THE SCHOOL OF CISCO NETWORKING (SCN): BASIC - CISCO IOS COMMAND REFERENCE FOR ROUTERS & SWITCHS:
Contact No:   ### / ###/ ###
Welcome To The IT Knowledge Base Sharing Freeway "Study With The Zero Fees / Zero Money" Web - If We Believe, That If We Have Knowledge, Let Others Light Their Candles With It. - Our Motivation Has Brought Us Together To Offer Our Helping Hands To The Needy Ones Please. "Student Expectations And Satisfaction Is Always Our Highest Priority")

'Love All, Serve All, Help Ever Hurt Never'

Please Welcome To The "Zero Fees And Zero Money SCN Community Study Page"

We Like To Share Our Stuff With Everyone And Hope You Will Find Something Useful Here. Enjoy Our Collection And Come Back Again And Again, We'll Do Our Best To Make It Always Interesting For You. All Our Stuff Always Available May Be 100% Totally Freely. Use Only For Non-Commercial Purposes Only!

THE SCHOOL OF CISCO NETWORKING (SCN) Is A IT Support Community – Based, Non - Profit Volunteer Organizations, Offering Our Assistance And Support To Developmental Our Services Dedicated To All.

Because Large Section Of Our Students In This World, Especially In Villages, Who Are Under Privileged Expecting For Equal Opportunity In Terms Of Money And Education. We Feel The Sufferings Of Talented Students Losing Their Opportunity To Shine Because Of Their Poor Financial Status. So We Thought That Professional Education Will Be Providing Them Freely.

Our Web Site Is To Give An Easy Way To Understand Each And Every Student Who Are Going To Start CISCO Lab Practice Without Any Doubts And Our ARTICLES STUFF Are Always 100% Totally Free For Everyone, Which Is Belongings To THE SCHOOL OF CISCO NETWORKING (SCN).

Also This Guide Provides Technical Guidance Intended To Help All Network Students, Network Administrators And Security Officers Improve Of Their Demonstrated Ability To Achieve Specific objectives Within Set Timeframes.

Hands - On Experience Is An Invaluable Part Of Preparing For The Lab Exam And Never Pass Up An Opportunity To Configure Or Troubleshoot A Router ( If You Have Access To Lab Facilities, Take Full Advantage Of Them) There Is No Replacement For The Experience You Can Gain From Working In A Lab, Where You Can Configure Whatever You Want To Configure And Introduce Whatever Problems You Want To Introduce, Without Risk Of Disrupting A Production Network.

For Better View Of Our Web Page - Please Use Any Latest Web Browser, Such As (Mozilla Firefox, Google Chrome, Opera, Safari, Internet Explorer, Torch, Maxthon, Sea Monkey, Avant Browser, Deepnet Explorer, And Etc ), Because Some Elements Or Scripts Are Not Work In The Old Web Browser (It Might Not Be Displayed Properly Or Are Not Appearing properly!). Thank You For Your Time And Best Of Luck!

Your Sincerely – Premakumar Thevathasan.
"Our Motivation Has Brought Us Together To Offer Our Helping Hands To The Needy Once Please,Thank You."

BASIC - CISCO IOS COMMAND REFERENCE FOR ROUTERS & SWITCHS:

Cisco IOS (originally Internetwork Operating System) is the software used on the vast majority of Cisco Systems routers and current Cisco network switches. (Earlier switches ran CatOS.)

IOS is a package of routing, switching, internet working and telecommunications functions tightly integrated with a multitasking operating system.

The IOS CLI provides a fixed set of multiple-word commands — the set available is determined by the "mode" and the privilege level of the current user.


"Global configuration mode" provides commands to change the system's configuration, and "interface configuration mode" provides commands to change the configuration of a specific interface. All commands are assigned a privilege level, from 0 to 15, and can only be accessed by users with the necessary privilege.

Through the CLI, the commands available to each privilege level can be defined.

What this document covers

There are several methods available for configuring Cisco routers. It can be done over the network from a TFTP server. It can be done through the menu interface provided at bootup, and it can be done from the menu interface provided by using the command setup. This tutorial does not cover these methods. It covers configuration from the IOS command-line interface only. Useful for anyone new to Cisco routers, and those studying for CCNA.

