R1 (config) # no enable password R1 (config) # no enable secret
Pre configuration for Cisco SDM S1 (config-line) # privilege level 15 Configure HTTP Server :S1 (config) # ip http authentication enable S1 (config) # ip http server S1 (config) # ip http secure-server ACL (Access Control List) Wildcard mask
0 bit - check
1 bit - ignore
Standard ACL: [1-99] [1300-1999] implemented close to the destination of the traffic Dumidu Senanayake Page 2 of 16
R1 (config-if) # ip ospf hello-interval [seconds] R1 (config-if) # ip ospf dead-interval [seconds] (hello x 4)
Simple Authentication :enables authentication for all the interfaces in area 0
R1 (config-router) # area 0 authentication R1 (config-if) # ip ospf authentication-key [password] R1 (config-if) # ip ospf authentication-key cisco123 enables authentication for specific interface
R1 (config-if) # ip ospf authentication R1 (config-if) # ip ospf authentication-key [password] R1 (config-if) # ip ospf authentication-key cisco123 md5 (message-digest) Authentication :enables md5 authentication for all the interfaces in area 0 R1 (config-router) # area 0 authentication message-digest R1 (config-if) # ip ospf message-digest-key 1 md5 [password] R1 (config-if) # ip ospf message-digest-key 1 md5 cisco123 enables md5 authentication for specific interface
R1 (config-if) # ip ospf authentication message-digest R1 (config-if) # ip ospf message-digest-key 1 md5 [password] R1 (config-if) # ip ospf message-digest-key 1 md5 cisco123 R1 # show ip ospf R1 # show ip ospf interface R1 # show ip ospf neighbor R1 # clear ip ospf process Configuring Passive interface :-
R1 (config) # ip route 192.168.0.0 255.255.0.0 s0/0/1 R1 (config-router) # redistribute static R1 # show ip route R1 # show ip protocol R1 # debug ip routing
WAN Configuration WAN configuration only performed on serial interfaces. HDLC (High-level Data Link Control) R1 (config-if) # encapsulation hdlc PPP (Point to Point Protocol) R1 (config-if) # encapsulation ppp Compression: Link quality: Load balancing:
FR-Switch (config-if) # encapsulation frame-relay FR-Switch (config-if) # frame-relay intf-type dce FR-Switch (config-if) # frame-relay route 102 interface serial 0/0/1 201 no frame-relay inverse-arp no ip split-horizon R1 # show frame-relay map R1 # show frame-relay pvc / show frame-relay pvc [dlci] R1 # show frame-relay lmi R1 #debug frame-relay lmi DHCP (Dynamic Host Configuration Protocol) Step1: Exclude an address range R1 (config) # ip dhcp excluded-address [low add.] [high add.] R1 (config) # ip dhcp excluded-address 192.168.1.1 192.168.1.9 Step2: Create DHCP pool R1 (config) # ip dhcp pool [pool name] R1 (config) # ip dhcp pool SALES R1 (config-dhcp) # Step3: define the pool address R1 (config-dhcp) # network [network add. mask / prefix] R1 (config-dhcp) # network 192.168.1.0 255.255.255.0 R1 (config-dhcp) # default-router [ip add.] R1 (config-dhcp) # default-router 192.168.1.1 R1 (config-dhcp) # dns-server [ip add.] R1 (config-dhcp) # dns-server 192.168.20.254 R1 (config-dhcp) # netbios-name-server [ip add.] R1 (config-dhcp) # netbios-name-server 192.168.20.254 R1 (config-dhcp) # domain-name [name] R1 (config-dhcp) # domain-name mydomain.com R1 (config-dhcp) # lease {days hours minutes / infinite} R1 (config-dhcp) # lease 7 DHCP Relay R1 (config-if) # ip helper-address [dhcp server ip add.] R1 (config-if) # ip helper-address 172.24.1.9 R1 (config) # ip forward-protocol udp [port no.] R1 (config) # ip forward-protocol udp 161 R1 # show ip dhcp binding R1 # show ip dhcp server statistics Dumidu Senanayake Page 9 of 16
Cisco Router IOS Commands
R1 # show ip dhcp pool R1 # show ip address conflicts R1 # debug ip dhcp events R1 # debug ip dhcp server R1 # debug ip dhcp packet detail NAT (Network Address Translation)
ISP static route
ISP (config) # ip route 209.165.200.0 255.255.255.0 209.165.100.225
Static NAT (Public address given by ISP 209.165.200.254) Step1: specify static translation between an inside local and inside global address R1 (config) # ip nat inside source static [local ip] [global ip] R1 (config) # ip nat inside source static 192.168.20.10 209.165.200.254 Step2: mark the router interface as an inside or outside interface R1 (config-if) # ip nat [inside / outside] R1 (config) # interface f0/0 R1 (config-if) # ip nat inside
Dynamic NAT (Public address range from ISP 209.165.200.11 – 209.165.200.20 /24) Step1: define a named address pool of outside addresses R1 (config) # ip nat pool [name] [ip range] netmask [mask] R1 (config) # ip nat pool NAT1 209.165.200.11 209.165.200.20 netmask 255.255.255.0 Step2: define an access list to specify those inside address R1 (config) # access-list 1 permit 192.168.10.0 0.0.0.255 Step3 *: Specify dynamic translation R1 (config) # ip nat inside source list [ACL no.] pool [name] R1 (config) # ip nat inside source list 1 pool NAT1 Step4: R1 (config-if) # ip nat [inside / outside] Dumidu Senanayake Page 10 of 16
Cisco Router IOS Commands
PAT (Port Address Translation) Single public address Step1: R1 (config) # access-list 1 permit 192.168.10.0 0.0.0.255 Step2 *: R1 (config) # ip nat inside source list 1 interface s0/0/0 overload Step3: R1 (config-if) # ip nat [inside / outside] Multiple public address Step1: R1 (config) # access-list 1 permit 192.168.10.0 0.0.0.255 Step2: R1 (config) # ip nat pool NAT1 209.165.200.11 209.165.200.20 Step3 *: R1 (config) # ip nat inside source list 1 pool NAT1 overload Step4: R1 (config-if) # ip nat [inside / outside] R1 # show ip nat translation R1 # show ip nat translation verbose R1 # show ip nat statistics R1 # debug ip nat R1 # clear ip nat translation Classful / Classless Routing Behavior R1 (config) # ip classless Saving Configuration :-
R1 (config) # no ip classless
R1 # copy running-config startup-config
Backup Startup-config to flash :-
R1 # copy startup-config flash:config.bak1
R1 # copy system:running-config tftp://172.16.2.155/tokyo-config R1 # copy startup-config tftp [tftp server ip add.] Restore Configuration :-
Boot from another image :Step1: configure a tftp server Step2: R1 # copy tftp flash [ip add. of tftp server] 192.168.20.254 [new IOS image name] c1841-ipbasek9-mz.124-12.bin Step3: R1 (config) # boot system flash: c1841-ipbasek9-mz.124-12.bin Step4: save configuration R1 # copy run start Step5: restart the router c2960-lanbase-mz.122-25.SEE1.bin c1841-ipbase-mz.123-14.T7.bin Dumidu Senanayake Page 11 of 16
Cisco Router IOS Commands
c1841-ipbasek9-mz.124-12.bin Platform: Cisco 2960 Cisco 1841 Feature set: lan base ip base File format: m (runs in RAM) z (compressed) Version: 12.2 (25) SEE1 12.3 (14) T7 File extinction: binary executable
Cisco 1841 ip base k9
12.4 (12)
Recovering a lost password :Step1: power cycle the router, and press [Ctrl]+[Break] key while booting. This will bring the router to ROMmon mode. Step2: rommon 1 > confreg 0x2142 rommon 2 > reset Step3: after rebooting copy startup to running. Change the password Step4: change the configuration registry back to default. R1 (config) # config-register 0x2102 Step5: save the configuration, and power cycle the router. 0x2102 – default registry value 0x2142 – bypass startup configuration Commands helpful in Troubleshooting R1 # show running-config R1 # show startup-config R1 # show version R1 # show flash