Software Tools
Network Management Systems:
http://www.ipswitch.com/products/whatsup/index.asp?t=demo
http://www.solarwinds.com/products/network_tools.aspx
Baselining Tools:
http://www.networkuptime.com/tools/enterprise/
Knowledge Bases:
http://www.cisco.com
Protocol Analyzers:
http://www.flukenetworks.com/fnet/en-us/products/OptiView+Protocol+Expert/
Hardware Tools
Cisco Network Analyzer Module (NAM):
http://www.cisco.com/en/US/docs/net_mgmt/network_analysis_module_software/3.5/user/guide/user.html
Cable Testers:
http://www.flukenetworks.com/fnet/en-us/products/CableIQ+Qualification+Tester/Demo.htm
Cable Analyzers:
http://www.flukenetworks.com/fnet/en-us/products/DTX+CableAnalyzer+Series/Demo.htm
Network Analyzers:
http://www.flukenetworks.com/fnet/en-us/products/OptiView+Series+III+Integrated+Network+Analyzer/Demos.htm
Wednesday, June 9, 2010
Monday, June 7, 2010
DHCP & NAT
DHCP message format:
To turn off DHCP server function:
(config)#no service dhcp
(config)#ip dhcp excluded-address a.b.c.d
(config)#ip dhcp excluded-address low_address [high address]
(config)#ip dhcp pool PoolNAME
(dhcp-config)#network a.b.c.d m.m.m.m
(dhcp-config)#default-router g.g.g.g
(dhcp-config)#dns-server a.b.c.d
(dhcp-config)#domain-name us.army.mil
(dhcp-config)#lease { days [hours] [minutes] | infinite }
(dhcp-config)#netbios-name-server b.b.b.b [c.c.c.c]
(config)#interface fa0/0
(config-if)#ip address dhcp
(config-if)#ip helper-address x.x.x.x
(config-if)#ip forward-protocol 58
(config-if)#no shut
#show ip dhcp server statistics
#show ip dhcp binding
#show ip dhcp pool
#show ip dhcp confict
#debug ip dhcp server events
#debug ip dhcp server packet
NAT
(config)#ip nat inside source static local_ip global_ip
(config)#interface f 0/0
(config-if)#ip nat inside
(config)#int s 0/0/0
(config-if)#ip nat outside
(config)#ip nat pool MYNAME 141.63.7.16 141.63.7.31 netmask m.m.m.m
(config)#ip nat inside source list access-list-num s0/1/0 overload
(config)#ip nat inside source list access-list-num pool MYNAME [overload]
(config)#no ip nat inside source
--> remove the dynamic source translation. "overload" enables PAT.
(config)#ip nat translation timeout seconds
#clear ip nat translation *
#show ip nat translations [verbose]
#show ip nat statistics
#debug ip nat [detailed]
OP Code (1B), Hardware type (1B), Hardware address length (1B), Hops (1B).
Transaction Identifier (4B)
Seconds (2B), Flags (2B)
Client IP Address (CIADDR: 4B)
Your IP Address (YIADDR: 4B)
Server IP Address (SIADDR: 4B)
Gateway IP Address (GIADDR: 4B)
Client Hardware Address (CHADDR: 16B)
Server Name (SNAME: 64B)
Boot Filename (128B)
DHCP Options (variable bytes)
To turn off DHCP server function:
(config)#no service dhcp
(config)#ip dhcp excluded-address a.b.c.d
(config)#ip dhcp excluded-address low_address [high address]
(config)#ip dhcp pool PoolNAME
(dhcp-config)#network a.b.c.d m.m.m.m
(dhcp-config)#default-router g.g.g.g
(dhcp-config)#dns-server a.b.c.d
(dhcp-config)#domain-name us.army.mil
(dhcp-config)#lease { days [hours] [minutes] | infinite }
(dhcp-config)#netbios-name-server b.b.b.b [c.c.c.c]
(config)#interface fa0/0
(config-if)#ip address dhcp
(config-if)#ip helper-address x.x.x.x
(config-if)#ip forward-protocol 58
(config-if)#no shut
#show ip dhcp server statistics
#show ip dhcp binding
#show ip dhcp pool
#show ip dhcp confict
#debug ip dhcp server events
#debug ip dhcp server packet
NAT
(config)#ip nat inside source static local_ip global_ip
(config)#interface f 0/0
(config-if)#ip nat inside
(config)#int s 0/0/0
(config-if)#ip nat outside
(config)#ip nat pool MYNAME 141.63.7.16 141.63.7.31 netmask m.m.m.m
(config)#ip nat inside source list access-list-num s0/1/0 overload
(config)#ip nat inside source list access-list-num pool MYNAME [overload]
(config)#no ip nat inside source
--> remove the dynamic source translation. "overload" enables PAT.