Note that this tutorial does not cover physically connecting the router to the networks it will be routing for. It covers operating system configuration only.
1.1 Reasons for using the command-line

The main reason for using the command-line interface instead of a menu driven interface is speed. Once you have invested the time to learn the command-line commands, you can perform many operations much more quickly than by using a menu. This is basically true of all command-line vs. menu interfaces. What makes it especially efficient to learn the command-line interface of the Cisco IOS is that it is standard across all Cisco routers. Also, some questions on the CCNA exam require you to know command-line commands.

2. Getting started with Cisco

Initially you will probably configure your router from a terminal. If the router is already configured and at least one port is configured with an IP address, and it has a physical connection to the network, you might be able to telnet to the router and configure it across the network. If it is not already configured, then you will have to directly connect to it with a terminal and a serial cable. With any Windows box you can use Hyperterminal to easily connect to the router. Plug a serial cable into a serial (COM) port on the PC and the other end into the console port on the Cisco router. Start Hyperterminal, tell it which COM port to use and click OK. Set the speed of the connection to 9600 baud and click OK. If the router is not on, turn it on.

If you wish to configure the router from a Linux box, either Seyon or Minicom should work. At least one of them, and maybe both, will come with your Linux distribution.

Often you will need to hit the Enter key to see the prompt from the router. If it is unconfigured it will look like this:
Router>

If it has been previously configured with a hostname, it will look like this:
hostname of router>

If you have just turned on the router, after it boots it will ask you if you wish to begin initial configuration. Say no. If you say yes, it will put you in the menu interface. Say no.
2.1 Modes

The Cisco IOS command-line interface is organized around the idea of modes. You move in and out of several different modes while configuring a router, and which mode you are in determines what commands you can use. Each mode has a set of commands available in that mode, and some of these commands are only available in that mode. In any mode, typing a question mark will display a list of the commands available in that mode.

Router>?
2.2 Unprivileged and privileged modes

When you first connect to the router and provide the password (if necessary), you enter EXEC mode, the first mode in which you can issue commands from the command-line. From here you can use such unprivileged commands as ping, telnet, and rlogin. You can also use some of the show commands to obtain information about the system. In unprivileged mode you use commands like, show version to display the version of the IOS the router is running. Typing show ? will diplay all the show commands available in the mode you are presently in.
Router>show ?

You must enter privileged mode to configure the router. You do this by using the command enable. Privileged mode will usually be password protected unless the router is unconfigured. You have the option of not password protecting privileged mode, but it is HIGHLY recommended that you do. When you issue the command enable and provide the password, you will enter privileged mode.

To help the user keep track of what mode they are in, the command-line prompt changes each time you enter a different mode. When you switch from unprivileged mode to privileged mode, the prompt changes from:
Router>

to
Router#

This would probably not be a big deal if there were just two modes. There are, in fact, numerous modes, and this feature is probably indispensable. Pay close attention to the prompt at all times.

Within privileged mode there are many sub-modes. In this document I do not closely follow Cisco terminology for this hierarchy of modes. I think that my explanation is clearer, frankly. Cisco describes two modes, unprivileged and privileged, and then a hierarchy of commands used in privileged mode. I reason that it is much clearer to understand if you just consider there to be many sub-modes of privileged mode, which I will also call parent mode. Once you enter privileged mode (parent mode) the prompt ends with a pound sign (#). There are numerous modes you can enter only after entering privileged mode. Each of these modes has a prompt of the form:

Router(arguments)#

They still all end with the pound sign. They are subsumed within privileged mode. Many of these modes have sub-modes of their own. Once you enter priliged mode, you have access to all the configuration information and options the IOS provides, either directly from the parent mode, or from one of its submodes.

3. Configuring your Cisco Router

If you have just turned on the router, it will be completely unconfigured. If it is already configured, you may want to view its current configuration. Even if it has not been previously configured, you should familiarize yourself with the show commands before beginning to configure the router. Enter privileged mode by issuing the command enable, then issue several show commands to see what they display. Remember, the command show ? will display all the showcommands aavailable in the current mode. Definately try out the following commands:

Router#show interfaces
Router#show ip protocols
Router#show ip route
Router#show ip arp

When you enter privileged mode by using the command enable, you are in the top-level mode of privileged mode, also known in this document as "parent mode." It is in this top-level or parent mode that you can display most of the information about the router. As you now know, you do this with the show commands. Here you can learn the configuration of interfaces and whether they are up or down. You can display what IP protocols are in use, such as dynamic routing protocols. You can view the route and ARP tables, and these are just a few of the more important options.

As you configure the router, you will enter various sub-modes to set options, then return to the parent mode to display the results of your commands. You also return to the parent mode to enter other sub-modes. To return to the parent mode, you hit ctrl-z. This puts any commands you have just issued into affect, and returns you to parent mode.

3.1 Global configuration (config)

To configure any feature of the router, you must enter configuration mode. This is the first sub-mode of the parent mode. In the parent mode, you issue the command config.
Router#config

Router(config)#

As demonstrated above, the prompt changes to indicate the mode that you are now in.

In connfiguration mode you can set options that apply system-wide, also refered to as "global configurations." For instance, it is a good idea to name your router so that you can easily identify it. You do this in configuration mode with the hostname command.
Router(config)#hostname ExampleName

ExampleName(config)#

As demonstrated above, when you set the name of the host with the hostname command, the prompt immediately changes by replacing Router with ExampleName. (Note: It is a good idea to name your routers with an organized naming scheme.)

Another useful command issued from config mode is the command to designate the DNS server to be used by the router:

ExampleName(config)#ip name-server aa.bb.cc.dd
ExampleName(config)#ctrl-Z
ExampleName#

This is also where you set the password for privileged mode.

ExampleName(config)#enable secret examplepassword
ExampleName(config)#ctrl-Z
ExampleName#

Until you hit ctrl-Z (or type exit until you reach parent mode) your command has not been put into affect. You can enter config mode, issue several different commands, then hit ctrl-Z to activate them all. Each time you hit ctrl-Z you return to parent mode and the prompt:

ExampleName#

Here you use show commands to verify the results of the commands you issued in config mode. To verify the results of the ip name-server command, issue the command show host

3.2 Configuring Cisco router interfaces

Cisco interface naming is straightforward. Individual interfaces are referred to by this convention:

media type slot#/port#

"Media type" refers to the type of media that the port is an interface for, such as Ethernet, Token Ring, FDDI, serial, etc. Slot numbers are only applicable for routers that provide slots into which you can install modules. These modules contain several ports for a given media. The 7200 series is an example. These modules are even hot-swapable. You can remove a module from a slot and replace it with a different module, without interrupting service provided by the other modules installed in the router. These slots are numbered on the router.

Port number refers to the port in reference to the other ports in that module. Numbering is left-to-right, and all numbering starts at 0, not at one.

For example, a Cisco 7206 is a 7200 series router with six slots. To refer to an interface that is the third port of an Ethernet module installed in the sixth slot, it would be interface ethernet 6/2. Therefor, to display the configuration of that interface you use the command:

ExampleName#show interface ethernet 6/2

If your router does not have slots, like a 1600, then the interface name consists only of:
media type port#

For example:
ExampleName#show interface serial 0

Here is an example of configuring a serial port with an IP address:
ExampleName#config
ExampleName(config)#interface serial 1/1
ExampleName(config-if)#ip address 192.168.155.2 255.255.255.0
ExampleName(config-if)#no shutdown
ExampleName(config-if)#ctrl-Z
ExampleName#

Then to verify configuration:
ExampleName#show interface serial 1/1

Note the no shutdown command. An interface may be correctly configured and physically connected, yet be "administratively down." In this state it will not function. The command for causing an interface to be administratively down is shutdown.

ExampleName(config)#interface serial 1/1
ExampleName(config-if)#shutdown
ExampleName(config-if)#ctrl-Z
ExampleName#show interface serial 1/1

In the Cisco IOS, the way to reverse or delete the results of any command is to simply put no infront of it. For instance, if we wanted to unassign the IP address we had assigned to interface serial 1/1:

ExampleName(config)#interface serail 1/1
ExampleName(config-if)#no ip address 192.168.155.2 255.255.255.0
ExampleName(config-if)ctrl-Z
ExampleName#show interface serial 1/1

Configuring most interfaces for LAN connections might consist only of assigning a network layer address and making sure the interface is not administratively shutdown. It is usually not necessary to stipulate data-link layer encapsulation. Note that it is often necessary to stipulate the appropriate data-link layer encapsulation for WAN connections, such as frame-relay and ATM. Serial interfaces default to using HDLC. A discussion of data-link protocols is outside the scope of this document. You will need to look up the IOS command encapsulation for more details.

