Cisco Commands ‘Changing switch hostnaae Switch(configh#hostname Sw Configuring passwords Shi {config jenable secret cisco MDS hash Shi (config)#enable password noteiseo Clear text Secring console part Swi (config)#line con 0 SWI (config-Line) password cisco Shi (confilg-Line) ¥login ‘Securing terminal lines Swi (configjeline vty 8 4 Swi (config-line)#password cisco Swi(config-Line)#login Encrypting passwords Shi (config yaservice password-eneryption Configuring banners: Sui(configyebanner watd $ UNAUTHORTZED ACCESS TS PROHIBITED $ Giving the switch an IP address Swi(configyeinterface vian 1 Shi(config-if}#ip address 172.16.1.11 255.255.255.@ (or dhcp) Shit (config. iF}ashutdown ‘Setting the default gateway Swi(config)#ip default-gateway 172.16.1.1 ‘Saving configuration SWIWCOpy running-config startup-config Destination filename [startup-config]? Press ent confira # Building configuration_ name. | Lox] Swit Short for write Building configuration_ menory. [0K] Working environment (name lookup, history, exec-timeout and logging behavior: Swi {config}éno ip domain-lookup Swi(config}#line vty @ 4 Sul(config-Line)#nistory size 15 Swi(config-line)# exec-timeout 18 36 Swi (config-line)#logging synchronous Also valid for Line con 8, Configuring switch to use SSH * Configure DNS domain name: Swi(config)#ip domain-name example, com * Configure a username and password: SWL(config}fusername admin password cisco * Generate encryption keys: Swi(config)acrypto key generate rsa How many bits in the modulus [$12]: 1824 * Define SSH version to use: Swi(config)#ip ssh version 2 * Enable vty lines to use SSH: swi(configyeline vty @ 4 Swi (config-line)¥#login local Swi (config-Line)#transport input telnet ssh The size of the key modulus in the range oF 368 to 2042, You can set vty lings to use only telnet or only ssh or beth as in the example, Page | 1Cisco Commands Aliases Swi (config)tallas exec c configure terminal Swi(config)#alias exec $ show ip interface brief Swi(config)#alias exec sr show running-config Used to create shortcuts for long comands. Description, speed and duplex Shi (configy#interface Fastethernet @/1 Swi (config-if}#description LINK TO INTERNET ROUTER swi(config-if}#speed 108 (options: 1@, 188, auto) swi(config}#interface range fastethernet @/5 - 18 Shit (config-if-range}#duplex full (options: half, full, auto) The range keyword used to set a group of interfaces at Verity Basic configuration ‘Swi#show version Shows information about the switch and its interfaces, RAM, NVRAM, flash, TOS, etc ‘Switshow running-config Shows the current configuration file stored in ORAM. ‘Swishow Startup-config Shows the configuration File stored in NVRAM which is used at first boot process. ‘SWi#show history Lists the commands currently held in the history buffer. ‘SWi#show ip interface brief Shows an overview of all interfaces, their physical status, protocol status and ip address if assigned SWitshow interface vlan 1 Shows detailed information about the specified interface, its status, protocol encapsulation, last 5 min traff. , duplex, speed, Hic. ‘Swisshow interfaces description | Shows the description of all in terFaces ‘Switshow interfaces status Shows the status of all interfa Of not, speed, duplex, trunk or ces like connected access vlan. Swinshow crypto key mypubkey rsa _| Shows the public encryption key used for SSH. ‘SWi#show dhcp lease Shows information about the leased IP address (when dhep server) an interface is configured to get IP address via a Configuring port security * Make the switch interface as access port: Swi (config-if)#sitchport mode access Enable port security on the interface: Swi (config-if}#switchport port-security * Specify the maximum number of allowed MAC addresses: Shi (config-1f)eswitehport port-security maximum 1 * Define the action to take when violation occurs: The sticky keyword is used to let the interface dynamically learns and configures the MAC addresses SWL(config-if}#switchport port-security violation shutdown oF the (options: shutdown, protect, restrict) currently * Specify the allowed mac addresses: annette. Swi (config-if)}#switchport port-security mac-address 68b5.9965.1195 nants: (options: H.H.H, sticky) Werify and troubleshoot port security SWiwshow mac-address-table ‘Shows tho entrios of the mac address table SwLshow port-security overview of port security ‘af all interfaces ‘SWi#show port-security interface 20/5 | Shows detailed Information about port security on the specified interface Configuring VLANs * Create a new VLAN and give it a name: Swi (config)#vian 1e Swi (config-vlan)#name SALES * Assign an access interface to access a specific VLAN: sui(config}#interface fastethernet 0/5 Swi (config-if}#switchport mode access swi(config-if)eswitchport access vlan 1¢ Page |2Cisco Commands ‘Sip verification and troubleshooting Swiishow spanning-tree Shows detailed info about STP state ‘Swi#show Spanning-tree interface fa0/2 Shows STP info only on a specific part Si#show spanning tree vlan 2 Shows STP info only for a specific VLAN ‘SWifshow spanning-tree [vlani] root Shaws info about the root switch ‘Swilishow spanning-tree [vlani] bridge Shows info about the local switch ‘SWi#show etherchannel 2 Show the state of the etherchannels ‘Swifdebug spanning-tree events Provides Informational messages about the changes in the STP topology Enabling on Sabling COP + Enabling COP globally on a switch: SWi{conFig}edp run * Disabling CDP on a given interface: Sui(config-ifjeno cdp enable Using CoP for network verification and troubleshooting Suishow cdp Shows global information about Cop itself ‘SWilShow cdp interface Fae/2 Shows information about CDP on a specific interface ‘Swilshow cdp neighbors Shows information about the directly connected cisco devices including interfaces names capabilities ‘Swishow cdp neighbors detail Shows detailed inforsation about the neighboring ciseo devices including device address and version of 10S they run ‘SWiwshow cdp entry * Same as show cdp neighbor detail ‘Swifshow cdp entry SwW2 Shows detailed information about the specified entry only Page |4Cisco Commands Configuring an auxiliary VLAN for cisco IP phones ‘Swi (config)@interface Fastethernet 6/5 Swl(config-if}eswitchport access vlan 1¢ Swi (config-if}#switchport voice vlan 12 accessing vlan 16 (data) and 42 (VoIP) Configuring Trunks SWi(config}#interface Fastethernet @/1 Swi (config-if}#switchport made trunk (options: access, trunk, dynamic auto, dynamic desirable) Swi(config-if)#switchport trunk allowed vlan add 26 (options: add, remove, all, except) ‘Securing VIANS and Trunking © Administratively disable unused interface Swi (config-if}¢shutdown * Prevent trunking by disabling auto negotiation on the interface: sui(config-if}enonegotiate (or hardcode the port as an access port) SwWi{config-if}#switchport mode access * Assign the port to an unused VLAN: Sui (config-if}#switchport access vlan 222 Configuring VIP * Configure VIP mode: Sui(config}évtp mode server (options: server, client, transparent) © Configure VIP domain name: SwWi{config}autp domain EXAMPLE (case-sensitive) The transparent VIP made is used when an engineer wants to deactivate * Configure VTP password: (optional) VIP on a Sui(config}évtp password eiseo (case-sensitive) particular * Configure VIP pruning: (optional) switch Swi (config)#vtp pruning (only works an VTP servers) * Enable VTP version 2: (optional) SwWi(config)evtp version 2 «ring up trunks between the switches Verify and troubleshoot VUANS and VIP, ‘Swidshow interfaces 1f switehport Lists information about aduinistrative setting and operation status of interface SWitshow interfaces trunk Lists all the trunk ports on a switch including the trunk a}lowed VLANS ‘swisshow vian (orief| id] name] summary) [tists information about the VLANs: ‘SWitshow vtp status Lists VIP configuration (mode, domain nang, version, etc) and revision number SWi¥show vip password Shows the VIP password STP a * Hard coding the root bridge (changing bridge priority): Swi (config)#spanning-tree vlan 1 root primary Swi (config}#spanning-tree vlan 1 root secondary Swi (config )#spanning-trée [vlan 1] priority 8192 © Changing the STP mode: Swi(config)#spanning-tree mode rapid-pyst (options: mst, pvst, rapid-pvst) * Enabling portfast and BPDU guard on an interface: Swi(config-if}#spanning-tree portfast Sui (config-if}#spanning-tree bpduguard enable * Changing port cost Swi (config-if}#spanning-tree [vlan 1] cost 25 * Bundling interfaces into an etherchannel: Swi (config-if}#channel-group 1 node on [ (options: auto, desirable, on) Priority must be a multiply oF 4006 Portfast and BPOU guard are enabled only on interfaces connected to end user hosts ye 3Cisca Commands Router basic configuration Router(config}#hostname Ra Ri(config)#enable secret ciseo Ri(config)#line con @ Ri(config-line)apassword eiseo Ri(config-line)Flogin Ri(config-line}Rlogeing synchronous Ri(config-line)Rexec-timeout 3@ @ Ri(config-line)}Fexit Ri(config)#line vty @ Ri(config-line)#password cisco Ri(config-Line)#login RL(config-line)#logeing synchronous Ri(config-line)#exec-timeout 38 6 Ri(config-Line)toxit Ri(config)#line aux 6 Ri(config-Line)#password eiseo RL(config-line)#login Ri(config-line)Rlogging synchronous Ri(config-Line)eexec-timeout 39 @ Ri(config-line)@exit Ri(config}#banner motd § UNAUTHORIZED ACCESS IS. PROHIBITED $ Ri(config)#alias exec ¢ configure terminal Ri(config}#alias exec s show ip interface brief Ri(config}#alias exec sr show running-config Ri(config)#no ip domain-lookup Ri(config)#service passward-eneryption Ri(canfig)#ip domain-nane example. com RL(Config)#username admin password cisco Ri(config}#crypto key generate rsa How many bits in the modulus [512]: 1924 Ri(configj#ip ssh version 2 Ri(config}#line vty @ 4 RL(config-line)@login local Ri(config-Line)stransport input telnet ssh This section includes: 105 commands that are absolutely identical on both routers and switches, except the part oF line aux @ which is configured only on router because switches do pot have’ an auxiliary port. Configuring router interfaces Ri(config)#interface fastethernet a/@ Ri(config-if}edescription LINK_TO_LOCAL_LAN_THROUGH Swi Ri(config-{f}#ip address 172,16.1.1 255.255.2556 Ri(config-if}#no shutdown Ri(config-if}#exit Ri(config)#interface serial 6/1/e Ri(config-f}#description WAN CONNECTION TO_R2 Ri(config-if}#ip address 10.1.1.1 255.255.255.252 Ri(config-if}#clock rate 128808 Ri(config-if}#no shutdown Clock rate ds set only on the DCE side, ‘typically the ISP side. On your router which is OTE you don’t need to set clocking. Configuring Router-On-stick far wisn routing Ri{config}#interface fastethernet e/a Ri(config-if}#no shutdown Ri(config)# interface fastethernet 6/a.18 RL(config-subif)# encapsulation dotag 1¢ Ri(config-sublf)#ip address 192.168.18.1 255.255.255.0 Ri(config-subif)# interface fastethernet @/8.28 Ri(config-subif)# encapsulation dotiq 28 Ri(config-subif)#ip address 192.168.20.1 255.255.255.0Cisco Commands Static routes Rilconfig)#ip route 1.1.2.0 255.255.255.0 10.1.128.1 Using next hop Ri(config)#ip route 18.1.2,.8 255.255.255.0 Serial e/e Using exit Note: Exit interface can be used in point-to-point serial links. interface Default Route Rifconfigh#ip route @,0.0.0 0.0.0.0 199.1.1.1 ‘RiPv2 Configuration Ri{config)#router rip RL(config-router aversion 2 Ri(config-router}#network 18.0.6.8 (written as an original class A) Ri(config-router}ino aiitosumnary Ri(Config-rauter}apassive-interface serial 0/8 Ripv2 Verification Ritshow ip protocols Shows inforsation about the running routing protocol process Ritshow ip route shows the entire routing table Risshow ip route rip Shows routes learned via RIP only Risshow ip route 16.1.2.1 Shows detailed information about the route to the specified destination network OSPF Configuration * Enter OSPF router configuration mode: Ri(config)#router ospf 1@ (process ID) * Configure one or more network commands to identify which interfaces will run OSPF: Ri(config-rauter Hinetwork 18,8.8.0 8.255,255.255 area @ Ri(config-router )#network 172.16.8 8.7,255 area @ RL(config-rauter)anetwork 192.168.1.254 8.0.0.8 area 1. * Canfigure router ID either by: (Optional) Using router-id ospf subcommand: Ri(config-router )#router-id 1.1.4.1 2 Configuring an IP address on a loopback interface: Ri(cohfig)#interface loopback @ Ri(config-if)sip address 1.1.1.1 255.255.255.255 * Change Hello and Dead intervals per interface: (Optional) Ri(config-if)#ip ospf hello-interval 2 Ri(config-if)#ip ospf dead-interval 6 © Impact routing choices by tuning interface cost using one of the following ways: (Optional) = Changing interface cost: Ri(config-if}eip ospF cost 55 = Changing interface bandwidtt ifjebandwidth 128 (kbps) Changing the reference bandwidth that used by OSPF to calculate the cost: Rifconfig-rauter}#auto-cost reference-bandwidth 1890 (Mbps) RL( config © Disabling OSPF on a certain interface: (Optional) RL(config-rauter}apassive-interface serial 0/6 * Configuring OSPF authentication: (Optional) Type @ authentication (none): Ri(config-if)#ip ospf authentication null Type 1 authentication (clear text): RL(config-{f}#ip ospf authentication Ri(config-{f}#ip ospf authentication-key cisco Type 2 authentication (md5): Ri(config-if}#ip ospf authentication mossage-digest Ri(config-if)#ip ospf message-digest-key 1 ad5 eiseo = Configure maximum equal-cost paths: (Optional) Ri(config-router)#maximum paths 6 Page | 6Cisco Commands Access Control Lists (ACLS) ‘Standard ACL * Plane the location (router and interface) and direction (in or out) on that interface: 5 Standard ACL should be placed as close as possible to the destination of the packet, = Identify the source IP addresses of packets as they go in the direction that the ACL 1s examining. + Use a remark to describe the ACL: (Optional): Ri(config)#access-list 1 remark ACL TO OENY ACCESS FROM SALES VLAN * Create the ACL, keeping the following in mind: ACL uses first-match logic. 2 There 4s an inplicit deny ony at the end of the Act. Ri(config)#access-list 2 deny 192.168.1.77 Ri(config)#access-list 2 deny 192.168.1.64 @.9.0.32 Ri(config)#access-list 2 permit 10,1.0.0 8.6.255.255 Ri(config}taccess-list 2 deny [email protected],8 @.255.255.255 Ri(config)#access-list 2 permit any * Enable the ACL on the chosen router interface in the correct direction (in ar aut): Ri{config-1f)#ip access-group 2 out ‘Standard ACL number ranges: 1 - 99 and 1388 - 1999. * Using standard ACL to limit telnet and SSH access to a router: co Create the ACL that defines the permitted telnet clients: Ri(config)#access-list 99 remark ALLOWED TELNET CLIENTS RL(config)#access-list 99 permit 192.168.1.128 @.6.6.15 = apply the ACL inbound the vty lines Ri(config)#line vty @ 4 Ri(config-line)#access-class 99 in Extended ACL = Note: 5 Extended ACL should be placed as close as’ possible to the source of the packet. © Extended ACL matches packets based on source & des, IP addresses, protocol, source & des. Port numbers and other criteria as well. Ri(config)#access-list 181 remark MY_ACCESS_LIST Ri(config)#access-list 101 deny ip host 1.1.1.1 host 16,2.2.2 Ri(config)#access-list 181 deny tcp 18.1.1.0 8.0.8.255 any eq 23 Ri(config)*access-list 101 deny icmp 10.1.1.1 8.0.0.0 any Ri(config)#access-list 101 deny tcp host 16.1,1.6 host 10.6.0.1 oq 86 Rilconfig}#access-list 161 deny udp host 16,1.1,7 eq 53 any Ri(config)#access-list 1@1 permit ip any any Ri(config)#interface fastethernet 0/@ Ri(config-if}#ip access-group 1@1 in Extended ACL runber ranges: 1g - 199 and 2a08 — 2699. Named ACL * Note: 5 Named ACLS use names to identify ACLs rather than numbers, and. commands that permit or deny traffic are written in a Sub mode called named ACL mode (nacl). Named ACL enables the editing of the ACL (deleting or inserting statements) by sequencing statenents af the ACL. © Mamed standard ACL: Ri(config)#ip access-list standard MY_STANDARD_ACL RL(config-std-nacl)#permit 19.1.1.6 @.6.0.255 Ri(config-std-nacl)#deny 10.2.2.2 Ri(config-std-nacl}ipermt any Ri(config)#interface fastethernet @/1 Ri(config-if}#ip access-group MY STANDARD ACL out Page | 8Cisco Commands OSPF verification Rieshow ip protocols Shows Information about the running routing protocol process Rigshow ip route Shows the entire nouting table Rivshow ip route ospt Shows routes learned via OSPF only Ri#show ip ospF neighbors Shows all neighboring routers along with their respective adjacency state Rivshow ip ospf database Shows all