Les commandes

1/La config de base

enable
configure terminal
    hostname R1
    no ip domain-lookup
    security password min-length 10
    enable secret class
    line con 0
        password cisco
        exec-timeout 50
        login
        logging synchronous
        exit
    line vty 0 15
        password cisco
        exec-timeout 50
        login
        exit
    service password-encryption
    banner motd #Unauthorized Access is prohibited!#
    int g0/0
        description Connection to R2
        ip address 192.168.0.1 255.255.255.0
        no shutdown
        speed auto
        duplex auto
        exit
    exit
clock set 17:00:00 18 Feb 2018
copy running-config startup-config

2/SSH

configure terminal
	security-password min-length 10
	login block-for 60 attempts 5 within 60
	username Admin privilege 15 secret AdminPass
	ip domain-name CCNA-lab.com
	crypto key generate rsa general-key modulus 1024
	ip ssh version 2
	line con 0
		login local
		no password
		exec-timeout 10
		transport preferred ssh
		exit		
	line vty 0 4
		login local
		no password
		exec-timeout 5
		transport input ssh
		exit
	show ip ssh
	ip ssh timeout 75
	ip ssh authentication-retries 2

3/HTTP Server

configure terminal
	ip http server
	username webuser privilege 15 secret webpass
	ip http authentication local

4/IPv6

configure terminal
	interface g0/0
		ipv6 address 2001:db8:acad:a::1/64 (eui-64)
		ipv6 address FE80::1 link-local
		no shutdown
		exit
	ipv6 unicast-routing
	exit

5/Clock Rate

sur l’interface DCE

configure terminal
	interface s0/0/0
		ip address 10.1.1.2 255.255.255.252
		clock rate 128000
		no shutdown
		exit

6/Port Security

configure terminal
	interface s0/0/1
		shutdown
		exit
	interface range f0/1 - 8
		shutdown
		exit
	show ip interface brief
	no ip http server
	show ip http server status
	interface f0/5
		shutdown
		switchport port-security
		switchport port-security mac-address (sticky) xxxx.xxxx.xxxx
		switchport port-security maximum 10
		switchport port-security violation {protect | restrict | shutdown}
		show interfaces
		exit
	interface f0/5
		shutdown
		no shutdown
		exit
	show port-security
	show port-security address

7/Routes Statiques

configure terminal
	ip route 192.168.10.0 255.255.255.0 {192.168.1.2(recursive) &| g0/1(Directly-connected)}
	ip route 0.0.0.0 0.0.0.0 s0/0/1
	ipv6 route 2001:db8:acad:a::/64 {FC00::2(recursive) | g0/0(Directly-connected)}
	ipv6 route ::/0 S0/0/1

8/Rip V2

configure terminal
	router rip
		version 2
		passive-interface g0/1
		network 172.30.0.0
		network 10.0.0.0
		no auto-summary
		default-information originate
		clear ip route *
		debug ip rip
		show ip route
		show ip protocols
	exit

9/Vlan

configure terminal
	vlan 99
		name Management
	interface vlan99
		ip address 192.168.1.2 255.255.255.0
		no shutdown
		exit
	interface range f0/1 - 24, g0/1 - 2
		switchport mode access
		switchport access vlan99
		exit
	show vlan brief
	ip default-gateway 192.168.1.1
	show vlan <name>
	show vlan <id>
	ip routing (sur les switches Layer 3)

10/Mac Address Table

configure terminal
	mac address-table static 0050.56BE.6C89 vlan 99 interface f0/6
	show mac address table (dynamic)(xxxx.xxxx.xxxx)
	clear mac address table (dynamic)

11/Trunk

configure terminal
	interface f0/6
		switchport mode trunk
		switchport trunk native vlan
		switchport trunk allowed vlan
		end
	show interface f0/6 switchport
	show switchport trunk native vlan
	
	interface f0/1
		switchport mode dynamic desirable

12/Router-on-a-Stick

configure terminal
	interface g0/0.10
		encapsulation dot1q 10
		ip address 172.17.10.1 255.255.255.0
		exit
	interface g0/0.30
		encapsulation dot1q 30
		ip address 172.17.30.1 255.255.255.0
		exit
	interface g0/0
		no shutdown (ou no shutdown sur chaque sous-interface)
		exit
	show vlan
	show ip route

13/ACL

configure terminal
	access-list 1 remark Allow R1 Lan Access
	access-list 1 permit 192.168.10.0 0.0.0.255
	access-list 1 permit 192.168.30.0 0.0.0.255
	access-list 1 deny any
	
	interface g0/1
		ip access-group 1 out
		show access-list 1
		show ip interface
		show access-lists
		exit
	
	ip access-list standard Branch-Office
		permit host 192.168.20.3
		permit 192.168.40.0 0.0.0.255
		end
	interface g0/1
		ip access-group Branch-Office out
		exit
		
	ip access-list Branch-Office
		30 permit 209.165.200.224 0.0.0.31
		40 deny any
		end
	ip interface g0/1
		ip access-group Branch-Office out
		exit
	
	show ip access-lists
	
Sur les lines VTY, c'est "access-class" !

