 CONFIGURE SWITCHS AND ROUTERS

Info Command
Enter privileged EXEC mode Name# Switch> enable
Enter global configuration mode. Name(config)# Switch# configure terminal
Enter interface configuration mode for the SVI. Switch(config)# interface vlan 99
Configure the interface IPv4 address. Switch(config-if)# ip address 172.17.99.11 255.255.255.0
Configure the interface IPv6 address Switch(config-if)# ipv6 address 2001:db8:acad:99::11/64
Enable the interface. Switch(config-if)# no shutdown
Return to the privileged EXEC mode. Switch(config-if)# end
Configure the default gateway for the switch. Switch(config)# ip default-gateway 172.17.99.1
Prevent Domain Message after Invalid Command Switch(config)#no ip domain-lookup
Save the running config to the startup config Switch# copy running-config startup-config

Info Mode Command

Router(config)# interface type-and-number
CONFIGURE Router(config-if)# description description-text
ROUTER Router(config-if)# ip address ipv4-address subnet-mask
INTERFACES Router(config-if)# ipv6 address ipv6-address/prefix-length
Router(config-if)# no shutdown powering on the interface

 CONFIGURE PASSWORDS
Info Mode Command
device name Switch(config)# Hostname NAME
Legal notification Switch(config)# banner motd #TEXT Here# announcements to those who log in to router
Secure user EXEC Switch(config)# line console 0
mode access Switch(config-line)# password Bavly
Switch(config-line)# login
Secure privileged Switch(config)# enable secret 123
secure VTY lines Switch(config-line)# line vty 0 15
Switch(config-line)# password 123
Switch(config-line)# login
ensure passwords Router(config)# security passwords min-length 9
are a minimum of a
specified length
Disable brute-force Router(config)# login block-for # attempts # within #
attack by max Router(config)# login block-for 120 attempts 3 within 60
number of attempts block vty login
Encrypt passwords Switch(config)# service password-encryption
automatically Router(config-line)# exec-timeout minutes seconds
disconnect an Router(config-line)# exec-timeout 3 30 (end seasion after 3 minutes and 30 sec)
inactive user command can be applied console, auxiliary, and vty lines
Disable the EXEC timeout
no exec-timeout
exec-timeout 0 0
 FILTER SHOW COMMAND OUTPUT USING PIPE |
Info Command
Shows entire section that starts with expression Router# show running-config | section interface
Shows all the output lines from a certain point Router# show running-config | begin interface
Includes all output lines that match the expression Router# show running-config | include interface
Router# show ip interface brief | include up
Excludes all output lines that match the expression Router# show ip interface brief | exclude unassigned
Router# show running-config | exclude interface

 VLAN
Info Mode Command
Create Switch(config)# vlan 5
Name Switch(config-vlan)# name CSE_Engineer
Show Switch# show vlan brief
Delete Switch(config-vlan)# no vlan 5
 One by one  One by one
Switch(config)# interface fa0/1
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 5

Add Devices  Range in order  Range in order

Switch(config)# int range fa0/1-3
Switch(config-if-range)# sw m a
Switch(config-if-range)# sw a vlan 5

 Range Not in order  Range Not in order

Switch(config)# int range fa0/4 , fa0/6 , fa0/8
Switch(config)# int range fa0/1-4 , fa0/6 , fa0/8-10

 TRUNK
Info Mode Command
 Public  Public (Connect ALL VALNS to parallel in another switch )
Switch(config)# int fa0/7
Switch(config-if)# switchport mode trunk First To Run

Create  Private  Private (Connect a certain number of VLANS NOT ALL)

Switch(config-if)# switchport trunk allowed vlan 2,3

 multilayer switch  Configure trunk in multi layer switch

Fisrt Change Protocol Fisrt Change Protocol
Switch(config-if)# switchport trunk encapsulation dot1q
Add VLAN Switch(config-if)# switchport trunk allowed vlan add 4
Remove Switch(config-if)# switchport trunk allowed vlan remove 4
VLAN
Show Switch# show int trunk
 Inter-VLAN : routing is the process of forwarding network traffic from one
VLAN to another VLAN.
1. Create and name the VLANs.
2. Create the management interface. Initial Configuration
3. Configure access ports.
4. Configure trunking ports.

