Scribd
Upload
13 views7 pages

Configurations

Uploaded by

yousef hamdy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
13 views7 pages

Configurations

Uploaded by

yousef hamdy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

Basic configuration: -

Active#clock set 8:24:00 24 feb 2024

Active(config)#hostname Active

Active(config)#enable password 123

Active(config)#username admin password 123

Active(config)#line console 0

Active(config-line)#login local

Active(config-line)#exit

Active(config)#line vty 0 2

Active(config-line)#login local

Active(config-line)#transport input ssh

Active(config-line)#exit

Active(config)#service password-encryption

Active(config)#service timestamps log datetime msec

Active(config)#ip domain name itgate.com

Active(config)#crypto key generate rsa

How many bits in the modulus [512]: 1024

Active(config)#ip ssh version 2

Reseting: -
//If we know the username and password and we don’t know the enable password

Active#erase startup-config

Active#delete vlan.dat

Active#reload

//If don’t know the username and password then remove the power supply and plug it in again while clicking on the

Reset button for 10 seconds to enter the flash mode

Switch:flash_init

Switch:rename flash:config.text flash:abcd.config.text

Switch:reset
Troubleshooting commands: -
Active#show running-config

Active#show ip interface brief

Active#show ip route

//Troubleshooting from PC cmd

C:\>tracert 172.16.60.11
//VLANS

Active#show vlan

//Spanning Tree

Active#show spanning-tree
//Access Lists

Active#show access-lists
//OSPF

Active#debug ip ospf adj

Active#debug ip ospf events

Active#show ip ospf interface g0/0

Active#show ip ospf database

//NAT

Active#show ip nat translations

//CDP

Active#show cdp neighbors

Active#show cdp
//NTP

Active#debug ntp packets

Active#u all //Stops Debugging

//DHCP

Active#show ip dhcp binding


//HSRP

Active#debug standby packets


Active#u all //Stops Debugging

Active#show standby

Active#show standby brief


Layer 2 switches configuration: -
//Spanning Tree Security

sw1-fl1-off1(config)#spanning-tree mode rapid-pvst //Spanning Tree Security

sw1-fl1-off1(config)#spanning-tree vlan 10,20 priority 61440 //Spanning Tree Security

sw1-fl1-off1(config)#ip dhcp snooping vlan 10,20 //DHCP Security

sw1-fl1-off1(config)#ip arp inspection vlan 10,20 //ARP Security

sw1-fl1-off1 (config)#ip arp inspection validate dst-mac //ARP Security

//VLANS

sw1-fl1-off1(config)#int range f0/1-10

sw1-fl1-off1(config-if-range)#switchport mode access

sw1-fl1-off1(config-if-range)#switchport access vlan 10

//Trunks

sw1-fl1-off1(config)#interface range g0/1-2

sw1-fl1-off1(config-if-range)#switchport mode trunk

sw1-fl1-off1(config-if-range)#switchport trunk allowed vlan 10,20

sw1-fl1-off1(config-if-range)#ip dhcp snooping trust //DHCP Security

sw1-fl1-off1(config-if-range)#ip arp inspection trust //ARP Security

//All End users

sw1-fl1-off1(config)#int range f0/1-20

sw1-fl1-off1(config-if-range)#switchport port-security

sw1-fl1-off1(config-if-range)#switchport port-security violation shutdown

sw1-fl1-off1(config-if-range)#switchport port-security mac-address sticky

sw1-fl1-off1(config-if-range)#spanning-tree portfast //Spanning Tree security

sw1-fl1-off1(config-if-range)#spanning-tree bpduguard enable //Spanning Tree security

sw1-fl1-off1(config-if-range)#ip dhcp snooping limit rate 4 //DHCP Security

//All unused ports

sw1-fl1-off1(config)#interface range f0/21-24

sw1-fl1-off1(config-if-range)#switchport mode trunk

sw1-fl1-off1(config-if-range)#switchport trunk native vlan 998

sw1-fl1-off1(config-if-range)#switchport nonegotiate

sw1-fl1-off1(config-if-range)#shutdown
//if we have ether-channel between switches

sw1-fl1-off1(config-if-range)#channel-group 1 mode active

sw1-fl1-off1(config-if-range)#switchport mode trunk

sw1-fl1-off1(config-if-range)#switchport trunk allowed vlan 50,60

sw1-fl1-off1(config-if-range)#ip dhcp snooping trust

sw1-fl1-off1(config-if-range)#ip arp inspection trust

//CDP

sw1-fl1-off1(config)#no cdp run

//SysLog

sw1-fl1-off1(config)#logging on

sw1-fl1-off1(config)#logging host 90.0.0.2 //the ip of the syslog server

sw1-fl1-off1 (config)#logging 90.0.0.2

Layer 3 switches configuration: -


Active(config)#ip routing

Active(config)#spanning-tree mode rapid-pvst

Active(config)#spanning-tree vlan 10-40 root primary //Secondary for backup switch

Active(config)#ip dhcp snooping vlan 10-40

Active(config)#ip arp inspection vlan 10-40

Active(config)#ip arp inspection validate dst-mac

//VLANS virtual interfaces and HSRP

Active(config)#vlan 10

Active(config-vlan)#exit

Active(config)#interface vlan 10

Active(config-if)#ip address 192.168.10.1 255.255.255.0 //for backup 192.168.10.2

