(config)#router ospf 1
^ Enters OSPF configuration mode.
The "1" is the process ID.
A router can run multiple OSPF processes at once.
Process ID is unrelated to area.
(config-router)#network 10.0.12.0 0.0.0.3 area 0
(config-router)#network 10.0.13.0 0.0.0.3 area 0
(config-router)#network 172.16.1.0 0.0.0.15 area 0
^ These three commands activate OSPF on all interfaces that match the given parameters. They are configured as area 0.
The commands tell the router to find all interfaces that match the ranges specified.
Recall the network command uses wildcard matching. So 0.0.0.15 = 255.255.255.240
Also recall that these commands don't specify which networks to advertise.
The commands activate OSPF on interfaces that fall in the range of the given wildcard matching patterns.
(config-router)#passive-interface g2/0
^ Tells the interface to stop sending OSPF 'hello' messages out that interface - probably because there are no further routers for that interface to neighbor with.
Use this command on any interface that doesn't have any OSPF neighbors.
(config)#ip route 0.0.0.0 0.0.0.0 203.0.113.2
^ Adds a default route and points to the next hop as the ISP's IP address
(This becomes our gateway of last resort)
(config-router)#default-information originate
^ This advertises the default route into OSPF so the other routers learn about it
R1#show ip protocols
^ Displays information about the routing protocol being used.
For us, that's OSPF
(config-router)#router-id 1.1.1.1
^ Manually configure the router ID as 1.1.1.1
The router will continue to use the old ID until we reload the router or use the command:
clear ip ospf process
^ Dangerous command because it clears out the routing map for a while until things are rebuilt. This means downtime.
(config-router)#maximum-paths <#>
^ Change the maximum number of redundant paths that can be added to the routing table from 4 to #
(config-router)#distance <#>
^ Set the administrative distance
R4(config)#int l0
^ That's "L" 0 <-- Loopback0 (not the number 10)
This command creates a loopback interface
R4(config-if)#ip address 1.1.1.1 255.255.255.255
^ Assigns IP address 1.1.1.1/24 to interface Loopback0
R4>show ip int | begin Loop
^ Displays IP addresses assigned to interfaces beginning with the first match of "Loop" (Loopback0)
R4>show ip int brief
Shows a summary of interfaces and their IP assigned IP addresses
R4>show int l0
^ Again, that's loopback0, not the number 10
^ Command shows details of interface Loopback0
R1#show ip ospf neighbor
^ Shows OSPF neighbors
R1#show ip ospf database
^ Shows LSDB (link-state database)
R1#show ip ospf interface
^ Displays details about OSPF settings on each interface
[These are my notes from Jeremy's excellent CCNA course which can be viewed here.]
Friday, May 3, 2024
Cisco 113 - OSPF Part 1
Tuesday, April 23, 2024
Cisco 112 - Trick for searching output: BEGIN
I miss piping output to 'less'
Ex)
show running-config | less
^ Does not work
My co-worker gave me this tip:
show running-config | begin ASDF
Shows the output from the running-config but starts ("begins") it at search string ASDF
Looks like it might accept regular expressions, too. So:
show running-config | begin Gi2\/0\/3
Would begin output at Gi2/0/3
Friday, April 19, 2024
Cisco 111 - Dynamic Routes and Floating Static Routes
Administrative Distance costs
Administrative Distance <-- Route protocol/type
0 <-- Directly connected
1 <-- Static
20 <-- External BGP (eBGP)
90 <-- EIGRP
100 <-- IGRP
110 <-- OSPF
115 <-- IS-IS
120 <-- RIP
170 <-- EIGRP (external)
200 <-- Internal BGP (iBGP)
255 <-- Unusable route
Floating Static Routes
This is useful to configure a backup route that should not be used unless the normal path goes down.
Display existing routes
#show ip route
(config)#ip route <network> <subnet> <ip of alternate next hop> <metric higher than usual path>
(config)#ip route 10.0.2.0 255.255.255.0 203.0.113.1 111
#show ip route
You won't see the new route because its administrative cost is higher than the better path
Here's a way:
#show running-config | incl route
[These are my notes from Jeremy's excellent CCNA course which can be viewed here.]
