGN(config)#
YGN(config)#no hostname N
Router(config)#
Router Restart
YGN#reload
Password
YGN(config)#enable password cisco Admin Mode Type 7

YGN(config)#service password encryption Password
YGN(config)#no service password encryption
YGN(config)#enable secret cisco Admin Mode Type 5

console
YGN(config)#line console 0
YGN(config-line)#password console
YGN(config-line)#login Login o
fastethernet interface
YGN(config)#interface fastethernet 0/0 f0/0 interface ip

YGN(config-if)#ip address 192.168.1.1 255.255.255.0
YGN(config-if)#description Connect to Account description
YGN(config-if)#no shutdown interface
serial interface conf
YGN(config)#interface serial 0/0

YGN(config-if)#ip address 192.168.1.1 255.255.255.0
YGN(config-if)#description Link to ISP
YGN(config-if)#clock rate 64000 Clock rate
YGN(config-if)#no shutdown
logging synchronous Command
YGN(config)#line con 0 Command console information

YGN(config-line)#logging synchronous command
CCNA 640-802 Page 13 of 128

exec-timeout Command
YGN(config)#line con 0 Console auto log off

YGN(config-line)#exec-timeout 0 0 0 0(min sec) console auto log off
YGN(config-line)#
Banner
YGN(config)# banner motd $

-------------------------------------------------------------
WARNING: This router is the property of Ciscronet Networking Academy. Any unauthorized access is
monitored. Violators will be prosecuted.
-------------------------------------------------------------
$
telnet Router
YGN(config)#line vty 0 1 telnet user (eg. 0 4)

YGN(config-line)#password telnet telnet password
YGN(config-line)#login login o
console port user database
YGN(config)#username console secret consoleadmin Normal User

YGN(config)#username admin privilege 15 secret admin Admin User
Router
YGN(config)#line vty 0 4
YGN(config-line)#login local login
YGN(config-line)#transport input ssh login
YGN(config)#ip domain-name abc.com Router

YGN(config)#crypto key generate rsa
The name for the keys will be: YGN.abc.com Domain Name
Choose the size of the key modulus in the range of 360 to 2048 for
your General Purpose Keys.Choosing a key modulus greater than
512 may take a few minutes.
How many bits in the modulus[512]: 1024
% b b b …[OK]
YGN>sh users
Line User Host(s) Idle Location
0 con 0 idle 00:02:05
68 vty 1 ssh idle 00:00:32
YGN>show tcp brief
CCNA 640-802 Page 14 of 128

DHCP Configuration
YGN(config)#ip dhcp excluded-address 192.168.1.1 192.168.1.20 P

YGN(config)#ip dhcp pool Account-Dept DHCP
YGN(dhcp-config)#network 192.168.1.0 255.255.255.0 Network Scope
YGN(dhcp-config)#default-router 192.168.1.1 Gateway
YGN(dhcp-config)#dns-server 192.168.1.10 DNS Server
YGN(dhcp-config)#netbios-name-server 192.168.1.10 ’
YGN(dhcp-config)#domain-name abc.com Domain Name
YGN(dhcp-config)#lease 0 1 0
DHCP Reservation
YGN#clear ip dhcp binding dhcp ip clear

YGN(config)#ip dhcp pool winxp-1 Reservation Name create
YGN(config-dhcp)#host 192.168.1.200 255.255.255.0 IP
YGN(config-dhcp)#client-identifier 0108.0027.4b84 MAC-Address
YGN(config-dhcp)#client-name winxp1 Computer Name
YGN#clear ip dhcp binding
YGN(config)#ip dhcp pool ubuntu For Linux Platform
YGN(config-dhcp)#host 192.168.1.200 255.255.255.0
YGN(config-dhcp)#hardware-address 0108.0027.4b84
YGN(config-dhcp)#client-name ubuntu
NTP Server
YGN(config)#ntp-server 192.168.1.10
For Router Security
YGN(config)#login block-for 300 attempts 3 within 10

YGN(config)#login on-success log L log
YGN(config)#login on-failure log L log
YGN(config)#logging host 192.168.1.10 Server log
YGN(config)#security passwords min-length 10 Password length
CCNA 640-802 Page 15 of 128

DHCP Exercise
Router>en Admin Mode

Router#conf t Global Mode
Router(config)#enable secret cisco Admin Mode
Router(config)#line con 0 Console Configuration
Router(config-line)#login local User Database
Router(config-line)#exit Sub Interface
Router(config)#line vty 0 4 Telnet Configuration
Router(config-line)#login local User Database
Router(config-line)#exit Sub Interface
Router(config)#username console secret consoleadmin
Router(config)#username telnet secret telnetadmin
Router(config)#int f0/0 Interface f0/0
Router(config-if)#ip add 192.168.1.1 255.255.255.0 IP
Router(config-if)#no shut Interface
Router(config-if)#int f0/1 Interface f0/1
Router(config-if)#ip add 192.168.2.1 255.255.255.0 IP
Router(config-if)#exit Sub Interface
Router(config)#ip dhcp pool Account-Dept Account Dept
Router(dhcp-config)#network 192.168.1.0 255.255.255.0 N
Router(dhcp-config)#default-router 192.168.1.1 Gateway
Router(dhcp-config)#dns-server 192.168.1.10 DNS Server
Router(dhcp-config)#exit
Router(config)#ip dhcp pool Marketing-Dept Marketing Dept
Router(dhcp-config)#network 192.168.2.0 255.255.255.0 N
Router(dhcp-config)#default-router 192.168.2.1 Gateway
Router(dhcp-config)#dns-server 192.168.1.10 DNS Server
Router(dhcp-config)#exit
CCNA 640-802 Page 16 of 128

Router(config)#ip dhcp excluded-address 192.168.1.1 Address
192.168.1.20 Address
Router(config)#ip dhcp excluded-address 192.168.2.1
192.168.2.20
Router(config)#end
YGN#sh ip dhcp binding DHCP List Address
Configure Your Router to Support SDM (Manage with GUI)
Router# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# ip http server For HTTP
Router(config)# ip http secure-server
Router(config)# ip http authentication local
Router(config)# ip http timeout-policy idle 600 life 86400 requests
10000
Router(config)# username http privilege 15 secret httpadmin
Router(config)# line vty 0 4
Router(config-line)# privilege level 15
Router(config-line)# login local
Router(config-line)# transport input telnet ssh
Router(config-line)# exit
Install the SDM File
http:// IP Address (or) http://172.28.54.203:2000

SDM Launcher
Router

Router#conf t Global Configuration Mode
Router(config)#hostname YGN
YGN#clock set 4:10:00 July 27 2012
YGN#conf t
CCNA 640-802 Page 17 of 128

YGN(config)#clock timezone YGN 0 0 Timez
YGN(config)#int f0/0 Fastethernet interface
YGN(config-if)#ip add 192.168.1.1 255.255.255.0 IP
YGN(config-if)#description For Telnet Description
YGN(config-if)#no shut Interface
YGN(config-if)#exit Sub Interface
YGN(config)#username telnet privilege 15 secret telnet User Database
YGN(config)#username console secret console
YGN(config)#line con 0 Console Configuration
YGN(config-line)#login local User Database
YGN(config)#line vty 0 1 Telnet Configuration
YGN(config-line)#end Sub Interface
Computer Router
PC>telnet 192.168.1.1 Router

…O
User Access Verification
Username : telnet
Password : ******
Router P
YGN#conf t b M
YGN(config)#username super privilege 15 secret super Admin User create
YGN(config)#line vty 0 1 Telnet Configuration
YGN(config-line)#transport input ssh P
YGN(config-line)#exit Sub interface
YGN(config)#ip domain-name abc.com setting
YGN(config)#crypto key generate rsa
The name for the keys will be: YGN.abc.com
Choose the size of the key modulus in the range of 360 to
2048 for your General Purpose Keys. Choosing a key modulus
greater than 512 may takea few minutes.
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-
exportable...[OK]
YGN(config)#
CCNA 640-802 Page 18 of 128

Computer Router ssh
PC>ssh –l super 192.168.1.1 ssh protocol

Open
Password:*****
YGN#
Static Route
Two ways of static route
1. next-hop address &

2. exit interface
Static Route small network Router
Routing Change Administrator Router Routing Table Change
Routing Protocol Admin Distance
Configuring Static Route on a Router
Router(config)#ip route destination-network Subnet-Mask Exit-Interface (or) next-hop address
CCNA 640-802 Page 19 of 128

Exercise ( Static Route)
HQ>en Next-hop IP Static

HQ#conf t Route
HQ(config)#ip route 192.168.2.0 255.255.255.0 10.10.10.2 Bandwidth Data
HQ(config)#ip route 192.168.3.0 255.255.255.0 10.10.10.2 AD
HQ(config)#ip route 192.168.4.0 255.255.255.0 10.10.10.6 5
HQ(config)#ip route 192.168.6.0 255.255.255.0 10.10.10.14
B1>en Exit Interface
B1#conf t Static
B1(config)#ip route 192.168.0.0 255.255.255.0 Serial0/0/0 Route
B1(config)#ip route 192.168.1.0 255.255.255.0 Serial0/0/0
B2>en Static + CIDR
B2#conf t Routing Table Size
B2(config)#ip route 192.168.0.0 255.255.252.0 10.10.10.5 10
B2(config)#ip route 192.168.6.0 255.255.254.0 10.10.10.5 10
CCNA 640-802 Page 20 of 128

B2(config)#ip route 192.168.0.0 255.255.252.0 10.10.10.9 11
B2(config)#ip route 192.168.6.0 255.255.254.0 10.10.10.9 11
B3>en
B3#conf t
Default Route ( type of static)
Default Route (stub) network
Router(config)#ip route 0.0.0.0 0.0.0.0 exit-interface (or) next-hop IP
Exercise(Static and Default Route)
CCNA 640-802 Page 21 of 128

HQ>en
HQ#conf t
B1>en
B1#conf t
B1(config)# ip route 0.0.0.0 0.0.0.0 Serial0/0/0
B2>en
B2#conf t
B2(config)#ip route 0.0.0.0 0.0.0.0 Serial0/0/0 3
B2(config)#ip route 0.0.0.0 0.0.0.0 Serial0/0/1 2
B3>en
B3#conf t
DHCP Relay Agent
CCNA 640-802 Page 22 of 128

For Server DHCP Scope
HQ(config)#int f0/1
HQ(config-if)#ip helper-address 192.168.0.10
HQ(config-if)#exit
HQ(config)#
B1(config)#int f0/0
B1(config-if)#ip helper-address 192.168.0.10
B1(config-if)#int f0/1
B1(config-if)#exit
B2(config)#int f0/0
B2(config-if)#exit
B2(config)#
B3(config)#int f0/0
B3(config-if)#exit
CCNA 640-802 Page 23 of 128

