Archive for the ‘Cisco Router/Switch’ Category

Cisco:Miscellaneous commands

Thursday, August 5th, 2010

How to Delete OLD Ios from flash memory

Router# delete old IOS image name
Delete filename [old IOS image name]?
Delete flash: old IOS image name [confirm]
Router#

How claim the memory back?

Router# squeeze flash:
 
Squeeze operation may take a while. Continue? [confirm]
squeeze in progress... eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
Rebuild file system directory...
Squeeze of flash complete
Router#

How to configure Cisco router to use Microsoft DHCP server Or Active Directory Server between vlans

Friday, July 9th, 2010

Note :This is a router on a stick method (cisco 1941 router)

(a) Find out router interfaces

EVROUTER#show ip interface brief
Interface                  IP-Address      OK? Method Status                Prot
ocol
GigabitEthernet0/0         unassigned      YES manual up                    up
 
GigabitEthernet0/1         88.88.88.81    YES DHCP   up                    up
 
NVI0                       unassigned      NO  unset  up                    up

(b) Create Sub interface related to individuals vlan

For vlan1 
configure terminal
interface GigabitEthernet0/0.1
 encapsulation dot1Q 1
 ip address 192.168.1.1 255.255.255.0
 
For Vlan 10
configure terminal
interface GigabitEthernet0/0.10
 encapsulation dot1Q 10
 ip address 192.168.10.1 255.255.255.0
 
For Vlan 20
 
configure terminal
interface GigabitEthernet0/0.20
 encapsulation dot1Q 20
 ip address 192.168.20.1 255.255.255.0

output should be :

EVROUTER#show ip interface brief
Interface                  IP-Address      OK? Method Status                Prot
ocol
GigabitEthernet0/0         unassigned      YES manual up                    up
 
GigabitEthernet0/0.1       192.168.1.1        YES manual up                    up
 
GigabitEthernet0/0.10      192.168.10.1    YES manual up                    up
 
GigabitEthernet0/0.20      192.168.20.1    YES manual up                    up
 
GigabitEthernet0/1         88.88.88.81    YES DHCP   up                    up
 
NVI0                       unassigned      NO  unset  up                    up
 
EVROUTER#

(c)Setup the relay agent for individuals subnet

For vlan 1 
EVROUTER#configure terminal
EVROUTER(config)#interface gigabitEthernet 0/0.1
EVROUTER(config-subif)#ip helper-address 192.168.1.7
 
For Vlan10:
EVROUTER#configure terminal
EVROUTER(config)#interface gigabitEthernet 0/0.10
EVROUTER(config-subif)#ip helper-address 192.168.1.7
 
For vlan20
EVROUTER#configure terminal
EVROUTER(config)#interface gigabitEthernet 0/0.20
EVROUTER(config-subif)#ip helper-address 192.168.1.7

now all your vlans will be able to get Ip from each individuals subnet from DHCP server and they would be able to use active directory to login each computer with their user name and password.

(d) Allow each vlans to use internat
(1) label each interface and sub interface for NAT

     configure terminal	 
     interface gigabitEthernet 0/0.1 
     ip nat inside
     exit
      interface gigabitEthernet 0/0.10 
     ip nat inside
    exit
    interface gigabitEthernet 0/0.20 
     ip nat inside
    exit
     interface gigabitEthernet 0/1 
     ip nat outside
    exit

(2)Create Access list to allow this vlans to use NAT

     configure terminal
     ip access-list standard NAT_ADDRESS 
     permit 192.168.0.0 0.0.255.255

(3)Enable nat overload

   ip nat inside source list NAT_ADDRESS gigabitEthernet 0/1  overload

note : At this point all vlans will be able to get to the internet .

Cisco:How to solve line protocol down problem for serial interface in packet tracer

Saturday, July 3rd, 2010

I am using cisco 2811 router with 1 WIC-1T card for serial interface

Both router is connected by serial (DCE/DTE) interface and and ip is set as follows:
router 1: 192.168.1.1 255.255.255.0
router 1: 192.168.1.2 255.255.255.0

Problem: line protocol is showing down .
Example bellow :

R1#show ip interface brief 
Interface              IP-Address      OK? Method Status                Protocol
 
FastEthernet0/0        unassigned      YES manual administratively down down
 
FastEthernet0/1        unassigned      YES manual administratively down down
 
Serial0/3/0            192.168.1.1     YES manual up                    down
Vlan1                  unassigned      YES manual administratively down down

Reason :
one of the reason is on DCE , clock rate is set to : no clock , as bellow example

