Switch/router/firewall supported commands

Source: Internet
Author: User
1. Commands supported by the switch:
Switch Basic Status:
Switch:; ROM state, router is rommon>
hostname>; user mode
hostname#; privileged mode
Hostname (config) #; global configuration mode
Hostname (CONFIG-IF) #; interface State

Switch Password settings:
switch>enable; access to privileged mode
Switch#config terminal; Enter global configuration mode
Switch (config) #hostname;
Switch (config) #enable secret xxx; set privileged encryption password
Switch (config) #enable password xxa; set privileged non-secret password
Switch (config) #line console 0; Enter the console port
Switch (config-line) #line vty 0 4; Enter virtual terminal
Switch (config-line) #login; Allow logon
Switch (config-line) #password xx; set Login password xx
switch#exit; return command

Switch VLAN settings:
Switch#vlan database; Enter VLAN settings
Switch (VLAN) #vlan 2; Build VLAN 2
Switch (VLAN) #no VLAN 2; Delete VLAN 2
Switch (config) #int f0/1; Enter Port 1
Switch (config-if) #switchport access VLAN 2; When the front port joins VLAN 2
Switch (config-if) #switchport mode trunk; set to trunk
Switch (config-if) #switchport trunk allowed VLAN 1,2; set allowed VLANs
Switch (config-if) #switchport trunk encap dot1q; set up VLAN relay
Switch (config) #vtp domain; set the VTP name
Switch (config) #vtp password; set VTP password
Switch (config) #vtp mode server; set up hair VTP modes
Switch (config) #vtp mode client; set up the Send VTP pattern

Switch set IP address:
Switch (config) #interface vlan 1; Enter VLAN 1
Switch (config-if) #ip address; Set IP addresses
Switch (config) #ip default-gateway; Set default gateway
Switch#dir flash:; View Flash

Switch Display command:
Switch#write; Save configuration information
Switch#show VTP; View VTP configuration information
Switch#show run; View current configuration information
Switch#show VLAN; View VLAN configuration information
Switch#show interface; View port information
switch#show int f0/0; View specified port information

2. Commands supported by routers:
Router Display command:
Router#show run; Display configuration information
Router#show interface; Display interface information
Router#show IP route, displaying routing information
Router#show CDP nei; show neighbor information
Router#reload; restart


Router Password settings:
router>enable; access to privileged mode
Router#config terminal; Enter global configuration mode
Router (config) #hostname; set the host name of the switch
Router (config) #enable secret xxx; set privileged encryption password
Router (config) #enable password xxb; set privileged non-secret password
Router (config) #line console 0; Enter the console port
Router (config-line) #line vty 0 4; Enter virtual terminal
Router (config-line) #login; password Authentication required
Router (config-line) #password xx; set Login password xx
Router (config) # (CTRL+Z), returning privileged mode
router#exit; return command


Router configuration:

Router (config) #int s0/0; Enter Serail interface
Router (config-if) #no shutdown; activating the current interface
Router (config-if) #clock rate 64000; set Sync clock
Router (config-if) #ip address; Set IP addresses
Router (config-if) #ip address second; set a second IP
Router (config-if) #int f0/0.1; Enter Sub-interface
Router (CONFIG-SUBIF.1) #ip address; set Sub-interface IP
Router (CONFIG-SUBIF.1) #encapsulation dot1q; Bind VLAN Relay protocol
Router (config) #config-register 0x2142; skip configuration file
Router (config) #config-register 0x2102, normal use of configuration files
Router#reload; re-boot

Router file operations:
Router#copy running-config startup-config; Save configuration
Router#copy running-config tftp; save configuration to TFTP
Router#copy startup-config tftp; boot configuration save to TFTP
Router#copy tftp flash:; Send files to Flash
router#copy tftp startup-config; Download configuration file
Rom Status:

ctrl+break; Enter ROM monitoring status

Rommon>confreg 0x2142; Skip configuration file

Rommon>confreg 0x2102; Restore configuration file

Rommon>reset; re-boot

Rommon>copy xmodem:flash:; transfer files from console

rommon>ip_address=10.65.1.2; set Router IP

rommon>ip_subnet_mask=255.255.0.0; setting the router mask

rommon>tftp_server=10.65.1.1; Specify the TFTP server IP

Rommon>tftp_file=c2600.bin; Specify the downloaded file

rommon>tftpdnld; Download from tftp

Rommon>dir flash:; View Flash content

rommon>boot; boot iOS


Static routes:
IP route; command format
Router (config) #ip route 2.0.0.0 255.0.0.0 1.1.1.2; Static Route example
Router (config) #ip Route 0.0.0.0 0.0.0.0 1.1.1.2; default Route Example

