Cisco: More Commands
Cisco: More Commands
access-class
access-list (IP extended)
access-list (IP standard)
clear access-list counters
clear ip accounting
clear ip drp
clear tcp statistics
deny (IP)
dynamic
ip access-group
ip access-list
ip accounting
ip accounting-list
ip accounting-threshold
ip accounting-transits
ip accounting mac-address
ip accounting precedence
ip drp access-group
ip drp authentication key-chain
ip drp server
ip icmp rate-limit unreachable
ip icmp redirect
ip mask-reply
ip mtu
ip redirects
ip source-route
ip tcp chunk-size
ip tcp compression-connections
ip tcp header-compression
ip tcp path-mtu-discovery
ip tcp queuemax
ip tcp selective-ack
ip tcp synwait-time
ip tcp timestamp
ip tcp window-size
ip unreachables
permit (IP)
show access-lists
show interface mac
show interface precedence
show ip access-list
show ip accounting
show ip drp
show ip redirects
show ip sockets
show ip tcp header-compression
show ip traffic
show standby
show tcp statistics
standby authentication
standby ip
standby mac-address
standby mac-refresh
standby priority, standby preempt
standby timers
standby track
standby use-bia
transmit-interface
ROUTER COMMANDS
TERMINAL CONTROLS:
Config# terminal editing - allows for enhanced editing commands
Config# terminal monitor - shows output on telnet session
Config# terminal ip netmask-format hexadecimal|bit-count|decimal - changes the format of subnet masks
HOST NAME:
Config# hostname ROUTER_NAME
BANNER:
Config# banner motd # TYPE MESSAGE HERE # - # can be substituted for any character, must start and finish the message
DESCRIPTIONS:
Config# description THIS IS THE SOUTH ROUTER - can be entered at the Config-if level
CLOCK:
Config# clock timezone Central -6
# clock set hh:mm:ss dd month yyyy - Example: clock set 14:35:00 25 August 2003
CHANGING THE REGISTER:
Config# config-register 0x2100 - ROM Monitor Mode
Config# config-register 0x2101 - ROM boot
Config# config-register 0x2102 - Boot from NVRAM
BOOT SYSTEM:
Config# boot system tftp FILENAME SERVER_IP - Example: boot system tftp 2600_ios.bin 192.168.14.2
Config# boot system ROM
Config# boot system flash - Then - Config# reload
CDP:
Config# cdp run - Turns CDP on
Config# cdp holdtime 180 - Sets the time that a device remains. Default is 180
Config# cdp timer 30 - Sets the update timer.The default is 60
Config# int Ethernet 0
Config-if# cdp enable - Enables cdp on the interface
Config-if# no cdp enable - Disables CDP on the interface
Config# no cdp run - Turns CDP off
HOST TABLE:
Config# ip host ROUTER_NAME INT_Address - Example: ip host lab-a 192.168.5.1
-or-
Config# ip host RTR_NAME INT_ADD1 INT_ADD2 INT_ADD3 - Example: ip host lab-a 192.168.5.1 205.23.4.2 199.2.3.2 - (for e0, s0, s1)
DOMAIN NAME SERVICES:
Config# ip domain-lookup - Tell router to lookup domain names
Config# ip name-server 122.22.2.2 - Location of DNS server
Config# ip domain-name cisco.com - Domain to append to end of names
CLEARING COUNTERS:
# clear interface Ethernet 0 - Clears counters on the specified interface
# clear counters - Clears all interface counters
# clear cdp counters - Clears CDP counters
STATIC ROUTES:
Config# ip route Net_Add SN_Mask Next_Hop_Add - Example: ip route 192.168.15.0 255.255.255.0 205.5.5.2
Config# ip route 0.0.0.0 0.0.0.0 Next_Hop_Add - Default route
-or-
Config# ip default-network Net_Add - Gateway LAN network
IP ROUTING:
Config# ip routing - Enabled by default
Config# router rip
-or-
Config# router igrp 100
Config# interface Ethernet 0
Config-if# ip address 122.2.3.2 255.255.255.0
Config-if# no shutdown
IPX ROUTING:
Config# ipx routing
Config# interface Ethernet 0
Config# ipx maximum-paths 2 - Maximum equal metric paths used
Config-if# ipx network 222 encapsulation sap - Also Novell-Ether, SNAP, ARPA on Ethernet. Encapsulation HDLC on serial
Config-if# no shutdown
ACCESS LISTS:
IP Standard 1-99
IP Extended 100-199
IPX Standard 800-899
IPX Extended 900-999
IPX SAP Filters 1000-1099
IP STANDARD:
Config# access-list 10 permit 133.2.2.0 0.0.0.255 - allow all src ip’s on network 133.2.2.0
-or-
Config# access-list 10 permit host 133.2.2.2 - specifies a specific host
-or-
Config# access-list 10 permit any - allows any address
Config# int Ethernet 0
Config-if# ip access-group 10 in - also available: out
IP EXTENDED:
Config# access-list 101 permit tcp 133.12.0.0 0.0.255.255 122.3.2.0 0.0.0.255 eq telnet
-protocols: tcp, udp, icmp, ip (no sockets then), among others
-source then destination address
-eq, gt, lt for comparison
-sockets can be numeric or name (23 or telnet, 21 or ftp, etc)
-or-
Config# access-list 101 deny tcp any host 133.2.23.3 eq www
-or-
Config# access-list 101 permit ip any any
Config# interface Ethernet 0
Config-if# ip access-group 101 out
IPX STANDARD:
Config# access-list 801 permit 233 AA3 - source network/host then destination network/host
-or-
Config# access-list 801 permit -1 -1 - “-1” is the same as “any” with network/host addresses
Config# interface Ethernet 0
Config-if# ipx access-group 801 out
IPX EXTENDED:
Config# access-list 901 permit sap 4AA all 4BB all
- Permit protocol src_add socket dest_add socket
-“all” includes all sockets, or can use socket numbers
-or-
