ATEN command summary _ vro Section

Route entry configuration: Note: In configuration mode. General static route configuration: router (config) # mask of the destination ip address of the ip route destination address next address floating static route configuration (add the Management Distance at the end of the common static route command, it is usually used with the configuration of common static routes. When a common static route fails, floating Static Routing starts to work.): router (config) # mask of the destination ip address of the ip route destination address. Next address: 50 equivalent route entries (do not write the Management Distance, write two common static routes. When one route entry fails through the static route, another static route starts to work): router (config) # mask of the destination ip address of the ip route destination address next address 2. dynamic Routing RIP-v1 configuration: Note: In configuration mode configuration, the RIP-v1 is a class routing, cannot carry subnet mask, so if interrupted, you need to use a secondary address. Start the RIP process: router (config) # router rip specifies each master network that needs to run the rip Protocol: router (config-router) # Each direct connection address of the network
3. configure the Passive port (specifying a link without enabling the RIP Protocol): router (config-router) # passive-interface-id 4. unicast Update Configuration (select the RIP Protocol configuration for a connected serial link): first, configure the port to Passive: router (config-router) # passive-interface-id and then select the neighbor device for the rip Protocol: router (config-router) # The direct connection address between neighbor and the neighbor 5. discontinuous subnet: Note: A non-consecutive subnet refers to the interruption of the normal IP segment with the address on the two sides in the middle, you need to configure the secondary address that matches the original IP address segment in another middle segment, and the network also needs to do the rip of the secondary address. In interface mode, configure the secondary address (which must be consistent with the interrupted IP segment): router (config-if) # ip address subnet mask secondary
6. RIP different versions of the configuration: Note: The RIP-v2 is classless routing, in the transfer process with subnet mask, there is no problem of interruption, do not need secondary address, and advertise the message to the destination address 224.0.0.9 through multicast. RIP-v1 configuration (default version 1): router (config-) # configuration of the router ripRIP-v2: router (config-) # router riprouter (config-router) # version 2 7. RIP-v2 works with the RIP-v1 (use the send version and receive version command to specify the version used for sending and receiving): Note: configured in interface mode, and the port sending and receiving standards at both ends must be consistent. Use version 1 for sending and receiving: router (config-if) # ip rip send version 1 router (config-if) # ip rip receive version 1 use version 2 for sending and receiving: router (config-if) # ip rip send version 2 router (config-if) # ip rip receive version 2 uses version 1 2 for both sending and receiving: router (config-if) # ip rip send version 1 2 router (config-if) # ip rip receive version 1 2
8. Disable horizontal split: Note: In interface mode, horizontal split is used in the RIP Protocol to Prevent routing loops. Router (config-if) # no ip split-horizon 9. how does a discontinuous subnet and classless route make the advertised subnet pass through the primary network boundary (like a RIP-v1, the default behavior is to summarize the routes on the primary network boundary, therefore, you must disable the routing summary function to allow the advertised subnet to pass through the primary network border.): router (config-router) # no auto-summary 10. OSPF configuration: Note: In configuration mode, pay attention to the area of the configured direct connection primary network segment ). Start the OSPF process: router (config) # configure the master network and region of the router ospf process number: router (config) # network host address 0.0.0.0 area-idrouter (config) # network segment anti-subnet mask area-id view OSPF configuration DNS ing routerID to name: router # show ip ospf neighbor 11. auxiliary OSPF address: 12. special OSPF configuration: Note: Due to various special circumstances, you need to promptly adjust the configuration of affected regional devices or border devices. Configure the STUB region (All configurations are required in one region): router (config) # area-id stub modify the value of the ABR (it makes sense only when there is more than one API and one API fails): router (config) # area-id default-cost configure totally stub (directly configure in ABR, and only STUB is used for devices in other regions): router (config) # area-id stub no-summary