 ROUTER-ON-A-STICK INTER-VLAN
Info Mode Command
Router(config)# int fa0/0
Router(config-if)# no shutdown
Router(config-if ip address 192.168.0.1 255.255.255.252

Router(config-if)# int fa0/0.2

Router(config-subif)# encapsulation dot1Q 2
Router(config-subif)# ip address 192.168.2.1 255.255.255.240
Create
ON Router(config-if)# int fa0/0.3
Rounter Router(config-subif)# encapsulation dot1Q 3
Router(config-subif)# ip address 192.168.3.1 255.255.255.192

Router(config-if)# int fa0/0.4

Router(config-subif)# encapsulation dot1Q 4
Router(config-subif)# ip address 192.168.4.1 255.255.255.224
Show
ON Router(config)# do show ip int brief
Rounter
Create Switch(config)# int fa0/8
ON Switch(config-if)# sw m trunk
Switch
 LAYER 3 SWITCH INTER-VLAN ROUTING
 Capabilities of a Layer 3 switch include the ability to do the following:
1. Route from one VLAN to another using multiple switched virtual interfaces (SVIs).
2. Convert a Layer 2 switchport to a Layer 3 interface (i.e., a routed port). A routed port is similar
to a physical interface on a Cisco IOS router.

SWITCH LAYER 3 (SWITCH VIRTUAL INTERFACE (SVI)) USING AS ROUTER

Info Mode Command
Switch(config)# int vlan 2
Switch(config-if)# ip address 192.168.2.1 255.255.255.240
Switch(config-if)# no shutdown

Switch(config)# int vlan 3

Create Switch(config-if)# ip address 192.168.3.1 255.255.255.192
Switch(config-if)# no shutdown

Switch(config)# int vlan 4

Switch(config-if)# ip address 192.168.4.1 255.255.255.224
Switch(config-if)# no shutdown
ShowRouter Switch(config)# do show ip route
Run Router Switch(config)# ip routing
 SPANNING TREE PROTOCOL (STP)
1. Spanning Tree Protocol (STP) is a loop-prevention network
protocol that allows for redundancy while creating a loop-
free Layer 2 topology.
2. Without STP enabled, Layer 2 loops can form, causing
broadcast, multicast and unknown unicast frames to loop
endlessly. (Broadcast Storm)

 The Spanning Tree Algorithm

1. STP requires election ‫ انتخابات‬to be performed first
2. The Winner (Root Bridge) must be: 1-Lowest Priority, 2-Lowest MAC Address
‫هيشوف اقل اولوية لو عدة اجهزة لها نفس االولوية هيشوف اقل ماك ادرس‬
Bridge ID = Bridge priority . Bridge MAC Address
3. After the root bridge has been determined, the STA algorithm is used to select the root port.
Every non-root switch will select one root port. The root port is the port closest to the root
bridge in terms of overall cost (best path) to the root bridge
4. Every segment between two switches will have one designated port. the designated port has
the best path to receive traffic leading to the root bridge.
5. All ports on the root bridge are designated ports, This is because the root bridge has the
lowest cost to itself.
6. If a port is not a root port or a designated port, then it becomes an alternate (or backup) port.
7. Multiple Equal-Cost Paths  Election Lowest sender port ID

Info Mode Command

Show Switch# show spanning-tree

 CDP & LLDP

Info Mode Command
CDP Switch# show cdp neighbors
Disabled for all the Switch(config)# no cdp run
interfaces
Disable on specific Switch(config-if)# no cdp enable
interface
LLDP Switch(config)# lldp run In all switchs
Switch# show lldp neighbors
configure on specific Switch(config-if)# lldp transmit
interface Switch(config-if)# lldb receive
 ETHERCHANNEL, LACP, PAGP, LAYER 3
1. A link aggregation technology is needed that allows redundant links
(more bandwidth) between devices that will not be blocked by STP
2. EtherChannel is a link aggregation technology that groups multiple
physical Ethernet links together into one single logical link. It is used
to provide fault-tolerance, load sharing, increased bandwidth, and
redundancy between switches, routers, and servers.
3. Interface types cannot be mixed. For example, Fast Ethernet and
Gigabit Ethernet cannot be mixed within a single EtherChannel.

