====== WAN Commands ====== ==== PPP ====


R1(config-if)#encap ppp
R1(config-if)#compress [predictor | stac] // Type of compression

=== Auth ===


R1(config-if)#ppp auth {chap | pap | chap pap | pap chap}

== PAP ==


R1(config)#username R3 password cisco
R1(config-if)#ppp auth pap
R1(config-if)#ppp pap sent-username R1 password cisco

== CHAP ==


R1(config)#username R3 password cisco
R1(config-if)#ppp auth chap

==== Frame-relay ==== === On FR-Switch ===


FR(config)#frame-relay switching
FR(config-if)#clock rate 64000
FR(config-if)#encap frame-relay
FR(config-if)#frame-relay intf-type dce
FR(config-if)#frame-relay route  interface

=== On Router ===


R1(config-if)#ip address  
R1(config-if)#encap frame-relay
R1(config-if)#frame-relay map ip   [broadcast]
R1(config-if)#no frame-relay inverse-arp  // Only if you really want this

=== Sub-interfaces on serial link ===


R1(config)#int s0/1/0.212 point-to-point
R1(config-subif)#ip address  
R1(config-subif)#frame-relay interface-dlci 
// Give the subif same number as its dlci!!!!!

==== ACL ==== === Standard numbered ACL ===


R1(config)#access-list 1 {permit|deny} {|any} [source-wildcard] [log]		// Deinfes ACL
R1(config-if) ip access-group  {out|in}											// Apply either in- our outbound on an iface

=== Named ACL ===


R1(config)#ip access-list {standard|extended}

=== Ext ACL ===


R1(config)#access-list  {permit|deny}   [src-wildcard] [operand] [port]  [dest-wildcard] [operand] [port] [established]
F.eks
R1(config)#access-list 1 deny tcp 0.0.0.0 0.0.0.0 10.0.0.0 0.0.0.255 eq 22   // Applied inbound on iface againts internet, will deny ssh into 10.0.0.0 net.

=== Dyn ACL (lock and key) ===


R1(config)#username Student password 0 cisco
R1(config)#access-list 101 permit tcp any host  eq telnet
R1(config)#access-list 101 dynamic  timeout  permit ip    
R1(config)#int 
R1(config-if)#ap access-group 101 in
R1(config)#line vty 0 4
R1(config-line)#login local
R1(config-line)#autocommand access-enable host timeout

=== Reflexive ACL ===


R1(config)#ip access-list extended OUTBOUNDFILTERS
R1(config-ext-nacl)#permit tcp   any reflect TCPTRAFFIC
R1(config)#ip access-list extended INBOUNDFILTERS
R1(config-ext-nacl)#evaulate TCPTRAFFIC
// Apply to interface with ip access-group

=== Time-based ACL ===


R1(config)#time-range 
R1(config-time-range)#periodic   to 
R1(config)#access-list 101 permit tcp   any eq telnet time-range 
// Apply outbound on interface

==== DHCP ====


R1(config)# ip dhcp excluded-address  [high-address]
R1(config)# ip dhcp pool 
R1(dhcp-config)# network  
R1(dhcp-config)# default-router 
R1(dhcp-config)# domain-name 
R1(dhcp-config)# dns-server  [ip2....ip8]
R1(dhcp-config)# lease {  [hours] [minutes] | infinite }

==== NAT ==== === Static NAT ===


R1(conf)# ip nat inside source static  
R1(config-if)# /* i.e s0/1/0 */ ip nat inside
R1(config-if)# /* i.e s0/1/1 */ ip nat outside

=== Dynamic NAT ===


R1(config)# ip nat pool    netmask 						// Create pool
R1(config)# ip access-list standard  permit  [wildcard]			// Defines ACL for addresses to be translated
R1(config)# ip nat inside source list  pool  						// Establish dynamic source translation, specifying the acl defined.
R1(config-if)#ip nat inside																		// Specify inside NAT iface.
R1(config-if)#ip nat outside																		// Specify outside NAT iface

=== NAT Overload ===


  * Add keyword ''overload'' to third statement above. Thats for overloading of a pool.
  * Replace third statement with. Thats for overloading one single IP
    *''R1(config)# ip nat inside source list  interface  overload''