COMMANDES CCNA

EXPLORATION
Commandes show and debug
"show ip route
#show ip int [brief)
Ifshow {cun 1
start}
Hshow int
"show
v
"show flash:
"show
proce sses
"show (memory 1
stacks
Hshow arp
"show ip protocols
(noJ debug ip r ip
Hshow vers ion
I buffers)
"show mac - addres s - table {aging- time]
Hshow controllers serial 0/0/0
Interface SeriaIO/O/O
Hardware is PowerQUICC MPC860

<output omitted>
#debug ip routing
Hundebug all
Hshow cdp neighbors ( detai l ]
show cdp i n terface
show cdp e nt ry +
no cdp run to disable COP on the router.
no cdp enable to di sable COP on the int erface
R2(confiq)fboot system fla sh c1841 - ipbasek9 - mz . 12 4-
12 . bi n
ROMMON with tftp
Rommonl>IP_ADDR8SS=192 . 168 . 1 . 1

Rommon3>DEFAULT_GATEWAY=1 92 . 168 . 1 . 100
Rommon4>TFT P_SERVER
3
192 . 168 . 2 . 1
RommonS>TrTP_FILE= c184 1- ipbasek9-mz . 124 - 12 . bin
Rommon6>tftpdnld
ROMMON with xmodem
Rommonl>xmodem -c c18 41 - ipbasek9- mz . 124 - 12 . bin
General
>enab1e
Hdisab1e
Ht racerou te
Hconf t
Hc lock set 19 : 30 : 00 25 june 2008
H?
(configlHhostname At lanta HQ
(config)Hno host na me
(con f i g) Henable password password
( configlHe nab1 e secret password
Hservice password- e ncryption
(configlHbanner motd % message %
Hcopy ru nn ing-con fig startup- con fiq
Hreload
Herase s ta r t
Hcopy running- con f ig tftp
(config)Hno ip doma in-l ookup
#ping
Prot ocol [ipJ :
Target IP address : l 0 . 0 . 0 . 1
Repeat count [5J :
Da tagram size [1 00J :
Timeout in seconds 12J : 5
Extended commands [oJ : 0
HIp classless
Configuration register is Ox2102 normal
Configuration register is Ox2142 ROMMON
Association nom local et ip (hors CCNA)
(config) #ip host ...
Dates (hors CCNA)
#show clock
#Clock set ...
(confrg) #ntp server <IP>
Configurer Ie break
#line console 0
Ifescape-character 27
Utilisation clavier
completion TAB Backspace
error 'h'
Tab - Completes the remainder of the command or keyword
Ctrl-R - Redisplays a line
Ctrl -Z - Exits configuration mode and returns to the EXEC
Down Arrow - Allows user to scroll forward through former commands
Up Arrow - Allows user to scroll backward through former commands
Ctrl-shift-6 - Allows the user to interrupt an 105 process such as ping or
traceroute
Ctrl-C - Aborts the curr ent commond ond exi ts the confi guration moclt!
Hend or "'C
Hex i t
Configuration d'interface
(config )Hint fast a/a
(c onfig- i f ) Hip add r ess 17 2 . 16 . 2 . 1 255 . 255 . 255 . 0
(config- i f )Hno ip address
(config- i f ) Hdescription ...
