Before we move on to all the cool stuff you need to understand different modes of Cisco Command Line Interface (CLI). Generally, there are 5 modes. But for the sake of this syllabus, which is WIA1005 we’ll use only 4. The modes are User EXEC mode, Privileged EXEC mode, Global Configuration mode and Interface Configuration. Before doing something, you must understand whether your action falls on which mode.
Mode Symbol How to access To exit
User EXEC mode Router > By default exit Privileged EXEC mode Router # Type en exit Global Configuration mode Router(config)# Type conf t exit Interface Configuration Router(config-if)# Type interface (name of interface + number) exit
COMMANDS ON USER EXEC MODE (SHORTCUTS THAT CAN BE COMBO’D BY TAB KEY)
co – open a terminal connection disc – disconnect network
disa – turn off privileged EXEC mode ex – exit from EXEC
l – exit from EXEC p – send echo messages
r – resume connection s – show system info
tel – open a telnet connection t – set terminal parameters
tr – trace route to destination
COMMANDS ON PRIVILEGED EXEC MODE (SHORTCUTS THAT CAN BE COMBO’D BY TAB KEY)
cle – reset functions clo – manage system clock
conf – enter config mode conn – open terminal connection
cop – copy from one file to another deb – debug functions
del – delete a file dir – list files
disa – turn off privileged mode disc – disconnect network
en – turn on privileged mode er – erase a filesystem
ex – exit from EXEC l – exit from EXEC
m – display contents of file n – disable debugging info
p – send echo messages rel – restart
res – resume an active connection se – run setup command
sh – show running system configuration ss – open secure shell connection
COMMANDS ON GLOBAL CONFIGURATION MODE (SHORTCUTS THAT CAN BE COMBO’D BY TAB KEY)
a – add access list entry mac – MAC config
ba – login banner mac- - MAC Address Table config
bo – boot commands ml – mls global commands
cd – global CDP config commands mo – SPAN info and config
cl – config time-of-day clock no – negate a command
cr – encryption module nt – config NTP
de – set command to default po – EtherChannel config
do – run EXEC commands in config mode pr – command privilege parameters
ena – modify enable password sd – switch database management
end – exit from config mode se – modify use of network based services
ex – exit from config mode sn – modify SNMP engine parameters
h – set system’s network name sp – spanning tree subsystem
in – select interface to config u – establish user name authentication
ip – global ip config vl – Vlan commands
li – config a terminal line vt – config global VTP state
ll – global LLDP config lo – modify message logging facilities
COMMANDS ON INTERFACE CONFIG (SHORTCUTS THAT CAN BE COMBO’D BY TAB KEY)
a – set arp type or timeout n – negate a command or set its defaults
d – interface specific description sh – shutdown the selected interface
e – exit from interface config mode st – HSRP interface config commands
i – interface internet protocol config commands
CABLES IN PACKET TRACER
You might ask why I never went through routers, switches, devices bla… That’s in fact a valid question. If you attend enough labs you definitely will recognize them in a blink. However, lecturers won’t tell you on the details of all the cables, especially what can this cable be connected to. So here are some cables that I feel essential in this syllabus. They are ALL PURPOSE CABLE, CONSOLE CABLE, COPPER STRAIGHT THROUGH CABLE, COPPER CROSS OVER CABLE, FIBER AND SERIAL DCE.
ALL PURPOSE CABLE
This cable’s indicator has a shape of a lightning and can be used to connect all devices
CONSOLE CABLE
This cable’s indicator is an aqua blue line. It is used to connect to the device’s CLI for config purposes
COPPER STRAIGHT THROUGH CABEL
COPPER CROSS OVER
FIBER (GENTLE REMINDER, PLEASE ENSURE YOU’RE ON FASTETHERNET PORT WHEN USING THIS)
SERIAL DCE
ASSIGN A NAME TO A SWITCH
COMMAND : Switch# conf t
Switch(config)# hostname S1 (or put any name you want)
and it’ll become S1(config)# which will be the mode for almost all configs
SECURE ACCESS TO THE CONSOLE LINE
COMMAND : S1(config)# line console 0
S1(config-line)# password letmein
S1(config-line)# login (this is needed to login into the switch)
S1(config-line)# exit
SECURE PRIVILEGED MODE ACCESS
COMMAND : S1(config)# enable password 12345abc (put any password required)
CONFIG AN ENCRYPTED PASSWORD TO SECURE ACCESS PRIVILEGED MODE
COMMAND : S1(config)# enable secret 12345abc (put any password required)
*NOTE : THIS ENCRYPTED PASSWORD WILL OVERRIDE PASSWORD SET BEFORE ON ACCESSING PRIVILEGED MODE
ENCRYPT ENABLE AND CONSOLE PASSWORDS
COMMAND : S1(config)# service password-encryption
*NOTE : THIS IS NEEDED TO ENCRYPT PASSWORDS EVEN ON CONSOLE, AS SECRET ENCRYPTS ONLY PRIVILEGED MODE ENCRYPT PASSWORD CONFIG
COMMAND : S1(config)# enable service password-encryption
*NOTE : THIS IS NEEDED TO ENCRYPT PASSWORDS IN ORDER TO PREVENT PEOPLE LOOKING AT YOUR PASSWORD WHEN YOU’RE CONFIGURING IT
CONFIG MOTD BANNER
COMMAND : S1(config)# banner motd “Hello there” (put any message you want)
SAVE AND VERIFY CONFIG FILES TO NVRAM
COMMAND : S1# copy running-config startup-config
Destination filename [startup-config]? (this will appear and press enter)
CONFIG A SWITCH WITH IP ADDRESS
COMMAND : S1(config)# interface vlan 1 (basically any interface you have on that device)
S1(config-if)# ip address 192.168.1.253 255.255.255.0 (the switch’s ipv4 address and subnet mask)
S1(config-if)# no shutdown (needed to enable the interface with the ip address)
CONFIG GIGABITETHERNET INTERFACE ON ROUTER
COMMAND : R1(config)# interface gigabitethernet 0/0 (or any gigabitethernet interface you see)
R1(config-if)# ip address 192.168.10.1 255.255.255.0 (put ip address and subnet mask required)
R1(config-if)# no shutdown (to ensure the router interface is enabled)
THIS WILL APPEAR: %LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
R1(config-if)# description LAN connection to S1 (help interface document network)
TROUBLESHOOT DEFAULT GATEWAY
PROCEDURE : PING EVERY DEVICE, SWITCHES AND ROUTER AND TABULATE THE RESULTS. THERE ARE 4 SCENARIOS IF PING IS UNSUCCESSFUL.
