Router commands

Cisco Router Commands
introduced during
CNAP Semesters 2, 3, 4
for
CCNA Certification Examination

Updated 02-20-2001
by Leon Schram
leon.schram@risd.org

Berkner High School
Richardson Independent School District
Richland College
Dallas County Community College

Cisco Router & Switch Commands Page 1

This reference manual is compiled by Leon Schram from information provided by the Cisco
Networking Academy Program curriculum and the Sybex CCNA Study Guide.

CCNA (Cisco Certified Network Associate) Study Guide,
Second Edition by Todd Lammle
Published 2000 by Sybex ISBN: 0-7821-2647-2

This reference guide may be freely copied and distributed by Cisco instructors to students
enrolled in any Cisco Networking Academy Program.

Do not be surprised if various commands are repeated in different sections. This router reference guide
has tried to place commands in the same sequence as they are introduced during your CNAP course. At
the same time the commands are grouped in some logical manner, which means that some commands
will belong to multiple groups.


Semester 2 Router Lab Topology
Starting with Semester 2 the CNAP refers to a Router Lab Topology. This lab topology, which is shown on the
next page, is used for Semester 2 lab sessions, the semester 2 lab final, and will also be used for some lab
practices during Semester 3 and Semester 4 lab exercises.

You will note that a switch is part of the lab topology. Switch commands, and switch configuration will not be
introduced until semester 3. However, the switch needs to be attached to the Ethernet-1 port of the Lab-A router
for proper port configuration.

Please note that the configuration of router ports, both serial and ethernet, can be done with a single stand alone
router. Testing router configurations, especially port configurations, is onlu possible is the port is attached to
some device. For serial ports this means that the port is attached to another port via a serial cable. For the
Ethernet ports this means that the port is connected to either a hub or a switch.


Physical Router Connections
01. Take the console (rollover) cable, usually flat, and connect the cable with the RJ45 plug into the console
port of the router. Take the other end of the console cable and plug it into the serial adapter. Attach the
serial adapter to one of the serial (com) ports of the computer. This com port needs to be the same port as
the one specified in the hyper terminal properties. (Explained later)

02. Attach a transceiver to the Attachment Unit Interface (AUI) Ethernet port on the router. Slide the AUI to the
right when attaching or removing the transceiver. Slide the AUI to the left to lock the transceiver in place.

03. Connect a cat-5 cable to the transceiver and a hub or a switch. The hub needs to be turned on for the
Ethernet port to have line protocol up, meaning it can communicate.

04. If a serial connection is made attach the female part of the DCE cable to the male part of the DTE cable. In
many cases these two cables are already connected. A serial connection is made three times for Lab-A to
Lab-B, Lab-B to Lab-C and Lab C to Lab-D.

05. Attach the DCE end of the serial cable to the Serial-0 port on one router.

06. Attach the DTE end of the serial cable to the Serial-1 port on the other connecting router.

07. Connect Lab-D and Lab-E with Cat-5 cable using Ethernet ports and a hub.


Creating a Cisco Router Connection
Keywords Hyper Terminal

First make or check the physical connection between a Connect console cable RJ45 plug to serial adapter and attach
workstation and a Cisco Router. serial adapter to com1 serial workstation port. Connect the
other RJ45 plug to the con port of the router.
Note: Cisco 2500 will also work with aux port.

Bootup work station and go to Hyper Terminal folder Click <Start-Programs-Accessories-HyperTerminal>
Execute HyperTerminal program Click <Hypertrm.exe>

Connection Description window Name: Cisco Router (or other appropriate icon name)
Select connection name and a connection icon Icon: Accept default icon or pick desired icon
Click OK

Phone Number window Connect using: Direct to Com1 (do not use dial up)
Enter indicated settings: Bits per second: 9600
You are not creating a phone dial-up connection Data bits: 8
Parity: none
Flow control: Hardware
Click OK

Save the new connection: Click <File-Save>

It is recommended to drag the router icon to the desktop for
convenient future router access.

Start a router session: Click <HyperTerminal>
Execute HyperTerminal: Click <File-Open> and select Router icon
Connect to the router Press <Enter>
You should see user-exec prompt like Router>


Logging into the Router
Keywords <enable> help <?> <^Z> <exit>

Correct, initial, router connection should provide user-exec Router>
mode prompt. The user-exec mode provides minimal router
command access, which is mostly of the “read-only” variety.
Router configurations cannot be changed in user mode.

To display a list of available user-exec commands: Router> ?

To enter privileged-exec mode: Router> enable
The privileged-exec mode provides maximum router Password: class (password is not displayed)
command access. A password prompt may not be seen the Router#
first time that a router is activated. You must provide the
password for future logins.

To display a list of available privileged-exec commands: Router# ?

To enter global configuration mode: Router# config t
(t is short for terminal) Router(config)#
Return to privileged mode with <Ctrl-Z>: Router(config)#^Z
Router#
You can also return to privileged mode with exit: Router(config)# exit
Router#

Return the router to user-exec mode: Router#disable

Note: Cisco routers automatically disconnect after an inactive
time period. It will be necessary to repeat the login.

If a user-exec prompt does not appear, try pressing
the <Enter> key.


Using Clock and Getting Cisco Router Command Help
Keywords <clock> <set> <show> <?>

The ? can be used to display a list of available options after a
partial router command entry.