(conf ig- if)Hno shutdown
(con fig- if)Hcl ock rate value
(config) Hline vty 0
( config)#line console 0
(config- line) Hpassword password

R2(config- if)#bandwidth kilobi t s
R2 (config- i f) Hlogging sync hronous
( config- li ne )H[noj exec-timeout minutes (seconds)
exec- t imeout 0 0 to specify no timeout (before being disconnected)
Routes statiques
(config)Hi p route 192 . 168 . 1 . 0 255. 255 . 255 . 0
(FastEthernet % I Ga t eway] (di stanceAdminj
RIPvl
{configlHroucer RIP
(config-routerlHnetwork 1 92 . 168 . 5 . 0
Router(config- r out er ) Hpassive- interface interface-
t ype int erface- number
defaul t - i nfo rmati on o rigi nate
R in show ip route
RIPv2
(config)#ip Loute 192 .1 68 . 0_0 255 . 25 5 . 0 . 0 NullO
(config-router)8Ledis tLibute static
(config- routeLl#version 2
EIGRP
(configl#Louter e igrp NbAS
(config- router)#network network-address [wildca rd -
mask)
#no auto- summary
(config- ifIHip summary- address eigrp as-number
network- address subnet - mask
redistri bute s t atic
another method to propagate a default route in E1GRP: ip defaul t -
network
#show ip eigrp neighbor
#show ip e igrp topology (192 _168 . 1 . 0 I Al l - links)
#debug eigrp fsm
(config- router)#metric weights tos kl k2 k3 k4 k5
metric= (Kl bw+(K2 bw)/(256-loa d)+K3 delay) (K5/(reliability+K4))
metric= (Klbw+K3delav) if K2=K4 =K5::::0
default Kl=K3::::l
BW::::( lO,OOO,OOO/ba ndwidth in kbps)-256, DELAY:::: (sum of delay/lO)-256
Dela y;
100 ~ 5 : 100M ATM, FastEthernet, FOOl
6301-15: 16M Token Ring
10001-15: Ethernet
200001-15: n, HSSI, 5l 2K, 050, 56K
(config- if)#ip bandwidth-percent eigrp as-number
percent
(config-if)#ip hello- int erval eigrp as - number
seconds
Iconfig- if)#ip hold-time eigrp as - number seconds
eigrp log- neighbor- changes
OSPF
Rl(config)Hrouter ospf process - number
(config-routerI 8networ k network- address wildca rd-
mask area area - id
#show ip ospf (interface)
#clear ip osp! process
#show ip aspf neighbor
metr ic:::: lOti/Bandwidth in bps
(config- r outer) #auto- cost reference- bandwidth Nkbits
(config-i flHip aspf cost metric
or {confi g-if)#bandwidth interface command
(config-ifl#ip ospf priority 10 - 255}
(config- r outerlHdefault -information o rigina te
(config-if l#ip aspf hello- interval seconds
(config- iflHip ospf dead- interval seconds
To summarize routes from one OSPF area to another, use the "area
range" command to summarize r o u t ~ learned via redistribution, use the
"summary-address" command on the ASBR.
( (config- routerIHarea area-id range address mas k ;>
(config-router)#summary- address 16. 0 . 0 . 0252 . 0 . 0 . 0
Switch general
Hmdix auto
Hsh hist.ory
wterminal no history
Htermina l no history size (revert to default number
of line=l O)
Sl(config) Hline console 0
Sl(config- line)Hhistory size 35
Sl(config- linelHline vty 0 4
Sl(config-linelHhistory size 35
Hshow mac-address-t a ble
#mac - address-table static <MAC address> vlan {l -
4096 , ALLf interface int.erface- id
Hsh a rp
VLAN management
Hinterface vlan 99
Hip add ...
Hno shut
Hcopy system: running-config
t ftp: I{[/llocation j/directory]/ fi lename]
Or
Hcopy nv r arn : st. a rtup- config
t ftp : [ ( {/ /loca tion , I di rectory] I fi l ename] .
Hcopy tftp : [({lllocation]/directory]/filename}
systern:running- config or Hcopy
tftp : I[lllloca tion]/directory]/filenarne ]
nvram: startup- config.
Herase nvrarn :
Herase start
#delete fl ash :
dir flash
rename flash : config . text flash : config . text . old
Sl#show flash
Sl(config) Hboot system flash : /c2960- lanbase- rnz .1 22 -
2S . SEEl . bin
copy startup-con fig flash : filenarne
Reset password
Allumer-maintenir bouton mode dans les ISs
led clignotant vert - orange bref instant - verte stable
Relacher bouton mode
Flashjnit
load_helper
... travail
boot
#banner login " eeee"
Sl(configlHbanner motd " Device maintenance wi l l be
occurring on friday !"
(config) #hostname hostname
(con fig) Hip domain - namedomain name
Switch Configuration de ports
(conf 1g) HUn t fast ...
(config-if )HHswitchport mode access
(config- iflHHswitchport access vi an 99
(con fi g - if lHspanning- tree port fast
(config)#ip default -gatewa y ip
iSh ip int brief
Sl(con fig)#ip ht tp server
Sl(config)#ip http authentication enable
To verify the duplex.
