Cisco.Lab

Cisco.Lab - Cisco
Router
Lab
 • • • • • •...

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Cisco
Router
Lab
 • • • • • • ?
 o Display
the
possible
commands
 enable
 o Enter
the
privilege
mode,
similar
to
su
in
*nix
 exit
 o logs
you
out
 end
 o bring
you
back
one
level
 show
 o show
running
information
 show
?
 o show
the
commands
that
start
with
show
 
 
 Router
Configuration
 o show
the
routers
current
configuration
 Router>
enable
 Router#
show
running‐config
 o Access
the
terminal
configuration
 Router#
configure
terminal
 Router
(config)#
 o Configure
the
hostname
of
the
router
 Router#
configure
terminal
 Router
(config)#
hostname
<name>
 o no
ip
domain‐lookup
 Router#
configure
terminal
 Router
(config)#
no
ip
domain‐lookup
 o Save
the
configuration
you
made
 Router#
copy
running‐config

startup‐config
 o Set
the
console
password
 Router
(config)#
line
con
0
 Router
(config)#
login
 Router
(config)#
password
<password>
 Router
(config)#
end
 o Set
the
VTY
passwords
 Router#
configure
terminal
 Router
(config)#
line
vty
0
4
 Router
(config)#
login
 Router
(config)#
password
vtypass
 o Set
the
enable
password
on
the
router
 Router
(config)#
enable
secret
cisco
 o Enable
passwords
to
be
encrypted
in
the
configuration
 Router
(config)#
service
password‐encryption
 o Erase
the
startup‐config
 • • • • • Router#
erase
startup‐config
 Router#
reload
 
 Router
Interface
Configuration
 o Display
the
interface’s
configuration
 Router#
show
interface
ethernet0/0/0
 o Set
the
ip
address
of
an
interface
 Router
(config)#
interface
ethernet0/0/0
 Router
(config‐if)#
ip
address
192.168.0.1
255.255.255.0
 Router
(config‐if)#
no
shutdown
 o Show
the
brief
connection
status
of
the
links
 Router#
show
ip
interface
brief
 
 Router
Extra
Commands
 o Show
the
version
of
the
router
 Router#
show
version
 o View
the
contents
of
the
flash
memory
 Router#
show
flash
 o Show
the
neighbors
of
the
router
using
CDP
 Router#
show
cdp
neighbors
 o Show
the
IP
address
of
the
neighbors
neighbors
 Router#
show
neighbors
detail
 
 Router
Static
Routes
 o Show
the
current
routes
 Router#
show
ip
route
 o Adding
a
static
route
 Router
(config)#
ip
route
192.168.1.1
255.255.255.0
 172.16.1.2
 In
general
it
is:
 • ip
route
<dest
Ip>
<dest
sub
mask>
<next
hop
|
 outbound
interfance>
 o Removing
a
static
route
 Router
(config)#
no
ip
route
192.168.1.1
255.255.255.0
 17.216.1.2
 
 Access
Controls
for
VTY
 o Create
a
rule
for
access
list
#1
 Router
(config)#
access‐list
1
deny
host
192.168.1.20
 Router
(config)#

access‐list
1
permit
any
 • Needed
for
access
by
everyone
else
 In
general
it
is:
 • access‐list
<ACL
#>
<permit
|
deny>
<src
addr>
 <wildcard
mask>
 o Set
the
rules
in
the
VTY
 Router
(config)#
line
vty
0
4
 • • Router
(config‐line)#
accesss‐class
1
in
 o Show
the
VTY
ACL
 Router#
show
access‐list
 o Remove
VTY
access
list
 Router
(config)#
line
vty
0
4
 Router
(config‐line)#
no
access‐class
1
in
 Router
(config‐line)#
exit
 Router
(config)#
no
access‐list
1
 
 Configure
the
Router’s
ACL
 o Deny
ICMP
from
anywhere
to
192.168.1.X
 Router
(config)#
access‐list
100
deny
icmp
any
192.168.1.0
 0.0.0.255
echo
 Router
(config)#
access‐list
100
icmp
any
any
echo‐reploy
 In
general
 • access‐list
<ACL
#>
<permit
|
deny>
<src
addr>
<src
 wildcard
mask>
<dst
addr>
<dst
wildcard
mask>
 <options>
 Applying
the
list
to
Ethernet
0/0/0
 • Router
(config)#
interface
ethernet
0/0/0
 • Router
(config‐ip)#
ip
access‐group
100
in
 Verifying
the
access‐list
 • Router#
show
access‐list
 Verifying
the
access‐list
direction
 • Router#
show
ip
interface
ethernet
0/0/0
 Remove
the
access
list
 • Router
(config)#
interface
ethernet
0/0/0
 • Router
(config‐if)#
no
ip
access‐group
100
in
 
 Cisco
Switch
Security
 o This
will
turn
on
port
security
on
FastEthernet0/1
 Switch
(config)#
interface
fastethernet0/1
 Switch
(config‐if)#
switchport
port‐security
 • Enable
port
security
 Switch
(config‐if)#
switchport
port‐security
maximum
1
 • Allows
only
one
mac
address
on
this
port
 Switch
(config‐if)#
switchport
port‐security
mac‐address
 sticky
 • Automatically
learn
the
mac
address
ans
save
it
to
the
 config
file
 Switch
(config‐if)#
switchport
port‐security
violation
 shutdown
 • Put
the
port
into
error
disable
sate
when
a
violation
 occurs
 o Verify
port
security
 Switch#
show
port
security
 • • Dynamtic
NAT
 o Setting
the
outside
network
 Router
(config)#
interface
ethernet
0/0/0
 Router
(config‐if)#
ip
nat
outside
 o Setting
the
inside
network
 Router
(config)#
interface
fastethernet
0/0
 Router
(config‐if)#
ip
nat
inside
 Router
(config‐if)#
end
 Router
(config)#
access‐list
1
permist
192.168.1.0
0.0.0.255
 Router
(config)#
ip
nat
pool
NATPOOL
10.0.0.1
10.0.0.6
 netmast
255.255.255.0
 Router
(config)#
ip
nat
inside
source
list
1
pool
NATPOOL
 overload
 Router
(config)#
ip
route
10.0.0.0
255.255.255.0
 ethernet0/0/0
 o Show
the
translations
 Router#
show
ip
nat
translations
 o Removing
the
NAT
translation
 Router
(config)#
interface
ethernet0/0/0
 Router
(config‐if)#
no
ip
nat
outside
 Router
(config‐if)#
interface
fastethernet0/0
 Router
(config‐if)#
no
ip
nat
inside
 Router
(config‐if)#
no
access‐list
1
 Router
(config)#
no
ip
nat
inside
source
list
1
pool
NATPOOL
 Router
(config)#
no
ip
nat
pool
NATPOOL
 
 Password
Recovery
 o Reset
the
router
 As
the
router
is
booting
press
ALT‐B
 • rommon
1>
confreg
0x2142
 • rommon
2>
reload
 When
the
router
rebots
 • Router>
enable
 • Router#
configure
terminal
 • Router
(config)#
config‐register
0x2102
 • Router
(config)#
end
 • Router#
copy
running‐config
startup‐config
 • Router#
reload
 ...
View Full Document

Ask a homework question - tutors are online