Config# access-list 901 permit any any all any all
-Permits any protocol with any address on any socket to go anywhere
Config# interface Ethernet 0
Config-if# ipx access-group 901 in
IPX SAP FILTER:
Config# access-list 1000 permit 4aa 3 - “3” is the service type
-or-
Config# access-list 1000 permit 4aa 0 - service type of “0” matches all services
Config# interface Ethernet 0
Config-if# ipx input-sap-filter 1000 - filter applied to incoming packets
-or-
Config-if# ipx output-sap-filter 1000 - filter applied to outgoing packets
NAMED ACCESS LISTS:
Config# ip access-list standard LISTNAME
-can be ip or ipx, standard or extended
-followed by the permit or deny list
Config# permit any
Config-if# ip access-group LISTNAME in
-use the list name instead of a list number
-allows for a larger amount of access-lists
PPP SETUP:
Config-if# encapsulation ppp
Config-if# ppp authentication chap pap
-order in which they will be used
-only attempted with the authentification listed
-if one fails, then connection is terminated
Config-if# exit
Config# username Lab-b password 123456
-username is the router that will be connecting to this one
-only specified routers can connect
-or-
Config-if# ppp chap hostname ROUTER
Config-if# ppp chap password 123456
-if this is set on all routers, then any of them can connect to any other
-set same on all for easy configuration
ISDN SETUP:
Config# isdn switch-type basic-5ess - determined by telecom
Config# interface serial 0
Config-if# isdn spid1 2705554564 - isdn “phonenumber” of line 1
Config-if# isdn spid2 2705554565 - isdn “phonenumber” of line 2
Config-if# encapsulation PPP - or HDLC, LAPD
DDR - 4 Steps to setting up ISDN with DDR
Configure switch type
Config# isdn switch-type basic-5ess - can be done at interface config
Configure static routes
Config# ip route 123.4.35.0 255.255.255.0 192.3.5.5 - sends traffic destined for 123.4.35.0 to 192.3.5.5
Config# ip route 192.3.5.5 255.255.255.255 bri0 - specifies how to get to network 192.3.5.5 (through bri0)
Configure Interface
Config-if# ip address 192.3.5.5 255.255.255.0
Config-if# no shutdown
Config-if# encapsulation ppp
Config-if# dialer-group 1 - applies dialer-list to this interface
Config-if# dialer map ip 192.3.5.6 name Lab-b 5551212
connect to lab-b at 5551212 with ip 192.3.5.6 if there is interesting traffic
can also use “dialer string 5551212” instead if there is only one router to connect to
Specify interesting traffic
Config# dialer-list 1 ip permit any
-or-
Config# dialer-list 1 ip list 101 - use the access-list 101 as the dialer list
Other Options
Config-if# hold-queue 75 - queue 75 packets before dialing
Config-if# dialer load-threshold 125 either
-load needed before second line is brought up
-“125” is any number 1-255, where % load is x/255 (ie 125/255 is about 50%)
-can check by in, out, or either
Config-if# dialer idle-timeout 180
-determines how long to stay idle before terminating the session
-default is 120
FRAME RELAY SETUP:
Config# interface serial 0
Config-if# encapsulation frame-relay - cisco by default, can change to ietf
Config-if# frame-relay lmi-type cisco - cisco by default, also ansi, q933a
Config-if# bandwidth 56
Config-if# interface serial 0.100 point-to-point - subinterface
Config-if# ip address 122.1.1.1 255.255.255.0
Config-if# frame-relay interface-dlci 100
-maps the dlci to the interface
-can add BROADCAST and/or IETF at the end
Config-if# interface serial 1.100 multipoint
Config-if# no inverse-arp - turns IARP off; good to do
Config-if# frame-relay map ip 122.1.1.2 48 ietf broadcast
-maps an IP to a dlci (48 in this case)
-required if IARP is turned off
-ietf and broadcast are optional
Config-if# frame-relay map ip 122.1.1.3 54 broadcast
SHOW COMMANDS
Show access-lists - all access lists on the router
Show cdp - cdp timer and holdtime frequency
Show cdp entry * - same as next
Show cdp neighbors detail - details of neighbor with ip add and ios version
Show cdp neighbors - id, local interface, holdtime, capability, platform portid
Show cdp interface - int’s running cdp and their encapsulation
Show cdp traffic - cdp packets sent and received
Show controllers serial 0 - DTE or DCE status
Show dialer - number of times dialer string has been reached, other stats
Show flash - files in flash
Show frame-relay lmi - lmi stats
Show frame-relay map - static and dynamic maps for PVC’s
Show frame-relay pvc - pvc’s and dlci’s
Show history - commands entered
Show hosts - contents of host table
Show int f0/26 - stats of f0/26
Show interface Ethernet 0 - show stats of Ethernet 0
Show ip - ip config of switch
Show ip access-lists - ip access-lists on switch
Show ip interface - ip config of interface
Show ip protocols - routing protocols and timers
Show ip route - Displays IP routing table
Show ipx access-lists - same, only ipx
Show ipx interfaces - RIP and SAP info being sent and received, IPX addresses
Show ipx route - ipx routes in the table
Show ipx servers - SAP table
Show ipx traffic - RIP and SAP info
Show isdn active - number with active status
Show isdn status - shows if SPIDs are valid, if connected
Show mac-address-table - contents of the dynamic table
Show protocols - routed protocols and net_addresses of interfaces
