Here is the second part of the basic Cisco commands for configurations. If you missed the first part, click here to check it out.
The access list for IPv4 addresses
So to reduce long terms, you will use abbreviations here. Here is the legend of the abbreviations we will use:
MG: Generic Mask.
IPsrc: the source IP address.
IPdst : the destination IP address.
Access numbered standard list
R1(config)#access-list [1-99] [permit/deny] [@IPsrc MG/any] R1(config)#access-list 1 permit 192.168.4.0 0.0.0.255
Define a numbered extended access list
R1(config)#access-list [100-199] [permit/deny] [protocole] [@IPsrc MG/any] [@IPdst MG/any] [eq N°] R1(config)#access-list 100 permit tcp 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255 eq 80
A standard access list named
R1(config)# ip access-list standard nom R1(config-std-nacl)# [permit/deny] [@IPsrc MG/any] R1(config-std-nacl)# permit 192.168.1.0 0.0.0.255
Add an extended access list named
R1(config)# ip access-list extended nom R1(config-ext-nacl)# [permit/deny] [protocole] [@IPsrc MG/any] [@IPdst MG/any] [eq N°] R1(config-ext-nacl)# permit tcp 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255 eq 80
Apply an access control list on interface
R1(config)# interface g0/1 R1(config-if)# ip access-group [N°/nom] [in/out] R1(config-if)# ip access-group 100 in
Apply an access control list on a line
R1(config)# line vty 0 4 R1(config-line)# access-class [N°/nom] [in/out] R1(config-line)# access-class 100 in
The IPv6 access list:
An extended access list named
R1(config)# ipv6 access-list nom R1(config-ipv6-acl)# [permit/deny] [protocole] [@IPv6 src /any] [@IPv6 dst /any] [eq N°] R1(cpnfig-ipv6-acl)# permit tcp 2001:DB8:ACAD:1::/64 2001:DB8:ACAD:1::/64 eq 80
Apply an access control list on an interface
R1(config-if)# ipv6 traffic-filter nom [in/out]
DHCPv4 Configuration:
Excludes a range of addresses, for example 10 addresses
R1(config)# ip dhcp excluded-address 192.168.1.1 192.168.1.10
Creating a DHCP pool
R1(config)# ip dhcp pool nom
Add the network to the pool
R1(dhcp-config)# network 192.168.1.0 255.255.255.0
Adding the default gateway address
R1(dhcp-config)# default-router 192.168.1.1
Set the DNS server address
R1(dhcp-config)# dns-server 192.168.1.5
Add the domain name
R1(dhcp-config)# domain-name dir-tech.com
Configure an interface to obtain an address from the DHCP server
R2(config)# interface G0/1 R2(config-if)# ip address dhcp
Configure DHCP relay on an interface
R2(config)# interface G0/2 R2(config-if)# ip helper-address 192.168.10.5
DHCPv6 configuration (IPv6 addresses)
Configure DHCP relay on a router interface
R2(config-if)# ipv6 dhcp relay destination 2001:DB8:CAFE::1
SLAAC configuration:
Enabling IPv6 routing
R1(config)# ipv6 unicast-routing
Enable the SLAAC option on an interface
R1(config)# interface G0/1 R1(config-if)# no ipv6 nd managed-config-flag R1(config-if)# no ipv6 nd other-config-flag
Stateless DHCP configuration :
Enabling IPv6 unicast routing
R1(config)# ipv6 unicast-routing
Configuration of a DHCP pool
R1(config)# ipv6 dhcp pool nom
Configure the DNS server address
R1(dhcp-config)# dns-server 2001 :DB8 :10 ::5
Add the domain name
R1(dhcp-config)# domain-name dir-tech.com
Configuration of the stateless DHCP interface
R1(config)# interface G0/1 R1(config-if)# ipv6 dhcp server nom R1(config-if)# ipv6 nd other-config-flag
Configure an interface as a stateless DHCP client
R2(config)# interface G0/1 R2(config-if)# ipv6 enable R2(config-if)# ipv6 address autoconfig
DHCP configuration with status :
Enabling IPv6 unicast routing
R1(config)# ipv6 unicast-routing
Configuration of a DHCP pool
R1(config)# ipv6 dhcp pool nom
Configure the prefix address
R1(config-dhcp)# address prefix 2001 :DB8 :CAFE :1 ::/64 lifetime infinite
Configuration of the DNS server address
R1(config-dhcp)# dns-server 2001 :DB8 :CAFE :AAAA ::5
Add the domain name
R1(config-dhcp)# domain-name dir-tech.com
Configuration of the DHCP interface with status
R1(config)# interface G0/1 R1(config-if)# ipv6 dhcp server nom R1(config-if)# ipv6 nd managed-config-flag
Define an interface as a stateful DHCP client
R2(config)# interface G0/1 R2(config-if)# ipv6 enable R2(config-if)# ipv6 address dhcp
NAT for IPv4 addresses:
Static NAT configuration
R1(config)# ip nat inside source static 192.168.10.254 209.165.201.5
Configure the appropriate NAT interface
R1(config-if)# ip nat [inside/outside]
Dynamic NAT configuration
Define a pool of public IP addresses
R1(config)# ip nat pool nom 209.165.200.226 209.165. 200.240 netmask 255.255.255.224
Define the addresses that can be translated
R1(config)#access-list 1 permit 192.168.0.0 0.0.255.255
Connect the pool to the ACL
R1(config)# ip nat inside source list 1 pool nom
Configure the appropriate NAT interface
R1(config-if)# ip nat [inside/outside]
Configuration of the PAT (address pool)
Define a pool of public IP addresses
R1(config)# ip nat pool nom 209.165.200.226 209.165. 200.240 netmask 255.255.255.224
Define the addresses that can be translated
R1(config)#access-list 1 permit 192.168.0.0 0.0.255.255
Connect the pool to the ACL
R1(config)# ip nat inside source list 1 pool nom overload
Configure the appropriate NAT interface
R1(config-if)# ip nat [inside/outside]
Configuration of the PAT (unique address)
Identify an external interface as the internal global address to be overridden via ACL 1
R1(config)# ip nat source list 1 interface S0/0/0 overload
Define the addresses that can be translated
R1(config)# access-list 1 permit 192.168.0.0 0.0.255.255
Configure the appropriate NAT interface
R1(config-if)# ip nat [inside/outside]
Establishes static translation between an internal local address and a local port and between an internal global address and a global port.
R1(config)# ip nat inside source static [protocole] [@IP local] [N°] [@IP global] [N°] R1(config)# ip nat inside source static tcp 192.168 .10.254 80 209.165.200.225 80
EtherChannel configuration :
Create the port channel interface
S1(config)# interface range f0/1-2 S1(config-if)# channel-group 1 mode active
Configure port channel 1 as a trunk
S1(config)# interface port-channel 1 S1(config-if)# switchport mode trunk
STP Configuration:
Configure the port cost
S1(config)# interface F0/1 S1(config-if)# spanning-tree cost 5
Set S1 as the main root bridge
S1(config)# spanning-tree vlan 1 root primary
Define S2 as a secondary root bridge
S2(config)# spanning-tree vlan 1 root secondary
Change the bridge priority
S1(config)# spanning-tree vlan 1 priority 24576
Define a portfast on an interface
S1(config)# interface F0/1 S1(config-if)# spanning-tree portfast
$Configure portfast on all non-trunk interfaces
S1(config)# spanning-tree portfast default
Configure BPDU protection on an interface
S1(config-if)# spanning-tree bpduguard enable
Add BPDU protection on all interfaces that use portfast
S1(config)# spanning-tree bdpuguard default
Set root guard on an interface
S1(config-if)# spanning-tree guard root
Set up Rapid PVST+
S1(config)# spanning-tree mode rapid-pvst
Specifies the type of link for an interface
S1(config-if)# spanning-tree link-type point-to-point
EIGRPv2 configuration:
Activate and switch to EIGRP configuration mode
R1(config)# routeur eigrp 1
Assign a router ID
R1(config-router)# eigrp router-id 1.1.1.1
Advertise EIGRP networks
R1(config-router)# network 192.168.1.0 255.255.255.0 R1(config-router)# network 192.168.2.0 255.255.255.0
Configure the passive interface
R1(config-router)# passive-interface G0/1
Changing the interface bandwidth
R1(config)# interface S0/0/0 R1(config-if)# bandwidth 64
Activate the automatic recap
R1(config-router)# auto-summary
Set up manual summary routes
R1(config)# interface S0/0/0 R1(config-if)# ip summary-address eigrp 1 192.168.0.0 255.255.255.252.0
Static route propagation by default
R1(config-router)# redistribute static
Configure the percentages of bandwidth used by EIGRP
R1(config-if)# ip bandwidth-percent eigrp 1 40
Modification of the intervals
R1(config-if)# ip hello-interval eigrp 1 50 R1(config-if)# ip hold-time eigrp 1 150
Changed the value of paths
R1(config-router)# maximum-paths 8
Create a chain of keys and a key
R1(config)# key chain nom R1(config-keychain)# key 1 R1(config-keychain-key)# key-string cisco
Configure the interface to use MD5 authentication
R1(config-if)# ip authentication mode eigrp 1 md5
Configure the interface to use the key string
R1(config-if)# ip authentication key-chain eigrp 1 nom
EIGRPv3 Configuration:
Enable IPv6 unicast routing
R1(config)# ipv6 unicast-routing
Switch to EIGRP configuration mode
R1(config)# ipv6 router eigrp 1
Assign a router ID
R1(config-rtr)# eigrp router-id 1.1.1.1
Activate the eigrp R1 process
R1(config-rtr)# no shutdown
Enabling the EIGRP protocol on an interface
R1(config)# interface G0/0 R1(config-if)# ipv6 eigrp 1
Configure the passive interface
R1(config-rtr)# passive-interface G0/0
