Access Control List ( ACL )

 ACL Standard
#ip access-list standar NO_Access
#deny host 192.168.10.1
#permit 192.168.11.0 0.0.0.255 ==IP network
#int se0/0/0 ===ip router
#ip access-group NO_Access out


ACL Extended

#ip access-list extended NO_Access
#deny (name_port) host 192.168.1.1 any eq 80
#permit (name_port) 192.168.1.0 0.0.0.255 any ===all network (If one host, you can create : #permit (name_port) 192.168.1.1 host 192.168.2.1 0.0.0.0)
#int fa0/1
#ip access_group NO_Access

Create VTP mode

Vtp server :

#vtp mode server
#vtp domain unisbank
#vtp password cisco


Vtp client :

#vtp mode client
#vtp domain unisbank
#vtp password cisco


show vtp status

Configuration Membership, Trunk Vlan and Inter Vlan

Membership (ke client)
#vlan 10
#name komputer
#int range fa0/1-fa0/24
#switch mode access
#switch access vlan 10

Trunking Vlan (antar switch dan router)
#vlan 99
#name trunk
#exit
#int fa0/24
#switchport mode trunk


#switchpor trunk native vlan 99

Inter Vlan (settting at the router)
#int fa0/1.10
#encapsulation dot1q 10
#ip add 192.168.10.254 255.255.255.0

Show vlan

DHCP Relay

Router(config)#int ethernet0/0/0
Router(config-if)#ip add 192.168.30.1 255.255.255.0
Router(config-if)#ip helper-address 192.168.11.100 = dari server0
===========================

Router(config)#ip dhcp  excluded-address 192.168.10.1
Router(config)#ip dhcp pool  LAN-POOL-LAB-A
Router(dhcp-config)#network 192.168.10.0 255.255.255.0
Router(dhcp-config)#default-router 192.168.10.1

=======================================================

Router(config)#ip dhcp  excluded-address 192.168.11.1
Router(config)#ip dhcp excluded-address 192.168.11.100 192.168.11.200
Router(config)#ip dhcp pool LAN-POOL-LAB-B
Router(dhcp-config)#network 192.168.11.0 255.255.255.0
Router(dhcp-config)#default-router 192.168.11.1

=======================================================
for erase ip at  windows OS
ipconfig /release

for renew ip at windows OS
ipconfig /renew

Download here
=======================================================

How to connect router with PPP by PAP

Position in R1 to R2

R1(config)#int se0/0/0
R1(config-if)#pp
R1(config-if)#ppp pa
R1(config-if)#ppp pap se
R1(config-if)#ppp pap sent-username R2 pas
R1(config-if)#ppp pap sent-username R2 password cisco
R1(config-if)#exit

How to connect between Static and RIP (CISCO)

It's do in the router with RIP config.

Lab(config)#ip route 0.0.0.0 0.0.0.0 ?
  A.B.C.D          Forwarding router's address
  Ethernet         IEEE 802.3
  FastEthernet     FastEthernet IEEE 802.3
  GigabitEthernet  GigabitEthernet IEEE 802.3z
  Loopback         Loopback interface
  Null             Null interface
  Serial           Serial
  Vlan             Catalyst Vlans
Lab(config)#ip route 0.0.0.0 0.0.0.0 192.168.5.1

Wirelless Lan Controller (WLC) Script CLI

Welcome to the Cisco Wizard Configuration Tool
Use the '-' character to backup
System Name [Cisco_94:40:40]: WLC_VC
Enter Administrative User Name (24 characters max): cisco
Enter Administrative Password (24 characters max): *****

Management Interface IP Address: 10.6.1.50
Management Interface Netmask: 255.255.255.0
Management Interface Default Router: 10.6.1.100
Management Interface VLAN Identifier (0 = untagged): 0
Management Interface Port Num [1 to 4]: 4
Management Interface DHCP Server IP Address: 10.6.1.50

AP Manager Interface IP Address: 10.6.1.51

AP-Manager is on Management subnet, using same values
AP Manager Interface DHCP Server (10.6.1.50):

Virtual Gateway IP Address: 1.1.1.1

Mobility/RF Group Name: GroupXYZ

Network Name (SSID): WLCXYZ
Allow Static IP Addresses [YES][no]: no

Configure a RADIUS Server now? [YES][no]: no
Warning! The default WLAN security policy requires a RADIUS server.
Please see documentation for more details.

Enter Country Code (enter 'help' for a list of countries) [US]: EE

Enable 802.11b Network [YES][no]: Yes
Enable 802.11a Network [YES][no]: no
Enable 802.11g Network [YES][no]: yes
Enable Auto-RF [YES][no]: yes
Configuration saved!
Resetting system with new configuration...