3.3 Configuring Cisco Routing

IP routing is automatically enabled on Cisco routers. If it has been previously disabled on your router, you turn it back on in config mode with the command ip routing.

ExampleName(config)#ip routing
ExampleName(config)#ctrl-Z

There are two main ways a router knows where to send packets. The administrator can assign static routes, or the router can learn routes by employing a dynamic routing protocol.

These days static routes are generally used in very simple networks or in particular cases that necessitate their use. To create a static route, the administrator tells the router operating system that any network traffic destined for a specified network layer address should be forwarded to a similiarly specified network layer address. In the Cisco IOS this is done with the ip route command.

ExampleName#config
ExampleName(config)#ip route 172.16.0.0 255.255.255.0 192.168.150.1
ExampleName(config)#ctrl-Z
ExampleName#show ip route

Two things to be said about this example. First, the packet destination address must include the subnet mask for that destination network. Second, the address it is to be forwarded to is the specified addres of the next router along the path to the destination. This is the most common way of setting up a static route, and the only one this document covers. Be aware, however, that there are other methods.

Dynamic routing protocols, running on connected routers, enable those routers to share routing information. This enables routers to learn the routes available to them. The advantage of this method is that routers are able to adjust to changes in network topologies. If a route is physically removed, or a neighbor router goes down, the routing protocol searches for a new route. Routing protocols can even dynamically choose between possible routes based on variables such as network congestion or network reliability.

There are many different routing protocols, and they all use different variables, known as "metrics," to decide upon appropriate routes. Unfortunately, a router needs to be running the same routing protocols as its neighbors. Many routers can, however, run mutliple protocols. Also, many protocols are designed to be able to pass routing information to other routing protocols. This is called "redistribution." The author has no experience with trying to make redistribution work. There is an IOS redistribute command you can research if you think this is something you need. This document's compagnion case study describes an alternative method to deal with different routing protocols in some circumstances.

Routing protocols are a complex topic and this document contains only this superficial description of them. There is much to learn about them, and there are many sources of information about them available. An excelent source of information on this topic is Cisco's website, http://www.cisco.com/.

This document describes how to configure the Routing Information Protocol (RIP) on Cisco routers. From the command-line, we must explicitly tell the router which protocol to use, and what networks the protocol will route for.

ExampleName#config
ExampleName(config)#router rip
ExampleName(config-router)#network aa.bb.cc.dd
ExampleName(config-router)#network ee.ff.gg.hh
ExampleName(config-router)#ctrl-Z

ExampleName#show ip protocols

Now when you issue the show ip protocols command, you should see an entry describing RIP configuration.

3.4 Saving your Cisco Router configuration

Once you have configured routing on the router, and you have configured individual interfaces, your router should be capable of routing traffic. Give it a few moments to talk to its neighbors, then issue the commands show ip route and show ip arp. There should now be entries in these tables learned from the routing protocol.

If you turned the router off right now, and turned it on again, you would have to start configuration over again. Your running configuration is not saved to any perminent storage media. You can see this configuration with the command show running-config.

ExampleName#show running-config

You do want to save your successful running configuration. Issue the command copy running-config startup-config.

ExampleName#copy running-config startup-config

Your configuration is now saved to non-volatile RAM (NVRAM). Issue the command show startup-config.
ExampleName#show startup-config

Now any time you need to return your router to that configuration, issue the command copy startup-config running-config.
ExampleName#copy startup-config running-config
3.5 Example Cisco Router configuration

