Download - Ccna
INITIAL CONFIGURATION OF ROUTER:
Connect one end of console cable to console port of router and other end of cable to your computer’s com port. Now open Hyper-terminal and power on the router.
User mode:Router > Router > enable Privilege mode : Router #Router # config terminal
Global configuration mode: Router(config) #
Assigning ip address to Ethernet interface:Router(config) # interface <interface type> <interface no>Router(config-if) # ip address <ip address> <subnet mask> (Interface mode)Router(config-if) # no shut Assigning Telnet password:Router(config) # line vty 0 4Router(config-line) #login (line mode)Router(config-line) #password <password>Router(config-line) #exitRouter(config) #exit
Assigning console password:Router(config) # line con 0Router(config-line) # login (line mode)Router(config-line) # password <password>Router(config-line) # exitRouter(config) # exit Assigning Auxiliary password:Router(config) # line aux 0Router(config-line) # login (line mode)Router(config-line) # password <password>Router(config-line) # exitRouter(config) # exit
Assigning enable password:Router(config) # enable secret <password> (To encrypt the password)Router(config) # enable password <password>
1
Show commands:
Router # show running-configRouter # show startup-configRouter # show versionRouter # show flash
Commands to save the configuration:
Router # copy running-config startup-config( OR )
Router # write memory( OR )
Router # wr
2
Wan interface configuration:
LAN - 192.168.1.0/24 LAN - 192.168.2.0/24 LAN - 192.168.3.0/24
10.0.0.1/8S0/0
11.0.0.1/8S0/0
E0 192.168.1.150/24
HYDE0 192.168.2.150/24
CHEE0 192.168.3.150/24
BANS0/110.0.0.2/8
S0/111.0.0.2/8
3
ON HYD:
HYD # configure terminalHYD (config) # interface serial 0/0HYD (config-if) # ip address 10.0.0.1 255.0.0.0 (This is DTE interface)HYD (config-if) # no shutdownHYD (config-if) # encapsulation hdlcHYD (config-if) # exitHYD (config) # exit
ON CHE :
CHE # configure terminalCHE (config) # interface serial 0/1CHE (config-if) # ip address 10.0.0.2 255.0.0.0CHE (config-if) # no shutdownCHE (config-if) # clockrate 64000(clock rate Applies for DCE interfaces)CHE (config-if) # encapsulation hdlcCHE (config-if) # exitCHE (config) # exitCHE # configure terminalCHE (config) # interface serial 0CHE (config-if) # ip address 11.0.0.1 255.0.0.0CHE (config-if) # no shutdownCHE (config-if) # encapsulation hdlcCHE (config-if) # clock rate 64000 (Applies for DCE interfaces)CHE (config-if) # exit CHE (config) # exit
ON BAN :
BAN # configure terminalBAN (config) # interface serial BAN (config-if) # ip address 11.0.0.2 255.0.0.0BAN (config-if) # no shutdownBAN (config-if) # encapsulation hdlcBAN (config-if) # exitBAN (config) # exit
4
Trouble shooting commands:
Router # show interfaces (s 0/0 or s 0/1)
1. Serial is up , line protocol is up (connectivity is fine)2. Serial is administratively down, line protocol is down
(No Shutdown has to be given on the local router serial interface)3. Serial is up, line protocol is down (Encapsulation mismatch or clock rate has to be given on dce)4. Serial is down, line protocol is down (Serial interface on the remote router has to be configured)
Router # show controllers (s0/0 or s0/1)
(To know whether the cable connected to the serial interface is DCE or DTE)
ROUTING
5
STATIC ROUTING:
ON HYD :
HYD # config terminalHYD(config) # ip routingHYD(config) # ip route 192.168.2.0 255.255.255.0 10.0.0.2HYD(config) # ip route 192.168.3.0 255.255.255.0 10.0.0.2HYD(config) # ip route 11.0.0.0 255.0.0.0 10.0.0.2
HYD # show ip route
C 192.168.1.0/24 is directly connected on Ethernet 0/0C 10.0.0.0/8 is directly connected on serial 0/0S 192.168.2.0/24 via [1/0] 10.0.0.2 S 192.168.3.0/24 via [1/0] 10.0.0.2S 11.0.0.0/8 via [1/0] 10.0.0.2
ON CHE :
CHE # config terminalCHE(config) # ip routingCHE(config) # ip route 192.168.1.0 255.255.255.0 10.0.0.1CHE(config) # ip route 192.168.3.0 255.255.255.0 11.0.0.2
CHE # show ip route
C 192.168.2.0/24 is directly connected on Ethernet 0/0C 10.0.0.0/8 is directly connected on serial 0/1C 11.0.0.0/8 is direc
ON BAN :
E0 192.168.1.150/24
HYD
LAN - 192.168.1.0/24
E0 192.168.2.150/24
CHE
LAN - 192.168.2.0/24
E0 192.168.3.150/24
BAN
LAN - 192.168.3.0/24
10.0.0.1/8S0
S110.0.0.2/8
11.0.0.1/8S0
S111.0.0.2/8
6
BAN # config terminalBAN(config) # ip routingBAN(config) # ip route 192.168.2.0 255.255.255.0 11.0.0.1BAN(config) # ip route 192.168.1.0 255.255.255.0 11.0.0.1BAN(config) # ip route 10.0.0.0 255.0.0.0 11.0.0.1
BAN # show ip route
DEFAULT ROUTING:
ON HYD give default route.
