NGx4MaBdNGt5MGNaLGp8LWp8NSMkyCYhADAsx6J=
MASIGNCLEANLITE103

Cisco CCNA Cheat Sheet


Friday, July 6, 2018
NAMORZ - Jika sobat sudah kenal dengan Cisco, berarti mungkin sobat juga pasti kenal dengan CCNA.Yup, CCNA atau (Cisco Certified Network Associate) adalah sertifikasi yang populer di kompetensi IT dalam teknologi jaringan komputer yang dikembangkan oleh Cisco Systems. Cisco menciptakan CCNA untuk mengenali kompetensi dasar dalam instalasi dan dukungan dari jaringan berskala menengah.Nah, dan dalam kesempatan kali ini Admin akan share Cisco CCNA Cheat Sheet yang Admin kutip atau nyontek dari Nixtrain.Oh iya sebelum mulai, Admin ingin menjelaskan bahwa jika sobat ketemu tanda !, itu artinya merupakan penjelasan dari Syntax tersebut.Oke, langsung simak aja sob!

Router Modes

  • Router> User mode
  • Router# Privileged mode (exec-level mode)
  • Router(config)# global configuration mode
  • Router(config-if)# interface mode
  • Router(config-subif)# subinterface mode
  • Router(config-line)# line mode
  • Router(config-router)# router configuration mode
Changing Switch Hostname
  • Router(config)# hostname SW1
Configuring Passwords
  • SW1(config)# enable secret cisco 
  • ! MD5 hash
  • SW1(config)# enable password notcisco 
  • ! Clear text
Securing Console Port
  • SW1(config)# line con 0
  • SW1(config-line)# password cisco
  • SW1(config-line)# login
Securing Terminal Lines
  • SW1(config)# line vty 0 4 
  • SW1(config-line)# password cisco
  • SW1(config-line)# login
Encrypting Passwords
  • SW1(config)# service password-encryption
Configuring Banners
  • SW1(config)# banner motd $
  • ===================================
  • UNAUTHORIZED ACCESS IS PROHIBITED
  • ===================================
  • $
Giving The Switch an IP Address
  • SW1(config)# interface vlan 1
  • SW1(config-if)# ip address 172.16.1.11 255.255.255.0 
  • ! or DHCP
  • SW1(config-if)# no shutdown
Setting The Default Gateway
  • SW1(config)# ip default -gateway 172.16.1.1
Saving Configuration
  • SW1# copy running-config startup-config 
  • ! Short for write memory
  • SW1# write memory
Working Environment
  • SW1(config)# no ip domain-lookup
  • SW1(config)# line vty 0 4
  • SW1(config-line)# history size 15
  • SW1(config-line)# exec-timeout 10 30
  • SW1(config-line)# logging synchronous
Configuring Switch to Use SSH
  • SW1(config)# ip domain-name example.com
  • SW1(config)# username admin password cisco
  • SW1(config)# crypto key generate rsa
  • How many bits in the modulus [512] : 1024
  • SW1(config)# line vty 0 4
  • SW1(config-line)# login local
  • ! You can set vty lines to use only telnet or only ssh or both as in the example.
  • SW1(config-line)# transport input telnet ssh
Aliases
  • SW1(config)# alias exec c configure terminal
  • SW1(config)# alias exec s show ip interface brief
  • SW1(config)# alias exec sr show running-config
Description, Speed and Duplex
  • SW1(config)# interface fastEthernet 0/1
  • SW1(config-if)# description LINK TO INTERNET ROUTER
  • SW1(config-if)# speed 100
  • ! Options : 10,100, auto
  • ! The range keyword used to set a group of interfaces at once
  • SW1(config)# interface range fastEthernet 0/5-10
  • SW1(config-if-range)# duplex full (options: half, full, auto)
Verify Basic Configuration
  • SW1 # show version
  • SW1 # show running-config
  • SW1 # show startup-config
  • SW1 # show history
  • SW1 # show ip interface brief
  • SW1 # show interface vlan 1
  • SW1 # show interfaces description
  • SW1 # show interfaces status
  • SW1 # show crypto key mypubkey rsa
  • SW1 # show dhcp lease
Configuring Port Security
  • SW1(config-if)# switchport mode access
  • SW1(config-if)# switchport port-security
