CISCO CERTIFIED NETWORKING ASSSOCIATE

Mode Prompt Command to enter Command to exit

User EXEC Router > Default mode after booting. Login with Use exit command
password, if configured.

Privileged Router # Use enable command from user exec Use exit command

EXEC mode
Global Router(config)# Use configure terminal command from Use exit command
Configuration privileged exec mode

Interface Router(config-if)# Use interface type number command Use exit command to return in

Configuration from global configuration mode global configuration mode

Sub-Interface Router(config-subif) Use interface type sub interface Use exit to return previous mode.

Configuration number command from global Use end command to return in
configuration mode or interface configure privileged exec mode.
mode

Setup Parameter[Parameter Router will automatically insert in this Press CTRL+C to abort.

value]: mode if running configuration is not Type yes to save configuration,
present or no to exit without saving when
asked in the end of setup.
ROMMON ROMMON > Enter reload command from privileged Use exit command.
exec mode. Press CTRL + C key
combination during the first 60 seconds
of booting process

Cisco User Mode Cisco:

By Henry
 CISCO CERTIFIED NETWORKING ASSSOCIATE

In first command mode of cisco you can run limited type of show commands, basic reachability
tests. This command mode is represented by symbol “>”.
Cisco Privileged Mode
Privileged EXEC is second command level mode with the symbol “#”. Use “enable” command
in user mode for accessing the privileged mode. In this mode you can have access to all
monitoring commands of router.
What is global configuration mode of cisco router?     
The Global configuration mode is for administrator where you can configure your Cisco router
and the running configuration. You can access global configuration mode from Privileged EXEC
mode using a command “configure terminal”
How to Check Current Configurations on Cisco Router? 
Once your cisco router is boot up you can check already performed configuration or default
configuration Using command show running-config. If you are new to cisco just run this
command in privileged mode this will give you a brief of all physical interfaces of cisco routers
as well as all the protocols configuration
How to configure console Password on Cisco Router?
The most basic password that you can configure on cisco router is to set the console password.
This password blocks the unauthorized access through console cable on Cisco router. You can
set the console password by using the following commands.
Router2>enable
Router2# configure terminal
Router2(config)#line console 0
Router2(config-line)#password cisco
Router2(config-line)#login

How to set enable password?

With the enable password you can secure privilege exec mode. You can set enable password in
two ways. Both commands will set the enable password but the difference is first command will
save the password in clear text which will be visible in show running-config, whereas the enable
secret will save the password in encrypted form.
router(config)# enable password cisco
or
router(config)# enable secret cisco

How to set the Telnet password on Cisco Router?

Telnet password is used to secure your remote access to cisco router. By default there are five
VTY line of connections available but it may vary depending upon the version of Cisco router.
You can set the telnet password by using these commands:
Router(config)#line vty 0
Router(config-line)#password cisco               
Router(config-line)#login

By Henry
 CISCO CERTIFIED NETWORKING ASSSOCIATE

How to configure Cisco Router Host name?

After securing your router with different password, the most basic setting is to change the router
name or host name of your cisco router. You can accomplish this by executing a cisco command
“Hostname <router_new_name>” in global configuration mode.
Router(config)# hostname home_router
home_router(config)#

How to configure Cisco Router Host name?

After securing your router with different password, the most basic setting is to change the router
name or host name of your cisco router. You can accomplish this by executing a cisco command
“Hostname <router_new_name>” in global configuration mode.
Router(config)# hostname home_router
home_router(config)#

Router(config)#interface fastethernet 0/0

Router(config-if)#ip address 10.1.0.1 255.255.0.0
Router(config-if)#no shut
How to disable or stop a Router Interface?
You can start or stop any Cisco router interface by using the commands “shutdown” to disable
the interface and “no shutdown” to enable any interface.

How to save Cisco Router Configurations?

You can save the configuration on Cisco router by using the following command in privilege
mode:

Router#copy run start

or Simply use Router#write

Backup Cisco Router Configuration:

You can save the configuration of cisco router to local device using the TFTP server

Router2#copy running-config tftp

Address or name of remote host []? 192.168.2.11
Destination filename [Router2-confg]? backup_of-my_router
!!
1030 bytes copied in 3.58 secs (415 bytes/sec)
Router2# 

By Henry
 CISCO CERTIFIED NETWORKING ASSSOCIATE

What is default Gateway and how to configure it on Cisco?

