CCNP 300-101 Route (Security)

Monitor In order to report on something, you have to monitor it. Logging Stored in the router’s random access memory (RAM) RAM is cleared when the router is rebooted or powered off Local Logging buffer Only so much is allocated to logging The oldest information will be overwritten Not persistent (rebooting or powering off...

CCNP 300-101 Route (Path Control)

Switching Types Cisco Express Forwarding (CEF) Default switching type “show ip cef summary” “show ip cef exact-route 1.1.1.1 2.2.2.2” “show ip cef 1.1.1.1 detail” To turn off “no ip cef“ Fast switching Uses IP routing table for initial route lookup and stores the result in a cache “show ip cache“ Process switching Queries the...

CCNP 300-101 Route (LAB)

Redistribute OSPF routes into EIGRP ### Check what EIGRP routes R2 knows R2#show ip eigrp topology ### Set default metric R2(config-router)#default-metric 100000 10 255 1 1500 ### Redistribute OSPF routes into EIGRP R2(config)#router eigrp 10 R2(config-router)#redistribute ospf 1 Redistribute EIGRP routes into OSPF ### Before redistribute, check whether there is existing Type 5 LSA...

CCNP 300-101 Route (EIGRP)

EIGRP (Intro) Distance vector protocol Route summarization can happen at any point along the network (unlike OSPF ABR, ASBR) Does not keep link state information about every router Each router shares its own routes with adjacent neighbors Communicate using IP protocol 88 Multicast 224.0.0.10 AS number is globally significant (routers must have same AS...

Cisco IPSec VPN (site-to-site)

Site A R1(config)#crypto isakmp policy 1 R1(config-isakmp)#authentication pre-share R1(config)#crypto isakmp key Password address SITE.B.IP.ADDRESS R1(config)#access-list 100 permit ip 10.0.0.0 0.255.255.255 192.168.32.0 0.0.0.255 R1(config)#crypto ipsec transform-set MYSET esp-sha-hmac esp-aes Combine above global config to my crypto map 1 R1(config)#crypto map MYMAP 1 ipsec-isakmp R1(config-crypto-map)#set transform-set MYSET R1(config-crypto-map)#set peer SITE.B.IP.ADDRESS R1(config-crypto-map)#match address 100 Turn on R1(config)#interface...

CCNP 300-101 Route (OSPF)

VPN Check isakmp policy R1# show crypto isakmp policy Enable isakmp R1(config)#crypto isakmp enable Create a policy with pre-shared key R1(config)# crypto isakmp policy 100 R1(config-isakmp)# authentication pre-share R1(config-isakmp)# encryption 3des R1(config-isakmp)# hash md5 R1(config-isakmp)# lifetime 86400 R1(config)# crypto isakmp key 6 CCNP address 10.1.1.252 R1(config)# crypto ipsec transform-set CCNP_LAB ah-md5-hmac R1(cfg-crypto-trans)# mode tunnel...

CCNP 300-115 Switch study Part 1/2

How to determine the root bridge? SW# show spanning-tree vlan 192 Indicated as “This bridge is the root“. All the port Roles are Desg (designated port)   Make this switch a root bridge SW250(config)# spanning-tree vlan 192 priority 0   CAM (Content Addressable Memory) A term used synonymously with MAC Address Table that refers...

Common Cisco file management commands

Present Working Directory SW1# pwd Show directory SW1# dir ? Change Directory SW1# cd Copy SW1# copy running-config backup.running.txt Delete and remove SW1# delete flash:/sing-file.txt SW1# rm folders-directories Delete a directory in flash: (without prompt) SW1# delete /force /recursive flash: Show flash SW1# show flash Erase (wipe configuration & start with default config) SW1#...

How to upgrade Cisco switch IOS

Check existing version SW1# show version Check existing boot location SW1# show boot Backup existing version SW1# copy flash:c3750-ipbasek9-mz.122-25.SEE3.bin tftp: Download new IOS and verify MD5 SW1# copy tftp flash SW1# dir flash: SW1# verify /md5 flash:c3750-ipbasek9-mz.122-25.SEE3.bin Get-FileHash on Windows dir Get-FileHash <filepath> -Algorithm MD5 Get-FileHash .\c3750-ipbasek9-mz.122-55.SE12.bin -Algorithm MD5 Ask switch to boot from...

Common Cisco commands

Enable name lookup SW1(config)# ip domain-lookup SW1(config)# ip name-server YOUR.DNS.SERVER.IP SW1(config)# ip domain name yourDomainName.com Disable name lookup SW1(config)# no ip domain-lookup Give DNS domain name SW1(config)# ip domain-name example.com Increase SSH session timeout (e.g. 720 mins = 30 hours and 0 sec) SW252(config)# line vty 0 4 SW252(config-line)# exec-timeout 720 0 Change History...

Scroll to top