ルータ基礎
// ルータ初期化
#erase startup-config
#reload
#copy running-config startup-config
(config)#line console 0
(config-line)#password <ps>
(config-line)#<login | login local>
(config)#enable password <ps>
(config)#enable secret <ps>
(config)#enable algorithm-type <md5 | sha256 | scrypt> secret <ps>
(config)#line vty 0 4
(config)#username <name> [privilege <level 0-15>] password <ps>
(config)#service password-encryption
(config-line)#exec-timeout <min>
(config)#hostname <name>
(config)#ip domain-name <name>
(config)#crypto key generate rsa
(config-line)#tranport input <telnet | ssh | all | none>
(config)#ip ssh version <1 | 2>
(config)#interface FastEthernet 0/0
(config-if)#ip address 192.168.0.1 255.255.255.0
(config-if)#no shutdown
(config-if)#duplex <auto | full | half>
(config-if)#speed <10 | 100 | 1000 | auto>
(config-if)#clock rate <no>
#show controllers serial <Number>
#show interfaces [interface]
#show ip interface [brief] [interface]
#show ip route
// iface指定でping処理
#ping <IP | hostname> source <IP>
#traceroute <IP | hostname>
// スタティックルーティング登録
(config)#ip route <ip-address> <subnet-mask> <nexthope | interface> [AD]
// デフォルトルート設定
(config)#ip route 0.0.0.0 0.0.0.0 <next-hope | interface> [AD]
OSPF
OSPF設定
(config)#router ospf <process-id>
(config-router)#network <ip-address> <wildcard-mask> area <area-id>
(config-if)#ip ospf <process-id> area <area-id>
関連設定
(config-router)#passive-interface <interface> // パッシブインターフェース指定
(config-router)#router-id <router-id> // ルータID指定
(config)#interface lookback 0
(config-if)#ip address 10.10.10.1 255.255.255.255
(config-if)#ip ospf priority <no>
(config-if)#ip ospf cost <no>
(config-if)#bandwidth <no>
(config-if)#ip ospf hello-interval <second>
(config-if)#ip ospf dead-interval <second>
(config-if)#ip ospf mtu-ignore
(config-router)#default-information originate [always]
OSPF確認
#show ip ospf neighbor
#show ip ospf database
#show ip protocols
#show ip ospf interface [interface]
ACL
標準ACL
(config)#access-list <ACL-NO> <permit | deny> <ip-address> <wildcard-mask>
(config)#ip access-list standard <ACL-name>
(config-std-nacl)#<permit | deny> <ip-address> <wildcard-mask>
(config-if)#ip access-group <ACL> <in | out>
拡張ACL
(config)#access-list <ACL> <psermit | deny> <protocol> <ip-address> <wildcard-mask> [port-no] <ip-address> <wildcard-mask> [<option>]
(config)#ip access-list extended <ACL>
(config-ext-nacl)#<permit | deny> <protocol> <ip-address> <wildcard-mask> [port-no] <ip-address> <wildcard-mask> [<option>]
VTYアクセス制御
(config)#line vty 0 4
(config-line)#access-class <ACL> in
ACL削除
(config)#no access-list <ACL>
(config)#ip access-list standard <ACL>
(config-std-nacl)#no <sqe-no>
ACL確認
#show access-lists [ACL]
NAT
スタティックNAT
(config-if)#ip nat <inside | outside>
(config)#ip nat inside source static <inside-local-address> <inside-global-address>
ダイナミックNAT、PAT
(config-if)#ip nat <inside | outside>
(config)#access-list <ACL-NO> <permit | deny> <ip-address> <Wildcard-mask>
(config)#ip nat pool <pool-name> <start-address> <end-address> netmask <subnet-mask>
(config)#ip nat inside source list <ACL> pool <pool-name> // ダイナミックNAT
(config)#ip nat inside source list <ACL> <pool <pool-name> | interface <interface>> overload // PAD
NATテーブル削除
#clear ip nat translation *
NAT確認
#show ip nat translations // NATテーブル確認
#show ip nat statistics // 統計情報確認
DHCP(Dynamic Host Configuration Protocol)
DHCPサーバー設定
