Configure a Serial
The speed of the Layer 1 connection is determined by the CSU/DSU. DTE (Data Terminal Equipment) and DCE (Data Communications Equipment) cables are used in labs without an external CSU/DSU.
| Command | Description |
|---|---|
| (config)# interface serial 1/0 | To Configure interface serial 1/0 |
| (config-if)# clock rate 128000 | To Set clock rate for DCE router side to 128 kbps |
| (config)# show controllers serial 1/0 | To Verify clock rate on serial interface 1/0 |
Access Control Lists (ACLs):
Default mask for default ACL: 0.0.0.0
Interface ACLs:
| Command | Description |
|---|---|
| (config)# inter g1/1 | To Enter if-config mode for g1/1 |
| (config-if)# ip access-group 23 out | To Apply ACL #23 to outgoing packets, not sent by the router |
| (config-if)# ip access-group 42 in | To Apply ACL #42 to incoming packets |
| (config-if)# ip access-group local_only in | To Overwrite the used ACL, only one ACL per if + proto + direction! |
| (config-if)# ipv6 traffic-filter 23 out | To The v6 syntax of course differs… |
| # show ip interface g1/1 | incl access list | To Show ACLs on g1/1 (When none set shows not set for v4 and nothing for v6) |
Troubleshooting ACLs:
| Command | Description |
|---|---|
| # show [ipv6] access-lists | To Show, all configured ACLs |
| # show access-list 10 | To Display all rules in ACL #10 and how often they matched |
Network Address Translation (NAT):
Network Address Translation (NAT) is the process of translating one or more local IP addresses into one or more global IP addresses, or vice versa, in order to provide Internet access to local hosts. It also performs port number translation. H. Mask the host’s port number with another port number in packets routed to the destination.
| Term | Definition |
|---|---|
| inside local | IP addresses assigned to hosts in the network are not routable |
| inside global | A routable IP address assigned by your Network Information Center or ISP |
| outside local | The IP address of the remote host seen on the network is not routable |
| outside global | The owner-assigned IP address of the remote host, routable |
| Command | Description |
|---|---|
| (config)# int g1/1 | To Enter if-config mode for g1/1 |
| (config-if)# ip address 1.2.3.4 255.255.255.240 | To configure 1.2.3.4/28 on g1/1 |
| (config-if)# ip nat outside | To Packets going out, need to change their src, incoming their dest ip. |
| (config)# int g1/2 | To Enter if-config mode for g1/2 |
| (config-if)# ip address 10.10.23.1 255.255.255.0 | To configure 10.10.23.1/24 on g1/2 |
| (config-if)# ip nat inside | To Packets going out, need to change their dest, incoming their src ip. |
SNAT:
SNAT, as the name suggests, is a technique for generally translating the source IP address when connecting from a private IP address to a public IP address. Maps the originating client IP address in the request to a transform defined on the BIG-IP device. This is the most common form of NAT and is used when internal hosts need to initiate sessions with external or public hosts.
| Command | Description |
|---|---|
| (config)# ip nat inside source static 10.10.23.2 1.2.3.5 | SNAT – Static mapping of internal IPs to external IPs 1:1. |
DNAT:
DNAT, as the name proposes, is a technique for mostly translating destination IP addresses when connecting from a public IP address to a private IP address. It is typically used to redirect packets destined for a specific IP address on one host or a specific port on an IP address to another address (most likely another host).
| Command | Description |
|---|---|
| (config)# access-list 42 permit 10.10.23.0 0.0.0.255 | To Create an ACL identifying 10.10.23/24 |
| (config)# ip nat pool POOL 1.2.3.5 1.2.3.10 netmask 255.255.255.240 | To Create an IP Address Pool for NATing |
| (config)# ip nat inside source list 42 pool POOL | To DNAT IPs matching ACL #42 1:1 with IPs from nat pool ‘POOL’. |
Port Address Translation (PAT):
Port address translation is implemented in routers. So the IP packet received by the router contains a private IP and a port number (provided by the computer), so the router replaces the private IP with the public IP of the router and a specific port is assigned to this connecting device.