13. Configure The NSSA region. Note: It is used only when connecting to the external AS. That is to say, to connect to a region that is not OSPF, You need to configure Static Routing or RIP. Re-injection (operate on ASBR): router (config) # redistribute rip metric 10 configure NSSA region (all regions must be configured): router (config) # area-id nssa configure totally nssa region (this configuration is only required when a device is both an ABR and an ASBR. It is only configured on the device, other devices in the same region are normal NSSA): router (config) # area-id nssa no-summary 14. after no-summary is removed, the ABR does not send the default route of LSA Type 3. Therefore, the external network cannot arrive within the NSS region. Note: where (no-redistribution indicates NO re-injection), (default-information-originate indicates to advertise a default route to The NSSA region, at this time, no LSA3457 type ). Router (config) # area-id nssa no-redistribution default-information-originate
15. Address Summary: Note: When configuring address summary on OSPF, it is best to add a default route pointing to the null0 port on the ABR to prevent route loopback. Router (config) # area-id range summarized address segments and mask router (config) # ip route summarized address segments and mask Null0 16. virtual link: Note: virtual links are always established between the ABR routers. At least one of them, especially one that must be connected to Zone 0, has two ends of the virtual link, all virtual links pointing to the other party must be configured. RouterB (config) # area-id virtual-link B address routerB (config) # area-id virtual-link A address 17. HSRP (Hot Backup route) configuration: Note: In interface mode, HSRP needs to generate a virtual route, and only one virtual route can be generated in one group. Configure the vro as a member of HSRP (the same virtual route address must be specified for the route in a group): router (config-if) # standby group-number the priority of HSRP in virtual route Address Configuration (default: 100, value range: 0-255): router (config-if) # standby group-number priority configure the authorization of HSRP (when the route is restored, the identity of the active route is re-obtained by the authorization): router (config-if) # standby group-number preempt configure the HELLO Message timer in HSRP (default: 3 seconds, value range: 1-255, hello-interval indicates the retention time, holdtime indicates the aging time ): router (config-if) # standby group-number times hello-interval holdtime Configure port tracking for HSRP (at the entry Track the egress and configure the priority to be lowered once an exit failure is detected. The default value is 10): router (config-if) # standby group-number track: port interface-priority to be tracked close port tracking: router (config-if) # no standby group-number track to view HSRP details: router # show standby view the HSRP status (type-number indicates the port type or port number to be displayed, group indicates the configured HSRP group): router # show standby type-number group brief 18. standard ACL (Access Control List) configuration (the more rigorous the requirements, the more advanced, the command is executed from top to bottom): Note: In configuration mode, after the configuration is complete, the ACL must be executed at the exit or entry. the table in the standard access control list is 1-99 and can only be controlled based on the source address. Configure the allowed standard ACL (source is the source address, which can be the host address or a network segment): router (config) # access-list-number permit source: Standard ACL denied by configuration: router (config) # access-list-number deny source: router # show access-list apply ACL at the entry (in interface mode): router (config-if) # ip access-group-number in apply ACL at the exit (in interface mode): router (config-if) # ip access-group-number out 19. application with extended ACL (the table number of the extended access list is 100-199, and the extended access list can be configured based on the source and target as well as the Protocol and port): Note: In configuration mode (Source & destination refers to the source address and destination Address, operator port refers to a port number greater than or less than or equal to or not equal to, and log refers to the log generation ). Router (config) # access-list-number [permit/deny] protocol [source-wildcard destination-wildcard] [operator port] [established] [log] application extended ACL: apply ACL in the entry (in interface mode): router (config-if) # ip access-group-number in the exit application ACL (in interface mode ): router (config-if) # ip access-group-number out name ACL (standard; extended extension): router (config) # ip access-list [standard/extended] name: Creation rejection from 172.16.4. 