Upload
tanveer-butt
View
116
Download
4
Tags:
Embed Size (px)
Citation preview
Packet Tracer
Powerful tool Use virtual routers instead of real ones
First Scenario
3 work stations and a hub connectivity Hub switch 2950 Switch(Use)
Configure IP on the PC. Has to be on the same network
Orange color show switch uses to indicate they are running spanning tree protocol. Switch and workstation to prevent switching loops
Verifying Connectivity using Ping
Save it
Second Scenario
2621 Series Router( 2 of them used)
Pc is directly connected to Router this time
Interface Overview
When you open Packet Tracer, by default you will be presented with the following interface:
This initial interface contains ten components. If you are unsure of what a particular interface item does, move your mouse over the item and a help balloon will explain the item.
1 Menu Bar This bar provides the File, Edit, Options, View, Tools, Extensions,
and Help menus. You will find basic commands such as Open, Save, Save as Pkz, Print, and Preferences in these menus. You will also be able to access the Activity Wizard from the Extensions menu.
2 Main Tool Bar This bar provides shortcut icons to the File and Edit menu commands. This bar also provides buttons for Copy, Paste, Undo, Redo, Zoom, the Drawing Palette, and the Custom Devices Dialog. On the right, you will also find the Network Information button, which you can use to enter a description for the current network (or any text you wish to include).
3 Common Tools Bar This bar provides access to these commonly used workspace tools: Select, Move Layout, Place Note, Delete, Inspect, Resize Shape, Add Simple PDU, and Add Complex PDU. See "Workspace Basics" for more information.
4 Logical/Physical Workspace and Navigation Bar
You can toggle between the Physical Workspace and the Logical Workspace with the tabs on this bar. In Logical Workspace, this bar also allows you to go back to a previous level in a cluster, create a New Cluster, Move Object, Set Tiled Background, and Viewport. In Physical Workspace, this bar allows you to navigate through physical locations, create a New City, create a New Building, create a New Closet, Move Object, apply a Grid to the background, Set Background, and go to the Working Closet.
5 Workspace This area is where you will create your network, watch simulations, and view many kinds of information and statistics.
6 Realtime/Simulation Bar
You can toggle between Realtime Mode and Simulation Mode with the tabs on this bar. This bar also provides buttons to Power Cycle Devices as well as the Play Control buttons and the Event List toggle button in Simulation Mode. Also, it contains a clock that displays the relative Time in Realtime Mode and Simulation Mode.
7 Network Component Box
This box is where you choose devices and connections to put into the workspace. It contains the Device-Type Selection Box and the Device-Specific Selection Box.
8 Device-Type Selection Box
This box contains the type of devices and connections available in Packet Tracer. The Device-Specific Selection Box will change depending on which type of device you choose.
9 Device-Specific Selection Box
This box is where you choose specifically which devices you want to put in your network and which connections to make.
10 User Created Packet Window*
This window manages the packets you put in the network during simulation scenarios. See the "Simulation Mode" section for more details.
* You can freely resize the User Created Packet Window (UCPW) by placing the cursor near the left
edge of the window (it will turn into a "resize" cursor) and then drag the cursor left or right. You can hide the window from view by dragging the edge all the way to the right. When the UCPW is hidden, you can bring it back by placing the cursor on the edge (notice when the resize cursor appears) and then dragging the edge back.
Connections / Links
Packet Tracer supports a wide range of network connections. Each cable type can only be connected to certain interface types.
Cable Type Description
ConsoleConsole connections can be made between PCs and routers or switches. Certain conditions must be met for the console session from the PC to work: the speed on both sides of the connection must be the same, the data bits must be 7 for both or 8 for both, the parity must be the same, the stop bits must be 1 or 2 (but they do not have to be the same), and the flow control can be anything for either side.
Copper Straight-through
This cable type is the standard Ethernet media for connecting between devices that operate at different OSI layers (such as hub to router, switch to PC, router to hub). It can be connected to the following port types: 10 Mbps Copper (Ethernet), 100 Mbps Copper (Fast Ethernet), and 1000 Mbps Copper (Gigabit Ethernet).
Copper Cross-over
This cable type is the Ethernet media for connecting between devices that operate at the same OSI layer (such as hub to hub, PC to PC, PC to printer). It can be connected to the following port types: 10 Mbps Copper (Ethernet), 100 Mbps Copper (Fast Ethernet), and 1000 Mbps Copper (Gigabit Ethernet).
FiberFiber media is used to make connections between fiber ports (100 Mbps or 1000 Mbps).
PhonePhone line connections can only be made between devices with modem ports. The standard application for modem connections is an end device (such as a PC) dialing into a network cloud.
Coaxial Coaxial media is used to make connections between coaxial ports such as a cable modem connected to a Packet Tracer Cloud.
Serial DCE and DTE
Serial connections, often used for WAN links, must be connected between serial ports. Note that you must enable clocking on the DCE side to bring up the line protocol. The DTE clocking is optional. You can tell which end of the connection is the DCE side by the small “clock” icon next to the port. If you choose the Serial DCE connection type and then connect two
devices, the first device will be the DCE side and the second device will be automatically set to the DTE side. The reverse is true if you choose the Serial DTE connection type.
Wireless LinksYou can establish wireless links between access points and end devices (PCs, servers, and printers). To establish a link, simply remove the existing module on an end device, insert a wireless module, and turn on the device. The device will automatically try to associate itself with an access point. Typically, this means it will associate (physically) with the nearest access point. See the Wireless Devices page under the Physical Workspace section for more information regarding distances. However, if two or more access points are in the same closet, the distance from any access point to any end device is essentially the same. In this case, an end device will associate with the access point that was created first. Recall that the logical topology does not reflect physical distances, and everything that is created in the Logical Workspace is initially placed in the same wiring closet in the Physical Workspace. The process for establishing wireless links between Linksys routers and end devices with Linksys network modules is similar, but described elsewhere.
Link StatusWhen you connect two devices, you will typically see link lights on both ends of the connection. Some connections do not have link lights.
Link Light Status Meaning
Bright green The physical link is up. However, this is not indicative of the line protocol status on the link.
Blinking green There is link activity.
Red The physical link is down. It is not detecting any signals.
Amber The port is in a blocking state due to the Layer 2 loop-breaking process in Packet Tracer. This appears only on switches.
Workspaces and ModesPacket Tracer has two workspaces (Logical and Physical) and two modes (Real-time and Simulation). Upon startup, you are in the Logical Workspace in Real-time Mode. You can build your network and see it run in real time in this configuration. You can switch to Simulation Mode to run controlled networking scenarios. You can also switch to the Physical Workspace to arrange the physical aspects (such as the location) of your devices. Note that you view a simulation while you are in the Physical Workspace. You should return to the Logical Workspace after you are done in the Physical Workspace.
Operating Modes
Packet Tracer operating modes reflect the network time scheme.
In Realtime Mode, your network runs in a model of real time, within the limits of the protocol models used. The network responds to your actions immediately as they would in a real device. For example, as soon as you make an Ethernet connection, the link lights for that connection will appear, showing the connection state (see the "Connections/Links" page for details). Whenever you type a command in the CLI (such as ping or show), the result or response is generated in real time and you see it as such. All network activity, particularly the flow of PDUs across the network, happens in the Packet Tracer model of real time.
I
n Simulation Mode, you can "freeze" time -- you have direct control over time related to the flow of PDUs. You can see the network run step by step, or event by event, however quickly or slowly you like. You can set up scenarios, such as sending a ping packet from one device to another. However, nothing "runs" until you capture it (the first time through, as with a protocol sniffer) or play it (re-playing the captured events as an animation). When you capture or play the simulation, you will see graphical representations of packets traveling from one device to another. You can pause the simulation, or step forward or backward in time, investigating many types of information on specific PDUs and devices at specific times. However, other aspects of the network will still run in real time. For example, if you turn off a port, its link light will respond immediately by turning red.
Simulation Mode: PDU Information
During a simulation, you can click on a packet (on the topology or the corresponding event in the Event List) to bring up its information window and view its details. The details window contains three possible tabs: OSI Model, Inbound PDU Details, and Outbound PDU Details.
The OSI Model tab shows how the packet is processed at each layer of the OSI model by the current device. The process is further separated by the direction in which the packets are traveling, incoming versus outgoing. The incoming layers (In Layer) show how the device processes an incoming or a buffered packet, and the outgoing layers (Out Layer) show the process a device goes through when it sends a packet to one or multiple ports.
The In Layer is meant to be read starting from bottom to top (from Layer 1 to Layer 7), while the Out Layer is read from top to bottom (from Layer 7 to Layer 1). This is because the physical layer is the first layer at which incoming PDUs are processed, and it is the last layer at which outgoing PDUs are processed when they exit the
device.
The Inbound PDU Details tab only applies if the PDU you clicked on is being received on the device; it will not appear if the PDU originated from that device. The tab shows exactly what is in the headers of the PDU, broken up into header type and the individual fields in each header. For example, a PDU may have an Ethernet II and an ARP header, so the tab will show information such as the preamble, FCS, and source and destination addresses.