14/DHCP

IPv4

1/ Configurer un routeur comme serveur DHCP:

configure terminal
	ip dhcp excluded-address 192.168.0.1 192.168.0.9
	ip dhcp excluded-address 192.168.1.1 192.168.1.9
	ip dhcp pool R1G1
		network 192.168.1.0 25.255.255.0
		default-router 192.168.1.1
		dns-server 209.165.200.225
		domain-name ccna-lab.com
		lease 2
		exit
	ip dhcp pool R1G0
		network 192.168.0.0 255.255.255.0
		default-router 192.168.0.1
		dns-server 209.165.200.225
		domain-name ccna-lab.com
		lease 2
		exit
	show ip dhcp {binding | pool | server statistics}
	debug ip dhcp server event
	undebug all
	no service dhcp

2/ Configurer un routeur comme client DHCP:

configure terminal
	interface g0/1
		ip address dhcp
		no shutdown
		end
	show ip dhcp conflict

3/ Configurer un routeur comme relay DHCP:

configure terminal
	interface g0/0
		ip helper-address 192.168.2.254
		exit
	interface g0/1
		ip helper-address 192.168.2.254
		exit

IPv6

Rappel:
-Adresse link-local de tous les routeurs ipv6: FE02::2
-Adresse link-local de tous les noeuds ipv6: FE02::1

1/ Configurer un routeur comme server DHCPv6 Stateless:

configure terminal
	ipv6 unicast-routing
	ipv6 dhcp pool POOLv6
		dns-server <address>
		ipv6 dhcp server POOLv6
		ipv6 nd managed-config-flag
		exit

2/ Configurer un routeur comme client DHCPv6 Stateless:

configure terminal
	interface g0/0
		ipv6 enable
		ipv6 address autoconfig

3/ Configurer un routeur comme server DHCPv6 Statefull:

configure terminal
	ipv6 unicast-routing
	ipv6 dhcp pool POOLv6
		address 2001:db8:acad:1::/64
		lifetime infinite
		dns-server <address>
 ipv6 dhcp server POOLv6
 ipv6 nd managed-config-flag
 exit

4/ Configurer un routeur comme client DHCPv6 Statefull:

configure terminal
	interface g0/1
		ipv6 enable
		ipv6 address dhcp

	show ipv6 dhccppool
	show ipv6 interfaces
	debug ipv6 dhcp detail
	show ipv6 dhcp binding

5/Configurer un routeur comme relay DHCPv6:

configure terminal
	interface g0/1
		ipv6 dhcp relay destination <address>
		end
 

15/NAT-PAT

 

NAT Statique:

configure terminal
	ip nat inside source static 192.168.1.20 209.165.200.225
	interface g0/1
		ip nat inside
		exit
	interface s0/0/1
		ip nat outside
		exit
	show ip nat translations
	
	clear ip nat translation *
	clear ip nat statistics

Nat Dynamique (et PAT si « overload »):

configure terminal
	access-list 1 permit 192.168.0.1 0.0.0.255
	ip nat pool ACCESS 209.165.200.242 209.165.200.254 netmask 255.255.255.224
	ip nat inside source list 1 pool ACCESS (overload)

16/CDP & LLDP

 

CDP

show cdp
(no) cdp run
	end
show cdp interfaces
show cdp neighbors (detail)
no cdp enable (sur un routeur de bordure)
	end

LLDP

show lldp
lldp run
show lldp neighbors (detail)

17/Syslog

E-A-C-E-W-N-I-D

d’abord:

show running-config | include timestamp

Si timestamp n’est pas actif:

configure terminal
	service timestamp log dateline mse

ensuite:

configure terminal
	logging host 172.16.2.3
	(show logging)
	(logging trap ?)
	logging trap {4 | warnings}

18/NTP

 

show clock
clock set 17:00:00 18 Feb 2018

Master

configure terminal
	ntp master 5

Client

configure terminal
	ntp server 10.1.1.1
	ntp update-calendar
	
	show ntp associations

19/Récupération du mot de passe

1/Débrancher l’appareil

2/Au cours du reboot, coupure franche (Alt+B sous TeraTerm)

puis:

	confreg 0x2142
	reset

3/Après reboot:

	copy startup-config running-config
	no password
	no secret
	config-register 0x2102
	copy running-config startup-config
	reload