Scribd
Upload
939 views17 pages

CCNA R&S - Cisco Commands List. Portable Command Guide

This document provides a list of important CCNA commands that can be used for both CCNA exams and in real world networking jobs. It includes commands for router modes, changing the switch hostname, configuring passwords, securing the console and terminal lines, giving the switch an IP address, setting the default gateway, saving configurations, and more. The list of commands is intended to help network engineers familiarize themselves with network configuration and know which commands to use in different situations.

Uploaded by

Jose Angel Romero Rodriguez
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
939 views17 pages

CCNA R&S - Cisco Commands List. Portable Command Guide

This document provides a list of important CCNA commands that can be used for both CCNA exams and in real world networking jobs. It includes commands for router modes, changing the switch hostname, configuring passwords, securing the console and terminal lines, giving the switch an IP address, setting the default gateway, saving configurations, and more. The list of commands is intended to help network engineers familiarize themselves with network configuration and know which commands to use in different situations.

Uploaded by

Jose Angel Romero Rodriguez
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 17

CCNA R&S: Cisco Commands List.

Portable command guide


This guide consists of a list of important CCNA commands that you may need to use both in CCNA exams
and in real world. When you start preparing for CCNA exam, you start developing concepts on various
networking topics, but in the real world when you will work as a network engineer or in any other relevant
position, you will need to know when and how to apply your CCNA knowledge. This posts aims to equip
you with all the necessary commands with in-depth illustrations to make your familiarize with network
configuration environment so that you know exactly which command to use in a particular situation.

This guide has included all the CCNA commands that an exam candidate may need to solve CCNA
simulation lab, and to solve switching and routing problems in real networks.

Router Modes:
 Router>: User mode = Limited to basic monitoring commands
 Router#: Privileged mode (exec-level mode) = Provides access to all other router commands
 Router(config)#: global configuration mode = Commands that affect the entire system
 Router(config-if)#: interface mode = Commands that affect interfaces
 Router(config-subif)#: subinterface mode = Commands that affect subinterfaces
 Router(config-line)#: line mode = Commands that affect in lines modes (console, vty, aux…)
 Router(config-router)#: router configuration mode
Changing switch hostname

Switch(config)#hostname SW1

Configuring passwords

SW1(config)#enable secret cisco MD5 hash.

SW1(config)#enable password notcisco Clear text.

Securing console port

SW1(config)#line con 0
SW1(config-line)#password cisco
SW1(config-line)#login

Securing terminal lines

SW1(config)#line vty 0 4
SW1(config-line)#password cisco
SW1(config-line)#login

Encrypting passwords

SW1(config)#service password-encryption

Configuring banners

SW1(config)#banner motd $
=================================
UNAUTHORIZED ACCESS IS PROHIBITED
=================================
$
Giving the switch an IP address

SW1(config)#interface vlan 1
SW1(config-if)#ip address 172.16.1.1 255.255.255.0 (or dhcp)
SW1(config-if)#no shutdown

Setting the default gateway

SW1(config)#ip default-gateway 172.16.1.1

Saving configuration

SW1#copy running-config startup-config


Destination filename [startup-config]?
Building configuration… Press enter to confirm file
[OK] name.

SW1#wr
Building configuration…
[OK] Short for write memory.

Working environment
(name lookup, history, exec-timeout and logging behavior)

SW1(config)#no ip domain-lookup
SW1(config)#line vty 0 4
SW1(config-line)#history size 15
SW1(config-line)# exec-timeout 10 30
SW1(config-line)#logging synchronous Also valid for line con 0

Configuring switch to use SSH

 Configure DNS domain name:


SW1(config)#ip domain-name example.com

 Configure a username and password:


SW1(config)#username admin password cisco
 Generate encryption keys:
SW1(config)#crypto key generate rsa
How many bits in the modulus [512]: 1024
 Define SSH version to use:
SW1(config)#ip ssh version 2

 Enable vty lines to use SSH: The size of the key modulus in
SW1(config)#line vty 0 4 the range of 360 to 2048.
SW1(config-line)#login local You can set vty lines to use
SW1(config-line)#transport input telnet ssh only telnet or only ssh or both
as in the example.

Aliases

SW1(config)#alias exec c configure terminal


SW1(config)#alias exec s show ip interface brief Used to create shortcuts for
SW1(config)#alias exec sr show running-config long commands.
Description, speed and duplex

SW1(config)#interface fastEthernet 0/1


SW1(config-if)#description LINK TO INTERNET ROUTER
SW1(config-if)#speed 100 (options: 10, 100, auto)
SW1(config)#interface range fastEthernet 0/5 – 10 The range keyword used to set
SW1(config-if-range)#duplex full (options: half, full, auto) a group of interfaces at once.

Verify Basic Configuration

Shows information about the


switch and its interfaces, RAM,
SW1#show version NVRAM, flash, IOS, etc.

Shows the current


configuration file stored in
SW1#show running-config DRAM.

Shows the configuration file


stored in NVRAM which is
SW1#show startup-config used at first boot process

Lists the commands currently


SW1#show history held in the history buffer.

Shows an overview of all


interfaces, their physical status,
protocol status and ip address if
SW1#show ip interface brief assigned.

Shows detailed information


about the specified interface,
its status, protocol, duplex,
speed, encapsulation, last 5
SW1#show interface vlan 1 min traffic.

Shows the description of all


SW1#show interfaces description interfaces

Shows the status of all


interfaces like connected or
not, speed, duplex, trunk or
SW1#show interfaces status access vlan.

Shows the public encryption


SW1#show crypto key mypubkey rsa key used for SSH.

Shows information about the


leased IP address (when an
interface is configured to get IP
SW1#show dhcp lease address via a dhcp server)
Configuring port security

 Make the switch interface as access port:


SW1(config-if)#switchport mode access

 Enable port security on the interface:


SW1(config-if)#switchport port-security

 Specify the maximum number of allowed MAC addresses:


SW1(config-if)#switchport port-security maximum 1

 Define the action to take when violation occurs:


SW1(config-if)#switchport port-security violation shutdown (options: The sticky keyword is used to
shutdown, protect, restrict) let the interface dynamically
 Specify the allowed MAC addresses: learns and configures the MAC
SW1(config-if)#switchport port-security mac- addresses of the currently
address 68b5.9965.1195 (options: H.H.H, sticky) connected hosts.

Verify and troubleshoot port security

Shows the entries of the mac


SW1#show mac-address-table address table

overview of port security of all


SW1#show port-security interfaces

Shows detailed information


about port security on the
SW1#show port-security interface fa0/5 specified interface

Configuring VLANs

 Create a new VLAN and give it a name:


SW1(config)#vlan 10
SW1(config-vlan)#name SALES
 Assign an access interface to access a specific VLAN:
SW1(config)#interface fastEthernet 0/5
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 10

Configuring an auxiliary VLAN for cisco IP phones

SW1(config)#interface fastEthernet 0/5


SW1(config-if)#switchport access vlan 10 accessing vlan 10 (data) and 12
SW1(config-if)#switchport voice vlan 12 (VoIP)

Configuring Trunks

SW1(config)#interface fastEthernet 0/1


SW1(config-if)#switchport mode trunk
(options: access, trunk, dynamic auto, dynamic desirable)
SW1(config-if)#switchport trunk allowed vlan add 10 (options: add, remove,
all, except)
Securing VLANS and Trunking

 Administratively disable unused interfaces:


SW1(config-if)#shutdown

 Prevent trunking by disabling auto negotiation on the interface:


SW1(config-if)#nonegotiate (or hardcode the port as an access port)
SW1(config-if)#switchport mode access

 Assign the port to an unused VLAN:


SW1(config-if)#switchport access vlan 222

Configuring VTP

 Configure VTP mode:


SW1(config)#vtp mode server (options: server, client, transparent)
 Configure VTP domain name:
SW1(config)#vtp domain EXAMPLE (case-sensitive)
 Configure VTP password: (optional)
SW1(config)#vtp password cisco (case-sensitive)
 Configure VTP pruning: (optional)
SW1(config)#vtp pruning (only works on VTP servers) The transparent VTP mode is
 Enable VTP version 2: (optional) used when an engineer wants
SW1(config)#vtp version 2 to deactivate VTP on a
 Bring up trunks between the switches particular switch

Verify and troubleshoot VLANS and VTP

Lists information about


administrative setting and
SW1#show interfaces if switchport operation status of interface