  • SW1(config-if)# switchport port-security maximum 1
  • SW1(config-if)# switchport port-security violation shutdown
  • ! Options: shutdown, protect, restrict
  • SW1(config-if)# switchport port-security mac-address 68b5.9965.1195
  • ! Options: H.H.H, sticky
Verify and Troubleshoot Port Security
  • SW1# show mac-address-table
  • SW1# show port-security
  • SW1# show port-security interface fa0/5
Configuring VLAN
  • SW1(config)# vlan 10
  • SW1(config-vlan)# name SALES
  • SW1(config)# interface fa0/5
  • SW1(config-if)# switchport mode access
  • SW1(config-if)# switchport access vlan 10
Configuring an Auxiliary VLAN for Cisco IP Phones
  • SW1(config)# interface fastEthernet 0/5
  • ! Accessing vlan 10 (data) and 12 (VoIP)
  • SW1(config-if)# switchport access vlan 10
  • SW1(config-if)# switchport voice vlan 12
Configuring Trunk
  • SW1(config)# interface fastEthernet 0/1
  • SW1(config-if)# switchport mode trunk
  • ! Options: access, trunk, dynamic, auto, dynamic desirable
  • SW1(config-if)# switchport trunk allowed vlan add 10
  • ! Options: add,remove, all, except
Securing VLANs and Trunking
  • SW1(config-if)# shutdown
  • SW1(config-if)# nonegotiate
  • ! or hardcode the port as an access port
  • SW1(config-if)# switchport mode access
  • SW1(config-if)# switchport access vlan 222
Configuring VTP
  • SW1(config)# vtp mode server
  • ! options: server, client, transparent
  • SW1(config)# vtp domain EXAMPLE
  • ! case-sensitive
  • SW1(config)# vtp password cisco
  • ! case-sensitive
  • SW1(config)# vtp version 2
  • SW1(config)# vtp pruning
  • ! only works on VTP servers
Verify and Troubleshoot VLANs and VTP
  • SW1# show interfaces if switchport
  • SW1# show interfaces trunk
  • SW1# show vlan {brief | id | name | summary}
  • SW1# show vtp status
  • SW1# show vtp password
STP Optimization
  • SW1(config)# spanning-tree vlan 1 root primary
  • SW1(config)# spanning-tree vlan 1 root secondary
  • ! Priority must be a multiply of 4096
  • SW1(config)# spanning-tree [vlan 1] priority 8192
  • SW1(config)# spanning-tree mode rapid-pvst
  • ! options: mst, pvst, rapid-pvst
Portfast and BPDU Guard
  • SW1(config-if)# spanning-tree portfast
  • SW1(config-if)# spanning-tree bpduguard enable
Changing port cost
  • SW1(config-if)# spanning-tree [vlan1 1] cost 25
Etherchannel
  • SW1(config-if)# interface range fa0/1-4
  • SW1(config-if)# channel-group 1 mode on
  • ! options: auto, desirable, on
STP Verification and Troubleshooting
  • SW1# show spanning-tree
  • SW1# show spanning-tree int fa0/2
  • SW1# show spanning-tree vlan 1
  • SW1# show spanning-tree [vlan 1] root
  • SW1# show spanning-tree [vlan 1] bridge
  • SW1# show etherchannel 1
  • SW1# debug spanning-tre events
Enabling or Disabling CDP
  • SW1(config)# cdp run
  • SW1(config-if)# no cdp enable
Using CDP for Network Verification and Troubleshooting
  • SW1# show cdp
  • SW1# show cdp int fa0/2
  • SW1# show cdp neighbors
  • SW1# show cdp neighbors detail
  • ! OR
  • SW1# show cdp entry *
Access Control Lists

Standard ACL: 1-99 and 1300-1999
  • R1(config)# access-list 1 remark ACL TO DENY ACCESS FROM SALES VLAN
  • R1(config)# access-list 2 deny 192.168.1.77
  • R1(config)# access-list 2 deny 192.168.1.64 0.0.0.31
  • R1(config)# access-list 2 permit 10.1.0.0 0.0.255.255
  • R1(config)# access-list 2 deny 10.0.0.0 0.255.255.255
  • R1(config)# access-list 2 permit any
  • R1(config-if)# ip access-group 2 out
ACL - Permit Telnet
  • R1(config)# access-list 99 remark ALLOWED TELNET CLIENTS
  • R1(config)# access-list 99 permit 192.168.1.128 0.0.0.15
  • R1(config)# line vty 0 4
  • R1(config-line)# access-class 99 in
Access Control Lists

Extended ACL: 100-199 and 2000-2699
  • R1(config)# access-list 101 remark MY_ACCESS_LIST
  • R1(config)# access-list 101 deny iphost 10.1.1.1 host 10.2.2.2
  • R1(config)# access-list 101 deny tcp 10.1.1.0 0.0.0.255 any eq 23
  • R1(config)# access-list 101 deny icmp 10.1.1.1 0.0.0.0 any
  • R1(config)# access-list 101 deny tcphost 10.1.1.0 host 10.0.0.1 eq 80
  • R1(config)# access-list 101 deny udphost 10.1.1.7 eq 53 any
  • R1(config)# access-list 101 permit ip any any
  • R1(config)# interface fa0/0
  • R1(config-if)# ip access-group 101 in
Verifying ACL
  • R1# show access-lists
  • ! OR
  • R1# show ip access-list
  • R1# show ip access-list 101
  • R1# show ip interface f0/0
DHCP Server
  • R1(config)# ip dhcp pool LAN
  • R1(dhcp-config)# network 192.168.1.0 255.255.255.0
  • R1(dhcp-config)# default-router 192.168.1.1
  • R1(dhcp-config)# dns-server 213.131.65.20 8.8.8.8
  • R1(dhcp-config)# lease 2 ! Days
  • R1(dhcp-config)# ip dhcp excluded-address 192.168.1.1 192.168.1.100
DHCP Verification and Troubleshooting
  • R1# show ip dhcp pool LAN
  • R1# show ip dhcp pool binding
  • R1# show ip dhcp pool conflict
Configuring Router Interfaces
  • R1(config)# int fa0/0
  • R1(config-if)# description LINK TO LOCAL LAN THROUGH SW1
  • R1(config-if)# ip address 172.16.1.1 255.255.255.0
  • R1(config-if)# no shutdown
  • R1(config-if)# exit
  • R1(config)# int serial 0/1/0
  • R1(config-if)# description WAN CONNECTION TO R2
  • R1(config-if)# ip address 10.1.1.1 255.255.255.252
  • R1(config-if)# clock rate 128000
  • R1(config-if)# no shutdown
Configuring Router-On-Stick for VLAN Routing
  • R1(config)# int fa0/0
  • R1(config-if)# no shutdown
  • R1(config)# int fa0/0.10
  • R1(config-subif)# encapsulation dot1q 10
  • R1(config-subif)# ip address 192.168.10.1 255.255.255.0
  • R1(config-subif)# interface fa0/0/20
  • R1(config-subif)# encapsulation dot1q 20
  • R1(config-subif)# ip address 192.168.20.1 255.255.255.0
Static Route
  • R1(config)# ip route 10.1.2.0 255.255.255.0 10.1.128.1
  • R1(config)# ip route 10.1.2.0 255.255.255.0 serial 0/0
  • *Note : Exit interface can be used in PTP serial links
Default Route
  • R1(config)# ip route 0.0.0.0 0.0.0.0 199.1.1.1
RIPv2 Configuration
  • R1(config)# router rip
  • R1(config-router)# version 2
  • R1(config-router)# network 10.0.0.0
  • ! Written as an original class A
  • R1(config-router)# no auto-summary
  • R1(config-router)# passive-interface serial 0/0
RIPv2 Verification
  • R1# show ip protocols
  • R1# show ip route
  • R1# show ip route rip
  • R1# show ip route 10.1.1.1
OSPF Configuration
  • R1(config)# router ospf 10
  • ! 10 = Process ID
  • R1 (config-router)# network 10.0.0.0 0.255.255.255 area 0
  • R1 (config-router)# network 172.16.8.0 0.0.7.255 area 0
  • R1 (config-router)# network 192.168.1.254 0.0.0.0 area 1
  • R1 (config-router)# router-id 1.1.1.1
 OSPF Verification
  • R1# show ip protocols
  • R1# show ip route
  • R1# show ip route ospf
  • R1# show ip ospf neighbors
  • R1# show ip ospf database
  • R1# show ip ospf interfaces serial 0/0
EIGRP Configuration
  • R1 (config)# router eigrp 121
  • ! 121 = AS number
  • R1 (config-router)# network 10.0.0.0
  • R1 (config-router)# network 172.16.0.0 0.0.3.255
  • R1 (config-router)# network 192.168.1.1 0.0.0.0
  • R1 (config-router)# network 0.0.0.0 255.255.255.255
  • R1 (config-router)# no auto-summary
EIGRP Verification
  • R1# show ip route eigrp
  • R1# show ip eigrp neighbors
  • R1# show ip eigrp topology
  • R1# show ip eigrp interfaces
  • R1# show ip eigrp traffic
PPP Configuration
  • R1(config)# int serial 0/0
  • R1(config-if)# encapsulation ppp
PPP Authentication - CHAP
  • R1(config)# hostname ALPHA
  • ALPHA(config)# username BETA password XYZ
  • ALPHA(config)# int serial 0/0
  • ALPHA(config-if)# ppp authentication chap
PPP Authentication - PAP
  • R1(config)# hostname ALPHA
  • ALPHA(config)# username BETA password XYZ
  • ALPHA(config)# int serial 0/0
  • ALPHA(config-if)# ppp authentication pap
  • ALPHA(config-if)# ppp pap sent-username ALPHA password XYZ
PPP Verification and Troubleshoot
  • R1# show int s0/0
  • R1# show running-config
  • R1# debug ppp authentication
Network Address Translation (NAT)