(config)#ip nat translation timeout seconds
#clear ip nat translation *
#show ip nat translations [verbose]
#show ip nat statistics
#debug ip nat [detailed]
Wednesday, May 19, 2010
WAN data link protocols (HDLC, Frame Relay)
R1(config-if)#>encapsulation [ppp | hdlc]
R1(config)#username remote_hostname password xxx
R1(config-if)#ppp authentication [ppp | chap]
R1(config-if)#ppp pap sent-username this_hostname password xxx
R1(config)#frame-relay switching
R1(config)#interface s0/0/0
R1(config-if)#clock rate 64000
R1(config-if)#encapsulation frame-relay
R1(config-if)#frame-relay intf-type dce
R1(config-if)#frame-relay route 102 interface s0/0/1 201
R1(config-if)#no shutdown
R1(config)#interface s0/0/1
R1(config-if)#clock rate 64000
R1(config-if)#encapsulation frame-relay
R1(config-if)#frame-relay intf-type dce
R1(config-if)#frame-relay route 201 interface s0/0/0 102
R1#clear frame-relay inarp
R1#show frame-relay map
R1#debug frame-relay lmi
R1#show frame-relay pvc [102] [dlci]
R1#show frame-relay lmi
R1(config-if)#encapsulation frame-relay
R1(config-if)#no frame-relay inverse-arp
R1(config-if)#frame-relay map ip 10.1.1.2 101 [broadcast cisco]
-> frame-relay map protocol protocol-address dlci [broadcast] [ietf] [cisco]
-> broadcast enable dynamic routing protocol over virtual circuit
R1(config-if)#interface s0/0/0.102 [multipoint | point-to-point]
-> if all routes belong to the same subnet, use multipoint.
R1(config-subif)#ip address a.a.a.a m.m.m.m
R1(config-subif)#bandwidth 64
R1(config-subif)#frame-replay interface-dlci 102
| Leased Line | Charge by distance, capacity | up to 45 Mb/s (E3/T3) | permanent fixed capacity |
| Basic telephone | distance, time | 33-56 kb/s | dialed, slow connection | ISDN | distance, time | 64 or 128 kbps up to 2 Mbps, PRI | dialed, slow connection |
| X.25 | volume | up to 48 kbps | switched fixed capacity |
| ATM | capacity | up to 155 Mbps | permanent variable capacity |
| Frame Relay | capacity | tup to 45 Mbps | permanent variable capacity |
| DSL | monthly subscription | up to 3 Mbps | always on shared Internet |
| Metro Ethernet | monthly subscription | up to 500 Mbps | limited geographic scope |
WAN Cable Connectors
The DTE/DCE interface uses following Physical layer protocols:EIA/TIA-232: up to 64 kb/s on a 25-pin D-connector over short distances.
EIA/TIA-449/530: faster (up to 2 Mb/s) version of EIA/TIA-232. A 36-pin D-connector and is capable of longer cable runs. Also known as RS422 and RS-423.
EIA/TIA-612/613: High-Speed Serial Interface (HSSI) protocol. Up to 52 Mb/s on a 60-pin D-connector.
V.35: the ITU-T standard for synchronous communications between a network access device and a packet network. Up to 2.048 Mb/s on a 34-pin rectangular connector.
X.21: an ITU-T standard for synchronous digital communications. A 15-pin D-connector.
Saturday, May 15, 2010
security related CLI, ACL
(config)#auto secure
Configure IP Access-List
port security
(config-if)#switchport port-security
-> enable switchport security, and applied all the default values.