HYD # config terminalHYD(config) # ip routingHYD(config) # ip route 0.0.0.0 0.0.0.0 s0
HYD # show ip route
ON CHE give static route.
CHE # config terminalCHE(config) # ip routingCHE(config) # ip route 192.168.1.0 255.255.255.0 10.0.0.1CHE(config) # ip route 192.168.3.0 255.255.255.0 11.0.0.2
CHE # show ip route
ON BAN give default route.
BAN # config terminalBAN(config) # ip routingBAN(config) # ip route 0.0.0.0 0.0.0.0 s1
BAN # show ip route
DYNAMIC ROUTING:
RIP : (Routing information protocol)
ON HYD :
7
HYD # config terminalHYD(config) # ip routingHYD(config) # router ripHYD(config-router) # network 192.168.1.0HYD(config-router) # network 10.0.0.0HYD(config-router) # exitHYD(config) # exit
HYD # show ip route
ON CHE :CHE # config terminalCHE(config) # ip routingCHE(config) # router ripCHE(config-router) # network 192.168.2.0CHE(config-router) # network 10.0.0.0CHE(config-router) # network 11.0.0.0CHE(config-router) # exitCHE(config) # exit
CHE # show ip route
ON BAN:
BAN # config terminalBAN(config) # ip routingBAN(config) # router ripBAN(config-router) # network 192.168.3.0BAN(config-router) # network 11.0.0.0BAN(config-router) # exitBAN(config) # exit
BAN # show ip route
IGRP:(Interior gateway routing protocol)
ON HYD:
HYD # config terminalHYD(config) # ip routingHYD(config) # router igrp 10HYD(config-router) # network 192.168.1.0HYD(config-router) # network 10.0.0.0HYD(config-router) # exitHYD(config) # exit
HYD # show ip route
ON CHE:
CHE # config terminalCHE(config) # ip routingCHE(config) # router igrp 10CHE(config-router) # network 192.168.2.0
8
CHE(config-router) # network 10.0.0.0CHE(config-router) # network 11.0.0.0CHE(config-router) # exitCHE(config) # exit
CHE # show ip route
ON BAN:
BAN # config terminalBAN(config) # ip routingBAN(config) # router igrp 10BAN(config-router) # network 192.168.3.0BAN(config-router) # network 11.0.0.0BAN(config-router) # exitBAN(config) # exit
BAN # show ip route
EIGRP: (Enhanced interior gateway protocol)
ON HYD:
HYD # config terminalHYD(config) # ip routingHYD(config) # router eigrp 10HYD(config-router) # network 192.168.1.0HYD(config-router) # network 10.0.0.0HYD(config-router) # exitHYD(config) # exit
HYD # show ip route
ON CHE:
CHE # config terminalCHE(config) # ip routingCHE(config) # router eigrp 10CHE(config-router) # network 192.168.2.0CHE(config-router) # network 10.0.0.0CHE(config-router) # network 11.0.0.0CHE(config-router) # exitCHE(config) # exit
CHE # show ip route
ON BAN:
9
BAN # config terminalBAN(config) # ip routingBAN(config) # router eigrp 10BAN(config-router) # network 192.168.3.0BAN(config-router) # network 11.0.0.0BAN(config-router) # exitBAN(config) # exit
BAN # show ip route
OSPF: (Open shortest path first)
Single Area ospf:
ON HYD:
HYD # config terminalHYD(config) # ip routingHYD(config) # router ospf 2HYD(config-router) # network 192.168.1.0 0.0.0.255 area 0HYD(config-router) # network 10.0.0.0 0.255.255.255 area 0HYD(config-router) # exitHYD(config) # exit
E0 192.168.1.150/24
HYD
LAN - 192.168.1.0/24
E0 192.168.2.150/24
CHE
LAN - 192.168.2.0/24
BAN
LAN - 192.168.3.0/24
10.0.0.1/8S0
S110.0.0.2/8
11.0.0.1/8S0
S111.0.0.2/8
AREA 0
E0 192.168.3.150/24
10
HYD # show ip routeHYD # show ip ospf databaseHYD # show ip ospf neighbors
ON CHE:
CHE # config terminalCHE(config) # ip routingCHE(config) # router ospf 2CHE(config-router) # network 192.168.2.0 0.0.0.255 area 0CHE(config-router) # network 10.0.0.0 0.255.255.255 area 0CHE(config-router) # network 11.0.0.0 0.255.255.255 area 0CHE(config-router) # exitCHE(config) # exit
CHE # show ip routeCHE # show ip ospf databaseCHE # show ip ospf neighbors
ON BAN:
BAN # config terminalBAN(config) # ip routingBAN(config) # router ospf 2BAN(config-router) # network 192.168.3.0 0.0.0.255 area 0BAN(config-router) # network 11.0.0.0 0.255.255.255 area 0BAN(config-router) # exitBAN(config) # exit
BAN # show ip routeBAN # show ip ospf databaseBAN # show ip ospf neighbors
Multiple Area ospf:
11
ON HYD:
HYD # config terminalHYD(config) # ip routingHYD(config) # router ospf 1HYD(config-router) # network 192.168.1.0 0.0.0.255 area 1HYD(config-router) # network 10.0.0.0 0.255.255.255 area 1HYD(config-router) # exitHYD(config) # exit
HYD # show ip routeHYD # show ip ospf databaseHYD # show ip ospf neighbors
ON CHE:
CHE # config terminalCHE(config) # ip routingCHE(config) # router ospf 2CHE(config-router) # network 192.168.2.0 0.0.0.255 area 0CHE(config-router) # network 10.0.0.0 0.255.255.255 area 1CHE(config-router) # network 11.0.0.0 0.255.255.255 area 2CHE(config-router) # exitCHE(config) # exit
CHE # show ip routeCHE # show ip ospf databaseCHE # show ip ospf neighbors
ON BAN:
E0 192.168.1.150/24
HYD
LAN - 192.168.1.0/24
E0 192.168.2.150/24
CHE
LAN - 192.168.2.0/24
E0 192.168.3.150/24
BAN
LAN - 192.168.3.0/24
10.0.0.1/8S0
S110.0.0.2/8
11.0.0.1/8S0
S111.0.0.2/8
AREA 0
AREA 1 AREA 2
12
BAN # config terminalBAN(config) # ip routingBAN(config) # router ospf 3BAN(config-router) # network 192.168.3.0 0.0.0.255 area 2BAN(config-router) # network 11.0.0.0 0.255.255.255 area 2BAN(config-router) # exitBAN(config) # exit
BAN # show ip routeBAN # show ip ospf databaseBAN # show ip ospf neighbors
ACCESS-LIST:
Standard access-list:
SCENARIO 1:
Network 192.168.1.0 should not communicate with network 192.168.2.0
ON CHE:
CHE #config terminalCHE (config) # access-list 1 deny 192.168.1.0 0.0.0.255 CHE (config) # access-list 1 permit anyCHE (config) # int e0CHE (config-if) # ip access-group 1 outCHE (config-if) # exitCHE (config) # exit
Che # show ip access-list
Note: Use the command prompt of a PC try to ping the filtered ip address.
