• enable - logs into enable mode
• configure terminal - logs into configuration mode
• exit - drops down one level
• no - usually used to reverse an action, eg no shutdown
• <up-arrow> - displays last entered commands
• ? - shows all the options that can be used in the current mode
• <tab> - autocomplete
• interface <name> - enters the configuration of that interface
• interface range <range> - enters the configuration of a range of interfaces
• copy running-config startup-config or copy run start - saves running configuration
• show mac address-table
• enable secret <password> - sets a required password when going into priviledged mode
• show int <interface> - can be used to display the MAC address of the specified virtual interface.
• shutdown - disables ports from being used, shuts them down, can be done on a range of ports.

1. switch(config)# interface vlan1
2. switch(config-if)# ip address <ip-address> <subnet-mask>
3. switch(config-if)# ip default-gateway <gateway-ip-address>
4. switch(config-if)# no shutdown

• ip route <remote-network-ip> <subnet-mask> <next-hop-ip>

• ip routing - enables routing
• interface vlan <name> - creates virtual interfaces
• ip route 0.0.0.0 0.0.0.0 <next-hop-ip> - sets default route on a router

• ip dhcp pool <name> - creates DHCP pool
• network <network> <subnet>
• default-router <router-address>
• lease 0 4 - sets lease time to 0 days and 4 hours

• router ospf <number>
• Use network <network-address> <wildcard-subnet> area 0 to tell other routers on OSPF network that this router borders the listed one.

• show flash - view files stored in the flash
• copy flash tftp - follow prompts to send the file to a server
• When in ROMMON mode, you can use ? to view options.
• After setting the tftpdnld variables in ROMMON mode, enter tftpdnld
  • Variables include: IP_ADDRESS, IP_SUBNET_MASK, DEFAULT_GATEWAY, TFTP_SERVER, TFTP_FILE
• Once the file is copied, we can reset and we should be in IOS.
• boot system flash:<name-of-ios-file>

Two Types of ACLs:

• Standard:

  • Apply to source IP address or Network Only.

  • Work at Layer 3

  • ip access-list standard <name-of-list>

• Extended:

  • Apply to source and destination IP address and/or network

  • Can also create rule for TCP Ports

  • Work at Layer 3 and 4

  • ip access-list extended name-of-list + permit/deny protocol <source-ip> <wc-mask> <dst-ip> <wc-mask> (port)

• Apply to Interface with interface fa ... + ip access-group <name-of-list> in/out

• router bgp <as-number>
• neighbor <network-relationship-ip> remote-as <as-number>
• network <network-addr> mask <subnet-mask> - advertise neighbors

• ip dhcp snooping - turn on DHCP snooping
• ip dhcp snooping vlan <name> - enable's snooping on any VLANs that use DHCP
• interface f/a ... + ip dhcp snooping trust - set the interface that faces the DHCP server as Trusted

• snmp-server community <string> ro
• snmp-server community <string> rw
• Utilizing the MIB Browser on the SNMP Management device, we can browse through the tree in order to find the setting that we want, then use GET/SET in order to view/modify that setting.

no logging console
service timestamps log datetime msec
service timestamps debug datetime msec
logging userinfo
logging trap debugging
logging <ip-address-server>
logging on

Data should then be populating within the SYSLOG server.

Tech Journal 3 Ends Here

• ip domain-lookup
• ip domain-name <domain>
• ip name-server <ip-address>
• username <user> privilege 15 password 0 <password> - sets a username/password for remote connections
• crypto key generate rsa - generates an RSA key for SSH connections
• telnet <switch-ip> - used for telnet connections (must do previous above commands)
• ssh -l <username> <switch-ip> - used for SSH connections (must do previous above commands)

1. Hold the mode button until the switch begins to reset. From there you will get a message stating:

The system has been interrupted prior to initializing the
flash filesystem.  The following commands will initialize
the flash filesystem, and finish loading the operating
system software:
flash_init
load_helper
boot
switch:

1. This means you are in recovery mode, from here you will need to flash the switch so you can use the configuration files. Use flash_init to do this.
2. From here, we will delete the configuration files so that it must restart with default commands.
   • del flash:config.txt
   • del flash:vlan.dat
   • boot
3. Switch should then boot to it's factory settings.

1. Similar to resetting switch, enter recovery mode.
2. This time, we do not want to delete the configuration files. Instead, rename config.txt with:
   • rename flash:config.txt flash:config.old
3. We should now be able to access the switch after booting, but have no configuration loaded.
4. In order to load the configuration, we will rename the configuration back to the old configuration.
   • rename flash:config.old flash:config.txt
   • copy flash:config.txt system:running:config
5. We can now overwrite current unknown passwords using:
   • enable secret <password> for existing secret password
   • line con 0 + password <password> for existing console password

• vlan <number> - sets the VLAN number
• (config-vlan)# name <name>
• switchport mode access - sets port to access, used for end device to end device
• switchport mode trunk - sets port to trunk, used for connecting networking devices
  • switchport trunk allowed vlan all - allow all defined vlan on that switch over the trunk
• show vlan brief - shows vlan port assignments

Switch to switch prots should be set as trunk ports, all else should remain access ports.

1. vtp mode client
2. vtp domain <domain-name>
3. vtp password <password>

1. vtp mode server
2. vtp domain <domain-name>
3. vtp password <password>

1. Enter interface configuration using interface <name>
2. switchport port-security
3. switchport port-security mac-address sticky
4. switchport mode access
5. switchport port-security maximum 10 - maximum allow MAC addresses
6. switchport port-security vio shut - shuts down the port on violation

• show spanning tree - show's spanning tree information
• show spanning-tree detail - more detailed spanning tree information (root bridge can be found this way)
• spanning-tree vlan <vlan-#> priority <low-number> - set root bridge
• spanning-tree vlan <vlan-#> root secondary - set secondary root bridge
• interface range fastEthernet <port-ranges> + spanning-tree portfast - set up PortFast on a switch

• Simulation mode can be triggered in the bottom right corner, the filters can be adjusted to display only the packets that you wish to see displayed within the model.

This program can be used to connect to switches through a console connection.

1. From command terminal on workstation, type sudo minicom -s. This will allow you to set the terminal settings to connect to the Cisco switch.
2. Press "A" to setup which serial port to use. For our systems, it should be /dev/ttyUSB0.
3. Press "E" to change Baud Rate to 9600.
4. Escape back and press F to turn off the Hardware Flow Control.
5. Select Save Setup to DFL
6. Select Exit - this will take you to the normal minicom session and you should be connected to the switch.