1. Router>enable
2. Router#config
3. Router(config)#hostname P-7206
4.P-7206(config)#interface serial 1/1
5.P-7206(config-if)ip address 192.168.155.2 255.255.255.0
6.P-7206(config-if)no shutdown
7.P-7206(config-if)ctrl-z
8.P-7206#show interface serial 1/1
9.P-7206#config
10.P-7206(config)#interface ethernet 2/3
11.P-7206(config-if)#ip address 192.168.150.90 255.255.255.0
12.P-7206(config-if)#no shutdown
13.P-7206(config-if)#ctrl-z
14.P-7206#show interface ethernet 2/3
15.P-7206#config
16.P-7206(config)#router rip
17.P-7206(config-router)#network 192.168.155.0
18.P-7206(config-router)#network 192.168.150.0
19.P-7206(config-router)#ctrl-z
20.P-7206#show ip protocols
21.P-7206#ping 192.168.150.1
22.P-7206#config
23.P-7206(config)#ip name-server 172.16.0.10
24.P-7206(config)#ctrl-z
25.P-7206#ping archie.au
26.P-7206#config
27.P-7206(config)#enable secret password
28.P-7206(config)#ctrl-z
29.P-7206#copy running-config startup-config
30.P-7206#exit

4. Troubleshooting your Cisco router

Inevitably, there will be problems. Usually, it will come in the form of a user notifying you that they can not reach a certain destination, or any destinattion at all. You will need to be able to check how the router is attempting to route traffic, and you must be able to track down the point of failure.

You are already familiar with the show commands, both specific commands and how to learn what other show commands are available. Some of the most basic, most useful commands you will use for troubleshooting are:

ExampleName#show interfaces
ExampleName#show ip protocols
ExampleName#show ip route
ExampleName#show ip arp
4.1 Testing connectivity

It is very possible that the point of failure is not in your router configuration, or at your router at all. If you examine your router's configuration and operation and everything looks good, the problem might be be farther up the line. In fact, it may be the line itself, or it could be another router, which may or may not be under your administration.

One extremely useful and simple diagnostic tool is the ping command. Ping is an implementation of the IP Message Control Protocol (ICMP). Ping sends an ICMP echo request to a destination IP address. If the destination machine receives the request, it responds with an ICMP echo response. This is a very simple exchange that consists of:

Hello, are you alive?

Yes, I am.
ExampleName#ping xx.xx.xx.xx

If the ping test is successful, you know that the destination you are having difficulty reaching is alive and physically reachable.

If there are routers between your router and the destination you are having difficulty reaching, the problem might be at one of the other routers. Even if you ping a router and it responds, it might have other interfaces that are down, its routing table may be corrupted, or any number of other problems may exist.

To see where packets that leave your router for a particular destination go, and how far, use the trace command.

ExampleName#trace xx.xx.xx.xx

It may take a few minutes for this utility to finish, so give it some time. It will display a list of all the hops it makes on the way to the destination.
4.2 debug commands

There are several debug commands provided by the IOS. These commands are not covered here. Refer to the Cisco website for more information.
4.3 Hardware and physical connections

Do not overlook the possibility that the point of failure is a hardware or physical connection failure. Any number of things can go wrong, from board failures to cut cables to power failures. This document will not describew troubleshooting these problems, except for these simple things.

Check to see that the router is turned on. Also make sure that no cables are loose or damaged. Finally, make sure cables are plugged into the correct ports. Beyond this simple advice you will need to check other sources.

4.4 Out of your control

If the point of failure is farther up the line, the prolem might lie with equipment not under your administration. Your only option might be to contact the equipment's administrator, notify them of your problem, and ask them for help. It is in your interest to be courtious and respectful. The other administrator has their own problems, their own workload and their own priorities.

Their agenda might even directly conflict with yours, such as their intention to change dynamic routing protocols, etc. You must work with them, even if the situation is frustrating. Alienating someone with the power to block important routes to your network is not a good idea.


ALSO KNOW BASIC - ROUTER AND CATALYST SWITCH IOS COMMAND REFERENCE:

Cisco IOS (originally Internetwork Operating System) is the software used on the vast majority of Cisco Systems routers and current Cisco network switches. (Earlier switches ran CatOS.)

IOS is a package of routing, switching, internet working and telecommunications functions tightly integrated with a multitasking operating system.

The IOS CLI provides a fixed set of multiple-word commands — the set available is determined by the "mode" and the privilege level of the current user.


"Global configuration mode" provides commands to change the system's configuration, and "interface configuration mode" provides commands to change the configuration of a specific interface. All commands are assigned a privilege level, from 0 to 15, and can only be accessed by users with the necessary privilege.

