This is a short summary of every kind of stuff from cisco's netacad courses and from Network Administration books:

Network Administration 1

Network Administration 2

Glance through Modes paragraph, it will help you to understand this guide better.

Each command has to be launched in specific scope, so here are every command used in this guide to enter into specific scope.

Example:

Show all VLANs (exec)

(means that "show all vlans" command can be launched only from exec mode)

you have to type enable in the console

Exec (exec)

enable

Configuration (config)

enable
configure terminal

Interface (config-if)

enable
configure terminal
interface {interface}{port}

choose interface range, for 1 and more interfaces

interface range {interface}{port_start} - {port_end}, {interface}{port_start} - {port_end}

Vlan (config-vlan)

enable
configure terminal
vlan {vlan_id}

Console Line (config-con)

enable
configure terminal
line con 0

Console VTY (config-vty)

enable
configure terminal
line vty 0 15

Router EIGRP (eigrp)

enable
configure terminal
router eigrp {process_id}

Ipv6 Router EIGRP (eigrp-ipv6)

enable
configure terminal
ipv6 router eigrp {process_id}

Router OSPF (ospf)

enable
configure terminal
router ospf {process_id}

Ipv6 Router OSPF (ospf-ipv6)

enable
configure terminal
router ospf {process_id}

1. Create Vlan and assign name (config)

    vlan {number}
    name {vlan-name}
   

2. Adding interfaces to Vlan

    interface {interface}{port}
    switchport mode access
    switchport access vlan {number}
   

3. Activating "Trunk Mode" for external interfaces

    interface {ext_interface}{port}
    switchport mode trunk
   

   Router - Switch connection interface

4. Create subinterfaces on the router and point them

    interface {interface}{port}.{vlan_num}
    encapsulation dot1Q {vlan_num}
    ip address {ip} {subnet_mask}
    no shut
   

   IP of the router that we want to assign this interface to

1. Create VLANS

    vlan {vlan-num}
    name {vlan-name}
   

2. Configure Switch Virtual Interfaces on L3 Switch (config)

    interface vlan {vlan-num}
    ip address {ip-address} {mask}
   

3. Configure Trunking on L3 Switch.

    interface {outside-interface} {port}
    switchport mode trunk
    switchport trunk native vlan {native-vlan-num}
   

4. Enable routing.

    ip rouing
   

Add native VLAN to trunk port (config)

inteface {exit_interface}{port}
switchport mode trunk
switchport trunk native vlan {number}

Enable Dynamic trunking protocol {DTP} (config-if)

switchport mode dynamic {desirable/auto}

Enable no negotiate (config-if)

switchport nonegotiate

Enable voice in VLAN (config-if)

mls qos trust cos
switchport voice vlan {number}

Secure Shell (SSH) is a protocol that provides remote Secure (encrypted) managed connection to the device.

1. IP domain configuration

    ip domain-name {your.link}`
   

2. RSA key pair generation

    crypto key generate rsa
   

3. User authentication configuration

    username {name} secret {password}
   

4. VTY lines configuration

    line vty 0 15
    transport input ssh
    login local
    exit
   

5. Enable SSH ver. 2

    ip ssh version 2
    exit
   

See SSH configuration (exec)

show ip ssh

Delete RSA key

crypto key zeroize rsa

ip route {destination_ip} {destination_subnet} {route - [ip/interface]}

Default route

ip route 0.0.0.0 0.0.0.0 {route - [ip/interface]}

Example:

172.16.2.0 / 26
172.16.1.128 / 25
172.16.1.0 / 25
172.16.0.0 / 24

each adress include 172.16

172.16.00000010.00000000
172.16.00000001.10000000
172.16.00000001.00000000
172.16.00000000.00000000

so to calculate the mask, we need to count numbers that adresses do not share. in this case, after 172.16.000000 10 numbers are coming, subnet mask is 32 - 10 and we get ip summary of: 172.16.0.0 / 22

we get ip adress range from 172.16.0.0 to 172.16.3.255

(config)

1. Enable the EIGRP routing process.

    router eigrp {process-num}
   

2. Assign a router ID.

    eigrp router-id {A.B.C.D}
   

   eigrp router-id 1.1.1.1

3. Advertise directly connected networks.

    network {ip_address} {wildcard}
   

   add networks to router eigrp config, that are directly connected to router through interface ports

4. Configure passive interfaces. (eigrp)

    passive-interface {interface}{port}`
   

   usually you should add ports, which are connected to switches or devices

Disable automatic summarization.