Static NAT
  • R1(config)# interface serial 0/0
  • R1(config-if)# ip nat outside
  • R1(config)# int fa1/1
  • R1(config-if)# ip nat inside
  • R1(config)# ip nat inside source static 192.168.1.10 200.1.1.1
Dynamic NAT
  • R1(config)# access-list 3 permit 192.168.1.0 0.0.0.255
  • R1(config)# ip nat pool PUB 200.1.1.1 200.1.1.6 netmask 255.255.255.248
  • R1(config)# ip nat inside source list 3 pool PUB overload
NAT Verification and Troubleshoot
  • R1# show running-config
  • R1# show access-list
  • R1# show ip nat statistics
  • R1# show ip nat translations
  • R1# clear ip nat translations *
  • R1# debug ip nat
RIPNG Configuration
  • Router(config)# ipv6 unicast-routing
  • !activated ipv6 unicast
  • ! go to interface
  • Router(config)# int fa0/0
  • Router(config-if)# ipv6 rip TESTING enable
  • ! configure interface to enable RIP instance TESTING
OSPFv3 Configuration
  • Router(config)# ipv6 unicast-routing
  • ! activated ipv6 unicast
  • Router(config)# ipv6 router ospf 1
  • ! go router configuration to activate ospfv3
  • Router(config-router)# router-id 1.1.1.1
  • ! configure router id for ospf 1
  • ! go to interface
  • Router(config)# interface fa0/0
  • Router(config-if)# ipv6 ospf 1 area 0
EIGRPv6 Configuration
  • Router(config)# ipv6 unicast-routing
  • ! activated ipv6 unicast
  • Router(config)# ipv6 router eigrp 1
  • ! go router configuration to activate eigrp with as number 1
  • Router(config-router)# router-id 1.1.1.1
  • ! configure router id for eigrp 1
  • Router(config-router)# no shut
  • ! activate eigrp process
  • ! go to interface
  • Router(config)# interface fa0/0
  • Router(config-if)# ipv6 eigrp 1
HSRP Configuration
  • Router(config)# track int s0/0 line protocol
  • Router(config)# int fa0/0
  • Router(config-if)# ip address 10.10.10.1 255.255.255.0
  • Router(config-if)# standby 1 ip 10.10.10.254
  • Router(config-if)# standby 1 priority 120
  • Router(config-if)# standby 1 preempt
  • ! config to preempt when the priority win
  • Router(config-if)# standby 1 track 1 decrement 30
Oke, mungkin Admin rasa ini aja yang bisa di Share untuk kesempatan kali ini.Semoga Admin bisa terus memberikan Ilmu seputar Cisco atau Mikrotik untuk sobat semua supaya kita bisa sama-sama belajar.Kalo kurang ngerti langsung saja komentar dibawah ini atau hubungi Admin via Fanspage Facebook Namorz.Terima kasih sudah berkunjung dan Selamat Mencoba!
Share This Article :
Namorz

Namorz merupakan Website yang membahas trik-trik seputar Internet dan IT

1797601885339958950