The Outbound PDU Details tab shows similar information for outgoing packets. This tab only applies if the device has a PDU to send.
Most of the time, a device will receive a PDU and then, as a result, send out a PDU. In this case, both the Inbound PDU Details and the Outbound PDU Details tabs apply.
Challenge ModeYou can quiz yourself on the encapsulation process by entering Challenge Mode when viewing PDU information. Press the Challenge Me button to do so. The layer details are hidden, and the information window is replaced by a question window that asks you what the device does to a PDU at a given layer. Select from a multiple-choice list. If you answer correctly, the details for that layer are shown and the question window advances to the next layer. You can press the Hint button if you need help.
Each Challenge Question may contain the following answers: Encapsulate: Adds a header or a header and trailer to the PDU on this layer to create the
PDU at the next lower layer. De-encapsulate: Removes a header or a header and trailer from the PDU on this layer to
create the PDU at the next higher layer.
Transfer: Moves the PDU from the inbound OSI stack to the outbound OSI stack.
Accept: Accepts and finishes processing of the PDU.
Queue: Holds the PDU for processing or sending at a later time.
Drop: Eliminates the PDU.
Transmit: Sends the signal out the physical media.
TUTORIALS FOR YOU
Creating a First Network (View Tutorial) 1. Start creating a network by first selecting the End Devices. Add a Generic PC and a
Generic Server to the workspace. 2. Under Connections, select the Copper Straight-through cable (solid black line) and
connect the devices with it. The red lights on the link indicate that the connection is not working. Now, use the Delete tool to remove the Copper Straight-through cable, and use a Copper Cross-over cable (dashed line) instead. The lights should turn green at this point. If the mouse pointer is held over either devices, the link status will be shown as “Up.” The network should look similar to this:
3. Click on the PC. While paying attention to the link lights, turn the power on, off, and on again. Follow the same steps for the server. The link lights turn red when the device is off. This means that the link is down or is not working. The link lights turn green when the device is turned back on.
4. Try all three ways to learn about the devices. First, mouse over the devices to see basic configuration information about them. Second, click on each device with the Select tool to show the device configuration window, which provides several ways to configure the
device. Third, use the Inspect tool to view the tables the network device will build as it learns about the network around it. In this example, open the ARP table. Since the devices have not been configured yet, the ARP tables are empty. Always remember to close the windows after viewing them or they will clutter the workspace.
5. Open the PC configuration window and change the settings using the Config tab. Change the display name to Client and set the DNS server to 192.168.0.105. Under Interface, click FastEthernet and set the IP address as 192.168.0.110. Packet Tracer automatically calculates other parameters. Make sure that the Port Status box is checked. For future reference, note that other Ethernet interface settings, such as bandwidth, duplex, MAC address, and subnet mask can be modified using this window.
6. Go to the Desktop Tab and click on IP Configuration. Notice that the IP address, subnet mask and DNS server can be changed here as well.
7. Open the Server configuration window and go to the Config tab. Change the display name to Web Server. Click FastEthernet and set the IP address as 192.168.0.105. Make sure that the Port Status is also on. Click DNS and set the domain name as www.firstlab.com. Set the IP address as 192.168.0.105 and click Add. Finally, check to make sure that the service for DNS is on.
8. Reposition the network devices by dragging them to a new location. Add a network description by using the “i” button on the upper right corner. Then add some text labels within the Logical Workspace by using the Place Note tool.
9. Load a background grid using the Set Tiled Background button.
10. Save your work using the File > Save As option and create a meaningful filename.
Congratulations on creating your first network.
III. Sending Simple Test Messages in Realtime Mode (View Tutorial) 1. Start by opening the file saved in the last section. 2. Notice that the file opens in Realtime Mode. Use the Add Simple PDU tool to send a
simple one-time ping message, called an echo request, to the server. The server responds with an echo reply because all devices have properly configured IP address settings.
3. Scroll up and down the User Created Packet Window to see the different capabilities of this ping message, including an indication that the ping was successful.
4. Toggle the PDU List Window to see a larger display of this message. One or more of these messages can be saved as a scenario. Scenario 0 is displayed when starting. Label this first scenario with an “i” note. Different scenarios allow the use of the same topology for experiments with different groupings of user created packets.
5. Click New to create a new scenario. New scenarios will initially be blank.
6. Add two packets using the Simple PDU tool, a PDU from the PC to the Server and a different PDU from the Server to the PC. Then add an “i” note describing the scenario, to complete Scenario 1. An example is shown below:
7. Several scenarios can be saved with a single network. Alternate between Scenario 0 and 1.
8. Now, remove Scenario 0 using the Delete button.
9. Scenario 1 is now visible. Go to the last column in the User Created Packet Window and double-click (delete) to remove a PDU.
10. Delete the whole scenario. Notice that the scenario list went back to the default Scenario 0.
Congratulations on being able to send and organize simple test messages in Realtime Mode.
IV. Establishing a Web Server Connection Using the PC’s Web Browser (View Tutorial)
1. Open the file saved from the previous section. 2. Click on the PC to view the configuration window.
3. Select the Desktop tab, and then click Web Browser. Type in www.firstlab.com as the URL and click the Go button. The Packet Tracer welcome page, shown below, appears, indicating that the web connection has been successfully established.
4. Clear the URL, type www and click Go. Since the address entered is not complete, a “Host Name Unresolved” message appears.
5. Type 192.168.0.105 as the URL entry and click on Go. Notice that the Packet Tracer welcome page appears again. This is because the Server IP address can also be used to establish a web connection.
6. Close the window and try the same steps in Simulation Mode. In this mode, the user controls time, so the network can be viewed running at a slower pace, allowing observation of the paths packets take and inspection of packets in detail (packet tracing!).
7. Select the PC again and go to the Web Browser in the Desktop tab. Type www.firstlab.com as the URL again and click Go. The welcome page should not appear right away.
8. Switch to the main interface of Packet Tracer without closing the PC configuration window. Notice that a DNS packet is added to the event list.
9. Click Auto Capture/Play or repeatedly click the Capture/Forward button until the HTTP packet appears on the PC. Go back to the PC configuration window. The Packet Tracer welcome page is now shown.
10. Close the PC configuration window.
Congratulations on successfully establishing a web server connection.
V. Capturing Events and Viewing Animations in Simulation Mode (View Tutorial)
1. Open the previously saved file.
2. In Realtime Mode, send a simple PDU from the PC to the Server.
3. Delete the PDU by using the method learned in the previous section.
4. Switch to Simulation Mode.
5. Click Edit Filters and click All/None to uncheck all fields. Then click ICMP to only view ICMP packets in the animation.
6. Add a simple PDU from the PC to the Server. Notice that the newly created PDU is added to the User Created PDU List. This packet has been captured as the first event in the event list and a new packet icon (envelope) appears in the workspace. The eye icon to the left of the event list indicates that this packet is currently displayed.
7. Click the Capture/Forward button once. This simulates a network sniffing program, capturing the next event that occurs on the network. Note that after clicking Capture/Forward, the packet in the workspace moves from one device to another (this is the ICMP echo request message from the PC to the Server). Another event is added in the event list – this reflects the change in the workspace. The first time through an animation, the meaning of the Capture/Forward is capture; after resetting the simulation, the meaning is forward.
8. Adjust the speed of the animation by dragging the Play Speed slider to the right making it go faster. Dragging the speed slider in the opposite direction (to the left) will slow down the animation.
9. Click the Capture/Forward button a second time. This captures the next network event (this is the echo reply from the Server to the PC, shown as successful with a green check mark on the envelope).
10. Click Capture/Forward button again. The Server has already sent an echo reply to the PC therefore, there are no more ICMP events left to capture.
Congratulations on successfully capturing events and viewing animations in Simulation Mode.
VI. Looking Inside Packets in Simulation Mode (View Tutorial) 1. Continuing from the last activity, click Reset Simulation. This clears the entries in the
event list except for the original packet.
2. Select the packet envelope on the workspace to show the PDU Information window like the one shown in the screenshot below. This window contains the OSI Model tab, which shows how the packet is processed at each layer of the OSI model by the current device. Close this window, noting that this packet is indicated in the event list by the eye icon. The whole row in the event list is also highlighted. Clicking on the color square in the Info column is equivalent to clicking directly on the packet envelope (try it!).
3. Use the Next Layer and Previous Layer buttons to see details of the packet processing at the relevant OSI layers. Note that only the Out Layers can be viewed in the case of this original echo request message.
4. Click on the Outbound PDU Details tab. This tab shows exactly what makes up the PDU headers. It is organized into header type and the individual fields in each header.
5. Close the PDU Information window. Click on Capture/Forward button once.
6. Click on the packet in the workspace again to open the PDU Information window. Notice that this time, information regarding both the In Layers and Out Layers can be viewed.
7. Click on the Inbound PDU Details tab. This shows the details of the inbound echo request packet from the PC to the Server. The Outbound PDU Details tab, shows similar information, but for the echo reply packet from the Server to the PC.
