進入特權模式
Router>enable
進入配置模式
Router#configure terminal
特權模式下查看全局配置
Router#show running-config
非特權模式下查看全局配置(+do 在非特權模式下使用do show查看配置)
Router(config)#do show running-config
重啟
Router#reload
保存配置
Router#write
清空配置
Router#write erase
刪除命令
Router(config-if)#no ip address
修改主機名
Router(config)#hostname R1
設置進入特權模式的密碼
Router(config)#enable password cisco@123
設置遠程登錄
line vty 0 4
password cisco@123
login //允許登錄
transport input telnet //允許通過的協議
遠程登錄時查看日志信息
Router#terminal monitor
路由功能
Switch(config)#ip routing //開啟路由功能
Switch(config)#no ip routing //關閉路由功能
Switch(config)#ip default-gateway 192.168.1.254 //設置默認網關
查看MAC地址表
Switch#show mac address-table
設置全/半雙工
Router(config-if)#duplex full/half
路由管理距離(類似Huawei 優先級)
Router(config)#ip route 0.0.0.0 0.0.0.0 1.1.1.1 ?
<1-255> Distance metric for this route
Protocol Distance
Direct 0
Static 1
Rip 120
OSPF 110
Eigrp 90(170)
CDP協議(思科私有,與LLDP相同)
Router#show cdp neighbors
VLAN,接口
Switch(config)#vlan 10,20,30 //同時創建多個vlan
interface Ethernet0/1
switchport access vlan 10
switchport mode access
interface Ethernet0/2
switchport trunk encapsulation dot1q //配置封裝模式(Cisco默認私有模式ISL)
switchport trunk native vlan 10 //本征vlan(類似華為pvid)
switchport mode trunk
switchport trunk allowed vlan all
switchport trunk allowed vlan 10,20
switchport trunk allowed vlan remove 10//不允許某個vlan通過
子接口
interface Ethernet0/1.10 //創建子接口
encapsulation dot1Q 10 //封裝vlan10
ip address 192.168.10.1 255.255.255.0
DHCP
ip dhcp excluded-address 192.168.10.250 192.168.10.254
ip dhcp pool dhcp-pool
network 192.168.10.0 255.255.255.0
default-router 192.168.10.254
dns-server 114.114.114.114
Switch(config-if)#ip helper-address 192.168.20.254 //dhcp中繼
Router#show ip dhcp conflict //查看地址沖突
Router#clear ip dhcp conflict * //清除dhcp沖突地址
Router#show dhcp server
ACL
Router(config)#access-list 1 permit 192.168.10.1 0.0.0.0 //基本acl
Router(config)#access-list 100 permit tcp 192.168.10.1 0.0.0.0 eq 80 1.1.1.1 0.0.0.0 eq 8000 //擴展acl
//基於名稱的acl(可以設置規則序號)
Router(config)#ip access-list standard ciaco-acl
Router(config-std-nacl)#11 permit 192.168.1.1 0.0.0.0
Router(config-if)#ip access-group 1 in/out //在接口上應用acl
NAT
interface Ethernet0/0
ip address 192.168.10.1 255.255.255.0
ip nat inside //內網人口
interface Ethernet0/1
ip address 200.1.1.1 255.255.255.0
ip nat outside //外網出口
access-list 10 permit 192.168.10.0 0.0.0.255
ip nat inside source list 10 interface Ethernet0/1 //nat轉換
ip nat inside source static tcp 192.168.10.23 23 200.1.1.1 23 //端口映射
鏈路聚合
Switch(config)#interface range ethernet 0/2 - 3 //創建接口組(類似port-group)
Switch(config-if-range)#channel-group 12 mode active //創建channel id(兩端id不需要相同),設置模式
// shutdown狀態下配置,如果不成功更換channel id
Switch#show etherchannel summary //查看命令
STP
Switch(config)#spanning-tree mode ?
mst Multiple spanning tree mode //多生成樹(802.1s)
pvst Per-Vlan spanning tree mode //傳統模式(802.1D)
rapid-pvst Per-Vlan rapid spanning tree mode //快速生成樹(802.1w)
Switch(config)#spanning-tree vlan 10 priority 0 //設置優先級
VTP(思科私有用於vlan同步,只用於交換機間的接口是trunk口)
{vtp是危險協議,推薦修改為透明模式}
Switch(config)#vtp mode ?
client Set the device to client mode. //客戶端模式(用於同步配置,不能創建修改刪除vlan)
off Set the device to off mode. //關閉
server Set the device to server mode. //服務器模式(同步配置,可以創建修改刪除vlan)
transparent Set the device to transparent mode. //透明模式(推薦配置,不會被同步)
vtp domain cisco //創建vtp域名
vtp version 2 //修改版本(v1,v2,v3存在版本兼容問題)
vtp password cisco@123 //設置認證密碼
HSRP(思科私有,類似vrrp)
interface Ethernet0/1
ip address 192.168.1.2 255.255.255.0
standby 12 ip 192.168.1.254 //設置虛擬IP(standby id 兩端必須一致)
standby 12 priority 110 //設置優先級(默認100,越大越優)
standby 12 preempt //開啟搶占
PPP
username admin password 0 cisco@123 //設置用戶,密碼
interface Serial1/0
ip address 192.168.10.1 255.255.255.0
encapsulation ppp //封裝為PPP
ppp authentication chap/pap //認證模式為chap或pap
interface Serial1/0
ip address 192.168.10.2 255.255.255.0
encapsulation ppp
ppp chap hostname admin
ppp chap password ciaco@123
ppp pap sent-username admin password ciaco@123
PPPoE
Server:
bba-group pppoe Cisco
virtual-template 1
interface Ethernet0/1
no ip address
pppoe enable group Cisco
username admin password 0 cisco@123
ip local pool pppoe-pool 200.1.1.2 200.1.1.10 //創建可分配的地址池
interface Virtual-Template1
ip address 200.1.1.1 255.255.255.0
peer default ip address pool pppoe-pool
ppp authentication chap
Client:
interface Ethernet0/1
no ip address
pppoe enable
pppoe-client dial-pool-number 1
interface Dialer1
ip address negotiated
ip mtu 1492 //1500-ppp頭部
encapsulation ppp
ip tcp adjust-mss 1452 //1500-(ppp頭部+ip頭部+tcp頭部)
dialer pool 1
ppp authentication chap callin //啟用chap驗證
ppp chap hostname admin
ppp chap password 0 cisco@123
GRE
interface Tunnel10
ip address 10.1.1.1 255.255.255.0
tunnel source 1.1.1.1 //本端公網IP
tunnel destination 2.2.2.2 //對端公網IP
cisco常用命令
免責聲明!
本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。