Hsh int
Sl(config)Hinterface faO/l8
full
Sl (config- ifl #s peed 100
Line console a
Password
Login
line vty 0 4 ? 15
enable pass
enable secr et
service password-encryption
If you need to re- enable the Telnet protocol on a Cisco 2960 switch, use the
following command from line configurati on mode:
(config - lineIHtransport input telnet or
(confi g -li neIHt r ansport inpu t all
interface range
RSA
(configl key generate rsa
Hsh ssh
Hsh ip ssh
(con fig ) Hip ssh version [1 I 2]
(conf ig) #crypto key zeroize rs a
After the RSA key pair is deleted, the SSH server is automatically di sabled
(config) Hip ssh {timeoutseconds I authentication-
retriesnumber}
(conf ig) Uine vty 0 1 5
(conf i g-l i ne) Htransport input ssh
SNOOPING
(config) Hip dhcp snooping
ip dhcp snooping vI an number (numbe r]
(config- i fl H ip dhcp snooping trust (connected t o
dhcp serverl
ip dhcp s nooping li mit rate rate
PORT-SECURITY
switchport port- security mac-address mac- address
(ma c-address I sticky [mac-add res s] ]
show port - security lint.erfaceinterface-id]
show mac- address- table (add ress mac - addr)
clear mac-address - t able dynamic
. __ - clear port - security sticky interface if access
L t hen shutdown then no shut
mac-addres s - table static OOeO . 2917 .l 884
interface fastethernet 0/ 18 vian 99
(conf ig-ifl#switchport po r t-security violation
protect
(config-i f) Hswitchport port - security violation
shutdown
(config)#inter f ace fa O/6
(config-if ) Hswitchpo r t po rt- security
(config- if) Hswitchpor t por t -security maxi mum 1
(config-if )Hswi tchport port - security mac- address
sticky
VOICEVLAN
(config-i f IHint fa OlD
(config-if l#ml s qos trust cos
(config-iflHswitchport voice VLAN 150
(config- iflH switchport mode access
(config-i f IHswitchpor t access VLAN 20
VLAN
SI(config-if)Hswitchport mode trunk
Sl(config- if) Hswi tchp o rt t runk native vian 99
Hshow int erface faOl1 trunk
show int erfaces interface- id switchport
DTP
swi tchpo r t mode trun k .
switchport mod e dynamic aut o
switchport mode dynamic desirable
switchport nonegotiate .
Hsh dtp interface
(configl Hvlan vlanid
(config- vlanlHname vlan name
(config- vlan)#end
(config-iflHswitchport mode access
(config- ifl#switchport access vI an vlan id
Hshow vian [brief I id vl an-id
summary]
show interfaces [interface-id
switchport
VTP
Hshow VTP (status I counters]
Hsh int trunk
Hvtp mode (server)
Hvtp domain domain-name
#vtp password password
Hvtp version 1
Hsh int fast 0/1 switchport
STP
name vI an- name
vian vlan-id)
(confiQ- ifl Hspanning-tree cost 25
(config-if) Hno spanning-tree cost
Hshow spanning-tree
Hshow spanning- tree detail
(config) #spanning- tree vian vlan- id (root [primaryl
secondary] I priority value)
default:32768, 1 to 65536
lowest priority.macaddr
(config- iflHspanning- tree port - priority 112
0- 240, in increments of 16
lowest Portpriority.noport
(config) #spanning- tree vlan vlan id root primary
diameter value
(config- i f ) H spa nning-tree port fas t
show spanning tree active
(config) Hspanning-tree mode rapid- pvst
(config- if) #spanning- tree link- type point - to- point
(config- if) Hend
Hclear spanning- tree detected- protocols
Hsh span vlan 10
S1Hdebug spanning-tre e event s
Routage Inter-VIan
R1 Hint fast 0/0 . 20
R1 #encapsulation dot1q 20
R1 H ip address 192.168 . 20 . 1 255 . 255 . 255 . 0
Rl Hint fast 0/0
Rl #no shut
Attention: sur les switches comportant les deux types d'encapsulation il faut
pnkiser Ie type
SW (config-if)#swtichport trunk encapsulation {dotlq I isl}
PPP
(config- if ) Hencapsulation hdlc
H show interfaces serial..