SCENARIO 2:
192.168.1.1 should not communicate with network 192.168.2.0
ON CHE:
CHE #config terminalCHE (config) # access-list 1 deny 192.168.1.1 0.0.0.0 CHE (config) # access-list 1 permit anyCHE (config) # int e0CHE (config-if) # ip access-group 1 outCHE (config-if) # exitCHE (config) # exit
CHE # show ip access-list
13
SCENARIO 3:
Restricting telnet access using standard access-list
Network 192.168.1.0 should not telnet 192.168.2.150 router
ON CHE:
CHE #config terminalCHE (config) # access-list 1 deny 192.168.1.0 0.0.0.255CHE (config) #access-list 1 deny 10.0.0.0 0.255.255.255 (To deny from Hyderabad Router )CHE (config) # access-list 1 permit anyCHE (config) # line vty 0 4CHE (config-line) # access-class 1 inCHE (config-line) # exitCHE (config) # exit
Extended access-list:
SCENARIO :1
Network 192.168.2.0 should not access the web services of 192.168.3.1
On CHE:
CHE # config terminalCHE (config) # access-list 100 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80CHE (config) # access-list 100 permit ip any anyCHE (config) #interface e0CHE (config-if) # ip access- group 100 inCHE (config-if) #exitCHE (config) # exit
CHE # sh ip access-list
SCENARIO :2
Network 192.168.1.0 should not access the telnet services of 192.168.2.150
On CHE:
CHE # config terminalCHE (config) # access-list 100 deny tcp 192.168.1.0 0.0.0.255 192.168.2.150 0.0.0.0 eq telnetCHE (config) # access-list 100 permit ip any anyCHE (config) #interface s1CHE (config-if) # ip access- group 100 inCHE (config-if) #exitCHE (config) # exit
CHE # sh ip access-list
SCENARIO :3
192.168.2.1 should not ping 192.168.3.1
On CHE:
14
CHE # config terminal CHE (config) # access-list 100 deny icmp 192.168.2.1 0.0.0.0 192.168.3.1 0.0.0.0 echo CHE (config) # access-list 100 permit ip any any CHE (config) #interface e0 CHE (config-if) # ip access- group 100 in CHE (config-if) #exit CHE (config) # exit
CHE # sh ip access-list
SWITCH CONFIGURATION
INITIAL CONFIGURATION OF A SWITCH:
Connect one end of console cable to console port of switch and other end of cable to your computer’s com port. Now open Hyper-terminal and power on the switch.
Would you like to enter into initial configuration dialog (yes/no): no
2950>en2950#config terminal2950(config) # interface vlan 12950(config-if) # ip address <ip address> <subnet mask>2950(config-if) # no shutdown2950(config-if) # exit2950(config) # line vty 0 42950(config-line) # login2950(config-line) # password <password>2950(config) # line con 02950(config-line) # login2950(config-line) # password <password>2950(config) #enable secret < password>2950(config) #enable password < password>2950(config) #exit2950 # write
VLAN CREATION:
2950 # config terminal2950(config) # vlan <vlan no>2950(config-vlan) # name <name>
ASSIGNING MEMBERSHIP TO THE PORTS:
15
2950(config) # interface <interface type> <slot no/port no>2950(config-if) # switchport mode access2950(config-if) # switchport access vlan <vlan no> 2950(config-if) # exit2950(config)#exit
TRUNKING:2950 # config terminal2950(config) #interface <interface type> <slot no/port no>2950(config-if) # switchport mode trunk 2950(config-if) # switchport trunk allowed vlan all2950(config-if) # exit2950(config) # exit
INTEGRTED SERVICE DIGITAL NETWORK (ISDN)
Site to internet configuration:
c:\> telnet 192.168.20.150
ISDN for Internet Configuration
NT1
ISDN SWITCH
S/T Cable
2 wires(Copper)RJ-45
Connector
U-Line
LAN - 192.168.20.0/24
E0 192.168.20.150
BRI0
TELCO
INTERNET
16
ISDN>enablePassword:ISDN # configure terminalISDN (config) # interface bri 0ISDN (config-if) # ip add negotiatedISDN (config-if) #no shutISDN (config-if) # encapsulation pppISDN (config-if) # ppp authentication pap chap callinISDN (config-if) # ppp pap sent-username <username> password <password>ISDN (config-if) # ppp chap hostname <username> ISDN (config-if) # ppp chap password <password>ISDN (config-if) # dialer string <tel.phone no.>ISDN (config-if) # dialer idle-timeout 120ISDN (config-if) # dialer-group 5ISDN (config-if) # exitISDN (config) # isdn switch-type basic-net3ISDN (config) #interface e 0ISDN (config-if) # ip nat insideISDN (config-if) # exitISDN (config) # interface bri 0ISDN (config-if) # ip nat outsideISDN (config-if) # exitISDN (config) # access-list 1 permit 192.168.20.0 0.0.0.0255ISDN (config) # ip nat inside source list 1 interface bri 0 overloadISDN (config) # dialer-list 5 protocol ip permitISDN (config) # ip routingISDN (config) # ip route 0.0.0.0 0.0.0.0 bri 0ISDN (config) # ip name-server 61.0.0.5ISDN (config) # ip domain-lookupISDN (config) # exit