Show running-config - dram config file
Show sessions - connections via telnet to remote device
Show startup-config - nvram config file
Show terminal - shows history size
Show trunk a/b - trunk stat of port 26/27
Show version - ios info, uptime, address of switch
Show vlan - all configured vlan’s
Show vlan-membership - vlan assignments
Show vtp - vtp configs
CATALYST COMMANDS
For Native IOS - Not CatOS
SWITCH ADDRESS:
Config# ip address 192.168.10.2 255.255.255.0
Config# ip default-gateway 192.168.10.1
DUPLEX MODE:
Config# interface Ethernet 0/5 - “fastethernet” for 100 Mbps ports
Config-if# duplex full - also, half | auto | full-flow-control
SWITCHING MODE:
Config# switching-mode store-and-forward - also, fragment-free
MAC ADDRESS CONFIGS:
Config# mac-address-table permanent aaab.000f.ffef e0/2 - only this mac will work on this port
Config# mac-address-table restricted static aaab.000f.ffef e0/2 e0/3
-port 3 can only send data out port 2 with that mac
-very restrictive security
Config-if# port secure max-mac-count 5 - allows only 5 mac addresses mapped to this port
VLANS:
Config# vlan 10 name FINANCE
Config# interface Ethernet 0/3
Config-if# vlan-membership static 10
TRUNK LINKS:
Config-if# trunk on - also, off | auto | desirable | nonegotiate
Config-if# no trunk-vlan 2
-removes vlan 2 from the trunk port
-by default, all vlans are set on a trunk port
CONFIGURING VTP:
Config# delete vtp - should be done prior to adding to a network
Config# vtp server - the default is server, also client and transparent
Config# vtp domain Camp - name doesn’t matter, just so all switches use the same
Config# vtp password 1234 - limited security
Config# vtp pruning enable - limits vtp broadcasts to only switches affected
Config# vtp pruning disable
FLASH UPGRADE:
Config# copy tftp://192.5.5.5/configname.ios opcode - “opcode” for ios upgrade, “nvram” for startup config
DELETE STARTUP CONFIG:
Config# delete nvram
Routing with Cisco 2500 and 1000 Series for LAN-ISDN Service
Commands - General
There are 3 different modes of operation within the Cisco IOS.
Disabled mode
Enabled mode
Configuration mode
In the Disabled mode you can use a limited number of commands. This is used primarily to monitor the router.
The Enabled mode is used to show configuration information, enter the configuration mode, and make changes to the configuration.
The Configuration mode is used to enter and update the runtime configuration.
To get a list of the commands for the cisco type '?' at the prompt. To get further information about any command, type the command followed by a '?'.
clear Reset functions
clock Manage the system clock
configure Enter configuration mode
debug Debugging functions (see also 'undebug')
disable Turn off privileged commands
enable Turn on privileged commands
erase Erase flash or configuration memory
exit Exit from the EXEC
help Description of the interactive help system
login Log in as a particular user
logout Exit from the EXEC
no Disable debugging functions
ping Send echo messages
reload Halt and perform a cold restart
setup Run the SETUP command facility
show Show running system information
telnet Open a telnet connection
terminal Set terminal line parameters
test Test subsystems, memory, and interfaces
traceroute Trace route to destination
tunnel Open a tunnel connection
undebug Disable debugging functions (see also 'debug')
verify Verify checksum of a Flash file
write Write running configuration to memory, network, or terminal
show
access-lists List access lists
arp ARP table
buffers Buffer pool statistics
configuration Contents of Non-Volatile memory
controllers Interface controller status
debugging State of each debugging option
dialer Dialer parameters and statistics
extended Extended Interface Information
flash System Flash information
flh-log Flash Load Helper log buffer
history Display the session command history
hosts IP domain-name, lookup style, name servers, and host table
interfaces Interface status and configuration
ip IP information
isdn ISDN information
line TTY line information
logging Show the contents of logging buffers
memory Memory statistics
privilege Show current privilege level
processes Active process statistics
protocols Active network routing protocols
queue Show queue contents
queueing Show queueing configuration
reload Scheduled reload information
route-map route-map information
running-config Current operating configuration
sessions Information about Telnet connections
smf Software MAC filter
stacks Process stack utilization
startup-config Contents of startup configuration
subsys Show subsystem information
tcp Status of TCP connections
terminal Display terminal configuration parameters
users Display information about terminal lines
version System hardware and software status
Other Useful Commands
View the Software Version
View the Ethernet IP
View the Serial IP
View the Default Route
View the Filters
View the Bandwidth
Add a Static Route
Change the Dial Number
Turn Filters On and Off
Ping from the Router
Traceroute from the Router
View the Software Version
Cisco>en
Cisco#wr term <--- br="" configuration="" nbsp="" running="" shows="" the="">Building configuration...