Tuesday, April 16, 2024
Cisco 110 - EtherChannel
Conceptually, EtherChannel combines (aggregates) multiple linked ports into a single aggregate connection.
Displays current load balancing method:
#show etherchannel load-balance
Change load balancing method to load balance based on source and destination IP address:
#conf t
(config)#port-channel load-balance <mode>
(config)#port-channel load-balance src-dst-mac
(conifg)#show etherchannel load-balance
Modes:
dst-ip Destination IP address
dst-mac Destination MAC address
src-dst-ip Source & destination IP address
src-dst-mac Source & destination MAC address
src-ip Source IP address
src-mac Source MAC address
Methods to create an EtherChannel:
1) Static = Manual config
Don't do this because you want the switch to automatically remove a link when it goes down
2) Dynamic = Automatic
A) PAgP (Port Aggregation Protocol) = Cisco proprietary
B) LACP (Link Aggregation Control Protocol) = IEEE standard and preferred
(config)#interface range g0/0 - 3
(config-if-range)#channel-group 1 mode desirable
modes:
active = Enable LACP unconditionally
passive = Enable LACP only if a LACP device is detected
auto = Enable PAgP only if a PAgP device is detected
desirable = Enable PAgP unconditionally
on = Enable etherchannel only
For PAgP:
auto + auto = No EtherChannel
desirable + auto = EtherChannel
desirable + desirable = EtherChannel
For LACP:
passive + passive = No EtherChannel
active + passive = EtherChannel
active + active = EtherChannel
To config the aggregate etherchannel as a VLAN trunk, do this on both switches:
(config)#interface port-channel 1
(config-if)#switchport trunk encapsulation dot1q
(config-if)#switchport mode trunk
(config-if)#do show interfaces trunk
Displays port aggregates, protocol, and which ports are being used in each
#show etherchannel summary
Displays more details including the channel group mode
#show etherchannel port-channel
Layer 3 EtherChannel
(config)#int range g0/0 - 3
(conifg-if-range)#no switchport
(conifg-if-range)#channel group 1 mode active
(config-if-range)#int po1
(config-if)#ip address 10.0.0.1 255.255.255.252
[These are my notes from Jeremy's excellent CCNA course which can be viewed here.]
Saturday, April 13, 2024
Cisco 109 - Rapid Spanning Tree Protocol
SW3(config)#spanning-tree mode?
mst - Multiple Spanning Tree mode
pvst - Per-Vlan Spanning Tree mode (classic mode)
rapid-pvst - Rapid Per Vlan Spannint Tree mode (new & improved)
This is the default and we probably won't need to execute this:
SW3(config)#spanning-tree mode rapid-pvst
This command will tell a port it is connected to a PC or end host, not a switch or a hub. Because there is no risk of creating a loop, they can move straight to the forwarding state without the negotiation process. The port is the "edge" of the network, so they are called "edge ports". They function like a classic STP port with PortFast enabled, thus:
SW1(config-if)#spanning-tree portfast
This command tells the port it is connected to a switch:
SW4(config-if)#spanning-tree link-type point-to-point
Costs:
Speed - STP Cost - RSTP Cost
10 Mbps - 100 - 2,000,000
100 Mbps - 19 - 200,000
1 Gbps - 4 - 20,000
10 Gbps - 2 - 2,000
100 Gbps - X - 200
1 Tbps - X - 20
[These are my notes from Jeremy's excellent CCNA course which can be viewed here.]
Friday, April 12, 2024
Cisco 108 - Spanning Tree Protocol
This is the feature that prevents infinite layer 2 loops among redundant links leading to broadcast storms.
This command will show who the root bridge is, this switch/bridge's priority, root status, role (designated, non-designated), and port cost for each interface:
SW3#show spanning-tree
VLAN0001
Filter the output to only show vlan 1:
SW3#show spanning-tree vlan 1
Show more details:
SW3#show spanning-tree detail
Fewer overall view but displays number of ports in various states:
SW3#show spanning-tree summary
NAME Blocking Listening Learning Forwarding STP Active
VLAN0001 0 0 0 4 4
Portfast is a feature that lets a a switch interface skip the listening/learning stages and go straight to forwarding state. The idea here is that the interface is connected to a PC, not a switch. If it isn't connected to a switch, there is no danger of a layer 2 infinite loop.
[Seems risky]
To enable portfast:
SW1(config-if)#spanning-tree portfast
To enable portfast on all access ports by default:
SW1(config)#spanning-tree portfast default
BPDU Guard makes this less risky. If an interface enabled with BPDU guard receives a BPDU from another switch, the interface will be shut down to prevent a loop from forming:
SW1(config)#int g0/2
SW1(config-if)#spanning-tree bpduguard enable
To enable BPDU guard by default:
SW1(config)#spanning-tree portfast bpduguard default
Configure which spanning-tree mode the switch uses:
SW1(config)#spanning-tree mode ?
mst Multiple spanning tree mode
pvst Per-Vlan spanning tree mode (Classic with Cisco's per Vlan addition)
rapid-pvst Per-vlan rapid spanning tree mode (Modern and improved per-Vlan spanning tree mode)
Rig a specific switch to act as the root bridge for vlan 1:
SW3(config)#spanning-tree vlan 1 root primary
^This command figures out the next lower priority (4096 less) for you so you don't have to calculate it.
Rig up a specific switch to act as a secondary:
SW2(config)#spanning-tree vlan 1 root secondary
Spanning Tree Costs:
STP - Cost
10 Mbps - 100
100 Mbps - 19
1 Gbps - 4
10 Gbps - 2
[These are my notes from Jeremy's excellent CCNA course which can be viewed here.]
Sunday, April 7, 2024
Cisco 107 - Inter-VLAN Routing via SVI (Switch Virtual Interface)
Jeremy introduces the concept of a Switch Virtual Interface in this video. This is useful on a Layer 3 (Multilayer) Switch -- a switch that can also do layer 3 work (incluing routing).
First Jeremy removes VLAN config from router R1:
Remove the sub-interfaces:
R1(config)#no interface g0/0.10
R1(config)#no interface g0/0.20
R1(config)#no interface g0/0.30
This resets the interface to its defaults:
R1(config)#default interface g0/0
View the config of R1 interfaces:
R1(config)#do show ip interface brief
Now set an IP address on R1's g0/0 interface:
R1(config)#interface g0/0
R1(config-if)#ip address 192.168.1.194 255.255.255.252
---
Now Jeremy reconfigures switch 2 (SW2) as a multi-layer switch and configures it to do VLAN routing.
Reset interface g0/1 to defaults
SW2(config)#default interface g0/1
SW2(config)#ip routing <-- Enables layer 3 routing on the multilayer switch
These next two commands change int g0/1 from a layer 2 switched port to a layer 3 routed port.
SW2(config)#interface g0/1
SW2(config-if)#no switchport
Since the interface is now a routed port, it needs a layer 3 IP address:
SW2(config-if)#ip address 192.168.1.193 255.255.255.252
These next two commands tell SW2 to use R1 as its default route.
The IP address 192.168.1.194 is SW2's "next hop" and that IP address matches the one assigned to R1's connected interface up above
SW2(config-if)#exit
SW2(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.194
Now view the route config on SW2:
SW2(config)#do show ip route
We can also see how an interface is configured to route with the command below. Instead of showing a VLAN ID, the VLAN column will show "routed":
SW2#show interfaces status
Now we need to configure the SVIs (switch virtual interfaces) on SW2.
