1. Commands supported by the switch:
Basic status of the switch:
switch: ;ROMstate, The router isrommon>Switch password settings:
hostname> ;User Mode
hostname# ;Privileged mode
hostname(config)# ;Global configuration mode
hostname(config-if)# ;Interface status
switch>enable ;Enter privileged mode
switch#config terminal ;Enter global configuration mode
switch(config)#hostname; Set the host name of the switch
switch(config)#enable secret xxx; set privileged encryption password
switch(config)#enable password xxa; set privileged non-secret password
switch(config)#line console 0; enter the console port
switch(config-line)#line vty 0 4; enter the virtual terminal
switch(config-line)#login; allow login
switch(config-line)#password xx; set login password xx
switch#exit; return command
Switch VLAN settings:
switch#vlan database ;EnterVLANset up
switch(vlan)#vlan 2 ;establishVLAN 2
switch(vlan)#no vlan 2 ;deletevlan 2
switch(config)#int f0/1 ;Enter the port1
switch(config-if)#switchport access vlan 2 ;Current port joinvlan 2
switch(config-if)#switchport mode trunk ;Set as trunk line
switch(config-if)#switchport trunk allowed vlan 1,2 ;Set allowedvlan
switch(config-if)#switchport trunk encap dot1q ;set upvlan relay
switch(config)#vtp domain; Set the vtp domain name
switch(config)#vtp password; Set the VTP password
switch(config)#vtp mode server; set the vtp mode
switch(config)#vtp mode client; set the vtp mode
Switch setting IP address:
switch(config)#interface vlan 1 ;Entervlan 1
switch(config-if)#ip address; Set IP address
switch(config)#ip default-gateway; Set the default gateway
switch#dir flash: ; view flash memory
Switch display command:
switch#write ;Save configuration information
switch#show vtp ;CheckvtpConfiguration information
switch#show run ;View current configuration information
switch#show vlan ;CheckvlanConfiguration information
switch#show interface ;View port information
switch#show int f0/0 ;View the specified port information
2. Commands supported by the router:
Router display command:
router#show run ;Display configuration information
router#show interface ;Display interface information
router#show ip route ;Display routing information
router#show cdp nei ;Show neighbor information
router#reload ;Start again
Router password settings:
router>enable ;Enter privileged mode
router#config terminal ;Enter global configuration mode
router(config)#hostname; Set the host name of the switch
router(config)#enable secret xxx; set privileged encryption password
router(config)#enable password xxb; set privileged non-secret password
router(config)#line console 0; enter the console port
router(config-line)#line vty 0 4; enter the virtual terminal
router(config-line)#login; requires password verification
router(config-line)#password xx; set login password xx
router(config)#(Ctrl+z); Return to privileged mode
router#exit; return command
Router configuration:
router(config)#int s0/0 ;EnterSerailinterface
router(config-if)#no shutdown ;Activate the current interface
router(config-if)#clock rate 64000 ;Set the synchronization clock
router(config-if)#ip address; Set IP address
router(config-if)#ip addresssecond; set the second IP
router(config-if)#int f0/0.1; enter the sub-interface
router(config-subif.1)#ip address; Set the subinterface IP
router(config-subif.1)#encapsulation dot1q;Binding vlan relay protocol
router(config)#config-register 0x2142; skip configuration file
router(config)#config-register 0x2102; normal use of configuration files
router#reload; reboot
Router file operation:
router#copy running-config startup-config ;Save configuration
router#copy running-config tftp ;Save the configuration totftp
router#copy startup-config tftp ;Save the boot configurationtftp
router#copy tftp flash: ;Download the file toflash
router#copy tftp startup-config;Download the configuration file
ROM status:
Ctrl+Break; enter ROM monitoring status
rommon>confreg 0x2142; skip configuration file
rommon>confreg 0x2102; restore configuration file
rommon>reset ; reboot
rommon>copy xmodem:
romon>IP_ADDRESS=10.65.1.2; set router IP
romon>IP_SUBNET_MASK=255.255.0.0; set router mask
romon>TFTP_SERVER=10.65.1.1; specify the TFTP server IP
rommon>TFTP_FILE=; Specify the downloaded file
rommon>tftpdnld; download from tftp
rommon>dir flash: ; view flash content
rommon>boot; boot IOS
Static routing:
ip route; Command format
router(config)#ip route 2.0.0.0 255.0.0.0 1.1.1.2; Examples of static routing
router(config)#ip route 0.0.0.0 0.0.0.0 1.1.1.2; Example of default routing
Dynamic routing:
router(config)#ip routing ;Start routing forwarding
router(config)#router rip ;start upRIPRouting protocol。
router(config-router)#network; Set up publishing routes
router(config-router)#negihbor; Used for point-to-point frame relay.
Frame Relay Command:
router(config)#frame-relay switching ;Enable frame relay switching
router(config-s0)#encapsulation frame-relay ;Enable frame relay
router(config-s0)#fram-relay lmi-type cisco ;Set management type
router(config-s0)#frame-relay intf-type DCE ;Set asDCE
router(config-s0)#frame-relay dlci 16 ;
router(config-s0)#frame-relay local-dlci 20 ;Set virtual circuit number
router(config-s0)#frame-relay interface-dlci 16 ;
router(config)#log-adjacency-changes ;Record adjacency changes
router(config)#int s0/0.1 point-to-point ;Setting up subinterface point-to-point
router#show frame pvc ;Display permanent virtual circuit
router#show frame map ;Show map
Basic access control list:
router(config)#access-listpermit|deny
router(config)#interface;default:deny any
router(config-if)#ip access-groupin|out ;default:out
Example 1:
router(config)#access-list 4 permit 10.8.1.1
router(config)#access-list 4 deny 10.8.1.0 0.0.0.255
router(config)#access-list 4 permit 10.8.0.0 0.0.255.255
router(config)#access-list 4 deny 10.0.0.0 0.255.255.255
router(config)#access-list 4 permit any
router(config)#int f0/0
router(config-if)#ip access-group 4 in
access-listpermit|deny icmp
wild>[type]
access-listpermit|deny tcp
wild>[port]
Example 3:
router(config)#access-list 101 deny icmp any 10.64.0.2 0.0.0.0 echo
router(config)#access-list 101 permit ip any any
router(config)#int s0/0
router(config-if)#ip access-group 101 in
Example 3:
router(config)#access-list 102 deny tcp any 10.65.0.2 0.0.0.0 eq 80
router(config)#access-list 102 permit ip any any
router(config)#interface s0/1
router(config-if)#ip access-group 102 out
Delete the access control example table:
router(config)#no access-list 102
router(config-if)#no ip access-group 101 in
Nat configuration of router
Router(config-if)#ip nat inside ;The current interface is specified as an internal interface
Router(config-if)#ip nat outside ;The current interface is specified as an external interface
Router(config)#ip nat inside source static [p] <privateIP><Public networkIP> [port]
Router(config)#ip nat inside source static 10.65.1.2 60.1.1.1
Router(config)#ip nat inside source static tcp 10.65.1.3 80 60.1.1.1 80
Router(config)#ip nat pool p1 60.1.1.1 60.1.1.20 255.255.255.0
Router(config)#ip nat inside source list 1 pool p1
Router(config)#ip nat inside destination list 2 pool p2
Router(config)#ip nat inside source list 2 interface s0/0 overload
Router(config)#ip nat pool p2 10.65.1.2 10.65.1.4 255.255.255.0 type rotary
Router#show ip nat translation
rotary Parameters mean take turns,Address poolIPTake turns withNATThe assigned address match。
overloadParameters are used forPAT Put the internalIPMap to a public networkIPOn different ports。
External gateway protocol configuration:
routerA(config)#router bgp 100
routerA(config-router)#network 19.0.0.0
routerA(config-router)#neighbor 8.1.1.2 remote-as 200
Configure PPP verification:
RouterA(config)#usernamepassword
RouterA(config)#int s0
RouterA(config-if)#ppp authentication {chap|pap}
3. PIX Firewall Commands
Pix525(config)#nameif ethernet0 outside security0 ;Named interfaces and levels
Pix525(config)#interface ethernet0 auto ;Set the interface method
Pix525(config)#interface ethernet1 100full ;Set the interface method
Pix525(config)#interface ethernet1 100full shutdown
Pix525(config)#ip address inside 192.168.0.1 255.255.255.0
Pix525(config)#ip address outside 133.0.0.1 255.255.255.252
Pix525(config)#global (if_name) natid ip-ip ;Definition of public networkIPRange
Pix525(config)#global (outside) 1 7.0.0.1-7.0.0.15 ;Example sentences
Pix525(config)#global (outside) 1 133.0.0.1 ;Example sentences
Pix525(config)#no global (outside) 1 133.0.0.1 ;Remove settings
Pix525(config)#nat (if_name) nat_id local_ip [netmark]
Pix525(config)#nat (inside) 1 0 0
All hosts in the intranet(0represent0.0.0.0)Available to accessglobal 1The specified external network。
Pix525(config)#nat (inside) 1 172.16.5.0 255.255.0.0
Intranet172.16.5.0/16The host of the network segment can be accessedglobal 1The specified external network。
Pix525(config)#route if_name 0 0 gateway_ip [metric] ;Command format
Pix525(config)#route outside 0 0 133.0.0.1 1 ;Example sentences
Pix525(config)#route inside 10.1.0.0 255.255.0.0 10.8.0.1 1 ;Example sentences
Pix525(config)#static (inside, outside) 133.0.0.1 192.168.0.8
Indicates internalipaddress192.168.0.8,Translated as externally133.0.0.1全局address。
Pix525(config)#static (dmz, outside) 133.0.0.1 172.16.0.8Article entry: csh Editor in charge: csh
Middle areaipaddress172.16.0.8,Translated as externally133.0.0.1全局address。