Commandes

Router# dir WORD flash: nvram: delete WORD flash: erase startup-config reload vlan database Router# show interfaces Ethernet, Fast, ... etc ... switchport trunk Vlan <1-1005> port-security ????? interface ... etc ... running-config startup-config ip interface brief Router/configure + terminal boot system WORD flash WORD mac-address-table static H.H.H interface ... etc ... vlan ... etc ... interface Vlan <1-1005> Router/configure interface .../... ip address A.B.C.D A.B.C.D dhcp duplex auto / full / half speed 10 / 100 / auto config-subif encapsulation dot1Q <1-1005> native ip Catalyst Vlans Vlan interface number Directory or file name Directory or file name Directory or file name

1 / 11

File to be deleted File to be deleted (fort ex: vlan.dat) Erase contents of configuration memory Configure VLAN database

Interface status and configuration Ethernet IEEE 802.3, etc ... Show interface switchport information Show interface trunk information Catalyst Vlans Vlan interface number Current operating configuration Contents of startup configuration IP information IP interface status and configuration Brief summary of IP ... Enter config. mode + terminal l. param. System image file TFTP filename or URL Boot from flash memory System image filename Configure a static 802.1d static address 48-bit hardware address Configure output interfaces vlan number

Interface Int. Prot. config commands Set the IP address of an interface IP address & IP subnet mask IP Address negotiated via DHCP Enable auto/full/half-duplex config ... Force 10/100/auto Mbps operation Set encapsulation type for an interface IEEE 802.1Q Virtual LAN IEEE 802.1Q VLAN ID Make this as native vlan Interface I... Protocol config commands

Commandes
Switch# show vtp counters password VTP status spanning-tree active vlan WORD Switch/configure terminal vlan <1-1005> name no vlan vtp domain WORD mode client server transparent password WORD version <1-2> Switch# configure terminal spanning-tree mode pvst rapid-pvst portfast default vlan WORD priority <0-61440> root primary secondary Switch/configure terminal/interface ../... spanning-tree bpduguard guard link-type point-to-point shared portfast disable trunk vlan WORD port-priority <0-240>

2 / 11

VTP information VTP statistics password VTP domain status Spanning tree topology Report on active interfaces only VLAN Switch Spanning Trees vlan range, example: 1,3-5,7,9-11 Enter config. mode from the terminal Vlan commands ISL VLAN IDs 1-1005 Ascii name of the VLAN Negate a vlan Configure global VTP state Set the name of the VTP ... domain The ascii name for the VTP ... domain. Configure VTP device mode Set the device to client mode. Set the device to server mode. Set the device to transparent mode. Set the password for the VTP ... The ... password for the VTP ... domain Set the adminstrative domain to VTP ... Set the ... VTP version number

Enter config. mode from the terminal Spanning Tree Subsystem Spanning tree operating mode Per-Vlan spanning tree mode Per-Vlan rapid spanning tree mode Spanning tree portfast options Enable portfast ... on all access ports VLAN Switch Spanning Tree vlan range, example: 1,3-5,7,9-11 Set the bridge priority ... bridge priority in increments of 4096 Configure switch as root Configure this switch as primary root ... Configure switch as secondary root Select an interface to configure Spanning Tree Subsystem Don't accept BPDUs on this interface Change an interface's spt... tree guard ... Specify a link type ... spt... protocol use Consider the interface as point-to-point Consider the interface as shared Enable ... directly ... on link up Disable portfast for this interface Enable portfast ... even in trunk mode VLAN Switch Spanning Tree vlan range, example: 1,3-5,7,9-11 Change ... port priority port priority in increments of 16

Commandes
Switch/configure terminal/interface ../... Vlan <1-1005> ip

3 / 11
Select an interface to configure Catalyst Vlans Vlan interface number Interface Int. Prot. config commands address ... etc ... Set the IP address/mask of an interface dhcp IP Address negotiated via DHCP switchport Set switching mode characteristics mode Set trunking mode of the interface access Set trunking mode to ACCESS ... dynamic Set trunking mode to dynamically ... trunk Set trunking mode to TRUNK ... access Set access mode characteristics ... vlan Set VLAN ... <1-1005> VLAN ID ... trunk Set trunking characteristics ... allowed Set allowed VLAN characteristics ... vlan Set allowed VLANs ... WORD VLAN IDs add ... etc ... add VLANs to the current list all all VLANs except.. etc ...all VLANs except the following none no VLANs remove etc... remove VLANs from the current list native Set trunking native characteristics ... vlan Set native VLAN ... <1-1005> VLAN ID ... port-security Security related command mac-address Secure mac address H.H.H 48 bit mac address sticky Configure ... as sticky maximum Max secure addresses <1-132> Maximum addresses violation Security violation mode protect Security violation protect mode restrict Security violation restrict mode shutdown Security violation shutdown mode <cr> ???????????? nonegotiate Device will not engage in negotiation ... priority Set appliance 802.1p priority voice Voice appliance attributes