Router Password Cracking
Configuration register is 0x2102---16 bit register
HEX 0010 0001 0000 0010
NVRAM ignore 0x2142
no service password recovery
1.power off
2.power on
3.press Ctrl+C or Ctrl+Break while booting state
4.Rommon>
5.Rommon>confreg 0x2142
6.Rommon>reset
7.router#copy start run
8.change the password that you forgot
8.1.save the startup-config
9.router(config)#config-register 0x2102
10.router#reload
11.no shutdown command on all shutdown interfaces
CCNA 640-802 Page 24 of 128

CDP-Cisco Discovery Protocol (Network cisco devices )
HQ#sh cdp
Global CDP information:
Sending CDP packets every 60 seconds
Sending a holdtime value of 180 seconds
Sending CDPv2 advertisements is enabled
HQ#sh cdp neighbors Neighbor Devices
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Br
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
Switch Fas 0/0 156 S 2950 Fas 0/1
Switch Fas 0/1 156 S 2950 Fas 0/1
B2 Ser 0/0/1 163 R C1841 Ser 0/0/0
B3 Ser 0/1/1 163 R C1841 Ser 0/0/0
B2 Ser 0/1/0 163 R C1841 Ser 0/0/1
B1 Ser 0/0/0 164 R C1841 Ser 0/0/0
HQ#sh cdp interface
Vlan1 is administratively down, line protocol is down
Holdtime is 180 seconds
FastEthernet0/0 is up, line protocol is up
Holdtime is 180 seconds
HQ#sh cdp neighbors detail (or) Neighbor Device Information
HQ#sh cdp entry *
HQ(config)#no cdp run CDP Protocol
HQ(config)#int f0/0 Interface CDP
HQ(config-if)#no cdp enable
HQ(config-if)#int f0/1
HQ(config-if)#no cdp enable
ARP (Address Resolution Protocol)
HQ#sh arp FastEthernet Port

Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.0.1 - 0007.EC88.C301 ARPA FastEthernet0/0
Internet 192.168.0.10 3 0001.424E.BB2E ARPA FastEthernet0/0
Internet 192.168.1.1 - 0007.EC88.C302 ARPA FastEthernet0/1
CCNA 640-802 Page 25 of 128

DNS From Server
Server N
CCNA 640-802 Page 26 of 128

B1>en
B1#conf t
B1(config)#ip domain-lookup DNS Server Record
B1(config)#ip name-server 192.168.0.10 DNS Server IP Address
B1(config)#exit
B2>en
B2#conf t
B2(config)#ip domain-lookup
B2(config)#ip name-server 192.168.0.10
B2(config)#exit
B3>en
B3#conf t
B3(config)#ip domain-lookup
B3(config)#ip name-server 192.168.0.10
B3(config)#exit
B3#hq HQ Router
Translating "hq"...domain server (192.168.0.10)
Trying 192.168.0.1 ...Open
-------------------------------------------------------------
WARNING: This router is the property of Ciscronet
Networking Academy. Any unauthorized access is
monitored. Violators will be prosecuted.
-------------------------------------------------------------
Username: console
Password:
HQ>
Configuration Local Host File For Name to IP
HQ(config)#ip host B1 192.168.2.1

B1(config)#no ip domain-lookup # domain-lookup
CCNA 640-802 Page 27 of 128

Backup Config File to TFTP Server
YGN>enable Admin Mode

YGN#copy startup-config tftp Startup-config file TFTP Server copy
Address or name of remote host []? 192.168.0.100 Server Address
Destination filename [Router-confg]? Router-config TFTP Server save
Writing startup-config....!!
[OK - 592 bytes]
592 bytes copied in 3.078 secs (0 bytes/sec)
YGN#
Delete Config From Router
YGN#erase startup-config
Restore Config File from TFTP Server
YGN#copy tftp startup-config TFTP Server File copy

Address or name of remote host []? 192.168.0.100 TFTP Server Address
Source filename []? Router-config TFTP Server Filename
Destination filename [startup-config]?
Accessing tftp://192.168.0.100/Router-config...
Loading Router-config from 192.168.0.100: !
[OK - 487 bytes]
YGN#
CCNA 640-802 Page 28 of 128

Backup Config File to FTP Server
YGN>en Admin Mode

YGN#conf t Global Mode
YGN(config)#ip ftp username cisco FTP Username create
YGN(config)#ip ftp password cisco FTP Password create
YGN(config)#exit Admin Mode
YGN#copy startup-config ftp Startup-Config file FTP Server copy
Address or name of remote host []? 192.168.0.100 FTP Server Address
Destination filename [Router-confg]? Router-ftp FTP Server N
Writing startup-config...
[OK - 531 bytes]
YGN#
Restore Config File from FTP Server
YGN>en Admin Mode

YGN#conf t Global Mode
YGN(config)#int f0/0 Interface f0/0
YGN(config-if)#ip add 192.168.0.1 255.255.255.0 IP
YGN(config-if)#no shut Interface
YGN(config-if)#exit Sub Interface
YGN(config)#exit Global Mode
YGN#copy ftp startup-config FTP Server file copy
Address or name of remote host []? 192.168.0.100 FTP Server Address
Source filename []? Router-ftp FTP Server Filename
Destination filename [startup-config]?
Accessing ftp://192.168.0.100/Router-ftp...
[OK - 531 bytes]
CCNA 640-802 Page 29 of 128

Dual IOS Boot Configuration
YGN#show flash Flash directory

System flash directory:
File Length Name/status
3 33591768 c1841-advipservicesk9-mz.124-15.T1.bin
2 28282 sigdef-category.xml
1 227537 sigdef-default.xml
[33847587 bytes used, 30168797 available, 64016384 total]
63488K bytes of processor board System flash (Read/Write)
YGN#copy tftp flash TFTP IOS Flash copy
Address or name of remote host []? 192.168.0.100 TFTP Server IP
Source filename []? c1841-ipbase-mz.123-14.T7.bin IOS Name
Destination filename [c1841-ipbase-mz.123-14.T7.bin]?
YGN#show flash Flash directory
System flash directory:
File Length Name/status
3 33591768 c1841-advipservicesk9-mz.124-15.T1.bin
4 13832032 c1841-ipbase-mz.123-14.T7.bin
2 28282 sigdef-category.xml
1 227537 sigdef-default.xml
YGN#show version Boot version
System image file is "flash:c1841-advipservicesk9-mz.12415.T1.bin"
YGN(config)#boot system flash c1841-advisk9-mz.124-15.T1.bin First Boot Flash File for Boot Order
YGN(config)#boot system flash c1841-ipbase-mz.123-14.T7.bin Second Boot Flash File
YGN(config)#boot system tftp c1841-ipbasek9-mz.124-12.bin TFTP Server Boot
192.168.0.100
YGN(config)#do write Current Configuration
YGN(config)#do reload Router Restart
CCNA 640-802 Page 30 of 128

Restore From Console Cable
software ( Hyper Terminal/Tera Term)
Link
Step 1 – xmodem IOS restore
Remark – xmodem – console port

zmodem – auxiliary port
Router#delete flash and then power off/on IOS Router Boot

rommon1#confreg 0x3922 Boot Console speed 115200
rommon2#reset (0x3922) Software speed
rommon1#xmodem –c filename.bin
Do you wish to continue y/n? y
Hyper Terminal
TransferSend File (or)
Tera Term
FileTransferxmodemsend and then browse
File location
Router(config)#line con 0 Console software console

Router(config-line)#speed 9600 Speed
CCNA 640-802 Page 31 of 128

Dynamic Route
Routing Protocol P P 1982

RIP version 2 Large Network support
Advanced Routing Protocol OSPF (Open Shortest Path First) IS-IS ( Intermediate-
System-to-Intermediate System cisco IGRP( Interior Gateway Routing
Protocol) EIGRP ( Enhanced IGRP) Protocol developed Internetwork
BGP (Border Gateway Protocol) Portocol
Dynamic Routing Protocol Routing Information Change neighbors Router

Information update Static Route Static Route Routing Changes
Administrator Router
CCNA 640-802 Page 32 of 128

IGP protocol RIP,IGRP,EIGRP,OSPF IS-IS Protocol AS(Autonomous System)
Number P BGP Protocol AS Number
Distance Vector and Link State
Distance Vector - Distance hop count Vector direction

Distance Vector protocol Neighbor Router Routing
Information Routing Information Update Information Distance
Vector Protocol hop count
Link-State – Link State Protocol Network Complete View Distance Vector Protocol
( Periodic Update) Routing Changes (eg. Router
N b N Update Neighbor Distance Vector Periodic
Update
CCNA 640-802 Page 33 of 128

Classful and Classless Routing
Classful Routing Protocol - RIP and IGRP

Classless Support Protocol - RIPv2,EIGRP,OSPF
Convergence
Convergence Routing Information Network RIP

IGRP Protocol EIGRP OSPF Protocol
Metric
Metric = Distance or hop count (eg. RIP Protocol hop count b )

RIP – Hop count for best path
IGRP and EIGRP – Bandwidth , Delay , Reliability and Load
IS-IS and OSPF – Cost (choose lowest cost)
Load Balancing
Load Balancing RIP Protocol Bandwidth

Bandwidth data synchronize data
Administrative Distance
Network AD Protocol Router AD

AD EIGRP Network
Routing Protocol Characteristics
 Time to Convergence
 Scalability
 Classless
CCNA 640-802 Page 34 of 128

 Resource Usage
 Implementation and Maintenance
Routing Protocol Learning Chart
Cold Start – Cold Start Router Connected Network Learning
Periodic Update (RIP and IGRP)
RIP update 30 seconds Neighbor Router IGRP 90 seconds

Router Routing Table
Routing Table -
 Failure of a link
 Introduction of a new link
 Failure of a router
 Change of link parameters
RIP Timers
 Invalid Timer – Router 30s Update 180s (default)

invalid
 Flush Timer – Router 60s (240s default) Update
Route Routing Table
 Holddown Timer – Neighbor Router Network down Routing Loop 180s
show ip route (or) sh ip protocols command update receive time
CCNA 640-802 Page 35 of 128

Bounded Update
EIGRP Protocol Distance Vector Routing Protocol Periodic Update

EIGRP Bounded Update Network neighbors update
EIGRP Partial Update active Network neighbor routers update
Triggered Update
Triggered Update Network down Neighbor Routers update

update Network Loop
Synchronized Update
synchronized update Routers Neighbor Routers

update data
Routing Loop
R3 Router N Neighbor Router R2 Triggered update

R2 Router Periodic update R2 Routing Table Update
R3 down Network R1 Router Data
Packet R3 Network 10.4.0.0 Data R2 Interface s0/0/1
R3 R3 Routing Table Update Data
R3 Table Interface s0/0/1 R2 Interface s0/0/1 data
R2 R3 L
CCNA 640-802 Page 36 of 128

Routing Loop
 Count to Infinity
 Holddown Timer
 Split Horizontal Rule
 Route Poisoning
 Poison Reverse
 Default TTL
RIPv1(Routing Information Protocol Version 1)
 distance vector routing protocol

 uses hop count for its path selection
 hop counts greater than 15 are
unavailable
 messages are broadcast send every 30
seconds.
CCNA 640-802 Page 37 of 128

Exercise 1.
R1(config)#router rip RIP Protocol Network

R1(config-router)#network 192.168.1.0
R1(config-router)#passive-interface f0/0 Update Interface
R2(config)#router rip
R2(config-router)#passive-interface f0/0
R3(config-router)#passive-interface f0/0
Related Commands
R1#sh run | sec router

router rip
passive-interface FastEthernet0/0
network 192.168.1.0
network 192.168.2.0
CCNA 640-802 Page 38 of 128

R1#sh ip protocols
Routing Protocol is "rip"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Sending updates every 30 seconds, next due in 17 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
Redistributing: rip
Default version control: send version 1, receive any version
Interface Send Recv Triggered RIP Key-chain
Serial0/0 1 12
Automatic network summarization is in effect
Maximum path: 4
Routing for Networks:
192.168.1.0
192.168.2.0
Passive Interface(s):
FastEthernet0/0
Routing Information Sources:
Gateway Distance Last Update
192.168.2.2 120 00:00:07
Distance:
(default is
120)
R1#sh ip route rip
R 192.168.4.0/24 [120/1] via 192.168.2.2, 00:00:01, Serial0/0
R 192.168.5.0/24 [120/2] via 192.168.2.2, 00:00:01, Serial0/0
R 192.168.3.0/24 [120/1] via 192.168.2.2, 00:00:01, Serial0/0
R1#sh ip route 192.168.5.0 (Network Address)
Routing entry for 192.168.5.0/24
Known via "rip", distance 120, metric 2
Redistributing via rip
Last update from 192.168.2.2 on Serial0/0, 00:00:15 ago
Routing Descriptor Blocks:
* 192.168.2.2, from 192.168.2.2, 00:00:15 ago, via Serial0/0
Route metric is 2, traffic share count is 1
R1(config-router)#distance 100 ( AD change )
- b )
CCNA 640-802 Page 39 of 128

Exercise 2.
PN R3 ISP Router R2 RIP Network Default
Route Distribute
CCNA 640-802 Page 40 of 128

R3 ISP Router 172.30.0.0/22 Network
R2 RIP Network Router R1
R3(config)#no router rip R2 static route

R3(config)#ip route 172.30.0.0 255.255.252.0 s0/0 172.30.0.0/22 Network
R2(config-router)#no network 192.168.4.0 ISP Default Route
R2(config-router)#passive-interface s0/1 RIP update ISP
R2(config-router)#exit Configuration
R2(config)#ip route 0.0.0.0 0.0.0.0 s0/1 ISP
R2(config-router)#default-information originate RIP Default Route
RIP Default Route Border Router (Network Router)

Router RIP Network Router default router default-
inform RIP Router default router
RIP v2 ( Routing Information Protocol 2)
RIPv1 subnet mask address field network

auto summary VLSM classful
eg. 172.16.0.0/22 172.16.0.0/16 auto summary routing table size
subnet mask support VLSM,CIDR Discontinuous Network
support
Discontinuous Network – R2 Network summarized
CCNA 640-802 Page 41 of 128

RIPv2 subnet mask support RIPv1 support VLSM,CIDR
Discontinuous Network support auto summary VLSM Network
Data RIPv2 Mutlic L - - - - - L
Exercise 3.
R1(config-router)#version 2
R1(config-router)#no auto-summary
CCNA 640-802 Page 42 of 128

Internet
R2(config)#ip route 192.168.0.0 255.255.0.0 null 0 Network #for test

R2(config)#router rip RIP Network Static
R2(config-router)#redistribute static (Remark: For Test)
R3(config)#int lo 1 Loopback Interface create
R3(config-if)#ip add 172.20.0.1 255.255.255.252 IP Address
R3(config-if)#exit
R3(config)#ip route 0.0.0.0 0.0.0.0 lo 1
R3(config)#router rip RIP Configuration
R3(config-router)#default-information originate Default Route RIP
CCNA 640-802 Page 43 of 128

EIGRP (Enhanced Interior Gateway Routing Protocol)
- Type of Distance Vector

- Features of EIGRP
- Reliable Transport Protocol (RTP)
- Bounded Updates
- Diffusing Update Algorithm ( DUAL)
- Establishing Adjacencies
- Neighbor and Topology Tables
CCNA 640-802 Page 44 of 128

EIGRP Message Format include
- Hello - Hello packets multicast neighbors Hello packets T1
Bandwidth (1.544 Mbps) 60s T1 b 5s
- Update - Update packets N
CCNA 640-802 Page 45 of 128

- Query & Reply – Query Network down N b Query
b
EIGRP Protocol protocol TCP/IP TCP/IP,IPX Apple Talk

support EIGRP Table Neighbors Table,Topology Tables
Routing Table Neighbors Table N b Path
b N b b Topology Table backup path
Routing Table best path
Routing path down Topology Table Backup path
CCNA 640-802 Page 46 of 128

EIGRP Protocol Transport Layer Module Layer
Modules PDM ( Protocol Dependent Modules) PDM Modules
TCP/IP,IPX AppleTalk support
DUAL Algorithm
Router Network Down Neighbors Router Update Packets

Neighbor Routers Update Packets
Acknowledge Router Neighbors Query Packets
Neighbor Router
Reply N b
Network (Convergence State)
Administrative Distance
 Internal EIGRP – 90
 External EIGRP – 170
 Summary EIGRP Route – 5
CCNA 640-802 Page 47 of 128

Authentication
Authentication authenticate Router
Router
EIGRP Max Hop 255 Router Max Path

6
R1(config)#router eigrp AS-Number

R1(config-router)#network w.x.y.z subnet-mask
R1(config-router)#network w.x.y.z wildcast-mask
CCNA 640-802 Page 48 of 128

Exercise 1.
R1(config)#router eigrp 10
R1(config-router)#network 192.168.10.0 Classful auto summarized
R1(config-router)#no auto-summary #absent null 0 route path
R1(config)#int s0/0
R1(config-if)#bandwidth 64
R1(config-if)#int s0/1
R2(config-router)#network 172.16.3.0 255.255.255.252
R2(config)#int s0/0 Interface serial 0/0
R2(config-if)#bandwidth 64 Bandwidth
R3(config)#int s0/0
CCNA 640-802 Page 49 of 128

EIGRP Composite Metric and K values
Bandwidth=107/mini BW(K) * 256
Delay= Total Delay/10 * 256
Delay Values in Microseconds
Router#sh ip eigrp topology w.x.y.z

cost
Router(config)#router eigrp 10
Router(config-router)#metric weights 0 1 0 0 0 0 0 Delay Bandwidth
tos(default 0)
CCNA 640-802 Page 50 of 128

DUAL Concepts
 Successor
 Feasible Successor ( backup path)
 Feasible Distance
 Feasible Condition
 Reported Distance ( Router Network Neighbors
Router )
Fesible Distance (Metric) and Successor (Gateway)
CCNA 640-802 Page 51 of 128

’ Fesible Distance Reported Distance
Next Hop Address Next Hop Address

for Successor for Fesible Successor
Router#debug eigrp fsm Dual update

Router#sh ip eigrp topology Topology Table
Router#sh ip eigrp neighbors Neighbors Table
Router#sh ip eigrp topology all-links Topology Table Routing Path
Default Route EIGRP

R2(config)#router eigrp 10 Router Route
R2(config-router)#redistribute static
R2(config)#ip default-network 10.0.0.0 Network Classful
R2(config-router)#auto-summary Auto summary
CCNA 640-802 Page 52 of 128

Manual Summarization
R3(config-route)#exit
R3(config)#int lo 0
R3(config-if)#ip add 192.168.0.1 255.255.255.0
R3(config)#int lo 2
R3(config-if)#ip add 192.168.2.1 255.255.255.0
R3(config)#int lo 3
R3(config-if)#ip add 192.168.3.1 255.255.255.0
R3(config)#int s0/0 Interface
R3(config-if)#ip summary-address eigrp 10 192.168.0.0 255.255.252.0 Manual Summarization
R3(config)#int s0/0
R3(config-if)#ip summary-address eigrp 10 192.168.0.0 255.255.252.0
CCNA 640-802 Page 53 of 128

R1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
192.168.10.0/30 is subnetted, 2 subnets

C 192.168.10.4 is directly connected, Serial0/1
D 192.168.10.8 [90/2681856] via 192.168.10.6, 01:00:20, Serial0/1
[90/2681856] via 172.16.3.2, 01:00:20, Serial0/0
172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
C 172.16.1.0/24 is directly connected, FastEthernet0/0
D 172.16.2.0/24 [90/2172416] via 172.16.3.2, 01:00:20, Serial0/0
C 172.16.3.0/30 is directly connected, Serial0/0
D 192.168.0.0/22 [90/2172416] via 192.168.10.6, 00:00:12, Serial0/1
R1#
CCNA 640-802 Page 54 of 128

Link State Routing Protocol
Link-State Routing Process
1. Link-State Routing Protocol Connected Network learns

2. Hello packets Neighbors Connected Networks
3. Link-State Router Connected Networks LSP (Link State Packet)
4. Neighbor Routers LSP Network Routers
5. Routers Network
Topology map
Advantages Of Link-State Routing Protocol
1. Routers Topology Map

2. Network Routers Flood Network Convergence( Network
)
3. Distance Vector Protocols Periodic Update LSP
Routers
4. Mutiple Areas Network
Requirement s Of a Link-State Routing Protocol
Link-State Routing Protocols Network Routing

CPU,Memory Bandwidth
Multiple Areas Areas Routers LSP Flooding
Resources
CCNA 640-802 Page 55 of 128

OSPF (AD – 110) j ’ P
OSPF Link-State Update – Link-state Update Packets O P

Link-state Update Packets Link-State Advertisements ( LSAs)
CCNA 640-802 Page 56 of 128

OSPF Algorithm - OSPF Router Routers LSAs ( Link State Advertisement)
Link-State Database OSPF j ’ P
(SPF) SPF Tree SPF Tree IP Routing Table
OSPF Packet Type
Router(config)#router ospf process-id

Router(config-router)#network w.x.y.z wildcast-mask area 0
CCNA 640-802 Page 57 of 128

Exercise
R1(config)#no logging console Command interrupt

R1(config)#router ospf 1
R1(config-router)#network 172.16.1.16 0.0.0.15 area 0
R2(config)#no logging console
R3(config)#no logging console
R3(config-router)#network 192.168.10.0 0.0.0.255 area 0 O Network
CCNA 640-802 Page 58 of 128

Bandwidth
Before define bandwidth
R1-R2(10.10.10.0)
R1(config)#int s0/0
R2(config)#int s0/0
R3(config)#int s0/0
After Define Bandwidth
R1-R3-R2(10.10.10.0)
AD Cost
CCNA 640-802 Page 59 of 128

Cost
R1-R3-R2(10.10.10.0)
Cost= 108/BW(bps)+108/BW(bps)
Cost=108/1544*103 + 108/1024*103 + 108/100*106
=162
OSPF Cost Metric
Bandwidth 100MB support
R1(config-router)#auto-cost reference-bandwidth ?
<1-4294967> The reference bandwidth in terms of
Mbits per second
R1(config-router)#auto-cost reference-bandwidth 108 1010
10000
Admin cost
R1-R3-R2(10.10.10.0)
CCNA 640-802 Page 60 of 128

R1(config)#int s0/0
R1(config-if)#ip ospf cost 16200
R2(config)#int s0/0
R2(config-if)#ip ospf cost 16200
R1-R2(10.10.10.0)
R1#sh ip ospf neighbor
Router ID
1. -
2. Loopback Interface
3. Physical IP
Router-ID L b
R1(config)#int lo 0
R1(config-if)#ip add 192.168.11.11 255.255.255.255
R2(config)#int lo 0
R2(config-if)#ip add 192.168.11.22 255.255.255.255
R3(config)#int lo 0
R3(config-if)#ip add 192.168.11.33 255.255.255.255
Router-ID Point to Point P ‘ ’ -Time(Default 40s)
CCNA 640-802 Page 61 of 128

Router-ID Command
R1(config-router)#router-id 1.1.1.1
Reload or use "clear ip ospf process" command, for this to take effect
R1(config-router)#end
R1#clear ip ospf process
Reset ALL OSPF processes? [no]: y
R1#
R2#
R3#
CCNA 640-802 Page 62 of 128

R1 Default Route
R1(config)#int lo 1
R1(config-if)# ip address 172.20.0.1 255.255.255.252
R1(config-if)#exit
R1(config-router)#default-information originate
CCNA 640-802 Page 63 of 128

Default Type E2 metric 1
Type E1
R1(config-router)#default-information originate metric-type 1
R1(config-router)#
Virtual Link Exercise
CCNA 640-802 Page 64 of 128

R1(config)#router ospf 1 O P
IA(International Area) Area Network
Loopback Interface Classful
R1(config)#int lo 1
R1(config-if)#ip ospf network point-to-point
R2(config)#int lo 2
R3(config)#int lo 3
R3(config)#int lo 100
R3(config-if)#int lo 101
CCNA 640-802 Page 65 of 128

Virtual Link – Area Network Main Area (area 0) Network
Route Main Area Router Area Virtual Link
Route Virtual Link Router-Id
R1#
R2#conf t
R2(config-router)#area 23 virtual-link 3.3.3.3
R3(config-router)#exit
R3(config)#end
R3#
R3(config-router)#area 23 virtual-link 2.2.2.2
Virtual Link R3 Network R1
CCNA 640-802 Page 66 of 128

R3 Loopback Interface Route Summarize
R3(config-router)#area 100 range 192.168.100.0 255.255.252.0
Multiaccess Network
Multiaccess Network Shared Media Devices
OSPF defines five network types-
 Point-to-Point
 Boradcast Multiaccess
 Nonbroadcast Multiaccess (NBMA)
 Point-to-multipoint
 Virtual links
CCNA 640-802 Page 67 of 128

Designated Router ( DR )
OSPF Multiple access networks Router DR Router LSA

Router Routers
BDR Router LSA DR Router
BDR DR DR
Network Routers
 Priority ( Multiaccess Network Router Priority

Point-to-Point Network )
 Router_ID
Exercise
R1(config)#int f0/0
R1(config-if)#ip add 192.168.1.1 255.255.255.0
R1(config-if)#no shut
R1(config-if)#exit
CCNA 640-802 Page 68 of 128

R2(config)#int f0/0
R2(config-if)#ip add 192.168.1.2 255.255.255.0
R2(config-if)#exit
R3(config)#int f0/0
R3(config-if)#ip add 192.168.1.3 255.255.255.0
R3(config-if)#int f0/1
R3(config-if)#ip add 192.168.2.3 255.255.255.0
R3(config-if)#exit
R4(config)#int f0/0
R4(config-if)#ip add 192.168.1.4 255.255.255.0
R4(config-if)#exit
R5(config)#int f0/0
R5(config-if)#ip add 192.168.2.5 255.255.255.0
R5(config-if)#exit
R3 192.168.1.3 192.168.2.3 IP 192.168.2.3 ID
CCNA 640-802 Page 69 of 128

R1#sh ip ospf interface brief
R1#sh ip ospf int f0/0
Router ID Loopback Address DR, BDR Router
CCNA 640-802 Page 70 of 128

Network Router Router DR BDR
Router down DROTHER
– Routers P Rou
DR, BDR Router Priority ‘ ’
R1(config)#int lo 0
R1(config-if)#ip add 111.111.111.1 255.255.255.255
R1(config-if)#
R2(config)#int lo 0
R2(config-if)#ip add 111.111.111.2 255.255.255.255
R2(config-if)#
R3(config)#int lo 0
R3(config-if)#ip add 111.111.111.3 255.255.255.255
R3(config-if)#
R4(config)#int lo 0
R4(config-if)#ip add 111.111.111.4 255.255.255.255
R4(config-if)#
R5(config)#int lo 0
R5(config-if)#ip add 111.111.111.5 255.255.255.255
R5(config-if)#
R6(config)#int f0/0
R6(config-if)#ip add 192.168.1.6 255.255.255.0
R6(config-if)#ip add 111.111.111.6 255.255.255.255
R6(config-if)#exit
R6 Project
L b Router ID
CCNA 640-802 Page 71 of 128

Priority ( 0-255)
R3(config)#int f0/0 R3 Network DR Priority

R3(config-if)#ip ospf priority 200
R2(config)#int f0/0 Router BDR
R2(config-if)#ip ospf priority 150 Priority DR
R1(config)#int f0/0
R1(config-if)#ip ospf priority 100
R6(config)#int f0/0 Performance Router DR, BDR
R6(config-if)#ip ospf priority 0 Priority
RIP O P
CCNA 640-802 Page 72 of 128

R1(config)#int lo 0
R1(config-if)#ip ospf network point-to-point Lookback address
R1(config-if)#
R2(config-router)#passive-interface s0/1
R2(config-router)#passive-interface s0/0
R2(config)#int lo 0
R2(config-if)#exit
R2(config)#router rip RIP Protocol metric

R2(config-router)#redistribute ospf 1 metric ? OSPF
<0-16> Default metric Redistribute hop
transparent Transparently redistribute metric count
R2(config-router)#redistribute ospf 1 metric 3 hop count
CCNA 640-802 Page 73 of 128

R2(config)#router ospf 1 OSPF Protocol metric cost
R2(config-router)#redistribute rip subnets rip
R2(config-router)#redistribute rip subnets metric-type 1 subnets
R2(config-router)# default
E1
R3(config)#int lo 0
CCNA 640-802 Page 74 of 128

EIGRP O P
R2(config)#router eigrp 10 Reliability
R2(config-router)#redistribute ospf 1 metric 1544 20000 255 1 1500 MTU
BW Delay Load
R2(config-router)#redistribute eigrp 10 subnets
CCNA 640-802 Page 75 of 128

CCNA 640-802 Page 76 of 128
Switching Commands
? command (help)
Switch>? User mode command

Command Modes
Switch> User Mode

Switch>enable Privilege Mode (or) Admin Mode
Switch#exit <or> User Mode
Switch#disable
Switch#configure terminal Global Configuration Mode
show Commands
Switch#sh mac address-table Mac Address Table

Switch#clear mac address-table Mac Address Table clear
Switch#show running-config Current Configuration
Switch#show startup-config N M save Configuration
Setting host name Command
Switch#configure terminal Global Mode

Switch(config)#hostname S1 N
Password
Switch(config)#enable password cisco Admin Mode

Switch(config)#enable secret cisco Admin Mode
Switch(config)#line console 0 Console port password
Switch(config-line)#login local User database login
Switch(config-line)#exit Sub Interface
Switch(config)#line vty 0 4 Telnet password
Switch(config-line)#login local User database login
VLAN Command
Switch(config)#vlan 10 VLAN database

Switch(config-vlan)#name Account VLAN
Switch(config-vlan)#exit VLAN database
Switch(config)#interface f0/1 (or) Interface f0/1 VLAN
Switch(config)#interface range f0/1 – 3 Interface f0/1 f0/3 VLAN
Switch(config)#switchport mode access Dynamic Type to Static
Switch(config)#switchport access vlan 10 Switchport VLAN 10
CCNA 640-802 Page 77 of 128

Exercise
Port Security Exerc PC1
PC4 P
Switch>en Admin Mode

Switch#sh mac address-table Mac Address Table
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports

---- ----------- -------- -----
1 0002.4a52.27bd DYNAMIC Fa0/2

1 000b.beac.acd4 DYNAMIC Fa0/3
1 00d0.5849.4426 DYNAMIC Fa0/1
Switch#conf t Global Configuration Mode
Switch(config)#hostname S1 Switch
S1(config)#enable secret cisco Global Mode Password
S1(config)#int range f0/1 - 3 Port range
S1(config-if-range)#switchport mode access Dynamic Type to Static
S1(config-if-range)#switchport port-security Port-Security
S1(config-if-range)#switchport port-security ? Port-Security Command
mac-address Secure mac address
maximum Max secure addresses
violation Security violation mode
S1(config-if-range)#switchport port-security maximum ?
<1-132> Maximum addresses
S1(config-if-range)#switchport port-security maximum 1 Port Mac Address 1
S1(config-if-range)#switchport port-security mac-address ?
H.H.H 48 bit mac address
sticky Configure dynamic secure addresses as sticky
CCNA 640-802 Page 78 of 128
S1(config-if-range)#switchport port-security mac-address sticky Mac
S1(config-if-range)#switchport port-security violation ? Security Mode
protect Security violation protect mode
restrict Security violation restrict mode
shutdown Security violation shutdown mode
S1(config-if-range)#switchport port-security violation shutdown Mac Table Address port shutdown
S1(config-if-range)#end
S1#sh port-security address Sticky Mac Address
Secure Mac Address Table
-------------------------------------------------------------------------------
Vlan Mac Address Type Ports Remaining Age
(mins)
--- ----------- ---- ----- -------------
1 00D0.5849.4426 SecureSticky FastEthernet0/1 -
1 0002.4A52.27BD SecureSticky FastEthernet0/2 -
1 000B.BEAC.ACD4 SecureSticky FastEthernet0/3 -
------------------------------------------------------------------------------
Total Addresses in System (excluding one mac per port) :0
Max Addresses limit in System (excluding one mac per port) : 1024
Port Security Violation Count
S1#sh port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security
Action
(Count) (Count) (Count)
--------------------------------------------------------------------
Fa0/1 1 1 0 Shutdown
----------------------------------------------------------------------
CCNA 640-802 Page 79 of 128