(config-if)#switchport port-security maximum 1
-> allow only 1 mac address
(config-if)#switchport port-security mac-address sticky
-> only use the first learned MAC address
(config-if)#switchport port-security violation [protect | restrict | shutdown]
-> default: shutdown
-> protect: only allow traffic from the secure port and drop packets from other MAC
-> restrict: alert admin
#debug ip packet detail access-list-num
(config)#access-list 102 permit udp any any eq rip
-> permit Routing Information Protocol (RIP):
(config)#access-list 102 permit igrp any any
-> permit Interior Gateway Routing Protocol (IGRP):
(config)#access-list 102 permit eigrp any any
-> permit Enhanced IGRP (EIGRP):
(config)#access-list 102 permit ospf any any
->allow Open Shortest Path First (OSPF):
(config)#access-list 102 permit tcp any any eq 179
->permit Border Gateway Protocol (BGP):
Configure SSH:
(config)#ip domain-name mydomain.com
(config)#crypto key generate rsa
(config)#ip ssh version 2
(config)#ip ssh time-out 120
(config)#ip ssh authentication-retries 3
(config)#line vty 0 15
(config-ine)#transport input SSH
-> ssh only, disable telnet
DHCP snooping:
(config)#ip dhcp snooping [vlan number 99]
(config-if)#ip dhcp snooping trust
(config)#ip dhcp snooping limit rate 10
(config)#no ip http server
(config)#access-list my_list_num permit my_ip_address
(config)#access-list my_list_num deny any
(config)#line vty 0 4
(config-line)#access-list my_access_list_num in
(config-line)#exec-timeout 5 0
-> line times out 5 minutes + 0 seconds
(config-line)#privilege level 12
-> level 15 (1111) is highest.
(config)#ip http access-class my_access_list_num
>> allows only my_ip_address to access vty lines.
(config)#access-list 123 ip permit host my_manager_ip host current_router_hostname
(config)#access-list 123 deny ip any any
>> encrypt traffic to the manage station, not encrypt (deny) traffic to all other IPs.
(config)#crypto ipsec transform-set my_transform_name ah-md5-hmac esp-des
(config)#crypto map my_map policy_id ipsec-isakmp
(config-crypto-map)#set peer manage_ip
(config-crypto-map)#set transform-set my_transform_name
(config-crypto-map)#match address 123
(config)#int s0/1
(config-if)#crypto map my_map
(config)#ip http authentication [enable | local | tacacs | aaa]
(config)#crypto isakmp policy policy_num
>> create a security policy #
(config-isakmp)#authentication pre-share
(config)#username jdoe privilege 5 [password joes_passwd]
(config)#privilege exec level 2 clear line
(config)#privilege exec level 10 telnet
(config)#privilege exec level 10 debug
(config)#privilege exec level 15 show access-lists
(config)#privilege exec level 15 show logging
--> only level 15 can see logging
==> enable moves up level to 15
#disable 2
--> move down to level 2
AAA - authentication, authorization, accounting
(config)#aaa new-model
(config)#aaa authentication login default local
(config)#line vty 0 4
(config-line)#login authentication default
(config)#tacacs-server host x.x.x.x
(config)#tacacs-server key my_tkey
--> apply default aaa authentication to each telnet line
(config)#aaa authentication login default group tacacs+ local
--> use tacacs+ server first, if unreachable, use local login password
(config)#aaa authentication enable default group tacacs+ enable
(config)#ip http authentication aaa
(config)#aaa authorization exec default group tacacs+ if-authenticated
(config)#aaa authorization commands 15 default group tacacs+ if-authenticated
--> allow authenticated users to run any command at their current level
(config)#radius-server host y.y.y.y
(config)#radius-server key my_rkey
(config)#aaa authentication loging default group radius local
(config)#aaa authentication enable default group radius enable
(config)#line con 0
(config-line)#login authentication default
(config)#kerberos local-realm my_kserver.com
(config)#kerberos server my_kserver.com my_k_ip
(config)#kerberos srvtab remote my_k_ip srvtab-filename
(config)#kerberos credentials forward
(config)#aaa authentication login default krb5 local
(config)#line vty 0 4
(config-line)#login authentication default
(config)#key chain myKeyName
(config-keychain)#key 1
(config-keychain)#key-string xxx
(config)#interface s0/0/0
(config-if)#ip authentication mode eigrp 1 md5
(config-if)#ip authentication key-chain eigrp 1 myKeyName
(config)#interface s0/0/1
(config-if)#ip ospf message-digest-key 1 md5 mykey
(config-if)#ip ospf authentication message-digest
(config)#router ospf autonomous_num
(config-router)#area 0 authentication message-digest
(config)#access-list 16 permit x.y.0.0 0.0.255.255
(config)#access-list 16 deny any
(config)#interface s0/0
(config-if)#ip access-group 16 out
(config-if)#no ip redirects
(config-if)#no ip directed-broadcast
(config-if)#no ip mask-reply
(config-if)#no ip unreachables
(config-if)#no ip proxy-arp
(config-if)#no cdp enable
(config-if)#ip verify unicast reverse-path
(config-if)#ntp disable
(config-if)#ip access-group 101 in
(config-if)#ip access-group 102 out
(config)#ntp authenticate
(config)#ntp authentication-key 12 md5 mykey
(config)#ntp trusted-key 12
(config)#ntp server x.x.y.y key 12
(config)#logging console
(config)#logging on
(config)#logging buffered 32000
--> 32000 byte logging buffer
(config)#logging trap debugging
(config)#logging x.y.z.b
--> output syslog to a network device.
