Foundational Cisco Commands and Tips

April 25, 2017 | Views: 9096

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Console settings

  • Protocol: Serial
  • Port: COMx
  • Baud rate: 9600
  • Flow control: RTS/CTS

Basic commands

User mode

enable

Privileged mode

configure terminal

HW properties

show inventory raw

HW summary information

show inventory oid

Environment information

show environment

Show interface status

show interface status

Show up/down state od interface

show ip interface brief

Show running rules

show running-config

Device reload

reload

Disable dialog

If the „Would you like to enter the initial configuration dialog? [yes/no]” message is displayed on the device starts up, then enter: „no”.

Do command

If you use do command, then you do not have to enter user mode.

Password reset in router

1. Turn on the router!

2. Ctrl+Break

3. Password reset in CLI:

config-register 0x2142
reset

And “no”, and “yes”.

enable
copy startup-config running-config
enable secret <password>
config-register 0x2102
copy running-config startup-config (or write)

And ENTER.

reload

Password reset switch

1. Turn on the switch!

2. Press mode button while green.

3. Password reset in CLI:

flash_init
load_helper
rename flash:config.text flash:config.text.orig
boot
copy flash:config.txt.orig running-config

And ENTER!

enable secret <password> 
do write 
reload

License installing

1. Read the PA key in license PDF!

2. Read device ID:

enable
show license feature

If the „Enable” is „No”, then install of license:

show license udi

Read PID and SN!

3. Enter https://tools.cisco.com/SWIFT/LicensingUI/Quickstart#!

4. Enter PA key to „Get New Licences” field!

5. Enter PID and SN the appearing fields!

6. Enter administrator e-mail address to „Send To” field!

7. Download the license file, and copy a pendrive!

8. The pendrive plugged into the Cisco device!

9. Copy and install the license file:

copy usbflash1:/<path_of_license_file>/<license_file>.lic flash0:/
license install flash0:/<license_file>.lic

10. Reload device, and show the license:

reload
enable
show license feature

If the „Enable” is „Yes”, then all right.

Reset default configuration

enable
erase startup-config
reload

And “no”.

Clone configuration

1. Copy the running configuration to txt file (50-60 per line):

enable
show running-config

And ENTER!

 

2. Copy configuration to the new device, and copy txt file to CLI (50-60 per line):

enable
configure terminal

If ssh authorization also includes the configuration, then needed the RSA key generation, and only then proceed further replenishment of the configuration!

copy running-config startup-config (or write)

And ENTER!

Ctrl+Z
write

RSA key generation

1. Needed the hostname and domain name:

hostname <hostname>
ip domainname <domainname>
enable
configure terminal
crypto key generate rsa
1024
Ctrl+Z
write

Automatic setting of VLAN upstate

no autostate

Add new rules

1. Read the current configuration rules:

enable
show running-config | include <filtered data>

Search the similar rule: Edit → Find → <sample>, and edit rule

configure terminal

Insert new edited rule!

ACL

Add ACL

access-list <ACL_list_ID> permit/deny <protocol> <host> <source_IP-address> <host> <destination_IP-address> <eq/neq> <ports separated by a space>

E.g. Allow <source_IP-address>:443 to internet:

access-list <ACL_list_ID> permit tcp host <source_IP-address> any eq https)

E.g. Allow <source_IP-address> to internet:

access-list <ACL_list_ID> permit ip host <source_IP-address>)

Add ACL

ip access-list extended <ACL_list_ID>
permit/deny <protocol> <host> <source_IP-address> <host> <destination_IP-address> <eq/neq> <ports separated by a space>

Delete ACL

access-list <ACL_list_ID> no permit/deny...

Route

Add route

Routers and switches

ip route <source_IP-address> <IP-mask> <destination_IP-address>

ASA

route <source_IP-address> <IP-mask> <destination_IP-address>

Delete route

Routers and switches

no ip route <source_IP-address> <IP-mask> <destination_IP-address>

ASA

no route <source_IP-address> <IP-mask> <destination_IP-address>

Show route table

Routers and switches

show ip route

ASA

show route

Static (forward)

Add static

static (inside,outside/outside,inside) tcp <source_IP-address> <port> <destination_IP-address> <port> netmask <IP_mask> <port>

E.g. SSH forward:

static (inside,outside) tcp <source_IP-address> ssh <destination_IP-address> ssh netmask <IP_mask>

Delete static

No static (inside,outside/outside,inside) tcp <source_IP-address> <port> <destination_IP-address> <port> netmask <IP_mask> <port>

Save configuration (approve)

Ctrl+Z
write

VLAN configuration

Create VLAN

enable
show vlan
configure terminal
interface vlan <vlan_number>
description <vlan_name>
ip address <IP-range>
Ctrl+Z
write

Insert switch port to VLAN

enable
sh vlan
configure terminal
interface gigabitEthernet (or fastEthernet) <panel>/<port_number>
switchport access vlan <vlan_number>
Ctrl+Z
write

Port security

1. Get device port:

show run interface gi <port_of_device>
show interface gi <port_of_device>

2. Select device port:

configure terminal
interface gi <port_of_device>

3. Turn off old MAC:

no switch port mac <old_mac_address>

4. Turn on new MAC:

switch port mac <old_mac_address>

5. Approval of options:

shutdown
no shutdown
Ctrl+Z
write

6. Get device port:

show interface gi <port_of_device>

Renewal VPN access in ASA

1. Enter ASA!

2. Withdrawal of the old certificate:

Configuration → Remote Access VPN → Certificate Management → Local Certificate Authority → Manage User Certificates → old certificate → Remote Access VPN → Certificate Management → Local Certificate Authority → Manage User Certificates → old certificate → Revoke

3. Assigning a new certificate:

Manage User Database → Add → Username: based on device or username; Email ID: lived e-mail address; Subject DN: DN; Allow enrollment: select!

4. Send One-Time-Password to e-mail:

Email OTP

5. Enter with the new user to the external site of VPN!

6. Requesting the certificate:

Click here

7. The certificate was download, and then import your own certificates specified in the certificate of allocation username and received e-mail On-Time-Password!

The user can now enter an external site VPN. The certificate is valid for the specified period of time.

 

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
3 Comments
  1. Broadly useful. Just like a cheat sheet. Thanks.

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel