WAN Commands
PPP
R1(config-if)#encap ppp
R1(config-if)#compress [predictor | stac] // Type of compression
Auth
R1(config-if)#ppp auth {chap | pap | chap pap | pap chap}
PAP
R1(config)#username R3 password cisco
R1(config-if)#ppp auth pap
R1(config-if)#ppp pap sent-username R1 password cisco
CHAP
R1(config)#username R3 password cisco
R1(config-if)#ppp auth chap
Frame-relay
On FR-Switch
FR(config)#frame-relay switching
FR(config-if)#clock rate 64000
FR(config-if)#encap frame-relay
FR(config-if)#frame-relay intf-type dce
FR(config-if)#frame-relay route <input DLCI> interface <outgoing interface> <output DLCI>
On Router
R1(config-if)#ip address <ip> <mask>
R1(config-if)#encap frame-relay
R1(config-if)#frame-relay map ip <ip to destination> <own dlci> [broadcast]
R1(config-if)#no frame-relay inverse-arp // Only if you really want this
Sub-interfaces on serial link
R1(config)#int s0/1/0.212 point-to-point
R1(config-subif)#ip address <ip> <mask>
R1(config-subif)#frame-relay interface-dlci <dlci>
// Give the subif same number as its dlci!!!!!
ACL
Standard numbered ACL
R1(config)#access-list 1 {permit|deny} {<source-ip>|any} [source-wildcard] [log] // Deinfes ACL
R1(config-if) ip access-group <ACL-num/name> {out|in} // Apply either in- our outbound on an iface
Named ACL
R1(config)#ip access-list {standard|extended} <name>
Ext ACL
R1(config)#access-list <number> {permit|deny} <protocol> <source> [src-wildcard] [operand] [port] <dest-ip> [dest-wildcard] [operand] [port] [established]
F.eks
R1(config)#access-list 1 deny tcp 0.0.0.0 0.0.0.0 10.0.0.0 0.0.0.255 eq 22 // Applied inbound on iface againts internet, will deny ssh into 10.0.0.0 net.
Dyn ACL (lock and key)
R1(config)#username Student password 0 cisco
R1(config)#access-list 101 permit tcp any host <ip> eq telnet
R1(config)#access-list 101 dynamic <name> timeout <mins> permit ip <src ip> <src-wildcard> <dest-ip> <dest-wildcard>
R1(config)#int <interfae>
R1(config-if)#ap access-group 101 in
R1(config)#line vty 0 4
R1(config-line)#login local
R1(config-line)#autocommand access-enable host timeout <mins>
Reflexive ACL
R1(config)#ip access-list extended OUTBOUNDFILTERS
R1(config-ext-nacl)#permit tcp <src-ip> <src-wild> any reflect TCPTRAFFIC
R1(config)#ip access-list extended INBOUNDFILTERS
R1(config-ext-nacl)#evaulate TCPTRAFFIC
// Apply to interface with ip access-group
Time-based ACL
R1(config)#time-range <name>
R1(config-time-range)#periodic <day day day ..> <time-from (8:00)> to <time to (17:00)>
R1(config)#access-list 101 permit tcp <src-ip> <src-wild> any eq telnet time-range <name>
// Apply outbound on interface
DHCP
R1(config)# ip dhcp excluded-address <low-address> [high-address]
R1(config)# ip dhcp pool <POOL-NAME>
R1(dhcp-config)# network <netw.address> <mask>
R1(dhcp-config)# default-router <ip to gateway>
R1(dhcp-config)# domain-name <uri>
R1(dhcp-config)# dns-server <ip> [ip2....ip8]
R1(dhcp-config)# lease { <days> [hours] [minutes] | infinite }
NAT
Static NAT
R1(conf)# ip nat inside source static <inside local ip> <inside global ip>
R1(config-if)# /* i.e s0/1/0 */ ip nat inside
R1(config-if)# /* i.e s0/1/1 */ ip nat outside
Dynamic NAT
R1(config)# ip nat pool <name> <start-ip> <end-ip> netmask <mask> // Create pool
R1(config)# ip access-list standard <number> permit <source-ip> [wildcard] // Defines ACL for addresses to be translated
R1(config)# ip nat inside source list <acl-num> pool <pool-name> // Establish dynamic source translation, specifying the acl defined.
R1(config-if)#ip nat inside // Specify inside NAT iface.
R1(config-if)#ip nat outside // Specify outside NAT iface
NAT Overload
* Add keyword ''overload'' to third statement above. Thats for overloading of a pool.
* Replace third statement with. Thats for overloading one single IP
*''R1(config)# ip nat inside source list <acl-num> interface <iface> overload''