show controllers cbus (on a 7200 router)
debug se r ia l int
keepalives
clock rate
R3(config- iflHencapsulation ppp
R3(config- iflHcompress (predictor I stac}
ppp quality percentage
(ex : 80)
Router(config-ifl#ppp mul ti link
load balancing
show interfaces serial
'debug ppp (packet I negociation I error
authentication I compression I cbcp]
PAP
'username username password password (to accept from
the connection)
(config-if lHppp authent i c at ion pap
Hppp pap sent - username nameoftheotherrouter password
password (to sent to the other connection)
CHAP
Hhostname name
Husername username password password (to accept from
the connecti on)
(config- iflHppp authentica tion chap
ppp callback [accept I request]
Frame-Relay
#show frame - relay map
Hshow frame-relay Imi
{config-ifl #encapsulation frame- relay
(config-if) Hno frame-re lay i nverse-a rp
(config-if) Hframe - r e lay map ip 10.1 _1 . 1 102
broadcast cisco
(config- if) Hframe -relay map protocol protocol-
add r ess d 1 ci [ broadcast ! [ietf] [cisco]
(config- if) Hframe-relay lmi-type [cisco I ansi I
q933a]
#bandwidth (in kbps)
(config-if lHinterface serial 0/0/0 . 103 point-to-
point
(con f ig- subif)Hframe- relay interface- dlci 1 03
(con f ig-i f )Hip address ..
show frame - relay pvc [interface i nterface} [dlci!
clear counters
clear frame-relay inarp
suppression des mappages dynamique
frame - relay inverse-arp
debug frame - relay lmi
Securite ...
username Student password cisco123
Rl (conflg1H do show run I include username
service password-encryption
security passwo r ds min- length value
(config-line) transport input tel net ssh
(config- line) exec-timeout 3 (in minutes)
(confi g ) Hservice tcp- keepallves - in
hostname
(configl Hip domain-name zzzzzz ('l'R8S IMPORTANT)
Hcrypto key generate esa
size of the key modulus in the range of 360 to 2048 for your General Purpose
KeY'
Husername username password password
(configl Hline vty 0 4
(config-line) ittransport input ssh
(config- line) Hlogin local
Hip ssh time-ou t 15
Hauthentication- retries 2
R2/configlHservice timestamps?
H service timestamps debug datetime msee
DISABLING SERVICES
Hno service tcp- small - servers
Hno service udp-small-servers
Hno ip bootp server
Hno service finger
Hno ip http se r ver
snmp- server
cdp run
Hno service con fig ( r emote configuration)
Hno ip source-route
Hno ip classless (?????)
Hshutdown (on unus ed interfaces)
Hno ip directed-broadcast (no smurf attack)
Hno ip proxy-arp (Ad hoc routing)
Hno finger
Hno ip name-server
Hnc boot network
Rl(config)Hno pad
Rl(configlHno ip gratuitous - arps
Rl( ccnfig-if)#nc ip unreachables
Rl(con fig - if) Hnc ip mask-reply
Rl(config- if)Hno mop enabled
Hnc ip identd
Setup totally restricti ve access Jist
#no access list 70
Haccess list 70 deny any
Make SNMP read-only and subject to access list
#snmp-server community ZAduzduadZI35757 ro 11
snmp- server enable traps
Hno snmp-server system- shutdown
Hno snmp-server trap-auth
Prevent routing updates
IIrouter rip
(router) Hpassive - interface default
(router) Hno passive-interface serial 0/0/0
RIP AUTHENTICATION
(config) Hkey chain RIP_K8Y
(config-keychain) Hkey 1
(config- keychain-key ) Hkey- string cisco
serial 0/0/0
(config- if ) Up rip authentication mode md5
(config- if) Hip rip authentication key- chain RI P KEY
EIGRP AUTHENTICATION
(con fig) Hkey chain 8IGRP KEY
(con fig- keychain) Hkey 1
(config-keychain-key) Hkey-stri ng cisco
(configl Hint serial 0/0/0
(config- if) Hip rip authentication mode eigrp 1 mdS
(confi g-if l ltip rip authentication key- chain eigrp 1
EIGRP K8Y
OSPF AUTHENTICATION
(conf ig)#int serial 0/0/0
(config- if ) Up ospf message - digest - key 1 mdS cisco
(config- ifl Hip ospf authentication message - digest
#router ospf 10
(rout e r)#a r ea 0 authentication message-digest
OSPF AUTHENTICATION (Password in dear t ext)
R1(config-if)Hip ospf authentication
R1(config-if)#ip ospf authentication-key cisco123
(router )Harea 0 authentication
Hauto secure
SDM
Inst allat ion
Nip http server
Hip http secure-server
"ip authentication local
Husername username privilege 15 password password
(config) Hline vty 0 4
(config-line ) 8privilege level 15
(con fig-line ) Hlogin local
(conf ig-line) Htransport input telnet ssh
routerH show privilege
The following example shows how to set the show and ip keywords to level
S. The suboptions coming under ip will also be al10wed to users with privilege
level S access:
Router(config)H privilege exec all levelS show ip
Privileges varies from 0 (the least) to 15 (the most)
terminal monitor (en tel net)
AAA enabling
Rl(config)#aaa new- model
Rl(config)#aaa authentication login LOCAL_AUTH local
Rl(config)"line co nsole 0
R1(config- lin)Hlogin authentication LOCAL_AUTH
Rl(config- linlHline vty 0 4
R1(config- linlHlogin authentication LOCAL AUTH
#exec-timeout minutes (seconds)
R1(config)" l ogin b l ock- for 300 attempt 5 within 120
Rl(config)#security authentication failure rate 5
log
R1(config) Hlogging 192 . 168.10.10
Rl(config)Hlogging trap warnings
ACL
Standard
#access-11st access - list-number {deny I permit
remark line} source {log]
Hshow access - list
#clear access-list counters (pour les stats
matching)
Hnc access - list 10
#access - list 10 remark cette ACL permet blabla
Router(confiq-iflHip access-group {access - li s t -
number I access - list - name) (in lout)
Using an ACL to Control VTY Access {ad standard}
Haccess - class access - list -number {in (v e E-al s o I
out)
Named ACL5;
(conf ig) Hip access-l ist extended TELNETTING
(config-ext - nacll #r emark blabla
(config-ext - nacl) #deny tcp host 192 . 18 . 1 . 1 any eq
tel ne t
(config - if) Up access - group TELNETTING in
Les tignes d'ACls sont numerotees de 10 en 10. Pour inserer en ligne 15
(config- ext-nacl) #15 deny tcp host 192 . 18 .1. 1 any
eq telnet
Elctended ACl
access -list access - list - number {deny I permit I
remark ) protocol source sou r ce- wildcard (opera t or
po r t [po rt]] destination destination- wildcard
[operator port (po r tl l (precedence precedence ] [ tos
tos] (log I log-input ]
operator: It (less than], gt (greater than), eq (equal ), neq (not equal), and
range (inclusive range).
ICMP
R2 (config-ex t-nacl) Hpe rmit icmp a ny any echo-reply ...
ACLs complexes
Verrou (dynamiguel
(config) Husername username password 0 password
(confi g) Haccess -1 ist 101 permi t any host 10 . 2 . 2 . 2
eq telnet
(config) Haccess-1ist 101 dynamic testlist timeout
15 permit ip 192 . 168 . 10 . 0 0 . 0 . 0 . 255 192 . 168 . 30 . 0
0 . 0 . 0 . 255
The user will have 15' to identify
(config) Hint ser 0/0
(config- if) Hip access-group 101 in
(conf ig) Hline vty 0 4
(co n fig-line ) Hlogin local
(con fig - line J Hautocommand access - enable hos t
timeout 5
The access will be given to the user and the session will be closed up to 5
minutes of inactivity.
Reflexive ACLs
Track traffic from inside
(config) Hip acces s- list extended OUTBOUNDfILTERS
(config- ex t-nacl) Hpermi t tcp 1 92 . 168.0 . 0
0 . 0 . 255.255 any r eflect TCPTRAFFI C
(config- ext-nacl) Hpermit icmp 192 . 168 . 0 . 0
0 . 0 . 255 . 255 any r ef lect ICMPTRAFrIC
Create an inbound policy that requires the router to check incoming traffic to
see ifit was initiated from inside and ties the reflexi ve AClpart of the
OUTBOUNDFllTERS ACL, called TCPTRAFFIC to the INBOUNDFILTERS ACL.
