SW(config)#int fa0/1
SW(config-if)#switchport port-security
SW(config-if)#switchport port-security mac-address 2222.bbbb.3333
If you want to restart the port try use command "shutdown" and "no shutdown"
To allow mac-address that over than 2 addresses try to use this
SW(config-if)#switchport port-security maximum 3
SW(config-if)#switchport port-security mac-address 1111.1111.1111
SW(config-if)#switchport port-security mac-address 2222.2222.2222
SW(config-if)#switchport port-security mac-address 3333.3333.3333
SW(config-if)#switchport port-security mac-address sticky
above command are used to allow mac address that connect the switch in first time.
Functional On Security Reponse:
SW(config-if)#switchport port-security violation [protect | restrict | shutdown]
protect : no shutdown port
restrict : no shutdown port and report status to monitor or log server
shutdown : shutdown port
Username-Cisco
This topic will allow you to create user on a router or switches
Step 1 : Start by creating the user
R1(config)#username tck3 password tck3
or R1(config)#username tck secret tck (Encrypted password)
You can determine user by using this command
R1(config)#username tck3 privilege 4 //(number(0-15))
R1(config)#username tck privilege 14
Step 2 : Use below command
R1(config)#aaa new-model //Enable Authentication,Authrorization and accounting
R1(config)#aaa authentication login default local //Tell the router to use local user database(Step1)
Example :
Switch#show run
.
.
.
aaa new-model
!
aaa authentication login default local
!
username tck privilege 14 secret 5 $1$mERr$saRGHsR7Qg4qMY2CyUUa/.
username tck2 privilege 9 secret 5 $1$mERr$oaAhEl1q/sqoNhjlLaEh00
username tck3 privilege 4 password 0 tck3
!
.
.
.
Ref : http://www.tech-recipes.com/rx/730/create_user_cisco_router/
Step 1 : Start by creating the user
R1(config)#username tck3 password tck3
or R1(config)#username tck secret tck (Encrypted password)
You can determine user by using this command
R1(config)#username tck3 privilege 4 //(number(0-15))
R1(config)#username tck privilege 14
Step 2 : Use below command
R1(config)#aaa new-model //Enable Authentication,Authrorization and accounting
R1(config)#aaa authentication login default local //Tell the router to use local user database(Step1)
Example :
Switch#show run
.
.
.
aaa new-model
!
aaa authentication login default local
!
username tck privilege 14 secret 5 $1$mERr$saRGHsR7Qg4qMY2CyUUa/.
username tck2 privilege 9 secret 5 $1$mERr$oaAhEl1q/sqoNhjlLaEh00
username tck3 privilege 4 password 0 tck3
!
.
.
.
Ref : http://www.tech-recipes.com/rx/730/create_user_cisco_router/
Password-Cisco
Line console :
R1(config)#line console 0 //To Line console configuration
R1(config-line)#password theline //password is "thecat"
R1(config-line)#login //use password to connect via console cable
AUX port :
R1(config)#line aux 0
R1(config)#password theaux
R1(config-line)#login
Telnet :
R1(config)#line vty 0 4 //0 and 4 are sessions (5 sessions can telnet to R1)
R1(config-line)#password thetelnet //password is "thetelnet"
R1(config-line)#login
***** R1#show user
User Mode to Privileged Mode :
R1(config)#enable secret theprivileged
***** output on "show run" : enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
R1(config)#enable password theprivileged
***** output on "show run" : enable password theprivileged
R1(config)#line console 0 //To Line console configuration
R1(config-line)#password theline //password is "thecat"
R1(config-line)#login //use password to connect via console cable
AUX port :
R1(config)#line aux 0
R1(config)#password theaux
R1(config-line)#login
Telnet :
R1(config)#line vty 0 4 //0 and 4 are sessions (5 sessions can telnet to R1)
R1(config-line)#password thetelnet //password is "thetelnet"
R1(config-line)#login
***** R1#show user
User Mode to Privileged Mode :
R1(config)#enable secret theprivileged
***** output on "show run" : enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0
R1(config)#enable password theprivileged
***** output on "show run" : enable password theprivileged
"Encrypt System Password" : Console, AUX, TelnetR1(config)#service password-encryption
Show-interfaces-counters
Using when we want to check ports that it active or not (Test on Cisco Nexus 7000 Switches)
Port 1,3,8 are active
Port 2,4,5,6,7 are inactive
TCP/IP Model
- Documents called Requests for Comments (RFC)
- Can Classifies protocols into defferent 4 layers
- Application : HTTP, SMTP, FTP
- Transport : TCP, UDP
- Internet : IPv4, IPv6
- Network access : Ethernet, Frame Relay
Power over Ethernet
- Pass electrical power along with data on Ethernet cabling.
