Basic Cisco commands for configurations

Below are the basic cisco commands to practice labs and prepare for your CCNA Certification exam.

Basic switch configuration :

Configure the hostname:

S1(config)# hostname nom du switch

Turn off DNS lookup

S1(config)# no ip domain-lookup

Assign password to console access

S1(config)# line console 0
S1(config-line)# password votre mot de passe
S1(config-line)# login

Prevent status messages from interrupting command line input

S1(config-line)# logging synchronous

Assign password to Telnet access

S1(config)# line vty 0 15
S1(config-line)# password votre mot de passe
S1(config-line)# login

Use a password in the preferred execution mode

S1(config)# enable password votre mot de passe
S1(config)# enable secret votre mot de passe

Encrypt all passwords in plain text

S1(config)# service password-encryption

Include a message in the MOTD banner

S1(config)# banner motd # votre message #

Configure the VLAN interface

S1(config)# interface vlan 1
S1(config-if)# ip address 192.168.1.10 255.255.255.0

configure default gateway

S1(config)# ip default-gateway 192.168.1.1

Save your settings

S1# copy running-config startup-config

Basic Router Configuration :

Configure the host name

R1(config)# hostname nom du routeur

Turn off DNS lookup

R1(config)# no ip domain-lookup

Disable the HTTP service

R1(config)# no ip http server

Assign password to console access

R1(config)# line console 0
R1(config-line)# password votre mot de passe  
R1(config-line)# login

Prevent status messages from interrupting command line input

R1(config-line)# logging synchronous

Assign password to Telnet access

R1(config)# line vty 0 4
R1(config-line)# password votre mot de passe
R1(config-line)# login

Use a password in the preferred execution mode

R1(config)# enable password votre mot de passe

Encrypt all passwords in plain text

R1(config)# service password-encryption

Include a message in the MOTD banner

R1(config)# banner motd # votre message #

Save your configurations:

R1# copy running-config startup-config

SSH configuration :

Define a domain name

R1(config)# ip domaine-name domain.com

Generate the RSA key

R1(config)# crypto key generate RSA

Create a local user with a password

R1(config)# username admin password votre mot de passe

Set all lines to use SSH and a local login for remote connections

R1(config)# line vty 0 4
R1(config-line)# transport input SSH
R1(config-line)# login local

Activate SSH version 2

R1(config)# ip SSH version 2

Modify SSH authentication attempts

R1(config)# ip SSH authentication-retries 3

Change the SSH timeout value

R1(config)# ip SSH time-out 60

Delete the RSA key pair and disable the SSH server

R1(config)# crypto key zeroize rsa

Configuration of DHCP monitoring:

Activate the DHCP monitoring

S1(config)# ip dhcp snooping

Enable DHCP serving for VLANs

S1(config)# ip dhcp snooping vlan 10,20

Identify reliable ports

S1(config)#interface F0/1
S1(config-if)# ip dhcp snooping trust

Limit the frequency of false dhcp requests

S1(config)#interface F0/2
S1(config-if)# ip dhcp snooping limit rate 5

NTP configuration:

Time configuration

R1# clock set 15 :19 :00 19 april 2022

Configure R1 as an NTP server

R1(config)#
 ntp master 1

Configure R2 as an NTP client

R1(config)# ntp server 10.1.1.1

Port Security Configuration:

Define the interface mode on the access mode

S1(config)# interface F0/1
S1(config-if)# switchport mode access

Enable port security

S1(config-if)#switchport port-security

Define the maximum number of secure addresses

S1(config-if)#switchport port-security maximum 3

Activate the learning process

S1(config-if)#switchport port-security mac-address sticky

Change the violation mode of a port

S1(config-if)#switchport port-security violation [restrict/protect/shutdown]

VLAN:

Create a VLAN number 99 named management

S1(config)# vlan 99
S1(config-vlan)# name management

Give an IP address to VLAN 99

S1(config)# interface vlan 99
S1(config-if)# ip address 192.168.99.5 255.255.255.0

Set the port to access mode and assign to VLAN 99

S1(config)# interface F0/1
S1(config-if)# switchport mode access
S1(config-if)# switchport access vlan 99

Set the port to trunk mode

S1(config)# interface G0/1
S1(config-if)# switchport mode trunk

Specify a native VLAN for untagged trunks

S1(config-if)#switchport trunk native vlan 70

Indicates the list of VLANs allowed on the trunk link

S1(config-if)# swicthport trunk allowed vlan 10,20,70,99

Configure the PVLAN device function and protect the port

S1(config)# interface F0/3
S1(config-if)# switchport protected

Prevents the interface from generating DTP frames

S1(config)#interface F0/4
S1(config-if)# switchport nonegotiate

VTP configuration

Define the VTP server

S1(config)# vtp mode server

the VTP client

S1(config)# vtp mode client

the VTP domain

S1(config)# vtp domain cisco.com

Set the VTP password

S1(config)# vtp password votre mot de passe 

Inter-VLAN routing :

Assign the interface to VLAN 10 and give it an address

R1(config)# interface G0/0.10
R1(config-subif)#encapsulation dot1q 10
R1(config-subif)# ip address 192.168.10.1 255.255.255.0

Assign the interface to VLAN 20 and give it an address

R1(config)# interface G0/0.20
R1(config-subif)#encapsulation dot1q 20
R1(config-subif)# ip address 192.168.20.1 255.255.255.0

