「 Basic configuration 」
Log on to the console and configure the user mode in Local Mode xx> enable n privileged mode xx # configure terminal global configuration mode xx (config) # interface [f | s] n/m enter interface configuration mode xx (config-if )#
After entering the (sub) interface mode, configure IP (config-if) # ip addr A. B .C.D subnet mask activation interface (config-if) # no shutdown configuration speed (config-if) # speed {auto | 10 | 100} configure the interface working mode (config-if) # duplex {auto | half | full} configure the clock (Serial Port DCE end)
(Config-if) # clock rate n reverse operation (delete configuration)
The no + command configures multiple ip addresses (config-if) on the swap interface # ip addr A. B .C.D Subnet Mask (config-if) # view all configurations with the ip addr A. B .C.D subnet mask secondary # show running-config
The router disables the routing function as a host (config) # no ip routing sets the gateway (config) for the router # ip default-gateway ip Address
Change the machine name (config) # hostname yy control line timeout (config) # line n (config-line) # exec-timeout 0 0 disable the domain name resolution function (config) # no ip domain-lookup enable the Router http function (config) # ip http server (config) # username xxx password yyy (config) # username xxx secret yyy (config) # enable secret yyy enable the password encryption service (config) # service password-encryption yyy enable the router https function (config) # ip http secure-server enable the vro remote login function (config) # line vty 0 4 (config) # login local or (config) # no login (config) # enable n use the telnet command A. B .C.D when logging on
「 Vswitch 」
View the mac address table # show mac-address-table binding static mac address (config) # mac-address-table static H. h. H vlan n interface fx/x # show arp on the host use arp-a to view arp information to enable Switch Port Security (to prevent the host from maliciously sending random mac addresses to fill the mac address table)
(Conifg) # switchport port-security (conifg) # switchport?
# Show port-security int fx/x recovery (config) # errdisable recovery
Configure and manage ip addresses (conifg) for vlan1 # int vlan 1 (config-if) # ip addr A. B .C.D Subnet Mask (config-if) # no shut
"Switch vlan 」
View vlan # show vlan-switch or # show vlan create vlan # vlan database (vlan) # vlan n adds a port to a vlan (config-if) # switchport access vlan n trunk (config-if) for interfaces that allow multiple VLANs # switchport mode trunk
「 Single-arm route vlan 」
Configure sub-interfaces on the vro to implement communication between different VLANs. First, you must activate the parent interface. In addition, duplicate IP addresses are not allowed (config) # interface fx/x. x (config-subif) # encapsulation dot1q vlan-id (config-subif) # ip addr. c.D. E Subnet Mask (config-subif) # no shut
「 Use layer-3 Switch to switch virtual interfaces 」
To implement communication between different VLANs, you must first add the corresponding vlan (config) # int vlan n (config-if) to the vswitch) # ip addr A. B .C.D Subnet Mask (config-if) # no shut must delete the switch virtual interface before deleting the corresponding vlan.
「 VTP 」
Configure VTP mode # vlan database (vlan) # vtp {server | client | transparent} the vlan information (vlan) can be synchronized only between routers with identical domain names and passwords) # vtp domain <domain Name> (vlan) # vtp password <password> enable VTP cropping (vlan) # vtp pruning exit activation (vlan) # exit
「 Port aggregation 」
Create R1 (config) # interface port-channel 1 (config-if) # switchport trunk encapsulation dot1q (config-if) # switchport mode trunk Add the specified interface to the aggregation group # int range f x/x-x # channel-group 1 mode on view the aggregation interface # show etherchannel summary
"Spanning Tree Protocol 」
Vlan-based Spanning Tree prevents loops from enabling the Spanning Tree Protocol (STP is enabled by default and can be omitted)
(Config) # spanning-tree vlan n modify the spanning tree Protocol priority (root bridge: Minimum mac and minimum priority)
(Config) # enable portfast for the port connecting the spanning-tree vlan n priority m switch to the host, which prevents the host from sending BPDU forged data (config-if) # spanning-tree portfast view spanning tree # show spanning-tree [vlan n]
Static Routing 」
View protocol # show ip protocols view route table # show ip route Add a static route (use the default route as an example)
(Config) # ip route 0.0.0.0 0.0.0.0 {outbound interface | next hop ip} floating static route (backup link, which takes effect after the original link fails)
(Config) # ip route 0.0.0.0 0.0.0.0 outbound interface AD Management Distance from static black hole routing (config) # ip route 192.168.0.0 255.255.0.0 null 0
「 RIP distance vector routing, dynamic routing 」
Configure the RIP to declare the network segment (config) # router rip (config-router) # change the network segment to Version 2 (config-router) # version {2 | 1} disable automatic summary (if it is separated by other networks, it is best to disable automatic summary)
(Config-router) # no auto-summary sets the passive interface (only accept updates and do not declare yourself)
(Config-router) # passive-interface unicast Update (only route information is exchanged with the specified ip address)
(Config-router) # clear route table content from the neighbor ip address # clear ip route *
「 OSPF link status routing, dynamic routing 」
Configure OSPF to advertise a direct network (config) # router ospf <process id> (config-router) # router-id <Any IP address> (config-router) # network <anti-mask> area n restart OSPF process # clear ip ospf process view interface OSPF information # show ip ospf interface view neighbor table # show ip ospf neighbor view link data table # show ip ospf database
「 Routing of the OSPF link status and dynamic routing 」
Configure the public network (config) of the VPN gateway in the network. # view the neighbor table in the network. # view the topology table in the show ip network. # show ip network topology in the show ip network.