no auto-summary

Propagate the default route in EIGRP. (eigrp)

redistribute static

Hello interval

ip hello-interval eigrp {process-num} {interval}

Make every interface passive (eigrp)

passive-interface default

Display routing protocol parameters

show ip protocols

EIGRP investigation commands

show ip eigrp topology
show ip eigrp interfaces
show ip eigrp neighbors

config

1. Enable IPv6 routing. (config)

    ipv6 unicast-routing
   

2. Enable EIGRP for IPv6 routing.

    ipv6 router eigrp {process-num}
    no shutdown
   

3. Assign a router ID

    eigrp router-id {A.B.C.D}
   

4. Configure EIGRP for IPv6 on each interface (config)

    interface {interface} {port}
    ipv6 eigrp {process-num}
   

5. Configure passive interfaces. (ipv6-eigrp)

    passive-interface {interface}{port}
   

router eigrp 1
metric weights tos
metric weights 0 0 0 0 0 0

in case ISP has static routing, run these commands to other routers

router eigrp {number}`
redistribute static`

Router (conf)

1. Configure router IDs. (config)

    route ospf {num}
    router-id {process_id}
   

2. Configure Networks for OSPF Routing

   Configure networks with wildcard masks. (config-router)

    network {ip_address} {wildcard_mask} area {number}
   

   Or Configure OSPF routing on router interfaces. (config)

    interface {interface}{port}
    ip ospf {process-id} area {area-id}
   

3. Configure Passive Interfaces (config) router ospf {num} passive-interface {outside-interface}{port}

Propagate the default route in ospf. (ospf)

default-information originate

Summarization between areas. (ospf)

area {area-id} range {ip} {mask}

Hello and Dead intervals (config-if)

ip ospf hello-interval {interval}

ip ospf dead-interval {interval}

config

1. Enable IPv6 routing. (config)

    ipv6 unicast-routing
   

2. Enable OSPF for IPv6 routing.

    ipv6 router ospf {process-num}
   

3. Assign a router ID

    router-id {A.B.C.D}
   

4. Configure EIGRP for IPv6 on each interface (config)

    interface {interface} {port}
    ipv6 ospf {process-num} area {area}
   

5. Configure passive interfaces. (ipv6-eigrp)

    passive-interface {interface}{port}
   

DR - Designated Router
BDR - Backup Designated Router
DROTH - Designated Router OTHer\

DR is elected in ospf network by highest priority.
BDR is elected in ospf network by second highest priority.
DROTH is elected automatically if neither DR nor BDR is obtained\

in order to assign DR or BDR to specific routers

1. Assign highest priority to desired router port

    interface {interface1}{port1}
    ip ospf priority {priority-num}
   

2. Assign second highest priority to desired router port

    interface {interface2}{port2}
    ip ospf priority {priority-num}
   

3. Clear every neighbor router processes in order to start election (exec)

    clear ip ospf processess
   

4. Wait and check each router's ospf interface brief and neighbors

    show ip ospf neighbor
    show ip ospf interface brief
   

Propagate the route in OSPF.

ip route {ip} {mask} {interface}{port}
router ospf 1
default-information originate

Make every interface passive (ospf)

passive-interface default

Show ip routes learned through OSPF.

show ip route ospf
show ip ospf neighbor {interface}{port}
show ip ospf interface {interface}{port}

Router (conf)

Run these commands to each router and network

route rip
version 2
network {neighbor_router_ip_address}

1. Configure static NAT statements.

   inside ips are like 192.168.x.x / 172.16.x.x / 10.x.x.x
   outside ips can be anything.

    ip nat inside source static {inside-ip} {outside-ip}
   

2. Configure inside interfaces.

   interface where user is connected to. Usually g0/0

    interface {interface}{port}
    ip nat inside
   

3. Configure outside interfaces.

   interfaces where router reaches outside networks. Usually s0/0/0

    interface {interface}{port}
    ip nat outside
   

1. Configure traffic that will be permitted. (config)

    access-list {acl-num} permit {inside-network-ip} {wildcard-mask}
   

2. Configure a pool of address for NAT. (config)

    ip nat pool {any_pool_name} {nat-start-ip} {nat-end-ip} netmask {network-mask}
   

3. Associate ACL with the NAT pool. (config)

    ip nat inside source list {acl-num} pool {your-pool-name}
   

4. Configure inside interfaces.

    interface {interface}{port}
    ip nat inside
   

5. Configure outside interfaces.

    interface {interface}{port}
    ip nat outside
   

1. Configure traffic that will be permitted. (config)

    access-list {acl-num} permit {inside-network-ip} {wildcard-mask}
   

2. Configure a pool of address for NAT. (config)

    ip nat pool {any_pool_name} {nat-start-ip} {nat-end-ip} netmask {network-mask}
   

3. Associate ACL with the NAT pool and allow addresses to be reused. (config)

    ip nat inside source list {acl-num} pool {your-pool-name} overload
   

4. Configure inside interfaces.

    interface {interface}{port}
    ip nat inside
   

5. Configure outside interfaces.

    interface {interface}{port}
    ip nat outside
   

• Permit ip addressed other way (might be needed)

    ip access-list standard {acl-name}
    permit {network-ip} {wildcard-mask}
  

• Step 3 alternative
  Associate ACL with the NAT interface and allow addresses to be reused.