The purpose of default gateway is to direct packets addressed to networks not found in the
routing-table. In presence of default routes all packets with the unknown destinations are
forwarded to default gateway. Default gateways help in limiting system resources like memory,
broadcast & processing power.

Router2(config)#ip default-gateway 172.16.1.13 

RIP Cisco router Configuration:

The RIP (Routing Information Protocol) is one of easiest protocol to configure on Cisco Router.
RIP is distance vector routing protocol and support maximum 15 hub counts. RIP is used for
small scale networks.  RIP also supports equal cast load balancing for dividing the load across
the different interfaces. On Cisco Router you can enable the Routing Information Protocol by
following commands

R1(config)#router rip
R1(config-router)#network 10.1.1.0
R1(config-router)#network 11.1.1.0

EIGRP configuration on Cisco Router:

Enhanced Interior Gateway Routing Protocol is designed by Cisco and it is a routing protocol
which you can use only on Cisco Router. Configuration of EIGRP on Cisco Router is resembles
With RIP. Commands are almost similar to RIP.  Following few commands are required for
basic configuration of Enhanced Interior Gateway Routing Protocol.

R1(config)#

R1(config)#router eigrp 1

R1(config-router)#network 10.0.0.0

R1(config-router)#network 20.0.0.0

Exit

R1#show ip eigrp neighbors

OSPF configuration on Cisco Router:

OSPF (Open Shortest Path First ) is the one of the famous and most used routing protocol. It is
open standard protocol and you can used it on very vendor’s router. OSPF is link state routing
protocol, by using its algorithm Open Shortest Path First can find it best path more accurately.   
R2#conf t
R3(config)#router ospf 1

By Henry
 CISCO CERTIFIED NETWORKING ASSSOCIATE

R3(config-router)#network 1 7 2.16.10.0 0.0.0.255 area 0

R3(config-router)#network 10 .10.22.0 0 .0.0.255 area 0

Router>enable
Router#configure terminal
Router(config t)# hostname Cisco
Cisco (config-if) interface fa 0/1
Cisco (config-if)ip address 192.168.10.1 255.255.255.0
Cisco (config-if) no shut

SWITCH CONFIGURATION
Global configuration
Switch>enable
Switch #configure terminal
Switch (config)#hostname cisco
Assign a Password to the Switch

Once you’ve assigned a hostname you will want to create a password to control who has access
to the privileged EXEC mode (to prevent everyone from being able to log in). To assign an
administrator password to enter the following command:

access-switch1(config)# enable secret Cisco1

Remember to pick a strong password so that it’s harder to figure out.

4. Configure Telnet and Console Access Passwords

The next step is to configure passwords for Telnet and console access. Configuring passwords
for these is important because it makes your switch more secure. If someone without
authorization gains telnet access then it puts your network at serious risk. You can configure
passwords by entering the following lines

By Henry
 CISCO CERTIFIED NETWORKING ASSSOCIATE

Telnet

access-switch1(config)# line vty 0 15

access-switch1(config-line)# password COMPARI7ECH

access-switch1(config-line)# login

access-switch1(config-line)# exit

access-switch1(config)#

Console

access-switch1(config)# line console 0

access-switch1(config-line)# password COMPARI7ECH 

access-switch1(config-line)# login

access-switch1(config-line)# exit

access-switch1(config)#

VLANs
Creating a VLAN and naming it.

Switch(config)#
Switch(config)#vlan 2
Switch(config-vlan)#name red
Switch(config-vlan)#exit

Switch(config)#vlan 3
Switch(config-vlan)#name blue
Switch(config-vlan)#exit

Switch(config)#vlan 4
Switch(config-vlan)#name green
Switch(config-vlan)#exit

By Henry
 CISCO CERTIFIED NETWORKING ASSSOCIATE

Assigning interfaces with vlan to the range of interfaces. Here, I am going configure Interfaces 1
to 3 to VLAN 2 so , we can  specify a range start to end that is going to be configured to a single
VLAN.

