VLANS

-config trunk
config-int# switchport mode trunk
-if you get an error, do this first
config-if# switchport trunk encapap dot1q
- to setup vlan
config# vlan 1
config-vlan# name sales
add port to vlan
config-if# switchport mode access
config-if# switchport access vlan 1
-vlan database stored in VLAN.DAT
sh commands
sh vlan

VTP

config# vtp mode client

config# vtp password
sh commands
sh interface trunk
sh vtp status
SPANNING TREE PROT OC OL
-per vlan stp is on by default
-set this router to root
config# spanning-tree vlan 1 root primary
-to turn on rapid stp
config# spanning-tree mode rapid-pvst
-turn on portfast
config-if#spanning-tree portfast
-turn on bpdu guard
config-if#spanning-tree bpdu guard

ROUTING

-router on a stick = to route between vlans

config# interface fastethernet 0/0.20
-set the encapsulation and the vlan
config-sub-if# encapsulation dot1q 20
config-sub-if# ip address 192.168.1.20
ACL s
-to create
config# access-list 1 deny 192.168.5.100 0.0.0.255
-to remark
config# access-list 2 remark PCHANGOUT.COM RULES
-to apply the access-list
config# int s0/0
config-if# ip access-group 1 in
-access list for VTY ports
config# line vty 0 4
config-line# access class 70 in
-extended ACLs
config# access-list 150 deny ip 192.168.10.50 0.0.0.0 192.168.10.1
0.0.0.0

OSPF
-to enable:
config# router ospf 1
-then enter the network to advertise followed by the area
config-router# network 192.168.1.0 0.0.0.255 area 0
-to send the default route to others
config-router# default-information originate
-ospf router ID is the highest physical interface (largest IP). Loopback
beats physical. Router ID beats all. Must reload ospf to take effect
config# router ospf 1
config-router# router-id 3.3.3.3
#clear ip ospf process
-show commands
sh ip ospf 1
sh ip route
sh ip protocol
sh ip ospf neighbor
debug ip ospf adj
EIG RP
-to enable:
config# router eigrp 1
config-router# network 192.168.1.0 0.0.0.255
-show commands
sh ip route
sh ip eigrp 1
sh ip eigrp neighbor

NAT
-to enable - first label interfaces
config# int e0/0
config-if# ip nat inside
-then create lists
config#ip access-list standard NAT_ADDRESSES
config#deny 10.1.1.10 0.0.0.0
config#permit 10.1.1.1 0.0.0.255
-turn on NAT overload
config#ip nat inside source list NAT_ADDRESSES interface e0/1
overload
-you must have a permit statememt, or you will block everything
-to create a pool (first address, then last address, followed by cider
notation)
config# ip nat pool PUBLIC_ADD 10.0.0.1 10.0.0.5 24
-to setup static mapping
config# ip nat inside source static tcp 192.168.10.50 80 interface
e0/1 80
sh commands
sh ip nat translations
PPP
-default is encapsulation HDLC. you must change to PPP
config# int s0/1/0
config-if# encapsulation ppp
-to have passwords
config# enable password cisco1
config# service password encryption
sh commands
sh interfaces serial 0/0
FRAME RELAY

multipoint = uses the same subnet everywhere, also doesn't use

subinterfaces
-to enable (on one router)
config# int s0/1/0
config-if# ip address 192.168.1.1 255.255.255.0
config-if# encapsulation frame-relay lmi-type
-to map a remote ip to a DLCI (broadcast is needed for routing
protocol to work)
config# frame relay map ip 192.168.1.2 DLCI 102 broadcast
sh commands
sh frame-relay map
point to point = uses different subnets and subinterfaces
config# int s0/1/0
config-if# encap frame relay
config-if# exit
config# int s0/1/0.102 point to point
config-subif# ip address 192.168.1.1 255.255.255.0
config-subif# frame relay interface dlci 102
sh commands
sh frame-relay pvc
MISC
-DTE cables can be used with CSU/DSUs and modems