Scribd
Upload
239 views3 pages

(CCNA) Cisco Commands Cheat Sheet #4

The document provides a cheat sheet of Cisco commands for CCNA students covering topics such as access control lists, extended access lists, named access lists, verifying ACLs, DHCP servers, and DHCP verification and troubleshooting. Standard ACLs range from 1-99 and 1300-1999 while extended ACLs range from 100-199 and 2000-2699. Named ACLs use names to identify ACLs. The DHCP section covers defining a DHCP pool, network and default gateway, DNS servers, lease times, and excluded addresses.

Uploaded by

Md IrfAN
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
239 views3 pages

(CCNA) Cisco Commands Cheat Sheet #4

The document provides a cheat sheet of Cisco commands for CCNA students covering topics such as access control lists, extended access lists, named access lists, verifying ACLs, DHCP servers, and DHCP verification and troubleshooting. Standard ACLs range from 1-99 and 1300-1999 while extended ACLs range from 100-199 and 2000-2699. Named ACLs use names to identify ACLs. The DHCP section covers defining a DHCP pool, network and default gateway, DNS servers, lease times, and excluded addresses.

Uploaded by

Md IrfAN
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

[CCNA] Cisco Commands Cheat Sheet #4

CCNA RnS, Cisco, Network September 26, 2013 Comments: 3

Continuing our Cisco Commands Cheat Sheet for CCNA students, this is our 4th post.

Cisco Commands Cheat Sheet #1


Cisco Commands Cheat Sheet #2
Cisco Commands Cheat Sheet #3
Cisco Commands Cheat Sheet #5

Access Control Lists:

Standard ACL: 1 – 99 and 1300 – 1999

Use a remark to describe the ACL (Optional):

1 R1(config)# access-list 1 remark ACL TO DENY ACCESS FROM SALES VLAN

Create the ACL, keeping the following in mind:


ACL uses first-match logic.
There is an implicit deny anyat the end of the ACL.

1 R1(config)# access-list 2 deny 192.168.1.77


2 R1(config)# access-list 2 deny 192.168.1.64 0.0.0.31
3 R1(config)# access-list 2 permit 10.1.0.0 0.0.255.255
4 R1(config)# access-list 2 deny 10.0.0.0 0.255.255.255
5 R1(config)# access-list 2 permit any

Enable the ACL on the chosen router interface in the correct direction (in or out):

1 R1(config-if)# ip access-group 2 out

Using standard ACL to limit telnet and SSH access to a router:

Create the ACL that defines the permi ed telnet clients:

1 R1(config)# access-list 99 remark ALLOWED TELNET CLIENTS


2 R1(config)# access-list 99 permit 192.168.1.128 0.0.0.15

Apply the ACL inbound the vty lines

1 R1(config)# line vty 0 4


2 R1(config-line)# access-class 99 in

Extended ACL: 100 – 199 and 2000 – 2699


Extended ACL should be placed as close as possible to the source of the packet.
Extended ACL matches packets based on source & des.IP addresses, protocol, source & des. Port
numbers andother criteria as well

1 R1(config)# access-list 101 remark MY_ACCESS_LIST


2 R1(config)# access-list 101 deny iphost 10.1.1.1 host 10.2.2.2
3 R1(config)# access-list 101 deny tcp 10.1.1.0 0.0.0.255 any eq 23
4 R1(config)# access-list 101 deny icmp 10.1.1.1 0.0.0.0 any
5 R1(config)# access-list 101 deny tcphost 10.1.1.0 host 10.0.0.1 eq 80
6 R1(config)# access-list 101 deny udphost 10.1.1.7 eq 53 any
7 R1(config)# access-list 101 permit ip any any
8 R1(config)# interface fastEthernet 0/0
9 R1(config-if)# ip access-group 101 in

Named ACL:

Named ACLs use names to identify ACLs rather than numbers, and commands that permit or
deny traffic are wri en in a sub mode called named ACL mode (nacl).
Named ACL enables the editing of the ACL (deleting or inserting statements) by sequencing
statements of the ACL.

Named standard ACL:

1 R1(config)# ip access-list standard MY_STANDARD_ACL


2 R1(config-std-nacl)# permit 10.1.1.0 0.0.0.255
3 R1(config-std-nacl)# deny 10.2.2.2
4 R1(config-std-nacl)# permit any
5 R1(config)# interface fastEthernet 0/1
6 R1(config-if)# ip access-group MY_STANDARD_ACL out

Named extended ACL:

1 R1(config)# ip access-list extended MY_EXTENDED_ACL


2 R1(config-ext-nacl)# deny icmp 10.1.1.1 0.0.0.0 any
3 R1(config-ext-nacl)# deny tcphost 10.1.1.0 host 10.0.0.1 eq 80
4 R1(config-ext-nacl)# permit ip any any
5 R1(config)# interface fastEthernet 0/1
6 R1(config-if)# ip access-group MY_EXTENDED_ACL in

Editing ACL using sequence numbers:

1 R1(config)# ip access-list extended MY_EXTENDED_ACL


2 R1(config-ext-nacl)# no 20 ! Deletes the statement of sequence number 20
3 R1(config)# ip access-list standard 99
4 R1(config-std-nacl)# 5 deny 1.1.1.1 ! inserts a statement with sequence 5

Verifying ACLs:

Shows all ACLs configured on a router with counters at the end of each statement:
1 R1# show access-lists
2 ! OR
3 R1# show ip access-list

Shows only the specified ACL:

1 R1# show ip access-list 101

Includes a reference to the ACLs enabled on that interface either in or out:

1 R1# show ip interface f0/0

DHCP Server

Define a DHCP pool and give it a name:

1 R1(config)# ip dhcp pool MY_POOL

Define network and mask to use in this pool and the default gateway:

1 R1(dhcp-config)# network 192.168.1.0 255.255.255.0


2 R1(dhcp-config)# default-router 192.168.1.1

Define one or more DNS server (OPTIONAL):

1 R1(dhcp-config)# dns-server 213.131.65.20 8.8.8.8

Confine the lease time (OPTIONAL):

1 R1(dhcp-config)lease 2 ! Days

Define one or more scopes of excluded (reserved) addresses (OPTIONAL):

1 R1(config)# ip dhcp excluded-address 192.168.1.1 192.168.1.100


2 R1(config)# ip dhcp excluded-address 192.168.1.200 192.168.1.254

DHCP Verification and Troubleshooting:

Shows the status of the specified pool and the leased addresses from that pool:

1 R1# show ip dhcp pool POOL_1

Shows all the leased ip addresses from all configured DHCP pools:

1 R1# show ip dhcp binding

Shows any conflicts that occurred:

1 R1# show ip dhcp conflict

Enjoy !

You might also like