Show Menu
Cheatography
  1. Home >
  2. Cheat Sheets >

Comandos R y SW Cheat Sheet (DRAFT) by

This is a draft cheat sheet. It is a work in progress and is not finished yet.

Comandos ingreso y basicos

Router­>enable
Router­#co­nfigure terminal
Switch­(co­nfi­g)#do copy r s
Presionar tabulador completa la palabra
Router­#co­nfigure "­?" el signo de pregunta sirve para ayudar a saber que palabra viene despues
Router­(co­nfi­g)#do ping *<ping destin­o>
Router­(co­nfi­g)#do tracert o tracer <ip destin­o>
Router­#show runnin­g-c­onfig

Config­uracion interfaces

Router­(co­nfi­g)#­int­erface <nombre interf­az>­<numero de interf­az>
Router­(co­nfi­g-i­f)#ip address <ip> <ma­sca­ra>
Router­(co­nfi­g-i­f)#no shutdown
Router­(co­nfi­g-i­f)#­clock rate 56000 <se­riales con reloj>
Router­(co­nfi­g-if)# ipv6 address <ip­v6>
Router­#show ip interface brief
Router­(co­nfi­g-i­f)#ip address dhcp <la interfaz recibe ip por DHCP>

Seguridad

Router­(co­nfi­g)#­enable password password
Router­(co­nfi­g)#­enable secret password
Router­(co­nfi­g)#­service passwo­rd-­enc­ryption
Router­(co­nfi­g)#line console 0
Router­(co­nfi­g-l­ine­)#p­assword password
Router­(co­nfi­g-l­ine­)#login
Router­(co­nfi­g)#line vty 0 4
Router­(co­nfi­g-l­ine­)#p­assword password
Router­(co­nfi­g-l­ine­)#login
Router­(co­nfi­g)#­banner motd $ esciribir mensaje y utilizar el $ para finalizar el mensaje

Resetear router

!.Reinicar router 2. CTRL+B mientras cargan los astericos
Rommon 1>c­onfreg 0x2142
Rommon 2>reset

Enruta­miento estatico

Router­(co­nfi­g)#ip route <red destin­o> <ma­scara destin­o> <salto o interfaz salida>
Router­(co­nfi­g)#ip route 0.0.0.0. 0.0.0.0 <sa­lto> predet­erm­inada
Router­#show ip route

Config­utacion SSH

Router­(co­nfi­g)#­hos­tname name
Router­(co­nfi­g)#ip domain­-name nombre de dominio
Router­(co­nfi­g)#­crypto key generate rsa
Router­(co­nfig)#1024
Router­(co­nfi­g)#­use­rname username privilege 15 password password
Router­(co­nfi­g)#line vty 0 15
Router­(co­nfi­g-l­ine­)#t­ran­sport input ssh
Router­(co­nfi­g-l­ine­)#login local
Router­(co­nfig)# ip ssh version 2
SWITCH
Switch­(co­nfi­g)#­int­erface vlan 10
Switch­(co­nfi­g-i­f)#ip address <> <>
Switch­(co­nfi­g)#ip defaul­t-g­ateway <ip interfaz router>

config­uracion OSPF

Router­(co­nfi­g)#­router ospf 1
Router­(co­nfi­g-r­out­er)­#ne­twork <ip red> <wi­lca­rd> area 0 "­redes direct conect­"
Router­(co­nfi­g-r­out­er)­#re­dis­tribute static subnets <in­yecta rutas static­as>
Router­(co­nfi­g-r­out­er)­#de­fau­lt-­inf­orm­ation originate
Router­#show ip ospf neighbor
Router­#show ip protocols

Config­uracion OSPFv6

Router­(co­nfi­g)#ipv6 router ospf 1
Router­(co­nfi­g)#ipv6 unicas­t-r­outing
Router­(co­nfi­g-r­tr)­#ro­uter-id "­nom­bre­"
Router­(co­nfi­g-i­f)#ipv6 ospf 1 area 0

Resetear switch

Reiniciar router presionar Boton del switch y esperar a que carge switch:
switch: flash_init
switch: dir flash:
switch: delete vlan.d­at.r­enamed
switch: delete config.te­xt.r­enamed
switch: reset

Config­uracion VLAN router

Router
Router­(co­nfi­g)#­int­erface g0/0.10
Router­(co­nfi­g-s­ubi­f)#­enc­aps­ulation dot1Q 10
Router­(co­nfi­g-s­ubi­f)#ip address <> <>
Router­(co­nfi­g)#­int­erface g0/0
Router­(co­nfi­g-i­f)#no shutdown

Config­uracion VLANSwitch

Switch­(co­nfi­g)#vlan 10
Switch­(co­nfi­g)#­int­erface vlan 10
Switch­(co­nfi­g-v­lan­)#name nombre
Switch­(co­nfi­g)#­int­erface range f0/1-24
Switch­(co­nfi­g-i­f-r­ang­e)#­swi­tchport access vlan 10
Switch­(co­nfi­g)#­int­erface range g0/1-2
Switch­(co­nfi­g-i­f-r­ang­e)#­swi­tchport mode trunk
Switch­(co­nfi­g)#do show vlan brief

Config­uracion DHCP

Router­(co­nfi­g)#ip dhcp pool name
Router­(dh­cp-­con­fig­)#n­etwork <ip de la red> <ma­scara de la red>
Router­(dh­cp-­con­fig­)#d­efa­ult­-router ip interfaz de salida
Router­(dh­cp-­con­fig­)#d­ns-­server ip DNS
Router­#show ip dhcp binding
Router­#show ip dhcp pool name

Config­uracion DHCPV6

Router­(co­nfi­g)#ipv6 dhcp pool "­nom­bre­"
Router­(co­nfi­g-d­hcp­v6)­#dn­s-s­erver ip DNS
Router­(co­nfi­g-i­f)#ipv6 dhcp server "­nom­bre­"

ACL extendida

CERCA DEL ORIGEN
Router­(co­nfi­g)#­acc­ess­-list 101 permit tcp host 10.1.1.2 host 172.16.1.1 eq telnet
Router­(co­nfi­g)#­acc­ess­-list 101 permit ip any any
Router­(co­nfi­g-i­f)#ip access­-group 101 in or out
OTRA FORMA PARA CREAR ACL EXTENDIDA
Router­(co­nfi­g)#ip access­-list extended <nombre o numero 100-19­9>
Router­(co­nfi­g-e­xt-­nacl)#permit tcp host 10.1.1.2 host 172.16.1.1 eq telnet
Router­(co­nfi­g-i­f)#ip access­-group 101 in or out

NAT dinamico

Router­(co­nfi­g)#ip nat pool <no­mbr­e> <start ip addres­s> <end ip addres­s>" nestmask <ma­sk>*
Router­(co­nfi­g)#­acc­ess­-list 1 permit <ip red> <wi­lcard red>
Router­(co­nfi­g)#ip nat inside source list 1 pool <no­mbr­e>
Router­(co­nfi­g-i­f)#ip nat inside
Router­(co­nfi­g-i­f)#ip nat outside
Router­(co­nfi­g)#do show ip nat transl­ation

ACL estandar

CERCA DEL DESTINO
Router­(co­nfi­g)#­acc­ess­-list 1 permit <red ip 1-99> <mask red>
Router­(co­nfi­g)#­acc­ess­-list 1 permit ip any
Otra forma para crear una ACL Standar
Router­(co­nfi­g)#ip access­-list standard <nombre o numero 1-99>
Router­(co­nfi­g-s­td-­nac­l)#­permit <re­d> <wi­ldc­ard>
Router­(co­nfi­g-i­f)#ip access­-group nombre o numero in or out

NAT estatico

Router­(co­nfi­g)#ip nat inside source static *<ip privada host> <ip public>
Router­(co­nfi­g)#­int­erface g0/0
Router­(co­nfi­g-i­f)#ip nat outside
Router­(co­nfi­g)#­int­erface g0/1
Router­(co­nfi­g-i­f)#ip nat inside
Router­(co­nfi­g)#do show ip nat transl­ation

PAT

Router­(co­nfi­g)#­acc­ess­-list 1 permit <ip de red> <wi­lca­rd>
Router­(co­nfi­g)#ip nat inside source list 1 interface g0/0 overload
Router­(co­nfi­g-i­f)#ip nat inside
Router­(co­nfi­g-i­f)#ip nat outside
Router­(co­nfi­g)#do show ip nat transl­ation

Spanni­ng-tree

Switch­(co­nfi­g)#do show spanni­ng-tree
Switch­(co­nfi­g)#­spa­nni­ng-tree vlan <id­-vl­an> root {primary | secondary}
Switch­(co­nfi­g)#­spa­nni­ng-tree vlan <nu­mer­o> priority <nu­mer­o>
Switch­(co­nfi­g)#no spanni­ng-tree desactivar spanni­ng-tree

VTP Vlan Trunk Protocols

Primero crear las VLAN
Switch­(co­nfi­g)#vtp domain <nombre cualqu­ier­a>
Switch­(co­nfi­g)#vtp password <clave cualqu­ier­a>
Switch­(co­nfi­g)#vtp mode client, server o transp­arent
Switch­(co­nfi­g)#do show vtp status

PORT-S­ECURITY

Switch­01(­con­fig­-if)# switchport mode access
Switch­01(­con­fig­-if­)#s­wit­chport port-s­ecurity
switchport port-s­ecurity violation { protect | restrict | shutdown }
MAC UNICA
Switch­01(­con­fig­-if­)#s­wit­chport port-s­ecurity maximum 1
Switch­01(­con­fig­-if)# switchport port-s­ecurity violation shutdown
Switch­01(­con­fig­-if)# switchport port-s­ecurity mac-ad­dress 0a04.a­af8.13ad
PORT STICKY
Switch­01(­con­fig­-if)# switchport mode access
Switch­01(­con­fig­-if­)#s­wit­chport port-s­ecurity
Switch­01(­con­fig­-if­)#s­wit­chport port-s­ecurity maximum 1
Switch­01(­con­fig­-if)# switchport port-s­ecurity violation shutdown
Switch­01(­con­fig­-if)# switchport port-s­ecurity mac-ad­dress sticky
show port-s­ecurity interface <>