Through the CLI, the commands available to each privilege level can be defined.

Router Commands

Terminal Controls:
# Config# terminal editing - allows for enhanced editing commands
# Config# terminal monitor - shows output on telnet session
# Config# terminal ip netmask-format hexadecimal|bit-count|decimal - changes the format of subnet masks

Host Name:
# Config# hostname ROUTER_NAME

Banner:
# Config# banner motd # TYPE MESSAGE HERE # - # can be substituted for any character, must start and finish the message

Descriptions:
# Config# description THIS IS THE SOUTH ROUTER - can be entered at the Config-if level

Clock:
# Config# clock timezone Central -6
# clock set hh:mm:ss dd month yyyy - Example: clock set 14:35:00 25 August 2003


Changing The Register:
# Config# config-register 0x2100 - ROM Monitor Mode
# Config# config-register 0x2101 - ROM boot
# Config# config-register 0x2102 - Boot from NVRAM


Boot System:
# Config# boot system tftp FILENAME SERVER_IP - Example: boot system tftp 2600_ios.bin 192.168.14.2
# Config# boot system ROM
# Config# boot system flash - Then - Config# reload


CDP:
# Config# cdp run - Turns CDP on
# Config# cdp holdtime 180 - Sets the time that a device remains. Default is 180
# Config# cdp timer 30 - Sets the update timer.The default is 60
# Config# int Ethernet 0
# Config-if# cdp enable - Enables cdp on the interface
# Config-if# no cdp enable - Disables CDP on the interface
# Config# no cdp run - Turns CDP off


Host Table:
# Config# ip host ROUTER_NAME INT_Address - Example: ip host lab-a 192.168.5.1
# -or- Config# ip host RTR_NAME INT_ADD1 INT_ADD2 INT_ADD3 - Example: ip host lab-a 192.168.5.1 205.23.4.2 199.2.3.2 - (for e0, s0, s1)


DNS:
# Config# ip domain-lookup - Tell router to lookup domain names
# Config# ip name-server 122.22.2.2 - Location of DNS server
# Config# ip domain-name cisco.com - Domain to append to end of names


Clearing Counters:
# # clear interface Ethernet 0 - Clears counters on the specified interface
# # clear counters - Clears all interface counters
# # clear cdp counters - Clears CDP counters


Static Routes:
# Config# ip route Net_Add SN_Mask Next_Hop_Add - Example: ip route 192.168.15.0 255.255.255.0 205.5.5.2
# Config# ip route 0.0.0.0 0.0.0.0 Next_Hop_Add - Default route
# -or- Config# ip default-network Net_Add - Gateway LAN network


IP Routing:
# Config# ip routing - Enabled by default
# Config# router rip
# -or- Config# router igrp 100
# Config# interface Ethernet 0
# Config-if# ip address 122.2.3.2 255.255.255.0
# Config-if# no shutdown


IPX Routing:
# Config# ipx routing
# Config# interface Ethernet 0
# Config# ipx maximum-paths 2 - Maximum equal metric paths used
# Config-if# ipx network 222 encapsulation sap - Also Novell-Ether, SNAP, ARPA on Ethernet. Encapsulation HDLC on serial
# Config-if# no shutdown


Access Lists:
IP Standard 1-99
IP Extended 100-199
IPX Standard 800-899
IPX Extended 900-999
IPX SAP Filters 1000-1099

IP Standard:
# Config# access-list 10 permit 133.2.2.0 0.0.0.255 - allow all src ip’s on network 133.2.2.0
-or-
# Config# access-list 10 permit host 133.2.2.2 - specifies a specific host
-or-
# Config# access-list 10 permit any - allows any address

# Config# int Ethernet 0
# Config-if# ip access-group 10 in - also available: out

IP Extended:
# Config# access-list 101 permit tcp 133.12.0.0 0.0.255.255 122.3.2.0 0.0.0.255 eq telnet
-protocols: tcp, udp, icmp, ip (no sockets then), among others
-source then destination address
-eq, gt, lt for comparison
-sockets can be numeric or name (23 or telnet, 21 or ftp, etc)
-or-
# Config# access-list 101 deny tcp any host 133.2.23.3 eq www
-or-
# Config# access-list 101 permit ip any any