Dynamic routing:
Router (config) #ip routing; Start routing forwarding
Router (config) #router rip; start the RIP routing protocol.
Router (config-router) #network; setting up a publishing route
Router (config-router) #negihbor, point to point Frame Relay.

Frame Relay Command:




Router (config) #frame-relay switching; enabling Frame Relay switching
Router (config-s0) #encapsulation frame-relay; enabling Frame Relay
Router (config-s0) #fram-relay lmi-type Cisco; setting Management type
Router (config-s0) #frame-relay intf-type DCE; set to DCE
Router (config-s0) #frame-relay DLCI 16;
Router (config-s0) #frame-relay LOCAL-DLCI 20; Set Virtual circuit number
Router (config-s0) #frame-relay Interface-dlci 16;
Router (config) #log-adjacency-changes; record adjacency changes
Router (config) #int s0/0.1 Point-to-Point; Set sub-interface point to Point
Router#show frame PVC; Display permanent virtual circuit
Router#show frame map; display mappings

Basic Access Control List:
Router (config) #access-list permit|deny
Router (config) #interface; Default:deny any
Router (config-if) #ip access-group in|out; default:ut
Example 1:

Router (config) #access-list 4 Permit 10.8.1.1

Router (config) #access-list 4 deny 10.8.1.0 0.0.0.255

Router (config) #access-list 4 Permit 10.8.0.0 0.0.255.255

Router (config) #access-list 4 deny 10.0.0.0 0.255.255.255

Router (config) #access-list 4 Permit any

Router (config) #int f0/0

Router (config-if) #ip Access-group 4 in

Extended Access Control List:

Access-list Permit|deny ICMP
Wild>[type]
Access-list Permit|deny TCP
Wild>[port]
Example 3:
Router (config) #access-list deny ICMP any 10.64.0.2 0.0.0.0 Echo
Router (config) #access-list permit ip any anyrouter (config) #int s0/0
Router (config-if) #ip Access-group
Example 3:
Router (config) #access-list 102 deny TCP/10.65.0.2 0.0.0.0 EQ 80
Router (config) #access-list 102 permit IP any any
Router (config) #interface S0/1
Router (config-if) #ip Access-group 102 out


Protocol routing Protocol Router configuration switch configuration encryption previous Page 1 2
Qqread.com launches Windows2003 Tutorial
Win2003 Installation Introduction Win2003 network optimization win2003 use skills
Win2003 System Fault Server configuration expert answer





Frame Relay Command:

Router (config) #frame-relay switching, enabling Frame Relay switching Router (CONFIG-S0) #encapsulation frame-relay; enabling Frame Relay Router (CONFIG-S0) # Fram-relay lmi-type Cisco; Set Management type router (CONFIG-S0) #frame-relay intf-type DCE; set to Dcerouter (CONFIG-S0) #frame-relay DLCI Router (config-s0) #frame-relay Local-dlci 20; Set up virtual circuit number Router (CONFIG-S0) #frame-relay Interface-dlci ( config) #log-adjacency-changes; record adjacency change router (config) #int s0/0.1 Point-to-Point; Set sub-interface point-to-point router#show frame PVC Display permanent virtual circuit router#show frame map; Display map



Basic Access Control List:

Router (config) #access-list permit|deny Router (config) #interface; Default:deny anyrouter (config-if) #ip Access-group In|out; Default:ut.
Example 1:

Router (config) #access-list 4 Permit 10.8.1.1

Router (config) #access-list 4 deny 10.8.1.0 0.0.0.255

Router (config) #access-list 4 Permit 10.8.0.0 0.0.255.255

Router (config) #access-list 4 deny 10.0.0.0 0.255.255.255

Router (config) #access-list 4 Permit any

Router (config) #int f0/0

Router (config-if) #ip Access-group 4 in



Extended access Control list: Access-list permit|deny ICMP wild>[type]access-list permit|deny TCP Wild>[port] example 3:router (config) # Access-list ' deny ICMP any 10.64.0.2 0.0.0.0 echorouter (config) #access-list-Permit ip any Anyrouter (config) #int s0/ 0router (config-if) #ip access-group in case 3:router (config) #access-list 102 deny TCP any 10.65.0.2 0.0.0.0 eq 80router (con FIG) #access-list 102 Permit ip any Anyrouter (config) #interface s0/1router (config-if) #ip Access-group 102 out


To delete an Access control example table:

Router (config) #no access-list 102

Router (config-if) #no IP access-group

NAT configuration for Routers

Router (config-if) #ip nat inside; The current interface is specified as an internal interface
Router (config-if) #ip Nat outside; The current interface is specified as an external interface
Router (config) #ip nat inside source static [P] < private ip>< public network ip> [Port]
Router (config) #ip nat inside source static 10.65.1.2 60.1.1.1
Router (config) #ip nat inside source static TCP 10.65.1.3 80 60.1.1.1 80
Router (config) #ip nat pool P1 60.1.1.1 60.1.1.20 255.255.255.0
Router (config) #ip nat inside source list 1 pool P1
Router (config) #ip nat inside Destination List 2 pool P2
Router (config) #ip nat inside source List 2 interface s0/0 overload
Router (config) #ip nat pool P2 10.65.1.2 10.65.1.4 255.255.255.0 type rotary
The Router#show IP nat translationrotary parameter is meant to be rotated, and IP rotation in the address pool matches the address of the NAT assignment. The overload parameter is used for Pat to map the internal IP to a different port on a public network IP.


External Gateway Protocol configuration:

Routera (config) #router BGP 100
Routera (config-router) #network 19.0.0.0
Routera (config-router) #neighbor 8.1.1.2 Remote-as 200

To configure PPP authentication:

Routera (config) #username password
Routera (config) #int S0
Routera (config-if) #ppp authentication {CHAP|PAP}
3. PIX Firewall Commands



Pix525 (config) #nameif ethernet0 outside security0; naming interfaces and levels
Pix525 (config) #interface ethernet0 auto; set interface mode
Pix525 (config) #interface ethernet1 100full; set interface mode
Pix525 (config) #interface ethernet1 100full shutdown
Pix525 (config) #ip address inside 192.168.0.1 255.255.255.0
Pix525 (config) #ip address outside 133.0.0.1 255.255.255.252
Pix525 (config) #global (if_name) Natid ip-ip; define public IP interval
Pix525 (config) #global (outside) 1 7.0.0.1-7.0.0.15;
Pix525 (config) #global (outside) 1 133.0.0.1;
Pix525 (config) #no Global (outside) 1 133.0.0.1; Remove settings
Pix525 (config) #nat (if_name) nat_id local_ip [Netmark]
Pix525 (config) #nat (inside) 1 0 0 Intranet all hosts (0 for 0.0.0.0) can access the global 1-specified extranet.
Pix525 (config) #nat (inside) 1 172.16.5.0 255.255.0.0 Intranet 172.16.5.0/16 Network segment hosts can access the global 1 specified extranet.
Pix525 (config) #route if_name 0 0 gateway_ip [metric]; command format
Pix525 (config) #route outside 0 0 133.0.0.1 1;
Pix525 (config) #route inside 10.1.0.0 255.255.0.0 10.8.0.1 1;
Pix525 (config) #static (inside, outside) 133.0.0.1 192.168.0.8 represents the internal IP address 192.168.0.8, which is translated to the 133.0.0.1 global address when it is externally accessed.
The Pix525 (config) #static (DMZ, outside) 133.0.0.1 172.16.0.8 the IP address 172.16.0.8 of the middle zone, which is translated to the 133.0.0.1 global address when it is accessed externally. Posted @ 2008-06-28 18:30 Wahaha Read (102) | Comments (0) | Edit the bookmark symbol flag in Cisco. ---character represents the switch receiving a response response;
. ---request timed out;
U---Destination can not be achieved;
。 ---the unknown packet type;
&---packets exceeding the lifetime;
C---Packets received have experienced congestion;
I---user interrupt test;

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.