Configure IP Access-List
port security
(config-if)#switchport port-security
-> enable switchport security, and applied all the default values.
(config-if)#switchport port-security maximum 1
-> allow only 1 mac address
(config-if)#switchport port-security mac-address sticky
-> only use the first learned MAC address
(config-if)#switchport port-security violation [protect | restrict | shutdown]
-> default: shutdown
-> protect: only allow traffic from the secure port and drop packets from other MAC
-> restrict: alert admin
#debug ip packet detail access-list-num
(config)#access-list 102 permit udp any any eq rip
-> permit Routing Information Protocol (RIP):
(config)#access-list 102 permit igrp any any
-> permit Interior Gateway Routing Protocol (IGRP):
(config)#access-list 102 permit eigrp any any
-> permit Enhanced IGRP (EIGRP):
(config)#access-list 102 permit ospf any any
->allow Open Shortest Path First (OSPF):
(config)#access-list 102 permit tcp any any eq 179
->permit Border Gateway Protocol (BGP):
Configure SSH:
(config)#ip domain-name mydomain.com
(config)#crypto key generate rsa
(config)#ip ssh version 2
(config)#ip ssh time-out 120
(config)#ip ssh authentication-retries 3
(config)#line vty 0 15
(config-ine)#transport input SSH
-> ssh only, disable telnet
DHCP snooping:
(config)#ip dhcp snooping [vlan number 99]
(config-if)#ip dhcp snooping trust
(config)#ip dhcp snooping limit rate 10
(config)#no ip http server
(config)#access-list my_list_num permit my_ip_address
(config)#access-list my_list_num deny any
(config)#line vty 0 4
(config-line)#access-list my_access_list_num in
(config-line)#exec-timeout 5 0
-> line times out 5 minutes + 0 seconds
(config-line)#privilege level 12
-> level 15 (1111) is highest.
(config)#ip http access-class my_access_list_num
>> allows only my_ip_address to access vty lines.
(config)#access-list 123 ip permit host my_manager_ip host current_router_hostname
(config)#access-list 123 deny ip any any
>> encrypt traffic to the manage station, not encrypt (deny) traffic to all other IPs.
(config)#crypto ipsec transform-set my_transform_name ah-md5-hmac esp-des
(config)#crypto map my_map policy_id ipsec-isakmp
(config-crypto-map)#set peer manage_ip
(config-crypto-map)#set transform-set my_transform_name
(config-crypto-map)#match address 123
(config)#int s0/1
(config-if)#crypto map my_map
(config)#ip http authentication [enable | local | tacacs | aaa]
(config)#crypto isakmp policy policy_num
>> create a security policy #
(config-isakmp)#authentication pre-share
(config)#username jdoe privilege 5 [password joes_passwd]
(config)#privilege exec level 2 clear line
(config)#privilege exec level 10 telnet
(config)#privilege exec level 10 debug
(config)#privilege exec level 15 show access-lists
(config)#privilege exec level 15 show logging
--> only level 15 can see logging
==> enable moves up level to 15
#disable 2
--> move down to level 2
AAA - authentication, authorization, accounting
(config)#aaa new-model
(config)#aaa authentication login default local
(config)#line vty 0 4
(config-line)#login authentication default
(config)#tacacs-server host x.x.x.x
(config)#tacacs-server key my_tkey
--> apply default aaa authentication to each telnet line
(config)#aaa authentication login default group tacacs+ local
--> use tacacs+ server first, if unreachable, use local login password
(config)#aaa authentication enable default group tacacs+ enable
(config)#ip http authentication aaa
(config)#aaa authorization exec default group tacacs+ if-authenticated
(config)#aaa authorization commands 15 default group tacacs+ if-authenticated
--> allow authenticated users to run any command at their current level
(config)#radius-server host y.y.y.y
(config)#radius-server key my_rkey
(config)#aaa authentication loging default group radius local
(config)#aaa authentication enable default group radius enable
(config)#line con 0
(config-line)#login authentication default
(config)#kerberos local-realm my_kserver.com
(config)#kerberos server my_kserver.com my_k_ip
(config)#kerberos srvtab remote my_k_ip srvtab-filename
(config)#kerberos credentials forward
(config)#aaa authentication login default krb5 local
(config)#line vty 0 4
(config-line)#login authentication default
(config)#key chain myKeyName
(config-keychain)#key 1
(config-keychain)#key-string xxx
(config)#interface s0/0/0
(config-if)#ip authentication mode eigrp 1 md5
(config-if)#ip authentication key-chain eigrp 1 myKeyName
(config)#interface s0/0/1
(config-if)#ip ospf message-digest-key 1 md5 mykey
(config-if)#ip ospf authentication message-digest
(config)#router ospf autonomous_num
(config-router)#area 0 authentication message-digest
(config)#access-list 16 permit x.y.0.0 0.0.255.255
(config)#access-list 16 deny any
(config)#interface s0/0
(config-if)#ip access-group 16 out
(config-if)#no ip redirects
(config-if)#no ip directed-broadcast
(config-if)#no ip mask-reply
(config-if)#no ip unreachables
(config-if)#no ip proxy-arp
(config-if)#no cdp enable
(config-if)#ip verify unicast reverse-path
(config-if)#ntp disable
(config-if)#ip access-group 101 in
(config-if)#ip access-group 102 out
(config)#ntp authenticate
(config)#ntp authentication-key 12 md5 mykey
(config)#ntp trusted-key 12
(config)#ntp server x.x.y.y key 12
(config)#logging console
(config)#logging on
(config)#logging buffered 32000
--> 32000 byte logging buffer
(config)#logging trap debugging
(config)#logging x.y.z.b
--> output syslog to a network device.
Wednesday, April 28, 2010
STP - Spanning Tree Protocol
switch(config)#spanning-tree mode pvst
switch(config)#spanning-tree mode rapid-pvst
switch(config)#spanning-tree vlan 10 root primary
switch(config)#spanning-tree vlan 20 root secondary
switch(config)#spanning-tree vlan 10 priority 4096
switch(config)#spanning-tree vlan 99 root primary diameter 5
switch(config)#interface fastethernet 0/18
switch(config-if)#spanning-tree cost 25
switch(config-if)#spanning-tree portfast
-> for access port. Also designates RSTP edge port.
switch(config-if)#spanning-tree port-priority 112 (default 128)
switch(config-if)#spanning-tree link-type point-to-point
switch#clear spanning-tree detected-protocols
-> clear all detected STP
switch#show spanning-tree vlan 10
Friday, April 16, 2010
VLAN & VTP
VLAN tag control: 3 bit of priority (used by 802.1p standard), 1 bit of Canonical Format Identifier (enables Token Ring frames), 12 bit of VLAN ID. 