| Command | Description |
|---|---|
| (config)# access-list 10 permit 10.10.0.0 0.0.255.255 | To Create an ACL identifying 10.10/16 |
| (config)# ip nat inside source list 10 interface g1/1 overload | To PAT IPs matching ACL #10 many:1 with g1/1s public IP |
DHCP (Dynamic Host Control Protocol):
Dynamic Host Configuration Protocol (DHCP) is an application layer protocol used to provide:
- Subnet Mask (Option 1 – e.g., 255.255.255.0)
- Router Address (Option 3 – e.g., 192.168.1.1)
- DNS Address (Option 6 – e.g., 8.8.8.8)
- Vendor Class Identifier (Option 43 – e.g., ‘unifi’ = 192.168.1.9 ##where unifi = controller)
| Command | Description |
|---|---|
| (config)# ip dhcp excluded-address 10.30.4.1 10.30.4.100 | Do not distribute these IPs in leases |
| (config)# ip dhcp pool PCs | Create and/or enter DHCP config for pool ‘PCs’ |
| (dhcp-config)# network 10.30.4.0 /24 | To define pool addresses |
| (dhcp-config)# default-router 10.2.1.1 | To define default gateway to be distributed in the leases |
| (dhcp-config)# dns-server 10.30.4.1 | NULL |
| (dhcp-config)# domain-name acme.com | NULL |
| (dhcp-config)# lease | To lease validity time |
| (config)# int g1/1 | To Enter interface config mode on client-facing interface |
| (config-if)# ip helper-address 192.168.1.1 | To Relay DHCP Requests to this host |
Troubleshooting DHCP:
| Command | Description |
|---|---|
| # debug ip dhcp server packet | NULL |
| # show dhcp lease | To Show DHCP lease information |
| # show ip dhcp pool | To Show pool size and addresses in use |
| # show ip dhcp binding | To Show which mac got which ip |
| # sh run | section dhcp | To See if IP DHCP exclude-address / pool stuff is wrong. |
| # sh run int g1/1 | To See if IP helper address is wrong. |
HSRP (Hot Standby Router Protocol):
HSRP (Hot Standby Router Protocol) is a CISCO proprietary protocol that provides redundancy for a local subnet. In HSRP, two or more routers create the illusion of a virtual router.
| Command | Description |
|---|---|
| (config-if)# standby [group-number] ip | To Join HSRP Group |
| (config-if)# standby [group-number] priority | To Set prio of this router. |
| (config-if)# standby [group-number] preempt | To Preempt other routers when this router becomes active |
| (config-if)# standby {1,2} | To Set HSRP Version |
Troubleshooting HSRP:
| Command | Description |
|---|---|
| # show standby | HSRP Groups, their VIPs, state, active router, standby router, preemption. |
Service Level Agreements (SLAs):
Service Level Agreements (SLAs) are performance constraints negotiated between the cloud service provider and the customer. Previously, in cloud computing, all service level agreements were negotiated between the customer and the consumer of the service. Today, with the advent of major utility-style cloud providers, most service level agreements are standardized until customers become major consumers of cloud services. cloud.
| Command | Description |
|---|---|
| (config)# ip sla 23 | Create IP sla test #23 and enter its config mode. |
| (config-ip-sla)# icmp-echo 1.2.3.4 | Define icmp-echo test. |
| (config-ip-sla)# frequency 42 | frequency in seconds. |
| (config)# ip sla schedule 23 life {forever, seconds} start-time now | Start test #23 now and until manually stopped. |
Troubleshooting SLAs:
| Command | Description |
|---|---|
| # show ip sla configuration | Show all configured IP SLA configs |
| # show ip sla statistics | Show sla results |
Telnet / Console:
TELNET stands for Terminal Network. It is a type of protocol that allows a computer to connect to a local computer. It is used as the standard TCP/IP protocol for the virtual terminal service provided by ISO. The computer that initiates the connection is called the local computer.
| Command | Description |
|---|---|
| (config)# banner login “Insert snarky banner.” | To Make sure that the device includes legal terms to sound smart. |
| (config)# banner motd “Insert snarky banner.” | To Set Login Banner. |
| (config)# line vty 0 4 | To Enter config mode for vty 0 to 4 (up to 15 allowed). |
| (config)# line console 0 | To Enter config mode for the console port |
| (config-line)# login | To Require login on telnet/console connection. |
| (config-line)# password | To Enable Telnet and set vty login password. |
| (config-line)# access-class 10 in | To Set ACL to limit inbound IPs allowed to access vty |
| (config-line)# access-class 42 in | To Overwrite the used ACL, only one ACL per vty + direction! |
| (config-line)# exec-timeout 10 | To Autologout after 10 Minutes |
| (config-line)# login local | To Require login on telnet/console connection via local users. |
| (config)# username h.acker secret C1sco123 | To Create a local user with an encrypted password. |
SSH:
SSH (Secure Shell) is an access identifier used in the SSH protocol. In other words, it is a cryptographic network protocol used to transmit encrypted data over a network. It allows you to connect to a server or servers without having to remember or enter your password for each system that needs to connect remotely from one system to another.
| Command | Description |
|---|---|
| (config)# hostname Foobar | To generate SSH keys. |
| (config)# ip domain-name example.com | To Required to generate SSH keys. |
| (config)# crypto key generate RSA modulus 2048 | To Generate keys like it’s 1995! Potentially takes forever. |
| (config)# ip ssh version 2 | To Force SSHv2 |
| (config-line)# transport input ssh | To Force ssh, disable telnet. |
| # show ip ssh | To Know SSH version, timeout time, and auth retries. |
| # show ssh | To List active connections |
TACACS+ Protocol:
TACACS+, which stands for Terminal Access Controller Access Control Server, is a security protocol used within the AAA framework to provide centralized authentication for users who wish to access the network.
| Command | Description |
|---|---|
|
To view Local backup users. |
|
|
To Enable aaa services. |
|
|
To Add and define TACACS conf. |
|
|
NULL |
|
|
NULL |
|
|
NULL |
|
|
Multiple possible. |
|
|
NULL |
|
|
Allow that group and local users in. |
Simple Network Management Protocol (SNMP):
SNMP is an application layer protocol that uses UDP port number 161/162. SNMP is used to monitor the network, detect network failures, and sometimes even to configure devices remotely.
| Command | Description |
|---|---|
| (config)# snmp-server contact admin@example.com | To Contact email |
| (config)# snmp-server location RZ-Hamburg | To Where is the device |
| (config)# snmp-server community [ro, rw] | To Add community |
| (config)# snmp-server host 10.20.30.40 | To SNMP notifications recipient |
CDP – Cisco Discovery Protocol:
CDP allows users to use a number of display commands that allow them to view connected device information such as local port information, remote port information, hostname, device platform, etc.
| Command | Description |
|---|---|
| # [no] cdp run | To Enables cdp globally and on all interfaces (default) |
| # (config-if)# [no] cdp enable | To Enable cdp on an interface |
| # show cdp neighbors [detail] | To List connected cisco devices (name, local/remote port, [ip]) |
| # show cdp entry * | NULL |
Link Layer Discovery Protocol (LLDP):
It is an open layer 2 protocol compliant with the IEEE (802.1AB) standard. LLDP is an open source alternative to CDP (Cisco Discovery Protocol), which is also a device discovery protocol that runs only on layer 2 (data link layer) on Cisco-manufactured devices (routers). routers, bridges, access servers, and switches).
| Command | Description |
|---|---|
| # [no] lldp run | To enable lldp globally and on all interfaces |
| (config-if)# [no] lldp transmit | To Enable lldp packet transmission on interface |
| (config-if)# [no] lddp receive | To Enable lldp packet reception on the interface |
Point-to-Point Protocol (PPP):
Point-to-Point Protocol (PPP) is basically a set of asymmetric protocols for different connections or links that do not provide frames, i.e., raw bit pipes. PPP also wants other protocols to establish connections, authenticate users, and also transport network layer data. PPP is not a single protocol, but a set of protocols consisting of simple protocols that address various aspects of Layer 2 point-to-point communication.
| Command | Description |
|---|---|
| (config)# username fnord password pass | To Create users for pap auth. |
| (config)# interface S0/0/0 | NULL |
| (config-if)# clock rate 125000 | To rate Only on DCE cable! |
| (config-if)# bandwidth 125 | For Logical speed used for routing cost calc, RSVP… |
| (config-if)# encapsulation ppp | To set Default HDLC |
| (config-if)# ppp authentication pap | To show Required remote to authentication via pap |
| (config-if)# ppp pap sent-username fnord password pass | Authenticate to remote pap |
| (config)# hostname routy1 | Required for CHAP, used as chap client username |
| (config)# username routy2 password foobar | Create users for chap auth for routy2 |
| (config)# interface S0/0/0 | NULL |
| (config-if)# no ppp authentication pap | Remove in favor of chap |
| (config-if)# no ppp pap sent-username fnord password pass | Remove in favor of chap |
| (config-if)# ppp authentication chap | Require remote to authenticate via chap |
Troubleshooting PPP:
| Command | Description |
|---|---|
| # show controllers S0/0/0 | To Show interface, connected type of cable, clock rate |
| # show interfaces | To Show encapsulation, logical bandwidth |
| # show ppp all | To Show session state, auth type, peer ip and name |
| # debug ppp authentication | To Debug PPP authentication |
RIP:
Routing Information Protocol (RIP) is a dynamic routing protocol that uses hop count as a routing metric to find the best path between source and destination networks. It is a distance vector routing protocol with an AD value of 120 and operates on the network layer of the OSI model. RIP uses port number 520.
| Command | Description |
|---|---|
| (config)# router rip | To Enable RIP and enter its config mode |
| (config-router)# version 2 | To Set RIPv2, which is Classless |
| (config-router)# network 192.168.0.0 | To Advertise connected networks which are within. |
| (config-router)# network 0.0.0.0 | To Advertise all connected networks. |
| (config-router)# timers basic | To Show timers |
| (config-router)# no auto-summary | Stop summarizing a smaller subnet route in a bigger one. |
| (config-router)# passive-interface g1/1 | Stop sending RIP updates out this interface |
| (config-router)# passive-interface default | Stop sending RIP updates on any if by default |
| (config-router)# no passive-interface g1/2 | To Overwrite the passive-interface default |
| (config-router)# default-information originate | To Advertise the default route. |
Troubleshooting RIP:
| Command | Description |
|---|---|
| # show ip[v6] protocols | Show rip timers, interfaces, networks, |
| # show ip rip database | Routes learned by rip were used to compile the routing table |
| # show ip route | Show learned routes |
| # clear ip route * | Get rid of all routes |
EIGRP:
EIGRP (Enhanced Interior Gateway Routing Protocol) is a dynamic routing protocol used to find the best path between any two Layer 3 devices for packet delivery. EIGRP works on top of the network layer protocol of the OSI model and uses protocol number 88. It uses metrics to find the best path between two Layer 3 devices (Layer 3 routers or switches). using EIGRP.
| Command | Description |
|---|---|
| # show run | section eigrp | To Show EIGRP settings. |
| # show interfaces g1/1 | To Show configured/default bandwidth and delay. |
| (config-if)# bandwidth | To Overwrite bandwidth used for eigrp metric. |
| (config-if)# delay | To Overwrite display used for eigrp metric. |
| (config)# router eigrp 23 | To Add and conf EIGRP AS#23 |
| (config-router)# network 10.20.30.0 0.0.0.255 | To Announce routes to 10.20.30.0/24 |
| (config-router)# no shutdown | On some iOS versions, it’s off by default. |
| (config-router)# [no] eigrp router-id | To Set Defaults to highest loopback ip |
| (config-router)# [no] passive-interface g1/2 | To Disable EIGRP here. Ignore incoming pkgs. |
| (config-router)# [no] passive-interface default | To Disable EIGRP on all ifs by default. |
| (config-router)# maximum-paths | To set Default 4, must match, the number of load-balanced paths. |
| (config-router)# variance 4 | To Set Default 1, Max 4:1 variance for unequal lb. |
| (config-router)# no auto-summary | To Set Don’t summarize a smaller subnet route in a big one. |
| # show ip[v6] eigrp neighbors | To show Neighbor address, if, hold time, uptime, queued pkgs |
| # show ip[v6] eigrp interfaces [if-name] | To Show If, Number of peers, pending routes, queued pkgs |
| # show ip[v6] route [eigrp] | To ShowRoutes starting with D were learned via EIGRP |
| # show ip[v6] eigrp topology [all-links] | Topology table |
EIGRP with ipv6:
| Command | Description |
|---|---|
| (config)# ipv6 unicast-routing | To Enable v6 routing on the router |
| (config)# ipv6 router eigrp 23 | To Configure eigrp as #23 |
| (config-rtr)# no shutdown | To Enable this eigrp routing process. |
| (config-if)# [no] ipv6 eigrp 23 | To Enable eigrp with ipv6 for as #23 on this if. |
OSPF:
Open Shortest Path First (OSPF) is a link-state routing protocol used to find the best path between source and destination router using its own shortest path first). OSPF was developed by the Internet Engineering Task Force (IETF) as one of the Internal Gateway Protocols (IGP), i.e., a protocol aimed at moving packets within a large autonomous system or routing domain.
