Cisco Networking Cheat Sheet

Cisco Networking Cheat Sheet

The heart of Cisco networking includes routers, switches, and wireless access points. Everything you use on the internet is due to the above three foundational concepts. However, each performs different actions. In this cheat sheet, we’ll go over the basic vocabulary and commands used to earn a Cisco Networking certification or to simply review the essentials. 

The below information can be helpful when studying for an exam involving Cisco networking concepts. Our CCNA training will completely prepare you for the CCNA. After passing the final exam, you’ll earn a certificate of completion. A CCNA is a popular Cisco certification that’s the basis of IT networking. An entry-level CCNA can earn about $46,740 a year. Start your 30-day free trial to gain access to over 900 courses.

The basis of Cisco networking begins with switches.

Switches

Switches form the groundwork for business networks. A switch is a link between computers, printers, and servers to an entire network for a business. Due to their importance, their functionality is positioned front and center. Switches help devices communicate with each other, which can enable shared resources. The sharing of resources and information also saves money and improves productivity. 

You can choose between two switches for your network: on-premises and cloud-managed. 

• Cloud-managed is best for small teams. It simplifies the entire network management. Simpler user interface, automatic updates, and multisite full-stack management can help make your network management easier.
• On-premises is the more traditional way of network management. You control your LAN and keep security tight and under control. Many corporations prefer on-premises.

Routers 

Routers connect networks. They additionally connect computers on the network to the internet. Since a single internet connection is shared, it saves money. 

A router acts as a chute to where the data should go. It analyzes the data, finds out where it should go, and sent it to its destination. Routers connect the entire business world while also keep security tight. Your security needs will depend on your individual needs, such as an Internet Protocol (IP) communications system, a firewall, or a virtual private network (VPN). 

Access Points 

Access points enable you to access devices remotely. Wireless devices make it easy to connect from all across the globe. Access points can also extend your bandwidth to help you connect from far distances or from outside the main access point like a business headquarter. However, it can also give information on the devices that connect to the network and provide improved security to your network. 

Wireless Networking 

There are three components of a wireless network: converged deployment, centralized deployment, and cloud-based deployment. 

• Converged deployment is for small businesses or buildings, providing consistency to wireless and wired networks. Both wireless and wired are connected on one network called an access switch. 
• Centralized deployment is the most popular kind of wireless network, and it is usually used for buildings that are connected close. The connection among the buildings makes upgrades easier while also enabling advanced functionality. Controllers are built on-premises and in a centralized location.
• Cloud-based deployment is a newer form of deployment that allows device management from different locations.  

Cisco Networking: Configure an Interface 

For routers and when using the management interface on switches, you will need to configure network interfaces. They’ll either match physical interface ports or virtual interfaces, when using switches, as a type of virtual LAN (VLAN) interface.

The following example is meant for routers, which will set duplex, speed, and IP configuration information for the interface FastEthernet 0/0 (the zeros refer to slot/port). In the router’s case, the interface is enabled using the no shutdown command in the final step. Switch interfaces are enabled by default.

 

Router1>enable

Router1#configure terminal

Router1(config)#interface FastEthernet0/0

Router1(config-if)#description Private LAN

Router1(config-if)#speed 100

Router1(config-if)#duplex full

Router1(config-if)#ip address 192.168.1.1 255.255.255.0

Router1(config-if)#no shutdown

Configure a Switch Management Interface for Cisco Networking

When using switches and enabling an IP address on your management interface, you will do something like what is shown below. In the example, management is performed over VLAN 1 (the default VLAN). 

Switch1>enable

Switch1#configure terminal

Switch1#interface VLAN 1

Switch1(config-if)#ip address 192.168.1.241 255.255.255.0

Configure an Interface to use DHCP for Cisco Networking

If you want to configure a switch or router to retrieve its IP configuration information from a Dynamic Host Configuration Protocol (DHCP) server, the following commands can help you. 

Router1>enable

Router1#configure terminal

Router1(config)#interface FastEthernet0/0

Router1(config-if)#ip dhcp

Creating a VLAN for Cisco Networking

When working with your Cisco network, you may want to separate users into different broadcast domains for security or traffic reduction. You can do this by implementing VLANs. The following example will create VLAN (VLAN2) and place the ports on a switch (from 1-12) into VLAN2.