TROUBLESHOOTING COMMANDS :
ISDN # show isdn statusISDN # show isdn activeISDN # show isdn historyISDN # show int bri 0ISDN # show ip routeISDN #show ip nat translations
FRAME-RELAY
17
ON HYD:
C :\> telnet 192.168.1.150
HYD > enablePassword:HYD # config terminalHYD (config) # interface s 0HYD (config-if) # ip add 10.0.0.1 255.0.0.0HYD (config-if) # no shutHYD (config-if) #encapsulation frame-relayHYD (config-if) #frame-relay lmi-type ciscoHYD (config-if) #frame-relay interface–dlci 100HYD (config-if) #exitHYD (config) # ip routingHYD (config) # router ripHYD (config-router) # network 192.168.1.0HYD (config-router) # network 10.0.0.0
TROUBLESHOOTING COMMANDS:
Frame-Relay - Network Diagram
E0 192.168.1.150/24
HYD
LAN - 192.168.1.0/24
E0 192.168.2.150/24
CHE
LAN - 192.168.2.0/24
E0 192.168.3.150/24
BAN
LAN - 192.168.3.0/24
10.0.0.1/8S0
S110.0.0.2/8
DLCI NO : 100 DLCI NO : 200
FRAME-RELAYSWICH
18
HYD # show frame-relay pvcHYD # show frame-relay mapHYD # show ip route
FRAME-RELAY SWITCH CONFIGURATION:
ON CHE:
C :\> telnet 192.168.2.150
CHE > enablePassword:CHE # config terminalCHE (config) # frame-relay switching
FRS interface to HYDERABAD
CHE (config) # interface s 1CHE (config-if) # no ip addCHE (config-if) # no shutCHE (config-if) # encapsulation frame-relayCHE (config-if) # clockrate 64000CHE (config-if) # frame-relay intf-type dceCHE (config-if) # frame-relay lmi-type ciscoCHE (config-if) # frame-relay route 100 interface s0 200CHE (config-if) # exitCHE (config) # exit
FRS interface to BANGALORE
CHE (config) # interface s 0CHE (config-if) # no ip addCHE (config-if) # no shutCHE (config-if) # encapsulation frame-relayCHE (config-if) # clockrate 64000CHE (config-if) # frame-relay intf-type dceCHE (config-if) # frame-relay lmi-type ciscoCHE (config-if) # frame-relay route 200 interface s1 100CHE (config-if) # exitCHE (config) # exit
ON BAN:
C :\> telnet 192.168.3.0 BAN > enablePassword:BAN # config terminalBAN (config) # interface s1BAN (config-if) # ip add 10.0.0.2 255.0.0.0BAN (config-if) # no shutBAN (config-if) # encapsulation frame-relayBAN (config-if) # frame-relay lmi-type cisco
19
BAN (config-if) # frame-relay interface-dlci 200BAN (config-if) # exitBAN (config) # ip routingBAN (config) # router ripBAN (config-router) # network 192.168.3.0BAN (config-router) # network 10.0.0.0BAN (config-router) # exitBAN (config) # exit
TROUBLESHOOTING COMMANDS:
BAN # show frame-relay pvcBAN # show frame-relay mapBAN # show ip route
20
PASSWORD RECOVERY
Connect console cable to router’s console port, and other end of the cable to computer’s com port with DB9 converter. Now open hyper terminal in the computer and switch on the router. When router’s boot process is going on press CTRL+BREAK within 60 seconds.
ON FIXED ROUTERS:
> o/r 0x2142> i
Would you like to enter into initial configuration dialog(y/n): no
Router>enableRouter # copy startup-config running-configRouter # config terminalRouter(config) # interface eth 0Router (config-if) # no shutdown Router (config-if) #exitRouter (config) # enable secret <password>Router (config) # config-register 0x2102Router (config) # exitRouter # show versionRouter # writeRouter # reload
ON MODULAR ROUTERS:
Rommon 1 > confreg 0x2142Rommon 2 > reset
Would you like to enter into initial configuration dialog(y/n): no
E0
LAN - 192.168.1.0/24
Con 0
21
Router>enableRouter # copy startup-config running-configRouter # config terminalRouter(config) # interface eth 0Router (config-if) # no shutdown Router (config-if) #exitRouter (config) # enable secret <password>Router (config) # config-register 0x2102Router (config) # exitRouter # show versionRouter # writeRouter # reload
22