0: The ACL for the FTP traffic destined for 172.16.3.0 and applied to the outbound direction of the street port. Router (config) # access-list 101 deny tcp 172.16.4.0 0.0.0.255 172.16.3.0 0.0.0.255 eq 21 router (config) # access-list 101 permit ip any anyrouter (config) # ip access-group 101 out 20.NAT/ PAT (Network Address Translation) configuration: static NAT configuration (in configuration mode, create static address conversion between global addresses in the internal local address): router (config) # ip nat inside source static internal local address internal global address enable NAT on internal and external ports (select the entry and exit according to the actual situation): router (config-if) # ip nat outsiderouter (config-if) # view nat configuration in ip NAT inside: router # Show ip nat translations 21. dynamic NAT configuration (ACL must be used in combination to allow a segment to access the address pool): define a valid IP address pool: router (config) # ip nat pool address pool name start address stop address netmask subnet mask for Network Address Translation (in configuration mode, convert the internal local address specified by access-list with the specified internal global address pool): router (config) # ip nat inside source list access list entry pool internal global address pool name enable NAT on internal and external ports (select the entry and exit according to the actual situation): router (config-if) # ip nat outsiderouter (config-if) # ip nat inside 22. PAT configuration (ACL must be used in combination to allow a segment to access the address): Set to reuse Dynamic ip Address Translation: router (config) # ip nat Inside source list access list label internal global address pool name overload converts the local address in Access Control list 1 to the Global IP address defined in onlyone address pool: router (config) # ip nat inside source list 1 pool onlyone overload in global configuration mode, set a dynamic address conversion between the internal local address and the internal valid ip Address: router (config) # ip nat inside source list 1 interface-id overload 23. TCP Server Load balancer configuration: for example, assume that there are three servers 10.1.1.1, 10.1.1.2, and 10.1.1.3, and a virtual host 10.1.1.127 is used to represent this server group. NAT technology is required to achieve load balancing among the three servers. Set the ip address of the external port: router (config-if) # ip address 172.20.7.1 configure internal port: router (config-if) # ip address 10.1.1.254 255.255.255.0 defines a standard IP address access list for the Virtual Host: router (config) # access-list 2 permit 10.1.1.127 defines a NAT address set for the real host: router (config) # ip nat pool real-host 10.1.1.1 10.1.1.3 prefix-length 24 type rotary this command indicates that the actual host address ranges from 10.1.1.1 to 10.1.1.3, and the network prefix length is 24, and the address set is in the cycle type. Set the ing between the access control list and the NAT address set: router (config) # ip nat inside destination list 2 pool real-host enable NAT on internal and external ports: router (config-if) # ip nat outsiderouter (config-if) # After completing this step, request for connection to the VM, NAT allows the host in the real host group to respond in turn. 24. example of how to use DNS + dynamic NAT to handle address crossover: assume that the IP address ranges from 10.1.1.1 to 10.1.1.254, the IP address of the LAN port (Default Gateway) inside the router is 10.1.1.254, And the subnet mask is 255.255.255.0. The internal Global IP address range assigned by the network is 192.2.2.1-192.2.2.254, and the external local IP address range is 193.3.3.1 to 193.3.3.254. The IP address of the router in the Wan is 172.69.232.182, And the subnet mask is 255.255.255.255.255.240. To configure cross-address space conversion, follow these steps: Set the ip address of the external port: router (config-if) # ip address 172.69.232.182 255.255.255.255.240 set the ip address of the internal port: router (config-if) # ip address 10.1.1.254 255.255.255.0 defines the CIDR Block in the network that allows access to the external network: router (config) # access-list 1 permit 10.1.1.0 0.0.255 command defines the network segment for address translation. To allow multiple CIDR blocks to access the external network, you only need to use the preceding command repeatedly. Define a valid ip address pool: router (config) # ip nat pool net-2 192.2.2.1 192.2.2.254 prefix-length 24 router (config) # ip nat pool net-10 192.3.3.1 192.3.3.254 prefix-length 24 The First Command defines the internal global address set, and the second command defines the external local address set. Specify Network Address Translation ing: router (config) # ip nat inside source list 1 pool net-2router (config) # ip nat outside source list 1 pool net-10 the first statement defines converting an internal local address to an internal global address. This conversion uses the address pool net-2. The second statement defines converting an external global address to an external local address. This conversion uses the address pool net-10. Enable NAT on internal and external ports: router (config-if) # ip nat outsiderouter (config-if) # ip nat inside when an internal host sends an ip packet to an external host, you can use show ip nat translations to view the connection. Router (config) # interface loopback 0 configure