Switch1>enable

Switch1#configure terminal

Switch1(config)#interface vlan 2

Switch1(config-if)#description Finance VLAN

Switch1(config-if)#exit

Switch1(config)#interface range FastEthernet 0/1 , FastEthernet 0/12

Switch1(config-if-range)#switchport mode access

Switch1(config-if-range)#switchport access vlan 2

When connecting two switches, you might want to allow all configured VLANs to pass between the switches. This can be done by implementing a trunk port. To configure port 24 on your switch to be a trunk port, you use the code:

Switch1>enable

Switch1#configure terminal

Switch1(config)#interface FastEthernet 0/24

Switch1(config-if-range)#switchport mode trunk

 

Learn the fundamentals of Cisco IP if you want to begin your career in Cisco networking.  

Using EtherChannel for Cisco Networking

You can always use EtherChannel on your Cisco network. EtherChannel can help you to take up to eight network ports on your switch and treat them as one larger link. This can function to connect servers with multiple network cards that are teamed to a switch or to connect several switches. There are two main negotiation protocols: Port Aggregation Protocol (PAgP), a proprietary Cisco protocol, and Link Aggregation Control Protocol (LACP), an open standards protocol.

You can configure EtherChannel to support one of the following modes.

• auto: Sets the interface to respond to PAgP negotiation packets, yet the interface will begin negotiations on its own.
• desirable: Sets the interface to actively attempt to negotiate a PAgP connection.
• on: Powers the connection to provide all links up without using a protocol to negotiate connections. This mode can only connect to another device that is also set to on. When using on, the switch doesn’t negotiate the link using either PAgP or LACP.
• active: Sets the interface to actively attempt to negotiate connections with other LACP devices.
• passive: Sets the interface to respond to LACP data if it receives negotiation requests from other systems.

The below example will configure EtherChannel to use group ports 11 and 12 on the switch together. This is also while using PAgP as the protocol. 

Switch1> enable

Switch1# configure terminal 

Switch1(config)# interface range FastEthernet0/11 -12 

Switch1(config-if-range)# switchport mode access

Switch1(config-if-range)# switchport access vlan 10

Switch1(config-if-range)# channel-group 5 mode desirable

Working with Spanning Tree Protocol for Cisco Networking

Spanning Tree Protocol (STP) helps you create redundant loops on your Cisco network for fault tolerance and prevents unintentional loops that might be created on your network.

The below code will enable the Cisco proprietary Rapid Per VLAN Spanning Tree Protocol (PVST) over the open standard of Multiple Spanning Tree Protocol (MSTP). While also configuring STP on the switch, you can configure port 2 on the switch for portfast, which enables the port to directly transition to forwarding mode. 

Switch1> enable

Switch1# configure terminal 

Switch1(config)#spanning-tree mode rapid-pvst

Switch1(config)#interface FastEthernet 0/2

Switch1(config-if)#spanning-tree portfast

%Warning: portfast should only be enabled on ports connected to a single host. Connecting hubs, concentrators, switches, bridges, etc... to this

 interface when portfast is enabled, can cause temporary bridging loops.

 Use with CAUTION

%Portfast will be configured in 10 interfaces due to the range command but will only have an effect when the interfaces are in a non-trunking mode.

Managing Static Routing for Cisco Networking

When using your routers on your Cisco network, you’ll most likely want to have your router's route data. To have your router send data from one interface to another interface and enable routing, the following commands will help:

Router1>enable

Router1#configure terminal

Router1(config)#ip routing

Depending on if you choose to use a dynamic routing protocol, you may add static routes to your router. The below commands will add a static route to Router1 to send data to the 192.168.5.0/24 network using the router with the IP address of 192.168.3.2.

Router1>enable

Router1#configure terminal

Router1(config)#ip routing

Router1(config)#ip route 192.168.5.0 255.255.255.0 192.168.3.2

Managing Routing Information Protocol for Cisco Networking

Routing Information Protocol (RIP) is popular. Version 2 helps you to use Variable Length Subnet Masks (VLSM) across your network. The below code will enable routing, enable RIP, disable route summarization set RIP to version 2, defines the distributed network from this router as 192.168.5.0/24. Instead of broadcasting routes, it will send RIP data directly to 192.168.1.1.

Router2>enable

Router2#configure terminal

Router2(config)#ip routing

Router2(config)#router rip

Router2(config-router)#version 2

Router2(config-router)#no auto-summary

Router1(config-router)#network 192.168.5.0

Router2(config-router)#neighbor 192.168.1.1

Managing Enhanced Interior Gateway Routing Protocol for Cisco Networking

Enhanced Interior Gateway Routing Protocol (EIGRP) is the updated version of IGRP. The code below will allow EIGRP to use an autonomous-system (AS) number of 100, distribute two networks, and disables auto-summary. 