Current configuration:
!
version 11.2
no service udp-small-servers
no service tcp-small-servers
!
hostname Cisco
!
interface Ethernet0
ip address 192.168.1.1 255.255.255.0
!
interface Serial0
ip address 192.168.6.1 255.255.255.0
encapsulation frame-relay
frame-relay lmi-type ansi
!
interface Serial1
ip address 192.168.4.2 255.255.255.0
encapsulation frame-relay
bandwidth 1536
keepalive 5
frame-relay map ip 192.168.4.1 101 IETF
!
router rip
version 2
network 192.168.4.0
network 192.168.6.0
neighbor 192.168.6.2
neighbor 192.168.4.1
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.6.2
ip route 0.0.0.0 0.0.0.0 192.168.4.1
!
line con 0
line aux 0
line vty 0 4
login
!
end
View the Ethernet IP
Router#wr term
This will show the running configuration.
Within the configuration, you will see an interface ethernet 0 section:
interface Ethernet0
ip address 38.150.93.1 255.255.255.0
no ip directed-broadcast
View the Serial IP
Router#wr term
Within the configuration, you will see an interface serial 0 section:
interface Serial0
ip address 38.21.10.100 255.255.255.0
ip broadcast-address 38.21.10.255
ip access-group 106 in
encapsulation frame-relay
bandwidth 56
no fair-queue
frame-relay map ip 38.21.10.1 500 IETF
View the Default Route
Router#wr term
Within the configuration, you will see an ip route section.
In the ip route section, look for a route:
ip route 0.0.0.0 0.0.0.0 38.167.29.1
The last ip address is the POP ip.
View the Filters
Router#wr term
Under interface serial 0, look for:
ip access-group 104 in
ip access-group 105 out
This means that access-group 104 is the inbound filter set and
access-group 105 is the outbound filter set.
Then, continue to look in the configuration for the access-list statements:
(Example access-list statements)
access-list 104 deny ip 38.166.101.0 0.0.0.255 any
access-list 104 permit tcp any any established
access-list 104 permit tcp any eq ftp-data any gt 1023
access-list 104 permit udp any eq domain any gt 1023
access-list 104 permit udp any eq domain any eq domain
access-list 104 permit icmp any any
access-list 104 permit udp any eq snmp any gt 1023
access-list 105 deny ip any 38.166.101.0 0.0.0.255
access-list 105 permit tcp any any established
access-list 105 permit tcp any any eq ftp
access-list 105 deny udp any eq netbios-ns any
access-list 105 deny udp any eq netbios-dgm any
access-list 105 permit ip any any
View the Bandwidth
Router#wr term
Within the config, you will see an interface serial 0 section:
interface Serial0
ip address 38.21.10.100 255.255.255.0
ip broadcast-address 38.21.10.255
ip access-group 106 in
encapsulation frame-relay
bandwidth 56
no fair-queue
frame-relay map ip 38.21.10.1 500 IETF
Add a Static Route
Cisco#config t
Enter configuration commands, one per line. End with CNTL/Z.
Cisco(config)#ip route DEST.DEST.DEST.DEST MASK.MASK.MASK.MASK GATE.GATE.GATE.GATE
where: DEST.DEST.DEST.DEST = The destination network the static route is for
MASK.MASK.MASK.MASK = The subnet mask of the destination network
GATE.GATE.GATE.GATE = The gateway of the static route
Example route statement:
ip route 38.222.75.0 255.255.255.0 38.20.5.1
Cisco(config)#^Z (hit z)
Write the entry to memory:
Cisco#wr mem
Building configuration...
[OK]
Change the Dial Number
Type en to put the router in enable mode:
test.com>en
The password should be the same as the one used to telnet in.
Password:
To view the router's configuration, type:
test.com#show config
There will be a line in the configuration that says:
dialer map IP 38.1.1.1 speed 64 name LD3330 2707000
The 2707000 is the dial number.
NOTE: Record what interface the dialer map IP line is under because you will need to
use that interface when changing the number.
Type config t to configure from terminal.
test.com#config t
Enter configuration commands, one per line. End with CNTL/Z.
Enter the interface that the dialer map IP line is under:
test.com(config)#interface BRI0
Add in the new dialer map IP line with the new phone number:
test.com(config)#dialer map IP 38.1.1.1 speed 64 name LD3330 [new number]
Now, remove the old dialer map IP line.
To remove a line, type no and then the line.
For example, to remove the old dialer map IP, type:
test.com(config)#no dialer map IP 38.1.1.1 speed 64 name LD3330 2707020
Now leave config mode:
test.com(config)# [control] z
Save changes:
test.com# write mem
Building configuration...
[OK]
Verify the new number is in the config:
test.com#show config
The new number should be in the dialer map IP line.
Turn Filters On and Off
To turn the filters off:
Router#configure terminal
Router(config)#interface Serial0
Router(config-if)#no ip access-group 104 in
Router(config-if)#no ip access-group 105 out
Router(config-if)# Hit CTRL-Z
Router#wr mem
Building configuration...
[OK]
Router#
To turn the filters on:
Router#configure terminal
Router(config)#interface Serial0
Router(config-if)#ip access-group 104 in
Router(config-if)#ip access-group 105 out
Router(config-if)# Hit CTRL-Z
Router#wr mem
Building configuration...