Commandes inconnues ????? Spanning-tree cost xx no spanning-tree cost Spanning-tree vlan x root primary diamter y

En mode config d'interface

Attribution d'un coût spt (entre 1 et 200,000,000) Attribution du coût spt par défaut Config minuteurs de switch (ne pas modifier les minuteurs mais le diamètre) Désactivation des protocoles STP détectés

En mode config générale

clear spanning-tree detected-protocols

En mode de confi d'interface

Commandes

4 / 11

Etapes: 1. Concevoir et documenter un diagramme d’adressage distance – services divers )

2. Configurer et vérifier les configurations de base des périphériques (nom – sécurité accès privilégié , accès à 3. Configurer le protocole VTP (client – serveur – domaine – mot de passe)
4. Configurer l’agrégation et le vlan natif

5. Configurer des réseaux locaux virtuels avec vtp (client – serveur – domaine – mot de passe)
6. Affecter des réseaux locaux virtuels aux ports

7. Configurer le protocole STP ( priorités des bridge) 8. Configurer des PC hôtes (ip – msq - passerelle)

Commandes

5 / 11

Router(config)#router ?
eigrp Enhanced Interior Gateway Routing Protocol (EIGRP) ospf Open Shortest Path First (OSPF) rip Routing Information Protocol (RIP)

Router(config)#router rip
Router(config-router) > auto-summary > default-information originate > distance <1-255> > exit mode > network A.B.C.D > no > passive-interface Ethernet ... FastEthernet ... GigabitEthernet ... Loopback .... Serial .... Vlan .... default ..... interfaces > redistribute protocol connected eigrp <1-65535> metric <0-16> transparent ospf <1-65535> ... match ... external ... internal ... nssa-external ... metric ... rip metric <0-16> transparent static metric <0-16> transparent > timers basic <0-4294967295> <1-4294967295> <0-4294967295> <1-4294967295> > version <1-2> Enter Address Family command mode Control distribution of default information Distribute a default route Define an administrative distance Administrative distance Exit from routing protocol configuration Enable routing on an IP network Network number Negate a command or set its defaults Suppress routing updates on an interface IEEE 802.3 FastEthernet IEEE 802.3 GigabitEthernet IEEE 802.3z Loopback interface Serial Vlan interface Suppress routing updates on all Redistribute info from another routing Connected Enhanced Interior Gateway Routing Protocol Autonomous system number Metric for redistributed routes Default metric Transparently redistribute metric Open Shortest Path First (OSPF) Process ID Redistribution of OSPF routes Redistribute OSPF external routes Redistribute OSPF internal routes Redistribute OSPF NSSA external routes Metric for redistributed routes Routing Information Protocol (RIP) Metric for redistributed routes Default metric Transparently redistribute metric Static routes Metric for redistributed routes Default metric Transparently redistribute metric Adjust routing timers Basic routing protocol update timers Interval between updates Invalid Holddown Flush Set routing protocol version version

Commandes

6 / 11

Router(config)#router ospf ?
<1-65535> Router(config-router) ? > area ... > default-information originate > distance <1-255> > exit > log-adjacency-changes detail > network A.B.C.D A.B.C.D area <0-4294967295> A.B.C.D > no > passive-interface Ethernet FastEthernet .... GigabitEthernet ... Loopback ... Serial ... Vlan ... default .... interfaces > redistribute protocol connected eigrp ... metric ... ospf ... rip .... static ... > router-id A.B.C.D Process ID OSPF area parameters Control distribution of default information Distribute a default route Define an administrative distance Administrative distance Exit from routing protocol configuration mode Log changes in adjacency state Log all state changes Enable routing on an IP network Network number OSPF wild card bits Set the OSPF area ID OSPF area ID as a decimal value OSPF area ID in IP address format Negate a command or set its defaults Suppress routing updates on an interface IEEE 802.3 FastEthternet IEEE 802.3 GigabitEthernet IEEE 802.3 Loopback interface Serial Vlan interface Suppress routing updates on all Redistribute info from another routing Connected Enhanced Interior Gateway Routing Protocol Metric for redistributed routes Open Shortest Path First (OSPF) Routing Information Protocol (RIP) Static routes router-id for this OSPF process OSPF router-id in IP address format

Commandes

7 / 11

Router(config)#router eigrp ?
<1-65535> Router(config-router) ? > auto-summary summarization > distance eigrp <1-255> <1-255> > exit > metric weights <0-8> supported) <0-256> > network A.B.C.D A.B.C.D > no > passive-interface interface Ethernet FastEthernet .... GigabitEthernet ... Loopback ... Serial ... Vlan ... default .... interfaces > redistribute protocol connected eigrp ... metric ... ospf ... rip .... static ... > variance <1-128> Autonomous system number Enable auto. network number Define an administrative distance IP-EIGRP distance Distance for internal routes Distance for external routes Exit from routing protocol configuration mode Modify IGRP routing metrics and parameters Modify IGRP coefficients Type Of Service (Only TOS 0 K1 ... K2 .... K3 .... K4 .... K5 Enable routing on an IP network Network number EIGRP wild card bits Negate a command or set its defaults Suppress routing updates on an IEEE 802.3 FastEthternet IEEE 802.3 GigabitEthernet IEEE 802.3 Loopback interface Serial Vlan interface Suppress routing updates on all Redistribute info from another routing Connected Enhanced Interior Gateway Routing Protocol Metric for redistributed routes Open Shortest Path First (OSPF) Routing Information Protocol (RIP) Static routes Control load balancing variance Metric variance Multiplier

Commandes

8 / 11

Encapsulation
Router(config)# username xxxx

password etc... (sub)interface serial xx/xx(.yyy) multipoint point-to-point bandwidth parameter Router(config-if)# encapsulation hdlc ppp method
(1)

User name Specify the password for the user Treat as a multipoint link Treat as a point-to-point link Set bandwidth informational

Serial HDLC synchronous authentication chap chap pap pap
(3 et 4 bis)

Point-to-Point protocol Set PPP link authentication Challenge Handshake Authentication

Protocol
(2)

pap chap

CHAP + Password Authentication Password Authentication Protocol PAP + Challenge Handshake Set PAP authentication Set outbound PAP username Outbound PAP username Set outbound PAP password Frame Relay networks Use RFC1490/RFC2427 encapsulation Define a DLCI on an Define a switched or locally terminated Use CISCO-ANSI-CCITT type LMI

Protocol
(3) (4)

Authentication Pro. parameters pap

sent-username Routerx password etc... frame-relay ietf frame-relay interface-dlci interface/subinterface <16-1007> DLCI lmi-type ansi cisco q933a map address ip xxx.xxx. ….. <16-1007> broadcast address cisco ietf Encapsulation

Map a protocol address to a DLCI Protocol specific address DLCI Broadcasts should be forwarded to this Use CISCO Encapsulation Use RFC1490/RFC2427

Router(config-if)#

Commandes

9 / 11

ppp quality percentage (optional) specifies the link quality … (range 1 to 100) ---------------------------------------------------------------------------------------------------------------------------------------------Router(config-if)# compress predictor (optional) using predictor compression algorithm stac (optional) using Stacker (LZS) compression algorithm

SHOW Router# show

interface

interfaces interfaces serial frame-relay lmi map pvc <16-1022> interface Serial xx/xx <16-1022> access-lists <1-199> WORD

… for all interfaces … about a serial interface show frame relay lmi statistics Frame-Relay map table show frame relay pvc statistics DLCI show frame relay information on one Serial DLCI List access lists ACL number ACL name

DEBUG -

UNDEBUG ppp packet negotiation error authentication compression cbcp frame-relay lmi debugs ppp

debug

Frame Relay LMI packet exchanges with service turns off all debugging displays Clear Frame Relay information Clear inverse ARP entries from

provider undebug all clear frame-relay inarp the map table SECURITY Router(config) service password-encryption enable password secret … etc … secret

Modify use of network based services Encrypt system passwords Modify enable password parameters Assign the privileged level password Assign the privileged level

Commandes
Router(config-line)# no password transport or input

10 / 11

no transport or output all none ssh telnet

Define transport protocols for line Define which … to use when ... All protocols No protocols TCP/IP SSH protocol TCP/IP Telnet protocol Set the EXEC timeout Timeout in minutes Timeout in seconds

exec-timeout <0-35791> <0-2147483>

ACCESS LIST Router(config)# username xxxx

password

etc...

User name Specify the password for the user

Router(config)# access-list ou no access-list <1-99> <100-199> permit deny ip tcp eigrp ospf host xxx... yyy ... any host xxx... yyy ... any eq gt lt neq range <0-65535> ftp pop3 smtp telnet www remark R2(config)# ip access-list standard or extended <1-99> WORD

Add (or delete) an access list entry IP standard access list IP extended access list Specify packets to forward Specify packets to reject Any Internet Protocol (icmp / tcp / udp) Transmission Control Protocol Cisco's EIGRP routing protocol OSPF routing protocol A single source host Source address & Wildcard bits Any source host A single destination host Destination address & Wildcard bits Any destination host Match only packets on a given port number Match only packets with a greater port number Match only packets with a lower port number Match only packets not on a given port number Match only packets in the range of port numbers Port number File Transfer Protocol (21) Post Office Protocol v3 (110) Simple Mail Transport Protocol (25) Telnet (23) World Wide Web (HTTP, 80) Access list entry comment Named access-list Standard or Extended Access List Standard IP access-list number Access-list name

Commandes
Router(config-if)# ip access-group <1-199> WORD in out Router(config-line)# access-class <1-199> WORD in out

11 / 11

Specify access control for packets IP access list (standard or extended) Access-list name inbound packets outbound packets

Filter connections based on an IP access list IP access list Access-list name Filter incoming connections Filter outgoing connections

logging console

Modify message logging facilities Set console logging parameters