(config)#ip dhcp pool <pool-name>
(dhcp-config)#network <network> <subnetmask | /prefix>
(dhcp-config)#default-router <ip-address>
(dhcp-config)#lease <days>
(dhcp-config)#dns-server <dns-server-ip>
#除外アドレス指定
(config)#ip dhcp excluded-address <start-address> [<end-address>]
DHCPクライアント
(config-if)#ip address dhcp
DHCP確認
#show ip dhcp pool
#show ip dhcp binding
#show ip dhcp conflict
#show dhcp lease
DHCPコンフリクトクリア
#clear ip dhcp conflict *
DHCPリレーエージェント
(config-if)#ip helper-address <DHCP-server-ip>
スイッチ
IP設定
(config)#interface vlan 1
(config-if)#ip address 192.168.0.1 255.255.255.0
(config-if)#no shutdown
(config)#ip default-gateway 192.168.0.254
VLAN
VALN作成、削除
#vlan database
(vlan)#vlan <no> [name <name>]
(vlan)#apply // 反映
(vlan)#no vlan <no>
(config)#vlan <no>
(config-vlan)#name <name>
(config-vlan)#exit // 抜けないと反映されない
(config)no vlan <no>
アクセスポート設定
(config)#interface <face>
(config-if)#switchport mode access
(config-if)#switchport access vlan <no>
トランクポート設定
(config)#interface <face>
(config-if)#switchport trunk encapsulation <dot1q | isl>
(config-if)#switchport mode trunk
(config-if)#switchport trunk native vlan <no>
(config-if)#switchport trunk allowed vlan <nos>
// ネゴシエーション
(config-if)#swtichport mode dynamic <auto | desirable>
(config-if)#swtichport nonegotiate
// 音声VALN
(config-if)#switchport voice vlan <no>
VLAN確認
#show vlan [brief]
#show vlan id <vlan-no>
#show interfaces [iface] trunk
#show interfaces [iface] switchport
#show interfaces status
#show mac-address-table
VTP関連
(config)#vtp domain <name>
(config)#vtp mode <server | client | transparent>
#vlan database
(vlan)#vtp domain <name>
(vlan)#vtp <server | client | transparent>
#show vtp status
VLAN間ルーティング
(config)#interface FastEthernet 0.1
(config-subif)#encapsulation <dot1q | isl> <vlan-no> [native]
// レイヤ3スイッチ
(config)#interface vlan <no>
(config)#ip routing
STP
#show spanning-tree [vlan <no>]
#show spanning-tree interface <iface>
#debug spanning-tree events
#no debug spanning-tree events
(config)#spannint-tree vlan <no> priority <4096*no>
(config)#spanning-tree vlan <no> root primary
(config)#spanning-tree pasthcost method <short | long>
(config-if)#spanning-tree vlan <no> cost <num>
(config-if)#spanning-tree vlan <no> port-priority <no>
(config-if)#spanning-tree portfast
(config-if)#spanning-tree bpduguard <enable | disable>
(config-if)#spanning-tree guard root
(config)#spanning-tree portfast bpduguard default
(config)#spanning-tree mod <pvst | rapid-pvst>
EtherChannel
(config-if)#channel-group <no> mode <on | auto | desirable | active | passive> [non-silent]
(config-if)#channel-group <lacp | pagp>
(config)#port-channel load-balance <method>
(config)#interface range Fa0/1 - 3
#show etherchannel <summary | detail>
#show etherchannel load-balance
#show <lacp | pagp> neighbor
IP6
(config)#ipv6 unicast-routing
(config-if)#ipv6 enable
(config-if)#ipv6 address <address> link-local
(config-if)#ipv6 address <address>/<prefix> [eui-64]
(config-if)#ipv6 address autoconfig
// スタティックルーティング登録
(config)#ipv6 route <address>/<prefix> <nexthope | interface> [AD]
// デフォルトルート設定
(config)#ipv6 route ::/0 <next-hope | interface> [AD]
#show ipv6 route
HSRP(Hot Standby Router Protocol)
(config-if)#standby [<group-no>] ip [<ip>]
(config-if)#standby [<group-no>] priority <no>
(config-if)#standby [<group-no>] preempt
(config-if)#standby [<group-no>] track<iface> [<minuse-priority>]
#show standby [brief]
SNMP(Simple Network Management Protocol)
(config)#snmp-server view <name> <OID> <include | exclude>
(config)#snmp-server community <name> [view <name>] [ro | rw] [<ACL>]
(config)#snmp-server host <ip> [traps | informs] [version <1 | 2c | 3 <auth | noauth | priv>>] [community-name | user-name]
(config)#snmp-server enable traps [<target>]
(config)#snmp-server group <name> v3 <auth | noauth | priv> [read <view-name>] [write <view-name>] [access <ACL>]
(config)#snmp-server user <name> <group-name> v3 [auth <md5 | sha> <password>] [priv <des | 3des | aes <128 | 192 | 256>> <password>]
#show snmp view
#show snmp group
#show snmp user
Device Management
LOG
(config)#logging console <level>
#terminal monitor
#terminal no monitor
(config)#logging monitor <level>
(config)#logging buffered <size>
(config)#logging buffered <level>
(config)#logging host <IP | hostname>
(config)#service timestamps <debug | log> [<datetime [localtime] [msec] [show-timezone] [year] | uptime>]
(config)#service sequence-numbers
#show logging
#debug all
#undebug all
#no debug all
NTP
(config)#ntp server <ip-address> [prefer]
(config)#ntp server <ip-address> <key-no> [prefer]
(config)#ntp master [<stratum-no>]
(config)#ntp authenticate
(config)#ntp authentication-key <key-no> md5 <string>
(config)#ntp trusted-key <key-no>
(config)#clock timezone JST 9
#show clock
#show ntp status
#show ntp associations
CDP(Cisco Discovery Protocol)
(config)#[no] cdp run
(config-if)#[no] cdp enable
#show cdp
#show cdp interface
#show cdp neighbors
#show cdp neighbors detail
#show cdp entry <* | hostname>
LLDP(Link Layer Discovery Protocol)IEEE802.1AB
(config)#lldp run
(config-if)#lldp <transmit | receive>
(config)#lldp timer <second>
(config)#lldp holdtime <second>
(config)#lldp reinit <second>
(config)#lldp tlv-select <TLV-name>
#show lldp
#show lld neighbors
#show lldp neighbors detail
#show lldp entry <* | hostname>
IOS
#show flash
#show version
(config)#config-register <Ox2142 | Ox2102>
#telnet <IP | hostname>
#ssh -l <username> <IP | hostname>
Ctrl+Shift+6 ⇒ X
#show session
#resume [<session-no>]
#disconnect <session-no>
#show users
(config)#banner motd <end-code>
セキュリティ
ポートセキュリティ
(config-if)#switchport mode <access | trunk>
(config-if)#switchport port-security
(config-if)#switchport port-security maximum 4
(config-if)#switchport port-security mac-address xx:xx:xx:xx:xx:xx
(config-if)#switchport port-security mac-address sticky
(config-if)#switchport port-security violation <protect | restrict | shutdown>
#show port-security
#show port-security address
#show port-security interface fa0/0
#show errdisable recovery
(conf)#errdisable revovery cause psecure-violation
(conf)#errdisable revovery interval 300
DHCPスヌーピング
(config)#ip dhcp snooping
(config)#ip dhcp snooping vlan <no>
(config)#ip dhcp snooping information option
(config-if)#ip dhcp snooping trust
#show ip dhcp snooping
#show ip dhcp snooping binding
ダイナミックARPインスピクション(DAI)
(config)#ip arp inspection vlan <no>
(config-if)#ip arp inspection trust
(config-if)#switchport mode access
(config-if)#switchport access vlan <no>
#show ip arp inspection vlan <no>
AAA
(config)#aaa new-model
(config)#aaa authentication login <default | listName> <mode>
// mode
enable | group radius | group tacacs+ | line | local | local-case | none
(config-line)#login authentication <defult | listName>