Changing the interface bandwidth
R1(config)# interface S0/0/0 R1(config-if)# bandwidth 64
Setting up a manual summary route
R1(config-if) ipv6 summary-address eigrp 1 2001:DB8:ACAD::/48
Static route propagation by default
R1(config-rtr)# redistribute static
Configure the percentage of bandwidth used by EIGRP
R1(config-if)# ipv6 bandwidth-percent eigrp 1 40
Modification of the intervals
R1(config-if)# ipv6 hello-interval eigrp 1 50 R1(config-if)# ipv6 hold-time eigrp 1 150
Create a chain of keys and a key
R1(config)# key chain nom R1(config-keychain)# key 1 R1(config-keychain-key)# key-string cisco
Configure the interface to use MD5 authentication
R1(config-if)# ipv6 authentication mode eigrp 1 md5
Configure the interface to use the key string
R1(config-if)# ipv6 authentication key-chain eigrp 1 nom
PPP configuration:
Enable PPP encapsulation on an interface
R1(config)# interface S0/0/0 R1(config-if)# encapsulation ppp
Configure compression on PPP
R1(config-if)# compress [predicto/stac]
Configure LQM PPP (link quality control)
R1(config-if)# ppp quality 90
Configuration of PAP authentication
Configure PAP authentication on an interface
R1(config-if)# ppp authentication pap
Define remote user name R1 and password
R1(config-if)# ppp pap sent-username nom password motdepasse
Set up the R2 remote user name and password
R1(config)# username nom password motdepasse
Configuration of CHAP authentication
Configure CHAP authentication on an interface
R1(config-if)# ppp authentication chap
Configure the R2 remote user name and password
R1(config)# username nom password motdepasse
Frame relay configuration
Enable frame relay encapsulation on an interface
R1(config)# interface S0/0/0 R1(config-if)# encapsulation frame-relay
Off Reverse ARP
R1(config-if)# no frame-relay inverse-arp
Doing static mapping
R1(config-if)# frame-relay map ip 10.1.1.1 102
lmi type configuration
R1(config-if)# frame-relay lmi-type [ansi/cisco/q933a]
Sub interface configuration
R1(config)# interface serial S0/0/0.101 [multipoint/point-to-point]
Assigning a DLCI to a sub interface
R1(config-subif)# frame-relay interface-dlci 101
Delete Frame Relay mappings
R1# clear frame-relay inarp
VPN configuration
GRE tunnel configuration
Create a tunnel interface
R1(config)# interface tunnel 0
Specify that the tunnel interface mode is GRE over IP
R1(config-if)# tunnel mode gre ip
Configure an IP address for the tunnel interface
R1(config-if)# ip address 192.168.2.1 255.255.255.0
Specifies the source IP address of the tunnel
R1(config-if)# tunnel source S0/0/0
Specifies the destination IP address of the tunnel
R1(config-if)# tunnel destination 198.133.219.87
Syslog
Display in the events the time elapsed since the last start
S1(config)# service timestamps log uptime
Display date and time in events
S1(config)# service timestamps log datetime
Set the IP address of the Syslog server
S1(config)# logging 192.168.1.3
Limit the messages that will be sent to the Syslog server
S1(config)# logging trap 4
Configure the source interface
S1(config)# logging source-interface g0/0
SNMP configuration
Configure the community ID and access level
R1(config)# snmp-server community nom [ ro/rw ] SNMP_ACL
Define the location of the device
R1(config)# snmp-server location NOC_SNMP_MANAGER
Add the system contact
R1(config)# snmp-server contact adam
The destination of SNMP diversion operations and the community ID
R1(config)# snmp-server host 192.168.1.3 version [ 1/2c/3 ] nom
Enable SNMP rerouting
R1(config)# snmp-server enable traps
Create an ACL named standard SNMP_ACL and allow the address 192.168.1.3
R1(config)# ip access-list standard SNMP_ACL R1(config-std-nacl)# permit 192.168.1.3
Create a new SNMP group on the device
R1(config)# snmp-server group nomgroupe [ v1/v2c/v3 ]
Add a new user to the SNMP group
R1(config)# server-snmp user username nomgroupe v3 auth [ md5/sha] password
Using NetFlow
Capture NetFlow data for inbound packet monitoring on the interface
R1(config-if)# ip flow ingress
Capture NetFlow data for outbound packet monitoring on the
R1(config-if)# ip flow egress
IP address and UDP port number of the NetFlow collector
R1(config)# ip flow-export destination 192.168.1.3 2055
NetFlow version to use when formatting NetFlow records sent to the collector
R1(config)# ip flow-export version 5
Source interface to be used as the source of the packets sent to the collector
R1(config)# ip flow-export source N°