To set the clock and only knowing the clock command: Router# clock ?
Router responds with: set Set the time and date

Enter the next step and ask for more help: Router# clock set ?
Router responds with: hh:mm:ss Current Time (hh:mm:ss)

Now enter new time: Router# clock set 10:29:30
Router responds with: % Incomplete command

Ask for additional help: Router# clock set 10:29:30 ?
Router responds with: <1-31> Day of the month
MONTH Month of the year

Add day and month information and ask for more help: Router# clock set 10:29:30 10 October ?
Router responds with: <1993-2035> Year

Enter the complete clock command: Router# clock set 10:29:30 10 October 1999

To display date and time information: Router# show clock
10:30:01.543 UTC Sun Oct 10 1999


Cisco Router Editing Commands
Keywords <show> <terminal> <editing> <history> <size>

Move to the beginning of the command line: <Ctrl-A>

Move to the end of the command line: <Ctrl-E>

Move forward one character: Right-Arrow or <Ctrl-F>

Move backward one character: Left-Arrow or <Ctrl-B>

Repeat the entire (last) previous command: Up-Arrow or <Ctrl-P>

Most recent command recall: Down-Arrow or <Ctrl-N>

Move backward one word: <Esc-B>

Move forward one word: <Esc-F>

Show history of commands in the buffer: Router> show history

Set the history buffer size (up to 256): Router> terminal history size

Disable advanced editing features: Router> no terminal editing

Enable advanced editing features: Router> terminal editing

Completing a partial command with <tab> key: Router# show run <tab>
Router responds with: Router# show running-config

Typing a partial, but recognizable, command Router# sho clo


Configuration Modes and Prompts
Keywords <config> <interface> <subinterface> <line> <router> <ipx>
User EXEC mode for limited examination of the router Router>

Privileged EXEC mode for detailed examination of the router, Router#
debugging, debugging, file manipulation and remote access

All router configurations start by changing to the global
configuration mode. Router# config t
Router(config)#

This example changes to the configuration-interface mode Router(config)# int e0
for the e0 interface of the router: Router(config-if)#

Router(config)# int e0.100
Note: Router(config-subif)#

The remainder of the example include a variety of Cisco Router(config)# router rip
router configuration modes. Router(config-router)#

You will not know the meaning of many of these Router(config)# line vty 0 4
commands. Right now that does not matter. The main Router(config-line)#
point is that many commands do not work because they
are not entered from the correct configuration mode. Router(config)# ipx router rip
Router(config-ipx-router)#

Router(config)# map-list Qwerty
Router(config-map-list)#

Router(config)# map-map Secure 10
Router(config-rout-map)#


RXBOOT mode used to recover from lost passwords or
accidental flash erasure

SETUP mode prompted dialog to enter router configuration

Router Status Commands
Keywords <show> <version> <processes> <mem> <stacks> <flash> <run> <start> <int>

Displays system configuration, software version, file names Router#show version
and the boot image:

Displays information about the active processes: Router#show processes

Displays the configured protocols: Router#show protocols

Monitors stack use, interrupt routines, and last system reboot: Router#show stacks

Displays buffer statistics: Router#show buffer

Displays flash memory information: Router#show flash

Displays the active configuration file in RAM: Router#show running-config (usually just show run)
This is one of the most useful router commands
Router#show startup-config (usually just show start)
Displays the startup (backup) configuration file in NVRAM:
Router#show interfaces
Displays statistics for all router interfaces:

Note: All command examples are shown in the privileged
mode. Many of the show commands are also available in the
user mode.


Semester 2 Router Lab Topology
E0: 192.5.5.1
E1: 205.7.5.1
Lab-A S0: 201.100.11.1 (DCE)
SM: 255.255.255.0
Networks: 192.5.5.0 205.7.5.0 201.100.11.0

E0: 219.17.100.1
S0: 199.6.13.1 (DCE)
Lab-B S1: 201.100.11.2
SM: 255.255.255.0
Networks: 219.17.100.0 199.6.13.0 201.100.11.0

E0: 223.8.151.1
S0: 204.204.7.1
Lab-C S1: 199.6.13.2
SM: 255.255.255.0
Networks: 223.8.151.0 204.204.7.0 199.6.13.0

E0: 210.93.105.1
S0: Not configured
Lab-D S1: 204.204.7.2
SM: 255.255.255.0
Networks: 210.93.105.0 204.204.7.0

E0: 210.93.105.2
S0: / S1 Not configured
Lab-E SM: 255.255.255.0
Networks: 210.93.105.0


Cisco Discovery Protocol
Keywords <cdp> <interface> <neighbors> <detail> <entry> <enable> <traffic>

Show packets and holdtime: Router#show cdp

Shows information about the router’s interface status, such as Router#show cdp interface
CDP timers, packets and encapsulation:
Router#show cdp neighbors
Displays information about directly connected routers, such as
device identifiers, address lists, port idenmtifiers and version:
Router#show cdp neighbors detail
Displays additional detailed information about directy
connected routers, including their ip addresses:
Router#show cdp entry *
Displays the same information as the show cdp neighbors
detail command:
Router#show cdp entry LAB-B
Displays information for a specified neighbor:
Router#config t
Enabling CDP on a specified interface, which begins CDP’s Router(config)#int s0
dynamic discovery and starts the exchange of CDP frames: Router(config-if)#cdp enable

Displays the amount of packets sent and received among Router#show cdp traffic
router neighbors:


Router Testing
Keywords <telnet> <exit> <disconnect> <return> <sessions> <users> <ping> <trace>
<ip route> <clear> <counters>

Starting a virtual terminal session with an IP address: Router#telnet 172.16.50.1

Starting a virtual terminal session with a host name: Router#telnet Lab-A

Finish a telnet session connected to LAB-A router: Lab-A#exit

Return to original router without terminating telnet session: Lab-A#<Ctrl><Shift><6>

Resume earlier telnet session: Lab-A#return

Displays open telnet sessions: Router#show sessions

Displays routers connected by telnet: Router#show users

Test end-to-end connectivity using ip address: Router#ping 172.16.50.1

Test end-to-end connectivity host name: Router#ping LAB-A

Test each step from source to destination: Router#trace 172.16.50.1

Abort continuous trace attempts: <Ctrl><Shift><6>

Check if a router has a routing table: Router#show ip route

Check if a specific interafce is operational and display Router#show intyerfaces s1
statistics since the last time counter were cleared:

To reset counters which helps to get a current router picture: Router#clear counters


Commands related to Router Startup and Configurations
Keywords <run> <run> <reload> <setup> <write> <erase> <term>

Display running configuration in RAM: Router#show running-config (or show run)
Cisco IOS 10.3 and earlier: Router#write term

Display startup (backup) configuration in NVRAM: Router#show startup-config (or show start)
Cisco IOS 10.3 and earlier: Router#show config

Erase the startup configuration in NVRAM: Router#erase start-up config (or erase start)
Cisco IOS 10.3 or earlier: Router#write erase

Restart the entire startup process with start-up configuration: Router#reload

Enter router-prompted running configuration sequence: Router#setup

Copy the running configuration to the startup configuration: Router#copy run start
Cisco IOS 10.3 or earlier: Router#write mem

Copy the startup configuration to the running configuration: Router#copy start run
Cisco IOS 10.3 or earlier: Router#config mem

Note: the setup command can be used only for creating a
minimal router configuration. Many configurations cannot be
entered or altered with setup


Setting Cisco Router Passwords
Keywords <config> <enable> <secret> <password> <line> <vty> <aux> <con> <login>
<service> <password-encryption>

Setting the privileged password: Router# config t
Used for non-encrypted privileged mode and older IOS Router(config)# enable password cisco
All password settings must be done in global configuration

Setting the privileged-exec mode password: Router(config)# enable secret class

Setting the virtual terminal password: Router(config)# line vty 0 4
This password is used for telnet sessions into your router. Router(config-line)# login
line vty 0 4 specifies that up to 5 telnet sessions are allowed: Router(config-line)# password cisco

Setting the auxiliary password: Router(config)# line aux 0
This password is used to control access to the router through Router(config-line)# login
the aux port via a modem for remote console connections. Router(config-line)# password cisco

Setting the console password: Router(config)# line con 0
This password controls access to the router through the Router(config-line)# login
standard con router port Router(config-line)# password cisco

Manually encrypting all password configurations that follow: Router(config)#service password-encryption


Hostnames and Login Banners
Keywords <hostname> <banner> <motd>

Changing the router’s hostname from current Router to the Router#config t
new name Lab-A: Router(config)#hostname Lab-A

Note: Casual changing of host names can cause problems.
You will see in later router commands that host names are
used in various router configurations that are stored for future
use. The ability to do something like Telnet may not be
possible anymore when host names are arbitrarily changed.

You can add a banner that will be displayed with login. Router#config t
The motd commands stands for message of the day. Router(config)#banner motd #
Start with the command with a delimiting charcter, like # Enter TEXT message: End with the chracter #
Have a nice day#

Both end and <Ctrl-Z> return to the priviliged mode: Router(config)#end
Router#

Router(config)#^Z
Router#


Bootstrap options
Keywords <boot system> <flash> <tftp>

Loading Cisco IOS from flash memory (this is default) with a Router#config t
specified file name: Router(config)#boot system flash gsnew-image

Loading Cisco IOS from TFTP server with a specified file Router(config)#boot system tftp test.exe 172.16.13.111
name and TFTP server ip address:

Loading Cisco IOS from ROM, which is only a subset of the Router(config)#boot system rom
completye IOS:


Working with a TFTP server
Keywords <flash> <copy> <tftp>

Determining memory available in flash, as well as IOS file Router#show flash
name that is stored in flash: 4096K bytes of flash memory sized on embedded flash
File name/status
0 mater/California//i11/bin/gs7-j-mz.112-0.11 [deleted]

Upload copying the system image from flash to a tftp server: Router#copy flash tftp
IP address of remote host [255.255.255.255]? 172.16.13.111
filename to write on tftp host? c4500-i

Downloading a new image from a tftp server to flash: Router#copy tftp flash
IP address of remote hosts [255.255.255.255]? 172.16.13.111
Name of tftp filename to copy into flash []? c4500-aj-m

Upload running configuration to a tftp server: Router#copy run tftp

Upload startup configuration to a tftp server: Router#copy start tftp

Download running configuration from a tftp server: Router#copy tftp run

Download startup configuration from a tftp server: Router#copy tftp start


Recovering a router from lost password

Restart the router Turn off router for a short period of time and turn it back on

Interrupt the bootup sequence: Press the <Ctrl> <Break> keys

Read the configuration register’s original value: >o (Little letter o not zero)
Record this value for later, like 0x2102

Change the configuration register and tell the router to ignore >o/r 0x2142
the startup config in NVRAM:

Initialize and reboot the router: >i
Type n not to enter initial configuration
Press <Enter> to see Router> prompt

Enter privileged mode: Router>enable

Restore original startup configuration: Router#copy start run
You will not be able to see the secret password.
Reset the secret password.
Change to the original configuration register: Router#config t
Router(config)#config-register 0x2102

Save new configuration: Router#copy run start

Restart the computer with the new startup configuration: Router#reload

Check the new configuration: Router#show run

Check if configuration register is set to original settings: Routershow version


Configuring router ports
Keywords <description> <int> <ip address> <no> <shutdown> >clock rate>

Enter specific port interface Ethernet 0: Lab-A(config)#int e0

Provide optional comment for router port: Lab-A(config-if)#description E0 link to Sales LAN

Enter ip address for e0 followed by subnet mask: Lab-A(config-if)#ip address 192.5.5.1 255.255.255.0

Activate e0 port from default down to up: Lab-A(config-if)#no shutdown

Change to port interface Ethernet 1: Lab-A(config-if)#int e1

Provide optional comment for router port: Lab-A(config-if)#description E1 link to switch

Enter ip address for e1 followed by subnet mask: Lab-A(config-if)#ip address 205.7.5.1 255.255.255.0