Create 3 SVIs and assign an IP address to each. These IP addresses act as the "default gateways" to the PCs in the corresponding VLANs:
SW2(config)#interface vlan10 <-- This creates an SVI called "vlan10"
SW2(config-if)#ip address 192.168.1.62 255.255.255.192
SW2(config-if)#no shutdown <-- SVIs are shut down by default
SW2(config-if)#interface vlan20
SW2(config-if)#ip address 192.168.1.126 255.255.255.192
SW2(config-if)#no shutdown
SW2(config-if)#interface vlan30
SW2(config-if)#ip address 192.168.1.190 255.255.255.192
SW2(config-if)#no shutdown
Recall that access or trunk ports on SW2 were already assigned to VLANs 10, 20, and 30. So the switch has already created VLANs 10, 20, and 30.
[These are my notes from Jeremy's excellent CCNA course which can be viewed here.]
Cisco 106 - Configure native VLAN on a router
Two methods to configure native VLAN on a router:
1)Set the VLAN ID on a sububinterface:
(config)#int g0/0.10
(config-subif)#encapsulation dot1q 10 native
2)Config the IP address for the native VLAN on the router's physical interface. The encapsulation dot1q command is not necessary with this option.
First remove the subinterface:
(config)#no interface g0/0.10
Then configure the IP address of the physical interface:
(config)#interface g0/0
(config-if)#ip address 192.168.1.62 255.255.255.192
Here is the running config of a router with the physical interface using the native VLAN and two sub-interfaces configured for other VLANs:
!
interface GigEthernet0/0
ip address 192.168.1.62 255.255.255.192
!
interface GigEthernet0/0.20
encapsulation dot1Q 20
ip address 192.168.1.126 255.255.255.192
!
interface GigEthernet0/0.30
encapsulation dot1Q 30
ip address 192.168.1.190 255.255.255.192
!
[These are my notes from Jeremy's excellent CCNA course which can be viewed here.]
Friday, April 5, 2024
Cisco 105 - Initial VLAN Trunk sub-interfaces
(config)#int g0/0
(config-if)#no shutdown
; Sets IP address of sub-interface and uses VLAN 10
(config-if)#int g0/0.10
; Any arriving frames tagged with Vlan 10 will be treated as if they arrived on this sub-interface
; Also, any frames sent via this sub-interface will be tagged with Vlan 10
(config-subif)#encapsulation dot1q 10
(config-subif)#ip address 192.168.1.62 255.255.255.192
; Now sub-interface g0/0.20
(config-subif)#int g0/0.20
(config-subif)#encapsulation dot1q 20
(config-subif)#ip address 192.168.1.126 255.255.255.192
; Now sub-interface g0/0.30
(config-subif)#int g0/0.30
(config-subif)#encapsulation dot1q 30
(config-subif)#ip address 192.168.1.190 255.255.255.192
; This will show the newly defined sub-interfaces as well as their IP addresses
#show ip int brief
; This will show the “directly connected” networks just like regular interfaces
#show ip route
[These are my notes from Jeremy's excellent CCNA course which can be viewed here.]
Cisco 104 - Initial VLAN Trunk commands
(config)#interface g0/0
; If the command is rejected (such as on an older switch) first configure the port to use dot1q
(config-if)#switchport mode trunk
Command rejected: An interface whose trun encapsulation is “Auto” can not be configured to “trunk” mode.
(config-if)#switchport trunk encapsulation dot1q
(config-if)#switchport mode trunk
; Shows which ports are configured for trunking, which Vlans are allowed on the trunk, which Vlans are allowed and active
#show interfaces trunk
; Shows each vlan and which ports are configured to use them
#show vlan brief
#int g0/0
; Allows Vlan 10 and 30 on interface
(config-if)#switchport trunk allowed vlan 10,30
; Adds Vlan 20 to allowed list
(config-if)#switchport trunk allowed vlan add 20
; removes Vlan 20 from allowed list
(config-if)#switchport trunk allowed vlan remove 20
; Allows all Vlans on the port. This is the default state – all Vlans are allowed on trunk by default.
(config-if)#switchport trunk allowed vlan all
; Removes all Vlans from allowed list.
(config-if)#switchport trunk allowed vlan none
; Sets native vlan to 1001
(config-if)#switchport trunk native vlan 1001
[These are my notes from Jeremy's excellent CCNA course which can be viewed here.]
Cisco 103 - Initial VLAN commands
#show vlan brief
Shows VLANs and which ports they are configured on
VLAN Name Status Ports
1 default active Gi0/0, Gi0/1, Gi0/2...
; Define interfaces g1/0, g1/1, g1/2, and g1/3
#interface range g1/0 - 3
; Config interfaces in access mode
; as opposed to trunk mode
(config-if-range)#switchport mode access
; Assign interfaces to vlan 10
; Notice that vlan 10 does not exist so it has to create vlan 10
(config-if-range)#switchport access vlan 10
% Access VLAN does not exist. Creating vlan 10
(config-if-range)#interface range g2/0 - 2
(config-if-range)#switchport mode access
(config-if-range)#switchport access vlan 20
% Access VLAN does not exist. Creating vlan 20
; If you need to create a vlan that did not get auto-created by commands above
#Vlan 30
; Assign names to VLANs
; If VLAN did not exist, it would first create VLAN
(config)#vlan 10
(config-vlan)#name Engineering
(config-vlan)#vlan 20
(config-vlan)#name HR
;
(config)#int range Fa3/1, Fa4/1
(config-if-range)#switchport mode access
(config-if-range)#switchport access vlan 10
(config-if-range)#int range Fa5/1, Fa6/1
(config-if-range)#switchport mode access
(config-if-range)#switchport access vlan 20
(config-if-range)#exit
(config)#exit
SW1#show int status
Port Name Status Vlan Duplex Speed Type
Gig0/1 connected 10 auto auto 10/100BaseTX
Gig1/1 connected 20 auto auto 10/100BaseTX
Gig2/1 connected 30 auto auto 10/100BaseTX
Fa3/1 connected 10 auto auto 10/100BaseTX
Fa4/1 connected 10 auto auto 10/100BaseTX
[These are my notes from Jeremy's excellent CCNA course which can be viewed here.]
Cisco 102 - Additional Initial Commands
R1# conf t
R1(config)# int g0/0
R1(config-if)#ip addr 10.1.2.3 255.255.255.0
R1(config-if)#no shutdown
show interfaces g0/0
Displays details about g0/0
show interfaces description
Int Status Protocol Description
G0/0 up up WJ3B
G0/1 up up WJ4B
G0/2 up up WJ5C
G0/3 down admin-down WJ6B
show ip route
View routing table
do show ip route
From config mode
ip route dest-addr mask next-hop
ip route 192.168.4.0 255.255.255.0 192.168.13.3
ip route dest-addr mask exit-int
ip route 192.168.1.0 255.255.255.0 g0/0
ip route 0.0.0.0 0.0.0.0 203.0.113.2
Sets default gateway to 203.0.113.2
[These are my notes from Jeremy's excellent CCNA course which can be viewed here.]
Cisco 101 - Initial commands
enable
conf t
show startup-config
show running-config
write mem
copy running-config startup-config
Dangerous:
write erase
erase startup-config
erase nvram:
enable password CCNA
Requires password "CCNA" to go into privileged mode.
Problem: Password stored in clear text in startup-config
service password-encryption
Type "7" encryption.
Problem: Easily crackable
enable secret Cisco
Use this one. Type "5" encryption (MD5).
If configured, device ignores "enable password"
show mac address-table
show mac-address-table
clear mac address-table dynamic
show ip interface brief
Int IP-Addr Status Protocol
G0/0 10.1.2.3 up up
G0/1 unassigned admin down down
G0/2
Router status default = admin down
Switch status default = down (until something is plugged in)
no ip domain-lookup
Disables IOS from resolving incorrect commands as hostname to IP lookup (takes a long time)
logging synchronous
Sync syslog messages to prevent interrupts while I am typing
term len 0
do sh run
Displays running config without pausing after each screenful of info
Maybe on Aruba:
screen-length disable
or
no page
[These are my notes from Jeremy's excellent CCNA course which can be viewed here.]