add

23 February 2016

CCENT CLI Commands

Posted By: Md Monarul Islam - 8:26 PM
The flashcards below are one of many sets on FreezingBlue Flashcards. What would you like to do?
A very important part of securing an organizational network involves the layer 2 parts of the network, specifically the switches. Many people can tend to ignore the security vulnerabilities that can be exploited at layer 2, but these devices are just as vulnerable as high layer devices but are just attacked in different ways. This article takes a look at these potential threats and at the different techniques and configurations that can be used to avoid them. It should be noted that this article is not intended to show all possible switch security methods but simply highlight the most commonly referenced.
  1. line console 0
    Global command that changes the context to console configuration mode
  2. line vty
    Global command that changes the context to vty configuration mode for the range of vty lines listed in the command
  3. login
    Line (console and vty) configuration mode. Tells IOS to prompt for a password (no username)
  4. password {pass-value}
    Line (console and vty) configuration mode. Lists the password required if the {login} command (with no other parameters) is configured
  5. interface {type port-number}
    Global command that changes the context to interface mode–for example, interface Fastethernet 0/1
  6. shutdown :: no shutdown
    Interface subcommand that disables or enables the interface, respectively
  7. hostname {name}
    Global command that sets this switch's hostname, which is also used as the first part of the switch's command prompt
  8. enable secret {pass-value}
    Global command that sets the automatically encrypted enable secret password. The password is used for any user to reach enable mode
  9. enable password {pass-value}
    Global command that sets the clear-text enable password, which is used only when the enable secret password is not configured
  10. exit
    Moves back to the next higher mode in configuration mode
  11. end
    Exits configuration mode and goes back to enable mode from any of the configuration submodes
  12. Ctrl-z
    This is not a command, but rather a two-key combination that together do the same thing as the end command
  13. no debug all :: undebug all
    Enable mode EXEC command to disable all currently enabled debugs
  14. show process
    EXEC command that lists statistics about CPU utilization
  15. terminal monitor
    EXEC command that tells Cisco IOS to send a copy of all syslog messages, including debug messages, to the Telnet or SSH user who issues this command
  16. reload
    Enable mode EXEC command that reboots the switch or router
  17. copy {from-location to-location}
    Enable mode EXEC command that copies files from one file location to another. Locations include the startup-config and running-config files, files on TFTP and RPC servers, and flash memory
  18. copy running-config startup-config
    Enable mode EXEC command that saves the active config, replacing the startup-config file used when the switch initializes
  19. copy startup-config running-config
    Enable mode EXEC command that merges the startup config file with the currently active config file in the RAM
  20. show running-config :: show startup-config
    Lists the contents of the running-config file or the startup-config file, respectively
  21. write erase :: erase startup-config :: erase nvram
    All three enable mode EXEC commands erase the startup-config file
  22. setup
    Enable mode EXEC file that places the user in setup mode, in which Cisco OPS asks the user for input on simple switch configurations
  23. quit
    EXEC command that disconnects the user from the CLI session
  24. enable
    Moves the user from the user mode to enable (privileged) mode and prompts for an enable password if configured
  25. disable
    Moves the user from enable mode to user mode
  26. configure terminal
    Enable mode command that moves the user into configuration mode
  27. Basic Password Config (steps)
    • line console 0 - for console access
    • line vty {1st-vty 2nd-vty} - for telnet or SSH access
    • login
    • password
  28. Username/Password and SSH Config
    • login local - tells IOS to prompt for a un and pw
    • username {name} password {pass-value} - defines one of multiple possible un/pw
    • crypto key generate rsa - creates and stores the keys required by SSH
    • transport input {telnet | ssh} - defines whether Telnet and/or SSH access is allowed
  29. IP Address Config
    • interface vlan {number} - changes context to VLAN interface mode
    • ip address {ip-address subnet-mask} - for static IP configuration
    • ip address dhcp - for dynamic IP configuration
    • ip default-gateway {address} - not required with dhcp
  30. Interface Config
    • interface {type port-number} - for example: {Fastethernet 0/1}