CLI Intervlan CISCO

Router(config)#int fa0/0.10
Router(config-subif)#encap dot1q 10
Router(config-subif)#exit
Router(config)#int fa0/0.10
Router(config-subif)#ip addr 10.0.0.254 255.255.255.0
Router(config-subif)#exit
Router(config)#int fa0/0.20
Router(config-subif)#encap dot1q 20
Router(config-subif)#ip addr 20.0.0.254 255.255.255.0
Router(config-subif)#exit
Router(config)#exit

Cisco Command Summary (CLI)

Cisco Command Summary (CLI)

Cisco Router Configuration Commands

Requirement	Cisco Command
Set a console password to cisco	Router(config)#line con 0 Router(config-line)#loginRouter(config-line)#password cisco
Set a telnet password	Router(config)#line vty 0 4 Router(config-line)#loginRouter(config-line)#password cisco
Stop console timing out	Router(config)#line con 0 Router(config-line)#exec-timeout 0 0
Set the enable password to cisco	Router(config)#enable password cisco
Set the enable secret password to peter.This password overrides the enable password and is encypted within the config file	Router(config)#enable secret peter
Enable an interface	Router(config-if)#no shutdown
To disable an interface	Router(config-if)#shutdown
Set the clock rate for a router with a DCE cable to 64K	Router(config-if)clock rate 64000
Set a logical bandwidth assignment of 64K to the serial interface	Router(config-if)bandwidth 64 Note that the zeroes are not missing
To add an IP address to a interface	Router(config-if)#ip addr 10.1.1.1 255.255.255.0
To enable RIP on all 172.16.x.y interfaces	Router(config)#router rip Router(config-router)#network 172.16.0.0
Disable RIP	Router(config)#no router rip
To enable IRGP with a AS of 200, to all interfaces	Router(config)#router igrp 200 Router(config-router)#network 172.16.0.0
Disable IGRP	Router(config)#no router igrp 200
Static route the remote network is 172.16.1.0, with a mask of 255.255.255.0, the next hop is 172.16.2.1, at a cost of 5 hops	Router(config)#ip route 172.16.1.0 255.255.255.0 172.16.2.1 5
Disable CDP for the whole router	Router(config)#no cdp run
Enable CDP for he whole router	Router(config)#cdp run
Disable CDP on an interface	Router(config-if)#no cdp enable

Kumpulan CLI CISCO

--Menghidupkan port FE 1/0
router>enable
router#conf terminal
router(config)#interface fastethernet 1/0
router(config-if)#no shut

--Setting Password
router>enable
router#configure terminal
router(config)#enable password rahasia
router(config)#enable secret secret

--Setting Hostname
router>enable
router#configure terminal
router(config)#hostname Router Palembang

--Memberi IP Address
router>enable
router(config)#interface fastethernet 1/0
router(config-if)#ip address 172.25.1.1 255.255.255.0
router(config-if)#desc Gateway Lan Office 'kasih nama'

--Routing Statis
ip route


router>enable
router#configure terminal
router(config)#ip route 192.168.1.0 255.255.255.0 192.168.1.1

--Simpan Konfig
router>enable
router#configure terminal
router(config)#write mem

--Buat Telnet
-router enable
-router#conf t
-router(config)#line vty 0 4
-isikan password

--Setting VLAN
router>enable
router#configure terminal
router(config)#vlan nomor-vlan
router(config-vlan)#name nama-vlan

--Setting IP Address pada VLAN
router>enable
router#configure terminal
router(config)#interface vlan 1
router(config-if)#ip address address mask (misal: ip address 172.10.46.1 255.255.255.0)
router(config-if)#no shutdown

-Setting Identitas pada Port Cisco Catalyst
router>enable
router#configure terminal
router(config)#interface nama-port
router(config-if)#description “Port Setting Identitas”
router(config-if)#end

--Setting IP Gateway
router>enable
router#configure terminal
router(config)#ip default-gateway address

--Setting Port-Speed dan Link-Mode
router#configure terminal
router(config)#interface nama-port (misal : interface fast ethernet 0/1)
router(config-if)#speed 100
router(config-if)#duplex full
router#configure terminal
router(config)#interface nama-port
router(config-if)#switchport mode access
router(config-if)#switchport access vlan nama-vlan
router#configure terminal
router(config)#interface nama-port
router(config-if)#switchport mode trunk
router(config-if)#switchport trunk allowed vlan nama-vlan

--Setting Line VTY
router#configure terminal
router(config)#line vty 0 4
router(config-line)#login
router(config-line)#password password

--Setting Line Con 0
router#configure terminal
router(config)#line con 0
router(config-line)#login
router(config-line)#password password

--Melihat Semua Konfigurasi
router#show running-config

--Menghapus Semua Konfigurasi
router#erase startup-config
router#dir
router#delete flash:vlan.dat
router#dir
-exit

CLI Dasar Cisco

Show ip route

Quote:Perintah show protocols ini berguna untuk menampilkan semua routed protocol dan interface-interface di mana routed protocol tersebut di-enabled (diaktifkan)

Show ip protocols

Quote:Perintah Show ip protocols memperlihatkan pada ente routing protocol yang dikonfigurasi di router ente. Ente bisa melihat bahwa baik RIP maupun IGRP masih bekerja di router, tapi ganya IGRP yang muncul di routing table karena memiliki administrative yang lebih kecil

debug ip rip

Quote:Perintah debug ip rip mengirimkan update-update routing ke session dari konsol, sewaktu update tersebut dikirim dan diterima router. Jika ente telnet ke router, ente perlu menggunakan terminal monitor untuk dapat menerima output dari perintah debug dan untuk memberhentikan perintah ini adalah undebug all

debug ip igrp

Quote:Dalam perintah ini ada 2 pilihan, yaitu events dan transcation

debug ip igrp events

Quote:Perintah debug ip igrp events adalah sebuah rangkuman dari informasi routing IGRP yang berjalan di network. Output router berikut menunjukan asal dan tujuan dari setiap update dan juga jumlah routed setiap update. Untuk menghentikan perintah ini adalah undebug ip igrp events

debug ip igrp transactions

Quote:Perintah debug ip igrp transactions memperlihatkan permintaan dari router tetangga yang meminta update dan broadcast-broadcast yang dikirim dari router ente ke router tetangga