- Allows a single cable to provide both data and electric power.
- IEEE802.3 using in 10BaseT or 10BaseTx
Cisco Switch command :
PoE mode
- auto - Sets the interface to automatically detect and supply power to device
- static - Sets the interface to higher priority than auto
- never - disable detection and power off the PoE interface
Example
SW(config)#interface giga 1/0/4
SW(config-if)#power inline auto
SW(config-if)#end
SW#show power inline giga1/0/4
EIGRP
Configuration :
R1(config)#router eigrp 100 //100 is an Autonomous System number (AS)
R1(config-router)#no auto-summary //Disable auto-summary feature
R1(config-router)#network 10.12.1.1 0.0.0.0 //address and wildcard mask
R1(config-router)#end
R1(config)#router eigrp 100 //100 is an Autonomous System number (AS)
R1(config-router)#no auto-summary //Disable auto-summary feature
R1(config-router)#network 10.12.1.1 0.0.0.0 //address and wildcard mask
R1(config-router)#end
show ip eigrp neighbors : show all neighbors that connected with R4
show ip eigrp interfaces : show all interface that using EIGRP protocol
show ip protocols : show EIGRP routing protocol (K value, Auto-summary status)
show ip eigrp topology : show topology of Eigrp routing
Note : via 10.34.0.3 is successor
via 10.43.0.3 is feasible
show ip eigrp topology all-links : list all link that connect to destination subnet (show ip eigrp topology show successor and feasible only)
Administrative Distance
is the feature that routers use in order to select the best path when there are two or more different routes to the same destination from two diffent routing protocol.
Route Source
|
Default Distance Values
|
|---|---|
Connected interface
|
0
|
Static route
|
1
|
Enhanced Interior Gateway Routing Protocol (EIGRP) summary route
|
5
|
External Border Gateway Protocol (BGP)
|
20
|
Internal EIGRP
|
90
|
IGRP
|
100
|
OSPF
|
110
|
Intermediate System-to-Intermediate System (IS-IS)
|
115
|
Routing Information Protocol (RIP)
|
120
|
Exterior Gateway Protocol (EGP)
|
140
|
On Demand Routing (ODR)
|
160
|
External EIGRP
|
170
|
Internal BGP
|
200
|
Unknown*
|
255
|
OSPF
OSPF (Open
Shortest Path First)
-
“Link
state”
-
Developed
by ISO
-
Advertise
Interface Status instead of send all of routing table in “Distance Vector”
-
Can
see all of topology
-
Use
SPF (Shortest Path First) Algorithm or Dijkstra’s Algorithm
-
Periodic
update every 30 minute
-
Hello
mechanism
-
Using
Bandwidth
-
Support
VLSM
-
OSPF
Area, route Authentication
-
Fast
Convergence
“Cost =
10^8/Bandwidth(bps)”
Ex.
Bandwidth 100Mbps = 10^8/100*10^6 = 1
Calculate
from interface-based and outgoing direction
-
If
topology has only a area, we can use other number
-
Area0
is called “Backbone Area”
-
If
you want to communicate between a Area to another area you must pass packet by
Area0
Router
in OSPF
1)
Backbone Router – Work in Area0
2)
Area Border Router (ABR) – Have least
a interface that connect with Area0 and have one connect with another area
3)
Autonomous System Border Router (ASBR) –
Connect with another autonomous system or distinct protocols
4)
Internal Router – Within on area (no have
interface connect with other area)
OSPF
Routing Entry
1)
Intra-Area
Routing – Calculate from SPF Algorithm inside area (“O”)
2)
Inter-Area
Routing – Routing that have routing entry to distinct subnet address Area (“O
IA”)
3)
External
Routes – Connect to other subnet address (“E1,E2”)
Configuration
R1#show
run
Building
configuration...