Activate e1 port from default down to up: Lab-A(config-if)#no shutdown

Change to port interface Serial 0: Lab-A(config-if)#int s0

Provide optional comment for router port: Lab-A(config-if)#description S0 WAN link (DCE) to Lab-B

Enter ip address for s0 followed by subnet mask: Lab-A(config-if)#ip address 201.100.11.1 255.255.255.0

Enter clockrate for DCE serial interface: Lab-A(config-if)#clock rate 56000

Activate s0 port from default down to up: Lab-A(config-if)#no shutdown

Removing an ip address: Lab-A(config-if)#no ip address

Change an interface from up to down: Lab-A(config-if)#shutdown


Working with ARP tables

Display the ARP table: Router#show arp
This will show the IP address address, MAC address and the
interface

Clear the ARP table: Router#clear arp


Host Name to address mapping and Name server configuration
Keywords <ip host> <hosts> <domain> <lookup> <name-server>

Set up host name, address mapping on Lab-A router: Lab-A(config)#ip host Lab-A 205.7.5.1 201.100.11.1 192.5.5.1
Lab-A(config)#ip host Lab-B 219.17.100.1 201.100.11.2 199.6.13.1
Lab-A(config)#ip host Lab-C 199.6.13.2 223.8.151.1 204.204.7.1
Lab-A(config)#Ip host Lab-D 204.204.7.2 210.93.105.1
Lab-A(config)#ip host Lab-E 210.93.105.2

Lab-B(config)#ip host Lab-A 205.7.5.1 201.100.11.1 192.5.5.1
Set up host name, address mapping on Lab-B router: Lab-B(config)#ip host Lab-B 219.17.100.1 201.100.11.2 199.6.13.1
Lab-B(config)#ip host Lab-C 199.6.13.2 223.8.151.1 204.204.7.1
Lab-B(config)#Ip host Lab-D 204.204.7.2 210.93.105.1
Lab-B(config)#ip host Lab-E 210.93.105.2
Note: you can enter a maximum of eight addresses

Display the list of host name, address mappings: Lab-A#show hosts

Or

Lab-A#show run (will also include mappings)

Remove mapping for router Lab-B on router Lab-A: Lab-A(config)#no ip host Lab-B

Turn on ip domain lookup (turned on by default): Router(config)#ip domain-lookup
Set the IP address of the DNS server: Router(config)#ip name-server 192.168.0.70
Append the domain name to the hostname: Router(config)#ip domain-name schnook.com


Configuring Routing Information Protocol (RIP)

Add RIP to update routing tables dynamically: Router(config)#router rip

Network 172.16.0.0 is being advertised by the router: Router(config-router)#network 172.16.0.0
Network 221.50.32.0 is being advertised by the router: Router(config-router)#network 21.50.32.0

View contents of routing tables: Router#show ip route
:
View contents of RIP routes only: Router#show ip route rip

Holding back routing updates through a specified interface: Router(config-router)#passive-interface serial 0

To make RIP broadcast on non-broadcast networks: Router(config-router)#neighbor 172.18.3.10

View RIP information about routing timers and network Router#show ip protocol
information associated with the entire router:

Remove RIP routing: Router(config)#no router rip

Display routing updates as they happen: Router#debug ip rip

Remove debugging: Router#no debug ip rip

Remove all debugging: Router#undebug all


Configuring static routes
Keywords <ip route> <show ip route>

Set static route to 172.16.30.0 with subnet mask Router(config)#ip route 172.16.30.0 255.255.255.0 172.16.20.2
255.255.255.0 via gateway 172.16.20.2

Set static route to 172.16.50.0 with subnet mask Router(config)#ip route 172.16.50.0 255.255.255.0 172.16.20.2
255.255.255.0 via gateway 172.16.20.2

Set static route to 172.16.40.0 with subnet mask Router(config)#ip route 172.16.40.0 255.255.255.0 e0 10
255.255.255.0 via interface e0 with administrative
distance 10:

View static route information: Router#show run

Removing a static route: Router(config)#no ip route 172.16.50.0 255.255.255.0 172.16.20.2

Note: It is not possible to state: no ip route to
remove a static route. It is an incomplete
command. The entire set of ip addresses needs to
be provided. Keep in mind that there can be
multiple static routes.


Configuring default routing
Keywords <ip route> <ip classless>

Default route to 172.16.49.1 with subnet mask 0.0.0.0 via Router(config)#ip route 0.0.0.0 0.0.0.0 172.16.49.1
gateway 0.0.0.0:
Default is like a static route with wild cards.
Default is used if the router does not know how to move a
packet.

Sometimes default routing fails to forward to appriate subnets. Router(config)#ip route 0.0.0.0 0.0.0.0 172.16.49.2
Specifying ip classless will forward packets to the best route Router(config)#ip classless
according to default specifications. Normally classless is
used with IP unless RIP is used for erouting:

Remove default route: Router(config)#no ip route 0.0.0.0 0.0.0.0 172.16.49.2

Alternative default routing commands: Router(config)#router rip
Router(config-router)#router rip
Router(config-router)#network 172.16.0.0
Router(config-router)#ip default network 192.168.17.0


Cisco Router & Switch Commands
Introduced During

CNAP Semester 3

Used For
Semester 3 Lab Exam

Students are responsible for knowing all routing commands that were introduced during semester 2
in addition to the new routing and switching commands introduced during semester 3.

Semester 3 introduced switch commands. Switches can be configured with menu driven selections or
command line interface (CLI) commands. The CCNA exam tests switch CLI commands for the 1900
switch only, which is what will be presented in this reference guide.

New Topics for the CCNA 640-507 Exam


• Configure the Catalyst 1900 Switch CLI (Command Line Interface)

• Configure the Catalyst 1900 Switch hostname and passwords

• Configure the Catalyst 1900 Switch security

• Configure Virtual LANs

• Configure ISL Routing

NOTE

The Catalyst 1900 Switch, upgraded with the Enterprise Edition IOS, can be configured using both
menu selection options and Command Line Interface (CLI). CLI commands are very similar to routing
commands. You can also use the same type of abbreviations that you used with the router commands,
like ena for enable.