8. Click on Reset Simulation again. Now click on Auto Capture/Play. The echo request and echo reply are automatically captured. Click on the Back Button to rewind the animation one step at a time. Now click on the Capture/Forward button to forward the packet through the animation. Note the change in the event list and the workspace. Remember that at any time, a PDU Information Window can be opened by clicking directly on the envelope on the workspace, or by clicking the Info column in the Event List.
9. Click on the Back Button twice to rewind the animation. Now click Auto Capture/Play and the packet animation will automatically occur.
Congratulations on being able to manipulate the Play Controls and PDU Information Window to understand more about packet processing details.
VII. Viewing Device Tables and Resetting the Network (View Tutorial) 1. Open the file saved from the previous section. 2. Open the ARP Tables for both devices by clicking them with the Inspect tool. The ARP
tables always appear on the same spot. Reposition them to make them both visible. You can also resize the tables for better viewing.
3. In Realtime Mode, send a simple PDU from the PC to the Server. Notice that the ARP tables are filled in automatically, as shown here:
4. Delete the PDU using the method covered in the previous sections. Notice that the entries in the ARP tables are NOT cleared. ARP entries for both devices have already been learned. Deleting the user created PDUs does not reset events what has already occurred in the network.
5. Click Power Cycle Devices. ARP tables are cleared because the Power Cycle Devices button turns the devices off and back on again therefore, losing temporary information like the ARP table entries.
6. Go to Simulation Mode. In the event list filters, make sure that ICMP and ARP are checked so that you can view ICMP and ARP packets in the animation.
7. Create a new simple PDU from the Server to the PC.
8. Notice that since the devices were power cycled earlier, the ARP tables are empty. ARP request packets need to be issued before the ICMP ping packets, so that the devices in the network can learn about each other. Click on Auto Capture/Play to watch the animation.
9. Click Reset Simulation. Notice that even though the event list is cleared (except for the user created PDU), the ARP tables remain full. Click Auto Capture/Play. This time, since the ARP tables are full, there are no new ARP packets issued.
10. Click Power Cycle Devices. Doing so will empty the tables. Notice that new ARP request packets appear automatically in the event list.
Congratulations! You can now view device tables, reset a simulation, and reset the network.
VIII. Reviewing Your New Skills Single-clicking on the Delete button removes the entire scenario including all the PDUs
associated with it. Double-clicking on (delete) in the far right column in the PDU List window deletes
individual PDUs.
The Reset Simulation button clears all entries in the Event List, except for User Created PDUs, and allows the animation to restart. This, however, does not reset the device tables.
The Power Cycle Devices button turns all of the devices in the network off and on so the tables that the devices built are lost along with configurations and other information not saved.
Saving work periodically prevents lost configurations and state changes in the network.
Congratulations on being ready to build and analyze many different networks in Packet Tracer! Be aware that there are many other features that were not covered in this lab. To learn more, please view
Configuring Switches
The Config tab for the switch offers three general levels of configuration: global, switching, and interface. The global level offers the same settings as a router. The routing level also offers the same configuration parameters as a router. The switching level, however, is where you can manage the VLAN database of the switch. The interface level configurations also offer access to the VLAN settings of the switch. Note that the Config tab provides an alternative to the Cisco IOS CLI only for some simple, common features; to access the full set of switch commands that have been modeled you must use the Cisco IOS CLI.
Throughout your configurations in the Config tab, the lower window will display the equivalent Cisco IOS commands for all your actions.
Global SettingsIn global settings, you can change the switch display name as it appears on the workspace and the hostname as it appears in the Cisco IOS. You can also manipulate the switch configuration files in these various ways: Erase the NVRAM (where the startup configuration is stored). Save the current running configuration to the NVRAM.
Export the startup and running configuration to an external text file.
Load an existing configuration file (in .txt format) into the startup configuration.
Merge the current running configuration with another configuration file.
Algorithm SettingsIn the Algorithm Settings, you can override the global Algorithm Settings by unchecking Global Settings and then set your own values for the Maximum Number of Connections, Maximum Number of Opened Sessions, and Storm Control Multiplier. For the Cisco Catalyst 3560-24PS, you can also set the Half-Open Session Multiplier.
Routing Configuration (Cisco Catalyst 3560-24PS only)The Cisco Catalyst 3560-24PS multilayer switch supports IP routing. You can make static routes on the router by choosing the Static sub-panel. Each static route you add requires a network address, subnet mask, and next hop address.
You can enable RIP version 1 on specified networks by choosing the RIP sub-panel. Enter an IP address into the Network field and press the Add button. The RIP-enabled network is added to the Network Address list. You can disable RIP on a network by clicking the Remove button to remove it from the list.
VLAN Database ConfigurationYou can manage the VLANs of the switch from the VLAN Database sub-panel. You can add VLANs by entering a name and a VLAN number and pressing the Add button. You can see all existing VLAN entries in the list below the button. You can remove a VLAN by selecting it in the list and then pressing the Remove button. To associate a particular interface with a VLAN, go to the configuration panel of that interface.
Interface ConfigurationSwitches have only Ethernet-type interfaces. For each interface, you can set the Port Status (on or off), Bandwidth, Duplex setting, VLAN Switch Mode, and Tx Ring Limit. By default, an interface is a VLAN access port assigned to VLAN 1. You can use the drop-down menu on the right side of the screen to reassign the port to another existing VLAN. You can also change an interface into a VLAN trunk port, and then use the drop-down menu on the right to select the VLANs you want that trunk to handle.
In Packet Tracer, the switch allows all VLANs (1 to 1005) on a trunk port by default, even if the VLAN does not actually exist on the switch. In the drop-down menu, you can see the current VLANs and block (uncheck) them from the trunk. However, you cannot block VLANs that do not exist. This does not affect the functionality of the switch. It is simply a way to display VLANs (or a range of VLANs) that the trunk supports.
Configuring Routers
The Config tab offers four general levels of configuration: global, routing, switching (Cisco 1841 and Cisco 2811 only), and interface. To perform a global configuration, press the GLOBAL button to expand the Settings button (if it has not already been expanded). To
configure routing, press the ROUTING button, and then choose Static or RIP. To configure switching, press the SWITCHING button to expand the VLAN Database button. To configure an interface, press the INTERFACE button to expand the list of interfaces, and then choose the interface. Note that the Config tab provides an alternative to the Cisco IOS CLI only for some simple, common features; to access the full set of router commands that have been modeled you must use the Cisco IOS CLI.
Throughout your configurations in the Config tab, the lower window will display the equivalent Cisco IOS commands for all your actions.
Global SettingsIn global settings, you can change the display name of the router as it appears on the workspace and the hostname as it appears in the Cisco IOS. You can also manipulate the router configurations files in these various ways: Erase the NVRAM (where the startup configuration is stored). Save the current running configuration to the NVRAM.
Export the startup and running configuration to an external text file.
Load an existing configuration file (in .txt format) into the startup configuration.
Merge the current running configuration with another configuration file.
Algorithm SettingsIn the Algorithm Settings, you can override the global Algorithm Settings by unchecking Global Settings and then set your own values for the Half-Open Session Multiplier, Maximum Number of Connections, and Maximum Number of Opened Sessions. For the Cisco 1841 and Cisco 2811, you can also set the Storm Control Multiplier.
Routing ConfigurationYou can make static routes on the router by choosing the Static sub-panel. Each static route you add requires a network address, subnet mask, and next hop address.
You can enable RIP version 1 on specified networks by choosing the RIP sub-panel. Enter an IP address into the Network field and press the Add button. The RIP-enabled network is added to the Network Address list. You can disable RIP on a network by clicking the Remove button to remove it from the list.
VLAN Database Configuration (Cisco 1841 and Cisco 2811 only)The Cisco 1841 and 2811 routers support VLAN configuration. You can manage the VLANs on the router from the VLAN Database sub-panel. You can add VLANs by entering a name and a VLAN number and pressing the Add button. You can see all existing VLAN entries in the list below the button. You can remove a VLAN by selecting it in the list and then pressing the Remove button.
Interface ConfigurationA router can support a wide range of interfaces including serial, modem, copper Ethernet, and fiber Ethernet. Each interface type may have different configuration options, but in general, you can set the Port Status (on or off), IP Address, Subnet Mask, and Tx Ring Limit. For Ethernet interfaces, you can also set the MAC Address, Bandwidth, and Duplex setting. For serial interfaces, you can set the Clock Rate setting.
