HCNA Study Notes

Off Rip[r1]rip[r1-rip-1]silent-interface all--prohibit sending OSPF messages <r1>reset RIP 1 configuration Routing backup/floating static route Ecmp]ip route-static 10.0.1.0 g0/0/0 10.0.10.1 Preference 100
>debugging IP icmp>terminal Debugging//Display debugging information on the terminal Default route]ip route-static 0.0.0.0 0 g0/0/0 10.0.0.254 Divide vlan:g0/0/1]port link-type accessg0/0/1]port default VLAN? The port is crossed into a VLAN, the default Vlan1vlanxx]port G0/0/1//A port is crossed into this VLAN Create VLANs in bulk//all switches are to create the same Vlan]vlan Batch 2 3 100//VLAN with VLAN ID 2,3,100 created Configure trunk//If VLAN is already configured, need to clean up VLAN information for this port G0/0/1]undo port default VLAN//clean VLAN, Direct carriage return, no need to add VLAN g0/0/1]port link-type trun    Kg0/0/1]port trunk allow-pass VLAN? If release all can be directly lost Allow-pass VLAN all ]clear Configuration Interface G0/0/1//clean up all configurations of the port, only the switch is valid, and the port being emptied is in the shutdown state and needs to be started manually. G0/0/1]undo shutdown STP]STP mode STP//adjust default STP mode]STP priority 0//Set some devices as root device (possibly root) STP test, need three devices, sw1-3,3 device uses trunk connection, first create VLAN 2 3, then add Trun K, allow VLAN 2 3 to pass. Set the g2,3 port trunk. Modify the STP mode to traditional STP (all devices need to be modified). Then verify the STP status, display STP brief. The STP state is first discarding (congested/unavailable/discarded), then learning, and finally forwarding (forwarded). STP, in the case of redundant lines, automatically ensures that all devices are interconnected and there is no loop. He will automatically select the root device and then connect to the neighboring device from the Interconnect port selection exit, and the neighboring device continues to connect to the neighboring device. STP sends a message (BPDUs) every two seconds to determine the current line and adjust the corresponding line status, only the root device can send BPDUs. First determine the priority of the STP, then determine the MAC address, and finally select the root device. Display STP can see the STP status of this device, as well as the MAC address and priority of the root device. STP Priority x--adjusts STP priorities. STP root PRIMARYSTP Priority 0//Effect]display STP interface XX//Can see BPDUs number STP must have root device, other devices must have root port