Switch(config)#interface range fastethernet0/1-3

Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 2
Switch(config-if-range)#exit

Switch(config)#
Switch(config)#interface range fastethernet0/4-6
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 3
Switch(config-if-range)#exit

Switch(config)#
Switch(config)#interface range fastethernet0/7-9
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 4
Switch(config-if-range)#exit

Or, we can configure each individual interfaces ie:

Switch(config)#
Switch(config)#interface fastethernet0/1
Switch(config-if-range)#switchport mode access
Switch(config-if-range)#switchport access vlan 2
Switch(config-if-range)#exit

After configuring VLAN and assigning ports to a Vlan, Only host in same Vlan can
communicate with each other, Host from different Vlan can't communicate each other.

To check VLAN configuration details, give this command in Privileged Mode. It will give the
configured VLAN information in Cisco Switch

Switch#show vlan brief

VLAN      Name        Status Ports

---- -------------------------------- --------- -------------------------------
1               default       active Fa0/10, Fa0/11, Fa0/12, Fa0/13

By Henry
 CISCO CERTIFIED NETWORKING ASSSOCIATE

                                    Fa0/14, Fa0/15, Fa0/16, Fa0/17

                                    Fa0/18, Fa0/19, Fa0/20, Fa0/21
                                    Fa0/22, Fa0/23, Fa0/24
2                  red          active Fa0/1, Fa0/2, Fa0/3
3                  blue        active Fa0/4, Fa0/5, Fa0/6
4                  green      active Fa0/7, Fa0/8, Fa0/9
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
Switch#
Switch#

OSPF

Open Shortest Path First(OSPF) is one of the dynamic routing protocols amongst others such
as  EIGRP, BGP and and RIP. It is perhaps one of the most popular link state routing
protocols. It is an open standard, so it can be run on routers from different vendors.

OSPF has a default administrative distance of 110. It uses cost  as the parameter for
determining route metric. It uses the multicast address of 224.0.0.5 and 224.0.0.6 for
communication between OSPF-enabled neighbors

OSPF routers store routing and topology information in three tables.:

 Neighbor table-which stores information about OSPF neighbors.

 Topology table-stores topology structure of the network.
 Routing table-stores the best routes

OSPF areas
An area is simply a logical grouping of adjacent networks and routers. All routers in the same
area have the same topology table and don’t know about routers in other areas. The main benefits
of using areas in an OSPF network are:

 Routing tables on the routers are reduced.

 Routing updates are reduced.

Each area in an OSPF network must be connected to the backbone area ( also known as area
0  ). All routers inside an area must have the same area ID .

By Henry
 CISCO CERTIFIED NETWORKING ASSSOCIATE

A router that has interfaces in more than one area (for example area 0 and area 1) is known as an
Area Border Router (ABR).  A router that connects an OSPF network to other routing networks
(for example, to an EIGRP network) is called an Autonomous System Border Router (ASBR).

Router 1
R1(config)#int fa 0/0
R1(config-if)#ip add 10.0.0.1 255.0.0.0
R1(config-if)#no shut
R1(config-if)#
R1(config-if)#int serial 0/0/0
R1(config-if)#ip add 20.0.0.1 255.0.0.0
R1(config-if)#no shut

Router 2
R2(config-if)#int fa0/0
R2(config-if)#ip add 30.0.0.1 255.0.0.0
R2(config-if)#no shut
R2(config-if)#
R2(config-if)#int serial0/0/0
R2(config-if)#ip address 20.0.0.2 255.0.0.0
R2(config-if)#no shut

By Henry
 CISCO CERTIFIED NETWORKING ASSSOCIATE

Router 1
R1(config)#
R1(config)#router ospf 1
R1(config-router)#network 10.0.0.0  0.255.255.255  area 0
R1(config-router)#network 20.0.0.0  0.255.255.255  area 0

Router 2
R2(config)#
R2(config)#router ospf  2
R2(config-router)#network 20.0.0.0  0.255.255.255 area 0
R2(config-router)#network 30.0.0.0  0.255.255.255 area 0

Verify OSPF configuration

First, let’s verify that the routers have established a neighbor relationship by typing the show ip
ospf neighbor command on R1:

Verify that R1 has learnt the route to 30.0.0.0/8 network, we’ll use show ip route ospf command
on R1:

By Henry
 CISCO CERTIFIED NETWORKING ASSSOCIATE

IP telephony basic configuration

Assign IP address to the router

RouterA>enable
RouterA#configure terminal
RouterA(config)#interface FastEthernet0/0
RouterA(config-if)#ip address 192.168.10.1 255.255.255.0
RouterA(config-if)#no shutdown