The CCNA 640-507 Exam 2.0 will test only CLI commands for the testing objectives listed on this page.

Creating a Cisco Catalyst 1900 Switch Connection

First make or check the physical connection between a Connect console cable RJ45 plug to serial adapter and attach
workstation and a Cisco 1900 Switch. serial adapter to com1 serial workstation port. Connect the
other RJ45 plug to the con port of the router.
Note: Some switches require a null-modem cable that has a
serial connector on each end.
Bootup work station and go to Hyper Terminal folder
Execute HyperTerminal program Click <Start-Programs-Accessories-HyperTerminal>
Click <Hypertrm.exe>
Connection Description window
Select connection name and a connection icon Name: Cisco Router (or other appropriate icon name)
Icon: Accept default icon or pick desired icon
Click OK
Phone Number window
Enter indicated settings: Connect using: Direct to Com1 (do not use dial up)
You are not creating a phone dial-up connection Bits per second: 9600
Data bits: 8
Parity: none
Stop bits: 1
Flow control: None
Save the new connection: Click OK

Click <File-Save>
It is recommended to drag the switch icon to the desktop for
convenient future switch access.
Start a switch session: Click <HyperTerminal>
Execute HyperTerminal: Click <File-Open> and select Switch icon
Connect to the router Press <Enter>
You should see CATALYST 1900 Management Console

Setting Catalyst 1900 Switch passwords
Keywords <enable> <config> <password> <level> <secret> <show run>


Execute hyper terminal and initiate a Switch session: 1 user(s) now active on Management Console

User Interface Menu

[M] Menus
[K] Command Line
[I] IP Configuration

Change from Menu Selection mode to the CLI: Enter Selection: K
(Command Line Interface)
CLI session with the switch is open.
To end the CLI session, enter [Exit].
>

Enter privileged mode: >enable
(If this is the first time a password is not required)

Enter global configuration mode: #config t

Set the user mode password: (config)#enable password level 1 cisco

Set the enable (privileged) mode password: (config)#enable password level 15 class
(non encrypted)

Set the secret enable (privileged) mode password: (config)#enable secret class
(encrypted)
#show run
View the passwords in the switch configuration:
(note that the user and enable passwords are visible)


Important Catalyst 1900 Switch password notes:

Passwords must be between 4 and 8 characters.

The enable and secret passwords can be the same.

There is no password recovery for a 1900 switch.

Setting a Catalyst 1900 Switch Host Name and IP Information
Keywords <hostname> <show ip> <ip address> <ip default-gateway>

Go to privileged mode: >enable

Go to global configuration mode: #config t

Set the host name for the switch: (config)#hostname Switch-A
Switch-A(config)#

Note: The hostname on a switch, as well on a router, is
only locally significant. This means that it does not have
any function on the network or name resolution
whatsoever. However, it is helpful to set a hostname on a
switch so that you can identify the switch when
connecting to it.

Display the default ip address and gateway: Switch-A#show ip
IP Address: 0.0.0.0
Subnet Mask: 0.0.0.0
Default Gateway: 0.0.0.0
Note there will be additional information displayed like VLAN
Management, Domain name and other details.

Setting ip address on the switch: Switch-A(config)#ip address 172.16.10.16 255.255.255.0
Setting the default gateway on the switch: Switch-A(config)#ip default-gateway 172.16.10.1

Note: On a switch you set ip information so that the switch Switch-A#show ip
can be accessed via Telnet or if the switch needs to be IP Address: 172.16.10.16
configured with different VLANs Subnet Mask: 255.255.255.0
Default Gateway: 172.16.10.0

Configuring Switch Interfaces
Keywords <int> <0/1-27> <ethernet> <fast> <description> <show>

Note: Configuring switch interfaces is a combination of a
slot number/port number. The 1900 switch only has one
slot, which will always be 0.

Configuring 10BaseT interfaces: Switch-A(config)#int ethernet 0/1
Or use abbreviation: Switch-A(config)#int e0/1

Configuring 100Mbps interfaces: Switch-A(config)#int fast 0/26
Or use abbreviation: Switch-A(config)#int f0/26
(fast ethernet ports are only 26 and 27 even if the switch has
a total of 14 ports)

Setting a port description: Switch-A(config-if)#description Marketing_VLAN
(Note that the description must be one word)

View interface information: Switch-A#show int e0/1
Ethernet 0/1 is Suspended-no-linkbeat
The main intention is to show the description of the port. Hardware is Built-in 10Base-T
You will also see additional information that you will not Address is 0001.96DF.78C1
Understand right now. MTU 1500 bytes, BW 10000 Kbits
802.1d STP State: Forwarding Forward Transitions: 1
Keep in mind that switch configuration is only introduced Port Monitoring : Disabled
At the CCNA level, and is not fully investigated until the Unknown unicast flooding: Enabled
CCNP program. Unregistered multicast flooding: Enabled
Description: MARKETING VLAN
Duplex setting: Half duplex
Back pressure: Disabled


Configuring the Port Duplex
Keywords <int> <0/1-27> <fast> <duplex> <auto> <full> <full-flow-control> <half>

Change to Ethernet port 0/1 Switch-A(config)#int e0/1
Configuring the port duplex mode for an ethernet port: Switch-A(config-if)#duplex ?
Options are: auto Enable auto duplex configuration
auto full Force full duplex configuration
full full-flow-control Force full duplex with with flow control
full-flow-control half Force half duplex operation
half

Configure port for half-duplex mode: Switch-A(config-if)#duplex half
(default for 10BaseT ports)

Attempt to configure ports for auto or full-flow-control. Even Switch-A(config-if)#duplex auto
though the question mark specified these options they will only Error: Invalid configuration for this interface
work with fast ethernet ports. Switch-A(config-if)#duplex full-flow-control
Error: Invalid configuration for this interface

