cisco config
ether channel (Link Aggregation Control Protocol)
interface range G0/1-2
channel-group 1 mode active
interface port-channel 1
# config of the interface
router trunk
interface GigabitEthernet0/0
no shutdown
interface GigabitEthernet0/0.10
encapsulation dot1q 10
ip address 172.16.17.1 255.255.255.128
interface GigabitEthernet0/0.20
encapsulation dot1q 20
ip address 172.16.17.129 255.255.255.128
switch trunk
interface range f0/21-24
switchport mode trunk
switchport trunk native vlan 99 # comunication between switches
switchport trunk allowed vlan 10,20,30 # vlans in the trunk
router ipv6
ipv6 unicast-routing
ipv6 address 2001:3007:2001:20::1
ipv6 dhcp pool LAN1
dns-server 2001:db8:1:A::2
domain-name LAN1.pkt
address prefix 2001:db8:1:A::/64
interface GigabitEthernet0/0
ipv6 nd other-config-flag
ipv6 dhcp server LAN1
- other-config-flag means that client is requesting from dhcp everything except ip address and the ip is generated by slaac
- manage-config-flag means that client is requesting everything
- ipv6 unicast-routing turning on routing of ipv6
- address prefix 2001:db8:1:A::/64 - not necessary when ipv6 nd is manage-config-flag
router DHCP server
service dhcp
ip dhcp excluded-address 192.168.10.1 192.168.10.9 # range 10.1-10.9
ip dhcp pool LAN1
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 192.168.10.2
lease 7
domain-name delta.pkt
switch DHCP server
ip dhcp excluded-address 192.168.10.1 192.168.10.9 # range 10.1-10.9
ip dhcp pool vlan10
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 192.168.10.2
lease 7
domain-name delta.pkt
interface vlan 10
ip address 192.168.10.3 255.255.255.0
router DHCP client
interface g0/1
ip address dhcp
switch config
vlan 10
name vlan10
vlan 20
name vlan20
interface range f0/1-10
switchport mode access
switchport access vlan 10
interface range f0/11-20
switchport mode access
switchport access vlan 20
switch/router erase
enable
write erase
erase startup-config
delete flash:vlan.dat
reload
L3 switch as router
interface f0/1
no switchport
ip routing
Access List
ip access-list extended acl-name
# Permits IP traffic from 10.2.2.2 host machine to 10.3.3.3 host machine.
permit ip host 10.2.2.2 host 10.3.3.3
# Permits www traffic from 10.1.1.1 host machine to 10.5.5.5 host machine.
permit tcp host 10.1.1.1 10.5.5.5/24 eq www
# Permits icmp traffic from any to any network.
permit icmp any any
interface f0/1
ip access-group acl-name in
ip access-group acl-name out
ssh
service password-encryption
ip domain-name example.com
crypto key generate rsa modulus 2048
ip ssh version 2
username admin secret StrongPassword
line console 0
login local
password cisco # password for console
line vty 0 4
transport input ssh
login local
ip ssh time-out 60
ip ssh authentication-retries 3
ip ssh logging events
ssh public key
ip ssh pubkey-chain
username <username>
key-string
<ssh key string>
exit
exit
spanning tree
spanning-tree mode pvst # Enable PVST (Per VLAN STP)
spanning-tree vlan 1 priority 0 # Set the root bridge
spanning-tree vlan 1 priority 4096 # Set the secondary root bridge
interface FastEthernet0/1
spanning-tree portfast # Enable PortFast for end devices (disables spanning tree)
spanning-tree bpduguard enable # Protect against rogue switches (BPDU Guard)
show spanning-tree # Check STP status
switchport security
switchport mode access
switchport port-security mac-address sticky
switchport port-security maximum 1
switchport port-security violation restrict
switchport port-security violation
OSPF
router ospf 1
network 10.10.10.0 0.0.0.3 area 0 # set router to publish this network via OSPF
SLAAC
interface G0/0
# Router can advertise its presence to network
ipv6 nd ra suppress
ipv6 nd ra-interval 30
ipv6 nd dns 2001::1
No comments to display
No comments to display