 Link Aggregation Control Protocol (LACP) --> IEEE Protcol

Info Mode Command
S1(config)# int range fa0/1-3
S1(config-if-range)# channel-group 1 mode active (at least, one should be active)
Enable S1(config)# int port-channel 1
LACP S1(config-if)# sw m trunk

S2(config)# int range fa0/1-3

S2(config-if-range)# channel-group 1 mode passive (another Switch active or passive)
Show Switch# show etherchannel summary

 Port Aggregation Protocol (PAgP) --> Cisco Protcol

Info Mode Command
S2(config)# int range fa0/5-7
S2(config-if-range)# channel-group 2 mode desirable (at least,one should be desirable)
Enable S2(config)# int port-channel 2
PAgP S2(config-if)# sw m trunk

S3(config)# int range fa0/1-3

S3(config-if-range)# channel-group 2 mode auto (another Switch desirable or auto)

 Layer 3 Using as Router

Info Mode Command
MLS1(config)# int range fa0/1-3
Enable MLS1(config-if-range)# channel-group 1 mode on
Layer 3 MLS1(config)# int port-channel 1 ‫نفس االوامر للسوتشين مع تغير االيبي فقط‬
MLS1(config-if)# no switchport
MLS1(config-if)# ip address 192.168.1.1 255.255.255.0
 STATIC ROUTING
‫ لكل مدخل وكل جهاز‬IP ‫ نظبط اعدادت الراوتر ونعطيه‬: ‫أوال‬
 Initial Configuration
1. IP + SM + GW (End Devices)
2. no shutdown + IP + SM for Each interface of Router
 Multilayer Switch Initial Configuration
1. IP + SM + GW (End Devices)
2. no switchport + IP + SM for Each interface of Router
3. ip routing in config to enable ip route command
Info Mode Command
Router0(config)# ip route 192.168.2.0 255.255.255.0 10.10.10.2
show int of 192.168.2.0/24 [1/0] via 10.10.10.2
another 10.10.10.2 ‫ عن طريق‬192.168.2.0 ‫تم الوصول‬
router in
current Router1(config)# ip route 192.168.1.0 255.255.255.0 10.10.10.1
router 192.168.1.0/24 ]0/1[ via 10.10.10.1
10.10.10.1 ‫ عن طريق‬192.168.1.0 ‫تم الوصول‬
Save Conf Router1# write
Show Router0# Show ip Route
 Add New Port To Router
1. In the physical tab turn the router off by clicking the power button.
2. Drag (NM-1FE-TX) and drop to an available slot.
3. turn the router on by clicking the power button.
Router0(config)# ip route 172.16.1.0 255.255.255.0 10.10.10.2
Router0(config)# ip route 10.10.0.0 255.255.255.0 10.10.10.2
Complete Router1(config)# ip route 10.10.0.0 255.255.255.0 172.16.1.2
Show Router2(config)# ip route 192.168.2.0 255.255.255.0 172.16.1.1
Router2(config)# ip route 10.10.10.0 255.255.255.0 172.16.1.1
Router2(config)# ip route 192.168.1.0 255.255.255.0 172.16.1.1

 FLOATING STATIC
Mode Command
Switch(config)# ip route 6.6.6.0 255.255.255.0 3.3.3.2 2 administrative distance (AD)
Switch# Show run
 IPv6 Static
Mode Command
Router(config)# ipv6 unicast-routing First To Run Routing using ipv6
Router(config)# int fa0/0 v6 ‫ اضيف‬ip ‫باقي الخطوات كما بالسابق لكن مع كل‬
Router(config)# no shut
Router#show ipv6 int brief
Router(config)# ipv6 add fec1::1/64
Router(config)#ipv6 route fec1::/64 2001::1
S FEC1::/64 [1/0]
via 2001::1
 DYNAMIC ROUTING OSPF (STANDARD PROTCOL)
‫ لكل مدخل وكل جهاز‬IP ‫ نظبط اعدادت الراوتر ونعطيه‬: ‫أوال‬
 Initial Configuration
1. IP + SM + GW (End Devices)
2. no shutdown + IP + SM for Each interface of Router
 Multilayer Switch Initial Configuration
1. IP + SM + GW (End Devices)
2. no switchport + IP + SM for Each interface of Router
3. ip routing in config to enable ip route command
Info Mode Command wild card mask
R0(config)# router ospf 10 Advertisements ‫االعالن عن مداخل كل راوتر‬
255.255.255.0
R0(config-router)# network 10.10.10.0 0.0.0.255 area 0 -
Create R0(config-router)# network 192.168.1.0 0.0.0.255 area 0 255.255.255.0
=
R1(config)# router ospf 10 0.0.0.255
R1(config-router)# network 10.10.10.0 0.0.0.255 area 0
R1(config-router)# network 172.16.1.0 0.0.0.255 area 0
Another Way Router(config)# int fa0/0 ‫باق المنافذ‬
‫عل ي‬‫ونفس الطريقة ي‬
Create Router(config-if)# ip ospf 10 area 0
prevent the Router(config)# router ospf 10
OSPF process Router(config-router)# passive-interface fa0/0 ‫عل منفذ معي‬ ‫ ي‬OSPF ‫تعطيل‬
Router(config-router)# passive-interface default ‫عل كل المنافذ‬
‫ ي‬OSPF ‫تعطيل‬
OSPF Priority Router(config)# int fa0/0
Router(config-if)# ip ospf priority 255
Clear OSPF Router(config)# clear ip ospf process
Show Router# show ip ospf neighbor

 Dead interval is the period that the router waits to receive a Hello packet before
declaring neighbor down (OSPF removes that neighbor fromlink-state database (LSDB))
 Cisco uses a default of 4 times the Hello interval

 Propagate a Default Static Route in OSPFv2 ‫نش مسار ثابت لجعل كل الرواتر تتبع راوتر معي نحو االنتنت‬
‫ر‬
 DYNAMIC ROUTING EIGRP (CISCO PROTCOL)
Info Mode Command
Router0(config)# route eigrp 10
Router0(config-router)# network 10.10.10.0
Create Router0(config-router)# network 192.168.1.0
Router1(config)# route eigrp 10
Router1(config-router)# network 10.10.10.0
Router1(config-router)# network 192.168.2.0

 DYNAMIC ROUTING BGP (OPEN PROTCOL)

Info Mode Command
Router0(config)# router bgp 1
Router0(config-router)# neighbor 10.10.10.2 remote-as 2
Create Router0(config-router)# network 10.10.10.0 mask 255.255.255.0
Router0(config-router)# network 192.168.1.0 mask 255.255.255.0
Router1(config)# router bgp 2
Router1(config-router)# neighbor 10.10.10.1 remote-as 1
Router1(config-router)# network 10.10.10.0 mask 255.255.255.0
Router1(config-router)# network 192.168.2.0 mask 255.255.255.0

 DHCP SERVER
Info Mode Command
Name pool Router(config)# ip dhcp pool Dynm_IP
IP Network Router(dhcp-config)# network 192.168.2.0 255.255.255.0
IP Router Router(dhcp-config)# default-router 192.168.2.1
Dns Router(dhcp-config)# dns-server 8.8.8.8
Exclude IP Router(config)# ip dhcp excluded-address 192.168.2.1
Show Router# show ip dhcp binding
DHCP Relay Router0(config)# int fa0/0
Router0(config-if)# ip helper-address 10.10.10.1

DHCP Relay

destination IP address will PC

place in the IP header
DHCP_Server
255.255.255.255
 FHRP
Info Mode Command
Router0(config)# int fa0/0
Router0(config-if)# standby 1 ip 10.10.10.10
Router0(config-if)# standby 1 priority 110
Router0(config-if)# standby 1 preempt => ‫ لجعله الراوتر الرئيسي‬Active
Create
Router2(config)# Router2(config)#int fa0/0
Router2(config-if)# Router2(config-if)#standby 1 ip 10.10.10.10
Router2(config-if)# Router2(config-if)#standby 1 priority 90
Router2(config-if)# Router2(config-if)#standby 1 preempt => Standby
Show Router# show standby
Router0(config)#ip dhcp pool 1
Router0(dhcp-config)#default-router 10.10.10.10
Change gateway

 STATIC NAT
Info Mode Command
Edge_Router(config)# ip nat inside source static 10.10.10.10 9.9.9.3
Edge_Router(config)# ip nat inside source static 10.10.10.11 9.9.9.4
Edge_Router(config)# ip nat inside source static 10.10.10.12 9.9.9.5

Create Edge_Router(config)# int fa0/0

Edge_Router(config-if)# ip nat inside

Edge_Router(config)# int fa0/1

Edge_Router(config-if)# ip nat outside
Show Edge_Router# show ip nat translations
Edge_Router# show ip nat statistics
 DYNAMIC NAT
Info Mode Command
Edge_Router(config)# access-list 1 permit 10.10.10.0 0.0.0.63
Edge_Router(config)# ip nat pool Bavly 9.9.9.3 9.9.9.6 netmask 255.255.255.248
Edge_Router(config)# ip nat inside source list 1 pool Bavly

Create Edge_Router(config)# int fa0/0

Edge_Router(config-if)# ip nat inside

Edge_Router(config)# int fa0/1

Edge_Router(config-if)# ip nat outside
Show Edge_Router# show ip nat translations
Edge_Router# show ip nat statistics

 PAT
Info Mode Command
Edge_Router(config)# access-list 1 permit 10.10.10.0 0.0.0.63
Edge_Router(config)# ip nat inside source list 1 interface fastEthernet 0/1 overload

Create Edge_Router(config)# int fa0/0

Edge_Router(config-if)# ip nat inside

Edge_Router(config)# int fa0/1

Edge_Router(config-if)# ip nat outside
 NTP Synchronized time for all devices
Info Mode Command
NTP-Server# clock set 11:09:00 15 July 2023
Create NTP-Server(config)# ntp master Default = 8 Act as NTP master clock
NTP-Client(config)# ntp server 192.168.1.1
Show NTP-Server# Show clock
NTP-Server# show ntp status

 SYSLOG Force logged events to display the date and time

Info Mode Command
Configure Syslog Router(config)# service timestamps log datetime
Timestamp

 REMOTE ACCESS SSH

Info Mode Command
First Change Hostname , Domain-name
Router(config)# hostname Secu
Secu(config)# ip domain-name Bavly
SSH Secu(config)# crypto key generate rsa
Transport How many bits in the modulus [512]: 768 to enable SSH v2
Secu(config)# ip ssh version 2
Secu(config)# line vty 0 15
Secu(config-line)# transport input ssh

ADD Multi Users

Secu(config)# username Bavly_Zaher privilege 15 password 123
Secu(config)# username Bola privilege 15 password 1234
From PC on C:\>ssh -l Bola 192.168.1.1
CMD Enter ‫اكتب الباسورد مرة ثم ادوس‬
Show Router# show run
Router# show ip ssh
 DEVICE ACCESS CONTROL
Info Mode Command
Secure user Router(config)# username Bavly_Zaher privilege 15 password 123
EXEC mode Router(config)# line console 0 Local coordinates
access Router(config-line)# login local
Using
Console and Router(config)# line aux 0
Aux Router(config-line)# password Bavlyy
Router(config-line)# login
Secure Router(config)# enable secret 123
privileged
EXEC access
 permit or deny packets based
 STANDARD ACCESS LIST on Layer 3 only only on the source IPv4 address

Info Mode Command

MLS(config)# access-list 10 deny 10.1.1.0 0.0.0.255
MLS(config)# access-list 10 permit any Sequence number ‫الترتيب مهم‬
Create Deny before Permit
MLS(config)# int fa0/3
MLS(config-if)# ip access-group 10 out
Edit MLS(config)# ip access-list standard 1
Sequence MLS(config-std-nacl)# 15 deny host 10.1.2.11
Number Number before permission
Show MLS# show access-list

VLANS ‫يق الراوتر المتعرف عليه‬

‫عل البورت تبعه‬
‫يجب ان اعرف األمر ي‬
int fa0/0.20
ip access-group 1 in

permit or deny packets

 EXTENDED ACCESS LIST USING NAMED Layer 3,4

based on the source IPv4
address and destination
Info Mode Command IPv4 address, protocol
MLS(config)# ip access-list extended LAB2 type, source and
destination TCP or UDP
 Block PC0 from accessing to switch 1
MLS(config-ext-nacl)# deny ip host 10.1.1.10 10.1.3.0 0.0.0.15
Create MLS(config-ext-nacl)# In The end of List
permit ip any any
MLS(config)# int fa0/1
MLS(config-if)# ip access-group LAB2 in

 Block all http to all server

MLS(config-ext-nacl)# deny tcp any host 10.1.4.2 eq 80
MLS(config-ext-nacl)# permit ip any any
MLS(config)# int fa0/4
MLS(config-if)# ip access-group LAB2 out
 PORT SECURITY
Info Mode Command
Switch(config)# int fa0/3
Switch(config-if)# switchport mode access
MAC address Switch(config-if)# switchport port-security
sticky Switch(config-if)# switchport port-security maximum 1
Switch(config-if)# switchport port-security mac-address sticky
Switch(config-if)# switchport port-security violation shutdown
‫أي جهاز اخر غير الكمبيوتر المرتبط بالمنفذ هيأدي الي انطفاء المنفذ الن محدد جهاز‬
‫ تم تحديد الماك ادرس للكمبيوتر فقط‬sticky ‫واحد وبسبب‬
Run Agian Switch(config-if)# Shutdown
Switch(config-if)# No shutdown
Switch(config)# int fa0/4
Switch(config-if)# switchport mode access
Another Switch(config-if)# switchport port-security
Example Switch(config-if)# switchport port-security maximum 4
Switch(config-if)# switchport port-security violation shutdown
Show Switch# show port-security

𝑺𝒉𝒖𝒕𝒅𝒐𝒘𝒏 (𝑫𝒆𝒇𝒂𝒖𝒍𝒕)
𝑽𝒊𝒐𝒍𝒂𝒕𝒊𝒐𝒏 → 𝑷𝒓𝒐𝒕𝒆𝒄𝒕 (𝑺𝒊𝒍𝒆𝒏𝒕𝒍𝒚)
𝑺𝒕𝒓𝒊𝒄𝒕 (𝑳𝒐𝒈 𝒊𝒕)
 DHCP SNOOPING
Info Mode Command
Switch1(config)# ip dhcp snooping
Create on Switch1(config)# ip dhcp snooping vlan 1
Switch Switch1(config)# int range fa0/1-4
Switch1(config-if-range)# ip dhcp snooping limit rate 6 rate limit is set to six packets per second
Switch1(config)# int fa0/5
Switch1(config-if)# ip dhcp snooping trust
Create on Main-Router(config)# ip dhcp relay information trust-all
Router
 DHCP SERVER AND RELAY FOR VLANS (ADVANCED)
1. Create DHCP pool for each vlan
ip dhcp excluded-address 192.168.1.1
ip dhcp excluded-address 192.168.1.65
ip dhcp excluded-address 192.168.1.129
ip dhcp excluded-address 192.168.1.161

ip dhcp pool vlan10

network 192.168.1.0 255.255.255.192
default-router 192.168.1.1
dns-server 1.1.1.1

ip dhcp pool vlan20

network 192.168.1.64 255.255.255.192
default-router 192.168.1.65
dns-server 2.2.2.2
ON DHCP Server
ip dhcp pool vlan30 ‫ملحوظة‬
network 192.168.1.128 255.255.255.224 vlan ‫ لكل‬ip ‫عل السويتش يجب اعطاء‬
default-router 192.168.1.129 ‫ متفعلة ي‬DHCP ‫لو خدمة‬
dns-server 3.3.3.3
Int vlan 10
Ip add 192.168.1.5 255.255.255.192
ip dhcp pool vlan40 DHCP uses the IP address of a VLAN to determine
network 192.168.1.160 255.255.255.240 the pool from which it should provide an IP
default-router 192.168.1.161
configuration
dns-server 4.4.4.4

2. Create DHCP Relay for each inter vlan

interface FastEthernet0/0.10
encapsulation dot1Q 10
ip address 192.168.1.1 255.255.255.192
ip helper-address 192.168.2.1

interface FastEthernet0/0.20
encapsulation dot1Q 20
ip address 192.168.1.65 255.255.255.192
ip helper-address 192.168.2.1

interface FastEthernet0/0.30 ON Router0

encapsulation dot1Q 30
ip address 192.168.1.129 255.255.255.224
ip helper-address 192.168.2.1

interface FastEthernet0/0.40
encapsulation dot1Q 40
ip address 192.168.1.161 255.255.255.240
ip helper-address 192.168.2.1