Change to Fast Ethernet port 0/26: Switch-A(config-if)#int f0/26
Configure port for auto-negotiation mode: Switch-A(config-if)#duplex auto
(default for fast ethernet ports)

Change to second Fast Ethernet port 0/27: Switch-A(config-if)#int f0/27
Configure for full-flow-control to prevent buffer overflow: Switch-A(config-if)#duplex full-flow-control


Verifying IP Connectivity
Keywords <ping> <telnet>

Test connectivity to an ip address with ping: Switch-A#ping 172.50.100.25
Sending 5, 100-byte ICMP Echos to 172.50.100.25, time out is
2 seconds:
!!!!!
Success rate is 100 percent (5/5)

Test connectivity to an ip address with telnet: Switch-A#telnet 172.50.100.25
^
Note it is not possible to telnet from a switch, like you have % Invalid input detected at ‘^’ marker.
done with a router. However, it is possible to telnet into a
switch from a router.


Erasing Switch Configuration
Keywords <delete> <nvram> <vtp>

Erase the configuration in NVRAM: Switch-A#delete nvram

Note that the switch has no commands to save the running
configuration to the startup configuration. This is done
automatically.

Do not assume that this command can be used to recover
from lost-password problems. Erasing the configuration in
NVRAM erases existing passwords, but this command in only
available in priviliged mode where it is possible to change the
password.

Reset the VTP (VLAN Trunk Protocol) configuration to its witch-A#delete vtp
default values:


Managing the MAC Address Table
Keywords <mac-address-table> <permanent> <restricted> <static> <show> <version>

Display the switch MAC address table: Switch-A#show mac-address-table
Number of permanent addresses : 0
Number of restricted static addresses : 0
Number of dynamic addresses : 0

Clear all the entries in the mac-address-table: Switch-A#clear mac-address-table

Clear specific types of entries: Switch-A#clear mac-address-table ?
dynamic Clear 802.1d dynamic address
permanent Clear 802.1d permanent address
restricted Clear 802.1d restricted static address

Clear dynamic mac-address-table entries: Switch-A#clear mac-address-table dynamic

Configure a permanent mac address to port 4 Switch-A(config)#mac-address-table permanent 00A0.2448.60A5 e0/4
The mac-address-table had three options:
dynamic
permanent
restricted

Restricting a path for source hardware Switch-A#mac-address-table restricted static 00A0.246E.0FA8 e0/2 e0/5
address. In this case port 0/5 is restricted to
sending frames only to port 0/2.

Display basic information about a switch, like Switch-A#show version
how long the switch has been running, IOS
version, and base MAC address:


Changing the LAN Switch Type
Keywords <int> <0/1-27> <ethernet> <fast> <description> <show> <duplex> <delete>
<nvram> <port> <switching-mode> <fragment-free> <store-and-forward>

Display the current switching mode: Switch-A#show port system
(this is the default switching mode) Switching mode: FragmentFree
Use of store and forward for multicast: disabled
Display the switching-mode options:
Switch-A(config)#switching-mode ?
fragment-free Fragment Free mode
store-and-forward Store-and-Forward mode

Change the switching mode to store-and-forward: Switch-A(config)#switching-mode store-and-forward

Change switching mode to fragment-free: Switch-A(config)#switching-mode fragment-free

Switching-Mode Warning

If you change the LAN switch type, you change it for
all ports on the switch.

Configuring VLANs
Keywords <vlan> <name> <vlan-membership> <static>


Note: A switch can be configured for static or dynamic VLAN membership. THE CCNA exam
objectives only require static configuration.

Check the VLAN number options: Switch-A(config)#vlan ?
Number 1 is reserved for the default VLAN. <2-1001> ISL VLAN index
The Inter-Switch Link routing number identifies the VLAN.

Make VLAN 2 Production Switch-A(config)#vlan 2 name Production
Make VLAN 3 Marketing Switch-A(config)#vlan 3 name Marketing
Make VLAN 4 Accounting Switch-A(config)#vlan 4 name Accounting

Switch-A(config)#int e0/2
Change to port e0/2: Switch-A(config-if)#vlan-membership ?
Display the vlan-membership options: dynamic set VLAN membership as dynamic
static set VLAN membership as static

Switch-A(config-if)#vlan-membership static 2
Assign the three VLANs (Production, Marketing and
Accounting) to specif ports using the vlan index numbers: Switch-A(config-if)#int eo/4

Switch-A(config-if)#int e0/5

Switch-A#show vlan
Display all the VLANs assigned to their respective ports:
Switch-A#show vlan 2
Display VLAN 2 information only: Switch-A#show vlan-membership

Display VLAN information along with static or dynamic info:


Configuring trunk ports
Keywords <trunk> <auto> <desirable> <nonnegotiate> <off> <on> <trunk-allowed>

Note that trunking is only available on FastEthernet ports
running Dynamic Inter-Switch Link (DISL) encapsulation.

Configuring trunking with DISL set to AUTO: Switch-A(config)#int f0/26
(trunk port if connected device is on or desirable) Switch-A(config-if)#trunk auto

Configuring trunking with DISL set to DESIRABLE: Switch-A(config-if)#trunk desirable
(trunk port if connected device is on, desirable or auto)

Configuring trunking with DISL set to NONEGOTIATE: Switch-A(config-if)#trunk nonnegotiate
(becomes permanent ISL trunk port; will not negotiate with
any attached device)

Configuring trunking with DISL set to OFF: Switch-A(config-if)#trunk off
(interface is disabled from running trunking)

Configuring trunking with DISL set to ON: Switch-A(config-if)#trunk on
(becomes permanent ISL trunk port; can negotiate with a
connected device to convert to trunk mode)

Display the trunk ports: Switch-A#show trunk

Display trunking on interface 26: Switch-A#show trunk a
Display trunking on interface 27: Switch-A#show trunk b

Display allowed VLANs on a trunked port a: Switch-A#show trunk a allowed-vlans

Clearing a VLAN 5 from being communicated on a trunked line: Switch-A#no trunk-vlan 5


Configuring ISL Routing on a Router
Keywords <encapsulation> <isl> <ip address>

The example below will support four VLANs on one interface,
which requires creating four subinterfaces.

Note: Inter-Switch Link (ISL) routing is only available on a
fast ethernet interface.

Configure the first subinterface: Router(config)#int f0/0.1
Enable Inter-Switch Link (ISL) encapsulation for VLAN 1 Router(config-subif)#encapsulation isl 1
Assign an IP address to the subinterface: Router(config-subif)#ip address 172.16.10.1 255.255.255.0

Configure the second subinterface: Router(config)#int f0/0.2

Configure the third subinterface: Router(config)#int f0/0.3

Configure the fourth subinterface: Router(config)#int f0/0.4

Return to global configuration mode: Router(config-subif)#exit

Enter interface mode for FastEthernet 0: Router(config)#int f0/0

Make FastEthernet interface 0 active: Router(config-if)#no shutdown


Configuring Interior Gateway Routing Protocol (IGRP)
Keywords <router> <igrp> <network> <ip route> <protocol> <events> <transactions>

Activate IGRP routing protocol with AS number 10 (0-65535): Router(config)#router igrp 10
Specify attached network addresses: Router(config-router)#network 172.16.0.0

Check IGRP routing table information: Router#show ip route

Useful command to see ip addresses for each interface and Router#show protocol
determine if routing protocol is enabled:

Verifying which routing protocol is active: Router#show ip protocol

Display a summary of IGRP routing information: Router#debug igrp events

Display message requests and broadcasts: Router#debug igrp transactions

Turn off all debugging: Router#un all


Configuring IPX routing
Keywords <ipx routing> <network> <encapsulation> <secondary>

Enable IPX routing: Router(config)#ipx routing
Change to interface mode: Router(config)#int e0
Add network number: Router(config-if)#ipx network 10

To change the IPX frame type to sap (802.2): Router(config-if)#ipx network 10 encapsulation sap

Configuring IPX on a router with three interfaces: Router(config)#ipx routing
Router(config)#int e0
Router(config-if)#ipx network 30
Router(config-if)#int s0
Router(config-if)#int s1

Configuring multiple IPX frame types using a secondary Router(config)#int e0
address: Router(config-if)#ipx network 10a encapsulation sap secondary

Configuring multiple IPX frame types using Router(config)#int e0.10
subinterfaces: Router(config-subif)#ipx network 10a encap sap

Note: use the following Cisco keywords

novell-ether (default) Ethernet_802.3
sap Ethernet_802.2
arpa Ethernet_II
snap Ethernet_snap


Monitoring IPX

Display IPX routing table information: Router#show ipx route

Display all the IPX servers and SAP table: Router#show ipx servers

Display summary of IPX packets received and transmitted: Router#show ipx traffic

Display IPX status for each interface: Router#show ipx interface
display IPX status of e0 interface Router#show ipx int e0

Display routed protocols and interface addresses: Router#show protocol

Enable load balancing across two equal costs paths: Router#ipx maximum-paths 2

Monitor IPX routing updates as it is running: Router#debug ipx routing activity
Router#dedub ipx routing events

Display IPX SAP packets that are transmitted and received: Router#debug ipx sap activity


Configuring standard IP access lists
Keywords <access-list> <deny> <permit> <hosts> <any> <in> <out> <access-group>

Deny any packets from host 172.16.30.2 Router(config)#access-list 10 deny host 172.16.30.2
Permit access to all other ip addresses: Router(config)#access-list 10 permit any
Change to interface mode: Router(config)#int e0
Attach access list 10 to Ethernet 0 outgoing: Router(config-if)#ip access-group 10 out

Permit any packets from network 172.16.0.0: Router(config)#access-list 20 permit 172.16.0.0 0.0.255.255

Permit any packets from subnet 172.16.4.0: Router(config)#access-list 30 permit 172.16.4.0 0.0.0.255

Permit only host 172.16.30.2 using wild card: Router(config)#access-list 40 permit 172.16.30.2 0.0.0.0

Deny only host 200.23.45.78: Router(config)#access-list 50 deny host 200.23.45.78
Permit all other addresses using wild cards: Router(config)#access-list 50 permit 0.0.0.0 255.255.255.255
same as:
Permit all other addresses using any: Router(config)#access-list 50 permit any

Permit only even-numbered hosts of network Router(config)#access-list 60 permit 220.100.50.0 0.0.0.254
220.100.50.0:

Permit only ip addresses in the range Router(config)#access-list 70 permit 172.16.16.0 0.0.3.255
172.16.16.0 through 172.16.19.0:

172.16.16.0 through 172.16.23.0:

172.16.32.0 through 172.16.63.0:


Controlling VTY (Telnet) access and viewing access lists
Keywords <line vty 0 4> <access-class>

Create a standard access list permitting only 172.16.10.3: Router(config)#access-list 50 permit 172.16.10.3
Change to telnet line mode: Router(config)#line vty 0 4
Apply the access list to the VTY line: Router(config-line)#access-class 50 in

Display all the access lists: Router#show access-list

Display only access list 75: Router#show access-list 75

Shows only the IP access lists: Router#show ip access-list

Shows which interfaces have access lists: Router#show ip interface

Shows the access lists and which interfaces have access lists: Router#show run


Access list main number ranges
Keywords

IP standard access list 1-99

IP extended access list 100-199

Appletalk access list 600-699

IPX standard access list 800-899

IPX extended access list 900-999

IPX SAP access list 1000-1099


Configuring extended ip access lists
Keywords <access-list> <deny> <permit> <eq> <any> <ftp> <telnet>