Lists all the trunk ports on a


switch including the trunk
SW1#show interfaces trunk allowed VLANS

Lists information about the


SW1#show vlan {brief id| name summary} VLANs

Lists VTP configuration


(mode, domain name, version,
SW1#show vtp status etc) and revisionnumber

SW1#show vtp password Shows the VTP password

STP optimization

 Hard coding the root bridge (changing bridge priority): Priority must be a multiply of
SW1(config)#spanning-tree vlan 1 root primary 4096
SW1(config)#spanning-tree vlan 1 root secondary Portfast and BPDU guard are
SW1(config)#spanning-tree [vlan 1] priority 8192 enabled only on interfaces
connected to end user hosts
 Changing the STP mode:
SW1(config)#spanning-tree mode rapid-pvst (options: mst, pvst, rapid-
pvst)

 Enabling portfast and BPDU guard on an interface:


SW1(config-if)#spanning-tree portfast
SW1(config-if)#spanning-tree bpduguard enable

 Changing port cost:


SW1(config-if)#spanning-tree [vlan 1] cost 25

 Bundling interfaces into an etherchannel:


SW1(config-if)#channel-group 1 mode on (options: auto, desirable, on)

STP verification and troubleshooting

Shows detailed info about STP


SW1#show spanning-tree state

Shows STP info only on a


SW1#show spanning-tree interface fa0/2 specific port

Shows STP info only for a


SW1#show spanning-tree vlan 1 specific VLAN

Shows info about the root


SW1#show spanning-tree [vlanl] root switch

Shows info about the local


SW1#show spanning-tree [vlanl] bridge switch

Show the state of the


SW1#show etherchannel 1 etherchannels

Provides informational
messages about the changes in
SW1#debug spanning-tree events the STP topology

Enabling or disabling CDP

 Enabling CDP globally on a switch:


SW1(config)#cdp run

 Disabling CDP on a given interface:


SW1(config-if)#no cdp enable

Using CDP for network verification and troubleshooting

Shows global information


SW1#show cdp about CDP itself
Shows information about CDP
SW1#show cdp interface fa0/2 on a specific interface

Shows information about the


directly
connected cisco devices
including interfaces names
SW1#show cdp neighbors capabilities

Shows detailed information


about the
neighboring ciscodevices
including device address and
SW1#show cdp neighbors detail version of IOS they run

Same as show cdp neighbor


SW1#show cdp entry * detail

Shows detailed information


SW1#show cdp entry SW2 about the specified entry only

Router Basic configuration

Router(config)#hostname R1
Rl(config)#enable secret cisco
Rl(config)#line con 0
Rl(config-line)#password cisco
Rl(config-line)#login
Rl(config-line)»logging synchronous
Rl(config-line)#exec-timeout 30 0
Rl(config-line)#exit
Rl(config)#line vty 0 4
Rl(config-line)#password cisco
Rl(config-line)#login
Rl(config-line)»logging synchronous
Rl(config-line)#exec-timeout 30 0
Rl(config-line)#exit
Rl(config)#line aux 0
Rl(config-line)#password cisco
Rl(config-line)#login
Rl(config-line)Slogging synchronous
Rl(config-line)#exec-timeout 30 0
Rl(config-line)#exit
Rl(config)#banner motd $
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
UNAUTHORIZED ACCESS IS PROHIBITED This section includes IOS
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- commands that are absolutely
$ identical on both routers and
Rl(config)#alias exec c configure terminal switches, except the part of line
Rl(config)#alias exec s show ip interface brief aux 0 which is configured only
Rl(config)#alias exec sr show running-config on router because switches do
Rl(config)#no ip domain-lookup not have an auxiliary port.
Rl(config)#service password-encryption
Rl(config)#ip domain-name example.com
Rl(config)#username admin password cisco
Rl(config)#crypto key generate rsa
How many bits in the modulus [512]: 1024
Rl(config)#ip ssh version 2
Rl(config)#line vty 0 4
Rl(config-line)#login local
Rl(config-line)#transport input telnet ssh

Configuring router interfaces

Rl(config)#interface fastEthernet 0/0


R1(config-if)#description LINK_T0_L0CAL_LAN_THR0UGH_SW1
Rl(config-if)#ip address 172.16.1.1 255.255.255.0
Rl(config-if)#no shutdown

Rl(config-if)#exit

Rl(config)#interface serial 0/1/0

R1(config-if)#description WAN_C0NNECTI0N_T0_R2 Clock rate is set only on the


Rl(config-if)#ip address 10.1.1.1 255.255.255.252 DCE side, typically the ISP
Rl(config-if)#clock rate 128000 side. On your router which is
Rl(config-if)#no shutdown DTE you don’t need to set
clocking.

Configuring Router-On-Stick for vlan routing

Rl(config)#interface fastEthernet 0/0


Rl(config-if)#no shutdown

Rl(config)# interface fastEthernet 0/0.10


Rl(config-subif)# encapsulation dotlq 10
Rl(config-subif)#ip address 192.168.10.1 255.255.255.0
Rl(config-subif)# interface fastEthernet 0/0.20
Rl(config-subif)# encapsulation dotlq 20
Rl(config-subif)#ip address 192.168.20.1 255.255.255.0

Static routes

Rl(config)#ip route 10.1.2.0 255.255.255.0 10.1.128.1 Using next hop

Rl(config)#ip route 10.1.2.0 255.255.255.0 Serial 0/0


*Note: Exit interface can be used in point-to-point serial links. Using exit interface

Default Route

Rl(config)#ip route 0.0.0.0 0.0.0.0 199.1.1.1

RIPv2 Configuration

Rl(config)#router rip
Rl(config-router)#version 2
Rl(config-router)#network 10.0.0.0 (written as an original class A)

Rl(config-router)#no autosummary

Rl(config-router)#passive-interface serial 0/0

RIPv2 Verification

Shows information about the


running routing protocol
Rl#show ip protocols process

Rl#show ip route Shows the entire routing table

Shows routes learned via RIP


Rl#show ip route rip</td> only

Shows detailed information


about the route to the specified
Rl#show ip route 10.1.1.1 destination network

OSPF Configuration

 Enter OSPF router configuration mode:


Rl(config)#router ospf 10 (process ID)
 Configure one or more network commands to identify which
interfaces will run OSPF:
Rl(config-router)#network 10.0.0.0 0.255.255.255 area 0
Rl(config-router)#network 172.16.8.0 0.0.7.255 area 0
Rl(config-router)#network 192.168.1.254 0.0.0.0 area 1

 Configure router ID either by: (Optional)


Using router-id ospf subcommand:
Rl(config-router)#router-id 1.1.1.1
Configuring an IP address on a loopback interface:
Rl(config)#interface loopback 0
Rl(config-if)#ip address 1.1.1.1 255.255.255.255

 Change Hello and Dead intervals per interface: (Optional)


Rl(config-if)#ip ospf hello-interval 2
Rl(config-if)#ip ospf dead-interval 6

 Impact routing choices by tuning interface cost using one of the


following ways: (Optional)
– Changing interface cost:
Rl(config-if)#ip ospf cost 55
– Changing interface bandwidth:
Rl(config-if)#bandwidth 128 (Kbps)
– Changing the reference bandwidth that used by OSPF to calculate the
cost:
Rl(config-router)#auto-cost reference-bandwidth 1000 (Mbps)
 Disabling OSPF on a certain interface: (Optional)
Rl(config-router)#passive-interface serial 0/0

 Configuring OSPF authentication: (Optional)


Type 0 authentication (none):
Rl(config-if)#ip ospf authentication null
Type 1 authentication (clear text):
Rl(config-if)#ip ospf authentication Rl(config-if)#ip ospf authentication-
key cisco o Type 2 authentication (md5):
Rl(config-if)#ip ospf authentication message-digest
Rl(config-if)#ip ospf message-digest-key 1 mdS cisco

 Configure maximum equal-cost paths: (Optional)


Rl(config-router)#maximum paths 6

OSPF verification

Shows information about the


running routing protocol
Rl#show ip protocols process

Rl#show ip route Shows the entire routing table

Shows routes learned via OSPF


Rl#show ip route ospf only

Shows all neighboring routers


along with their respective
Rl#show ip ospf neighbors adjacency state

Shows all the information


Rl#show ip ospf database contained in the LSDB

Shows detailed information


about OSPF running on a
Rl#show ip ospf interfaces serial 0/0 specific interface

EIGRP Configuration

 Enter EIGRP configuration mode and define AS number:


Rl(config)#router eigrp 121 (AS number)

 Configure one or more network commands to enable EIGRP on the


specified interfaces:
Rl(config-router)#network 10.0.0.0
Rl(config-router)#network 172.16.0.0 0.0.3.255
Rl(config-router)#network 192.168.1.1 0.0.0.0
Rl(config-router)#network 0.0.0.0 255.255.255.255

 Disable auto summarization: (Optional)


Rl(config-router)#no autosummary
 Disable EIGRP on a specific interface: (Optional)
Rl(config-router)#passive-interface serial 0/0

 Configure load balancing parameters: (Optional)


Rl(config-router)#maximum-paths 6
Rl(config-router)#variance 4

 Change interface Hello and Hold timers: (Optional)


Rl(config-if)#ip hello-interval eigrp 121 3
Rl(config-if)#ip hold-time eigrp 121 10

 Impacting metric calculations by tuning BW and delay of the


interface: (Optional)
Rl(config-if)#bandwidth 265 (kbps)
Rl(config-if)#delay 120 (tens of microseconds)

EIGRP Authentication

 Create an authentication key chain as follows:


Create a key chain and give it a name:
Rl(config)#key chain MY_KEYS
– Create one or more keys giving them numbers:
Rl(config-keychain)#key 1
– Define the key value:
Rl(config-keychain-key)#key-string 1stKEY
– Define the life time of the keys (optional): The key-string value and the
Rl(config-keychain-key)#send-lifetime [start time] [end time] mode must be the same on both
Rl(config-keychain-key)#accept-lifetime [start time] [end time] routers. Lifetime options of the
 Enable md5 authentication mode for EIGRP on the interface: keys requires the clock of the
Rl(config-if)#ip authentication mode eigrp 121 md5 routers to be set correctly,
 Refer to the correct key chain to be used on the interface: better use NTP, or it can cause
Rl(config-if)#ip authentication key-chain eigrp 121 MY_KEYS problems

EIGRP Verification

Shows routes learned via


Rl#show ip route eigrp EIGRP only

Shows EIGRP neighbors and


Rl#show ip eigrp neighbors status

Shows EIGRP topology table,


including successor and
Rl#show ip eigrp topology feasible successor

Shows interfaces that run


Rl#show ip eigrp interfaces EIGRP

Lists statistics on numbers of


EIGRP messages sent and
Rl#show ip eigrp traffic received by the router
Access Control Lists (ACLs)

Standard ACL

 Plane the location (router and interface) and direction (in or out) on
that interface:
– Standard ACL should be placed as close as possible to the destination
of the packet.
– Identify the source IP addresses of packets as they go in the direction
that the ACL is examining.

 Use a remark to describe the ACL: (Optional):


Rl(config)#access-list 1 remark ACL TO DENY ACCESS FROM
SALES VLAN

 Create the ACL, keeping the following in mind:


– ACL uses first-match logic.
– There is an implicit deny any at the end of the ACL.
Rl(config)#access-list 2 deny 192.168.1.77
Rl(config)#access-list 2 deny 192.168.1.64 0.0.0.31
Rl(config)#access-list 2 permit 10.1.0.0 0.0.255.255
Rl(config)#access-list 2 deny 10.0.0.0 0.255.255.255
Rl(config)#access-list 2 permit any
 Enable the ACL on the chosen router interface in the correct
direction (in or out): Standard ACL number ranges:
Rl(config-if)#ip access-group 2 out 1-99 and 1300 – 1999.

 Using standard ACL to limit telnet and SSH access to a router:


Create the ACL that defines the permitted telnet clients:
Rl(config)#access-list 99 remark ALLOWED TELNET CLIENTS
Rl(config)#access-list 99 permit 192.168.1.128 0.0.0.15
– apply the ACL inbound the vty lines
Rl(config)#line vty 0 4
Rl(config-line)#access-class 99 in

Extended ACL

 Note:
– Extended ACL should be placed as close as possible to the source of the
packet.
– Extended ACL matches packets based on source & des. IP addresses,
protocol, source & des. Port numbers and other criteria as well.
Rl(config)#access-list 101 remark MY_ACCESS_LIST
Rl(config)#access-list 101 deny ip host 10.1.1.1 host 10.2.2.2
Rl(config)#access-list 101 deny tcp 10.1.1.0 0.0.0.255 any eq 23
Rl(config)#access-list 101 deny icmp 10.1.1.1 0.0.0.0 any
Rl(config)#access-list 101 deny tcp host 10.1.1.0 host 10.0.0.1 eq 80
Rl(config)#access-list 101 deny udp host 10.1.1.7 eq 53 any
Rl(config)#access-list 101 permit ip any any
Rl(config)#interface fastEthernet 0/0 Extended ACL number ranges:
Rl(config-if)#ip access-group 101 in 100 – 199 and 2000 – 2699.