| Command | Description |
|---|---|
| (config)# router ospf 1 | 1 is the pid, not the area. |
| (config-router)# router-id 1.2.3.4 | To Set Defaults to highest IPv4 on lo, then other ifs. |
| (config-router)# network 10.20.30.0 0.0.0.255 area 0 | To enable interfaces for OSPF with matching IPs |
| (config-router)# (no) passive-interface g1/1 | To Stop in- and egress OSPF hello packets. |
| (config-router)# passive-interface default | To Mark all ifs passive by default. |
| (config-router)# default-information originate (always) | To Advertise default routes into a normal area |
| (config-router)# auto-cost reference-bandwidth <refbw in Mb/s> | To Change reference bandwidth speed |
| (config-if)# ip ospf cost 23 | To Overwrite interface cost to 23 |
| (config-if)# bandwidth <bw in kb/s> | To Change interface bandwidth |
Router Types:
| Term | Definition |
|---|---|
| Internal Router | List All OSPF interfaces in one area |
| Backbone Router | It has one or more OSPF interfaces in the backbone |
| Area Boundary Router (ABR) | It has at least one interface in the backbone area and at least one in another area |
| Autonomous System Boundary Router (ASBR) | To Injects routes into OSPF via redistribution from other routing protocols |
OSPF with ipv6 (OSPFv3):
| Command | Description |
|---|---|
| (config)# ipv6 unicast-routing | To show unicast routing through ipv6 |
| (config)# ipv6 router OSPF | To show config of ipv6 on the router |
| (config-router)# router-id | Required if we don’t have any v4 address configured. |
| (config-if)# ipv6 OSPF area | Required for OSPFv3. |
The network’s command does not exist, and non mentioned commands are the same.
Troubleshooting OSPF:
| Command | Description |
|---|---|
| # show run | sect ospf | To run OSPF |
| # show ip(v6) protocols | To show ipv6 in OSPF |
| # show ipv6 ospf | To show reference bandwidth, router-id, networks, interface per area |
| # show ip(v6) ospf neighbor | To show neighbor IDs, IPs, and via the interface. |
| # show ip(v6) ospf neighbor detail | To show dr, bdr, timers, etc. |
| # show interface brief | To show admin downlink |
| # show ip(v6) ospf interface brief | To show OSPF enabled interfaces |
| # show ip(v6) ospf interface g1/1 | To show OSPF related Infos for g1/1, passive? |
| # show ip(v6) route (ospf) | To show OSPF routes are marked O, show route ad and cost |
CCNA Cheatsheet
A CCNA certification proves you have the competencies needed to navigate an ever-changing IT landscape. CCNA exams cover network fundamentals, IP services, security fundamentals, automation, and programmability. Designed for agility and versatility, CCNA proves you have the skills needed to manage and optimize today’s most advanced networks. CCNA training courses and exams are the foundation for advancing your career in any direction. A Cisco certification is living proof of the standards and rigor your organization recognizes and trusts to meet and exceed market demands. Here is a cheat sheet for CCNA Examination.