[OK]
Router#
Ping from the Router
Cisco#ping
Example:
Cisco#ping 38.8.14.2
access-class
access-list (IP extended)
access-list (IP standard)
clear access-list counters
clear ip accounting
clear ip drp
clear tcp statistics
deny (IP)
dynamic
ip access-group
ip access-list
ip accounting
ip accounting-list
ip accounting-threshold
ip accounting-transits
ip accounting mac-address
ip accounting precedence
ip drp access-group
ip drp authentication key-chain
ip drp server
ip icmp rate-limit unreachable
ip icmp redirect
ip mask-reply
ip mtu
ip redirects
ip source-route
ip tcp chunk-size
ip tcp compression-connections
ip tcp header-compression
ip tcp path-mtu-discovery
ip tcp queuemax
ip tcp selective-ack
ip tcp synwait-time
ip tcp timestamp
ip tcp window-size
ip unreachables
permit (IP)
show access-lists
show interface mac
show interface precedence
show ip access-list
show ip accounting
show ip drp
show ip redirects
show ip sockets
show ip tcp header-compression
show ip traffic
show standby
show tcp statistics
standby authentication
standby ip
standby mac-address
standby mac-refresh
standby priority, standby preempt
standby timers
standby track
standby use-bia
transmit-interface
ROUTER COMMANDS
TERMINAL CONTROLS:
Config# terminal editing - allows for enhanced editing commands
Config# terminal monitor - shows output on telnet session
Config# terminal ip netmask-format hexadecimal|bit-count|decimal - changes the format of subnet masks
HOST NAME:
Config# hostname ROUTER_NAME
BANNER:
Config# banner motd # TYPE MESSAGE HERE # - # can be substituted for any character, must start and finish the message
DESCRIPTIONS:
Config# description THIS IS THE SOUTH ROUTER - can be entered at the Config-if level
CLOCK:
Config# clock timezone Central -6
# clock set hh:mm:ss dd month yyyy - Example: clock set 14:35:00 25 August 2003
CHANGING THE REGISTER:
Config# config-register 0x2100 - ROM Monitor Mode
Config# config-register 0x2101 - ROM boot
Config# config-register 0x2102 - Boot from NVRAM
BOOT SYSTEM:
Config# boot system tftp FILENAME SERVER_IP - Example: boot system tftp 2600_ios.bin 192.168.14.2
Config# boot system ROM
Config# boot system flash - Then - Config# reload
CDP:
Config# cdp run - Turns CDP on
Config# cdp holdtime 180 - Sets the time that a device remains. Default is 180
Config# cdp timer 30 - Sets the update timer.The default is 60
Config# int Ethernet 0
Config-if# cdp enable - Enables cdp on the interface
Config-if# no cdp enable - Disables CDP on the interface
Config# no cdp run - Turns CDP off
HOST TABLE:
Config# ip host ROUTER_NAME INT_Address - Example: ip host lab-a 192.168.5.1
-or-
Config# ip host RTR_NAME INT_ADD1 INT_ADD2 INT_ADD3 - Example: ip host lab-a 192.168.5.1 205.23.4.2 199.2.3.2 - (for e0, s0, s1)
DOMAIN NAME SERVICES:
Config# ip domain-lookup - Tell router to lookup domain names
Config# ip name-server 122.22.2.2 - Location of DNS server
Config# ip domain-name cisco.com - Domain to append to end of names
CLEARING COUNTERS:
# clear interface Ethernet 0 - Clears counters on the specified interface
# clear counters - Clears all interface counters
# clear cdp counters - Clears CDP counters
STATIC ROUTES:
Config# ip route Net_Add SN_Mask Next_Hop_Add - Example: ip route 192.168.15.0 255.255.255.0 205.5.5.2
Config# ip route 0.0.0.0 0.0.0.0 Next_Hop_Add - Default route
-or-
Config# ip default-network Net_Add - Gateway LAN network
IP ROUTING:
Config# ip routing - Enabled by default
Config# router rip
-or-
Config# router igrp 100
Config# interface Ethernet 0
Config-if# ip address 122.2.3.2 255.255.255.0
Config-if# no shutdown
IPX ROUTING:
Config# ipx routing
Config# interface Ethernet 0
Config# ipx maximum-paths 2 - Maximum equal metric paths used
Config-if# ipx network 222 encapsulation sap - Also Novell-Ether, SNAP, ARPA on Ethernet. Encapsulation HDLC on serial
Config-if# no shutdown
ACCESS LISTS:
IP Standard 1-99
IP Extended 100-199
IPX Standard 800-899
IPX Extended 900-999
IPX SAP Filters 1000-1099
IP STANDARD:
Config# access-list 10 permit 133.2.2.0 0.0.0.255 - allow all src ip’s on network 133.2.2.0
-or-
Config# access-list 10 permit host 133.2.2.2 - specifies a specific host
-or-
Config# access-list 10 permit any - allows any address
Config# int Ethernet 0
Config-if# ip access-group 10 in - also available: out
IP EXTENDED:
Config# access-list 101 permit tcp 133.12.0.0 0.0.255.255 122.3.2.0 0.0.0.255 eq telnet
-protocols: tcp, udp, icmp, ip (no sockets then), among others
-source then destination address
-eq, gt, lt for comparison
-sockets can be numeric or name (23 or telnet, 21 or ftp, etc)
-or-
Config# access-list 101 deny tcp any host 133.2.23.3 eq www
-or-
Config# access-list 101 permit ip any any
Config# interface Ethernet 0
Config-if# ip access-group 101 out
IPX STANDARD:
Config# access-list 801 permit 233 AA3 - source network/host then destination network/host
-or-
Config# access-list 801 permit -1 -1 - “-1” is the same as “any” with network/host addresses
Config# interface Ethernet 0
Config-if# ipx access-group 801 out
IPX EXTENDED:
Config# access-list 901 permit sap 4AA all 4BB all
- Permit protocol src_add socket dest_add socket
-“all” includes all sockets, or can use socket numbers
