hostname no ip domain-lookup ip name-server <DNS IP> ip host R1 10.2.2.2 [DNS Entry] banner motd "Unauthorized acccess prohibited.

" banner login username Student password cisco123 enable secret password service password-encryption security passwords min-length 10 line console 0 password cisco login logging synchronous no exec-timeout line vty 0 4 password cisco login logging synchronous exec-timeout <min> <sec>

********* SSH ********* ip domain-name cisco.com crypto key generate rsa [1024] line vty 0 4 transport input ssh transport input ssh telnet [ssh 1st, then telnet] ip ssh time-out 15 ip ssh authentication-retries 2

****** Show ****** sh sh sh sh sh interface s0/0/0 ip interface s0/0/0 ip int brief protocols controllers ? [DCE or DTE]

sh arp sh mac-address-table

****************** Recover password ****************** - Reload router - Press Ctrl+Break during boot. rommon1>confreg 0x2142 rommon2>I or reset copy start run change pass config-register 0x2102 copy run start

******** CDP ******** sh cdp neighbors detail sh cdp interface no cdp run no cdp enable Vulnerable router services: no cdp run no ip http server no snmp server no service config auto secure

*********** Cisco SDM *********** ip http server ip http secure-server ip http authentication local username student privilege 15 secret cisco line vty 0 4 privilege level 15 login local transport input telnet ssh

*************** Static Routing *************** ip route 172.16.3.0 255.255.255.0 192.168.2.4 ip route <dest. network> <mask> <next-hop|exit-interface> <AD(optional)> ip route 172.16.3.0 255.255.255.0 s0/0/1 Default route: ip route 0.0.0.0 0.0.0.0 10.0.0.1 Gateway: ip default-network 217.124.6.0 AD 0 - Connected 1 - Static 5 - EIGRP Summary 90 - EIGRP 110 - OSPF 120 - RIP

********* RIP ********* router rip network 10.0.0.0 passive-interface f0/0 router rip version 2 no auto-summary [removes automatic route summarization] network .... Security: key-chain RIP_KEY key 1 key-string cisco int s0/0/0 ip rip authentication mode md5 ip rip authentication key-chain RIP_KEY

******* EIGRP ******* sh ip eigrp topology sh ip eigrp topology all-links sh ip eigrp topology 192.168.1.0 router eigrp 10 [10=autonomous system] network ... passive-interface fa0/0 no auto-summary [remove null0] Composite: [10,000,000/bandwidth]*256 + [delay/10]*256 Slowest bandwidth Delay summation ip summary-address eigrp 1 192.168.0.0 255.255.252.0 redistribute static Security: key-chain EIGRP_KEY key 1 key-string cisco int s0/0/0 ip authentication mode eigrp 10 md5 ip authentication key-chain eigrp 10 EIGRP_KEY

******* OSPF ******* shpw ip ospf show ip ospf neighbor show ip ospf interface Cost = (10^8/bandwidth) router ospf 1 [1 = process-id] network 10.0.0.0 0.255.255.255 area 0 bandwidth 64 ip ospft cost 1562 auto-cost reference bandwidth 10000 [Mbps] ip ospf hello-interval ip ospf dead-interval ip ospf priority 1 default-information originate Security: int s0/0/0

ip ospf message-digest-key 1 md5 cisco ip ospf authentication message-digest router ospf 10 area 0 authentication message--digest

********* Switch ********* sh interfaces f0/18 switchport sh interfaces trunk vlan 10 name Sales switchport mode access sw acc vlan 10 switchport mode trunk [or dynamic auto|dynamic desirable] sw trunk encap dot1Q [on by default] sw trunk allowed vlan 10 sw trunk allowed vlan add 10,20,30 sw trunk native vlan 99 Management VLAN: int vlan 99 ip address no shut ip default-gateway <IP> [management vlan sub-int IP on Router] ip http authentication enable ip http server int ip range f0/1 - 24 switchport mode port-security sw port-sec mac-address sticky sw port-sec maximum 2 sw port-sec violation <shutdown|restrict|protect> Static MAC: mac-address-table static ...... vlan 1 int f0/5

SPT: spanning-tree vlan 1 priority 4096 spanning-tree vlan 1 root primary spanning-tree vlan 1 root secondary

spanning-tree mode rapid-pvst if)# spanning-tree link-type point-to-point int f0/0 spanning-tree portfast spanning-tree cost

Inter-VLAN Routing: int f0/0 no shut int f0/0.1 encapsulation dot1q 10 ip address 192.168.10. .... int f0/0.99 encapsulation dot1q 99 native ip address ....

VTP: vtp mode server [or client|transparent] vtp domain name vtp password password vtp pruning Voice Vlan: mls qos int f0/1 sw priority extend trust mls qos trust cos switchport voice vlan dot1p sw mo access sw acc vlan 3 sw voice vlan 10

********* ACLs ********* show access-list no access-list no ip acces-group Standard: 1-99 access-list 10 <deny|permit> <any|host> <IP address> <wildcard>

access-list 10 deny host 172.16.30.2 access-list 10 deny 176.10.0.0 0.0.0.255 access-list 10 deny any [any = 0.0.0.0 255.255.255.255] access-list 10 remark Permit hosts from 172.16.10.0 LAN int f0/0 ip access-group 1 out [or in] Telnet only: access-list 10 permit 192.168.10.0 0.0.0.255 access-list 10 deny any line vty 0 4 access-class 10 in Named: ip access-list standard NO_ACCESS deny host 192.168.11.10 permit 192.168.11.0 0.0.0.255 int f0/0 ip access-group NO_ACCESS out

----------Extended: 100-199 access-list 101 permit tcp any eq ? access-list id <deny|permit> <tcp|icmp|ip> <source> <destination> <op> <port> <e stablished> access-list 101 deny tcp any host 172.16.30.2 eq 23 access-list 101 permit tcp 10.0.0.0 0.0.255.255 192.168.10.0 0.0.0.255 eq telnet acc 103 permit tcp 192.168.10.0 0.0.0.255 any eq 80 acc 104 permit tcp any 192.168.10.0 0.0.0.255 established ip access-group 104 in [Alloes only established http replies] ftp - port 21, 20 Named: ip access-list extended SURFING permit tcp 192.168.10.0 0.0.0.255 any eq 80 ip access-list extended BROWSING permit tcp any 192.168.10.0 0.0.0.255 established ip access-group SURFING out ip access-group BROWSING in

------Dynamic username Student password 0 cisco access-list 101 permit any host 10.2.2.2 eq telnet acc 101 dynamic testlist timeout 15 permit ip 192.168.10.0 0.0.0.255 192.168.30. 0 0.0.0.255

int s0/0/0 ip access-group 101 in line vty 0 4 login local autoconnect access-enable host timeout 5

---------Reflexive Allow only originating traffic ip access-list extended OUTBOUNDFILTERS permit tcp 192.168.0.0 0.0.255.255 any reflect TCPTRAFFIC permit icmp 192.168.0.0 0.0.255.255 any reflect ICMPTRAFFIC ip access-list extended INBOUNDFILTERS evaluate TCPTRAFFIC evaluate ICMPTRAFFIC int s0/0/0 ip access-group INBOUNDFILTERS in ip access-group OUTBOUNDFILTERS out

----------Time-based time-range EVERYOTHERDAY periodic Monday Wednesday Friday 8:00 to 17:00 access-list 101 permit tcp 192.168.10.0 0.0.0.255 any eq http time-range EVERYOT HERDAY ip access-group 101 out

******* PPP ******* int s0/0/0 encapsulation ppp compress <predictor|stacker> ppp quality 80 ppp multilink ppp authentication chap pap

PAP: R1#hostname R1 username R3 password cisco123 [of other router] int s0/0/0 encap ppp ppp authentication pap ppp pap sent-username R1 password cisco123 R3#hostname R3 username R1 password cisco123 [of other router] int s0/0/0 encap ppp ppp authentication pap ppp pap sent-username R3 password cisco123

CHAP: R1#hostname R1 username R3 password cisco123 [of other router] int s0/0/0 encap ppp ppp authentication chap R3#hostname R3 username R1 password cisco123 [of other router] int s0/0/0 encap ppp ppp authentication chap

************* Frame Relay ************* DLCI: 16->1007 show frame-relay map sh int s0/0/0 sh frame-relay lmi sh frame-relay pvc 102 Static mapping: int s0/0/0 ip address 10.1.1.1 255.255.255.0 encap frame-relay no frame-relay inverse-arp frame-relay map ip 10.1.1.2 102 broadcast cisco int s0/0/0 encap frame-relay bandwidth 64 frame-relay map ip 10.1.1.2 102 broadcast

Subinterfaces: int s0/0/0 encap frame-relay int s0/0/0.102 point-to-point ip add 10.1.1.1 255.255.255.252 bandwidth 64 frame-relay interface-dlci 102

********** DHCP ********** ip dhcp excluded-address 192.168.10.1 192.168.10.9 ip dhcp excluded-address 192.168.10.254 ip dhcp pool LAN-POOL-1 network 192.168.10.0 255.255.255.0 default-router 192.168.10.1 [gateway] R2(config-if)#ip address dhcp int f0/0 ip .... ip helper-address 192.168.10.1 [DHCP server]

******** NAT ******** Static: ip nat inside source static 192.168.10.254 209.165.200.254 int s0/0/0 ip nat inside int s0/0/1 ip nat outside Dynamic: access-list 10 permit 192.168.0.0 0.0.255.255 ip nat pool NAT-POOL1 209.165.200.226 209.165.200.240 netmask 255.255.255.254 ip nat inside source list 10 pool NAT-POOL1 [overload] Overload: access-list 10 permit 192.168.0.0 0.0.255.255 ip nat inside source list 10 int s0/0/0 overload [outside interface]

******* IPv6 ******* ipv6 unicast-routing (config-if)# ipv6 address 2001:db8:c18:1::/64 eui-64 [eui-64 = MAC omitted] #ipv6 address 3ffe:b00:c18:1::3/127 RIPng: ipv6 router rip RT0 int s0/0/0 ipv6 rip RT0 enable