User Mode
<1-99>
connect
disconnect
enable [ <1-15> | view [ WORD ] ]
exit
logout
ping WORD
resume [ <1-16> | WORD ]
show
o cdp
entry
* [ protocol | version ]
WORD [ protocol | version ]
interface
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Serial <0-9>/<0-24>
neighbors [ detail ]
o clock
o controllers
Ethernet <0-9>/<0-24>
FastEthernet <0-9>/<0-24>
GigabitEthernet <0-9>/<0-24>
Serial <0-9>/<0-24>
o flash:
o frame-relay
lmi
map
pvc
<16-1022>
interface Serial <0-9>/<0-24> [ <16-1022> ]
o history
o hosts
o interfaces
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ switchPort ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ switchPort ]
GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ switchPort ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
Vlan <1-1005>
switchport
trunk
o ip
dhcp binding
eigrp
interfaces [ <1-65535> ]
neighbors [ <1-65535> ]
topology [ <1-65535> ] [ A.B.C.D A.B.C.D ]
all-links
traffic [ <1-65535> ]
interface
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
Vlan <1-1005>
brief
nat translations
ospf
<1-65535>
<0-4294967295>
database
interface
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
neighbor [ detail ]
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
A.B.C.D
database
interface
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-
4294967295> ]
GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
neighbor [ detail ]
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
database
interface
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
neighbor [ detail ]
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
database
interface
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
neighbor [ detail ]
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
border-routers
protocols
rip database
route [ WORD | connected | eigrp | ospf <1-65535> | rip | static ]
ssh
o protocols
o processes
o sessions
o ssh
o users
o version
o vlan-switch [ brief | id <1-1005> | name WORD ]
o vtp
counters
status
o ipv6
interface
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
brief
neighbors
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
route
ospf
rip database
eigrp
interfaces <1-65535>
neighbors <1-65535>
ospf
<1-65535> database
interface [interface]
neighbor [interface] [detail]
border-routers
protocols
nat translations
dhcp
interface
pool
telnet [ WORD ]
traceroute WORD Enable Mode
<1-99>
clear
o aaa local user user lockout [ all | username WORD ]
o access-list counters [ <1-199> | <1300-2699> | WORD ]
o arp-cache
o cdp table
o frame-relay [inarp | counter]
o ip
nat translation *
route [ * | A.B.C.D | A.B.C.D A.B.C.D ]
o ipv6
nat translation *
o mac-address-table dynamic
o vtp counters
clock set hh:mm:ss [ <1-31> MONTH <1993-2035> | MONTH <1-31> <1993-
2035> ]
configure [ terminal ]
connect [ WORD ]
copy
o running-config
startup-config
tftp:
o startup-config
running-config
tftp:
o tftp:
flash:
running-config
startup-config
debug
o aaa authentication
o crypto [ isakmp | ipsec ]
o custom-queue
o eigrp
fsm
packets
o ip
icmp
inspect
detailed
events
function-trace
object-creation
object-deletion
protocol [ http | icmp | tcp | udp ]
timers
nat
ospf
adj
events
packet
rip [ events ]
routing
o ipv6
ospf
adj
events
o frame-relay lmi
o ppp [ authentication | negotiation | packet ]
delete
o WORD
o flash:
dir [ flash: ]
disable
disconnect <1-16>
enable [ <1-15> | view [ WORD ] ]
erase startup-config
exit
logout
mkdir [ WORD | flash: ]
more file
no
o debug
all
aaa authentication
crypto [ isakmp | ipsec ]
custom-queue
eigrp
fsm
packets
ip
icmp
inspect
detailed
events
function-trace
object-creation
object-deletion
protocol [ http | icmp | tcp | udp ]
timers
nat
ospf
adj
events
packet
rip [ events ]
routing
ipv6
ospf
adj
events
frame-relay lmi
ppp [ authentication | negotiation | packet ]
ping [ WORD ]
o [ Protocol ] [ Target IP address ] [ Repeat count ] [ Datagram size ] [ Timeout in seconds ] [ Extended commands ] [ Sweep range of sizes ]
reload
resume [ <1-16> | WORD ]
mkdir [ WORD | flash: ]
setup
show
o aaa
local user lockout
sessions
user [ <1-4294967295> | all ]
o access-lists [ <1-999> | WORD ]
o arp
o cdp
entry
* [ protocol | version ]
WORD [ protocol | version ]
interfaces
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Serial <0-9>/<0-24>
neighbors [ detail ]
o class-map [ WORD ]
o clock
o controllers
Ethernet <0-9>/<0-24>
FastEthernet <0-9>/<0-24>
GigabitEthernet <0-9>/<0-24>
Serial <0-9>/<0-24>
o crypto
isakmp [ policy | sa ]
ipsec [ sa | transform-set ]
map
o debugging
o dhcp lease
o flash:
o frame-relay
lmi
map
pvc
<16-1022>
interface Serial <0-9>/<0-24> [ <16-1022> ]
o history
o hosts
o interfaces
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ switchPort ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ switchPort ]
GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ switchPort ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
Tunnel <0-2147483647>
Vlan <1-1005>
switchport
trunk
o ip
access-lists [ <1-199> | WORD ]
arp
dhcp binding
eigrp
interfaces [ <1-65535> ]
neighbors [ <1-65535> ]
topology [ <1-65535> ] [ A.B.C.D A.B.C.D ]
all-links
traffic [ <1-65535> ]
inspect
all
config
interfaces
name WORD
sessions [ detail ]
statistics
interface
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
Vlan <1-1005>
brief
ips
all
configuration
signatures
count
sigid WORD subid WORD
nat [translations | statistics]
ospf
<1-65535>
<0-4294967295>
database
interface
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-
4294967295> ]
GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
neighbor [ detail ]
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
A.B.C.D
database
interface
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
neighbor [ detail ]
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
GigabitEthernet <0-9>/<0-24>[ . ]
[ <0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
database
interface
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
neighbor [ detail ]
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
database
interface
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
neighbor [ detail ]
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
protocols
rip database
route [ WORD | connected | eigrp | ospf <1-65535> | rip | static ]
o logging
o mac-address-table [ static ]
o ntp status
o parser view
o policy-map
WORD
interface
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Serial <0-9>/<0-24>
type inspect zone-pair sessions
o privilege
o processes
o protocols
o queue
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Serial <0-9>/<0-24>
o queueing
o running-config
o secure [ bootset ]
o sessions
o snmp
o spanning-tree [ vlan <1-1005> ]
o startup-config
o terminal
o users
o version
o vlan-switch [ brief | id <1-1005> | name WORD ]
o vtp
counters
status
ssh -l WORD WORD
terminal history size <0-256>
telnet [ WORD ]
traceroute [ WORD ]
o [ Protocol ] [ Target IP address ] [ Source address ] [ Numeric display ] [ Timeout in seconds ] [ Probe count ] [ Minimum Time to Live ] [ Maximum Time to Live ]
undebug
o all
o aaa authentication
o crypto [ isakmp | ipsec ]
o custom-queue
o eigrp
fsm
packets
o ip
icmp
inspect
detailed
events
function-trace
object-creation
object-deletion
protocol [ http | icmp | tcp | udp ]
timers
nat
ospf
adj
events
packet
rip [ events ]
routing
o ipv6
ospf
adj
events
o frame-relay lmi
o ppp [ authentication | negotiation | packet ]
vlan database
write [ erase | memory | terminal ] Global Mode
aaa
o authentication
enable default
enable
group [ radius | tacacs+ ]
local
none
o authorization
[ exec | network ] [ WORD | default ]
group [ radius | tacacs+ ]
if-authenticated
local
none
o new-model
access-list (named ACL is under the "ip access-list" branch in Global Mode)
o <1-99>
[ deny | permit ] [ A.B.C.D | any | host A.B.C.D ]
[ deny | permit ] [ A.B.C.D A.B.C.D ]
remark LINE
o <100-199>
[ deny | permit ] [ icmp | ip ] [ A.B.C.D A.B.C.D | any | host
A.B.C.D ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ]