Current
configuration : 548 bytes
!
version
12.4
no
service timestamps log datetime msec
no
service timestamps debug datetime msec
no
service password-encryption
!
hostname
R1
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface
FastEthernet0/0
bandwidth 10000
ip address 10.15.0.1 255.255.255.0
duplex auto
speed auto
!
interface
FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface
Vlan1
no ip address
shutdown
!
router
ospf 1
log-adjacency-changes
network 10.15.0.1 0.0.0.0 area 15
!
ip
classless
!
!
!
!
!
!
!
line
con 0
line
vty 0 4
login
!
!
!
end
R5#show
run
Building
configuration...
Current
configuration : 642 bytes
!
version
12.4
no
service timestamps log datetime msec
no
service timestamps debug datetime msec
no
service password-encryption
!
hostname
R5
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface
FastEthernet0/0
bandwidth 10000
ip address 10.15.0.5 255.255.255.0
duplex auto
speed auto
!
interface
FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface
Serial0/0/0
ip address 10.45.0.5 255.255.255.0
!
interface
Vlan1
no ip address
shutdown
!
router
ospf 1
log-adjacency-changes
network 10.45.0.5 0.0.0.0 area 0
network 10.15.0.5 0.0.0.0 area 15
!
ip
classless
!
!
!
!
!
!
!
line
con 0
line
vty 0 4
login
!
!
!
End
R4#show
run
Building
configuration...
Current
configuration : 911 bytes
!
version
12.4
no
service timestamps log datetime msec
no
service timestamps debug datetime msec
no
service password-encryption
!
hostname
R4
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface
FastEthernet0/0
no ip address
duplex auto
speed auto
shutdown
!
interface
FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface
Serial0/0/0
bandwidth 128
ip address 10.34.0.4 255.255.255.0
clock rate 9600
!
interface
Serial0/0/1
bandwidth 64
ip address 10.43.0.4 255.255.255.0
clock rate 9600
!
interface
Serial0/1/0
no ip address
shutdown
!
interface
Serial0/1/1
bandwidth 128
ip address 10.45.0.4 255.255.255.0
clock rate 9600
!
interface
Vlan1
no ip address
shutdown
!
router
ospf 1
log-adjacency-changes
network 10.34.0.4 0.0.0.0 area 0
network 10.43.0.4 0.0.0.0 area 0
network 10.45.0.4 0.0.0.0 area 0
!
ip
classless
!
!
!
!
!
!
!
line
con 0
line
vty 0 4
login
!
!
!
End
R3#show
run
Building
configuration...
Current
configuration : 748 bytes
!
version
12.4
no
service timestamps log datetime msec
no
service timestamps debug datetime msec
no
service password-encryption
!
hostname
R3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface
FastEthernet0/0
ip address 10.36.0.3 255.255.255.0
duplex auto
speed auto
!
interface
FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface
Serial0/0/0
bandwidth 128
ip address 10.34.0.3 255.255.255.0
!
interface
Serial0/0/1
bandwidth 64
ip address 10.43.0.3 255.255.255.0
!
interface
Vlan1
no ip address
shutdown
!
router
ospf 1
log-adjacency-changes
network 10.34.0.3 0.0.0.0 area 0
network 10.43.0.3 0.0.0.0 area 0
network 10.36.0.3 0.0.0.0 area 36
!
ip
classless
!
!
!
!
!
!
!
line
con 0
line
vty 0 4
login
!
!
!
End
R6#show
run
Building
configuration...
Current
configuration : 531 bytes
!
version
12.4
no
service timestamps log datetime msec
no
service timestamps debug datetime msec
no
service password-encryption
!
hostname
R6
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface
FastEthernet0/0
ip address 10.36.0.6 255.255.255.0
duplex auto
speed auto
!
interface
FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface
Vlan1
no ip address
shutdown
!
router
ospf 1
log-adjacency-changes
network 10.36.0.6 0.0.0.0 area 36
!
ip
classless
!
!
!
!
!
!
!
line
con 0
line
vty 0 4
login
!
!
!
end
Subscribe to:
Posts (Atom)