# Config# interface Ethernet 0
# Config-if# ip access-group 101 out


IPX Standard:
# Config# access-list 801 permit 233 AA3 - source network/host then destination network/host
-or-
# Config# access-list 801 permit -1 -1 - “-1” is the same as “any” with network/host addresses

# Config# interface Ethernet 0
# Config-if# ipx access-group 801 out


IPX Extended:
# Config# access-list 901 permit sap 4AA all 4BB all
- Permit protocol src_add socket dest_add socket
-“all” includes all sockets, or can use socket numbers
-or-
# Config# access-list 901 permit any any all any all
-Permits any protocol with any address on any socket to go anywhere

# Config# interface Ethernet 0
# Config-if# ipx access-group 901 in


IPX SAP Filter:
# Config# access-list 1000 permit 4aa 3 - “3” is the service type
-or-
# Config# access-list 1000 permit 4aa 0 - service type of “0” matches all services

# Config# interface Ethernet 0
# Config-if# ipx input-sap-filter 1000 - filter applied to incoming packets
-or-
# Config-if# ipx output-sap-filter 1000 - filter applied to outgoing packets


Named Access Lists:
# Config# ip access-list standard LISTNAME
-can be ip or ipx, standard or extended
-followed by the permit or deny list
# Config# permit any

# Config-if# ip access-group LISTNAME in
-use the list name instead of a list number
-allows for a larger amount of access-lists


PPP Setup:
# Config-if# encapsulation ppp
# Config-if# ppp authentication chap pap
-order in which they will be used
-only attempted with the authentification listed
-if one fails, then connection is terminated
# Config-if# exit
# Config# username Lab-b password 123456
-username is the router that will be connecting to this one
-only specified routers can connect
-or-
# Config-if# ppp chap hostname ROUTER
# Config-if# ppp chap password 123456
-if this is set on all routers, then any of them can connect to any other
-set same on all for easy configuration

ISDN Setup:
# Config# isdn switch-type basic-5ess - determined by telecom
# Config# interface serial 0
# Config-if# isdn spid1 2705554564 - isdn “phonenumber” of line 1
# Config-if# isdn spid2 2705554565 - isdn “phonenumber” of line 2
# Config-if# encapsulation PPP - or HDLC, LAPD


DDR - 4 Steps to setting up ISDN with DDR

1. Configure switch type

Config# isdn switch-type basic-5ess - can be done at interface config

2. Configure static routes

Config# ip route 123.4.35.0 255.255.255.0 192.3.5.5 - sends traffic destined for 123.4.35.0 to 192.3.5.5
Config# ip route 192.3.5.5 255.255.255.255 bri0 - specifies how to get to network 192.3.5.5 (through bri0)

3. Configure Interface

Config-if# ip address 192.3.5.5 255.255.255.0
Config-if# no shutdown
Config-if# encapsulation ppp
Config-if# dialer-group 1 - applies dialer-list to this interface
Config-if# dialer map ip 192.3.5.6 name Lab-b 5551212
connect to lab-b at 5551212 with ip 192.3.5.6 if there is interesting traffic
can also use “dialer string 5551212” instead if there is only one router to connect to

4. Specify interesting traffic

Config# dialer-list 1 ip permit any
-or-
Config# dialer-list 1 ip list 101 - use the access-list 101 as the dialer list

5. Other Options

Config-if# hold-queue 75 - queue 75 packets before dialing
Config-if# dialer load-threshold 125 either
-load needed before second line is brought up
-“125” is any number 1-255, where % load is x/255 (ie 125/255 is about 50%)
-can check by in, out, or either
Config-if# dialer idle-timeout 180
-determines how long to stay idle before terminating the session
-default is 120

Frame Relay Setup
# Config# interface serial 0
# Config-if# encapsulation frame-relay - cisco by default, can change to ietf
# Config-if# frame-relay lmi-type cisco - cisco by default, also ansi, q933a
# Config-if# bandwidth 56

# Config-if# interface serial 0.100 point-to-point - subinterface
# Config-if# ip address 122.1.1.1 255.255.255.0
# Config-if# frame-relay interface-dlci 100
-maps the dlci to the interface
-can add BROADCAST and/or IETF at the end