SCENARIO 1 : PC OR OTHER DEVICES CANNOT PING PC (LOCALLY)
SOLUTION : IF THIS HAPPENS, CHECK THE IP CONFIG FROM THE ADDRESS TABLE AND THE DEFAULT GATEWAY OF THE ROUTER. CORRECT THE CONFIG THEN TRY TO PING AGAIN.
SCENARIO 2 : PC OR OTHER DEVICES CANNOT PING SWITCH (LOCALLY)
SOLUTION : IF THIS HAPPENS, CHECK THE IP ADDRESS TABLE AND SEE WHETHER THE IP ADDRESS AND SUBNET MASK ARE THE SAME. IF NOT, PROCEED TO CONFIG THE INTERFACE. SCENARIO 3 : PC OR OTHER DECVICES CANNOT PING PC (REMOTELY)
SOLUTION : CHECK THE DEFAULT GATEWAY OF THE PC WHICH CAN’T BE PINGED VIA IP CONFIG. CHANGE THE DEFAULT GATEWAY BASED ON THE ROUTER.
SCENARIO 4 : PC OR OTHER DEVICES CANNOT PING SWITCH (REMOTELY)
SOLUTION : CHECK THE DEFAULT GATEWAY OF THE SWITCH THAT CAN’T BE PINGED. CHANGE THE DEFAULT GATEWAY ON THE GLOBAL CONFIG MODE WITH COMMAND (ip default-gateway 192.168.10.1) OR ANY DISPLAYED BY THE ROUTER.
CONFIGURING IPV6 ADDRESS
COMMAND : R1(config)# ipv6 unicast-routing (to enable the router to forward IPv6 packets)
R1(config)# interface GigabitEthernet 0/0 (or any interface you wish to configure)
R1(config-if)# ipv6 address 2001:db8:1:1::1/64 (or any address you wish to add)
R1(config-if)# ipv6 address fe80::1 link-local (add link-local to make fe80::1 the link-local address)
R1(config-if)# no shutdown (get this interface to run with the previous config)
CHANGING THE CONFIGURED IPV6 ADDRESS
COMMAND : R1(config-if)# no ipv6 address 2001:db8:1:1::1/64 (this is very important because if the address is not removed in this way, both the correct and incorrect address will remain in config)
SETTING MINIMUM PASSWORD LENGTH
COMMAND : R1(config)# security password min-length 10 (can be any length you want, in this case I put 10)
DISABLE DNS LOOKUP
COMMAND : R1(config)# no ip domain-lookup (tells the router to stop interacting with any DNS servers entirely)
SET THE DOMAIN NAME
COMMAND : R1(config)# ip domain-name CCNA.com (or any domain name you want)
CREATE A USER WITH PASSWORD
COMMAND : R1(config)# username user1 secret password1 (put any username and password you want)
GENERATE N-BIT RSA KEYS
COMMAND : R1(config)# crypto key generate rsa
(IT WILL THEN PROMPT YOU TO INPUT A NUMBER FROM 360 TO 2048) BLOCK ANYONE FOR N-TIME WHO FAILS TO LOGIN AFTER M-ATTEMPTS WITHIN O-PERIOD
COMMAND : S1(config)# interface range F0/2 – 24, G0/2 (in this case, port f0/2 till port f0/24 and g0/2 is selected. You can put any ports you want any range as long as port exists)
S1(config-if-range)# shutdown (disables the port)
CONFIGURE PORT SECURITY (RANGE)
COMMAND : S1(config)# interface range f0/1-2 (can be for one port, just drop range and it’ll focus on one port)
S1(config-if-range)# switchport port-security (activates port security)
SET MAX N-DEVICES CAN ACCESS THE PORT
COMMAND : S1(config-if)# switchport port-security maximum 1 (N=1)
SECURE PORTS SO IT CAN DYNAMICALLY LEARN MAC ADDRESS OF DEVICE AND ADD TO RUNNING CONFIG
COMMAND : R1(config)# interface g0/0 (interface to be configured)
R1(config-if)# ip helper-address 10.1.1.2 (depends on the connection link, in this case s0/0/0 happens to be connected to R2 with an address of 10.1.1.2)
CONFIG ROUTER AS DHCP CLIENT
COMMAND : R1(config)# interface g0/1 (the interface to be configured)
R1(config-if)# ip address dhcp (receive ip addressing from dhcp)
R1(config-if)# no shutdown (activates the interface)