R1#show controllers serial 0/3/0
Interface Serial0/3/0
Hardware is PowerQUICC MPC860
DCE V.35, no clock
idb at 0x81081AC4, driver data structure at 0x81084AC0
SCC Registers:
General [GSMR]=0x2:0x00000000, Protocol-specific [PSMR]=0x8
Events [SCCE]=0x0000, Mask [SCCM]=0x0000, Status [SCCS]=0x00
Transmit on Demand [TODR]=0x0, Data Sync [DSR]=0x7E7E
Interrupt Registers:
Config [CICR]=0x00367F80, Pending [CIPR]=0x0000C000
Mask   [CIMR]=0x00200000, In-srv  [CISR]=0x00000000
Command register [CR]=0x580
Port A [PADIR]=0x1030, [PAPAR]=0xFFFF
       [PAODR]=0x0010, [PADAT]=0xCBFF
Port B [PBDIR]=0x09C0F, [PBPAR]=0x0800E
       [PBODR]=0x00000, [PBDAT]=0x3FFFD
Port C [PCDIR]=0x00C, [PCPAR]=0x200
       [PCSO]=0xC20,  [PCDAT]=0xDF2, [PCINT]=0x00F
Receive Ring
        rmd(68012830): status 9000 length 60C address 3B6DAC4
        rmd(68012838): status B000 length 60C address 3B6D444
Transmit Ring
 --More--

Solve:
add clock rate by hand

R1#configure t
R1#configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#in
R1(config)#interface se
R1(config)#interface serial 0/3/0
R1(config-if)#clo
R1(config-if)#clock r
R1(config-if)#clock rate 1000000
R1(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/3/0, changed state to up

Cisco:Routing protocols OSPF

Tuesday, June 29th, 2010

How to setup OSPF routing :

How to view what protocols is running:

show ip protocols

how to kill rip protocols (if exists)

configure terminal
no router rip

How create OSPF protocols

configure terminal
router ospf 1   [ here 1 is the process id, which has to be same to every router in the organization ]
network 192.168.1.1 0.0.0.0 area 0
Or
network 192.168.1.0 0.0.255.255 area 0

How to set default route to go to internet
From main router :

configure terminal
router ospf 1
default-information originate

How to join Area 0 with Area 1
(Ip of Area 1 is :172.30.0.0-172.30.0.7 , Summary route: 172.30.0.0/21, Wild card mask for ospf 0.0.7.255)

configure terminal
router ospf 1
network 172.30.0.0 0.0.7.255 area 1

How to summarize Are 1 Network before adding to Area 0(How to create range) :

configure terminal
router ospf 1
area 1 range 172.30.0.0 255.255.248.0

How to debug ospf relation

debug ip ospf adj
clear ip ospf process

Cisco:Basic Commands to setup vlan

Wednesday, June 16th, 2010

Vlan Network Diagram

Trunking:
(1)Create trunk ports between 2 switch:
to setup trunk between port F0/11 and F012 of Switch S1
For Port F0/11

configure terminal
interface fastEthernet 0/11
switchport mode trunk
note : if upper commands say : command rejected  with error : Trunk encapsulation is Auto, then do the followings
switchport trunk encapsulation dot1q
Now type again : switchport mode trunk

For Port F0/12

configure terminal
interface fastEthernet 0/12
switchport mode trunk
note : if it upper commands say ,  : command rejected  with error : Trunk encapsulation is Auto, then do the followings
switchport trunk encapsulation dot1q
Now type again : switchport mode trunk

Set others ports a Access ports 1 to 10, then 13 to 23
configure terminal

 interface range fastEthernet 0/1-10
 switchport mode access
 
 interface range fastEthernet 0/13-23
 switchport mode access

How to view which ports are trunk for a switch :

show interfaces trunk

VTP :
(a) Configure VTP:

How to see VTP status :

 show vtp status

Setup VTP Domain

   configure terminal
   vtp domain MYDomain

(B) How to create vtp client
By default every switch is a vtp server. To make switch as VTP client:

configure terminal
vtp mode client

Configuring VLAN:

(3)How to view vlan information

show vlan

How to create vlan

 configure terminal
 vlan 10
exit
show vlan

How to assign a name to a vlan

 configure terminal
 vlan 10
 name SALES

How to assign port to vlan
example : we want to make pc ip : 192.168.1.50 which is connected to switch 3 via port F0/8 and we want to make this pc under vlan 10

From switch 3 :
 configure terminal
 interface fastEthernet 0/8
 switchport access vlan 10

How to routing between Vlan 10 and Vlan20 for subnet (192.168.20.0 and 192.168.10.0)(Router on a stick)
To routing between vlan , we need to create sub-interface inside a router(example router2)
For interface 1

configure terminal
interface FastEthernet0/0.10
 encapsulation dot1Q 10
 ip address 192.168.10.1 255.255.255.0

For interface 2

configure terminal
interface FastEthernet0/0.20
 encapsulation dot1Q 20
 ip address 192.168.20.1 255.255.255.0

It will create 2 interface like bellow :

R2#show ip interface brief
Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 192.168.1.2 YES manual up up

FastEthernet0/0.10 192.168.10.1 YES manual up up

FastEthernet0/0.20 192.168.20.1 YES manual up up

FastEthernet0/1 192.168.2.1 YES manual up up
R2#
To be continue

Cisco:Basic commands to setup a cisco switch

Monday, April 12th, 2010

Privileges mode password :

enable , configure t, enable secret test

How to lock down telnet port :

enable, configure t , line vty 0 15 , login , password test

How to lock down console port :

enable , configure t, line console 0 , login, password test

How to set logoin banner

enable, configure t, banner motd ) , Please dont log on )