the information contained in the LSB Rivshow ip ospf interfaces serial 6/6 Shows detailed Information about OSPF running on a specific interface EIGRP Configuration © Enter EIGHP configuration mode and define AS number: Ri(config)#router elgrp 122 (AS number) * Configure one or more network commands to enable ETGRP on the specified interfaces: RL(config-router Minetwork 10.6.6.0 Ri(config-router}#network 172.16.8.0 @.8.3.255 Ri(config-rauter }inetwork 192.168.1.1 8.0.8.8 Ri(config-rauter)anetwork @.8.0.0 255.255.255.255 * Disable auto sunmarization: (Optional) Ri( config-rauter)#no autosummary * Disable EIGRP on a specific interface: (Optional) Ri( config-router ipassive-interface serial 0/8 ‘+ Configure load balancing parameters: (Optional) Ri(config-rauter}#maximum-paths 6 Ri(config-router)avariance & * Change interface Hello and Hold timers: (Optional) Ri(config-if}#ip hello-interval eigra 121 3 Ru(config-if}#ip hold-time eigrp 121 10 © Impacting metric calculations by tuning @W and delay of the interface: (Optional) Ri(config-if}ebandwidth 265 (kbps) Ri(config-ifj#delay 126 (tens af microseconds EIGRP Authentication + Create an authentication key chain as follow 2 Create a key chain and give Jt 2 name: Ri(Config)#key chain M¥_KEYS c Create one or more keys giving them numbers: Ri(config-keychain)#key 1 5 Define the key value: Ri(config-keychain-key)akey-string 1stkEY Define the life time of the keys (optional) : Ri(config-keychain-key)#send-lifetime [start time] [end time] Ri(config-keychain-key)#accept-lifetine [Start time] [end time] © Enable md5 authentication mode for EIGRP on the interface: Ra(config-ifjeip authentication mode eigrp 122 mds * Refer to the correct key chain to be used on the interface: The Key-string value and the mode must be the same on both routers Lifetine options of the kays requires the clock oF the routers to be set correctly, better use NTP, or it can cause Ri(config-if}@ip authentication kay-chain elgrp 122 MY_MEVYS erepless EIGAP Verification Risshow ip route wigrp Shows routes learned via E1GRP only Riashow ip eigrp neighbors Shaws EIGRP neighbors and status Rieshow ip eigrp topalogy Shows EIGRP topology table, including succassar and feasible successor Ridshow ip eigrp interFaces Shows interfaces that run ETGRP Risshow ip eigrp traffic Lists statistics on numbers of EIGRP messages sent and received by the router Page |7Cisco Command® Wamed extended ACL: Ri(config)#ip access-list extended MY_EXTENDED_ACL Ri(config-ext-nacl)#deny icmp [email protected] @.0.0.6 any Ri(config-ext-nacl}#deny tcp host 16.1.1.8 h Ri(config-ext-nacl)# permit 4p any any Ri(config)#interface fastethernet 0/1 Ri(config-{f)#ip access-group MY_EXTENDED_ACL in * Editing ACL using Sequence numbers: Ri(config)#ip access-list extended MY_EXTENDED_ACL Ri(config-axt-nacl)#no 26 (deletes the statement of sequence number 28) Ri(config)#ip access-list standard 99 Ri(config-std-nacl)#5 deny 1.1.1.1 (inserts a statement with sequence 5) You can edit numbered ACLS using the configuration style of the named ACLS in as shawn in the last example. ost 10.8. Verifying ACLS Ri#show access-lists Shows all ACLS configured on a router with counters at the end of each statement Riwshow ip access-list Same as the previous command Risshow ip access-list 107 Shows only the specified aCL Rivshow ip interface fe/@ Includes a reference to the ACLs enabled on that interface either in or our DACP Server © Define a DHCP pool and give it a name: Ri(config)#ip dhcp pool MY_POOL gateway: Ri(dhep-config)#network 192.168.1.