# Config-if# interface serial 1.100 multipoint
# Config-if# no inverse-arp - turns IARP off; good to do
# Config-if# frame-relay map ip 122.1.1.2 48 ietf broadcast
-maps an IP to a dlci (48 in this case)
-required if IARP is turned off
-ietf and broadcast are optional
# Config-if# frame-relay map ip 122.1.1.3 54 broadcast


Show Commands
# Show access-lists - all access lists on the router
# Show cdp - cdp timer and holdtime frequency
# Show cdp entry * - same as next
# Show cdp neighbors detail - details of neighbor with ip add and ios version
# Show cdp neighbors - id, local interface, holdtime, capability, platform portid
# Show cdp interface - int’s running cdp and their encapsulation
# Show cdp traffic - cdp packets sent and received
# Show controllers serial 0 - DTE or DCE status
# Show dialer - number of times dialer string has been reached, other stats
# Show flash - files in flash
# Show frame-relay lmi - lmi stats
# Show frame-relay map - static and dynamic maps for PVC’s
# Show frame-relay pvc - pvc’s and dlci’s
# Show history - commands entered
# Show hosts - contents of host table
# Show int f0/26 - stats of f0/26
# Show interface Ethernet 0 - show stats of Ethernet 0
# Show ip - ip config of switch
# Show ip access-lists - ip access-lists on switch
# Show ip interface - ip config of interface
# Show ip protocols - routing protocols and timers
# Show ip route - Displays IP routing table
# Show ipx access-lists - same, only ipx
# Show ipx interfaces - RIP and SAP info being sent and received, IPX addresses
# Show ipx route - ipx routes in the table
# Show ipx servers - SAP table
# Show ipx traffic - RIP and SAP info
# Show isdn active - number with active status
# Show isdn status - shows if SPIDs are valid, if connected
# Show mac-address-table - contents of the dynamic table
# Show protocols - routed protocols and net_addresses of interfaces
# Show running-config - dram config file
# Show sessions - connections via telnet to remote device
# Show startup-config - nvram config file
# Show terminal - shows history size
# Show trunk a/b - trunk stat of port 26/27
# Show version - ios info, uptime, address of switch
# Show vlan - all configured vlan’s
# Show vlan-membership - vlan assignments
# Show vtp - vtp configs


Catalyst Commands For Native IOS - Not CatOS
Switch Address:
# Config# ip address 192.168.10.2 255.255.255.0
# Config# ip default-gateway 192.168.10.1


Duplex Mode:
# Config# interface Ethernet 0/5 - “fastethernet” for 100 Mbps ports
# Config-if# duplex full - also, half | auto | full-flow-control


Switching Mode:
# Config# switching-mode store-and-forward - also, fragment-free


MAC Address Configs:
# Config# mac-address-table permanent aaab.000f.ffef e0/2 - only this mac will work on this port
# Config# mac-address-table restricted static aaab.000f.ffef e0/2 e0/3
-port 3 can only send data out port 2 with that mac
-very restrictive security


# Config-if# port secure max-mac-count 5 - allows only 5 mac addresses mapped to this port


VLANS:
# Config# vlan 10 name FINANCE
# Config# interface Ethernet 0/3
# Config-if# vlan-membership static 10


Trunk Links:
# Config-if# trunk on - also, off | auto | desirable | nonegotiate
# Config-if# no trunk-vlan 2
-removes vlan 2 from the trunk port
-by default, all vlans are set on a trunk port


Configuring VTP:
# Config# delete vtp - should be done prior to adding to a network
# Config# vtp server - the default is server, also client and transparent
# Config# vtp domain Camp - name doesn’t matter, just so all switches use the same
# Config# vtp password 1234 - limited security
# Config# vtp pruning enable - limits vtp broadcasts to only switches affected
# Config# vtp pruning disable


Flash Upgrade
# Config# copy tftp://192.5.5.5/configname.ios opcode - “opcode” for ios upgrade, “nvram” for startup config

Delete Startup Config:
# Config# delete nvram
 This Article Written Author By: Premakumar Thevathasan.CCNA, CCNP, CCIP, MCSA, MCSE, MCSA - MSG, CIW Security Analyst, CompTIA Certified A+.
 

1 comment:

Anonymous said...

This is very excellent way of teaching every one can be easy to understand this Article.