R1 (config) # no enable password R1 (config) # no enable secret
Pre configuration for Cisco SDM S1 (config-line) # privilege level 15 Configure HTTP Server :S1 (config) # ip http authentication enable S1 (config) # ip http server S1 (config) # ip http secure-server ACL (Access Control List) Wildcard mask: 0 bit - check 1 bit - ignore A single host: 192.168.10.5 0.0.0.0 / host 192.16.10.5 Standard ACL: [1-99] [1300-1999] implemented close to the destination of the traffic Dumidu Darshika Senanayake Page 2 of 17
Cisco IOS Commands
R1 (config) # access-list [ACL no.] [permit / deny] [source ip add.] [wildcard mask] R1 (config) # access-list 10 deny 192.168.10.0 0.0.0.255 Extended ACL: [100-199] [2000-2699] implemented close to source of the traffic R1 (config) # access-list [ACL no.] [permit / deny] [protocol] [source network add. wildcard mask] [destination network add. wildcard mask] eq [service] R1 (config) # access-list 110 deny tcp 192.168.10.0 0.0.0.255 any eq telnet Activating an ACL:
R1 (config-if) # ip access-group [no.] [in / out] R1 (config-if) # ip access-group 10 out R1 (config) # line vty 0 4 R1 (config-line) # ip access-group 10 in
Named ACL:
R1 (config) # ip access-list standard [name] R1 (config) # ip access-list standard NO_ACCESS R1 (config-std-nacl) # [permit / deny] [source ip add.] [wildcard mask] R1 (config-std-nacl) # deny 192.168.10.0 0.0.0.255 R1 (config-std-nacl) # exit
R1 (config-if) # ip ospf hello-interval [seconds] R1 (config-if) # ip ospf dead-interval [seconds] (hello x 4)
Simple Authentication :enables authentication for all the interfaces in area 0
R1 (config-router) # area 0 authentication R1 (config-if) # ip ospf authentication-key [password] R1 (config-if) # ip ospf authentication-key cisco123 enables authentication for specific interface
R1 (config-if) # ip ospf authentication R1 (config-if) # ip ospf authentication-key [password] R1 (config-if) # ip ospf authentication-key cisco123 md5 (message-digest) Authentication :enables md5 authentication for all the interfaces in area 0 R1 (config-router) # area 0 authentication message-digest R1 (config-if) # ip ospf message-digest-key 1 md5 [password] R1 (config-if) # ip ospf message-digest-key 1 md5 cisco123 enables md5 authentication for specific interface
R1 (config-if) # ip ospf authentication message-digest R1 (config-if) # ip ospf message-digest-key 1 md5 [password] R1 (config-if) # ip ospf message-digest-key 1 md5 cisco123 R1 # show ip ospf R1 # show ip ospf interface R1 # show ip ospf neighbor R1 # clear ip ospf process Configuring Passive interface :-
Distributing (Default) Static route through RIP, EIGRP, OSPF 01).
R1 (config) # ip route 0.0.0.0 0.0.0.0 209.165.200.225 (next hop ip) R1 (config-router) # default-information originate
02).
R1 (config) # ip route 192.168.0.0 255.255.0.0 s0/0/1 R1 (config-router) # redistribute static R1 # show ip route R1 # show ip protocol R1 # debug ip routing
WAN Configuration WAN configuration only performed on serial interfaces. HDLC (High-level Data Link Control) R1 (config-if) # encapsulation hdlc PPP (Point to Point Protocol) R1 (config-if) # encapsulation ppp Compression: Link quality: Load balancing:
FR-Switch (config-if) # frame-relay intf-type dce FR-Switch (config-if) # frame-relay route 102 interface serial 0/0/1 201 no frame-relay inverse-arp no ip split-horizon R1 # show frame-relay map R1 # show frame-relay pvc / show frame-relay pvc [dlci] R1 # show frame-relay lmi R1 #debug frame-relay lmi DHCP (Dynamic Host Configuration Protocol) Step1: Exclude an address range R1 (config) # ip dhcp excluded-address [low add.] [high add.] R1 (config) # ip dhcp excluded-address 192.168.1.1 192.168.1.9 Step2: Create DHCP pool R1 (config) # ip dhcp pool [pool name] R1 (config) # ip dhcp pool SALES R1 (config-dhcp) # Step3: define the pool address R1 (config-dhcp) # network [network add. mask / prefix] R1 (config-dhcp) # network 192.168.1.0 255.255.255.0 R1 (config-dhcp) # default-router [ip add.] R1 (config-dhcp) # default-router 192.168.1.1 R1 (config-dhcp) # dns-server [ip add.] R1 (config-dhcp) # dns-server 192.168.20.254 R1 (config-dhcp) # netbios-name-server [ip add.] R1 (config-dhcp) # netbios-name-server 192.168.20.254 R1 (config-dhcp) # domain-name [name] R1 (config-dhcp) # domain-name mydomain.com R1 (config-dhcp) # lease {days hours minutes / infinite} R1 (config-dhcp) # lease 7 DHCP Relay
R1 (config) # interface f0/0 R1 (config-if) # ip helper-address [dhcp server ip add.] R1 (config-if) # ip helper-address 192.168.10.5 Dumidu Darshika Senanayake Page 9 of 17
Cisco IOS Commands
R1 (config) # ip forward-protocol udp [port no.] R1 (config) # ip forward-protocol udp 161 R1 # show ip dhcp binding R1 # show ip dhcp server statistics R1 # show ip dhcp pool R1 # show ip address conflicts R1 # debug ip dhcp events R1 # debug ip dhcp server R1 # debug ip dhcp packet detail NAT (Network Address Translation)