-or-
Config# access-list 901 permit any any all any all
-Permits any protocol with any address on any socket to go anywhere
Config# interface Ethernet 0
Config-if# ipx access-group 901 in
IPX SAP FILTER:
Config# access-list 1000 permit 4aa 3 - “3” is the service type
-or-
Config# access-list 1000 permit 4aa 0 - service type of “0” matches all services
Config# interface Ethernet 0
Config-if# ipx input-sap-filter 1000 - filter applied to incoming packets
-or-
Config-if# ipx output-sap-filter 1000 - filter applied to outgoing packets
NAMED ACCESS LISTS:
Config# ip access-list standard LISTNAME
-can be ip or ipx, standard or extended
-followed by the permit or deny list
Config# permit any
Config-if# ip access-group LISTNAME in
-use the list name instead of a list number
-allows for a larger amount of access-lists
PPP SETUP:
Config-if# encapsulation ppp
Config-if# ppp authentication chap pap
-order in which they will be used
-only attempted with the authentification listed
-if one fails, then connection is terminated
Config-if# exit
Config# username Lab-b password 123456
-username is the router that will be connecting to this one
-only specified routers can connect
-or-
Config-if# ppp chap hostname ROUTER
Config-if# ppp chap password 123456
-if this is set on all routers, then any of them can connect to any other
-set same on all for easy configuration
ISDN SETUP:
Config# isdn switch-type basic-5ess - determined by telecom
Config# interface serial 0
Config-if# isdn spid1 2705554564 - isdn “phonenumber” of line 1
Config-if# isdn spid2 2705554565 - isdn “phonenumber” of line 2
Config-if# encapsulation PPP - or HDLC, LAPD
DDR - 4 Steps to setting up ISDN with DDR
Configure switch type
Config# isdn switch-type basic-5ess - can be done at interface config
Configure static routes
Config# ip route 123.4.35.0 255.255.255.0 192.3.5.5 - sends traffic destined for 123.4.35.0 to 192.3.5.5
Config# ip route 192.3.5.5 255.255.255.255 bri0 - specifies how to get to network 192.3.5.5 (through bri0)
Configure Interface
Config-if# ip address 192.3.5.5 255.255.255.0
Config-if# no shutdown
Config-if# encapsulation ppp
Config-if# dialer-group 1 - applies dialer-list to this interface
Config-if# dialer map ip 192.3.5.6 name Lab-b 5551212
connect to lab-b at 5551212 with ip 192.3.5.6 if there is interesting traffic
can also use “dialer string 5551212” instead if there is only one router to connect to
Specify interesting traffic
Config# dialer-list 1 ip permit any
-or-
Config# dialer-list 1 ip list 101 - use the access-list 101 as the dialer list
Other Options
Config-if# hold-queue 75 - queue 75 packets before dialing
Config-if# dialer load-threshold 125 either
-load needed before second line is brought up
-“125” is any number 1-255, where % load is x/255 (ie 125/255 is about 50%)
-can check by in, out, or either
Config-if# dialer idle-timeout 180
-determines how long to stay idle before terminating the session
-default is 120
FRAME RELAY SETUP:
Config# interface serial 0
Config-if# encapsulation frame-relay - cisco by default, can change to ietf
Config-if# frame-relay lmi-type cisco - cisco by default, also ansi, q933a
Config-if# bandwidth 56
Config-if# interface serial 0.100 point-to-point - subinterface
Config-if# ip address 122.1.1.1 255.255.255.0
Config-if# frame-relay interface-dlci 100
-maps the dlci to the interface
-can add BROADCAST and/or IETF at the end
Config-if# interface serial 1.100 multipoint
Config-if# no inverse-arp - turns IARP off; good to do
Config-if# frame-relay map ip 122.1.1.2 48 ietf broadcast
-maps an IP to a dlci (48 in this case)
-required if IARP is turned off
-ietf and broadcast are optional
Config-if# frame-relay map ip 122.1.1.3 54 broadcast
SHOW COMMANDS
Show access-lists - all access lists on the router
Show cdp - cdp timer and holdtime frequency
Show cdp entry * - same as next
Show cdp neighbors detail - details of neighbor with ip add and ios version
Show cdp neighbors - id, local interface, holdtime, capability, platform portid
Show cdp interface - int’s running cdp and their encapsulation
Show cdp traffic - cdp packets sent and received
Show controllers serial 0 - DTE or DCE status
Show dialer - number of times dialer string has been reached, other stats
Show flash - files in flash
Show frame-relay lmi - lmi stats
Show frame-relay map - static and dynamic maps for PVC’s
Show frame-relay pvc - pvc’s and dlci’s
Show history - commands entered
Show hosts - contents of host table
Show int f0/26 - stats of f0/26
Show interface Ethernet 0 - show stats of Ethernet 0
Show ip - ip config of switch
Show ip access-lists - ip access-lists on switch
Show ip interface - ip config of interface
Show ip protocols - routing protocols and timers
Show ip route - Displays IP routing table
Show ipx access-lists - same, only ipx
Show ipx interfaces - RIP and SAP info being sent and received, IPX addresses
Show ipx route - ipx routes in the table
Show ipx servers - SAP table
Show ipx traffic - RIP and SAP info
Show isdn active - number with active status
Show isdn status - shows if SPIDs are valid, if connected
Show mac-address-table - contents of the dynamic table
Show protocols - routed protocols and net_addresses of interfaces