Router2>enable

Router2#configure terminal

Router2(config)#ip routing

Router2(config)#router eigrp 100

Router2(config-router)#network 192.168.1.0

Router2(config-router)#network 192.168.5.0

Router2(config-router)#no auto-summary

Managing Open Shortest Path First for Cisco Networking

Open Shortest Path First (OSPF) is a popular link-state protocol. OSPF uses the address of the loopback interface as the OSPF identifier, so this example will set the address of the loopback interface, then enable OSPF with a process ID of 100, and distributing a network of 192.168.255.254 and a network of 192.168. 5.0/24

Router2>enable

Router2#configure terminal

Router2(config)#interface loopback 0

Router2(config-if)#ip address 192.168.255.254 255.255.255.0

Router2(config-if)#exit

Router2(config)#router ospf 100

Router2(config-router)#network 192.168.255.254 0.0.0.0 area 0

Router2(config-router)#network 192.168.5.0 0.0.0.255 area 0

Viewing Routing Information for Cisco Networking

After setting up any routing protocol that you want to implement, such as RIP, OSPF, or EIGRP, you can view the routing information through the IP route command. Below is an example of the output of this command. The output includes a legend showing the codes for each routing protocol. The specific routes are shown by the source protocol.

Router2>enable

Password:

Router2#show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

D 192.168.10.0/24 [90/284160] via 192.168.1.1, 00:04:19, FastEthernet0/0

O 192.168.10.0/24 [110/11] via 192.168.1.1, 00:01:01, FastEthernet0/0

R 192.168.10.0/24 [120/1] via 192.168.1.1, 00:00:07, FastEthernet0/0

C 192.168.5.0/24 is directly connected, FastEthernet0/1

C 192.168.1.0/24 is directly connected, FastEthernet0/0

S 192.168.3.0/24 [1/0] via 192.168.1.1

Securing a Cisco Network

Security is an important concern for businesses and the general public, so ensuring tight security is essential. In the following sections, you’ll see how to secure your Cisco network by configuring NAT and ACL and by applying the ACL.

Securing Your Cisco Network by Configuring NAT

The commands below are used to configure NAT overload services on a router named Router9. In this example, a list of source address is created in access-list #1, which is then used as the inside source list. The FastEthernet 0/0 port is the overloaded public address port that all inside addresses get translated to.

Router9>enable

Router9#configure terminal

Router9(config)#access-list 1 permit 10.0.0.0 0.255.255.255

Router9(config)#ip nat inside source list 1 interface FastEthernet 0/0 overload

Router9(config)#interface FastEthernet0/0

Router9(config-if)#ip nat outside

Router9(config-if)#interface FastEthernet0/1

Router9(config-if)#ip nat inside

Securing Your Cisco Network by Configuring an Access Control List (ACL)

ACLs control traffic flow. They can allow or deny the flow of traffic. The two main types of ACLs are:

• Standard ACLs have fewer options for classifying data and controlling traffic flow than Extended ACLs. They only manage traffic based on the source IP address. Standard ACLs are numbered from 1 to 99 and from 1300 to 1999.
• Extended ACLs offer the ability to filter or control traffic based on a variety of criteria, such as destination or source IP addresses, and protocol types, such as ICMP, TCP, UDP, or IP. Extended ACLs are numbered from 100–199 and 2000–2699. 

To make a standard ACL, you can use the following example, which will create an ACL that allows traffic for the 192.168.8.0/24 network.

Switch1>enable

Switch1#configure terminal

Switch1(config)#access-list 50 permit 192.168.8.0 0.0.0.255

To make an extended ACL, use the following example, which will create an ACL that allows traffic with addresses in the 192.168.8.0/24 network and tcp ports of either 80 (HTTP) or 443 (HTTPS):

Router1>enable

Router1#configure terminal

Router1(config)#access-list 101 remark This ACL is to control the outbound router traffic.

Router1(config)#access-list 101 permit tcp 192.168.8.0 0.0.0.255 any eq 80

Router1(config)#access-list 101 permit tcp 192.168.8.0 0.0.0.255 any eq 443

Securing Your Cisco Network by Applying an Access Control List

After you have made an Access Control List (ACL), such as ACL 101 created above, you can apply that ACL to an interface. In the following example, this ACL is placed to restrict outbound traffic on FastEthernet0/1.

Router1>enable

Router1#configure terminal

Router1(config)#interface FastEthernet0/1

Router1(config-if)#ip access-group 101 out

Configure Your Network Switch

Configuring your networking switch may seem a daunting task. But with the right help and attitude, you can configure a network switch like a professional. The following eight steps can help you create client VLANS, assign access ports, and build DHCP systems with the hassle. 

1. Inspect Your Hardware

Check the model number of your switch. If using an old or spare one, check the hardware for any damages or scrapes to it. If everything looks good, power it on and see