Differences

This shows you the differences between two versions of the page.

--- imt2521_nettverksadministrasjon:kommandoer [2011/11/28 13:09] – created larserik
+++ imt2521_nettverksadministrasjon:kommandoer [2018/10/20 23:00] (current) – external edit 127.0.0.1
@@ Line 1: / Line 1: @@
+====== WAN Commands ======
+==== PPP ====
+<code>
+R1(config-if)#encap ppp
+R1(config-if)#compress [predictor | stac] // Type of compression
+</code>
+=== Auth ===
+<code>
+R1(config-if)#ppp auth {chap | pap | chap pap | pap chap}
+</code>
+== PAP ==
+<code>
+R1(config)#username R3 password cisco
+R1(config-if)#ppp auth pap
+R1(config-if)#ppp pap sent-username R1 password cisco
+</code>
+== CHAP ==
+<code>
+R1(config)#username R3 password cisco
+R1(config-if)#ppp auth chap
+</code>
 ==== Frame-relay ====
 === On FR-Switch ===
@@ Line 7: / Line 31: @@
 FR(config-if)#frame-relay intf-type dce
 FR(config-if)#frame-relay route <input DLCI> interface <outgoing interface> <output DLCI>
-</code>
+</code>
 === On Router ===
 <code>
@@ Line 15: / Line 39: @@
 R1(config-if)#frame-relay map ip <ip to destination> <own dlci> [broadcast]
 R1(config-if)#no frame-relay inverse-arp  // Only if you really want this
-</code>
+</code>
 === Sub-interfaces on serial link ===
 <code>
@@ Line 23: / Line 47: @@
 R1(config-subif)#frame-relay interface-dlci <dlci>
 // Give the subif same number as its dlci!!!!!
-</code>
+</code>
 ==== ACL ====
 === Standard numbered ACL ===
 <code>
-R1(config)#access-list 1 {permit|deny} {<source-ip>|any} [source-wildcard] [log]	// Deinfes ACL
+R1(config)#access-list 1 {permit|deny} {<source-ip>|any} [source-wildcard] [log]		// Deinfes ACL
-R1(config-if) ip access-group <ACL-num/name> {out|in}					// Apply either in- our outbound on an iface
+R1(config-if) ip access-group <ACL-num/name> {out|in}											// Apply either in- our outbound on an iface
-</code>
+</code>
 === Named ACL ===
 <code>
 R1(config)#ip access-list {standard|extended} <name>
-</code>
+</code>
 === Ext ACL ===
 <code>
 R1(config)#access-list <number> {permit|deny} <protocol> <source> [src-wildcard] [operand] [port] <dest-ip> [dest-wildcard] [operand] [port] [established]
+F.eks
+R1(config)#access-list 1 deny tcp 0.0.0.0 0.0.0.0 10.0.0.0 0.0.0.255 eq 22   // Applied inbound on iface againts internet, will deny ssh into 10.0.0.0 net.
 </code>
-**F.eks**
+=== Dyn ACL (lock and key) ===
 <code>
-R1(config)#access-list 1 deny tcp 0.0.0.0 0.0.0.0 10.0.0.0 0.0.0.255 eq 22   // Applied inbound on iface againts internet, will deny ssh into 10.0.0.0 net.
+R1(config)#username Student password 0 cisco
+R1(config)#access-list 101 permit tcp any host <ip> eq telnet
+R1(config)#access-list 101 dynamic <name> timeout <mins> permit ip <src ip> <src-wildcard> <dest-ip> <dest-wildcard>
+R1(config)#int <interfae>
+R1(config-if)#ap access-group 101 in
+R1(config)#line vty 0 4
+R1(config-line)#login local
+R1(config-line)#autocommand access-enable host timeout <mins>
 </code>
+=== Reflexive ACL ===
+<code>
+R1(config)#ip access-list extended OUTBOUNDFILTERS
+R1(config-ext-nacl)#permit tcp <src-ip> <src-wild> any reflect TCPTRAFFIC
+R1(config)#ip access-list extended INBOUNDFILTERS
+R1(config-ext-nacl)#evaulate TCPTRAFFIC
+// Apply to interface with ip access-group
+</code>
+=== Time-based ACL ===
+<code>
+R1(config)#time-range <name>
+R1(config-time-range)#periodic <day day day ..> <time-from (8:00)> to <time to (17:00)>
+R1(config)#access-list 101 permit tcp <src-ip> <src-wild> any eq telnet time-range <name>
+// Apply outbound on interface
+</code>
 ==== DHCP ====
 <code>
@@ Line 55: / Line 106: @@
 R1(dhcp-config)# dns-server <ip> [ip2....ip8]
 R1(dhcp-config)# lease { <days> [hours] [minutes] | infinite }
-</code>
+</code>
 ==== NAT ====
 === Static NAT ===
@@ Line 63: / Line 114: @@
 R1(config-if)# /* i.e s0/1/0 */ ip nat inside
 R1(config-if)# /* i.e s0/1/1 */ ip nat outside
-</code>
+</code>
 === Dynamic NAT ===
 <code>
-R1(config)# ip nat pool <name> <start-ip> <end-ip> netmask <mask>		// Create pool
+R1(config)# ip nat pool <name> <start-ip> <end-ip> netmask <mask>						// Create pool
-R1(config)# ip access-list standard <number> permit <source-ip> [wildcard]	// Defines ACL for addresses to be translated
+R1(config)# ip access-list standard <number> permit <source-ip> [wildcard]			// Defines ACL for addresses to be translated
-R1(config)# ip nat inside source list <acl-num> pool <pool-name> 		// Establish dynamic source translation, specifying the acl defined.
+R1(config)# ip nat inside source list <acl-num> pool <pool-name> 						// Establish dynamic source translation, specifying the acl defined.
-R1(config-if)#ip nat inside							// Specify inside NAT iface.
+R1(config-if)#ip nat inside																		// Specify inside NAT iface.
-R1(config-if)#ip nat outside							// Specify outside NAT iface
+R1(config-if)#ip nat outside																		// Specify outside NAT iface
-</code>
+</code>
 === NAT Overload ===
-  * Add keyword ''overload'' to second statement above. Thats for overloading of a pool.
+<code>
-  * Replace second statement with. Thats for overloading one single IP
+  * Add keyword ''overload'' to third statement above. Thats for overloading of a pool.
+  * Replace third statement with. Thats for overloading one single IP
     *''R1(config)# ip nat inside source list <acl-num> interface <iface> overload''
+</code>