=== Stock Commands ===
!Switch>
enable
!Switch#
conf t
!Switch(config)#
ipv6 unicast-routing
!Enable IPv6 routing (routers / layer 3 switches)
ip routing
!Enable IPv4 routing (routers / layer 3 switches)
ip default-gateway 1.1.1.1
!Layer 2 devices only (no routing)
do NORMAL_COMMAND HERE
!!!! Not part of configuration, just a shortcut
no ip domain-lookup
service password-encryption
hostname DEVICE_NAME
banner motd #Unauthorized access is strictly prohibited.#
!!# can be any character, it just has to match.
line con 0
!Switch(config-line)#
password cisco
login
!Enable authentication using just a password.
logging sync
!Tries to copy your pending command to a new line when announcements happen.
line vty 0 15
password cisco
login
!Enable authentication using just a password.
logging sync
!Tries to copy your pending command to a new line when announcements happen.
=== Interface ===
!Switch(config)#
int f0/0
int range f0/0-10,f0/12,f0/13
!Range doesn't work for serial links (fuck you cisco).
!Switch(config-if)#
ip address 1.0.0.0 255.255.255.0
!Adds the ip address 10.0.0.0/24 to this interface. (Can have more than 1 but is weird)
ipv6 address 2001:DB8:ACAD::1/64
ipv6 address FE80::1 link-local
clockrate 128000
!Serial links!
no shutdown
!Required at the end to fix some stupid shit and bring it online.
=== Switch ===
!!!!These commands are mainly to assign name, and is required to be done before assigning the SVI interface due to cisco bugs.
!Switch(config)#
vlan 10
!Switch(config-vlan)#
name THIS_IS_A_NAME
!Switch(config-if)#
switchport mode access
switchport access vlan 1337
switchport mode trunk
!Layer 3 switches need "switchport trunk encap [dot1q/isl]" first.
switchport trunk allowed vlan 1,2,3,4-10,13
switchport trunk allowed vlan all
switchport trunk native vlan 1337
switchport nonegotiate
!Will not let the other side boss it around
=== Spanning Tree ===
!Switch(config)#
spanning-tree mode pvst
!Per Vlan Spanning tree mode
spanning-tree mode rapid
!Per-Vlan rapid spanning tree mode
spanning-tree vlan 1,2,3,4-10,13 root primary
!!Assign as primary root for these vlans
spanning-tree vlan 1,2,3,4-10,13 root secondary
!!Assign as secondary root for these vlans
spanning-tree portfast bpduguard default
!Auto applies bpduguard to access ports.
spanning-tree portfast default
!auto applies portfast to access ports.
spanning-tree mode mst
spanning-tree mst 1-2,3 root primary
spanning-tree mst 1-2,3 root secondary
spanning-tree mst configuration
!Switch(config-mst)#
name CCNP
revision 1
instance 1 vlan 99,100
!Instance 1 will run for vlan 99 and 100
!Instance 0 is always there, and is every vlan without another instance
show current
!Existing config
show pending
!Config thats about to be applied
!Switch(config-if)#
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree bpdufilter enable
spanning-tree guard root
spanning-tree guard loop
spanning-tree mst 2 cost 12
spanning-tree cost 12
!100mbit is 19, 1gbit is 4
spanning-tree port-priority 112
!Ethernet usually has priority of 128
=== EtherChannel ===
Switch(config-if)#
!PAgP is desirable / auto
!LACP is active/passive
channel-group 13 mode desirable
Switch(config)#
port-channel load-balance src-mac
!others include src-ip, src-dst-mac, src-dst-ip, dst-mac and dst-ip
=== ROUTERS ===
!Router(config)#
ip route 1.1.1.1 255.255.255.0 f0/0
!Screams in pain (intended for p2p links)
ip route 1.1.1.1 255.255.255.0 1.1.1.2
!Better
!Router(config-if)#
bandwidth 1000
!Kbit/s used purely for dynamic routing protocols, does not affect speeds.
=== OSPF ===
!Router(config)#
router ospf 1
!the 1 is process id, doesn't do shit.
ipv6 router ospf 1
!the 1 is process id, doesn't do shit.
!Router(config-router)#
router-id 1.1.1.1
!Always ipv4 even for ipv6 land.
default-information originate
auto-cost reference-bandwidth 1000
!Mbit/s
area 0 authentication message-digest
area 0 range 1.0.0.0 255.255.255.0
passive-interface INTERFACE
!!ipv4 only
network 1.0.0.0 0.0.0.255 area 0
!Advertises 1.0.0.0/24 to area 0. (second section is wildcard mask)
!Router(config-if)#
!Commands with ip can also be ipv6
ip ospf cost 16000
!1 is keyID, MD5KEY is password.
ip ospf message-digest-key 1 md5 MD5KEY !Only needed if not set on area.
ip ospf authentication message-digest
!ipv6 only
ipv6 ospf 1 area 0 !This is the equivilant to the network command for ipv4
ipv6 ospf network point-to-point !for loopback interfaces only
=== EIGRP ===
!Router(config)#
router eigrp 1
!1 is the autonomous system number
ipv6 router eigrp 1
key chain KEY_NAME
!Router(config-keychain)#
key 1
!Router(config-keychain-key)#
key-string cisco
!Router(config-router)#
router-id 1.1.1.1
!always ipv4 address, ios 15+ has it in eigrp subcommand. (eigrp router-id 1.1.1.1)
redistribute static
network 10.0.0.0
!without giving a wildcard mask, it defaults to classful boundary.
network 10.0.0.0 0.0.0.255
passive-interface INTERFACE
no shut
!ipv6 requires this.
!Router(config-if)#
ip summary-address eigrp 0 10.0.0.0 255.255.255.0
!AS number 0, 10.0.0.0/24
ip bandwidth-percent eigrp 0 75
!use the link for AS number 0 75% of the time.
ip hello-interval eigrp 0 60
!set it to 60 seconds for AS 0
ip hold-time eigrp 0 180
!set it to 180 seconds for AS 0
ip authentication key-chain eigrp 0 KEY_NAME
ip authentication mode eigrp 0 md5
=== Virtual Routing ===
!Router(config-if)#
!!!!START HSRP!!!!
!!1 is the group ID
standby 1 ip 1.0.0.1
standby 1 priority 150
!Only on active
standby 1 preempt
!Only on active
standby 1 authentication ASDFASDF
standby 1 authentication md5 key-string ASDFASDF
!Configure both sides plz
!!!!!END HSRP!!!!!
!!!!START GLBP!!!!
!!1 is the group ID
glbp 1 ip 1.0.0.1
glbp 1 preempt
!Only on active
glbp 1 priority 150
!Only on active
glbp 1 load-balancing round-robin
glbp 1 weighting 110 lower 85 upper 105
!Sets its priority to 110, and if it ever goes <85 it will turn itself off.
!If it goes >105 again, it will turn back on.
glbp 1 authentication md5 key-string ASDFASDF
!Configure both sides plz
!!!!!END GLBP!!!!!