S1#sh port-security PC1 PC4
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Violation Count 1 port shutdown
Action
(Count) (Count) (Count)
--------------------------------------------------------------------
Port
S1#sh port-security interface f0/1
Port Security : Enabled
Port Status : Secure-shutdown
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses :1
Total MAC Addresses :1
Configured MAC Addresses :0
Sticky MAC Addresses :1
Last Source Address:Vlan : 00E0.A377.D11D:1
Security Violation Count :1
S1#conf t P
S1(config)#int f0/1
S1(config-if)#shutdown
S1(config-if)#no shut
Switch Password
CCNA 640-802 Page 80 of 128

Router

Router#conf t b M
Router(config-if)#ip add 192.168.1.1 255.255.255.0 P
Router(config-if)#ip add 192.168.2.1 255.255.255.0 P
Router(config)#exit Global Mode
Router#write Current Configuration
Switch

Switch#conf t Global Configuration Mode
Switch(config)#enable secret cisco Admin Mode
Switch(config)#line con 0 Console P
Switch(config-line)#login local
Switch(config)#username console secret consoleadmin User Account cretate
Switch(config)#username telnet secret telnetadmin
Switch(config)#interface vlan 1
Switch(config-if)#ip add 192.168.1.5 255.255.255.0 Switch IP
Switch(config-if)#no shut
Switch(config-if)#exit Sub Interface
Switch(config)#line vty 0 4 Telnet
Switch(config-line)#login local
Switch(config)#ip default-gateway 192.168.1.1 Netwrok
Switch(config)#do write Current Configuration
Building configuration...
[OK]
PC2 Switch 1
PC>telnet 192.168.2.5
Trying 192.168.2.5 ...Open
Username:
CCNA 640-802 Page 81 of 128

Switch Password Cracking
1.Power Off Putty setting Switch Power

2.Power On,press Mode button while boot and them Mode button Power
prompt switch: switch:
3.Enter swtich:flash_init flash_init Command
4.Enter switch:dir flash:
5.Enter switch:rename flash:config.text flash:config.old config.text file
Enter switch:dir flash:
6.Enter switch:boot Switch Restart
7. Switch>en
Switch#copy flash:config.old running-config Config file Setting copy
And then password reset for your switch password
VLAN Trunking
1. ISL (InterSwitch Link) (not today used)

2. IEEE 802.1q
Switch(config)#vlan 99 Native Vlan Vlan Database Create

Switch(config-vlan)#name native
Switch(config-vlan)#exit
Switch(config)#interface fastethernet0/1 Interface f0/1
Switch(config-if)#switchport mode trunk Trunk Port
Switch(config-if)#switchport trunk native vlan 99 Trunk Link N
Switch(config-if)#switchport trunk allowed vlan vlanname vlan
CCNA 640-802 Page 82 of 128

VLAN Hopping
VLAN hopping is a computer security exploit, a method of attacking networked resources on a Virtual LAN
(VLAN). The basic concept behind all VLAN hopping attacks is for an attacking host on a VLAN to gain access
to traffic on other VLANs that would normally not be accessible. There are two primary methods of VLAN
hopping: switch spoofing and double tagging. Both attack vectors can be easily mitigated with proper
switchport configuration.
Switch spoofing
In a switch spoofing attack, an attacking host imitates a trunking switch by speaking the tagging and trunking
protocols (e.g. Multiple VLAN Registration Protocol, IEEE 802.1Q, VLAN Trunking Protocol) used in maintaining
a VLAN. Traffic for multiple VLANs is then accessible to the attacking host.
Mitigation
Switch spoofing can only be exploited when interfaces are set to negotiate a trunk. To prevent this attack on
Cisco IOS, use one of the following methods [1]:
1. Ensure that ports are not set to negotiate trunks automatically.
Switch(config-if)# switch trunk nonegotiate
2. Ensure that ports that are not meant to be trunks are explicitly configured as access ports
Switch(config-if)# switch mode access
Double tagging
In a double tagging attack, an attacking host connected on a dot1q interface prepends two VLAN tags to
packets that it transmits. The packet (which corresponds to the VLAN that the attacker is really a member of)
is forwarded without the first tag, because it is the native VLAN. The second (false) tag is then visible to the
second switch that the packet encounters. This false VLAN tag indicates that the packet is destined for a target
host on a second switch. The packet is then sent to the target host as though it originated on the target VLAN
bypassing the network mechanisms that logically isolate VLANs from one another. However, this attack allows
to send packets toward the second switch, but possible answers are not forwarded to the attacking host.
Mitigation
Double Tagging can only be exploited when switches use "Native VLANs" [2]. Ports with a specific access VLAN
(the native VLAN) don't apply a VLAN tag when sending frames, allowing the attacker's fake VLAN tag to be
CCNA 640-802 Page 83 of 128

read by the next switch. It is always good practice to do one of the following (With sample IOS interface
configuration):
1. Simply do not put any hosts on VLAN 1 (The default VLAN). i.e., assign an access VLAN other than VLAN 1
to every access port
Switch(config-if)# switch access vlan 2
2. Change the native VLAN on all trunk ports to an unused VLAN ID.
Switch(config-if)# switchport trunk native vlan 999
3. Explicit tagging of the native VLAN on all trunk ports.
Switch(config-if)# switchport trunk native vlan tag
Example
As an example of a double tagging attack, consider a secure web server on a VLAN called VLAN1. Hosts on
VLAN1 are allowed access to the web server; hosts from outside the VLAN are blocked by layer 3 filters. An
attacking host on a separate VLAN, called VLAN2, creates a specially formed packet to attack the web server.
It places a header tagging the packet as belonging to VLAN2 on top of another header tagging the packet as
belonging to VLAN1. When the packet is sent, the switch on VLAN2 sees the VLAN2 header and removes it,
and forwards the packet. The VLAN2 switch expects that the packet will be treated as a standard TCP packet
by the switch on VLAN1. However, when the packet reaches VLAN1, the switch sees a tag indicating that the
packet is part of VLAN1, and so bypasses the layer 3 handling, treating it as a layer 2 packet on the same
logical VLAN. The packet thus arrives at the target server as though it was sent from another host on VLAN1,
ignoring any layer 3 filtering that might be in place.
CCNA 640-802 Page 84 of 128

VLAN - 802.1Q ( Inter vlan routing with Router) Exercise 1
Switch 1 to 5

Switch#conf t Global Mode
Switch(config)#vlan 10 VLAN Database 10
Switch(config-vlan)#name HR VLAN Database Name
Switch(config-vlan)#vlan 20 VLAN Database 20
Switch(config-vlan)#name Sale VLAN Database Name
Switch(config-vlan)#name Manager VLAN Database Name
Switch(config-vlan)#name Account VLAN Database Name
Switch(config-vlan)#name Operation VLAN Database Name
Switch(config-vlan)#name Security VLAN Database Name
Switch(config-vlan)#exit
Switch(config)#
Switch(config)#int f0/2 Interface f0/2 vlan
Switch(config-if)#switchport mode access Dynamic Type to Static
Switch(config-if)#switchport port-security Port Security
Switch(config-if)#switchport port-security violation protect ‘P M ’
CCNA 640-802 Page 85 of 128

Switch(config-if)#switchport access vlan 10 VLAN 10
Switch(config-if)#int f0/3
Switch(config-if)#switchport mode access
Switch(config-if)#switchport port-security
Switch(config-if)#switchport port-security violation protect
Switch(config-if)#switchport access vlan 20
Switch(config-if)#int f0/1 Interface f0/1
Switch(config-if)#switchport mode trunk L
Switch(config-if)#int range f0/8 - 24 Interface Range f0/8 f0/24
Switch(config-if-range)#shutdown
Port Shutdown
Router
Router>en
Router#conf t
Router(config-if)#no shutdown Interface
Router(config-if)#int f0/0.10 F0/0 subinterface create
Router(config-subif)#encapsulation dot1Q 10 (vlan name) VLAN dot1Q Route
Router(config-subif)#ip add 192.168.10.1 255.255.255.0
Router(config-subif)#int f0/0.20
CCNA 640-802 Page 86 of 128

Router(config-subif)#encapsulation dot1Q 20
Router(config-subif)#exit
Router(config)#ip dhcp excluded-address 192.168.10.1 Excluded Address
192.168.10.10
192.168.20.10
192.168.30.10
192.168.40.10
192.168.50.10
192.168.60.10
Router(config)#ip dhcp pool vlan10
Router(dhcp-config)#network 192.168.10.0 255.255.255.0
Router(dhcp-config)#default-router 192.168.10.1
Router(dhcp-config)#ip dhcp pool vlan20 VLAN PP
Router(dhcp-config)#ip dhcp pool vlan30
CCNA 640-802 Page 87 of 128

Intervlan Routing with Layer3 Switch (Routing with virtual interface lan)
L3(config)#vlan 10 Vlan Create

L3(config-vlan)#name Account
L3(config-vlan)#vlan 20
L3(config-vlan)#name HR
L3(config-vlan)#name Native_Trunk
L3(config-vlan)#exit
L3(config)#int range f0/1-2 Interface f0/1&f0/2
L3(config-if-range)#switchport trunk encapsulation dot1q dot1q trunk enable
L3(config-if-range)#switchport mode trunk Trunk mode
L3(config-if-range)#switchport trunk native vlan 99 Trunk Link N
L3(config-if-range)#switchport trunk allowed vlan 10,20 Vlan 10,20
L3(config-if-range)#exit
L3(config)#int vlan 10 Virtual Interface 10
L3(config-if)#ip add 192.168.10.1 255.255.255.0 Route IP
L3(config-if)#int vlan 20
L3(config-if)#ip add 192.168.20.1 255.255.255.0
L3(config-if)#exit
L3(config)#ip routing Vlan
L3(config)#ip dhcp excluded-address 192.168.10.1 192.168.10.20 IP Addresses
L3(config)#ip dhcp excluded-address 192.168.20.1 192.168.20.20
CCNA 640-802 Page 88 of 128

L3(config)#ip dhcp pool vlan10 Vlan DHCP Scope
L3(dhcp-config)#network 192.168.10.0 255.255.255.0
L3(dhcp-config)#default-router 192.168.10.1
L3(dhcp-config)#ip dhcp pool vlan20
L3(dhcp-config)#exit
SW1(config)#vlan 10
SW1(config-vlan)#name Account
SW1(config-vlan)#vlan 20
SW1(config-vlan)#name HR
SW1(config-vlan)#name Native_Trunk
SW1(config-vlan)#exit
SW1(config)#int f0/5
SW1(config-if)#switchport mode trunk
SW1(config-if)#switchport trunk native vlan 99
SW1(config-if)#switchport trunk allowed vlan 10,20
SW1(config-if)#int range f0/1-2
SW1(config-if-range)#switchport mode access
SW1(config-if-range)#switchport access vlan 20
SW1(config-if-range)#int range f0/3-4
SW1(config-if-range)#exit
SW2(config)#vlan 10
SW2(config-vlan)#name Account
SW2(config-vlan)#name HR
SW2(config-vlan)#name Native_Trunk
SW2(config-vlan)#exit
SW2(config-if)#switchport mode trunk
SW2(config-if)#switchport trunk native vlan 99
SW2(config-if)#switchport trunk allowed vlan 10,20
SW2(config-if)#int range f0/1-2
SW2(config-if-range)#int range f0/3-4
CCNA 640-802 Page 89 of 128