"VRRP vro routing protocol 」
Provide gateway redundancy to view VRRP information # show vrrp VRRP configuration (configure the following on the two vrouters that provide backup)
Port tracking (monitoring the status of an interface)
(Config) # track 1 interface line-protocol (config-if) # vrrp <1 ~ 254> additional ip configuration priority (greater IP address and priority) and preemptible (config-if) # vrrp <1 ~ 254> priority <1 ~ 254> (config-if) # vrrp <1 ~ 254> preempt (config-if) # vrrp 1 track 1 decrement <1 ~ 255>
「 Access Control List ACL 」
ACL cannot control the traffic initiated by itself, and does not work for the established traffic standard ACL (You cannot delete or add an access list separately)
(Config) # access-list <1 ~ 99 | 1300 ~ 1999> {permit | deny} IP address anti-mask extended ACL (config) # access-list <100-199> {permit | deny} <protocol> <source ip address> <anti-mask> <source port> <target ip address> <anti-mask> <Target Port> apply the specified ACL to an interface (config) # int interface (config-if) # ip access-group <1 ~ 99 | 100-199 | 1300 ~ 1999> {in | out}
Name ACL (config) # ip access-list standard <standard ACL Name> (config-std-nacl) # {permit | deny} ip address anti-Mask (config) # ip access-list extended <extended ACL Name> (config-ext-nacl) # {permit | deny} <protocol> <source ip address> <anti-mask> <source port> <target ip address> <anti-mask> <target port> apply the specified ACL to an interface (config) # int interface (config-if) # ip access-group <standard ACL name | extended ACL Name> {in | out}
Self-anti-ACL (RACL, which allows only the traffic actively initiated by the Intranet to pass through)
(Config) # ip access-list extended OUTB (config-ext-nacl) # permit tcp any reflect RACL (config) # ip access-list extended INB (config-ext-nacl) # evaluate RACL (config-ext-nacl) # deny ip any apply to the specified ACL to an interface (config-if) # ip access-group OUTB out (config-if) # ip access-group INB in
Time-based ACL setting time zone (config) # clock timezone GMT + 8 # clock set hh: mm: ss <day> <month> <year> definition time (config) # time-range <time Name> (config-time-range) # periodic hh: mm to hh: mm (config-time-range) # absolute start hh: mm: ss <day> <month> <year> end hh: mm: ss <day> <month> <year> combined with ACL (config) # ip access-list extended <extended ACL Name> (config-ext-nacl) # deny tcp any time-range <time Name>
「 NAT and PAT 」
Define the Intranet/Internet interface (config) # int interface (config-if) # ip nat {inside | outside} static NAT (config) # ip nat inside source static ip address static PAT (config) # ip nat inside source static <protocol> ip address <port number>
Use ACL to capture traffic (config) # access-list n permit IP address anti-Mask (config) # ip nat pool <address pool Name> <start ip address> <end ip address> netmask mask TCP load balancing (Round Robin conversion)
(Config) # ip nat pool <address pool Name> <start ip address> <end ip address> netmask mask type rotary dynamic NAT (config) # ip nat inside source list n pool <address pool Name> dynamic PAT (config) # ip nat inside source list n pool <address pool Name> overload
View translation items # show ip nat translations
Wan PPP protocol 」
Both routers on the serial port encapsulate the ppp protocol (config) # int sx/x (config-if) # encapsulation ppp (config-if) # no shut
Enable PAP authentication, unencrypted authenticated Party (config) # username <username> password <password> (config-if) # ppp authentication pap request authenticated Party (config-if) # ppp pap sent-username <username> password <password>
Enable CHAP authentication. The security encryption Authority (config) # username <request authority name> password <request authority password> (config-if) # ppp authentication chap request sender (config) # username <> password <> (config-if) # ppp authentication chap
「 Frame Relay 」
Broadcast-free Multi-Channel Access Network (NBMA)
Configure the frame relay switch to disable the router routing function (config) # no ip routing enable frame relay (config) # frame-relay switching to enter the serial interface R8 (config) # int sx/x encapsulation frame-relay protocol R8 (config-if) # encapsulation frame-relay specifies the lc-type (config-if) # frame-relay lm-type cisco specifies that the intf-type interface type is DCE (config-if) # frame-relay intf-type dce configures the clock frequency (config-if) # clock rate n configure DLCI (config-if) # frame-relay route <enter the DLCI number> int <output interface> <output the DLCI number>
Configure the router and encapsulate the frame-relay protocol (config-if) # encapsulation frame-relay static specified ing (config-if) # frame-relay map ip address clear dynamically learned Frame Relay # clear frame-relay-inarp view ing # show frame-relay map debugging # debug frame-relay LMIS
Point-to-point (solves the problem of horizontal segmentation and the drag-to-point interface)
Applicable to full and partial Interconnection (config) # int sx/x (config-if) # encapsulation frame-relay (config) # int sx/x. x multipoint disables reverse arp, disables the correspondence between the self-learning DLCI number and IP address, and uses static Map (config-subif) # no frame-relay inverse-arp static dling DLCI and IP (config-subif) # frame-relay map ip broadcast on R1 for R3 DLCI no. 103 IP address 192.168.1.3
Point-to-point interface (horizontal segmentation does not exist)
The sub-interface can be considered as a leased line. It is applicable to Star (config) # int sx/x (config-if) # encapsulation frame-relay (config) # int sx/x. x point-to-point (config-subif) # frame-relay interface-dlci <DLCI No.>