o reload Automate FTP

SCP copy Licensing

Port Security Factoid Misc

Table of Eights blank

Trivia

host tracert uses icmp, cisco uses UDP header

tracert sends packets with TTL=1, TTL=2, TTL=2, TTL=...

pathping is another Windows OS tracert like command

extended ping on IOS is just ping (then it asks questions)

show running-config interface g0/1

Most specific (longest prefix) of the Overlapping routes is used to route

subnet of a single classful network that use multiple different masks = VLSM

Outbound ACL does not filter routing. ping, and traceroute

disable access list prior to making changes i.e. S1(config-if)# no ip access-group 1

Router Self Ping to Serial Interface will be fowrared out serial interface
Router Self Ping to Ethernet Interface will not foward frame, but it will process incomming ACL logic

R2# setup (CLI for auto setup by prompt)

Menu

Configure logon security – no user name

sw1>enable

sw1# configure terminal

sw1(config)# enable secret letmein

sw1(config)# hostname bob

bob(config)# line console 0

bob(config-line)# password hope

bob(config-line)# login

bob(config-line)# exec-timeout 0 0

bob(config-line)# logging synchronous

bob(config-line)# exit

bob(config)# line vty 0 15

bob(config-line)# password love

bob(config-line)# login

bob(config-line)# end

bob#

Menu

Configure logon security – with user names

bob>enable

bob# configure terminal

bob(config)# line vty 0 15

bob(config-line)# login local

bob(config-line)# exit

bob(config-line)# username johnt password letmein

bob(config-line)# username lynn password 666

bob(config-line)# ip domain-name ccaac.com

bob(config-line)# crypto key generate rsa

bob(config-line)# ip ssh version 2

bob(config-line)# end (or ^z)

bob# (show ip ssh – shows server)

bob# (show ssh – shows connections)

Menu

Select/Restrict Telnet/SSH

bob(config)# line vty 0 15

bob(config-line)# transport input { all | none | telnet | ssh }

Menu

Hide password from show running-configuration

bob# configure terminal

bob(config)# service password-encrytion – hides passwords from the show running-config (7)

bob(config)# end (or ^z)

bob# configure terminal

bob(config)# enable password Mother – hides passwords from the show running-config (7)

bob(config)# end (or ^z)

bob# configure terminal

bob(config)# enable secret Fred – hides passwords from the show running-config (5)

bob(config)# end (or ^z)

bob>enable

bob# configure terminal

bob(config)# line vty 0 15

bob(config-line)# login local

bob(config-line)# exit

bob(config-line)# username johnt secret letmein – (5)

enable password fred (0)
enable secret barney (5)
service password-encryption (7)
enable algorthm-type sha-256 secret barney (8)
enable algorthm-type scrypt secret barney (9)

Menu

Setting banners

bob>enable

bob# configure terminal

bob(config)# banner # (MOTD) switch down #

bob(config)# banner login # (login) hello user #

bob(config)# banner exec # (exec) keys are in the top drawer #

bob(config)# terminal history size 55 – Sets for this user the # of entries for history buffer

bob# show terminal history

Menu

Switch configuration

S1(config)# ip default-gateway 192.168.1.45

S1(config)# interface vlan 1

S1(config-if)# ip address 192.168.1.86 255.255.255.0

S1(config-if)# ip address dhcp

S1(config-if)# no shutdown

S1(config)# interface range 2 25

S1(config-if-range)# description end_users_connect_here

S1(config-if-range)# duplex full

S1(config-if-range)# speed 100 - configuring duplex AND speed disables auto-negotiation

Menu

Switch security

S1# interface fa0/0

S1(config-if)# switchport mode access

S1(config-if)# switchport port-security

S1(config-if)# switchport port-security mac-address ab11.1212.34de

S1(config-if)# switchport port-security mac-address sticky

S1(config-if)# switchport port-security maximum 8

S1(config-if)# switchport port-security violation {protect | restrict | shutdown}

Menu

Switch security – Lock Down

S1(config)# interface fa0/0

S1(config-if)# shutdown – disabled

S1(config-if)# switchport mode access – no trunking

S1(config-if)# switchport access vlan 99 – assigned to unused vlan

S1(config-if)# switchport trunk native vlan 33 – Set default native vlan to default to unused vlan

