Below are the basic cisco commands to practice labs and prepare for your CCNA Certification exam.
Basic switch configuration :
Configure the hostname:
S1(config)# hostname nom du switch
Turn off DNS lookup
S1(config)# no ip domain-lookup
Assign password to console access
S1(config)# line console 0 S1(config-line)# password votre mot de passe S1(config-line)# login
Prevent status messages from interrupting command line input
S1(config-line)# logging synchronous
Assign password to Telnet access
S1(config)# line vty 0 15 S1(config-line)# password votre mot de passe S1(config-line)# login
Use a password in the preferred execution mode
S1(config)# enable password votre mot de passe S1(config)# enable secret votre mot de passe
Encrypt all passwords in plain text
S1(config)# service password-encryption
Include a message in the MOTD banner
S1(config)# banner motd # votre message #
Configure the VLAN interface
S1(config)# interface vlan 1 S1(config-if)# ip address 192.168.1.10 255.255.255.0
configure default gateway
S1(config)# ip default-gateway 192.168.1.1
Save your settings
S1# copy running-config startup-config
Basic Router Configuration :
Configure the host name
R1(config)# hostname nom du routeur
Turn off DNS lookup
R1(config)# no ip domain-lookup
Disable the HTTP service
R1(config)# no ip http server
Assign password to console access
R1(config)# line console 0 R1(config-line)# password votre mot de passe R1(config-line)# login
Prevent status messages from interrupting command line input
R1(config-line)# logging synchronous
Assign password to Telnet access
R1(config)# line vty 0 4 R1(config-line)# password votre mot de passe R1(config-line)# login
Use a password in the preferred execution mode
R1(config)# enable password votre mot de passe
Encrypt all passwords in plain text
R1(config)# service password-encryption
Include a message in the MOTD banner
R1(config)# banner motd # votre message #
Save your configurations:
R1# copy running-config startup-config
SSH configuration :
Define a domain name
R1(config)# ip domaine-name domain.com
Generate the RSA key
R1(config)# crypto key generate RSA
Create a local user with a password
R1(config)# username admin password votre mot de passe
Set all lines to use SSH and a local login for remote connections
R1(config)# line vty 0 4 R1(config-line)# transport input SSH R1(config-line)# login local
Activate SSH version 2
R1(config)# ip SSH version 2
Modify SSH authentication attempts
R1(config)# ip SSH authentication-retries 3
Change the SSH timeout value
R1(config)# ip SSH time-out 60
Delete the RSA key pair and disable the SSH server
R1(config)# crypto key zeroize rsa
Configuration of DHCP monitoring:
Activate the DHCP monitoring
S1(config)# ip dhcp snooping
Enable DHCP serving for VLANs
S1(config)# ip dhcp snooping vlan 10,20
Identify reliable ports
S1(config)#interface F0/1 S1(config-if)# ip dhcp snooping trust
Limit the frequency of false dhcp requests
S1(config)#interface F0/2 S1(config-if)# ip dhcp snooping limit rate 5
NTP configuration:
Time configuration
R1# clock set 15 :19 :00 19 april 2022
Configure R1 as an NTP server
R1(config)# ntp master 1
Configure R2 as an NTP client
R1(config)# ntp server 10.1.1.1
Port Security Configuration:
Define the interface mode on the access mode
S1(config)# interface F0/1 S1(config-if)# switchport mode access
Enable port security
S1(config-if)#switchport port-security
Define the maximum number of secure addresses
S1(config-if)#switchport port-security maximum 3
Activate the learning process
S1(config-if)#switchport port-security mac-address sticky
Change the violation mode of a port
S1(config-if)#switchport port-security violation [restrict/protect/shutdown]
VLAN:
Create a VLAN number 99 named management
S1(config)# vlan 99 S1(config-vlan)# name management
Give an IP address to VLAN 99
S1(config)# interface vlan 99 S1(config-if)# ip address 192.168.99.5 255.255.255.0
Set the port to access mode and assign to VLAN 99
S1(config)# interface F0/1 S1(config-if)# switchport mode access S1(config-if)# switchport access vlan 99
Set the port to trunk mode
S1(config)# interface G0/1 S1(config-if)# switchport mode trunk
Specify a native VLAN for untagged trunks
S1(config-if)#switchport trunk native vlan 70
Indicates the list of VLANs allowed on the trunk link
S1(config-if)# swicthport trunk allowed vlan 10,20,70,99
Configure the PVLAN device function and protect the port
S1(config)# interface F0/3 S1(config-if)# switchport protected
Prevents the interface from generating DTP frames
S1(config)#interface F0/4 S1(config-if)# switchport nonegotiate
VTP configuration
Define the VTP server
S1(config)# vtp mode server
the VTP client
S1(config)# vtp mode client
the VTP domain
S1(config)# vtp domain cisco.com
Set the VTP password
S1(config)# vtp password votre mot de passe
Inter-VLAN routing :
Assign the interface to VLAN 10 and give it an address
