imt2521_nettverksadministrasjon:kommandoer
This is an old revision of the document!
Table of Contents
WAN Commands
PPP
R1(config-if)#encap ppp R1(config-if)#compress [predictor | stac] // Type of compression
Auth
R1(config-if)#ppp auth {chap | pap | chap pap | pap chap}
PAP
R1(config)#username R3 password cisco R1(config-if)#ppp auth pap R1(config-if)#ppp pap sent-username R1 password cisco
CHAP
R1(config)#username R3 password cisco R1(config-if)#ppp auth chap
Frame-relay
On FR-Switch
FR(config)#frame-relay switching FR(config-if)#clock rate 64000 FR(config-if)#encap frame-relay FR(config-if)#frame-relay intf-type dce FR(config-if)#frame-relay route <input DLCI> interface <outgoing interface> <output DLCI>
On Router
R1(config-if)#ip address <ip> <mask> R1(config-if)#encap frame-relay R1(config-if)#frame-relay map ip <ip to destination> <own dlci> [broadcast] R1(config-if)#no frame-relay inverse-arp // Only if you really want this
Sub-interfaces on serial link
R1(config)#int s0/1/0.212 point-to-point R1(config-subif)#ip address <ip> <mask> R1(config-subif)#frame-relay interface-dlci <dlci> // Give the subif same number as its dlci!!!!!
ACL
Standard numbered ACL
R1(config)#access-list 1 {permit|deny} {<source-ip>|any} [source-wildcard] [log] // Deinfes ACL
R1(config-if) ip access-group <ACL-num/name> {out|in} // Apply either in- our outbound on an iface
Named ACL
R1(config)#ip access-list {standard|extended} <name>
Ext ACL
R1(config)#access-list <number> {permit|deny} <protocol> <source> [src-wildcard] [operand] [port] <dest-ip> [dest-wildcard] [operand] [port] [established]
F.eks
R1(config)#access-list 1 deny tcp 0.0.0.0 0.0.0.0 10.0.0.0 0.0.0.255 eq 22 // Applied inbound on iface againts internet, will deny ssh into 10.0.0.0 net.
Dyn ACL (lock and key)
R1(config)#username Student password 0 cisco R1(config)#access-list 101 permit tcp any host <ip> eq telnet R1(config)#access-list 101 dynamic <name> timeout <mins> permit ip <src ip> <src-wildcard> <dest-ip> <dest-wildcard> R1(config)#int <interfae> R1(config-if)#ap access-group 101 in R1(config)#line vty 0 4 R1(config-line)#login local R1(config-line)#autocommand access-enable host timeout <mins>
Reflexive ACL
R1(config)#ip access-list extended OUTBOUNDFILTERS R1(config-ext-nacl)#permit tcp <src-ip> <src-wild> any reflect TCPTRAFFIC R1(config)#ip access-list extended INBOUNDFILTERS R1(config-ext-nacl)#evaulate TCPTRAFFIC // Apply to interface with ip access-group
Time-based ACL
R1(config)#time-range <name> R1(config-time-range)#periodic <day day day ..> <time-from (8:00)> to <time to (17:00)> R1(config)#access-list 101 permit tcp <src-ip> <src-wild> any eq telnet time-range <name> // Apply outbound on interface
DHCP
R1(config)# ip dhcp excluded-address <low-address> [high-address]
R1(config)# ip dhcp pool <POOL-NAME>
R1(dhcp-config)# network <netw.address> <mask>
R1(dhcp-config)# default-router <ip to gateway>
R1(dhcp-config)# domain-name <uri>
R1(dhcp-config)# dns-server <ip> [ip2....ip8]
R1(dhcp-config)# lease { <days> [hours] [minutes] | infinite }
NAT
Static NAT
R1(conf)# ip nat inside source static <inside local ip> <inside global ip> R1(config-if)# /* i.e s0/1/0 */ ip nat inside R1(config-if)# /* i.e s0/1/1 */ ip nat outside
Dynamic NAT
R1(config)# ip nat pool <name> <start-ip> <end-ip> netmask <mask> // Create pool R1(config)# ip access-list standard <number> permit <source-ip> [wildcard] // Defines ACL for addresses to be translated R1(config)# ip nat inside source list <acl-num> pool <pool-name> // Establish dynamic source translation, specifying the acl defined. R1(config-if)#ip nat inside // Specify inside NAT iface. R1(config-if)#ip nat outside // Specify outside NAT iface
NAT Overload
* Add keyword ''overload'' to third statement above. Thats for overloading of a pool.
* Replace third statement with. Thats for overloading one single IP
*''R1(config)# ip nat inside source list <acl-num> interface <iface> overload''
imt2521_nettverksadministrasjon/kommandoer.1323621714.txt.gz · Last modified: (external edit)