[ deny | permit ] [ tcp | udp ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | eq <0-65535> | host A.B.C.D | gt <0-65535> | lt <0-65535> | neq <0-65535> | range <0-65535> <0-65535> ] [ eq <0-65535> | gt <0-65535> | lt <0-65535> | neq <0-65535> | range <0-65535> <0-65535> ]
remark LINE
banner
o motd LINE
o login LINE
boot system flash WORD
cdp run
class-map [ type inspect ] [ match-all | match-any ] WORD
clock timezone WORD <-23 - 23> [ <0-59> ]
config-register WORD
crypto
o dynamic-map WORD <1-65535> [ ipsec-isakmp ]
o ipsec
security-association lifetime seconds <120-86400>
transform-set WORD [ ah-md5-hmac | ah-sha-hmac ]
esp-3des [ esp-md5-hmac | esp-sha-hmac ]
esp-aes [ 128 | 192 | 256 ] [ esp-md5-hmac | esp-sha-hmac ]
esp-des [ esp-md5-hmac | esp-sha-hmac ]
esp-md5-hmac
esp-sha-hmac
o isakmp
client configuration group WORD
key WORD address A.B.C.D [ A.B.C.D ]
policy <1-10000>
o key [ generate | zeroize ] rsa
o map WORD
<1-65535> [ ipsec-isakmp ] [dynamic WORD ]
client [ authentication list WORD | configuration address respond ]
isakmp authorization list WORD
do LINE
enable
o password
7 WORD
LINE
level <1-15>
7 WORD
LINE
o secret
[ 0 | 5 ] LINE
level <1-15>
[ 0 | 5 ] LINE
end
exit
hostname WORD
interface
o Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
o FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
o GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
o Loopback <0-2147483647>
o Serial <0-9>/<0-24> [ multipoint | point-to-point ]
o Tunnel <0-2147483647>
o Vlan <1-1005>
o range
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24> [ multipoint | point-to-point ]
Vlan <1-1005>
ip
o access-list
extended
<100-199>
WORD
standard
<1-99>
WORD
o default-network A.B.C.D
o dhcp
excluded-address A.B.C.D [ A.B.C.D ]
pool WORD
o domain-lookup
o domain-name WORD
o host WORD A.B.C.D [ A.B.C.D ] [ A.B.C.D ]
o inspect
alert-off
audit-trail
dns-timeout <1-2147483>
max-incomplete [ high | low ] <1-2147483647>
name WORD [ protocol ]
alert [ off | on ]
audit-trail [ off | on ]
timeout <5-43200>
one-minute [ high | low ] <1-2147483647>
tcp [ finwait-time | idle-time | synwait-time ] <1-2147483>
udp idle-time <1-2147483>
o ips
config location [ WORD [ retries <1-5>] ]
fail closed
name WORD [ list [ <1-199> | WORD ] ]
notify log
signature-category
signature-definition
o local pool WORD A.B.C.D A.B.C.D
o name-server [A.B.C.D] [X:X:X:X::X]
o nat
inside source
list [ <1-199> | WORD ] interface [ Ethernet | FastEthernet | GigabitEthernet | Serial ] <0-9>/<0-24>[ . ][ <0-4294967295> ] [ overload ]
list [ <1-199> | WORD ] pool WORD [ overload ]
static
A.B.C.D A.B.C.D
tcp A.B.C.D <1-65535> A.B.C.D <1-65535>
udp A.B.C.D <1-65535> A.B.C.D <1-65535>
outside source
list [ <1-199> | WORD ] pool WORD
static
A.B.C.D A.B.C.D
tcp A.B.C.D <1-65535> A.B.C.D <1-65535>
udp A.B.C.D <1-65535> A.B.C.D <1-65535>
pool WORD A.B.C.D A.B.C.D netmask A.B.C.D
o route A.B.C.D A.B.C.D
A.B.C.D [ <1-255> ]
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ <1-255> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ <1-255> ]
GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ <1-255> ]
Loopback <0-2147483647> [ <1-255> ]
Serial <0-9>/<0-24> [ <1-255> ]
Vlan <1-1005> [ <1-255> ]
o ssh version <1-2>
ipv6
o general-prefix prefix-name
ipv6-prefix/prefix-length
o neighbor X:X:X:X::X
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] H.H.H
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] H.H.H
GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] H.H.H
Loopback <0-2147483647> H.H.H
Serial <0-9>/<0-24> H.H.H
Vlan <1-1005> H.H.H
o unicast-routing
o route X:X:X:X::X/<0-128>
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ <1-254> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ <1-254> ]
GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ <1-254> ]
Loopback <0-2147483647> [ <1-254> ]
Serial <0-9>/<0-24> [ <1-254> ]
Vlan <1-1005> [ <1-254> ]
X:X:X:X::X [ <1-254> ]
o
o router
eigrp <1-65535>
ospf <1-65535>
rip WORD
o dhcp pool WORD
o access-list WORD
o nat
prefix X:X:X:X::X/<0-128>
v4v6
pool WORD X:X:X:X::X X:X:X:X::X
source A.B.C.D X:X:X:X::X
source list WORD [pool] WORD
v6v4
pool WORD A.B.C.D A.B.C.D
source X:X:X:X::X A.B.C.D
source list WORD [pool WORD | interface] [overload]
o host WORD X:X:X:X::X [X:X:X:X::X] [X:X:X:X::X]
line
o <0-81> [ <1-81> ]
o console <0-0>
o vty <0-15> [ <1-15> ]
logging
o A.B.C.D
o buffered <4096-2147483647>
o console
o host A.B.C.D
o on
o trap [ debugging ]
o userinfo
mac-address-table static H.H.H interface
o Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] vlan <1-1005>
o FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] vlan <1-1005>
o GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] vlan <1-1005>
no
o aaa
authentication
enable default
enable
group [ radius | tacacs+ ]
local
none
authorization
[ exec | network ] [ WORD | default ]
group [ radius | tacacs+ ]
if-authenticated
local
none
new-model
o access-list [ <1-99> | <100-199> ]
o banner [login | motd]
o boot system flash WORD
o cdp run
o class-map [ type inspect ] [ match-all | match-any ] WORD
o clock timezone
o config-register
o crypto
dynamic-map WORD <1-65535> [ ipsec-isakmp ]
ipsec
security-association lifetime seconds <120-86400>
transform-set WORD [ ah-md5-hmac | ah-sha-hmac ]
esp-3des [ esp-md5-hmac | esp-sha-hmac ]
esp-aes [ 128 | 192 | 256 ] [ esp-md5-hmac | esp-sha-hmac ]
esp-des [ esp-md5-hmac | esp-sha-hmac ]
esp-md5-hmac
esp-sha-hmac
isakmp
client configuration group WORD
key WORD address A.B.C.D [ A.B.C.D ]
policy <1-10000>
map WORD
<1-65535> [ ipsec-isakmp ] [dynamic WORD ]
client [ authentication list WORD | configuration address respond ]
isakmp authorization list WORD
o enable
password
7 WORD
level <1-15>
secret
level <1-15>
o hostname
o interface
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
Vlan <1-1005>
o ip
access-list
extended [ <100-199> | WORD ]
standard [ <1-99> | WORD ]
default-network A.B.C.D
dhcp
excluded-address A.B.C.D [ A.B.C.D ]
pool WORD
domain-lookup
domain-name
host WORD [ A.B.C.D ] [ A.B.C.D ] [ A.B.C.D ]
inspect
alert-off
audit-trail
dns-timeout <1-2147483>
max-incomplete [ high | low ] <1-2147483647>
name WORD [ protocol ]
alert [ off | on ]
audit-trail [ off | on ]
timeout <5-43200>
one-minute [ high | low ] <1-2147483647>
tcp [ finwait-time | idle-time | synwait-time ] <1-2147483>
udp idle-time <1-2147483>
ips
config location [ WORD [ retries <1-5>] ]
fail closed
name WORD [ list [ <1-199> | WORD ] ]
notify log
signature-category
local pool WORD A.B.C.D A.B.C.D
name-server
nat
inside source
list [ <1-199> | WORD ]
static
A.B.C.D A.B.C.D
tcp A.B.C.D <1-65535> A.B.C.D <1-65535>
udp A.B.C.D <1-65535> A.B.C.D <1-65535>
outside source
list [ <1-199> | WORD ] pool WORD
static
A.B.C.D A.B.C.D
tcp A.B.C.D <1-65535> A.B.C.D <1-65535>
udp A.B.C.D <1-65535> A.B.C.D <1-65535>
pool WORD
route A.B.C.D A.B.C.D
<1-255>
A.B.C.D [ <1-255> ]
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ <1-255> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ <1-255> ]
GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ <1-255> ]
Loopback <0-2147483647> [ <1-255> ]
Serial <0-9>/<0-24> [ <1-255> ]
Vlan <1-1005> [ <1-255> ]
ssh version
o ipv6
dhcp pool WORD
general-prefix prefix-name
ipv6-prefix/prefix-length
access-list WORD
nat
prefix X:X:X:X::X/<0-128>
v4v6
pool WORD X:X:X:X::X X:X:X:X::X
source A.B.C.D X:X:X:X::X
source list WORD [pool] WORD
v6v4
pool WORD A.B.C.D A.B.C.D
source X:X:X:X::X A.B.C.D
source list WORD [pool WORD | interface] [overload]
neighbor X:X:X:X::X
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
Vlan <1-1005>
route X:X:X:X::X/<0-128>
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ <1-254> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ <1-254> ]
GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ <1-254> ]
Loopback <0-2147483647> [ <1-254> ]
Serial <0-9>/<0-24> [ <1-254> ]
Vlan <1-1005> [ <1-254> ]
X:X:X:X::X [ <1-254> ]
router
eigrp <1-65535>
ospf <1-65535>
rip WORD
unicast-routing
host WORD
o logging
A.B.C.D
buffered
console
host A.B.C.D
on
trap [ debugging ]
userinfo
o mac-address-table static H.H.H int
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] vlan <1-1005>
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] vlan <1-1005>
GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] vlan <1-1005>
o ntp
authenticate
authentication-key <1-4294967295>
server A.B.C.D
trusted-key <1-4294967295>
update-calendar
o parser view WORD
o policy-map [ type inspect ] WORD
o priority-list <1-16>
default
protocol
ip [ high | low | medium | normal ] [ list <1-199> | tcp <0-65535> | udp <0-65535> ]
ipv6 [ high | low | medium | normal ]
queue-limit
o privilege [ configure | exec | interface | line | router ] [ all ] [ level <0-15> ] LINE
o queue-list <1-16>
default
protocol
ip <0-16>
list [ <1-199> | <1300-2699> ]
tcp <0-65535>
udp <0-65535>
ipv6 <0-16>
queue <0-16>
byte-count <1-16777215> [ limit <0-32767> ]
limit <0-32767> [ byte-count <1-16777215> ]
o router
eigrp <1-65535>
ospf <1-65535>
rip
o service
nagle
password-encryption
timestamps [ debug | log ] datetime msec
o snmp-server [ community WORD [ ro | rw ] ]
o spanning-tree vlan <1-1005> priority
o tacacs-server
host A.B.C.D
key LINE
single-connection key LINE
key LINE
o username WORD
o zone security WORD
o zone-pair security WORD source [ WORD | self ] destination [ WORD | self ]
ntp
o authenticate
o authentication-key <1-4294967295> md5 WORD [ <0-4294967295> ]
o server A.B.C.D [ key <0-4294967295> ]
o trusted-key <1-4294967295>
o update-calendar
parser view WORD
policy-map [ type inspect ] WORD
priority-list <1-16>
o default [ high | low | medium | normal ]
o protocol
ip [ high | low | medium | normal ] [ list <1-199> | tcp <0-65535> | udp <0-65535> ]
ipv6 [ high | low | medium | normal ]
o queue-limit <0-32767> <0-32767> <0-32767> <0-32767>
privilege [ configure | exec | interface | line | router ] [ all ] [ level <0-15> | reset ] LINE
queue-list <1-16>
o default <0-16>
o protocol
ip <0-16>
list [ <1-199> | <1300-2699> ]
tcp <0-65535>
udp <0-65535>
ipv6 <0-16>
o queue <0-16>
byte-count <1-16777215> [ limit <0-32767> ]
limit <0-32767> [ byte-count <1-16777215> ]
router
o eigrp <1-65535>
o ospf <1-65535>
o rip
service
o nagle
o password-encryption
o timestamps [ debug | log ] datetime msec
snmp-server community WORD [ ro | rw ]
spanning-tree vlan <1-1005> priority <0-61440>
tacacs-server
o host A.B.C.D
key LINE
single-connection key LINE
o key LINE
username WORD [ privilege <0-15> ]
o password
0 LINE
7 WORD
LINE
o secret
0 LINE
5 WORD
LINE
zone security WORD
zone-pair security WORD source [ WORD | self ] destination [ WORD | self ] Standard Access List Configuration Mode
default
o deny
A.B.C.D [ A.B.C.D ]
any
host A.B.C.D
o permit
A.B.C.D [ A.B.C.D ]
any
host A.B.C.D
deny
o A.B.C.D [ A.B.C.D ]
o any
o host A.B.C.D
exit
no
o deny
A.B.C.D [ A.B.C.D ]
any
host A.B.C.D
o permit
A.B.C.D [ A.B.C.D ]
any
host A.B.C.D
permit
o A.B.C.D [ A.B.C.D ]
o any
o host A.B.C.D
remark LINE Extended Access List Configuration Mode
default
o [ deny | permit ] [ icmp | ip ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ]
o [ deny | permit ] [ tcp | udp ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | eq <0-65535> | host A.B.C.D | gt <0-65535> | lt <0-65535> | neq <0-65535> | range <0-65535> <0-65535> ] [ eq <0-65535> | gt <0-65535> | lt <0-65535> | neq <0-65535> | range <0-65535> <0-65535> ]
deny
o [ icmp | ip ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ]
o [ tcp | udp ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | eq <0-65535> | host A.B.C.D | gt <0-65535> | lt <0-65535> | neq <0-65535> | range <0-65535> <0-65535> ] [ eq <0-65535> | gt <0-65535> | lt <0-65535> | neq <0-65535> | range <0-65535> <0-65535> ]
exit
no
o [ deny | permit ] [ icmp | ip ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ]
o [ deny | permit ] [ tcp | udp ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | eq <0-65535> | host A.B.C.D | gt <0-65535> | lt <0-65535> | neq <0-65535> | range <0-65535> <0-65535> ] [ eq <0-65535> | gt <0-65535> | lt <0-65535> | neq <0-65535> | range <0-65535> <0-65535> ]
permit
o [ icmp | ip ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ]
o [ tcp | udp ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | eq <0-65535> | host A.B.C.D | gt <0-65535> | lt <0-65535> | neq <0-65535> | range <0-65535> <0-65535> ] [ eq <0-65535> | gt <0-65535> | lt <0-65535> | neq <0-65535> | range <0-65535> <0-65535> ]
remark LINE Ethernet / FastEthernet / GigabitEthernet Interface Mode
arp timeout <0-2147483>
bandwidth <1-10000000>
cdp enable
crypto map WORD
custom-queue-list <1-16>
delay <1-16777215>
description LINE
duplex [ auto | full | half ]
exit
fair-queue [ <16-4096> ] [ <16-4096> ] [ <0-1000> ]
hold-queue <0-4096> out
ip
o access-group [ <1-199> | WORD ] [ in | out ]
o address
A.B.C.D A.B.C.D
dhcp
o hello-interval eigrp <1-65535> <1-65535>
o inspect WORD [ in | out ]
o ips WORD [ in | out ]
o mtu <68-1500>
o nat [ inside | outside ]
o ospf
authentication [ message-digest | null ]
authentication-key LINE
cost <1-65535>
dead-interval <1-65535>
hello-interval <1-65535>
message-digest-key <1-255> md5 LINE
priority <0-255>
o split-horizon
o summary-address eigrp <1-65535> A.B.C.D A.B.C.D [ <1-255> ]
o virtual-reassembly
ipv6
o address
autoconfig
ipv6-prefix/prefix length
anycast
eui-64
ipv6-address
linklocal
prefix-name ipv6-prefix/prefix-length
o enable
o rip WORD
default-information originate
enable
o eigrp <1-65535>
o summary-address eigrp <1-65535> X:X:X:X::X/<0-128> [ <1-255> ]
o hello-interval eigrp <1-65535> <1-65535>
o ospf
<1-65535> area area-id [instance instance-id]
cost <1-65535>
dead-interval <1-65535>
hello-interval <1-65535>
priority <0-255>
o dhcp
client pd WORD
server WORD
o nat
prefix X:X:X:X::X/<0-128> [v4-mapped] [WORD]
o mtu <1280-1500>
mac-address H.H.H
mtu <64-1600>
no
o arp timeout
o bandwidth
o cdp enable
o crypto map [ WORD ]
o custom-queue-list <1-16>
o delay
o description
o duplex
o fair-queue [ <16-4096> ] [ <16-4096> ] [ <0-1000> ]
o hold-queue [ <0-4096> ] out
o ip
access-group [ <1-199> | WORD ] [ in | out ]
address [ dhcp ]
hello-interval eigrp <1-65535>
inspect WORD [ in | out ]
ips WORD [ in | out ]
mtu <68-1500>
nat [ inside | outside ]
ospf
authentication
authentication-key
cost
dead-interval
hello-interval
message-digest-key <1-255>
priority
split-horizon
summary-address eigrp <1-65535> A.B.C.D A.B.C.D [ <1-255> ]
virtual-reassembly
o ipv6
address
autoconfig
ipv6-prefix/prefix length
anycast
eui-64
ipv6-address
linklocal
prefix-name ipv6-prefix/prefix-length
dhcp
client pd WORD
server WORD
eigrp <1-65535>
ospf
<1-65535> area area-id [instance instance-id]
cost <1-65535>
dead-interval <1-65535>
hello-interval <1-65535>
priority <0-255>
summary-address eigrp <1-65535> X:X:X:X::X/<0-128> [ <1-255> ]
hello-interval eigrp <1-65535> <1-65535>
nat
rip WORD
default-information originate
enable
o mac-address
o mtu
o priority-group
o service-policy [ input | output ] WORD
o shutdown
o speed
o tx-ring-limit
o zone-member security WORD
priority-group <1-16>
service-policy [ input | output ] WORD
shutdown
speed [ 10 | 100 | 1000 | auto ] (10/100 options are only available for FastEthernet and GigabitEthernet interfaces and 10/100/1000 options are only available for GigabitEthernet interfaces respectively)
tx-ring-limit <1-32767>
zone-member security WORD Ethernet / FastEthernet / GigabitEthernet Sub-Interface Mode
arp timeout <0-2147483>
bandwidth <1-10000000>
delay <1-16777215>
description LINE
encapsulation dot1Q <1-1005> [ native ]
exit
ip
o access-group [ <1-199> | WORD ] [ in | out ]
o address
A.B.C.D A.B.C.D
dhcp
o hello-interval eigrp <1-65535> <1-65535>
o nat [ inside | outside ]
o ospf
authentication [ message-digest | null ]
authentication-key LINE
cost <1-65535>
dead-interval <1-65535>
hello-interval <1-65535>
message-digest-key <1-255> md5 LINE
priority <0-255>
o split-horizon
o summary-address eigrp <1-65535> A.B.C.D A.B.C.D [ <1-255> ]
no
o arp timeout
o bandwidth
o delay
o description
o encapsulation dot1Q
o ip
access-group [ <1-199> | WORD ] [ in | out ]
address [ dhcp ]
hello-interval eigrp <1-65535>
nat [ inside | outside ]
ospf
authentication
authentication-key
cost
dead-interval
hello-interval
message-digest-key <1-255>
priority
split-horizon
summary-address eigrp <1-65535> A.B.C.D A.B.C.D [ <1-255> ]
o shutdown
shutdown Serial Interface Mode
bandwidth <1-10000000>
cdp enable
clock rate <1200-4000000> (only certain clock rates that are listed are valid)
crypto map WORD
custom-queue-list <1-16>
delay <1-16777215>
description LINE
encapsulation
o hdlc
o ppp
o frame-relay [ ietf ]
exit
fair-queue [ <16-4096> ] [ <16-4096> ] [ <0-1000> ]
frame-relay
o interface-dlci <16-1007>
o lmi-type [ ansi | cisco | q933a ]
o map ip A.B.C.D <16-1007>
broadcast [ cisco | ietf ]
cisco [ broadcast ]
ietf [ broadcast ]
hold-queue <0-4096> out
ip
o access-group [ <1-199> | WORD ] [ in | out ]
o address A.B.C.D A.B.C.D
o hello-interval eigrp <1-65535> <1-65535>
o inspect WORD [ in | out ]
o ips WORD [ in | out ]
o mtu <68-1500>
o nat [ inside | outside ]
o ospf
authentication [ message-digest | null ]
authentication-key LINE
cost <1-65535>
dead-interval <1-65535>
hello-interval <1-65535>
message-digest-key <1-255> md5 LINE
priority <0-255>
o split-horizon
o summary-address eigrp <1-65535> A.B.C.D A.B.C.D [ <1-255> ]
o virtual-reassembly
keepalive <0-30>
mtu <64-17940>
no
o bandwidth <1-10000000>
o cdp enable
o clock rate
o crypto map [ WORD ]
o custom-queue-list <1-16>
o delay
o description
o encapsulation
o fair-queue [ <16-4096> ] [ <16-4096> ] [ <0-1000> ]
o frame-relay
interface-dlci <16-1007>
lmi-type [ ansi | cisco | q933a ]
map ip A.B.C.D
o hold-queue [ <0-4096> ] out
o ip
access-group [ <1-199> | WORD ] [ in | out ]
address [ dhcp ]
hello-interval eigrp <1-65535>
inspect WORD [ in | out ]
ips WORD [ in | out ]
mtu <68-1500>
nat [ inside | outside ]
ospf
authentication
authentication-key
cost
dead-interval
hello-interval
message-digest-key <1-255>
priority
split-horizon
summary-address eigrp <1-65535> A.B.C.D A.B.C.D [ <1-255> ]
virtual-reassembly
o keepalive
o mtu
o ppp
authentication
pap sent-username
o priority-group <1-16>
o service-policy [ input | output ] WORD
o shutdown
o speed
o tx-ring-limit
o zone-member security WORD
ppp
o authentication chap [ pap ]
o authentication pap [ chap ]
priority-group <1-16>
service-policy [ input | output ] WORD
shutdown
tx-ring-limit <1-32767>
zone-member security WORD Tunnel Interface Mode
exit
ip address A.B.C.D A.B.C.D
no
o ip address [ A.B.C.D A.B.C.D ]
o shutdown
o tunnel [ destination | source ]
shutdown
tunnel
o destination A.B.C.D
o source
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24> VLAN Interface Mode
arp timeout <0-2147483>
bandwidth <1-10000000>
delay <1-16777215>
description LINE
exit
ip
o access-group [ <1-199> | WORD ] [ in | out ]
o address
A.B.C.D A.B.C.D
dhcp
o hello-interval eigrp <1-65535> <1-65535>
o nat [ inside | outside ]
o ospf
authentication [ message-digest | null ]
authentication-key LINE
cost <1-65535>
dead-interval <1-65535>
hello-interval <1-65535>
message-digest-key <1-255> md5 LINE
priority <0-255>
o split-horizon
o summary-address eigrp <1-65535> A.B.C.D A.B.C.D [ <1-255> ]
mac-address H.H.H
no
o arp timeout
o bandwidth
o delay
o description
o ip
access-group [ <1-199> | WORD ] [ in | out ]
address [ dhcp ]
hello-interval eigrp <1-65535>
nat [ inside | outside ]
ospf
authentication
authentication-key
cost
dead-interval
hello-interval
message-digest-key <1-255>
priority
split-horizon
summary-address eigrp <1-65535> A.B.C.D A.B.C.D [ <1-255> ]
o mac-address
o shutdown
shutdown VLAN Configuration Mode
exit
no
o vlan <1-1005>
o vtp
client
password
transparent
v2-mode
vlan <1-1005> [ name ] [ WORD ]
vtp
o client
o domain WORD
o password WORD
o server
o transparent
o v2-mode
Line Configuration Mode
access-class [ <1-199> | <1300-2699> | WORD ] [ in | out ]
databits [ 5 | 6 | 7 | 8 ]
default [ databits | flowcontrol | history size | parity | speed | stopbits ]
exit
exec-timeout <0-35791> [<0-2147483>]
flowcontrol [ NONE | hardware | software ]
history size <0-256>
ipv6 access-class WORD [in | out]
logging synchronous
login
o authentication [ WORD | default ]
o local
motd-banner
no
o [ access-class [ <1-199> | <1300-2699> | WORD ] [ in | out ] | databits | flowcontrol | history size | login | motd-banner | parity | password | session-limit | speed | stopbits ]
o databits
o exec-timeout
o flowcontrol
o history size
o ipv6 access-class WORD [in | out]
o logging synchronous
o motd-banner
o parity
o password
o privilege level
o session-limit
o speed
o stopbits
o transport output
parity [ even | mark | none | odd | space ]
password
o 7 WORD
o LINE
privilege level <0-15>
session-limit <0-4294967295>
speed <0-4294967295>
stopbits [ 1 | 1.5 | 2 ]
transport output [ all | none | ssh | telnet ] Class-Map Configuration Mode
description LINE
exit
match
o access-group <1-2699>
o any
o class-map WORD
o cos <0-7>
o destination-address mac H.H.H
o input-interface
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
o ip
dscp [ <0-63> | af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7 | default | ef ]
precedence [ <0-7> | critical | flash | flash-override | immediate | internet | network | priority | routine ]
o not
access-group <1-2699>
class-map WORD
cos <0-7>
destination-address mac H.H.H
input-interface
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
ip
dscp [ <0-63> | af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7 | default | ef ]
precedence [ <0-7> | critical | flash | flash-override | immediate | internet | network | priority | routine ]
precedence [ <0-7> | critical | flash | flash-override | immediate | internet | network | priority | routine ]
protocol [ arp | cdp | dhcp | dns | eigrp | ftp | http | icmp | ip | ipsec | ipv6 | ospf | rip | ssh | tcp | telnet | tftp ]
qos-group <0-1023>
o precedence [ <0-7> | critical | flash | flash-override | immediate | internet | network | priority | routine ]
o protocol
arp
cdp
dhcp
dns
eigrp
ftp
http [ host WORD | mime WORD | url WORD ]
icmp
ip
ipsec
ipv6
ospf
rip
ssh
tcp
telnet
tftp
o qos-group <0-1023>
no
o description [ LINE ]
o match
access-group <1-2699>
any
class-map WORD
cos <0-7>
destination-address mac H.H.H
input-interface
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
ip
dscp [ <0-63> | af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7 | default | ef ]
precedence [ <0-7> | critical | flash | flash-override | immediate | internet | network | priority | routine ]
not
access-group <1-2699>
class-map WORD
cos <0-7>
destination-address mac H.H.H
input-interface
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
ip
dscp [ <0-63> | af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7 | default | ef ]
precedence [ <0-7> | critical | flash | flash-override | immediate | internet | network | priority | routine ]
precedence [ <0-7> | critical | flash | flash-override | immediate | internet | network | priority | routine ]
protocol
arp
cdp
dhcp
dns
eigrp
ftp
http [ host WORD | mime WORD | url WORD ]
icmp
ip
ipsec
ipv6
ospf
rip
ssh
tcp
telnet
tftp
qos-group <0-1023>
precedence [ <0-7> | critical | flash | flash-override | immediate | internet | network | priority | routine ]
protocol [ arp | cdp | dhcp | dns | eigrp | ftp | http | icmp | ip | ipsec | ipv6 | ospf | rip | ssh | tcp | telnet | tftp ]
qos-group <0-1023> Policy-Map Configuration Mode
class [ type inspect ] [ WORD | class-default ]
exit
no
o class [ type inspect ] [ WORD | class-default ]
Policy-Map Class Configuration Mode
bandwidth [ <8-2000000> | percent <1-100> | remaining percent <1-100> ]
drop
exit
fair-queue [ <16-4096> ]
inspect
no
o bandwidth
o drop
o fair-queue
o inspect
o pass
o priority
o random-detect
dscp [ <0-63> | af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7 | default | ef ]
dscp-based
prec-based
precedence <0-7>
o service-policy WORD
o set
ip
dscp [ <0-63> | af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7 | default | ef ]
precedence [ <0-7> | critical | flash | flash-override | immediate | internet | network | priority | routine ]
o shape average
pass
priority [ <8-2000000> | percent <1-100> ] [ <32-2000000> ]
queue-limit <1-4096>
random-detect
o dscp [ <0-63> | af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7 | default | ef ] <1-4096> <1-4096> [ <1-65535> ]
o dscp-based
o prec-based
o precedence <0-7> <1-4096> <1-4096> [ <1-65535> ]
service-policy WORD
set
o ip
dscp [ <0-63> | af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7 | default | ef ]
o precedence [ <0-7> | critical | flash | flash-override | immediate | internet | network | priority | routine ]
shape average <8000-154400000> Zone Security Configuration Mode
exit Zone-Pair Security Configuration Mode
exit
no
o service-policy type inspect WORD
service-policy type inspect WORD Crypto Map Configuration Mode
description LINE
exit
match address [ <100-199> | WORD ]
no
o match address
o set
peer A.B.C.D
pfs [ group1 | group2 | group5 ]
security-association lifetime seconds
transform-set
set
o peer A.B.C.D
o pfs [ group1 | group2 | group5 ]
o security-association lifetime seconds <120-86400>
o transform-set WORD [ WORD ] [ WORD ] [ WORD ] [ WORD ] [ WORD ]
ISAKMP Configuration Mode
authentication pre-share
encryption [ 3des | aes [ 128 | 192 | 256 ] | des ]
exit
group [ 1 | 2 | 5 ]
hash [ md5 | sha ]
lifetime <60-86400>
no
o authentication pre-share
o encryption [ 3des | aes [ 128 | 192 | 256 ] | des ]
o group [ 1 | 2 | 5 ]
o hash [ md5 | sha ]
o lifetime <60-86400>
IPS Signature Category Configuration Mode
category [ all | ios_ips basic ]
exit
no
o category [ all | ios_ips basic ]
IPS Signature Category Action Configuration Mode
exit
no
o retired [ false | true ]
retired [ false | true ] IPS Signature Definition Configuration Mode
exit
retired <1-65535> [ <0-65535> ] IPS Signature Definition Sig Configuration Mode
engine
exit
status IPS Signature Definition Sig Engine Configuration Mode
event-action [ deny-packet-inline | produce-alert ]
exit
no
o event-action [ deny-packet-inline | produce-alert ]
IPS Signature Definition Sig Status Configuration Mode
enabled [ false | true ]
exit
no
o enabled [ false | true ]
o retired [ false | true ]
retired [ false | true ] Parser View Configuration Mode
commands [ configure | exec | interface | line | router ] include [ all ] LINE
exit
no
o commands [ configure | exec | interface | line | router ] include [ all ] LINE
o secret
secret [ 0 | 5 ] LINE Router EIGRP Mode
auto-summary
exit
metric weights <0-8> <0-256> <0-256> <0-256> <0-256> <0-256>
network A.B.C.D [ A.B.C.D ]
redistribute
o connected [metric <1-4294967295> <0-4294967295> <0-255> <1-255> <1-65535>]
o eigrp <1-65535> [metric <1-4294967295> <0-4294967295> <0-255> <1-255> <1-65535>]
o rip [metric <1-4294967295> <0-4294967295> <0-255> <1-255> <1-65535>]
o static [metric <1-4294967295> <0-4294967295> <0-255> <1-255> <1-
65535>]
o ospf <1-65535> [ match { external [1 | 2] | internal | nssa-external } ] [ metric bandwidth delay reliability effective BW MTU ]
no
o auto-summary
o metric weights
o network A.B.C.D [ A.B.C.D
o redistribute
connected [metric <1-4294967295> <0-4294967295> <0-255> <1-255> <1-65535>]
eigrp <1-65535> [metric <1-4294967295> <0-4294967295> <0-255> <1-255> <1-65535>]
rip [metric <1-4294967295> <0-4294967295> <0-255> <1-255> <1-65535>]
static [metric <1-4294967295> <0-4294967295> <0-255> <1-255> <1-65535>]
ospf <1-65535> [ match { external [1 | 2] | internal | nssa-external } ] [ metric bandwidth delay reliability effective BW MTU ]
o passive-interface
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
default
o variance <1-128>
passive-interface
o Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
o FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
o GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
o Loopback <0-2147483647>
o Serial <0-9>/<0-24>
o default
variance <1-128> IPv6 Router Eigrp Mode
router-id A.B.C.D
metric weights <0-8> <0-255> <0-255> <0-255> <0-255> <0-255>
shutdown
no
o router-id
o metric weights <0-8> <0-255> <0-255> <0-255> <0-255> <0-255>
o shutdown
Router OSPF Mode
area
o [ <0-4294967295> | A.B.C.D ] authentication [ message-digest ]
o [ <0-4294967295> | A.B.C.D ] nssa [no-summary]
o [ <0-4294967295> | A.B.C.D ] virtual-link A.B.C.D
default-information originate
exit
log-adjacency-changes [ detail ]
network A.B.C.D A.B.C.D area [ <0-4294967295> | A.B.C.D ]
redistribute
o connected [metric <0-16777214>] [subnets]
o eigrp <1-65535> [metric <0-16777214>] [subnets]
o ospf <1-65535> [ match { external [1 | 2] | internal | nssa-external } ] [ metric ospf-default-metric ] [subnets]
o rip [metric <0-16777214>] [subnets]
o static [metric <0-16777214>] [subnets]
no
o area
[ <0-4294967295> | A.B.C.D ] authentication [ message-digest ]
[ <0-4294967295> | A.B.C.D ] nssa [no-summary]
[ <0-4294967295> | A.B.C.D ] virtual-link A.B.C.D
o default-information
o log-adjacency-changes [ detail ]
o network A.B.C.D A.B.C.D area [ <0-4294967295> | A.B.C.D ]
o redistribute
connected [metric <0-16777214>] [subnets]
eigrp <1-65535> [metric <0-16777214>] [subnets]
ospf <1-65535> [ match { external [1 | 2] | internal | nssa-external } ] [ metric ospf-default-metric ] [subnets]
rip [metric <0-16777214>] [subnets]
static [metric <0-16777214>] [subnets]
o passive-interface
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
default
passive-interface
o Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
o FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
o GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
o Loopback <0-2147483647>
o Serial <0-9>/<0-24>
o default
IPv6 Router Ospf Mode
router-id A.B.C.D
area area-id
o default-cost <0-16777215>
o nssa [no-summary]
o stub [no-summary]
o virtual-link A.B.C.D
log-adjacency-changes [ detail ]
passive-interface
o Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
o FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
o GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
o Loopback <0-2147483647>
o Serial <0-9>/<0-24>
o default
no
o log-adjacency-changes [ detail ]
o passive-interface
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
default Router RIP Mode
auto-summary
default-information originate
distance <1-255>
exit
network A.B.C.D
redistribute
o connected [metric [<0-16> | transparent]]
o eigrp <1-65535> [metric [<0-16> | transparent]]
o static [metric [<0-16> | transparent]]
o ospf <1-65535> [ match { external [1 | 2] | internal | nssa-external }] [ metric default-metric ]
no
o auto-summary
o default-information
o distance <1-255>
o network A.B.C.D
o redistribute
connected [metric [<0-16> | transparent]]
eigrp <1-65535> [metric [<0-16> | transparent]]
static [metric [<0-16> | transparent]]
ospf <1-65535> [ match { external [1 | 2] | internal | nssa-external }] [ metric default-metric ]
o passive-interface
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
default
o timers basic
o version <1-2>
passive-interface
o Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
o FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
o GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
o Loopback <0-2147483647>
o Serial <0-9>/<0-24>
o default
timers basic <0-4294967295> <1-4294967295> <0-4294967295> <1-4294967295>
version <1-2> IPv6 Router RIP Mode
distance <1-254>
no distance DHCP Pool Configuration Mode
default-router A.B.C.D
dns-server A.B.C.D
exit
network A.B.C.D A.B.C.D
no dns-server IPv6 DHCP Pool Configuration Mode
prefix-delegation
o X:X:X:X::X/<0-128> WORD [lifetime] <60-4294967295>
o pool WORD [lifetime] <60-4294967295>
dns-server X:X:X:X::X
exit
no
o prefix-delegation
X:X:X:X::X/<0-128> WORD [lifetime] <60-4294967295>
pool WORD [lifetime] <60-4294967295> Rommon Mode
boot
confreg config-register-number
dir flash:
help
reset
set
tftpdnld
unset variable
variable=value