Dynamic Trunking Protocol (DTP)
P P
Trunk b
Switch(config)#int f0/1 Interface f0/1 Trunk Link

Switch(config-if)#switchport mode dynamic desirable Neighbors Interface
b
Interface Trunk
Switch(config-if)#switchport mode dynamic auto Neighbors Interface b
Interface Trunk
Switch(config-if)#switchport nonegotiate DTP
VLAN Trunking Protocol
Switch(config)#vtp mode server Default Switch P M

VTP Server Mode
Switch(config)#vtp mode client VTP Client Mode VTP Server
Switch(config)#vtp mode transparent VTP Transparent Mode VTP Server

Client
Switch(config)#no vtp mode Default Server Mode
CCNA 640-802 Page 90 of 128

Switch(config)#vtp domain domain-name Domain-name 1-32 Characters
Remark- Switch
domain-name password
Communicate
Switch(config)#vtp password p@ssw0rd
Switch(config)#vtp pruning Enable VTP pruning
Default b VTP Server
Mode 1 Enable
VTP pruning function use by reducing unnecessary flooded traffic, such as broadcast, multicast, unknown,
and flooded unicast packets. VTP pruning save and increases available bandwidth by restricting flooded traffic
to those trunk links that the traffic must use to access the appropriate network devices. By default, VTP
pruning is disabled. VTP pruning does not prune traffic from VLANs that are pruning-ineligible.
What VTP Pruning does,
 VLAN 1(default) is always pruning-ineligible, meaning traffic from VLAN 1 cannot be pruned in any
situation.
 Pruning eligibility is based only on the VLANs that need the given broadcast information across the
trunks. It is not related with the number of ports assigned to that VLAN.
 VTP Pruning does not change, add, or delete the VLANs in a VTP domain, it simply reduces the
broadcast and multicast traffic.
 VTP version 2 and VTP version 1 are not interoperable on network devices in the same
VTP domain. Every network device in the VTP domain must use the same VTP version.
Do not enable VTP version 2 unless every network device in the VTP domain supports
version 2.
Switch#show vtp status VTP Configuration

Switch#show vtp counters VTP Couters
VTP Advertisements
Summary advertisements – VTP Server Clients 5min update

P Configuration Rivision no. Count
sent
Subset advertisements – VTP information

Creating or deleting a VLAN
Suspending or activating a VLAN
Changing the name of a VLAN
Changing the MTU of a VLAN
Request Advertisements- VTP Client VTP Server
CCNA 640-802 Page 91 of 128

Remark - VTP Revision No VTP Server Switch Update Revision
No Switch Network L N b O
VLAN Exercise-2 (Intervlan Routing With Layer3 Switch)
Layer3 Switch
Switch(config)#hostname L3
L3(config)#int range f0/1-2
L3(config-if-range)#switchport trunk encapsulation dot1q
L3(config-if-range)#switchport mode trunk
L3(config)#vtp mode server
L3(config)#vtp domain cisco VTP Configuration
L3(config)#vtp password cisco
L3(config)#vlan 10
L3(config-vlan)#name Sale
L3(config-vlan)#name Manager
L3(config-vlan)#vlan 40 VLAN creation & define
L3(config-vlan)#name Account description
L3(config-vlan)#name Operation
L3(config-vlan)#name Security
L3(config)#vlan 99
L3(config-vlan)#name Native_Trunk
CCNA 640-802 Page 92 of 128

L3(config-if-range)#int range f0/1-2 Interface f0/1 & f0/2 native
L3(config-if-range)#switchport trunk native vlan 99
L3(config-if-range)#switchport trunk allowed vlan 10,20,30,40,50,60 Allow vlan
L3(config)#int vlan 10
L3(config-if)#ip add 192.168.10.1 255.255.255.0
L3(config-if)#ip add 192.168.20.1 255.255.255.0
L3(config-if)#ip add 192.168.30.1 255.255.255.0
L3(config-if)#int vlan 40 Define Ip address for virtual
L3(config-if)#ip add 192.168.40.1 255.255.255.0 interface Intervlan Routing
L3(config-if)#ip add 192.168.50.1 255.255.255.0
L3(config-if)#ip add 192.168.60.1 255.255.255.0
L3(config-if)#exit
L3(config)#ip routing
L3(config)#int f0/3
L3(config-if)#switchport mode access
L3(config-if)#switchport port-security
L3(config-if)#switchport port-security violation protect
L3(config-if)#switchport access vlan 10
L3(config-if)#int f0/4
CCNA 640-802 Page 93 of 128

L3(config-if)#int range f0/9-24
L3(config-if-range)#shutdown
L3(config)#ip dhcp pool vlan10
L3(dhcp-config)#exit
Layer2 Switch (SW2 Configuration )
Switch(config)#hostname SW2
SW2(config)#int range f0/1-2
SW2(config-if-range)#switchport mode trunk
SW2(config)#vtp mode client
CCNA 640-802 Page 94 of 128

SW2(config)#vtp domain cisco
SW2(config)#vtp password cisco
SW2(config-if-range)#switchport trunk native vlan 99
SW2(config-if-range)#switchport trunk allowed vlan 10,20,30,40,50,60
SW2(config-if)#switchport mode access
SW2(config-if)#switchport port-security
SW2(config-if)#switchport port-security violation protect
SW2(config-if)#switchport access vlan 10
SW2(config-if)#int f0/4
SW2(config-if-range)#shutdown
CCNA 640-802 Page 95 of 128

VOIP(Voice Over Internet Protocol)
L3(config)#vlan 10
L3(config-vlan)#name Sale
L3(config-vlan)#name Manager
L3(config-vlan)#name Account
L3(config-vlan)#name Operation
L3(config-vlan)#name Security
L3(config-vlan)#name Native
L3(config)#vtp mode server

L3(config)#vtp domain cisco
L3(config)#vtp password cisco
CCNA 640-802 Page 96 of 128

L3(config)#int range f0/1 - 2
L3(config-if-range)#switchport trunk encapsulation dot1q
L3(config-if-range)#switchport mode trunk
L3(config-if-range)#switchport nonegotiate
3(config-if-range)#switchport trunk allowed vlan
10,20,30,40,50,60
L3(config-if-range)#switchport trunk native vlan 99
L3(config)#int f0/3
L3(config-if)#switchport voice vlan 10 VOIP
L3(config-if)#switchport voice vlan 20
CCNA 640-802 Page 97 of 128

L3(config-if)#exit
L3(config)#int range f0/9 - 24

L3(config-if-range)#shutdown
L3(config)#ip routing
L3(config)#int vlan10
L3(config-if)#ip add 10.10.10.1 255.255.255.0
L3(config-if)#int vlan20
L3(config-if)#ip add 10.10.20.1 255.255.255.0
L3(config-if)#ip add 10.10.30.1 255.255.255.0
L3(config-if)#ip add 10.10.40.1 255.255.255.0
L3(config-if)#ip add 10.10.50.1 255.255.255.0
L3(config-if)#ip add 10.10.60.1 255.255.255.0
L3(config-if)#exit
L3(config)#ip dhcp excluded-address 10.10.10.1
10.10.10.50
10.10.20.50
10.10.30.50
10.10.40.50
10.10.50.50
10.10.60.50
L3(config)#ip dhcp pool vlan10
L3(dhcp-config)#option 150 ip 192.168.0.1 option 150 – ph svr
L3(dhcp-config)#ip dhcp pool vlan20 192.168.0.1 - CME Address
CCNA 640-802 Page 98 of 128

L3(dhcp-config)#option 150 ip 192.168.0.1
L3(config)#int f0/9
L3(config-if)#no switchport IP switchport mode
L3(config-if)#ip add 192.168.0.2 255.255.255.252
L3(config-if)#no shut
SWA(config)#vtp mode client
SWA(config)#vtp password cisco
SWA(config)#int range f0/1 - 2

SWA(config-if-range)#switchport mode trunk
SWA(config-if-range)#switchport trunk native vlan 99
SWA(config-if-range)#switchport trunk allowed vlan
10,20,30,40,50,60
SWA(config-if-range)#switchport nonegotiate
SWA(config-if-range)#exit
SWA(config)#int f0/3
SWA(config-if)#switchport mode access
SWA(config-if)#switchport port-security
SWA(config-if)#switchport port-security violation protect
SWA(config-if)#switchport access vlan 10
SWA(config-if)#switchport voice vlan 10
SWA(config-if)#int f0/4
CCNA 640-802 Page 99 of 128

SWA(config-if)#int range f0/9 - 24
SWA(config-if-range)#shutdown
SWB(config)#vtp mode server
SWB(config)#vtp password cisco
SWB(config)#int f0/2
SWB(config-if)#switchport mode access
SWB(config-if)#switchport port-security
SWB(config-if)#switchport port-security violation protect
SWB(config-if)#switchport access vlan 10
SWB(config-if)#switchport voice vlan 10
SWB(config-if)#int f0/3
CCNA 640-802 Page 100 of 128

SWB(config-if)#int range f0/8 - 24
SWB(config-if-range)#shutdown
SWC(config)#vtp mode client
Setting device to VTP CLIENT mode.
SWC(config)#vtp password cisco
Setting device VLAN database password to cisco
SWC(config)#int range f0/1 - 2
SWC(config-if-range)#switchport mode trunk
SWC(config-if-range)#switchport trunk native vlan 99
SWC(config-if-range)#switchport trunk allowed vlan
10,20,30,40,50,60
SWC(config-if-range)#switchport nonegotiate
SWC(config-if-range)#int f0/3
SWC(config-if)#switchport mode access
SWC(config-if)#switchport port-security
SWC(config-if)#switchport port-security violation protect
CCNA 640-802 Page 101 of 128

SWC(config-if)#switchport access vlan 10
SWC(config-if)#switchport voice vlan 10
SWC(config-if)#int f0/4
SWC(config-if)#int range f0/9 - 24
SWC(config-if-range)#shutdown
SWD(config)#vtp mode client
Setting device to VTP CLIENT mode.
SWD(config)#vtp password cisco
Setting device VLAN database password to cisco
SWD(config)#int f0/1
SWD(config-if)#switchport mode trunk
SWD(config-if)#switchport trunk native vlan 99
SWD(config-if)#switchport trunk allowed vlan
CCNA 640-802 Page 102 of 128