How to setup host name :

enable, configure t , hostname MasterSwitch

HOw to setup logigin synchronous

enable, configure t, line console 0 , logging synchronous 
also
line vty 0 15 , logging synchronous

How to setup Time out :

configure t, line console 0, exec-timeout 800 0

How to stop domain lookup :

configure t , no ip domain-lookup

How to set-up Ip into vlan :

configure t, interface vlan 1, ip address 192.168.1.10 255.255.255.0 , no shutdown

How to setup a default gateway

configure t , ip default-gateway 192.168.1.1

How to create short cut of commands/ :

do show ip interface brief   ( From any where)

how to view what ports are connected to what’s :

show cdp neighbors
show cdp neighbors detail

How to view mac address table :

show mac-address-table

How to save config file

configure terminal
service password-encryption

How to encrypt all the password :

configure terminal
service password-encryption

Cisco:Basic commands to setup a cisco router

Wednesday, March 10th, 2010

How to lock the privilege mode :

 enable
 configure terminal
 enable secret cisco

How to secure vty ?

enable
configure terminal
line vty 0 15   [ for help type line vty ? ]
login
password cisco

How to secure console port?

enable
configure terminal
line con 0
login
password cisco

How to secure the aux port?

enable
configure terminal
line aux 0
login
password cisco

How to setup banner?

enable
configure terminal
banner motd  #
Please dont log in #

How to encrypt all the password :

configure terminal
service password-encryption

How to change host name?

configure terminal
hostname R2

How to setup logging synchronous?

configure terminal
line console 0
logging synchronous 
line vty 0 15
logging synchronous

How to stop domain lookup?

configure terminal
no ip domain-lookup

How to setup Ip address?

r1#show ip interface brief 	 
configure terminal	 
interface FastEthernet 0/1	 
no shutdown	 
ip address 192.168.1.1 255.255.255.0	 
description Link to switch2

how to allow router to speak with Isp/How to create default route to isp

ip route 0.0.0.0 0.0.0.0 ip-of-isp
meaning: it say to router, if you dont know anything sent it to isp router.

How to allow Internal network to access internet :
Step 1 :
label the interface

configure terminal	 
interface FastEthernet 0/1	 
ip nat inside
exit
interface FastEthernet 0/0
ip nat outside

Step 2 :
Create Access list to allow Internal lan to use NAT

configure terminal
ip access-list standard NAT_ADDRESS
permit 10.0.0.0 0.0.0.255

Step 3 :
Enable nat overload

ip nat inside source list NAT_ADDRESS interface FastEthernet 0/0 overload

How to do port forwarding from router to devices

configure terminal
ip nat inside source static tcp 10.0.0.227 25 interface Ethernet0/0 25

How to distribute static/default route to others routers:

configure terminal
router rip
redistribute static
meaning: it will give default route to each router in the organizations.so we don't have to create default router into each router.

Deleted/Corrupted/Wrong Type/No IOS image and router won’t boot(cisco 2600)

Thursday, December 24th, 2009

Deleted/Corrupted/Wrong Type/No IOS image and router won’t boot: http://www.dslreports.com/faq/13824
Break Key Sequence: http://www.cisco.com/en/US/products/hw/routers/ps133/products_tech_note09186a0080174a34.shtml
ROMmon Recovery for the Cisco 2600 Series Router:
http://www.cisco.com/en/US/products/hw/routers/ps259/products_tech_note09186a0080094a0b.shtml
How to Download a Software Image to a Cisco 2600 via TFTP:
http://www.cisco.com/en/US/products/hw/routers/ps259/products_tech_note09186a008015bf9e.shtml

For Cisco 2600 Router :

(a) Connect to the router via Teraterm (console port)

(b) Now Turned on the router

(c) Press ALT+b to go to rommon mode

(d)

     rommon 16 > IP_ADDRESS=192.168.1.66      ( Ip of the Router)
     rommon 17 > IP_SUBNET_MASK=255.255.255.0
     rommon 18 > DEFAULT_GATEWAY=192.168.1.254
     rommon 19 > TFTP_SERVER=192.168.1.64
     rommon 20 > TFTP_FILE=c2600-is-mz.113-2.0.3.Q
     rommon 21 > TFTP_CHECKSUM=0

Note: As detailed in Cisco bug ID CSCdk81077 (registered customers only) , for Cisco 2600 and 1720 Series Routers running the ROM monitor command tftpdnld, the command might report a bad checksum comparison when it loads Cisco IOS software images of Cisco IOS Software Release 12.0(2.2)T or later.

Note: As a workaround to this problem, set the ROM monitor variable TFTP_CHECKSUM to 0. This is done by defining the variable TFTP_CHECKSUM=0 from the ROM monitor set command, and then proceeding with the tftpdnld procedure.

)

   rommon 22 > tftpdnld

After finish the upload the new ios, type

rommon 23> sync

Then reboot the router agian,it will show the old ios again.

Cisco Access Control Lists (ACL) (Web link)

Wednesday, December 16th, 2009
  1. http://www.networkclue.com/routing/Cisco/access-lists/index.aspx

Harden Cisco IOS Devices

Wednesday, December 16th, 2009

Website link :

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml