CCNA _Command Guide

‫ للجهاز عندنا‬configuration ‫األوامر دى مهمة الزم نكون عارفينها قبل مانعمل‬

Requirement Command

Privilege mode Router>enable

Return to user mode Router# disable
The configuration mode Router # configuration terminal OR config t

Add hostname for Router Or Switch Router(config)#hostname router_ name

The Banner message or motd banner Router(config)#banner motd type message here

‫العدادات الباسورد والباسورد المشفرة بستخدم األوامر دي‬

Requirement Command

Set a console password Router(config)#line con 0

Router(config-line)#login
Router(config-line)#password cisco

Set the enable password Router(config)#enable password cisco

Set the enable secret password. Router(config)#enable secret class

This password overrides the enable
password and is encrypted within the
config file

Set a telnet password Router(config)#line vty 0 15

Router(config-line)#login
Router(config-line)#password cisco
Router (Config)# service password-encryption
Encrypt all passwords in the configuration
file:
 ‫بستخدم األوامر دى العدادات السيكورتي عندي علي الجهاز‬

Basic Security Practices

Requirement Command

R(Config)# Line VTY 0 15

R(Config-line)# exec-timeout 10
For VTY line: R(Config-line)# exit

For Console line: Exec timeout on a router R(Config)# Line console 0

R(Config-line)# exec-timeout 10
R(Config-line)# exit

Security passwords min-length R(Config)# Security passwords min-length 10

A specific amount of time using the command R(Config)# login block-for 120 attempts 2 within 60
This command will block login attempts for 120
seconds if there are two failed login attempts
within 60 seconds
 SSH ‫أربع خطوات العداد ال‬

SSH using four steps

Requirement Command
Step 1: Configure the IP domain name R(config) # ip domain-name cisco.com
Step 2: Generate one-way secret key R(config) # crypto key generate rsa press
Enter
4201
Step 3: Verify or create a local database R(config) # username Alshimaa privilege 15
Create a user Alshimaa with a privilege level of 15
Secret Class
using the encrypted password for Class. OR
OR R(config) # username Alshimaa password
Create auser Alshimaa with password for class
Class
Step 4: Enable VTY inbound SSH sessions R(config) # Line vty 0 4
R(config-line) # login local
R(config-line) # transport input ssh
R(config-line) # exit

‫االعدادات علي فتحه من فتحات الراوتر بنستخدم األوامر دي‬

Configuring a Gigabit Ethernet Interface with IPv4

Requirement Command

Moves to gigabit Ethernet 0/0 interface Router(config)#interface gigabit Ethernet 0/0

configuration mode
Optional descriptor of the link is locally Router(config-if)#description Accounting LAN
significant
Assigns address and subnet mask to interface Router(config-if)#ip address 192.168.40.1
255.255.255.0
Turns interface on Router(config-if)#no shutdown
 Configuring a Gigabit Ethernet Interface with Ipv6

Requirement Command

Enables the forwarding of IPv6 unicast Router (config)#ipv6 unicast-routing

datagrams globally on the router
Moves to gigabit Ethernet 0/0 interface Router(config)#interface gigabit Ethernet 0/0
configuration mode
Optional descriptor of the link is locally Router(config-if)#description Accounting LAN
significant
Assigns an IPv6 address to this interface Router (config-if)#ipv6 address
2001:db8:c000:1204::1/64
Configures a specific link-local IPv6 address Router(configif)#ipv6 address fe80::2 link-local

Turns interface on Router(config-if)#no shutdown

Configuring a SVI Interface with IPv4

Requirement Command

Moves to VLAN interface configuration mode Switch (config)#interface VLAN 1

Assigns address and subnet mask to interface Switch (config-if)#ip address 192.168.0.1
255.255.255.0

Configure the default gateway Switch(config)#ip default-gateway 192.168.0.1

 ‫بعض االعدادات الهامة يجب معرفتها‬

Requirement Command

To Disable DNS lookup: R(Config)# no ip domain-lookup

• To decrease user delays if no DNS server is
configured.
 SSH version 2 R(config) # ip ssh version 2
 limited to 2 authentication attempts R(config) # ip ssh authentication-retries 2
 a 60 second timeout R(config) # ip ssh time-out 60

To save the current configuration from DRAM Router# Copy running-config startup-config
(running-config) to NVRAM (startup-config)
To save the current configuration from DRAM Router# Copy running-config tftp:
to TFTP Server Address or name of remote host [ ]? 192.168.1. 0

VLAN
Requirement Command

Switch(config)#vlan 3
Creating Static VLANs Switch(config-vlan)#name Engineering
Switch(config-vlan)#exit
Assigning Ports to VLANs Switch(config)#interface fast Ethernet 0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 10
the range Command Switch(config)#interface range fast Ethernet 0/1 – 9
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 10
Puts the interface into permanent trunking mode Switch(config)#interface fast Ethernet 0/1
and negotiates to convert the link into a trunk Switch(config-if)#switchport mode trunk
link Switch(config-if)#switchport trunk native VLAN 99
Switch(config-if)#switchport trunk allowed VLAN
10,20,30,99
 Switch Port Security VLAN
Requirement Command

Moves to interface configuration mode. Switch(config)#interface fast Ethernet 0/1

Sets a maximum limit of four MAC addresses that Switch(config-if)#switchport port-security maximum
will be allowed on this port. 4

Enables port security on the interface. Switch(config-if)#switchport port-security

Static MAC Addresses Switch(config-if)#switchport port-security mac-

Sets a specific secure MAC address 1234.5678.90ab. address 1234.5678.90ab
You can add additional secure MAC addresses up to
the maximum value configured.
Sticky MAC Addresses Switch(config-if)#switchport port-security mac-
Converts all dynamic port security learned MAC address sticky
addresses to sticky secure MAC addresses.
security violation Switch(config-if)#switch port port-security violation
Configures port security to shut down the interface shutdown
if a security violation occurs.

security violation Switch(config-if)#switchport port-security violation

Configures port security to protect mode if a protect
security violation occurs.

security violation Switch(config-if)#switchport port-security violation

Configures port security to restrict mode if a restrict
security violation occurs.
 Verifying VLAN Information and Erasing VLAN
Requirement Command

Displays VLAN information Switch#show vlan

Displays VLAN information in brief Switch#show vlan brief
Displays information about VLAN 2 only Switch#show vlan id 2
Displays information about VLAN Switch#show vlan name marketing
named marketing only
Displays interface characteristics for the specified Switch#show interfaces vlan x
VLAN
Displays VLAN information for all interfaces Switch#show interfaces switch port
Removes the entire VLAN database from flash. Switch#delete flash:vlan.dat

Moves to interface configuration mode Switch(config)#interface fast Ethernet 0/5

Removes VLAN 5 from the VLAN database. Switch(config)#no vlan 5

Removes port from VLAN 5 and reassigns it to VLAN Switch(config-if)#no switch port access vlan 5
1—the default VLAN.

Inter-VLAN Communication Using an External Router: Router-on-a-Stick

Requirement Command

Moves to interface configuration mode. Router(config)#interface gigabit Ethernet 0/0

Enables the interface. Router(config-if)#no shutdown
Router(config-if)#exit
Creates subinterface 0/0.10 and moves to Router(config-subif)#interface gigabit Ethernet
subinterface configuration mode. 0/0.10
(Optional) Sets the locally significant description of Router(config-subif)#description Sales VLAN 10
the subinterface. Router(config-subif)#encapsulation dot1q 10
Assigns VLAN 10 to this subinterface. This Router(config-subif)#ip address 192.168.10.1
subinterface will use the 802.1q trunking protocol. 255.255.255.0
Assigns the IP address and netmask. Router(config-subif)# exit
 ‫ بنستخدم األوامر دى‬DHCP ‫لضبط اعدادات ال‬
Requirement Command

Creates a DHCP pool named internal. The name can Router(config)#ip dhcp pool internal
be anything of your choosing.
Defines the range of addresses to be leased. Router(dhcp-config)#network 172.16.10.0
255.255.255.0

Defines the address of the default router for the Router(dhcp-config)#default router 172.16.10.1
client.
Defines the address of the Domain Name System Router(dhcp-config)#dns-server 172.16.10.10
(DNS) server for the client
Defines the domain name for the client. Router(dhcp-config)#domain-name cisco.com

Router(dhcp-config)#exit

Specifies the range of addresses not to be leased out to Router(config)#ip dhcp excluded-address 172.16.10.1
clients. 172.16.10.9
Moves to interface configuration mode.(Helper Address) Router(config)#interface gigabit Ethernet 0/0

DHCP broadcasts will be forwarded as a unicast to this Router(config-if)#ip helper-address 172.16.20.2

specific address rather than be dropped by the router.
Returns to global configuration mode. Router(dhcp-config)#exit

VTP Configuration
Requirement Command

Configure the VTP Server. S1(config)# vtp mode server

Configure the VTP Clients. S2(config)# vtp mode client
S2(config)# vtp domain CCNA
S2(config)# vtp password cisco
Configure VLANs on the VTP Server. S1(config)# vlan 10
S1(config-vlan)# name yellow
Configure the VTP Domain Name and S1(config)# vtp domain CCNA
Password. S1(config)# vtp password cisco
Verify the VTP Clients have received the S2# show vtp status
new VLAN information. S2# show vtp password
 Extended VLANs
Extended range VLANs are identified by a VLAN ID between 1006 and 4094.