Named ACL
 Note:
– Named ACLs use names to identify ACLs rather than numbers, and
commands that permit or deny traffic are written in a sub mode called
named ACL mode (nacl).
– Named ACL enables the editing of the ACL (deleting or inserting
statements) by sequencing statements of the ACL.

 Named standard ACL:


Rl(config)#ip access-list standard MY_STANDARD_ACL
Rl(config-std-nacl)#permit 10.1.1.0 0.0.0.255
Rl(config-std-nacl)#deny 10.2.2.2
Rl(config-std-nacl)#permit any
Rl(config)#interface fastEthernet 0/1
Rl(config-if)#ip access-group MY_STANDARD_ACL out

 Named extended ACL:


Rl(config)#ip access-list extended MY_EXTENDED_ACL
Rl(config-ext-nacl)#deny icmp 10.1.1.1 0.0.0.0 any
Rl(config-ext-nacl)#deny tcp host 10.1.1.0 host 10.0.0.1 eq 80
Rl(config-ext-nacl)# permit ip any any
Rl(config)#interface fastEthernet 0/1
Rl(config-if)#ip access-group MY_EXTENDED_ACL in
 Editing ACL using sequence numbers:
Rl(config)#ip access-list extended MY_EXTENDED_ACL You can edit numbered ACLs
Rl(config-ext-nacl)#no 20 (deletes the statement of sequence number 20) using the configuration style of
Rl(config)#ip access-list standard 99 the named ACLs in as shown
Rl(config-std-nacl)#5 deny 1.1.1.1 (inserts a statement with sequence 5) in the last example.

Verifying ACLs

Shows all ACLs configured on


a router with counters at the
Rl#show access-lists end of each statement

Rl#show ip access-list Same as the previous command

Rl#show ip access-list 101 Shows only the specified ACL

Includes a reference to the on


that interface either in ACLs
Rl#show ip interface f0/0 enabled or out.

DHCP Server

 Define a DHCP pool and give it a name:


Rl(config)#ip dhcp pool MY_POOL

 Define network and mask to use in this pool and the default gateway:
R1(dhcp-config)»network 192.168.1.0 255.255.255.0 R1(dhcp-
config)»default-router 192.168.1.1
 Define one or more DNS server (OPTIONAL):
R1(dhcp-config)»dns-server 213.131.65.20 8.8.8.8
 Confine the lease time (OPTIONAL):
Rl(dhcp-config)lease 2 (days)
 Define one or more scopes of excluded (reserved) addresses
(OPTIONAL):
Rl(config)#ip dhcp excluded-address 192.168.1.1 192.168.1.100
Rl(config)#ip dhcp excluded-address 192.168.1.200 192.168.1.254

DHCP Verification and Troubleshooting

shows the status of the


specified pool and the leased
Rl»show ip dhcp pool POOL_1 addresses from that pool

Shows all the leased ip


addresses from all configured
Rl»show ip dhcp binding DHCP pools

Shows any conflicts that


Rl»show ip dhcp conflict occurred

PPP Configuration

Rl(config)#interface serial 0/0


Rl(config-if)#encapsulation ppp

PPP Authentication

CHAP

 Configure the hostname:


Rl(config)#hostname ALPHA
 Configure the name of the other end router and the shared
password:
ALPHA(config)#username BETA password XYZ
 Enable CHAP authentication on the interface:
ALPHA(config)#interface serial 0/0 ALPHA(config-if)#ppp The password used is shared
authentication chap password, that means it must
be the same on both routers

PAP

 Configure the hostname:


Rl(config)#hostname ALPHA
 Configure the name of the other end router and the shared
password:
ALPHA(config)#username BETA password XYZ
 Enable PAP authentication on the interface and define the username
and password to be sent by PAP:
ALPHA(config)#interface serial 0/0
ALPHA(config-if)#ppp authentication pap
ALPHA(config-if)#ppp pap sent-username ALPHA password XYZ

PPP Verification and troubleshoot


Shows the encapsulation type
and the
R1#show interface s0/0 control protocols of PPP

Useful for viewing the


configuration of usernames and
passwords used to authenticate
R1#show run ppp

Displays the authentication


R1#debug ppp authentication process of ppp in real time

Frame Relay

Multipoint (one subnet)

 Give the interface an ip address and enable Frame Relay


encapsulation:
Rl(config)#interface serial 0/0
Rl(config-if)#ip address 1.1.1.1 255.255.255.0
Rl(config-if)#encapsulation frame-relay (ietf)
 Configure LMI signaling type: (Optional as discussed with ISP)
Rl(config-if)#frame-relay lmi-type ansi
(options: ansi, cisco, q933a)
 Configure Frame Relay mapping:
Rl(config-if)#frame-relay map ip 1.1.1.2 102 broadcast (ietf)
Rl(config-if)#frame-relay map ip 1.1.1.3 103 broadcast

R2(config)#interface serial 0/0


R2(config-if)#ip address 1.1.1.2 255.255.255.0
R2(config-if)#encapsulation frame-relay
R2(config-if )#frame-relay map ip 1.1.1.1 201 broadcast
R2(config-if)#frame-relay map ip 1.1.1.3 201 broadcast

R3(config)#interface serial 0/0


R3(config-if)#ip address 1.1.1.3 255.255.255.0
R3(config-if)#encapsulation frame-relay
R3(config-if)#frame-relay map ip 1.1.1.1 301 broadcast
R3(config-if)#frame-relay map ip 1.1.1.2 301 broadcast
Point-to-point (different subnets; one subnet per subinterface)

 Enable Frame Relay encapsulation:


Rl(config)#interface serial 0/0 Rl(config-if)#encapsulation frame-relay

 Give an ip address to a subinterface and configure its DLCI


Rl(config)#interface serial 0/0.102 point-to-point
Rl(config-subif)#ip address 1.1.1.1 255.255.255.0
Rl(config-subif)#frame-relay interface-dlci 102
Rl(config)#interface serial 0/0.103 point-to-point
Rl(config-subif)#ip address 2.2.2.1 255.255.255.0
Rl(config-subif)#frame-relay interface-dlci 103

R2(config)#interface serial 0/0


R2(config-if)#encapsulation frame-relay
R2(config)#interface serial 0/0.201 point-to-point
R2(config-subif)#ip address 1.1.1.2 255.255.255.0
R2(config-subif)#frame-relay interface-dlci 201

R3(config)#interface serial 0/0


R3(config-if)#encapsulation frame-relay
R3(config)#interface serial 0/0.301 point-to-point
R3(config-subif)#ip address 2.2.2.2 255.255.255.0
R3(config-subif)#frame-relay interface-dlci 301

Frame Relay Verification and troubleshoot

Rl#show interfaces serial 0/0 Shows the encapsulation type

Rl#show frame-relay PVC Lists PVC status information

Rl#show frame-relay map Lists DLCI to IP mapping

Rl#show frame-relay lmi Lists LMI status information

Displays the content of LMI


Rl#debug frame-relay lmi messages

Lists messages about certain


Frame Relay events, including
Rl#debug frame-relay events Inverse ARP messaeges

Network Address Translation (NAT)

Static NAT

 Define the outside and inside interfaces:


Rl(config)#interface serial 0/0 Rl(config-if)#ip nat outside
Rl(config)#interface FastEthernet 1/1 Rl(config-if)#ip nat inside

 Configure static NAT statement:


Rl(config)#ip nat inside source static 192.168.1.10 200.1.1.1
Dynamic NAT

 Define the outside and inside interfaces:


 Create an ACL that determines the IP addresses that are allowed
to be translated:
Rl(config)#access-list 3 permit 192.168.1.0 0.0.0.255
 Create a pool of public IP addresses:
Rl(config)#ip nat pool PUB 200.1.1.1
200.1.1.6 netmask 255.255.255.248
 Configure NAT statement:
Rl(config)#ip nat inside source list 3 pool PUB

NAT Overload (PAT)

 The same as dynamic NAT with the use of the overload keyword at
the end of NAT statement:
Rl(config)#ip nat inside source list 3 pool PUB overload

NAT verification and troubleshoot

Useful in viewing the configuration of


NAT pool and the inside and outside
Rl#show run interfaces

Displays access lists, including the one


Rl#show access-lists used for NAT

Shows counters for packets and NAT


table entries, as well as basic
Rl#show ip nat stasitics configuration information

Rl#show ip nat translations Displays the NAT table

Clears all the dynamic entries in the


Rl#clear ip nat translations * NAT table

Issues a log message describing each


packet whose ip address is translated
Rl#debug ip nat with NAT

You might also like