Basic Cisco commands for configurations, part 2

Here is the second part of the basic Cisco commands for configurations. If you missed the first part, click here to check it out.

The access list for IPv4 addresses

So to reduce long terms, you will use abbreviations here. Here is the legend of the abbreviations we will use:

MG: Generic Mask.

IPsrc: the source IP address.

IPdst : the destination IP address.

Access numbered standard list

R1(config)#access-list [1-99] [permit/deny] [@IPsrc MG/any] 
R1(config)#access-list 1 permit 192.168.4.0 0.0.0.255

Define a numbered extended access list

R1(config)#access-list [100-199] [permit/deny] [protocole] [@IPsrc MG/any] [@IPdst MG/any] [eq N°]
R1(config)#access-list 100 permit tcp 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255 eq 80

A standard access list named

R1(config)# ip access-list standard nom
R1(config-std-nacl)# [permit/deny] [@IPsrc MG/any]
R1(config-std-nacl)# permit 192.168.1.0 0.0.0.255

Add an extended access list named

R1(config)# ip access-list extended nom
R1(config-ext-nacl)# [permit/deny] [protocole] [@IPsrc MG/any] [@IPdst MG/any] [eq N°]
R1(config-ext-nacl)# permit tcp 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255 eq 80

Apply an access control list on interface

R1(config)# interface g0/1
R1(config-if)# ip access-group [N°/nom] [in/out]
R1(config-if)# ip access-group 100 in

Apply an access control list on a line

R1(config)# line vty 0 4
R1(config-line)# access-class [N°/nom] [in/out]
R1(config-line)# access-class 100 in

The IPv6 access list:

An extended access list named

R1(config)# ipv6 access-list nom
R1(config-ipv6-acl)# [permit/deny] [protocole] [@IPv6 src /any] [@IPv6 dst /any] [eq N°]
R1(cpnfig-ipv6-acl)# permit tcp 2001:DB8:ACAD:1::/64 2001:DB8:ACAD:1::/64 eq 80

Apply an access control list on an interface

R1(config-if)# ipv6 traffic-filter nom [in/out]

DHCPv4 Configuration:

Excludes a range of addresses, for example 10 addresses

R1(config)# ip dhcp excluded-address 192.168.1.1 192.168.1.10

Creating a DHCP pool

R1(config)# ip dhcp pool nom

Add the network to the pool

R1(dhcp-config)# network 192.168.1.0 255.255.255.0

Adding the default gateway address

R1(dhcp-config)# default-router 192.168.1.1

Set the DNS server address

R1(dhcp-config)# dns-server 192.168.1.5

Add the domain name

R1(dhcp-config)# domain-name dir-tech.com

Configure an interface to obtain an address from the DHCP server

R2(config)# interface G0/1
R2(config-if)# ip address dhcp

Configure DHCP relay on an interface

R2(config)# interface G0/2
R2(config-if)# ip helper-address 192.168.10.5

DHCPv6 configuration (IPv6 addresses)

Configure DHCP relay on a router interface

R2(config-if)# ipv6 dhcp relay destination 2001:DB8:CAFE::1

SLAAC configuration:

Enabling IPv6 routing

R1(config)# ipv6 unicast-routing

Enable the SLAAC option on an interface

R1(config)# interface G0/1
R1(config-if)# no ipv6 nd managed-config-flag
R1(config-if)# no ipv6 nd other-config-flag

Stateless DHCP configuration :

Enabling IPv6 unicast routing

R1(config)# ipv6 unicast-routing

Configuration of a DHCP pool

R1(config)# ipv6 dhcp pool nom

Configure the DNS server address

R1(dhcp-config)# dns-server 2001 :DB8 :10 ::5

Add the domain name

R1(dhcp-config)# domain-name dir-tech.com

Configuration of the stateless DHCP interface

R1(config)# interface G0/1
R1(config-if)# ipv6 dhcp server nom
R1(config-if)# ipv6 nd other-config-flag

Configure an interface as a stateless DHCP client

R2(config)# interface G0/1
R2(config-if)# ipv6 enable
R2(config-if)# ipv6 address autoconfig

DHCP configuration with status :

Enabling IPv6 unicast routing

R1(config)# ipv6 unicast-routing

Configuration of a DHCP pool

R1(config)# ipv6 dhcp pool nom

Configure the prefix address

R1(config-dhcp)# address prefix 2001 :DB8 :CAFE :1 ::/64 lifetime infinite

Configuration of the DNS server address

R1(config-dhcp)# dns-server 2001 :DB8 :CAFE :AAAA ::5

Add the domain name

R1(config-dhcp)# domain-name dir-tech.com

Configuration of the DHCP interface with status

R1(config)# interface G0/1
R1(config-if)# ipv6 dhcp server nom
R1(config-if)# ipv6 nd managed-config-flag

Define an interface as a stateful DHCP client

R2(config)# interface G0/1
R2(config-if)# ipv6 enable
R2(config-if)# ipv6 address dhcp

NAT for IPv4 addresses:

Static NAT configuration

R1(config)# ip nat inside source static 192.168.10.254 209.165.201.5

Configure the appropriate NAT interface

R1(config-if)# ip nat [inside/outside]

Dynamic NAT configuration

Define a pool of public IP addresses

R1(config)# ip nat pool nom 209.165.200.226 209.165. 200.240 netmask 255.255.255.224

Define the addresses that can be translated

R1(config)#access-list 1 permit 192.168.0.0 0.0.255.255

Connect the pool to the ACL

R1(config)# ip nat inside source list 1 pool nom

Configure the appropriate NAT interface

R1(config-if)# ip nat [inside/outside]

Configuration of the PAT (address pool)

Define a pool of public IP addresses

R1(config)# ip nat pool nom 209.165.200.226 209.165. 200.240 netmask 255.255.255.224

Define the addresses that can be translated

R1(config)#access-list 1 permit 192.168.0.0 0.0.255.255

Connect the pool to the ACL

R1(config)# ip nat inside source list 1 pool nom overload

Configure the appropriate NAT interface

R1(config-if)# ip nat [inside/outside]

Configuration of the PAT (unique address)

Identify an external interface as the internal global address to be overridden via ACL 1

R1(config)# ip nat source list 1 interface S0/0/0 overload 

Define the addresses that can be translated

R1(config)# access-list 1 permit 192.168.0.0 0.0.255.255

Configure the appropriate NAT interface

R1(config-if)# ip nat [inside/outside]

Establishes static translation between an internal local address and a local port and between an internal global address and a global port.

R1(config)# ip nat inside source static [protocole] [@IP local] [N°] [@IP global] [N°]
R1(config)# ip nat inside source static tcp 192.168 .10.254 80 209.165.200.225 80

EtherChannel configuration :

Create the port channel interface

S1(config)# interface range f0/1-2
S1(config-if)# channel-group 1 mode active

Configure port channel 1 as a trunk

S1(config)# interface port-channel 1
S1(config-if)# switchport mode trunk

STP Configuration:

Configure the port cost

S1(config)# interface F0/1
S1(config-if)# spanning-tree cost 5

Set S1 as the main root bridge

S1(config)# spanning-tree vlan 1 root primary

Define S2 as a secondary root bridge

S2(config)# spanning-tree vlan 1 root secondary

Change the bridge priority

S1(config)# spanning-tree vlan 1 priority 24576

Define a portfast on an interface

S1(config)# interface F0/1
S1(config-if)# spanning-tree portfast

$Configure portfast on all non-trunk interfaces

S1(config)# spanning-tree portfast default

Configure BPDU protection on an interface

S1(config-if)# spanning-tree bpduguard enable

Add BPDU protection on all interfaces that use portfast

S1(config)# spanning-tree bdpuguard default

Set root guard on an interface

S1(config-if)# spanning-tree guard root

Set up Rapid PVST+

S1(config)# spanning-tree mode rapid-pvst

Specifies the type of link for an interface

S1(config-if)# spanning-tree link-type point-to-point

EIGRPv2 configuration:

Activate and switch to EIGRP configuration mode

R1(config)# routeur eigrp 1

Assign a router ID

R1(config-router)# eigrp router-id 1.1.1.1

Advertise EIGRP networks

R1(config-router)# network 192.168.1.0 255.255.255.0
R1(config-router)# network 192.168.2.0 255.255.255.0

Configure the passive interface

R1(config-router)# passive-interface G0/1

Changing the interface bandwidth

R1(config)# interface S0/0/0
R1(config-if)# bandwidth 64

Activate the automatic recap

R1(config-router)# auto-summary

Set up manual summary routes

R1(config)# interface S0/0/0
R1(config-if)# ip summary-address eigrp 1 192.168.0.0 255.255.255.252.0

Static route propagation by default

R1(config-router)# redistribute static

Configure the percentages of bandwidth used by EIGRP

R1(config-if)# ip bandwidth-percent eigrp 1 40

Modification of the intervals

R1(config-if)# ip hello-interval eigrp 1 50
R1(config-if)# ip hold-time eigrp 1 150

Changed the value of paths

R1(config-router)# maximum-paths 8

Create a chain of keys and a key

R1(config)# key chain nom
R1(config-keychain)# key 1
R1(config-keychain-key)# key-string cisco

Configure the interface to use MD5 authentication

R1(config-if)# ip authentication mode eigrp 1 md5

Configure the interface to use the key string

R1(config-if)# ip authentication key-chain eigrp 1 nom

EIGRPv3 Configuration:

Enable IPv6 unicast routing

R1(config)# ipv6 unicast-routing

Switch to EIGRP configuration mode

R1(config)# ipv6 router eigrp 1

Assign a router ID

R1(config-rtr)# eigrp router-id 1.1.1.1

Activate the eigrp R1 process

R1(config-rtr)# no shutdown

Enabling the EIGRP protocol on an interface

R1(config)# interface G0/0
R1(config-if)# ipv6 eigrp 1

Configure the passive interface

R1(config-rtr)# passive-interface G0/0

Changing the interface bandwidth

R1(config)# interface S0/0/0
R1(config-if)# bandwidth 64

Setting up a manual summary route

R1(config-if) ipv6 summary-address eigrp 1 2001:DB8:ACAD::/48

Static route propagation by default

R1(config-rtr)# redistribute static

Configure the percentage of bandwidth used by EIGRP

R1(config-if)# ipv6 bandwidth-percent eigrp 1 40

Modification of the intervals

R1(config-if)# ipv6 hello-interval eigrp 1 50
R1(config-if)# ipv6 hold-time eigrp 1 150

Create a chain of keys and a key

R1(config)# key chain nom
R1(config-keychain)# key 1
R1(config-keychain-key)# key-string cisco

Configure the interface to use MD5 authentication

R1(config-if)# ipv6 authentication mode eigrp 1 md5

Configure the interface to use the key string

R1(config-if)# ipv6 authentication key-chain eigrp 1 nom

PPP configuration:

Enable PPP encapsulation on an interface

R1(config)# interface S0/0/0
R1(config-if)# encapsulation ppp

Configure compression on PPP

R1(config-if)# compress [predicto/stac]

Configure LQM PPP (link quality control)

R1(config-if)# ppp quality 90

Configuration of PAP authentication

Configure PAP authentication on an interface

R1(config-if)# ppp authentication pap

Define remote user name R1 and password

R1(config-if)# ppp pap sent-username nom password motdepasse

Set up the R2 remote user name and password

R1(config)# username nom password motdepasse

Configuration of CHAP authentication

Configure CHAP authentication on an interface

R1(config-if)# ppp authentication chap

Configure the R2 remote user name and password

R1(config)# username nom password motdepasse

Frame relay configuration

Enable frame relay encapsulation on an interface

R1(config)# interface S0/0/0
R1(config-if)# encapsulation frame-relay

Off Reverse ARP

R1(config-if)# no frame-relay inverse-arp

Doing static mapping

R1(config-if)# frame-relay map ip 10.1.1.1 102

lmi type configuration

R1(config-if)# frame-relay lmi-type [ansi/cisco/q933a]

Sub interface configuration

R1(config)# interface serial S0/0/0.101 [multipoint/point-to-point]

Assigning a DLCI to a sub interface

R1(config-subif)# frame-relay interface-dlci 101

Delete Frame Relay mappings

R1# clear frame-relay inarp

VPN configuration

GRE tunnel configuration

Create a tunnel interface

R1(config)# interface tunnel 0

Specify that the tunnel interface mode is GRE over IP

R1(config-if)# tunnel mode gre ip

Configure an IP address for the tunnel interface

R1(config-if)# ip address 192.168.2.1 255.255.255.0

Specifies the source IP address of the tunnel

R1(config-if)# tunnel source S0/0/0

Specifies the destination IP address of the tunnel

R1(config-if)# tunnel destination 198.133.219.87

Syslog

Display in the events the time elapsed since the last start

S1(config)# service timestamps log uptime

Display date and time in events

S1(config)# service timestamps log datetime

Set the IP address of the Syslog server

S1(config)# logging 192.168.1.3

Limit the messages that will be sent to the Syslog server

S1(config)# logging trap 4

Configure the source interface

S1(config)# logging source-interface g0/0

SNMP configuration

Configure the community ID and access level

R1(config)# snmp-server community nom [ ro/rw ] SNMP_ACL

Define the location of the device

R1(config)# snmp-server location NOC_SNMP_MANAGER

Add the system contact

R1(config)# snmp-server contact adam

The destination of SNMP diversion operations and the community ID

R1(config)# snmp-server host 192.168.1.3 version [ 1/2c/3 ] nom

Enable SNMP rerouting

R1(config)# snmp-server enable traps

Create an ACL named standard SNMP_ACL and allow the address 192.168.1.3

R1(config)# ip access-list standard SNMP_ACL
R1(config-std-nacl)# permit 192.168.1.3

Create a new SNMP group on the device

R1(config)# snmp-server group nomgroupe [ v1/v2c/v3 ]

Add a new user to the SNMP group

R1(config)# server-snmp user username nomgroupe v3 auth [ md5/sha] password

Using NetFlow

Capture NetFlow data for inbound packet monitoring on the interface

R1(config-if)# ip flow ingress

Capture NetFlow data for outbound packet monitoring on the

R1(config-if)# ip flow egress

IP address and UDP port number of the NetFlow collector

R1(config)# ip flow-export destination 192.168.1.3 2055

NetFlow version to use when formatting NetFlow records sent to the collector

R1(config)# ip flow-export version 5

Source interface to be used as the source of the packets sent to the collector

R1(config)# ip flow-export source N°

Find a domain name for free