Basic Router Configuration
| Prompt / Mode | Command | Description |
|---|---|---|
| R(config)# | hostname <hostname> | Set hostname for the device. |
| R(config)# | no ip domain-lookup | Disable IP domain lookup; prevents timeout on incorrect commands. |
| R(config)# | banner motd $ <message> $ | Set Message of the Day (MOTD) banner. Use $ to end multi-line messages. |
| R(config)# | line console 0 | Enter console line configuration mode. |
| R(config-line)# | logging synchronous | Prevents logging output from interrupting the console session. |
| R(config-line)# | password <password> | Set an unsecure password for the console port. |
| R(config-line)# | login | Enable required console port login password. |
| R(config-line)# | no login | Disable login requirement. |
| R(config)# | line vty 0 4 | Enter telnet/SSH configuration mode. |
| R(config-line)# | password <password> | Set a password for telnet/SSH. |
| R(config-line)# | login | Enable required console port login password. |
| R(config)# | interface vlan1 | Enter VLAN1 interface configuration mode. |
| R(config-if)# | ip address <ip> <subnet> | Configure VLAN IP address and subnet (used for telnet). |
| R(config-if)# | no shutdown | Manually enable the interface. |
| R(config)# | enable secret <password> | Enable a secure password for privileged mode. |
| R(config)# | service password-encryption | Manually encrypt passwords. |
| R# | copy running-config startup-config | Save the running configuration to startup-config. |
Secure Shell (SSH) Setup
| Prompt / Mode | Command | Description |
|---|---|---|
| R(config)# | ip domain-name <any.com> | Set the domain name. |
| R(config)# | username <username> password <password> | Configure local username and password for SSH login. |
| R(config)# | crypto key generate RSA | Generate RSA keys (Choose key size between 360-4096, typically 1024). |
| R(config)# | ip ssh version 2 | Enable SSH version 2. |
| R(config)# | line console 0 | Enter Line Console 0 configuration. |
| R(config-line)# | password <password> | Set password for Line Console. |
| R(config)# | line vty 0 4 | Enter telnet/SSH configuration mode. |
| R(config-line)# | login local | Use local database for login authentication. |
| R(config-line)# | transport input ssh telnet | Configure access protocols (Telnet optional). |
| R# | show ip ssh | Display SSH version and options. |
DHCP Configuration
| Prompt / Mode | Command | Description |
|---|---|---|
| R(config-if)# | ip helper-address <ip> | Set the address of the DHCP server. |
| R(config)# | ip dhcp pool <pool-name> | Enable DHCP configuration mode or create an IP address pool. |
| R(dhcp-config)# | network <network> <subnet> | Configure a DHCP network segment. |
| R(dhcp-config)# | default-router <ip> | Set the default gateway. |
| R(dhcp-config)# | domain-name <domain> | Specify the domain name for a DHCP client. |
| R(config)# | ip dhcp excluded-address <start-ip> <end-ip> | Exclude addresses from DHCP assignment. |
| R# | show ip dhcp binding | Display active DHCP-assigned IPs. |
| R# | show ip dhcp pool | Show DHCP pool summary. |
Switchport Security
| Prompt / Mode | Command | Description |
|---|---|---|
| S(config-if)# | switchport mode <access/trunk> | Set switchport to access or trunk mode. |
| S(config-if)# | switchport port-security | Enable switchport security. |
| S(config-if)# | switchport port-security maximum <number> | Limit to one MAC address per switchport. |
| S(config-if)# | switchport port-security mac-address <mac-address> | Specify allowed MAC address. |
| S(config-if)# | switchport port-security mac-address sticky | Dynamically learn MAC address. |
| S(config-if)# | switchport port-security violation <protect/restrict/shutdown> | Set security violation action. |
Access Control Lists (ACLs)
| Prompt / Mode | Command | Description |
|---|---|---|
| R(config)# | access-list <#> <permit/deny> <source> <wildcard> | Create a standard ACL rule. |
| R(config)# | access-list 101 <permit/deny> <protocol> <source> <source-wildcard> <destination> <destination-wildcard> <port> | Create an extended ACL. |
| R(config-if)# | ip access-group <#> in/out | Apply ACL to an interface (inbound/outbound). |
| R# | show ip access-lists | Display all ACLs. |
OSPF Configuration
| Prompt / Mode | Command | Description |
|---|---|---|
| R(config)# | router ospf <process-id> | Enable OSPF and enter router configuration mode. |
| R(config-router)# | router-id <router-id> | Set OSPF router ID (e.g., 4.4.4.4). |
| R(config-router)# | network <network> <wildcard> area <#> | Advertise network in OSPF LSAs. |
| R(config-if)# | ip ospf <process-id> area <#> | Configure OSPF on an interface. |
| R(config-router)# | passive-interface <interface> | Set an interface as passive. |
| R(config-router)# | passive-interface default | Make all interfaces passive by default. |
| R# | show ip ospf | Display OSPF configuration. |
| R# | show ip ospf neighbor | Show OSPF neighbors. |
| R# | show ip ospf database | Display OSPF database. |
Network Address Translation (NAT)
| Prompt / Mode | Command | Description |
|---|---|---|
| R(config-if)# | ip nat <inside/outside> | Configure NAT direction. |
| R(config)# | ip nat inside source static <local-ip> <global-ip> | Configure static NAT. |
| R(config)# | ip nat pool <pool-name> <start-ip> <end-ip> netmask <netmask> | Define NAT pool. |
| R(config)# | ip nat inside source list <acl-number> pool <pool-name> | Enable dynamic NAT using an ACL. |
| R(config)# | ip nat inside source list <acl-number> interface <interface> overload | Configure PAT (NAT overload). |
| R# | show ip nat translations | Display NAT table. |
Network Time Protocol (NTP)
| Prompt / Mode | Command | Description |
|---|---|---|
| R(config)# | ntp server <ip-address> | Set NTP server. |
| R(config)# | clock timezone <timezone> | Set time zone. |
| R# | show ntp status | Show NTP sync status. |