S1#delete flash:vlan.dat
S1(config)#vlan 10
S1(config-vlan)#name student
S1#vlan database (for old switches)
S1(vlan)#vlan 10 name xxx (for old switches)
S1(vlan)#vtp client (for old switches)
S1(config)#no vlan 10
S1(config)#vlan 100,105-110
S1#show vlan brief
S1#show vlan id 10
S1#show vlan name student
S1#show interface vlan 10 switchport
S1#show vlan summary
S1(config)#interface range gi0/1-2
S1(config-if-range)#shutdown
S1(config)#interface range fa0/1-24
S1(config-if-range)#shutdown
S1(config)#interface range fa0/6, fa0/11
S1(config-if-range)#switchport mode access
S1(config-if-range)#no shutdown
S1(config)#interface range fa0/6-10
S1(config-if-range)#switchport access vlan 10
S1(config-if)#mls qos trust cos
S1(config)#interface fa0/18
S1(config-if)#switchport voice vlan 150
S1(config-if)#switchport mode access
S1(config-if)#no switchport access vlan
S1(config-if)#switchport access vlan 105
S1(config-if)#switchport port-security maximum 2
S1(config-if)#switchport port-security mac-address sticky
S1(config-if)#duplex auto // can be full, or half
S1(config-if)#speed auto
S1(config)#[no] mac-address-table static vlan {1-4096, ALL} interface interface-id 
S1(config)#interface F0/1
S1(config-if)#switchport trunk encapsulation dot1q
S1(config-if)#switchport mode trunk ... or
S1(config-if)#switchport mode dynamic auto ... or
S1(config-if)#switchport mode dynamic desirable ... or
S1(config-if)#switchport nonegotiate
S1(config-if)#switchport trunk native vlan 99
S1#show interface trunk
switch(config)#ip default-gateway 172.17.99.1
switch(config)#interface vlan 99
switch(config-if)#ip address 172.17.99.11 255.255.255.0
switch(config-if)#no shutdown
Router(config)#interface fa0/0.10
-> for vlan 10
Router(config-subif)#encapsulate dot1q 10
Router(config-subif)#ip address 172.16.10.11 255.255.255.0
Router(config)#interface fa0/0.99
Router(config-subif)#encapulate dot1q native 99
Router(config-subif)#ip address 172.16.99.1 255.255.255.0
Router(config-subif)#interface fa0/0
Router(config-if)#no shutdown
S1#show vtp status
S1(config)#vtp domain mydomain
S1(config)#vtp version 1
S1(config)#vtp password mypassword
S1(config)#vtp mode [server | client]
S1#delete flash:vlan.dat
S1(config)#vlan 10
S1(config-vlan)#name student
S1#vlan database (for old switches)
S1(vlan)#vlan 10 name xxx (for old switches)
S1(vlan)#vtp client (for old switches)
S1(config)#no vlan 10
S1(config)#vlan 100,105-110
S1#show vlan brief
S1#show vlan id 10
S1#show vlan name student
S1#show interface vlan 10 switchport
S1#show vlan summary
-> display count of all configured VLANs
S1(config)#interface range gi0/1-2
S1(config-if-range)#shutdown
S1(config)#interface range fa0/1-24
S1(config-if-range)#shutdown
S1(config)#interface range fa0/6, fa0/11
S1(config-if-range)#switchport mode access
S1(config-if-range)#no shutdown
S1(config)#interface range fa0/6-10
S1(config-if-range)#switchport access vlan 10
S1(config-if)#mls qos trust cos
-> ensure that voice traffic as priority traffic (if the network is setup to prioritize voice traffic)
S1(config)#interface fa0/18
S1(config-if)#switchport voice vlan 150
S1(config-if)#switchport mode access
S1(config-if)#no switchport access vlan
S1(config-if)#switchport access vlan 105
S1(config-if)#switchport port-security maximum 2
S1(config-if)#switchport port-security mac-address sticky
S1(config-if)#duplex auto // can be full, or half
S1(config-if)#speed auto
S1(config)#[no] mac-address-table static
-> create a static mapping in the MAC address table
S1(config)#interface F0/1
S1(config-if)#switchport trunk encapsulation dot1q
S1(config-if)#switchport mode trunk ... or
S1(config-if)#switchport mode dynamic auto ... or
S1(config-if)#switchport mode dynamic desirable ... or
S1(config-if)#switchport nonegotiate
-> turn off DTP
S1(config-if)#switchport trunk native vlan 99
S1#show interface trunk
switch(config)#ip default-gateway 172.17.99.1
switch(config)#interface vlan 99
switch(config-if)#ip address 172.17.99.11 255.255.255.0
switch(config-if)#no shutdown
Router(config)#interface fa0/0.10
-> for vlan 10
Router(config-subif)#encapsulate dot1q 10
Router(config-subif)#ip address 172.16.10.11 255.255.255.0
Router(config)#interface fa0/0.99
Router(config-subif)#encapulate dot1q native 99
Router(config-subif)#ip address 172.16.99.1 255.255.255.0
Router(config-subif)#interface fa0/0
Router(config-if)#no shutdown
S1#show vtp status
S1(config)#vtp domain mydomain
S1(config)#vtp version 1
S1(config)#vtp password mypassword
S1(config)#vtp mode [server | client]
Subscribe to:
Posts (Atom)