    ip nat inside source list {acl-num} interface {outside-interface-port} overload
  

NAT investigation commands. (exec)

show running-config | include nat
show ip nat translations
show ip nat statistics

Create standard ACL. (config)

ip access-list standard {word | 1-99}

Create extended ACL. (config)

ip access-list extended {word | 100-199}

Add record to standard ACL. (config)

ip access-list standard {word|1-99}
[permit|deny] {ip} {wildcard-mask}

Add record to standard ACL other way. (config)

access-list {1-99} [permit|deny] {ip} {wildcard-mask}

Add ip record to extended ACL. (config)

ip access-list extended {acl-name|100-199}
[permit|deny] {source-ip} {source-wildcard} {dest-ip} {dest-wildcard}

Add ip record to extended ACL other way. (config)

access-list {100-199} [permit|deny] {source-ip} {source-wildcard} {dest-ip} {dest-wildcard}

Use ACL inside interface. (config-if)

ip access-group {1-199 | acl-name} [in|out]

Use ACL inside line. (config-line)

ip access-class {acl-name} [in|out]

ACL investigation commands. (exec)

show ip access-lists

Router (conf)

ip dhcp pool {name}
default-router {target_ip}
network {ip-start-point} {subnet-mask}
dns-server {dns_address}`

network is usually like - 192.168.100.0 255.255.255.0
dns-server is usually like - 8.8.8.8

Exclude IPs

ip dhcp excluded -address {ip-start-point} {ip-end-point}

Server

Desktop -> IP Configuration: Static
and assign all needed IPs

services -> DHCP

pool name: {name}
default geteway: {target}
DNS server: {address}
start IP Address : ip_start_point
subnet mask: {subnet} maximum numbers of Users: {0 - 255}

Save

run these commands in router for each dhcp (if exists)

• interface {interface} {port}
• ip helper-address {dhcp_server_ip

1. Enable ipv6 routing (config)

    ipv6 unicast-routing
   

2. Set ipv6 address

    ipv6 address {address}
   

3. Set link-local to ipv6

    ipv6 address {address} link-local
   

Configure port-security(config-if)

Give mac address to port

switchport port-security mac-address {address/sticky}

sticky assigns mac-addresses dynamicly

Restrict maximum amount of given mac addresses

switchport port-security maximum {0-15}

Add action on security violation

switchport port-security violation {shutdown/restrict/protect}

Show all VLANs (exec)

show vlan brief

Show all interfaces (exec)

show ip interface brief

Verify ip routes (exec)

show ip route

Verify ipv6 routes (exec)

show ipv6 route

Show running config (exec)

show running-config

Save running config to startup config (exec)

copy running-config startup-config

Destination filename [startup-config]? [Enter]

Erase startup config (exec)

erase startup-config
reload

Show flash memory

show flash

Delete file

delete {file}

Show mac address table (exec)

show mac address-table (dynamic/static/NONE)

Display system hardware and software status (exec)

show version

Display history of command entered (exec)

show history

Clear dynamic mac address table (exec)

clear mac address-table dynamic

Hostname (config)

hostname {name}

Enable secret (config)

enable secret {password}

Enable password (config)

enable password {password}

Enable Password-Encryption (config)

service password-encryption

Set password min-length (config)

security passwords min-length

Banner (config)

banner motd #
{message}#

Enter TEXT message. End with the character #.

Description (config-if)

description {text}

Restrict unwanted DNS lookup (config)

no ip domain-lookup

Block line logins after unsuccessful attempts (config)

login block-for {seconds} attempts {num_of_tries} within {second}

Set clock (config)

clock set 15:20:00 12 Nov 2020

Enable Duplex (config-if)

Full-duplex communication increases bandwidth efficiency by allowing both ends of a connection to transmit and receive data simultaneously

duplex full
speed {value}

val is usually - 100

Auto-MDIX (config-if)

With auto-MDIX enabled, either type of cable can be used to connect to other devices, and the interface automatically adjusts to communicate successfully

mdix auto

See mdix state

show controllers ethernet-controller {interface}{port} phy | include MDIX

Disconect after inactivity

exec-timeout {minutes} {seconds}

Enable Synchronous logging(con):

logging synchronous