To configure an extended VLAN on a 2960 switch it must be set to VTP transparent mode. (By default 2960
switches do not support Extended range VLANs?)

Configuring Extended VLANs

Requirement Command

Configure the VTP transparent mode. S1(config)# vtp mode transparent

Create Extended VLAN S1(config)# VLAN 2000

S1(config-vlan)# end

DTP Configuration
Requirement Command

Switch port mode access - interface becomes a S1(config)# Switchport mode access
no trunk interface.
Switchport mode dynamic auto - interface S1(config)# Switchport mode dynamic auto
becomes a trunk if the neighboring interface is
set to trunk or desirable mode.
Switchport mode dynamic desirable - interface S1(config)# Switchport mode dynamic desirable
becomes a trunk if the neighboring interface is
set to trunk, desirable, or dynamic auto mode.
Switchport mode trunk - interface becomes a S1(config)# Switchport mode trunk
trunk even if the neighboring interface is not a
trunk interface.
Switchport nonegotiate - prevents the S1(config)# Switchport nonegotiate
interface from generating DTP frames.

verify DTP S1# show dtp interface

 Spanning Tree Protocol (STP) : is a Layer 2 protocol that helps
especially when there are redundant links

STP configuration
Requirement Command

Changing the Spanning-Tree Mode:

 Enables PVST. This is the default setting. Switch(config)#spanning-tree mode pvst
 Enables Rapid PVST+. Switch(config)#spanning-tree mode rapid-pvst

Configuring the Root primary Switch: Switch(config)#spanning-tree vlan 5 root primary

Switch recalculates timers along with
priority to allow the switch to become
the root switch for VLAN5.

Configuring by the Switch Priority: Switch(config)#spanning-tree vlan 5 priority 24576

Configures the switch priority of VLAN 5 to
24576
Configuring the Root primary Switch: Switch(config)#spanning-tree vlan 10 root secondary
Switch recalculates timers along with priority
to allow the switch to become the root switch
for VLAN 5 should the primary root switch fail.
Port Fast: Switch(config)#interface range fast Ethernet 0/1 – 5
Enters interface range configuration mode. Switch(config-if)#spanning-tree portfast
Enables Port Fast on an access port.
BPDU Guard: Switch(config)#interface range fastethernet 0/1 – 5
Enters interface range configuration mode. Switch(config-if)#spanning-tree bpduguard enable
Enables BPDU Guard on the interface.
 Verifying STP
Requirement Command

Displays STP information Switch#show spanning-tree

Displays a brief status of the STP Switch#show spanning-tree brief

Displays a detailed summary of interface Switch#show spanning-tree detail

information

Displays STP information for interface Switch#show spanning-tree interface

gigabitethernet 0/1 gigabitethernet 0/1

Displays a summary of port states Switch#show spanning-tree summary

Layer 3 Switching Configuration

Requirement Command

Configure G0/2 as a routed port and assign S(config)# interface g0/2

an IP address S(config-if)# no switchport
S(config-if)# ip address 209.165.200.225
255.255.255.252
Configure SVI on Switch L3 . S(config)# interface vlan 10
S(config-if)# ip address 192.168.10.254
255.255.255.0
S(config)# interface vlan 20
S(config-if)# ip address 192.168.20.254
255.255.255.0
Enable routing. S(config)# ip routing
Common show commands include:
• show running-config

• show interfaces

• show ip interface brief

• show arp

• show ip route

• show protocols

• show version

When using windows, use the tracert command.

When performing a trace from a router CLI, use the traceroute command.

On a Windows computer, the IP address of the default gateway can be viewed by using the
ipconfig command.
• The ipconfig /all command can be used to view the MAC address as well as other important
details regarding the Layer 3 addressing of the device.

• The ipconfig /displaydns command displays all of the cached DNS entries on a Windows computer
system.

On a Windows computer, the arp -a command lists all devices currently stored in the ARP cache of a
particular host.
The Arp cache can be cleared using the command arp-d
Show cdp neighbors detail
• To disable CDP globally, use the global configuration command no cdp run. To disable CDP on an
interface, use the interface command no cdp enable.
show ip route command to verify that the default route has been set.

‫لله رب العالمين‬
‫دعواتكم لي بالتوفيق‬