Assign the interface to the native VLAN and give it an address

R1(config)# interface G0/0.70
R1(config-subif)#encapsulation dot1q 70 native
R1(config-subif)# ip address 192.168.70.1 255.255.255.0

Activate all previous sub interfaces

R1(config)# interface G0/0
R1(config-if)# no shutdown

Static routing:

Configuration of a static route of the following section

R1(config)# ip route 192.168.1.0 255.255.255.0 172.16.2.2
R1(config)# ipv6 route 2001 :DB8 :ACAD :2 ::/64 2001:DB8:ACAD:4::2

Configure a directly connected static route

R1(config)# ip route 192.168.1.0 255.255.255.0 S0/0/0
R1(config)# ipv6 route 2001:DB8:ACAD:2::/64 S0/0/0

fully specified static route

R1(config)# ip route 192.168.1.0 255.255.255.0 G0/1 172.16.2.2
R1(config)# ipv6 route 2001:DB8:ACAD:2::/64 G0/1 FE80::2

Configuration of a static default route

R1(config)# ip route 0.0.0.0 0.0.0.0 S0/0/0
R1(config)# ipv6 route ::/0 S0/0/0

floating route (emergency)

R1(config)# ip route 192.168.1.0 255.255.255.0 S0/0/0 5
R1(config)# ipv6 route 2001:DB8:ACAD:2::/64 S0/0/0 5

RIP Routing:

Activate and switch to RIP configuration mode

R1(config)# router rip

Activate RIP version 2

R1(config-router)# version 2

Advertise RIP networks

R1(config-router)# network 192.168.1.0
R1(config-router)# network 192.168.2.0

Disable automatic summarization

R1(config-router)# no auto-summary

Configure the passive interface

R1(config-router)# passive-interface G0/1

Propagation of a default route

R1(config-router)# default-information originate

Redistribution of static routes

R1(config-router)# redistribute static

See also: 2 Tier or Collapsed Core Network Architecture

RIPng routing configuration:

Enable IPv6 unicast routing

R1(config)# ipv6 unicast-routing

Activate and switch to RIPng configuration mode

R1(config)# ipv6 router rip name

Use the RIP process ng name

R1(config-if)# ipv6 rip name enable

Propagation of a default route

R1(config-if)# ipv6 rip name default-information originate

Redistribution of static routes

R1(config-rtr)# redistribute static

Configuring OSPFv2 routing:

Activate and switch to OSPFv2 configuration mode

R1(config)# router ospf 1

Assign a router ID

R1(config-router)# router-id 1.1.1.1

Advertise OSPF networks

R1(config-router)# network 192.168.1.0 0.0.0.255 area 0
R1(config-router)# network 192.168.2.0 0.0.0.255 area 0

Configuration of the passive interface

R1(config-router)# passive-interface G0/1

Modification of the referential bandwidth

R1(config-router)# auto-cost reference-bandwidth 1000

Changing the interface bandwidth

R1(config)# interface S0/0/0
R1(config-if)# bandwidth 64

Manual setting of the OSPF cost

R1(config)#
 interface S0/0/0
R1(config-if)# ip ospf cost 15625

Modification of the priority

R1(config)#
 interface S0/0/0
R1(config-if)# ip ospf priority 255

Suppression of the OSPF process

R1# clear ip ospf process

Modification of the intervals

R1(config-if)# ip ospf hello-interval 5
R1(config-if)# ip ospf dead-interval 20

Enable MD5 OSPF authentication globally

R1(config-router)# area 0 authentication message-digest
R1(config-if)# ip ospf message-digest-key 1 md5 name

Enable MD5 OSPF authentication on interfaces

R1(config-if)# ip ospf authentication message-digest 
R1(config-if)#
 ip ospf message-digest-key 1 md5 name Propagation of a route by
 defut
R1(config-router)# default-information originate

Redistribution of static routes

R1(config-router)# redistribute static

Summarize the routes for a zone

R1(config-router)# area 0 range 10.10.0.0 255.255.252.0

Configuring OSPFv3 routing:

Enable IPv6 unicast routing

R1(config)# ipv6 unicast-routing

Activate and switch to OSPFv3 configuration mode

R1(config)# ipv6 router ospf 1

Assign a router ID

R1(config-rtr)# router-id 1.1.1.1

Enabling OSPFv3 on an interface

R1(config-if)#ipv6 ospf 1 area 0

Configuration of the passive interface

R1(config-rtr)# passive-interface G0/1

Modification of the referential bandwidth

R1(config-rtr)# auto-cost reference-bandwidth 1000

Changing the interface bandwidth

R1(config)# interface S0/0/0
R1(config-if)# bandwidth 64

Manual setting of the OSPF cost

R1(config)#
 interface S0/0/0
R1(config-if)# ipv6 ospf cost 15625

Modification of the priority

R1(config)# interface S0/0/0
R1(config-if)# ipv6 ospf priority 255

Suppression of the OSPF process

R1# clear ipv6 ospf process

Modification of the intervals

R1(config-if)# ipv6 ospf hello-interval 5
R1(config-if)# ipv6 ospf dead-interval 20

Propagation of a route by defut

R1(config-rtr)# default-information originate

Redistribution of static routes

R1(config-rtr)# redistribute static

Summarize the routes for a zone

R1(config-rtr)# area 1 range 2001:DB8:1::/62

Topics you need to study to pass your CCNA 200-301 exam

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.