10,20,30,40,50,60
SWD(config-if)#switchport nonegotiate
SWD(config-if)#int f0/2
SWD(config-if)#switchport mode access
SWD(config-if)#switchport port-security
SWD(config-if)#switchport port-security violation protect
SWD(config-if)#switchport access vlan 10
SWD(config-if)#switchport voice vlan 10
SWD(config-if)#int range f0/8 -24
SWD(config-if-range)#shutdown
CME(config)#int f0/0
CME(config-if)#ip add 192.168.0.1 255.255.255.252
CCNA 640-802 Page 103 of 128

CME(config-if)#no shut
CME(config-if)#exit
CME(config)#ip route 10.10.10.0 255.255.255.0 f0/0
CME(config)#telephony-service Phone Service

CME(config-telephony)#max-dn 30 Ph.ext
CME(config-telephony)#max-ephones 30 Ph.
CME(config-telephony)#exit
CME(config)#ephone-dn 1 dn= directory numbers (1-144)

CME(config-ephone-dn)#number 9101 Ph extension
CME(config-ephone-dn)#ephone-dn 2
CME(config-ephone-dn)#number 9102
CCNA 640-802 Page 104 of 128

CME(config-ephone-dn)#exit
CME(config)#ephone 1 P P
CME(config-ephone)#type cipc Type = softphone
CME(config-ephone)#mac-address 000A.F3CA.14B1 Computer Mac Address
CME(config-ephone)#button 1:1 Ext no. (9101)
CME(config-ephone)#ephone 2
CME(config-ephone)#type cipc
CME(config-ephone)#mac-address 0001.638E.60BA
CME(config-ephone)#button 1:2
CCNA 640-802 Page 105 of 128

CME(config-ephone)#mac-address 0090.0CE6.AC8A
CME(config-ephone)#mac-address 00E0.A353.5EBA
CME(config-ephone)#mac-address 000A.F390.BBE5
CME(config-ephone)#mac-address 0001.4248.E46A
CME(config-ephone)#mac-address 000B.BE10.4336
CME(config-ephone)#mac-address 00D0.5897.0895
CME(config-ephone)#mac-address 0002.4AED.6AB6
CME(config-ephone)#mac-address 0007.ECA4.8CCE
CME(config-ephone)#mac-address 00E0.F7A2.2543
CME(config-ephone)#mac-address 00D0.9793.B500
CCNA 640-802 Page 106 of 128

CME(config-ephone)#mac-address 0030.A316.ABB3
CME(config-ephone)#mac-address 00E0.B013.C2B3
CME(config-ephone)#mac-address 000A.41D9.9A33
CME(config-ephone)#mac-address 0001.9769.0AE8
CME(config-ephone)#mac-address 0009.7C9C.1A52
CME(config-ephone)#mac-address 0010.1112.9D99
CME(config-ephone)#mac-address 0005.5E26.516A
CME(config-ephone)#mac-address 000B.BEED.0C31
CME(config-ephone)#mac-address 00D0.FF90.81C4
CME(config-ephone)#mac-address 0010.11EA.B09D
CME(config-ephone)#
CME(config-ephone)#mac-address 00D0.BA28.A209
CCNA 640-802 Page 107 of 128

CME(config-ephone)#mac-address 0002.4A8C.6226
CME(config-ephone)#mac-address 00D0.5854.800C
CME(config-ephone)#mac-address 000D.BDDC.7A11
CME(config-ephone)#mac-address 0001.97A0.3065
CME(config-ephone)#mac-address 0002.1654.4B8B
CME(config-ephone)#mac-address 0006.2AE5.4C38
CME(config-ephone)#mac-address 00D0.FF4E.969A
CME(config-ephone)#exit
CME(config)#telephony-service
CME(config-telephony)#ip source-address 192.168.0.1 port
2000
CCNA 640-802 Page 108 of 128

Spanning Tree Protocol (STP) (802.1D)
STP Protocol Switch to Switch Backup

L recover P
Port P Desg Port Forwarded Port

Data Root Port Root Bridge P Path Cost
Link Link Down
BLK port
P Switch Root Bridge

1 P (0-61440)
Priority 4-bit …
2. Priority Mac Address Switch
Remark – Root Bridge Switch Port
Switch(config)#sh spanning-tree
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0001.6435.13E5
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)

Address 0001.6435.13E5
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 20
Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------
Fa0/2 Desg FWD 19 128.2 P2p
Fa0/1 Desg FWD 19 128.1 P2p
CCNA 640-802 Page 109 of 128

Root Port Election
Non-Root Switch P P
Path Cost
10 GB 2
1 GB 4
100 MB 19
10 MB 100
Path Cost Port No. Port No. Root Port Root

Bridge Switch Non-Root Switch BPDU(Bridge Protocol Data Unit) every 2s
10 Link Down Link Down Backup
Link 20s, Forwarding 15s MAC Learning 15s 50s
Cost 19
19+19
BLK Port Switch Root Bridge
CCNA 640-802 Page 110 of 128

P Path Cost Neighbor Switch Mac
Address Mac Address Port Root Port
Switch Mac Address
CCNA 640-802 Page 111 of 128

Root Bridge Access Layer Core Layer Switch
Priority Root Bridge Access
Layer Switch Data Root Bridge
Per Vlan Spanning-Tree (PVST+)
Vlan Root Primary BLK Port
Rapid PVST
Rapid PVST Backup Link 2s User Reliable
P
Switch(config)#spanning-tree mode rapid-pvst
CCNA 640-802 Page 112 of 128

CCNA 640-802 Page 113 of 128
YGN-S1(config)#int range f0/1 - 2
YGN-S1(config-if-range)#switchport mode trunk
YGN-S1(config-if-range)#switchport nonegotiate
YGN-S1(config-if-range)#exit
YGN-S1(config)#vtp mode server
YGN-S1(config)#vtp domain cisco
YGN-S1(config)#vtp password cisco
YGN-S2(config)#vtp mode client
YGN-S3(config)#vtp mode client
CCNA 640-802 Page 114 of 128

Access Control Lists
Access Control lists Router Users

instructions
ACL
1. Standard Access Lists

2. Extended Access Lists
Standard Access Lists

1. Standard Access Lists 1-99
2. Data Packets filter source addresses
3. Destination Addresses Access L Destination
Router interface
4. P Filter OSI Model Layer 3
Exercise 1
CCNA 640-802 Page 115 of 128

J ’ ’ deny
B1(config)#access-list 10 deny host 192.168.1.31

B1(config)#access-list 10 deny 192.168.1.31 access-list 10 deny Source IP Address
B1(config)#access-list 10 deny 192.168.1.31 0.0.0.0
ACL No. Deny IP
B1(config)#int f0/0 Interface
B1(config-if)#ip access-group 10 out Access-list outbound
- Rule default deny auto rule source network
host Destination Network Host Deny
Rule Source Network host
B1(config)#access-list 11 deny host 192.168.1.31 Deny host

B1(config)#access-list 11 permit any
B1(config)#int f0/0
B1(config-if)#ip access-group 10 out
B1(config)#access-list 12 deny 192.168.1.0 0.0.0.255 192.168.1.0 Network

B1(config)#int f0/0
B1(config)#access-list 13 deny 192.168.1.128 0.0.0.127 Network 192.168.1.128

B1(config)#access-list 13 permit any 192.168.1.255
B1(config)#
B1(config)#int f0/0
B1(config)#access-list 14 deny 192.168.1.0 0.0.0.63 N 192.168.1.0-64

B1(config)#access-list 14 deny 192.168.1.128 0.0.0.63 192.168.1.128-192 Deny
B1(config)#
B1(config)#int f0/0
CCNA 640-802 Page 116 of 128

B1(config)#access-list 15 deny 192.168.1.32 0.0.0.31 Deny
B1(config)#
B1(config)#int f0/0
B1(config)#access-list 16 deny 192.168.1.1 0.0.0.254 IP / 255

B1(config)#access-list 16 permit any b
B1(config)#
B1(config)#int f0/0
Extended Access Lists
CCNA 640-802 Page 117 of 128

Exercises
192.168.7.0 Network Website access Extended Access Lists
access-list 110 permit tcp 192.168.7.0 0.0.0.255 any eq 7.0 Network 0.0 Network website
80
access-list 110 permit udp 192.168.7.0 0.0.0.255 host website DNS
192.168.0.10 eq 53 Service
access-list 110 permit udp any eq 68 any eq 67 Client DHCP Service
(68 client 67
server )
int f0/1 Access-List Interface
ip access-group 110 in
access-list 111 deny tcp 192.168.7.0 0.0.0.255 host Website cisco.com website
192.168.0.11 eq 80 deny (Remark – Deny
ACL )
access-list 111 permit tcp 192.168.7.0 0.0.0.255 any eq website P
80
access-list 111 permit udp 192.168.7.0 0.0.0.255 host
192.168.0.10 eq 53
access-list 111 permit udp any eq 68 any eq 67
CCNA 640-802 Page 118 of 128

int f0/1
access-list 111 permit icmp 192.168.7.0 0.0.0.255 7.0 Network 2.0 Network Ping
192.168.2.0 0.0.0.255 echo
access-list 112 deny tcp 192.168.7.0 0.0.0.255 host
192.168.0.11 eq 80
access-list 112 permit tcp 192.168.7.0 0.0.0.255 any eq
80
access-list 112 permit udp 192.168.7.0 0.0.0.255 host
192.168.0.10 eq 53
access-list 112 permit udp any eq 68 any eq 67
access-list 112 deny icmp 192.168.7.64 0.0.0.31 7.64-7.96 2.224-2.255 deny
192.168.2.224 0.0.0.31 echo
access-list 112 permit icmp 192.168.7.0 0.0.0.255
192.168.2.0 0.0.0.255 echo
access-list 112 permit tcp host 192.168.7.100 host 7.100 computer 0.11
192.168.0.11 eq 21
int f0/1
Name Access-List
CCNA 640-802 Page 119 of 128

J ’ Router
HQ(config)#enable secret cisco

HQ(config)#line vty 0 4
HQ(config-line)#password telnet
HQ(config-line)#exit
HQ(config)#ip access-list standard John John Standard ACL
HQ(config-std-nacl)#permit host 192.168.1.31 John compuer
HQ(config-std-nacl)#exit
HQ(config)#line vty 0 4 Telnet
HQ(config-line)#access-class John in ACL
HQ(config-line)#exit
J ’ Server Network Switch
Switch(config)#enable secret cisco Admin Mode Password

Switch(config)#line vty 0 4
Switch(config-line)#password telnet Password
Switch(config-line)#exit
Switch(config)#int vlan 1 Switch IP
Switch(config-if)#ip add 192.168.0.5 255.255.255.0
Switch(config-if)#no shut
Switch(config-if)#exit
Switch(config)#ip default-gateway 192.168.0.1 Switch gateway
Switch(config)#ip access-list standard John N L
Switch(config-std-nacl)#permit host 192.168.1.31 192.168.1.31
Switch(config-std-nacl)#exit
Switch(config)#line vty 0 4 ACL
Switch(config-line)#access-class John in
Switch(config-line)#exit
CCNA 640-802 Page 120 of 128