=== SLA ===
!Switch(config)#
ip sla 10
!Switch(config-ip-sla)#
icmp-echo 1.1.1.1
!Switch(config-ip-sla-echo)#
frequency 5
!Switch(config)#
ip sla responder
!Turn on responder stuff, not used for ping based SLA's
ip sla responder udp-echo ipaddress 1.1.1.1 port 1337
ip sla schedule 10 life forever start-time now
track 100 ip route 1.1.1.1 255.255.255.255 reachability
track 15 int s0/0/0 line-protocol
!Switch(config-if)#
standby 1 track 100 decrement 30
!if track #100 does down, decrement priority by 30 (for HSRP)
standby 1 track f0/5 30
!if f0/5 goes down, decrement priority by 30 (for HSRP)
glbp 1 weighting track 15 decrement 30
!if track #15 goes down, decrement priority by 30 (for GLBP)
=== VTP ===
!Switch(config)#
vtp mode transparent
vtp mode client
vtp mode server
vtp mode server mst
vtp domain DOMAIN_NAME
vtp version [2/3]
!configure as version 1/2 and promote to v3 later, simpler
vtp password PASSWORD
!Switch#
vtp primary mst [force]
vtp primary vlan [force]
=== NTP ===
!Switch#
clock set 1:1:1 1 Jan 2001
show clock
show clock detail
!Switch(config)#
clock timezone EDT -5
clock summer-time EDT recurring
ntp master 10
!become an NTP server (advertising stratum 10)
ntp server 1.1.1.1
!still need to configure timezones yourself
ntp authenticate
ntp authentication-key 1 md5 ASDFASDF
!Define key #1 as ASDFASDF in md5
ntp trusted-key 1
!use key #1
=== SPAN ===
!Switch(config)#
monitor session 1 source int f0/1
!Send f0/1's traffic...
monitor session 1 destination remote vlan 100
!... into vlan 100
monitor session 1 source vlan 100
!Send vlan 100's traffic...
monitor session 1 destination int f0/2
!... into f0/2
vlan 100
!Switch(config-vlan)#
remote-span
!Turns this VLAN into a RSPAN vlan, don't put users here
=== AUTO QOS ===
!Switch(config)#
mls qos
!Switch(config-int)#
auto qos voip cisco-phone
=== Security ===
!Switch(config)#
errdisable recover cause psecure-violation
errdisable recovery interval 30
!30 seconds later, turn back on
ip dhcp relay information trust-all
!Distribution / Core only plz
ip dhcp snooping
!Enable DHCP snooping
!Switch(config-int)#
storm-control unicast level bps 750 300
storm-control action shut
ip dhcp snooping trust
!trust it with your life (dist/core or dhcp server)
ip dhcp snooping limit rate 20
!Not trusted, and rate limit them to 20packets per second.
=== SNMP ===
!Switch(config)#
snmp-server location SPACE
snmp-server contact SPACE
snmp-server chassis-id Cisco 3560 SN FTX2222222
snmp-server view SNMP_PERMS iso included
!SNMP_PERMS is attached to groups later
!iso is a keyword in the SNMP specs
snmp-server group GROUP_CCNP v3 priv read SNMP_PERMS access EXTENDED_ACCESS_LIST
snmp-server group GROUP_CCNP v2c read SNMP_PERMS access EXTENDED_ACCESS_LIST
snmp-server user STUDENT GROUP_CCNP v3 auth sha ASDFASDF aes 128 ASDFASDF
snmp-server user STUDENT GROUP_CCNP v2c
snmp-server ifindex persist
!Keeps interface ID's consistant between reboots by storing on flash
!Trapping
snmp-server host 1.1.1.1 traps version 3 priv STUDENT
snmp-server enable traps
=== TCL ===
!Switch#
tclsh
!Switch(tcl)#
foreach (address) {
172.16.1.1
1.1.1.1
} {
ping $address
}
=== Debug / Troubleshoot ===
!all of these are ipv6 too (ipv6 instead of ip) unless otherwise specified.
!Switch#
ping 1.1.1.1
tracert 1.1.1.1
show run
show ip interface brief
show vlan brief
show ip route
show ip protocols
show interface INTERFACE
!!!spanning-tree
show spanning-tree
!!!virtual routing
show glbp brief
show standby brief
!!!etherchannel
show etherchannel summary
show interfaces INTERFACE switchport
test etherchannel load-balance interface po 1 ip 1.1.1.1 2.2.2.2
!!!OSPF
show ip ospf database
!pretty much useless
show ip ospf interface brief
!partially useless
show ip ospf neighbor
!very useful
clear ip ospf process
!!!EIGRP
show ip eigrp topology
show ip eigrp neighbors
!very useful
show ip eigrp interfaces detail
!!!VTP
show vtp status