0% found this document useful (0 votes)
451 views3 pages

(CCNA) Cisco Commands Cheat Sheet #4 - Boubakr Tech

This document provides a summary of Cisco commands for configuring access control lists (ACLs) and DHCP servers. It outlines how to create standard and extended ACLs using numbers or names, and how to apply ACLs to interfaces. It also describes how to define DHCP pools, assign IP addresses and default gateways, and verify DHCP configuration and address leases.

Uploaded by

PrabhashKumarJha
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
451 views3 pages

(CCNA) Cisco Commands Cheat Sheet #4 - Boubakr Tech

This document provides a summary of Cisco commands for configuring access control lists (ACLs) and DHCP servers. It outlines how to create standard and extended ACLs using numbers or names, and how to apply ACLs to interfaces. It also describes how to define DHCP pools, assign IP addresses and default gateways, and verify DHCP configuration and address leases.

Uploaded by

PrabhashKumarJha
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

4/13/2016

[CCNA]CiscoCommandsCheatSheet#4|BoubakrTech

AccessControlLists:
StandardACL:199and13001999
UsearemarktodescribetheACL(Optional):
1

R1(config)#accesslist1remarkACLTODENYACCESSFROMSALESVLAN
CreatetheACL,keepingthefollowinginmind:
ACLusesfirstmatchlogic.
ThereisanimplicitdenyanyattheendoftheACL.

1
2
3
4
5

R1(config)#accesslist2deny192.168.1.77
R1(config)#accesslist2deny192.168.1.640.0.0.31
R1(config)#accesslist2permit10.1.0.00.0.255.255
R1(config)#accesslist2deny10.0.0.00.255.255.255
R1(config)#accesslist2permitany
EnabletheACLonthechosenrouterinterfaceinthecorrectdirection(inorout):

R1(configif)#ipaccessgroup2out
UsingstandardACLtolimittelnetandSSHaccesstoarouter:

CreatetheACLthatdefinesthepermittedtelnetclients:
1
2

R1(config)#accesslist99remarkALLOWEDTELNETCLIENTS
R1(config)#accesslist99permit192.168.1.1280.0.0.15

ApplytheACLinboundthevtylines
1
2

R1(config)#linevty04
R1(configline)#accessclass99in

ExtendedACL:100199and20002699
ExtendedACLshouldbeplacedascloseaspossibletothesourceofthepacket.
ExtendedACLmatchespacketsbasedonsource&des.IPaddresses,protocol,source&des.Portnumbers
andothercriteriaaswell
1
2
3
4
5
6
7
8
9

R1(config)#accesslist101remarkMY_ACCESS_LIST
R1(config)#accesslist101denyiphost10.1.1.1host10.2.2.2
R1(config)#accesslist101denytcp10.1.1.00.0.0.255anyeq23
R1(config)#accesslist101denyicmp10.1.1.10.0.0.0any
R1(config)#accesslist101denytcphost10.1.1.0host10.0.0.1eq80
R1(config)#accesslist101denyudphost10.1.1.7eq53any
R1(config)#accesslist101permitipanyany
R1(config)#interfacefastEthernet0/0
R1(configif)#ipaccessgroup101in

NamedACL:
NamedACLsusenamestoidentifyACLsratherthannumbers,andcommandsthatpermitordenytrafficare
writteninasubmodecallednamedACLmode(nacl).
https://boubakr92.wordpress.com/2013/09/26/ccnacheatsheetpart4/

1/3

4/13/2016

[CCNA]CiscoCommandsCheatSheet#4|BoubakrTech

NamedACLenablestheeditingoftheACL(deletingorinsertingstatements)bysequencingstatementsofthe
ACL.
NamedstandardACL:
1
2
3
4
5
6

R1(config)#ipaccessliststandardMY_STANDARD_ACL
R1(configstdnacl)#permit10.1.1.00.0.0.255
R1(configstdnacl)#deny10.2.2.2
R1(configstdnacl)#permitany
R1(config)#interfacefastEthernet0/1
R1(configif)#ipaccessgroupMY_STANDARD_ACLout
NamedextendedACL:

1
2
3
4
5
6

R1(config)#ipaccesslistextendedMY_EXTENDED_ACL
R1(configextnacl)#denyicmp10.1.1.10.0.0.0any
R1(configextnacl)#denytcphost10.1.1.0host10.0.0.1eq80
R1(configextnacl)#permitipanyany
R1(config)#interfacefastEthernet0/1
R1(configif)#ipaccessgroupMY_EXTENDED_ACLin
EditingACLusingsequencenumbers:

1
2
3
4

R1(config)#ipaccesslistextendedMY_EXTENDED_ACL
R1(configextnacl)#no20!Deletesthestatementofsequencenumber20
R1(config)#ipaccessliststandard99
R1(configstdnacl)#5deny1.1.1.1!insertsastatementwithsequence5

VerifyingACLs:
ShowsallACLsconfiguredonarouterwithcountersattheendofeachstatement:
1
2
3

R1#showaccesslists
!OR
R1#showipaccesslist
ShowsonlythespecifiedACL:

R1#showipaccesslist101
IncludesareferencetotheACLsenabledonthatinterfaceeitherinorout:

R1#showipinterfacef0/0

DHCPServer
DefineaDHCPpoolandgiveitaname:
1

R1(config)#ipdhcppoolMY_POOL
Definenetworkandmasktouseinthispoolandthedefaultgateway:

1
2

R1(dhcpconfig)#network192.168.1.0255.255.255.0
R1(dhcpconfig)#defaultrouter192.168.1.1
DefineoneormoreDNSserver(OPTIONAL):

R1(dhcpconfig)#dnsserver213.131.65.208.8.8.8

https://boubakr92.wordpress.com/2013/09/26/ccnacheatsheetpart4/

2/3

4/13/2016

[CCNA]CiscoCommandsCheatSheet#4|BoubakrTech

Confinetheleasetime(OPTIONAL):
1

R1(dhcpconfig)lease2!Days
Defineoneormorescopesofexcluded(reserved)addresses(OPTIONAL):

1
2

R1(config)#ipdhcpexcludedaddress192.168.1.1192.168.1.100
R1(config)#ipdhcpexcludedaddress192.168.1.200192.168.1.254

DHCPVerificationandTroubleshooting:
Showsthestatusofthespecifiedpoolandtheleasedaddressesfromthatpool:
1

R1#showipdhcppoolPOOL_1
ShowsalltheleasedipaddressesfromallconfiguredDHCPpools:

R1#showipdhcpbinding
Showsanyconflictsthatoccurred:

R1#showipdhcpconflict

Enjoy!

https://boubakr92.wordpress.com/2013/09/26/ccnacheatsheetpart4/

3/3

You might also like