Time Base ACL
R1#sh clock
R1(config)#clock timezone YGN 6 30
R1#clock set 19:00:00 11 Oct 2012
R1(config)#ntp master ntp server
R2(config)#ntp server 192.168.123.1 Time Setting NTP Server
R2(config)#clock timezone YGN 6 30
N L 111.0 Network 222.0 Network ICMP Allow
R1(config)#ip access-list extended PING

R1(config-ext-nacl)#permit icmp 192.168.111.0 0.0.0.255 192.168.222.0 0.0.0.255 echo
R1(config)#int f0/0
R1(config-if)#ip access-group PING in
R1#sh access-list
Extended IP access list PING
10 permit icmp 192.168.111.0 0.0.0.255 192.168.222.0 0.0.0.255
echo
N L 111.10 Client 222.20 Server ICMP Deny ACL
ACL No.
R1(config)#ip access-list extended PING

R1(config-ext-nacl)#9 deny icmp host 192.168.111.10 host 192.168.222.20 echo
CCNA 640-802 Page 121 of 128

R1(config-ext-nacl)#do sh access-list
9 deny icmp host 192.168.111.10 host 192.168.222.20 echo
10 permit icmp 192.168.111.0 0.0.0.255 192.168.222.0 0.0.0.255 echo
ACL Rule ACL No.
start no. increase count
R1(config)#ip access-list resequence PING 10 10

R1(config)#do sh access-list
20 permit icmp 192.168.111.0 0.0.0.255 192.168.222.0 0.0.0.255
echo
Remote Desktop (Time Frame )
R1(config)#time-range RDP
R1(config-time-range)#?
Time range configuration commands:
absolute absolute time and date
default Set a command to its defaults
exit Exit from time-range configuration mode
no Negate a command or set its defaults
periodic periodic time and date
R1(config-time-range)#periodic Monday Wednesday Thursday 8:30 to 9:00

R1(config-time-range)#ip access-list extended PING
R1(config-ext-nacl)#5 permit tcp host 192.168.111.10 host 192.168.222.20 eq 3389 time-range RDP
R1(config-ext-nacl)#do sh access-list
5 permit tcp host 192.168.111.10 host 192.168.222.20 eq 3389 time-range RDP (inactive)
20 permit icmp 192.168.111.0 0.0.0.255 192.168.222.0 0.0.0.255
CCNA 640-802 Page 122 of 128

CCNA 640-802 Page 123 of 128
B1(config)#enable secret cisco
B1(config)#line vty 0 4
B1(config-line)#password telnet
B1(config)#access-list 10 permit 10.10.14.0 0.0.0.255 IT Vlan 24 Router
B1(config)#line vty 0 4 B1 Router L
B1(config-line)#access-class 10 in
7.0 Guest Network Internet Access Allow (HTTP,HTTPS,DNS,DHCP)
B2(config)#access-list 120 permit udp 10.10.7.0 0.0.0.255 host 10.10.15.10 eq 53

L Guest Network DNS Server DNS Service
B2(config)#access-list 120 deny tcp 10.10.7.0 0.0.0.255 host 10.10.15.30 eq 80

L Guest Network Internal website(www.abc.com) P
B2(config)#access-list 120 deny tcp 10.10.7.0 0.0.0.255 host 10.10.15.30 eq 443

L Guest Network Internal website(www.abc.com) P
B2(config)#access-list 120 permit tcp 10.10.7.0 0.0.0.255 any eq 80

L Guest Network Internet Website P

L Guest Network Internet Website P
B2(config)#access-list 120 permit udp any eq 68 eq 67

L Guest Network DHCP Server DHCP Service
B2(config)#access-list 120 permit ip 10.10.7.0 0.0.0.255 10.10.9.0 0.0.0.255

L Guest Network Wireless
B2(config)#access-list 120 permit ip 10.10.7.0 0.0.0.255 10.10.11.0 0.0.0.255

L Guest Network Wireless
B2(config)#access-list 120 deny tcp 10.10.7.0 0.0.0.255 host 10.10.15.50 0.0.0.255 eq 25

L Guest Network Internal Mail Server SMTP
B2(config)#access-list 120 deny tcp 10.10.7.0 0.0.0.255 host 10.10.15.50 0.0.0.255 eq 110
L Guest Network Internal Mail Server POP3

L Guest Network Internet Mail Server
CCNA 640-802 Page 124 of 128

L Guest Network Internet Mail Server
B2(config)#int f0/0.17
B2(config-subif)#ip access-group 120 in
NAT (Network Address Translation)
Three types of NAT-
Static NAT (one to one)- Mapping an unregistered IP address to a registered IP address on a one-to-
one basis. Particularly useful when a device needs to be accessible from outside the network.
In static NAT, the computer with the IP address of 192.168.0.10 will always translate to 213.81.71.69:
Dynamic NAT – Maps an unregistered IP address to a registered IP address from a group of

registered IP addresses. Dynamic NAT also establishes a one-to-one mapping between unregistered
and registered IP address, but the mapping could vary depending on the registered address
available in the pool, at the time of communication.
In dynamic NAT, the computer with the IP address of 192.168.32.10 will translate to the first available
address in the range from 213.18.123.100 to 213.18.123.150:
CCNA 640-802 Page 125 of 128

Overloading – A form of dynamic NAT that maps multiple unregistered IP addresses to a single
registered IP address by using different ports. Known also as PAT (Port Address Translation), single
address NAT or port-level multiplexed NAT.
In overloading, each computer on the private network is translated to the same IP address
(213.18.123.100) but with a different port number assignment:
Exercise ( Static NAT) - Internal Web Site External Client N
NAT(config)#ip route 0.0.0.0 0.0.0.0 s0/0/0 Internet

NAT(config)#ip nat inside source static 10.1.0.254 203.81.64.11 Nat 203.81.64.11
NAT(config)#int s0/0/0 10.1.0.254 translate
NAT(config-if)#ip nat outside Int serial 0/0/0 outside interface
NAT(config-if)#int f0/0
NAT(config-if)#ip nat inside Int f0/0 inside interface
CCNA 640-802 Page 126 of 128

NAT(config)#ip nat inside source static tcp 10.1.0.254 80 203.81.64.11 80 Wan IP Port
NAT(config)#ip nat inside source static tcp 10.1.0.253 80 203.81.64.11 443 Internal Web Server
DNS Server
Exercise (Dynamic NAT) – Internal Clients Internet WAN IP
NAT(config)#access-list 30 permit 10.1.0.0 0.0.1.255 L

NAT(config)#ip nat pool MYPOOL 203.81.64.3 WAN IP 3 POOL
203.81.64.5 netmask 255.255.255.240 NAT
NAT(config)#ip nat inside source list 30 pool MYPOOL Interface
NAT(config)#int s0/0/0
NAT(config-if)#ip nat outside
NAT(config-if)#ip nat inside
NAT(config-if)#ip nat inside
CCNA 640-802 Page 127 of 128

NAT#sh ip nat translations NAT
NAT#clear ip nat translation NAT
Exercise -PAT (Port Address Translation) Internal Clients Internet
NAT(config)#ip nat inside source list 30 pool MYPOOL overload Overload PAT
HTTP/HTTPS DNS Allow N
NAT(config)#access-list 120 permit tcp 10.1.0.0 0.0.1.255 any eq 80

NAT(config)#ip nat inside source list 120 pool MYPOOL overload
CCNA 640-802 Page 128 of 128

Cisco_Command_Guide

Uploaded by

Cisco_Command_Guide

Uploaded by

CCNA Command Guide

Decimal to Hexa and Binary

CCNA 640-802 Page 2 of 128

Small Office Office Computer 50

CCNA 640-802 Page 3 of 128

Network First IP Last IP Broadcast

CCNA 640-802 Page 4 of 128

172.16.0.0/18 172.16.64.0/18 172.16.128.0/18 172.16.192.0/17

CCNA 640-802 Page 5 of 128

Networks Network Hosts

Answer: 128 subnets and 510 hosts

172.26.0.0 Network N 110 Network 300 Hosts

CCNA 640-802 Page 6 of 128

IP Subnet Mask Third Octet

IP Network IP Subnet Mask

IP Broadcast Address Subnet Mask

IP Network Subnet Mask

CCNA 640-802 Page 7 of 128

VLSM(Variable Length Subnet Mask)

192.168.0.128/28 192.168.0.144/28 192.168.0.160/28 192.168.0.176/28

CCNA 640-802 Page 8 of 128

Route Summarization or CIDR (Classless Inter-Domain Route)

CCNA 640-802 Page 9 of 128

Common bits: 10101100.00010000.010001xx

CCNA 640-802 Page 10 of 128

Shortcuts To Entering Commands

? Question Mark Command

Router#? Admin Mode Command

Router>enable User Mode Admin Mode

Router#configure terminal Global Configuration Mode

CCNA 640-802 Page 11 of 128

Router#disable User Mode

Router#logout exit Command

YGN#show ip route Routing Table

YGN(config)#do show running-config Mode

YGN#copy running-config startup-config = config file

CCNA 640-802 Page 12 of 128

YGN#erase start NVRAM startup config file

YGN(config)#enable password cisco Admin Mode Type 7

YGN(config)#enable secret cisco Admin Mode Type 5

YGN(config)#interface fastethernet 0/0 f0/0 interface ip

YGN(config)#interface serial 0/0

YGN(config)#line con 0 Command console information

CCNA 640-802 Page 13 of 128

YGN(config)#line con 0 Console auto log off

YGN(config)# banner motd $

YGN(config)#line vty 0 1 telnet user (eg. 0 4)

console port user database

YGN(config)#username console secret consoleadmin Normal User

YGN(config)#ip domain-name abc.com Router

CCNA 640-802 Page 14 of 128

YGN(config)#ip dhcp excluded-address 192.168.1.1 192.168.1.20 P

YGN#clear ip dhcp binding dhcp ip clear

YGN(config)#login block-for 300 attempts 3 within 10

CCNA 640-802 Page 15 of 128

Router>en Admin Mode

CCNA 640-802 Page 16 of 128

Configure Your Router to Support SDM (Manage with GUI)

Router# configure terminal

Install the SDM File

http:// IP Address (or) http://172.28.54.203:2000

Router>en Admin Mode

CCNA 640-802 Page 17 of 128

PC>telnet 192.168.1.1 Router

CCNA 640-802 Page 18 of 128

PC>ssh –l super 192.168.1.1 ssh protocol

Two ways of static route

1. next-hop address &

Static Route small network Router

Routing Change Administrator Router Routing Table Change

Routing Protocol Admin Distance

Configuring Static Route on a Router

Router(config)#ip route destination-network Subnet-Mask Exit-Interface (or) next-hop address

CCNA 640-802 Page 19 of 128

HQ>en Next-hop IP Static

CCNA 640-802 Page 20 of 128