Show running-config - dram config file
Show sessions - connections via telnet to remote device
Show startup-config - nvram config file
Show terminal - shows history size
Show trunk a/b - trunk stat of port 26/27
Show version - ios info, uptime, address of switch
Show vlan - all configured vlan’s
Show vlan-membership - vlan assignments
Show vtp - vtp configs
CATALYST COMMANDS
For Native IOS - Not CatOS
SWITCH ADDRESS:
Config# ip address 192.168.10.2 255.255.255.0
Config# ip default-gateway 192.168.10.1
DUPLEX MODE:
Config# interface Ethernet 0/5 - “fastethernet” for 100 Mbps ports
Config-if# duplex full - also, half | auto | full-flow-control
SWITCHING MODE:
Config# switching-mode store-and-forward - also, fragment-free
MAC ADDRESS CONFIGS:
Config# mac-address-table permanent aaab.000f.ffef e0/2 - only this mac will work on this port
Config# mac-address-table restricted static aaab.000f.ffef e0/2 e0/3
-port 3 can only send data out port 2 with that mac
-very restrictive security
Config-if# port secure max-mac-count 5 - allows only 5 mac addresses mapped to this port
VLANS:
Config# vlan 10 name FINANCE
Config# interface Ethernet 0/3
Config-if# vlan-membership static 10
TRUNK LINKS:
Config-if# trunk on - also, off | auto | desirable | nonegotiate
Config-if# no trunk-vlan 2
-removes vlan 2 from the trunk port
-by default, all vlans are set on a trunk port
CONFIGURING VTP:
Config# delete vtp - should be done prior to adding to a network
Config# vtp server - the default is server, also client and transparent
Config# vtp domain Camp - name doesn’t matter, just so all switches use the same
Config# vtp password 1234 - limited security
Config# vtp pruning enable - limits vtp broadcasts to only switches affected
Config# vtp pruning disable
FLASH UPGRADE:
Config# copy tftp://192.5.5.5/configname.ios opcode - “opcode” for ios upgrade, “nvram” for startup config
DELETE STARTUP CONFIG:
Config# delete nvram
Routing with Cisco 2500 and 1000 Series for LAN-ISDN Service
Commands - General
There are 3 different modes of operation within the Cisco IOS.
Disabled mode
Enabled mode
Configuration mode
In the Disabled mode you can use a limited number of commands. This is used primarily to monitor the router.
The Enabled mode is used to show configuration information, enter the configuration mode, and make changes to the configuration.
The Configuration mode is used to enter and update the runtime configuration.
To get a list of the commands for the cisco type '?' at the prompt. To get further information about any command, type the command followed by a '?'.
clear Reset functions
clock Manage the system clock
configure Enter configuration mode
debug Debugging functions (see also 'undebug')
disable Turn off privileged commands
enable Turn on privileged commands
erase Erase flash or configuration memory
exit Exit from the EXEC
help Description of the interactive help system
login Log in as a particular user
logout Exit from the EXEC
no Disable debugging functions
ping Send echo messages
reload Halt and perform a cold restart
setup Run the SETUP command facility
show Show running system information
telnet Open a telnet connection
terminal Set terminal line parameters
test Test subsystems, memory, and interfaces
traceroute Trace route to destination
tunnel Open a tunnel connection
undebug Disable debugging functions (see also 'debug')
verify Verify checksum of a Flash file
write Write running configuration to memory, network, or terminal
show
access-lists List access lists
arp ARP table
buffers Buffer pool statistics
configuration Contents of Non-Volatile memory
controllers Interface controller status
debugging State of each debugging option
dialer Dialer parameters and statistics
extended Extended Interface Information
flash System Flash information
flh-log Flash Load Helper log buffer
history Display the session command history
hosts IP domain-name, lookup style, name servers, and host table
interfaces Interface status and configuration
ip IP information
isdn ISDN information
line TTY line information
logging Show the contents of logging buffers
memory Memory statistics
privilege Show current privilege level
processes Active process statistics
protocols Active network routing protocols
queue Show queue contents
queueing Show queueing configuration
reload Scheduled reload information
route-map route-map information
running-config Current operating configuration
sessions Information about Telnet connections
smf Software MAC filter
stacks Process stack utilization
startup-config Contents of startup configuration
subsys Show subsystem information
tcp Status of TCP connections
terminal Display terminal configuration parameters
users Display information about terminal lines
version System hardware and software status
Other Useful Commands
View the Software Version
View the Ethernet IP
View the Serial IP
View the Default Route
View the Filters
View the Bandwidth
Add a Static Route
Change the Dial Number
Turn Filters On and Off
Ping from the Router
Traceroute from the Router
View the Software Version
Cisco>en
Cisco#wr term <--- br="" configuration="" nbsp="" running="" shows="" the="">Building configuration...
