The code below in the configuration for a Cisco 1921 with a class C Network where the router has been given the IP address 172.16.0.1. This has got a DHCP range of 100 IP address range address. There are 0 VLAN’s currently configured but the plan is to have a VLAN for the servers so that only allowed devices are able to speak with the server. We are also using a Cisco switch that is running POE for our AP device.
Current Config:
Current configuration : 1583 bytes
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
enable secret 4 56jyXs.RSLFQFX5Ebzwqm0eXTwHAtDmINcDLgnOqA16
!
no aaa new-model
memory-size iomem 5
!
ip cef
!
!
!
ip dhcp excluded-address 172.16.0.1 172.16.0.99
ip dhcp excluded-address 172.16.0.200 172.16.0.254
!
ip dhcp pool pool1
network 172.16.0.0 255.255.0.0
default-router 172.16.0.1
dns-server 172.16.0.4 8.8.8.8
!
!
!
no ipv6 cef
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1921/K9 sn FCZ1809C3MT
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 172.16.0.1 255.255.0.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat pool Internet 192.168.9.20 192.168.9.20 netmask 255.255.255.0
ip nat inside source list 100 pool Internet overload
ip route 0.0.0.0 0.0.0.0 192.168.9.1
!
access-list 100 deny ip 172.16.0.0 0.0.255.255 172.16.0.0 0.0.255.255
access-list 100 permit ip 172.16.0.0 0.0.255.255 any
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password telnet
login
transport input telnet
!
scheduler allocate 20000 1000
!
end
Commands:
Mode Control Commands
| Command |
Description |
| Enable |
Moves a user from user exec mode into Privileged EXEC mode. Privileged exec mode is indicated by the # symbol in the command prompt. |
| configure terminal |
Logs the user into Global Configuration mode |
| interface fastethernet/number |
Enters interface configuration mode for the specified fast ethernet interface |
Basic Configuration Commands List
| Command |
Description |
| reload |
Reboots the Cisco switch or router |
| hostname name |
Sets a host name to the current Cisco network device |
| copy from-location to-location |
Copies files from one file location to another |
| copy running-config startup-config |
Replaces the startup config with the active config when the Cisco network device initializes |
| copy startup-config running-config |
Merges the startup config with the currently active config in RAM |
| write erase / erase startup-config |
Deletes the startup config |
| ip address ip-address mask |
Assigns the specified IP address and subnet mask |
| shutdown / no shutdown |
Shuts the interface down (shutdown) or brings it up (no shutdown) |
| ip default-gateway ip_address |
Sets the default gateway on the Cisco device |
| show running-config |
Displays the current configuration of the device |
| show startup-config |
Displays the saved configuration stored in the device’s NVRAM, which will be loaded when the device starts up |
| description string |
Assigns the specified description to an interface |
| show running-config interface interface slot/number |
Displays the running configuration for the specified interface |
| show ip interface [type number] |
Displays the status of a network interface as well as a detailed listing of its IP configurations and related characteristics. |
| ip name-server serverip-1 serverip-2 |
Sets the IP address of or more DNS servers that the device can use to resolve hostnames to IP addresses. |
Troubleshooting Cisco Commands List
| Command |
Description |
| ping {hostname |
system-address} [source source-address] |
| speed {10 |
100 |
| duplex {auto |
full |
| cdp run / no cdp run |
Enables or disables Cisco Discovery Protocol (CDP) for the device |
| show mac address-table |
Displays the MAC address table |
| show cdp |
Shows whether CDP is enabled globally |
| show cdp neighbors[detail] |
Lists summary (or detailed) information about each neighbor connected to the device |
| show interfaces |
Displays detailed information about interface status, settings and counters |
| show interface status |
Displays the interface line status |
| show interfaces switchport |
Displays many configuration settings and current operational status, including VLAN trunking details |
| show interfaces trunk |
Lists information about the currently operational trunks and the VLANs supported by those trunks |
| show vlan / show vlan brief |
Lists each VLAN and all interfaces assigned to that VLAN but does not include trunks |
| show vtp status |
Lists the current VLAN Trunk Protocol (VTP) status, including the current mode |
Routing and VLAN Commands
| Command |
Description |
| show ip route |
Displays the current state of the IP routing of all known routes that are either statically configured or learned dynamically through a routing protocol |
| ip route network-number network-mask {ip-address |
interface} |
| router rip |
Enables a Routing Information Protocol (RIP) routing process, which places you in router configuration mode |
| network ip-address |
Associates a network with a RIP routing process |
| version 2 |
Configures the software to receive and send only RIP version 2 packets |
| no auto-summary |
Disables automatic summarization |
| default-information originate |
Generates a default route into RIP |
| passive-interface interface |
Sets the specified interface to passive RIP mode, which means RIP routing updates are accepted by, but not sent out of, the interface |
| show ip rip database |
Displays the contents of the RIP routing database |
| ip nat [inside |
outside] |
| ip nat inside source {list{access-list-number |
access-list-name}} interface type number[overload] |
| ip nat inside source static local-ip global-ip |
Establishes a static translation between an inside local address and an inside global address |
| vlan |
Creates a VLAN and enters VLAN configuration mode for further definitions |
| switchport access vlan |
Sets the VLAN that the interface belongs to |
| switchport trunk encapsulation dot1q |
Specifies 802.1Q encapsulation on the trunk link |
| switchport access |
Configures a specific Ethernet port on a switch to operate in access mode to accommodate an end device such as a computer, server or printer. The port must then be assigned to a single VLAN. |
| vlan vlan-id [name vlan-name] |
Configures a specific VLAN name (1 to 32 characters) |
| switchport mode { access |
trunk } |
| switchport trunk {encapsulation { dot1q }} |
Sets the trunk characteristics when the interface is in trunking mode. In this mode, the switch supports simultaneous tagged and untagged traffic on a port. |
| encapsulation dot1q vlan-id |
Defines the matching criteria to map 802.1Q frames ingress on an interface to the appropriate service instance |
| show spanning-tree |
Provides detailed information about the Spanning Tree protocol for all VLANs |
DHCP Commands
| Command |
Description |
| ip address dhcp |
Acquires an IP address on an interface via DHCP |
| ip dhcp pool name |
Used to configure a DHCP address pool on a DHCP server and enter DHCP pool configuration mode |
| domain-name domain |
Specifies the domain name for a DHCP client |
| network network-number [mask] |
Configures the network number and mask for a DHCP address pool primary or secondary subnet on a Cisco IOS DHCP server |
| ip dhcp excluded-address ip-address [last-ip-address] |
Specifies IP addresses that a DHCP server should not assign to DHCP clients |
| ip helper-address address |
Enables forwarding of UDP broadcasts, including BOOTP, received on an interface |
| default-router address[address2 … address8] |
Specifies the default routers for a DHCP client |
Security Commands
| Command |
Description |
| Password pass-value |
Lists the password that is required if the login command (with no other parameters) is configured |
| username name password pass-value |
Defines one of possibly multiple user names and associated passwords used for user authentication. It is used when the login local line configuration command has been used. |
| enable password pass-value |
Defines the password required when using the enable command |
| enable secret pass-value |
Sets the password required for any user to enter enable mode |
| service password-encryption |
Directs the Cisco IOS software to encrypt the passwords, CHAP secrets and similar data saved in its configuration file |
| ip domain-name name |
Configures a DNS domain name |
| crypto key generate rsa |
Creates and stores (in a hidden location in flash memory) the keys that are required by SSH |
| transport input {telnet |
ssh} |
|
|