ISP static route
ISP (config) # ip route 209.165.200.0 255.255.255.0 209.165.100.225
Static NAT (Public address given by ISP 209.165.200.254) Step1: specify static translation between an inside local and inside global address R1 (config) # ip nat inside source static [local ip] [global ip] R1 (config) # ip nat inside source static 192.168.20.10 209.165.200.254 Step2: mark the router interface as an inside or outside interface R1 (config-if) # ip nat [inside / outside] R1 (config) # interface f0/0 R1 (config-if) # ip nat inside
Dynamic NAT (Public address range from ISP 209.165.200.11 – 209.165.200.20 /24) Step1: define a named address pool of outside addresses R1 (config) # ip nat pool [name] [ip range] netmask [mask] R1 (config) # ip nat pool NAT1 209.165.200.11 209.165.200.20 netmask 255.255.255.0 Step2: define an access list to specify those inside address R1 (config) # access-list 1 permit 192.168.10.0 0.0.0.255 Dumidu Darshika Senanayake Page 10 of 17
Cisco IOS Commands
Step3 *: Specify dynamic translation R1 (config) # ip nat inside source list [ACL no.] pool [name] R1 (config) # ip nat inside source list 1 pool NAT1 Step4: R1 (config-if) # ip nat [inside / outside] PAT (Port Address Translation) Single public address Step1: R1 (config) # access-list 1 permit 192.168.10.0 0.0.0.255 Step2 *: R1 (config) # ip nat inside source list 1 interface s0/0/0 overload Step3: R1 (config-if) # ip nat [inside / outside] Multiple public address Step1: R1 (config) # access-list 1 permit 192.168.10.0 0.0.0.255 Step2: R1 (config) # ip nat pool NAT1 209.165.200.11 209.165.200.20 Step3 *: R1 (config) # ip nat inside source list 1 pool NAT1 overload Step4: R1 (config-if) # ip nat [inside / outside] R1 # show ip nat translation R1 # show ip nat translation verbose R1 # show ip nat statistics R1 # debug ip nat R1 # clear ip nat translation IPv6 2002:c0a8:0101:0000:0000:0000:0000:0042 2002:c0a8:101::42 Classful / Classless Routing Behavior R1 (config) # ip classless Saving Configuration :-
R1 (config) # no ip classless
R1 # copy running-config startup-config
Backup Startup-config to flash :-
R1 # copy startup-config flash:config.bak1
R1 # copy system:running-config tftp://172.16.2.155/tokyo-config R1 # copy startup-config tftp [tftp server ip add.] Restore Configuration :-
Boot from another image :Step1: configure a tftp server Dumidu Darshika Senanayake Page 11 of 17
Cisco IOS Commands
Step2: R1 # copy tftp flash [ip add. of tftp server] 192.168.20.254 [new IOS image name] c1841-ipbasek9-mz.124-12.bin Step3: R1 (config) # boot system flash: c1841-ipbasek9-mz.124-12.bin Step4: save configuration R1 # copy run start Step5: restart the router c2960-lanbase-mz.122-25.SEE1.bin c1841-ipbase-mz.123-14.T7.bin c1841-ipbasek9-mz.124-12.bin Platform: Cisco 2960 Cisco 1841 Cisco 1841 Feature set: lan base ip base ip base k9 File format: m (runs in RAM) z (compressed) Version: 12.2 (25) SEE1 12.3 (14) T7 12.4 (12) File extinction: binary executable Recovering a lost password :Step1: power cycle the router, and press [Ctrl]+[Break] key while booting. This will bring the router to ROMmon mode. Step2: rommon 1 > confreg 0x2142 rommon 2 > reset Step3: after rebooting copy startup to running. Change the password Step4: change the configuration registry back to default. R1 (config) # config-register 0x2102 Step5: save the configuration, and power cycle the router. 0x2102 – default registry value 0x2142 – bypass startup configuration Commands helpful in Troubleshooting R1 # show running-config R1 # show startup-config R1 # show version R1 # show flash
This example shows how to configure an EtherChannel on a single switch in the stack. It assigns two ports as static-access ports in VLAN 10 to channel 5 with the PAgP mode desirable : Switch# configure terminal Switch(config)# interface range gigabitethernet2/0/1 -2 Switch(config-if-range)# switchport mode access Switch(config-if-range)# switchport access vlan 10 Switch(config-if-range)# channel-group 5 mode desirable non-silent Switch(config-if-range)# end This example shows how to configure an EtherChannel on a single switch in the stack. It assigns two ports as static-access ports in VLAN 10 to channel 5 with the LACP mode active : Switch# configure terminal Switch(config)# interface range gigabitethernet2/0/1 -2 Switch(config-if-range)# switchport mode access Switch(config-if-range)# switchport access vlan 10 Dumidu Darshika Senanayake Page 16 of 17
Cisco IOS Commands
Switch(config-if-range)# channel-group 5 mode active Switch(config-if-range)# end
Thank you for interesting in our services. We are a non-profit group that run this website to share documents. We need your help to maintenance this website.