R1(config)# interface G0/0.10 R1(config-subif)#encapsulation dot1q 10 R1(config-subif)# ip address 192.168.10.1 255.255.255.0
Assign the interface to VLAN 20 and give it an address
R1(config)# interface G0/0.20 R1(config-subif)#encapsulation dot1q 20 R1(config-subif)# ip address 192.168.20.1 255.255.255.0
Assign the interface to the native VLAN and give it an address
R1(config)# interface G0/0.70 R1(config-subif)#encapsulation dot1q 70 native R1(config-subif)# ip address 192.168.70.1 255.255.255.0
Activate all previous sub interfaces
R1(config)# interface G0/0 R1(config-if)# no shutdown
Static routing:
Configuration of a static route of the following section
R1(config)# ip route 192.168.1.0 255.255.255.0 172.16.2.2 R1(config)# ipv6 route 2001 :DB8 :ACAD :2 ::/64 2001:DB8:ACAD:4::2
Configure a directly connected static route
R1(config)# ip route 192.168.1.0 255.255.255.0 S0/0/0 R1(config)# ipv6 route 2001:DB8:ACAD:2::/64 S0/0/0
fully specified static route
R1(config)# ip route 192.168.1.0 255.255.255.0 G0/1 172.16.2.2 R1(config)# ipv6 route 2001:DB8:ACAD:2::/64 G0/1 FE80::2
Configuration of a static default route
R1(config)# ip route 0.0.0.0 0.0.0.0 S0/0/0 R1(config)# ipv6 route ::/0 S0/0/0
floating route (emergency)
R1(config)# ip route 192.168.1.0 255.255.255.0 S0/0/0 5 R1(config)# ipv6 route 2001:DB8:ACAD:2::/64 S0/0/0 5
RIP Routing:
Activate and switch to RIP configuration mode
R1(config)# router rip
Activate RIP version 2
R1(config-router)# version 2
Advertise RIP networks
R1(config-router)# network 192.168.1.0 R1(config-router)# network 192.168.2.0
Disable automatic summarization
R1(config-router)# no auto-summary
Configure the passive interface
R1(config-router)# passive-interface G0/1
Propagation of a default route
R1(config-router)# default-information originate
Redistribution of static routes
R1(config-router)# redistribute static
See also: 2 Tier or Collapsed Core Network Architecture
RIPng routing configuration:
Enable IPv6 unicast routing
R1(config)# ipv6 unicast-routing
Activate and switch to RIPng configuration mode
R1(config)# ipv6 router rip name
Use the RIP process ng name
R1(config-if)# ipv6 rip name enable
Propagation of a default route
R1(config-if)# ipv6 rip name default-information originate
Redistribution of static routes
R1(config-rtr)# redistribute static
Configuring OSPFv2 routing:
Activate and switch to OSPFv2 configuration mode
R1(config)# router ospf 1
Assign a router ID
R1(config-router)# router-id 1.1.1.1
Advertise OSPF networks
R1(config-router)# network 192.168.1.0 0.0.0.255 area 0 R1(config-router)# network 192.168.2.0 0.0.0.255 area 0
Configuration of the passive interface
R1(config-router)# passive-interface G0/1
Modification of the referential bandwidth
R1(config-router)# auto-cost reference-bandwidth 1000
Changing the interface bandwidth
R1(config)# interface S0/0/0 R1(config-if)# bandwidth 64
Manual setting of the OSPF cost
R1(config)# interface S0/0/0 R1(config-if)# ip ospf cost 15625
Modification of the priority
R1(config)# interface S0/0/0 R1(config-if)# ip ospf priority 255
Suppression of the OSPF process
R1# clear ip ospf process
Modification of the intervals
R1(config-if)# ip ospf hello-interval 5 R1(config-if)# ip ospf dead-interval 20
Enable MD5 OSPF authentication globally
R1(config-router)# area 0 authentication message-digest R1(config-if)# ip ospf message-digest-key 1 md5 name
Enable MD5 OSPF authentication on interfaces
R1(config-if)# ip ospf authentication message-digest R1(config-if)# ip ospf message-digest-key 1 md5 name Propagation of a route by defut R1(config-router)# default-information originate
Redistribution of static routes
R1(config-router)# redistribute static
Summarize the routes for a zone
R1(config-router)# area 0 range 10.10.0.0 255.255.252.0
Configuring OSPFv3 routing:
Enable IPv6 unicast routing
R1(config)# ipv6 unicast-routing
Activate and switch to OSPFv3 configuration mode
R1(config)# ipv6 router ospf 1
Assign a router ID
R1(config-rtr)# router-id 1.1.1.1
Enabling OSPFv3 on an interface
R1(config-if)#ipv6 ospf 1 area 0
Configuration of the passive interface
R1(config-rtr)# passive-interface G0/1
Modification of the referential bandwidth
R1(config-rtr)# auto-cost reference-bandwidth 1000
Changing the interface bandwidth
R1(config)# interface S0/0/0 R1(config-if)# bandwidth 64
Manual setting of the OSPF cost
R1(config)# interface S0/0/0 R1(config-if)# ipv6 ospf cost 15625
Modification of the priority
R1(config)# interface S0/0/0 R1(config-if)# ipv6 ospf priority 255
Suppression of the OSPF process
R1# clear ipv6 ospf process
Modification of the intervals
R1(config-if)# ipv6 ospf hello-interval 5 R1(config-if)# ipv6 ospf dead-interval 20
Propagation of a route by defut
R1(config-rtr)# default-information originate
Redistribution of static routes
R1(config-rtr)# redistribute static
Summarize the routes for a zone
R1(config-rtr)# area 1 range 2001:DB8:1::/62