Current configuration:
!
version 11.2
no service udp-small-servers
no service tcp-small-servers
!
hostname Cisco
!
interface Ethernet0
ip address 192.168.1.1 255.255.255.0
!
interface Serial0
ip address 192.168.6.1 255.255.255.0
encapsulation frame-relay
frame-relay lmi-type ansi
!
interface Serial1
ip address 192.168.4.2 255.255.255.0
encapsulation frame-relay
bandwidth 1536
keepalive 5
frame-relay map ip 192.168.4.1 101 IETF
!
router rip
version 2
network 192.168.4.0
network 192.168.6.0
neighbor 192.168.6.2
neighbor 192.168.4.1
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.6.2
ip route 0.0.0.0 0.0.0.0 192.168.4.1
!
line con 0
line aux 0
line vty 0 4
login
!
end
View the Ethernet IP
Router#wr term
This will show the running configuration.
Within the configuration, you will see an interface ethernet 0 section:
interface Ethernet0
ip address 38.150.93.1 255.255.255.0
no ip directed-broadcast
View the Serial IP
Router#wr term
Within the configuration, you will see an interface serial 0 section:
interface Serial0
ip address 38.21.10.100 255.255.255.0
ip broadcast-address 38.21.10.255
ip access-group 106 in
encapsulation frame-relay
bandwidth 56
no fair-queue
frame-relay map ip 38.21.10.1 500 IETF
View the Default Route
Router#wr term
Within the configuration, you will see an ip route section.
In the ip route section, look for a route:
ip route 0.0.0.0 0.0.0.0 38.167.29.1
The last ip address is the POP ip.
View the Filters
Router#wr term
Under interface serial 0, look for:
ip access-group 104 in
ip access-group 105 out
This means that access-group 104 is the inbound filter set and
access-group 105 is the outbound filter set.
Then, continue to look in the configuration for the access-list statements:
(Example access-list statements)
access-list 104 deny ip 38.166.101.0 0.0.0.255 any
access-list 104 permit tcp any any established
access-list 104 permit tcp any eq ftp-data any gt 1023
access-list 104 permit udp any eq domain any gt 1023
access-list 104 permit udp any eq domain any eq domain
access-list 104 permit icmp any any
access-list 104 permit udp any eq snmp any gt 1023
access-list 105 deny ip any 38.166.101.0 0.0.0.255
access-list 105 permit tcp any any established
access-list 105 permit tcp any any eq ftp
access-list 105 deny udp any eq netbios-ns any
access-list 105 deny udp any eq netbios-dgm any
access-list 105 permit ip any any
View the Bandwidth
Router#wr term
Within the config, you will see an interface serial 0 section:
interface Serial0
ip address 38.21.10.100 255.255.255.0
ip broadcast-address 38.21.10.255
ip access-group 106 in
encapsulation frame-relay
bandwidth 56
no fair-queue
frame-relay map ip 38.21.10.1 500 IETF
Add a Static Route
Cisco#config t
Enter configuration commands, one per line. End with CNTL/Z.
Cisco(config)#ip route DEST.DEST.DEST.DEST MASK.MASK.MASK.MASK GATE.GATE.GATE.GATE
where: DEST.DEST.DEST.DEST = The destination network the static route is for
MASK.MASK.MASK.MASK = The subnet mask of the destination network
GATE.GATE.GATE.GATE = The gateway of the static route
Example route statement:
ip route 38.222.75.0 255.255.255.0 38.20.5.1
Cisco(config)#^Z (hit
Write the entry to memory:
Cisco#wr mem
Building configuration...
[OK]
Change the Dial Number
Type en to put the router in enable mode:
test.com>en
The password should be the same as the one used to telnet in.
Password:
To view the router's configuration, type:
test.com#show config
There will be a line in the configuration that says:
dialer map IP 38.1.1.1 speed 64 name LD3330 2707000
The 2707000 is the dial number.
NOTE: Record what interface the dialer map IP line is under because you will need to
use that interface when changing the number.
Type config t to configure from terminal.
test.com#config t
Enter configuration commands, one per line. End with CNTL/Z.
Enter the interface that the dialer map IP line is under:
test.com(config)#interface BRI0
Add in the new dialer map IP line with the new phone number:
test.com(config)#dialer map IP 38.1.1.1 speed 64 name LD3330 [new number]
Now, remove the old dialer map IP line.
To remove a line, type no and then the line.
For example, to remove the old dialer map IP, type:
test.com(config)#no dialer map IP 38.1.1.1 speed 64 name LD3330 2707020
Now leave config mode:
test.com(config)# [control] z
Save changes:
test.com# write mem
Building configuration...
[OK]
Verify the new number is in the config:
test.com#show config
The new number should be in the dialer map IP line.
Turn Filters On and Off
To turn the filters off:
Router#configure terminal
Router(config)#interface Serial0
Router(config-if)#no ip access-group 104 in
Router(config-if)#no ip access-group 105 out
Router(config-if)# Hit CTRL-Z
Router#wr mem
Building configuration...
[OK]
Router#
To turn the filters on:
Router#configure terminal
Router(config)#interface Serial0
Router(config-if)#ip access-group 104 in
Router(config-if)#ip access-group 105 out
Router(config-if)# Hit CTRL-Z
Router#wr mem
Building configuration...
[OK]
Router#
Ping from the Router
Cisco#ping
Example:
Cisco#ping 38.8.14.2
0 Response to "Cisco: More Commands"
Post a Comment