Rip

]dis rip 1]dis rip 1 interface]dis rip 1 neigh//Cisco NO]dis RIP 1 database  //rip The state of Rip-interface is the device enable RIP interface//Important 10.0.0.0/8, cost 0, Classfulsumm 10.0.1.0/24, cost 1, [a], nexthop 10.0.14.1 10.0.2.0/24, cost 2, [A], Nexthop 10.0.14.1 10.0.3.0/24, cost 2, [a], nexthop 10.0.14.1 10.0.4.0/24, 0, [A], rip-interface//Port enable RIP, enable : RIP can work on this port 10.0.14.0/24, cost 0, [a], rip-interface//Port enable RIP, enable: RIP can work on this port 10.0.123.0/24, cost 1, [a], NE Xthop 10.0.14.1 10.1.0.0/23, cost NA, Ifsumm 10.1.1.0/24, cost 0, [A], Rip-interface Ppp]aaaaaa]local-user admin/xxx Password cipher xxxinfo:add a new user.aaa]local-user admin/xxx service-type ppp/xxx// What services s0/0/1]ppp Authentication-mode Pap/chap//pap= Clear certification, chap= redaction certification s0/0/1]ppp pap/chap local-user admin/xxx password ci Pher xxx Trunkg0/0/1]port link-type trunkg0/0/1]port trunk allow-pass VLAN All Sub-interface]inter g0/0/1.10//Create sub-interface under 1 port 10 One-arm routing () mode: first set the interface of the switch side to the router and allow all VLANs to pass. Then set the sub-interface on the routing device, adjust the sub-interface of the acceptable vid mode and the vid number: dot1q ter vid xx, and then ARP broadcast enable and set the corresponding IP address. Environment: VLAN 20sw]interface G0/0/2//This interface is connected with routing G0/0/2]port link-type trunkg0/0/2]port trunk allow-pass VLAN All//Allow all VL An authenticated:]dis port VLAN Active//Can see Interface 2 mode as trunk, and allow currently created VLAN ID to pass (TAG) R1]interface g0/0/2.10//Add Sub interface//Remove available undo I    Nterface g0/0/2.102.10]dot1q Termination vid 10//Allow VLAN10 via 2.10]ARP broadcast enable/enable ARP2.10]IP address xxx xx Set sub-interface IP address verification:]dis Current Interface g0/0/2.10 Open telnet]user-interface vty 0 4vty0-4]authentication-mode password cr input password cr Nat conversion]interface Dialer 1dialer 1]nat static global extranet address inside intranet address Netmask 255.255.255.255 [R1-acl-adv-3001]rule 10 permit ip source 192.168.1.0 0.0.0.255 destination &NBSP;&NBSP;10.1.1.0&NBSP;0.0.0.255[R1-ACL-ADV-3001]DIS&NBSP;THIS[V200R003C00] #acl  number 3001    rule 10 permit ip source 192.168.1.0 0.0.0.255 destination  10.1.1.0 0.0.0.255  #return [r1-acl-adv-3001]q[r1]ipsec proposal rogue[ r1-ipsec-proposal-rogue]encapsulation-mode tunnel[r1-ipsec-proposal-rogue]esp  AUTHENTICATION-ALGORITHM&NBSP;SHA1[R1-IPSEC-PROPOSAL-ROGUE]DIS&NBSP;THIS[V200R003C00] #ipsec  proposal  rogue esp authentication-algorithm sha1#return[R1]dis ipsec proposal  number of proposals: 1 ipsec proposal name: rogue                               encapsulation mode: Tunnel                              Transform          : esp-new esp protocol      :  Authentication SHA1-HMAC-96                                                     encryption     des [r2]acl 3001[r2-acl-adv-3001]rule 10 permit ip source 10.1.1.0 0.0.0.255  destination 192.168.1.0 0.0.0.255 [r2-acl-adv-3001]q[r2]ipsec proposal rogue[ r2-ipsec-proposal-rogue]esp authentication-algorithm sha1[r2-ipsec-proposal-rogue]q[r2]dis  Ipsec proposal number of proposals: 1 ipsec proposal name: rogue                               Encapsulation mode: Tunnel                               Transform          : esp-new ESP protocol      :  authentication sha1-hmac-96                                                    Encryption      des R1IPSEC policy IPSEC Manual security ACL 3001 proposal Rogue Tunnel local 202.100.1.254//local exit IP tunnel remote 61.10 0.1.254//To-end egress IP SA SPI inbound ESP 2345//Here Inbound is opposite outbound SA String-key inbound ESP simple QYT sa SPI Outbo und esp 5432 SA string-key outbound ESP simple qytr2ipsec policy IPSEC ten manual security ACL 3001 proposal Rogue Tunnel L  ocal 61.100.1.254 Tunnel remote 202.100.1.254 sa SPI inbound ESP 5432 SA String-key inbound ESP simple QYT sa SPI outbound ESP 2345 SA String-key outbound ESP Simple QYT Ospf[r1]undo OSPF 1[R1]OSPF [r1-ospf-1]area 0[r1-ospf-1-area-0.0.0.0]network 10.0.1.0 0.0.0.255//Wildcard mask [   R1-ospf-1-area-0.0.0.0]network 10.0.123.0 0.0.0.255[r1-ospf-1]dis this[v200r003c00] #ospf 1 area 0.0.0.0 Authentication-mode Simple plain huawei//PlainText Password Authentication network 10.0.1.0 0.0.0.255//build local route and enable OSPF interface range Network 10.0.1 23.0 0.0.0.255 #return [r1]display OSPF peer brief//view OSPF neighbor relationship [r1]display OSPF 1 LSDB// ospf-hcnp-lab1[r1]# Area 0.0.0.1 Network 11.1.1.1 0.0.0.0//2 layer meaning, 1, enable to OSPF;2, notice a network segment. Network 12.1.1.0 0.0.0.255 #[r2-gigabitethernet0/0/0]ospf enable 1 area 0.0.0.1//can also be reached so that the port can be OSPF, but requires manual start first AREA1[R2]OSP F 1[r2-ospf-1]area 1[r2]<r1>reset OSPF 1 PROCESS[R1]OSPF 1 Router-id 0.0.0.1//set OSPF exclusive RID, way one. [r1]router ID 0.0.0.1//SET global RID, may include OSPF, BGP, etc.

HCNA Study Notes