loopback interface router (config-if) # ip address 10.0.0.1 255.255.255.0 configure loopback return address ------------------------------- cisco switch: User Mode: switch> privileged mode: switch> enableswitch # global mode: switch # config terminalswitch (config) # interface configuration mode: switch (config) # interface f0/1 switch (config-if) # line Mode: switch (config) # line console 0 switch (config-line) # ---------------------------------------------------------------- configure host name and password: switch (config) # hostname 123123 (config) # view switch Configuration: 123 (config) # show running-config enable password: 123 (config) # enable password 123456 encrypted password: 123 (config) enable secret 654321 configure console password: 123 (config) # line console 0123 (config-line) # password 321456123 (config-line) # login (activation password) 123 (config-line) # no password (delete password) Configure IP Address: 123 (config) # interface vlan 1123 (config-if) # ip address 192.168.1.2 255.255.255.0123 (config-if) # no shutdown (active) delete ip address: 123 (config-if) # no ip address configure vswitch gateway 123 (config) # ip default-gateway 192.168.1.1 view vswitch MAC address table 123 # show mac-address-table ----------------------------------------------------cisco ----- discover protocol (CDP) the show cdp command mainly includes the following commands that can be used: switch # show cdpswitch # show cdp interface f0/24 switch # show cdp neighborsswitch # show cdp neighbors detaillswitch # show cdp trafficswitch # show cdp entry * resume: Save the vswitch configuration and restore the original factory settings 123 # copy running-config startup-config or 123 # write both commands have the same effect on restoring the vswitch factory value 123 # erase startup- config (except for clearing startup-config) 123 # reload (reload) ----------------------------------------------------------- switch Password Recovery (1) unplug the power cord of the switch (2) press the switch MODE button in the hand and insert the power cord (3, switch startup system (4) run the flash_init command after switch: flash_initInitializing flash ..... (In startup (5) view the file in flash: switch: dir flash :( 6) set config. the text file is renamed config. old File switch: rename flash: config. text flash: config. old (7) run the boot command and start the switch: boot (8). Go to privileged mode and view the file switch in flash # dir flash :( 9) run the file config. change old to config. text File switch # rename flash: config. old flash: config. text (10. copy text to the system's running-config: switch # copy flash: config. text running-config (11) enter the configuration mode and reset the password and save the disk. The password is restored to complete the VLANswitch creation for the VLAN in the vlan # config terminalswitch (config) # vlan 100 switch (config-VLAN) name 321 (renamed) switch (config) # no vlan 100 (delete vlan 100) or a VLANswitch can be created in a VLAN database # vlan databaseswitch (vlan) # command for vlan 100 name v100 (created and renamed as V100) to view VLAN information: switch # show vlan brief to view VLAN information: switch # show vlan 100 added in VLAN, delete port switch # interface terminalswitch (config) # interface f0/24 switch (config-if) # switchport mode access (access link) switch (config-if) # switchport access vlan 2 (added to VLAN 2) switch (config) # interface range f0/1-20 switch (config-if-range) # switchport access vlan 2 (add ports f0/1 to f0/10 to vlan2) switch (config-if) # no switch access vlan 2 (delete from VLAN 2) switch (config-if) end (exit switch (config) # default interface fastethernet0/2 (All interfaces are configured by default) Configure VLAN Trunk configuration and view command switch (config) # interface f0/24 switch (config-if) switchport mode trunk (configure F0/24 as the relay link) switch (config-if) switch mode assess (you can change from TRUNK to normal link) command for configuring the interface to be in the dynamic negotiation mode: switch (config) # interface f0/23 switch (config-if) # switch mode dynamic desirable or auto can be configured to the TRUNK dynamic negotiation mode, run the show command to verify the interface mode for desirable or auto: switch # show interface f0/24 switchport. If the Trunk does not need to transmit the data of a VLAN, you can remove the VLANswitch (config) from the Trunk) # interface f0/24 (because this is a TrunK link) switch (config-if) switch trunk allowed vlan remove 100 (number of VLANs written here, you can also add a VLANswitch (config) # interface f0/24 switch (config-if) to the TRUNK) switch trunk allowed vlan add 100 check whether the interface has become a trunk link switch # show interface f0/24 switchport -------------------------------------------------------------------------- ARP Protocol: on a Windows Host: c: \> arp-a can view the relationship between the IP address and the MAC address, or manually delete the ARP table entry c: \> arp-d 192.168.1.1 displays the ARP cache table router on the vro1.1 # show ip arp mask Static Routing and configures the user mode. The user mode is the same as that of the vswitch. Enter the vroyes to ask YES/NO, select NO and manually configure it. configure the default route: Note: The default route generally uses the peripheral network router (config) # ip route 0.0.0.0 0.0.0.0 192.168.1.1 (8 0 represents all network segments, 192.168.1.1 represents the next hop address, the IP address of the next router. configure the static route router (config) # ip route 192.168.1.0 255.255.255.0 (IP address of the destination CIDR Block) Next Hop address 172.16.1.1 configure the ip address of the Fastethernet f0/0 interface of router: r1 # config terR1 (config) # interface f0/0R1 (config-if) # ip address 192.168.1.1 255.255.255.0R1 (config-if) # no shutdown view R1 F0/0 interface status R1 # show interface f0/0 view router route table: R1 # show ip route ------------------------------------------- configure Console Password: R1 (config_line) # line console 0R1 (config_line) # password 321456R1 (config_line) # login configuration privileged mode password: R1 (config) # enable password 1230 encryption for all passwords: R1 (config) # service password-encryption configure other console parameters (1) Configure timeout R1 (config) # line console 0R1 (config_line) # exec-timeout 0 0 0 0 represents never timeout, 1st 0 represents minutes, 2nd 0 represents seconds, (2) Display Synchronization R1 (config) # line console 0R1 (config_line) logging synchronous (3) Disable DNSR1 (config) # no ip domain-lookup view vro version information R1 # show version ------------------------------------------------------------------- vro password recovery (copied as a book, useless) (1) restart the vro, press Ctrl + Break within 60 seconds to enable the router to enter ROM Monitor mode (2) enter a command at the prompt to modify the value of the configuration register, and then restart the router, rommon1> confreg 0x2142rommon2> reset (3) restart the router and enter the SETUP mode. Select "NO" to return to the EXEC mode. Then, the original configurations of the vro are still saved in startup-config, to change the configuration after the vro password is restored, save the configuration in startup-config to running-config, and then reset the enable password, change the value of the configuration register to 0x2102 (otherwise, the router will enter the setup mode after each restart ). command: Router> enableRouter # copy startup-config running-configRouter # config terminalRouter (config) # enable password 123 Router (config) # config-regiser 0x2102 (4) save the current configuration to startup_config and restart the vro. command: router # copy running-config startup-configRouter # reload route configuration single-arm route router (config) # interface f0/0 router (config-if) # no shutdown (you can activate the f0/0 interface first or later) router (config) # interface f0/0.1 (subinterface mode of F0/0) router (config-subif) # encapsulation dot1q 1 (VLAN1 is the next one, which encapsulates this sub-interface in VLAN1) router (config-subif) # ip address 192.168.1.1 255.255.255.0 (this IP address is the gateway address of VLAN1) router (config-subif) # no shutdown view: in privileged mode: show ip route or show run or show interface f0/0 ---------------------------------------------------------------------- configuration time: Router # clock set hour: minute: second day month year View: router # show clock command for configuring the RIP dynamic route to start the RIP process (RIP is a medium protocol for Dynamic Routing) router (config) # router riprouter (config-router) # version 2 (set as RIP version 2) router (config-router) # no auto-summary (configuration is not automatically summarized when RIP2 is used) router (config-router) # network 192.168.1.0 (IP address segment of the directly connected route) router # show ip route (view route table) router # show ip protocol (view route protocol configuration) router # debug ip rip (enable debugging command) ------------------------------------------------------------ to use TELNET to manage cisco devices, configure switch (config) # interface vlan 1 (with ip addresses first) switch (config-if) # ip address 192.168.1.1 255.255.255.0switch (config-if) # no shutdownswitch (config) # line vty 0 5 (the next 5 is to allow several login requests at the same time) switch (config-line) # passwor 133 switch (config-line) # login (activation) switch (config) # enable password 123 switch (config) # service password-encryption (to all the encryption, you can choose) in the PC command prompt c: \> telnet 192.168.1.1 after entering password: your own password login backup IOS or startup-config1, confirm that the PC and switch can be pinged through 2, enable the Cisco TFTP Server tool 3, upload or download the switch IOS or configuration file switch # copy flash tftp (from FLASH to TFTP) switch # copy tftp flash (from TFTP to FLASH) switch # copy nvram: starup-config tftp: switch # copy tftp: starup-config nvram (upload the configuration file to the switch)