(con fig ) H1p acces s - list extended INBOUNDFILTERS
(config- ext - nacl) Heva lua te TCPTRAFfIC
(config- ext - nacl) Hevaluate ICMPTRAFFIC
Link t he ACls
(config) hnt ser 0/0
(conf ig- if) hp access-group INBOUNDFl LTERS in
(config- if) Hip access - group OUTBOUNDFILTERS out
Time-based ACLs
(conf ig ) Htlme-range EVERYOTHERDAY
(config-time-range) #periodic Monday Wednesday
friday B: OO to 11 : 00
(conf1g) Haccess-1ist 101 permit tcp 192 . 168 . 0 . 0
0 . 0 . 255.255 any eq tel net time-range EVERYOTHERDAY
(config) Hint ser 0/0
(config-i f) Hip acces s - group 101 out
extended ping from the FaO/O interface on Rl to the FaO/l interface on R3.
RlHping ip
Target IP address : 192 . 168 . 30.1
Repeat count (5) :
Datagram size ( 100) :
Timeout in seconds [2] :
Extended commands (n] : y
Source address or interface : 192 . 168 . 10 . 1
Type of service [0] :
Set OF bit in IP header? (no) :
Val i date repl y data? (no J :
Data patt ern (OxABCD] :
Loose , Strict , Record , Ti mestamp, Ver bose(none] :
Sweep range of sizes [nJ :
Type escape sequence t o abort .
Send ing 5, lOO-byte IeMP Echos to 192 . 168 . 30 . 1,
timeout is 2 seconds :
Packet sent with a sour ce address o f 192. 168 .1 0 . 1
!!!! !
Success rate is 100 percent (5/51 , round - trip
min/avg/max = 40143/44 ms
DHCP
SERVER
(config)H ip dhcp excluded-address low-address
{high-address }
(con f ig)# ip dhcp poo l pool name
(dhcp- conf ig )H networ k network-number [mask I
/ pre fix - l ength I
Idhcp- config)H default - router address
[address2 ... addressB]
(dhcp- config )H dns - server address
[address2 ... addressB]
(dhcp- con fi g)H domain -name domain
(dhcp-conf i g) # lease (days [hours] [minutes]
infinite )
(dhcp- config)# netbios - name - server address
[address2 ... addcessB)
Hno service dhcp
Default is enabled
Hshow ip dhcp server statistics
Hshow ip dhcp binding
#show ip dhcp pool
CliENT
Cli ENT
(config - i f) # ip address dhcp
APJPA
169.2S4.x.x
TROUBLESHOOTING
Hshow ip dhcp conflict
Ha ccess - li s t 100 permit ip host 0 . 0 . 0 . 0 host
255 . 255 . 255 . 255
Hdebug ip packet detail 100
Hdebug ip dhcp server packet
Hdebug ip dhcp server events
FORWARDING BROADCAST
ip he l per- address ipoftheserver (outside) interface
configuration command
Port 37: Time
Port 49: TACACS
Port 53: ONS
Port 67: DHCP/BOOTP dient
Port 68: DHCPjBOOTP ser ver
Port 69: TFTP
Port 137: NetBIOS name service
Port 138: NetBIOS datagram service
ip forward-prot ocol number
to add new protocols to forward
NAT
STATIC NAT
Establish static translation between an inside local address and an inside
global address.
Router(con fig ) "ip nat inside sour ce stat i c local-i p
global-ip
Mark the interface as connected to the inside.
Router(conf i g - if)# i p nat inside
Mark the interface as connected to the outside.
Router(config- if l Hip nat outside
DYNAMIC NAT
Define a pool of global addresses to be allocated as needed.
Router (con fig)Hip nat pool name start-ip end-ip
(netmask netmasklprefix- length prefix-length.
Define a standard access list permitting those addresses that are to be
translated.
Router (config )Haccess - list access-list-number permit
source (source-wildcard]
Establish dynamic source translation, specifying the access list defined in the
prior step.
Rou ter(co nfig ) Hip nat inside source list access -
list-number pool name
Mark the interface as connected to the inside.
Router (config- if ) Hip nat inside
Mark the interface as connected to the outside.
Router(conf i g - i f )Hip n a t outside
NAT OVERLOAD (for one IP public address given by the ISP)
Define a standard access list permitting those addresses that are to be
translated.
Router(confi g )#access-list ael-number permit source
[source-wildcard]
Establish dynamic source translation, specifying the access list defined in the
prior step.
Router (confi g)Hip nat inside source list acl-number
interface interface ove rload
Specify the inside interface.
Rout er(config) #i nter f ace type number
Router (confi g - if)Hip na t inside
Specify the outside interface.
Rout e r (conf ig- ifl#inter Eace type n umber
Router(config- iflHip nat outside
NAT OVERLOAD (for a pool of address-one to one NAT)
Define a standard access Jist permitting those addresses that are to be
translated.
Router(co nfig ) Haccess-list acl - number permit source
[ sour ce-wildcard]
Specify the global address, as a pool, to be used for overloading.
Router (config) Hip nat pool name start - ip end- ip
(netmask netmask 1 pre fix - length prefix- l ength) .
Establish overload translation.
Router (config)Hip nat inside source list acl - number
pool name overload .
Specify the inside interface.
Router(config)Hinterface type number
Router(config- if)Hip nat inside
Specify the outside interface.
Router(confi g-ifl t ype number
Router(config-if)#ip nat outside
PORT FORWARDING
ip nat source static (TCPorUDP) (YourCompsIP)
( PortToforward) inter face BVII ( PortTo f orward)
ip nat inside sour ce static tep 172 . 16 . 2 . 60 3389
interface BVIl 3389
ip nat inside source static tcp 192.168 . 1 . 200 22
209 . 247 . 228 . 201 22 extendable
Passive FTP
ip nat inside source static tcp 192 . 168 . 0 . 4 20
66 . 46 . 64 . 82 20 extendable
ip nat inside source static tep 192 . 168.0 . 4 21
66 . 46 . 64 . 82 21 extendable
Passive FTP has the client open both port 21 and port 20 connections from
the start.
ip nat transl a tions (verbose]
#show ip na t stat i st i cs
#clear ip nat transl a tion
#clear ip translation insid e global - ip local - ip
[outside loeal - ip global - ipj
Clears a simple dynamic translation entry containing an inside translation or
both inside and outside translation
#clear ip nat transl a tion protocol inside global - ip
global - port loca l- ip local - po r t {outside loca l- i p
loca l -port global - ip global - po r t}
Cl ears an extended dynamic translation entry
#debug ip nat (detailed ]
IPv6
Global unicast address: 001 (2000::/3)
Currently affected: 2001::/16 (ARIN .. J
Pri vate FEOS: : .. FEOF::
Site-local addresses : FEex :: .. FEFx
link-local addresses : FEB x :' .. FEBx
Loopback ::1
route par defaut ::/0
Route r X(config- ifl#ipv6 address
2001 : 088 : 2222 : 7272 : : 72/64
RouterX{config- if) Hipv6 address
2001 : D88 : 2222 : 7272 : : /64 8ui - 64
DUAL STACK
(config)#ipv6 unicast - routing
(config)#int fasteth 010
(conflg-i f)#iIp address 192 . 168 . 1 . 1
(config- if)#ipv6 address 3ffe : : 1/127
RIPng
ipv6 host name (po rt] ipv6addr ({ipv6addr) ... I
RouterX(configlHip name-server address
RouterX(config} #ipv6 router rip name
Name identify the RIP process
RouterX(config- if)#ipv6 rip name enable
show ipv6 int.e rface
show ipv6 inter face brief
show ipv6 neighbors
show ipv6 protocol s
show ipv6 rip
show ipv6 rout.e
show ipv6 route summary
show ipv6 routers
Displays IPv6 router advertisement information received from other routers.
show ipv6 static [detail) lipv6address /lengthj
[interface }
Displays only static IPv6 routes installed in the routing table.
show ipv6 t.raffic
c l ear ipv6 rip
clear ipv6 r oute
*
clear ipv6 route route
debug ipv6 traffic
debug ipv6 packet
debug ipv6 rip
debug i pv6 routing
Acces Client HTTP
http://[ipYG_address)
Troubleshooting
SWHshow port
show t e ch-support.