Active(config-if)# standby 1 ip 192.168.10.100

Active(config-if)#standby 1 preempt

Active(config-if)#standby 1 priority 255 //for backup no priority command

//then do the same for other vlans

//Trunks

Active(config)#int range g0/1-2

Active(config-if-range)#switchport trunk encapsulation dot1q

Active(config-if-range)#switchport trunk allowed vlan 10-40

Active(config-if-range)#switchport mode trunk

Active(config-if-range)#ip dhcp snooping trust

Active(config-if-range)#ip arp inspection trust


//DHCP

Active(config)#ip dhcp pool vlan10

Active(dhcp-config)#network 192.168.10.0 255.255.255.0

Active(dhcp-config)#default-router 192.168.10.100

Active(dhcp-config)#dns-server 8.8.8.8

Active(dhcp-config)#domain-name itgate.com

//DHCP excluded addresses

Active(config)#ip dhcp excluded-address 192.168.10.1 192.168.10.10


Active(config)#ip dhcp excluded-address 192.168.10.100 //HSRP standby ip

//Unused ports

Active(config)#int range f0/2-24

Active(config-if-range)#shutdown

//Routing

Active(config)#int f0/1

Active(config-if)#no switchport

Active(config-if)#ip address 10.0.0.2 255.255.255.252

//Static routing

//don’t use the following commands before connecting between the active switch and the router

Active (config)#ip route 10.0.0.0 255.255.255.252 f0/1 200


Active (config)#ip route 10.0.0.8 255.255.255.252 f0/1 200
Active (config)#ip route 90.0.0.0 255.255.255.0 f0/1 200
Active (config)#ip route 172.16.50.0 255.255.255.0 f0/1 200
Active (config)#ip route 172.16.60.0 255.255.255.0 f0/1 20

//OSPF routing

Active(config)#router ospf 100

Active(config-router)#network 192.168.10.0 0.0.0.255 area 0 //then do the same for all direct connected networks

//if we have ether-channel between switches

Active(config-if-range)#channel-group 1 mode active

Active(config-if-range)#switchport mode trunk

Active(config-if-range)#switchport trunk allowed vlan 50,60

Active(config-if-range)#ip dhcp snooping trust

Active(config-if-range)#ip arp inspection trust


//NTP

Active(config)#ntp server 10.0.0.1 //the ip of the corresponding interface of the NTP master (Server)
Active(config)#ntp authenticate

Active(config)#ntp authentication-key 1 md5 123

Active(config)#ntp update-calendar

//CDP

Active(config)#no cdp run

//SysLog

Active(config)#logging on

Active(config)#logging host 90.0.0.2 //the ip of the syslog server

Active(config)#logging 90.0.0.2

Router configuration: -
Branch1(config)#int g0/1

Branch1(config-if)#no shutdown

Branch1(config-if)#ip address 10.0.0.1 255.255.255.252

//then do the same for other interfaces

//Static routing

Branch1(config)#ip route 192.168.10.0 255.255.255.0 g0/1 200


Branch1(config)#ip route 192.168.10.0 255.255.255.0 g0/2 205

//then do the same for all other remote networks

//OSPF routing

Branch1(config)#router ospf 100

Branch1(config-router)#network 10.0.0.0 0.0.0.3 area 0

//then do the same for all other direct connected networks

//NATING

Branch1(config)#int s0/0/0

Branch1(config-if)#no shutdown

Branch1(config-if)#ip address 10.0.0.14 255.255.255.252

Branch1(config-if)#ip nat inside

//then do the same for the corresponding router but with ip 10.0.0.13

Branch1(config)#int g0/0 //the interface to the external server in the public network

Branch1(config-if)#no shutdown

Branch1(config-if)#ip address 5.0.0.1 255.255.255.0

Branch1(config-if)#ip nat outside


//Then give the external server static ip : 5.0.0.2 , Subnetmask: 255.255.255.0 Default Gateway: 5.0.0.1
Branch1(config)#access-list 1 permit 10.0.0.0 0.255.255.255
Branch1(config)#access-list 1 permit 192.168.0.0 0.0.255.255
Branch1(config)#access-list 1 permit 172.16.0.0 0.0.255.255

Branch1(config)#ip nat pool abc 5.0.0.1 5.0.0.1 netmask

Branch1(config)#ip nat inside source list 1 pool abc overload

//don’t forget to update the Routing protocols with the newly added networks

//NTP

Branch1(config)#ntp master

Branch1(config)#ntp authenticate

Branch1(config)#ntp authentication-key 1 md5 123

Branch1(config)#ntp update-calendar

//CDP

Branch1(config)#no cdp run

//SysLog

Branch1(config)#logging on

Branch1(config)#logging host 90.0.0.2 //the ip of the syslog server

Branch1(config)#logging 90.0.0.2

Router on stick configuration: -


Brach2(config)#int g0/1

Brach2(config-if)#no shutdown

Brach2(config-if)#int g0/1.50

Brach2(config-subif)#encapsulation dot1Q 50

Brach2(config-subif)#ip address 172.16.50.1 255.255.25

You might also like