    • interface range {type port-range} - for example: {Fastethernet 0/4 - 13}
    • shutdown :: no shutdown
    • speed {10 | 100 | 1000 | auto}
    • duplex {auto | full | half}
    • description {text} - engineer generated text
  31. hostname {name}
    Global command. Sets this switch's hostname, which is also used as the first part of the switch's command prompt
  32. history size {length}
    Line config mode. Defines the number of commands held in the history buffer, for later recall, for users of those lines
  33. switchport port-security mac-address {mac-address}
    Interface configuration mode command that statically adds a specific MAC address as an allowed MAC address on the interface
  34. switchport port-security mac-address sticky
    Interface subcommand that tells the switch to learn MAC addresses on the interface and add them to the configuration for the interface as secure MAC addresses
  35. switchport port-security maximum {value}
    Interface subcommand that sets the maximum number of static secure MAC addresses that can be assigned to a single interface
  36. switchport port-security violation {protect | restrict | shutdown}
    Interface command that tells the switch what to do if an inappropriate MAC address tries to access the network through a secure switch port
  37. show mac address-table dynamic
    Lists the dynamically learned entries in the switch's address (forwarding) table
  38. show dhcp lease
    Lists any information the switch acquires as a dhcp client. This includes ip address, subnet mask, and default gateway information
  39. show crypto key mypubkey rsa
    Lists the public and shared key created for use with SSH using the crypto key generate rsa global configuration command
  40. show interfaces status
    Lists one output line per interface, noting the description, operating state, and settings for duplex and speed on each interface
  41. show interfaces vlan 1
    Lists the interface status, the switch's IP address and mask, and much more
  42. show port-security interface {type number}
    Lists an interface's port security configuration settings and security operational status
  43. show cdp neighbors {type number}
    Lists one summary line of information about each neighbor, or just the neighbor found on a specific interface if an interface was listed
  44. show cdp neighbors detail
    lists one large set (approximately 15 lines) of information, one set for every neighbor
  45. show cdp entry {name}
    Lists the same information as the "show cdp neighbors detail" command, but only for the named neighbor (case-sensitive)
  46. show cdp
    States whether CDP is enabled globally, and lists the default update and holdtime timers
  47. show cdp interface {type number}
    States whether CDP is enabled on each interface, or a single interface if the interface is listed, and states update and holdtime timers on those interfaces
  48. show cdp traffic
    Lists global statistics for the number of CDP advertisements sent and received
  49. show mac address-table {dynamic :: static} {address} {interface} {vlan}
    Displays the MAC address table. The security option displays information about the restricted or static settings.
  50. show port-security {interface} {address}
    Displays information about security options configured on an interface
  51. show cdp neighbors
    Lists one summary line of information about each neighbor, or just the neighbor found on a specific interface if an interface was listed
  52. show cdp neighbors detail
    Lists one large set of information (approx. 15 lines) for every neighbor
  53. show cdp entry {name}
    Displays the same information as the "show cdp neighbors detail" command, but only for the named neighbor
  54. show cdp
    States whether CDP is enabled globally, and lists the default update and holdtime timers
  55. show cdp interface
    States whether CDP is enabled on each interface, or a single interface if the interface is listed, and states update and holdtime timers on those interfaces
  56. show cdp traffic
    Displays global statistics for the number of CDP advertisements sent and received
  57. show interfaces
    Displays detailed information about interface status, settings, and counters
  58. show interfaces status
    Displays summary information about interface status and settings, including actual speed and duplex, and whether the interface was autonegotiated

About Md Monarul Islam

Hi, I’m Md Monarul Islam. Nice name Monir, from Dhaka-Bangladesh.I am complete my Post-graduation in National University of Bangladesh. Department of Management and I am also study in Network Technology-NT from IDB-BISEW IT Scholarship project-R27. I am always wanted a great system administrator with World wide Network specialist. As a Bangladeshi my mother tongue is বাংলা (Bangla). So, you may find grammatical mistakes in my post. Sorry for the inconvenience.

0 comments:

Post a Comment

© 2016 - Designed by: MONIR IT