Deny acces from any source to host Router(config)#access-list 110 deny ip any host 172.16.10.5
172.16.10.5

Deny access from any ftp and any telnet Router(config)#access-list 120 deny tcp any host 172.16.10.5 eq 21
source to host 172.16.10.5 Router(config)#access-list 120 deny tcp any host 172.16.10.5 eq 23
Router(config)#access-list 120 permit ip any any

Same access list as above, but using port Router(config)#access-list 120 deny tcp any host 172.16.10.5 eq ftp
names (ftp and telnet) in place of numbers Router(config)#access-list 120 deny tcp any host 172.16.10.5 eq telnet
(21 and 23) Router(config)#access-list 120 permit ip any any

Permit access from source network Router(config)#access-list 130 permit ip 150.50.0.0 0.0.255.255
150.50.0.0 to destination network 200.1.1.0 200.1.1.0 0.0.0.255


Configuring IPX Access Lists
Keywords <access-list> <permit> <deny> <ipx access-group> <in> <out>

Standard IPX access list, which permits IPX packets from IPX Router(config)#access-list 810 permit 20 40
network 20 out inetrface e0 to IPX network 40 Router(config)#int e0
Router(config-if)#ipx access-group 810 out


Cisco Router Commands
Introduced During

CNAP Semester 4

Used For
Semester 4 Lab Exam

Students are responsible for knowing all routing & switching commands that were introduced
during semesters 2 & 3 in addition to the new routing commands introduced during semester 4.


Configuring PPP
Keywords <encapsulation> <ppp> <chap> <pap>

Change to serial 0 router interface: Router(config)#int s0
Enable Point-To-Point (PPP) encapsulation: Router(config-if)#encapsulation ppp

Change to Ethernet 0 router interface: Router(config-if)#int e0
Try to enable PPP encapsulation: Router(config-if)#encapsulation ppp
^
Note: WAN protocols are enabled at serial ports only and % Invalid input detected at ‘^’ marker
must be enabled at both ends of the serial connection.

Configure PPP CHAP authentication: Router(config-if)#ppp authentication chap
(Challenge Handshake Authentication Protocol)
(more secure and encrypted password authentication)

Configure PPP PAP authentication: Router(config-if)#ppp authentication pap
(Password Authentication Protocol)
(less secure unencrypted password authentication)

Verify that PPP encapsulation is enabled: Router#show int s0
Serial0 is up, line protocol is up
More information is provided than shown here. Much of the Hardware is HD64570
information will not make sense. The keep issue here is to Internet address is 172.16.20.1/24
verify that PPP encapsulation is enabled. MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely
255/255, load 1/255
Encapsulation PPP, loopback not set, keepalive set (10 sec)

Configuring FrameRelay
Keywords <encapsulation> <frame-relay> <ietf> <interface-dlci> <lmi-type>

Change to serial 0 router interface: Router(config)#int s0
Enable Frame Relay encapsulation for Cisco routers: Router(config-if)#encapsulation frame-relay

Enable Frame Relay IETF encapsulation for non-cisco routers Router(config-if)#encapsulation frame-relay ietf
or one cisco router connected to a non-cisco device:
(Internet Engineering Task Force)

Permanent virtual circuits (PVCs) like Frame Relay virtual
circuits are identified by Data Link Connection Identifiers
(DLCIs).
Router(config)#int s0
Check available DLCI numbers for interface s0: Router(config-if)#frame-relay interface-dlci ?
<16-1007> Define a DLCI as part of the current subinterface

Configure DLCI number 16 to the interface: Router(config-if)#frame-relay interface-dlci 16

The Local Management Interface (LMI) is a signaling standard
responsible for managing and maintaining status between a
CPE router and a frame switch. Beginning with IOS 11.2 the
LMI type is auto-sensed. There are three LMI types.
Determine the three LMI types: Router(config-if)#frame-relay lmi-type ?
cisco
ansi
q933a

Setting the LMI type to q933a: Router(config-if)#frame-relay lmi-type q933a


Configuring Subinterfaces for Frame Relay
Keywords <int s1.?> <multipoint> <point-to-point>

You have multiple virtual circuits on a single serial interface,
but each must be treated as a separate interface. This is
accomplished by creating subinterfaces.
First set Frame Relay encapsulation to a serial interface: Router(config-if)#encapsulation frame-relay

Check available subinterface numbers: Router(config-if)#int s1.?
<0-4294967295>

Create subinterface 16 in Serial 1 interface: Router(config-if)#int s1.16
Router(config-subif)#

Determine the two types of subinterfaces: Router(config)#int s0.16 ?
Multipoint is used when the router is at the center of a star of multipoint Treat as multipoint link
virtual circuits. point-to-point Treat as point-to-point link
Point-to-Point is used when a single virtual circuit connects
one router to another.
Router(config)#int s0.16 multipoint
Create subinterface 16 with multipoint type: Router(config-subif)#


Mapping Frame Relay
Keywords

IIP devices at the ends of virtual circuits must have their Router(config)#access-list 810 permit 20 40
address mapped to Data Link Connection Identifiers (DLCIs). Router(config)#int e0
Router(config-if)#ipx access-group 810 out
There are two mapping approaches:
Use the Frame Relay map command
Use the inverse-arp function

Frame Relay map command example
Enable (default Cisco) Frame Relay encapsulation: Router(config-if)#encapsulation frame-relay

Create subinterface with point-to-point link: Router(config-if)#int s0.16 point-to-point

Disable inverse arp: Router(config-subif)#no inverse arp

Router(config-subif)#ip address 172.16.30.1 255.255.255.0
Configure ip address and subnet mask for subinterface:


Router commands

More Related Content

What's hot (20)

Viewers also liked (20)

Similar to Router commands (20)

Recently uploaded (20)

Router commands