Menu

Create vlan

S1(config)# vlan 2

S1(config-vlan)# vlan 22 (This will be a voice vlan)

S1(config-vlan)# name John-vlan

S1(config-vlan)# exit

S1(config)# interface range fastethernet 0/13 – 14

S1(config-if)# switchport access vlan 2 (if vlan not created, it will create it)

S1(config-if)# switchport voice vlan 22 (Voice)

S1(config-if)# switchport mode access

S1(config-if)# end

1, 1002-1005 are reserved
1006 - 4094 are extended and not used by VTP and not saved in database

Menu

Set administrative trunking mode

S1(config)# interface fastethernet 1/1

S1(config-if)# switchport mode dynamic desirable (could have been auto)

S1(config-if)# ^z

S1# show interfaces fastethernet 1/1 switchport

S1# show interfaces trunking

S1(config-if)# switchport trunk allowed {add | all | except | remove} [vlan-list]

S1(config-if)# switchport trunk encapsulation {dot1q | isl | negotiate}

vlan std range 1 – 1005 (can config from VTP server)

vlan range 1 - 4094

vtp mode transparent OR vtp mode off (this will disable Vlan Trunking Protocol)
Only server, client or transparent are the possible modes of VTP

S1(config-if)# switchport trunk allowed remove 3 (will remove interface from trunking mode)

Menu

ACL standard

S1(config)# access-list {1-99 | 1300-1999} {permit | deny} [host] source-IP [WC] [log]

S1(config)# access-list 1 remark text

S1(config)# access-list 1 permit any

S1(config)# interface serial 0/0/0

S1(config-if)# ip access-group 1 {in | out}

S1(config-if)# no access-group 1 {in | out}

show ip access-lists [# | name]
show access-lists [# | name]
show ip interface s0/0/0
Place as close to the destination as possible
*note* access-class is used ONLY in line vtty mode to filter telnet/ssh access

Menu

ACL standard named

S1(config)# access-list {extended | standard} {name | #}

S1(config-ext-nacl)# permit any

S1(config-ext-nacl)# no 20

S1(config-ext-nacl)# 5 deny 10.10.10.10

S1(config-ext-nacl)# do show ip access-lists paul

S1(config-ext-nacl)# interface serial1

S1(config-if)# ip access-group 1 {in | out}

S1(config-if)# no ip access-group 1

Menu

Router Config

S1(config)# interface serial 0/0/0

S1(config-if)# description my_favorite_router

S1(config-if)# ip address 192.168.1.1 255.255.255.0

S1(config-if)# no shutdown

S1(config-if)# duplex {full | half | auto}

S1(config-if)# speed {10 | 100 | 1000}

S1(config-if)# clock rate 128000 (bps DCE cable only and is required!)

S1(config-if)# bandwidth 1544 (kps optional for OSPF calculations)

# show interfaces [type number]
# show ip interface brief
# show protocols [type number]
# show controllers [type number]

Menu

Router on a Stick ROS

S1(config)# interface gigabitethernet 0/0.20

S1(config-if)# encapulation dot1q 20 [native]

S1(config-if)# ip address 192.168.1.1 255.255.255.0

S1(config-if)# ip helper-address 192.168.1.55

Menu

L3 Switch

sdm prefer lanbase-routing

reload

ip routing

interface vlan [vlan]

ip address 192.168.20.1 255.255.255.0

no shutdown

Routed Port

interface g0/0

no switchport

ip address 192.168.30.1 255.255.255.0

show interfaces status - will show routed instead of vlan #

Etherchannel

interface g0/0/13

no switchport

no ip address

channel-group 12 mode on

interface g0/1/13

no switchport

no ip address

channel-group 12 mode on

interface Port-channel12

no switchport

ip address 192.168.40.1 255.255.255.0

Menu

Static Routes

ip route 172.16.2.0 255.255.255.0 172.16.4.2 {permanent}

ip route 172.16.3.0 255.255.255.0 s0/0/1 {permanent}

ip route 0.0.0.0 0.0.0.0 s0/0/1 (default Route)

ip route 172.16.2.0 255.255.255.0 172.16.4.2 130 (sets admin distance to 130!)

show ip route {connected | static | rip} | ip-address
show ip route
sho vlans
show arp
show ip arp
clear ip arp [ip-address]

Menu

RIP V2

router rip

version 2

network 10.0.0.0 (classful network)

no auto-summary

maximun-paths 3

default-information originate (advertise default route)

Must have a default route i.e. ip route 0.0.0.0 0.0.0.0 S0/1
Inbound 'EXTENDED' ACL should have the following to make sure that routing protocol packets are permitted 224.0.0.9

permit udp any any eq 520

passive-interface G0/1

Could have used passive-interface default followed by no passive-ineteface S0/0/1 commands
show ip route [rip]
show ip protocols
show ip rip database

Menu

DHCP Server

R2(config)# interface fa0/0 (set ip helper on other router)

R2(config-if)# ip helper-address 172.16.1.1 (set ip helper on other router)

R1(config)# ip dchp pool testpool (set pool info)

R1(dhcp-config)# network 10.10.10.0 255.255.255.0

R1(dhcp-config)# network 192.168.1.0 255.255.255.0 secondary

R1(dhcp-config)# dns-server 8.8.8.8

R1(dhcp-config)# domain-name testing.com

R1(dhcp-config)# dns-server addr1 addr2 addrx

R1(dhcp-config)# lease 0 12 0 (Defaults to 1 day lease if not set 1 0 0)

R1(dhcp-config)# next-server 192.168.1.221 (TFTP for VOIP)

R1(config)# ip dhcp excluded-address 192.168.1.1

R1(config)# ip dhcp excluded-address 10.10.10.1 [first] [last]

*NOTE* Default lease is one day

Menu

Remote Connections

telnet 10.1.1.1

ssl -l username host

Menu

Name Resolution

ip name-server dns1 dns2 (Global Conf)

ip domain-lookup (Global Conf) Defaulted

Menu

Table of Eights

	\/		\/ \/		\/		\/ \/ \/
8	16	24	32	40	48	56	64
72	80	88	96	104	112	120	128
136	144	152	160	168	176	184	192
200	208	216	224	232	240	248	256

Prefix	Mask	# Subnets
1 - 9 - 17 - 25	128	128
2 - 10 - 18 - 26	192	64
3 - 11 - 19 - 27	224	32
4 - 12 - 20 - 28	240	16
5 - 13 - 21 - 29	248	8
6 - 14 - 22 - 30	252	4
7 - 15 - 23 - 31	254	2

Class	Range	#
A	10.*	1
B	172.16.* - 172.31.*	16
C	192.168.*	256

Menu

NAT

S1(config-if)# ip nat {inside | outside}

S1(config)# ip nat inside source {list {access-list-number | access-list name} [interface type number | pool pool-name} {overload]

S1(config)# ip nat pool name start-ip end-ip [netmask netmask | prefix-length prefix-length

S1(config)# ip nat inside source inside-local inside-global

sho ip nat statistics
show ip nat translations [verbose]
clear ip nat translation {* | inside global-ip local-ip] [outside local-ip global-ip]}
clear ip nat translation protocol inside global-ip global-port local-ip local-port [outside local-ip global-ip]
debug ip nat

S1(config)# access-list 1 permit 10.10.10.0 0.0.0.255 (access list of local hosts to nat)

S1(config)# ip nat pool CS1 200.1.1.225 200.1.1.226 netmask 255.255.255.254(Public IPs to use)

S1(config)# interface S0/0/0 (Set interface)

S1(config-if)# ip nat out (Outgoing interface)

S1(config)# interface fa0/5 (Set interface)

S1(config-if)# ip nat in (Inside interface)

S1(config)# ip nat inside source static 10.10.10.14 200.1.1.228 (Activate Static mapping)

S1(config)# ip nat inside source list 1 pool CS1 overload(Activate NAT with overload *PAT*)

Menu

IPV6

R1(config)# ipv6 unicast-routing (enable IPV6 on router)

R1(config)# interface serial 0/0/1

R1(config-if)# ipv6 address 200:db8:1111:1::1/64

R1(config-if)# ipv6 address 200:db8:1111:1::1/64 [eui-64]

R1(config-if)# ipv6 address 2ipv6-address/prefix-length [anycast]

R1(config-if)# ipv6 enable

R1(config-if)# ipv6 address dhcp

R1(config-if)# ipv6 address fe80::12:1 link-local (Overwrites auto eui-64 link-local entry for interface)

show ipv6 route [connected] [local]
show ipv6 interface [type number]
show ipv6 interface brief [type number]

R2(config)# ipv6 unicast-routing (enable IPV6 on router)

R2(config)# interface serial 0/0/1

R2(config-if)# ipv6 address 2001:C15C:0:1::2/64

R2(config-if)# no shutdown

R2(config-if)# interface fastethernet 0/0

R2(config-if)# ipv6 address 2001:C15C:0:3::/64 eui-64

R2(config-if)# no shutdown

FD[Global_Id,Subnet,Interface_Id] (FC00::/7)	Local (Unicast)
FE80::[Interface_ID]	Link Local (Unicast)
FF02::[1(all),2(router),(5,6)OSPF,9(RIP),A(eIGRP),1:2(dhcp)]	Multicast
FF02::1:FF[last 6 of unicast Addr]	Solicited mode multicast
::	Unknown
::1	Loopback

Menu

Logging

logging console

logging monitor

logging buffered

logging host [ip | hostname}

logging console {level-name | level #}

logging monitor {level-name | level #}

logging buffered {level-name | level #}

logging trap {level-name | level #} ** to syslog **

service timestamp

service sequence-numbers

show logging
terminal {no} monitoring
{no} debug {various}

keyword	#	Desc
Alert	0	Immediate Action Req
Emergancy	1	System Unuasable
Critical	2	Critical Higest of 3
Error	3	Error Event Middle of 3
Warning	4	Warning event lowest of 3
Notification	5	Normal More importand
Informational	6	Normal Less important
Debug	7	Requested by user Debug

Menu

NTP

clock timezone NAME +-number

clock sumertime NAME recuring

ntp server address | hostname

ntp master STRATUM#

ntp source name/number ** interface **

interface loopback NUMBER

show clock
show ntp associations
show ntp status
show interfaces loopback #

Menu

CDP - LLDP

cdp run

R2(config-if)# cdp enable

lldp run

R2(config-if)# lldp transmit

R2(config-if)# lldp recieve

show {cdp | lldp} neighbors {type number}
show {cdp | lldp} neighbors detail
show {cdp | lldp} entry {name}
show {cdp | lldp} interface {type number}
show {cdp | lldp} traffic

Menu

Passwords / banners

enable secret PW (level MD5)
service password-encryption (level MD7)
enable algorithm-type sha-256 secret PW (Level 8 - SHA-256)
enable algorithm-type scrypt secret PW (Level 9 - SHA-256)
crypto key generate rsa modulus {512|768|1024}

Console and Telnet

MOD Banner

Exec Banner

SSH

MOD Banner

Exec Banner

SSHv1

MOD Banner

Exec Banner

Menu

Reset Password

Power off
Remove Flash
Power on
confreg 0x2142
power off
Install Flash
Power on
from enable: copy startup-config running-config
enable secret cisco
config-reg 0x2102
copy running-config startup-config

Menu

Boot Field

x2102 = default value
config-register 0x2100 - Load ROMMON
boot field values
0 - ROMMON OS
1 - Load 1st IOS in Flash
2-f - Try each boot system command in startup-conf
if none work, load 1st IOS from Flash
If all fail, load ROMMON

If 3rd digit is a 4 (not a 2)
ignore the start-up config and not execute any boot systm commands
Example is x2142

Menu

Make Backup copy of config

copy running-config tfrp
copy tftp startup-config
reload

Menu

Automate Backup/restore

R1# archive
R1 (config-archive)# path ftp://wendell:odom@192.168.1.170/
R1 (config-archive)# time-period 1440
R1 (config-archive)# write-memory
R1# archive config (does the magic!)
R1# show archive

to erase use the "erase nvram"
older ones: write erase and erase startup-config

Also see Config replace Command

R1# configure restore (Restores last archive w/o reboot - may be a misprint!)

Menu

Boot system commands

boot system {file-uri|filename}
boot system flash [flash-fs:] [filename]
boot system [tfpt|ftp] filename ip-address

Menu

Replace running config w/o reload

R2# configure replace filesystem:name
R2# configure replace ftp://wendle:odem@192.168.1.170/oct-24

Menu

Automate FTP Copy

ip ftp username NAME
ip ftp password pass
copy ftp://192.168.1.170/FILENAME
-- This eliminates the need for the username and password in the copy command
Otherwise: copy ftp://wendle:odem@192.168.1.170/FILENAME

Menu

SCP copy

Give SSH user direct access to privileged mode by adding a parameters to the username command
R1(config)# line vty 1 4
R1(config)# username fred privilege-level 15 password barney

Enable scp server with the ip scp server enable global command
R1(config)# ip scp server enable (Enable SCP server)

Then use SCP (from a client) to transfer files:
c:> scp c2900-universalk9-mz.SPA.155-2-T1.bin windell@192.168.1.9:flash0:c2900-universalk9-mz.SPA.155-2-T1.bin

Menu

Licensing

Cisco ONE licensing
PAK - Product Authorization Key
UDI - Unique device Identifier
PID - Product ID
Feature Sets
CLM Cisco License Manager (Software)
IOS feature set
universal image

From Cisco Product License Registration Portal, input UDI
Enter PAK (from reseller)
Download for get from email the license key file (download)
Copy license key file to router via USB or network server
issue: license install URL
Reload router

show license
show license feature (brief) this is where you find items that you can install as right to use w/o PAK
show license udi
show version
dir FILESYSTEM (usbflash1:)
license install URL

Right to use (w/o PAK)
license boot module (with reload)
-- license boot module c2900 technology-package securityk9
reload
(60 days then converts to lifetime)

Menu

Port Security Factoid

Once port security has been configured
MAC addresses are static. Even if learned.
show mac address-table secure
show mac address-table static

To save 'sticky' learned mac addresses in config,
use copy running-config startup-config

Menu

Misc

R2# setup - EXEC command for prompt config

R2# dir FILESYSTEM
R2# dir FILESYSTEM:directory

R2# show flash
R2# verify /md5 filesystem:name [MD5:hash}
Remember the ip-helper-address interface subcommand on Routers that service clients that need access to a non-local dhcp server
show arp
show ip arp
show ip dhcp binding
show ip dhcp pool name
show ip dhcp server statistics
show ip dhcp conflict
clear ip dhcp conflict
--ROUTER--
sho interfaces
show ip interface brief
show protocols
show running-config
--SWITCH--
show interfaces status
show vlan
show interfaces switchport
--OS--
ipconfig, ifconfig
netstat -rn
arp -a
---MISC---
no ip directed-broadcast (int sub command) prevents encapulation into ethernet broadcast frame (loc 13005)
- access-class is used to apply an ACL to a "line" (vty, aux, etc).
Example (permit any ip address to telnet/ssh into the router):

access-list 10 permit ip any

line vty 0 4

access-class 10 in

- access-group is used to apply an ACL to an "interface"
Example (deny all ip traffic ingress to interface gi1/1):

access-list 11 deny ip any

interface gi1/1

access-group 11 in

Menu

Learn from DHCP

S1# configure terminal

S1(config)# interface gigibitethernet0/1

S1(config-if)# ip address dhcp

Menu

ACL Extended

S1(config)# access-list {100-199 | 2000-2699} {permit | deny} protocol source WC dest WC [log | log-input]

S1(config)# access-list {100-199 | 2000-2699} {permit | deny} {tcp | udp} source WC operator port dest WC operator port established [log]

S1(config-if)# ip access-group 100 {in | out}

S1(config-if)# no ip access-group 100

Plase close to the source
Operators are eq, ne, lt, gt, and range # to #
Protocols are osfp, eigrp, icmp, tcp, udp

Port	Protocol	Application	Keyword
20	TCP	FTP data	ftp-data
21	TCP	FTP control	ftp
22	TCP	SSH	---
23	TCP	Telnet	telent
25	TCP	SMTP	---
53	UDP;TCP	DNS	domain
67	UDP	DHCP Server	---
68	UDP	DHCP Client	---
69	UDP	TFTP	tftp
80	TCP	HTTP (WWW)	www
110	TCP	POP3	pop3
161	UDP	SNMP	snmp
179	TCP	EBGP	---
443	TCP	SSL	---
514	UDP	Syslog	---
520	UDP	RIP	---
16,384 - 32,767	UDP	RTP (voice, video)	---

Menu

PPP PAP Configuration

hostname R1

username R2 password pass2

interface serial 0/0/0

ip address 192.168.2.1 255.255.255.0

encapsulation ppp

ppp authentication pap [chap]

ppp pap sent-username R1 password pass1

Menu

PPP Chap Configuration

hostname R1

username R2 password mypass

interface serial 0/0/0

ip address 192.168.2.1 255.255.255.0

encapsulation ppp

ppp authentication chap [pap]

Menu

Multilink PPP

interface multilink 1

encapsulation ppp

ppp multilink

ip address 192.168.5.1 255.255.255.0

ppp multilink group 1

interface s0/0/0

encapsulation ppp

ppp multilink

no ip address

ppp multilink group 1

! authentication goes here!

Same group number on neighbor router (underlined)

Menu

GRE Tunnel

interface s0/0/1

ip address 2.2.2.2 255.255.255.0 (public)

interface tunnel1

ipaddress 10.1.3.2 255.255.255.0 (private)

tunnel mode gre [ip | ipv6 | multipoint]

tunnel source [s0/0/1 | IP]

tunnel destination [1.1.1.1 | Hostname] (public)

router osfp 1

network 10.0.0.0 0.255.255.255 area 0

Menu

PPPoE

interface dialer 2

ip address negotiated

mtu 1492

encapsulation ppp

ppp chap hostname Fred

ppp chap password Barney

dialer pool 1

interface g0/1

no ip address

ppoe-client dial-pool-number 1 (Automatically adds ppoe enable shown below)

ppoe enable

mac-address 0200.0000.0011 [not required]

no shutdown

Menu

HSRP

Has Tracking which will reduce priority every failure

FHRP - First Hop Routing Protocol

HSRP - Hot Stand-by Routing Protocol (Cisco)

VRRP - Virtual Router Redundancy Protocol (RFC 5798)

GLBP - Gateway Load Balancing Protocol (Cisco active/active per host)

interface g0/0

ip address 10.1.1.9 255.255.255.0

standby version 2

standby 1 ip 10.1.1.1

standby 1 prority 110 (default 100 highest is chosen)

standby 1 preempt

standby 1 name HRSP-Group_one

version 1 uses 224.0.0.2 (255 groups), Ver2 uses 224.0.0.102(4095 groups)
UDP 1985

Menu

SNMP

snmp v1

snmp-server community Sim-RO ro

snmp-server community Sim-RW rw

snmp-server host 10.10.10.100 traps trap-RO

snmp v2c

ip access-list standart ACL_PROTECTSNMP

- permit host 10.1.3.3

snmp-server community secretROpw RO ACL_PROTECTSNMP

snmp-server community secretRWpw RW ACL_PROTECTSNMP

snmp-server loaction Corpus

snmp-server contact John T

snmp-server host 10.1.3.3 version 2c secretTRAPpw

snmp-server host 10.1.3.4 informs version 2c secretTRAPpw

snmp-server enable traps (snmp linkup linkdown)

snmp v3

(snmp-server group Gname v3 [noauth|auth|priv] write viewname access [ipv6] aclname)

snmp-server group BookGroup v3 auth write v1derault

* note that AES keylength key *

snmp-server user Yoda BookGroup v3 auth md5 madeuppassword

snmp-server host 10.1.3.3 version 3 auth Yoda

** disable by remove all snmp config with NO, and reload switch/router **

Menu

SLA

ip sla 1

- icmp-echo 100.100.100.2 source-ip 10.10.10.100

- frequency 5

ip sla schedule 1 start-time now life forever

** sho ip sla [configuration|statistics|summary]

Menu

SPAN

(monitor session NUM source interface TYPE NUM [rx|tx|both])

(monitor session NUM source vlan VID [rx|tx|both])

monitor session 1 source interface GigabitEthernet0/1

(monitor session 1 destination interface TYPE NUM)

monitor session 1 destination interface fastEthernet0/11

** show monitor (session|detail)

Menu

OSPF

ipv4 OSPF

Router(config)#router opsf 10

Router(config-router)#network 10.10.0.0 0.0.255.255 area 0

Router(config-router)#router-id 1.1.1.1

Router(config)#interface loopback 0

Router(config-if)#ip address 192.168.250.250 255.255.255.0

Router(config)#interface serial 0/0

Router(config-if)#ip ospf priority 100

Router(config-if)#bandwidth 256

Router(config-if)#ip ospf hello-interval timer 15

Router(config-if)#ip ospf dead-interval 60

ipv6 OSPF

Router(config)#ipv6 unicast-routing

Router(config)#router ipv6 opsf 10

Router(config-router)#router-id 1.1.1.1

Router(config)#interface loopback 0

Router(config-if)#ip address 192.168.250.250 255.255.255.0

Router(config)#interface serial 0/0

Router(config-if)#ipv6 ospf priority 100

Router(config-if)#bandwidth 256

Router(config-if)#ipv6 ospf hello-interval timer 15

Router(config-if)#ipv6 ospf dead-interval 60

Router(config-if)# ipv6 enable

Router(config-if)#ipv6 address 2001:abab::/64 eui-64

Router(config-if)#ipv6 ospf 10 area 2

Menu

EIGRP

ipv4 EIGRP

router eigrp 1

eigrp router-id

network 10.0.0.0

network 10.1.3.0 0.0.0.255

maximun-paths MAX

variance MULTIPLIER

[no] auto-summary

passive-interface TYPE NUM

no passive-interface TYPE NUM

passive-interface default

interface s0/0/0

bandwidth 1400

delay TENSOFMICROSECONDS *default of 100

ip hello-interval eigrp AS TIMERVALUE

ipv6 EIGRP

Passive interface means no neighbors, but still advertises routes

ipv6 unicast-routing

interface Loopback0

no ip address

ipv6 address 200:100::/64 eui-64

ipv6 enable

ipv6 eigrp 1

interface Serial0/0

no ip address

ipv6 address FE80::1 link-local

ipv6 address 2010:100::1/64

ipv6 enable

ipv6 eigrp 1

clock rate 2000000

ipv6 rputer eigrp 1

eigrp router-id 2.2.2.2

no shutdown

Menu

QOS

DSCP - Differentiated Service Code Point

EF - Expidited Fowrarding DEC46
AF - Assured Forwarding AFXY (12 values)

41 (34)	42 (36)	43 (38)
31 (26)	32 (28)	33 (30)
21 (18)	22 (20)	23 (22)
11 (10)	12 (12)	13 (14)

CS - Class selector

0-7 - 0, 8, 16, 24,..,56)

First 3 bites of IPP (IP Precedent)

Scheduling

Round Robin (+ weighted)
LLQ (Low Latency Queuing) it can cause queue starvation
BW = 30-320kbps, 150ms delay (one way), 30ms jitter, <1% loss
Class Based Weighted Fair Queuing (CBWFQ)
Tail Drop (Max and Min thresholds)

NBAR - Network Based Application Recoginition

Helps with setting QOS via ACL

Packet

IP TOS field (8 bits)
RFC 791 - IPP (3 bits with 5 unused)
RFC 2476 - DSCP (6 bits) + RFC 3168 (2 bits) ENC Expliicit Congestion Notification)

Frame

COS - Class of Service is in the 802.1Q (3 bits) Priority Code Point (PCP)

Menu

	\/		\/ \/		\/		\/ \/ \/
8	16	24	32	40	48	56	64
72	80	88	96	104	112	120	128
136	144	152	160	168	176	184	192
200	208	216	224	232	240	248	256

	\/		\/ \/		\/		\/ \/ \/
8	16	24	32	40	48	56	64
72	80	88	96	104	112	120	128
136	144	152	160	168	176	184	192
200	208	216	224	232	240	248	256

	\/		\/ \/		\/		\/ \/ \/
8	16	24	32	40	48	56	64
72	80	88	96	104	112	120	128
136	144	152	160	168	176	184	192
200	208	216	224	232	240	248	256