RouterA(config)#ip dhcp pool VOICE

RouterA(dhcp-config)#network 192.168.10.0 255.255.255.0
RouterA(dhcp-config)#default-router 192.168.10.1
RouterA(dhcp-config)#option 150 ip 192.168.10.1

Configure the Call Manager Express telephony service on RouterA

RouterA(config)#telephony-service
RouterA(config-telephony)#max-dn 5 (Define the maximum number of directory numbers)

By Henry
 CISCO CERTIFIED NETWORKING ASSSOCIATE

RouterA(config-telephony)#max-ephones 5 (Define the maximum number of phones)

RouterA(config-telephony)#ip source-address 192.168.10.1 port 2000 (IP Address source)
RouterA(config-telephony)#auto assign 4 to 6
RouterA(config-telephony)#auto assign 1 to 5 (Automatically assigning ext numbers to buttons)

Configure a voice vlan on SwitchA

SwitchA(config)#interface range fa0/1 – 5 (Configure interface range)
SwitchA(config-if-range)#switchport mode access
SwitchA(config-if-range)#switchport voice vlan 1 (Define the VLAN on which voice packets
will be handled)

Configure the phone directory for IP Phone 1

RouterA(config)#ephone-dn 1 (Defining the first directory entry)
number 54001 (Assign the phone number to this entry)
RouterA(config)#ephone-dn 2 (Defining the first directory entry)
number 4444 (Assign the phone number to this entry)
RouterA(config)#ephone-dn 3 (Defining the first directory entry)
number 3455 (Assign the phone number to this entry)

Turn on the IP Phones and give them time to pick the default gateway and the assigned
extension numbers.

Disabling Unused Ports

For a router basic security configuration, the first step is shutdowning all the unused ports. If
you are using a port, it needs to be up. But if you don’t use any ports, then always disable
(administratively down) these unused ports.
Shutdowning, in other words, disabling a port is very easy. You can do it with “shutdown”
command under that interface.

By Henry
 CISCO CERTIFIED NETWORKING ASSSOCIATE

Router(config)# interface fastethernet 0/0

Router(config-if)# shutdown

Enable and Enable Secret Passwords

The second important router security step is passwords. You should use passwords on your
router.
Here, there are two passwords: Enable and enable secret password.
Enable password stores the password in clear text format. So, it is easy to see it. But, enable
secret password stores password in encrypted mode. So, it is more secure.
To encrypt all passwords in a router/switch, you can use “service pasword-encryption”
command.
Let’s see how to configure this passwords on a router.
Router(config)# enable password 12345
Router(config)# enable secret 12345
Router(config)# service password-encryption

Switch Port Security

Switch(config)#interface fa0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport port-security
Switch(config-if)#switchport port-security mac-address sticky
Switch(config-if)#switchport port-security violation shutdown
Switch(config-if)#switchport port-security maximum 1

By Henry
 CISCO CERTIFIED NETWORKING ASSSOCIATE

 Defining the action that the switch will take when a frame from an unauthorized device is
received. This is done using the switchport port-security violation {protect | restrict |
shutdown} interface command. All three options discard the traffic from the
unauthorized device.
 Defining the maximum number of MAC addresses that can be received on the port using
the switchport port-security maximum NUMBER interface sub mode command
Let’s add the above 2 commands to our configuration:
Switch(config-if)#switchport port-security violation shutdown
Switch(config-if)#switchport port-security maximum 1

To verify if the switch has learnt the MAC address of PC1, you can use the command:
show port-security interface fa0/1
show port-security address

Saving running configuration in cisco router

Router keeps configuration in RAM. All settings that we have made in this article will erase once
the router reboot. To preserve this configuration after reboot we must have to save this.
Following command will save running configuration in NVRAM.

Lab1# copy running-config startup-config

Destination filename (startup-config)?
Building configuration…..
(ok)
Erasing configuration in cisco router

Lab1# erase startup-config

Erasing the nvram file system will remove all configuration files!

Firm)

(Ok)

By Henry
 CISCO CERTIFIED NETWORKING ASSSOCIATE

Rj45 color code

1. White orange
2. Orange
3. White green
4. Blue
5. White blue
6. Green
7. White brown
8. Brown

By Henry