@ 255.255, Ri(dhep-config)#default-router 192,168.1,1 * Confine the lease time (OPTIONAL): Ri(dhep-config)lease 2 (days) * Define one or more scopes of excluded (OPTTONAL) = Ri(config)#ip dhcp exeluded-address 192.168. Ri(config)ip dhcp exeTuded- address 192.158. Define network and mask to use in this pool and the default Define one or more ONS server (OPTIONAL): Ri(dhep-config)#dns-server 213.131.65.20 8.8.8.8 255.0 (reserved) addresses 1.1 192.168.1100 1,208 192.168.1.254 DHCP Verification and Troubleshooting Ritshow ip dhep pool pool_1 shows the status of the specified pool and the leased addresses from that pool Riwshow ip dhep binding Shows all the leased ip addresses from all configured DHCP pools Rigshow ip dhep conflict Shows any conflicts that occurred Page} oCisca Commands bP Configuration Ri(config)#interface serial 6/6 Ri(config-if}#encapsulation ppp PPP Authentication CHAP * Configure the hostname: The password Ri(config)#hostname ALPHA used is shared * Configure the name of the other end router and the shared pesoeird, thaE means it must be the same on both routers password: ALPHA(config)eusername BETA password XYZ « Enable CHAP authentication on the interface; ALPHA(config)#interface serial @/@ ALPHA(canfig-if}#ppp authentication chap PAR + Configure the hostname: Ri(config}shostnane ALPHA * Configure the name of the other end router and the shared password: ALPHA( config) username BETA password KYZ * Enable PAP authentication on the interface and define the username and password to be sent by PAP: ALPHA(config)#interface serial 0/8 ALPHA(config-if)eppp authentication pap ALPHA(Config-if}¥npp pap Sent-username ALPHA password XYZ PP Verification and troubleshoot Rieshow interface s8/@ Shows the encapsulation type and the control protocols of PPP Rivshow run Useful for viewing the configuration oF usernames and passwords used to authenticate ppp Risdebug ppp authentication Displays the authentication process of ppp in real time Frame Relay DLCT = 201_ DLC = 183 Multipoint (one subnet) * Give the interface an ip address and enable Frame Relay encapsulation: Ri{config)#interface serial 8/8 Ri(canfig-{f)#ip address 1.1.1.1 255,255.255.8 Ri(config-if}sencapsulation frame-relay (detf) + Configure LMI signaling type: (optional as discussed with Isp) Ri(config-f)#frane-relay Imi-type ansi (options: ansi, cisco, 9334) * Configure Frame Relay mapping: Ri(config-if}# frane-relay map ip 1. Ri(config-if}s frame-relay map ip 1. +2 182 broadcast (ietf) 3183 broadcast Led 2.2 Page | 10Cisco Commands NAT Overload (PAT) * The same as dynamic WAT with the use of the overload keyword at the end of NAT statement: Ra(configh#ip nat inside source list 3 pool PUB overload WAT verification and troubleshoot Risshow run useful in viewing the configuration of NAT pool and the inside and outside interfaces Ritshow access-Lists Displays access lists, including the one used for NAT Ri¢show ip nat stasitics Shows counters for packets and NAT table entries, as well as basic configuration information Rivshow ip nat translations Displays the NAT table Rieclear ip nat translations * Clears all the dynamic entries In the NAT table Risdebug ip nat Issues a log message describing each packet whose ip address is translated with NAT. Page |12Cisco Command R2(config)#interface serial e/@ Ra(config-(f}#ip address 1.1.1.2 255.255.2558 R2(config-if}wencapsulation frame-relay Ra(config-if}# framé-relay map ip 1.1.1.1 201 broadcast R2(config-it)e frame-relay map ip 1.1.1.3 201 broadcast R3(config)#interface serial 0/@ RA(config-{f)#ip address 1.1.1.3 255,255,255.0 Ra(config-if}#encapsulation frame-relay R3(config-if}#frame-relay map ip 1.1.1.1 361 broadcast Ral config-if)s frame-relay map ip 1.1.1.2 381 broadcast Roint-to-point (different subnets; one subnet per subintertace) + Enable Frame Relay encapsulation: Ri(config)#interface serial 6/8 Ri(config-{f}#ancapsulation frane-relay © Give an ip address to a subinterface and configure its DLCT: RL(config)#interface serial @/8.182 point-to-point Ri(config-subif}#ip address 1.1.1.1 255.255.2550 Ri( config-subif)#frame-relay interface-dlci 162 Ri{config)tintertace serial @/@.193 point-to-point Ri(config-subif)#ip address 2.2.2.1 255.255.255.6 Rif config-subif)#frame-relay intarface-dici 163 R2(config)#interface serial o/e R2(config-{f)#encapsulation frame-relay Ra(config)#interface serial @/8.2@1 point-te-point Ra(config-subif)}¥ip address 1.1.1.2 255.255.2558 RA(Config-subif)#frame-relay interface-diei 291 Ra(Conflg)#interface serial e/a R3(config-if)#ancapsulation frame-relay R3(config)#interface serial @/@.381 point-te-point R3(config-subif)#ip address 2.2.2.2 255.255.255.8 Ra(config-subif)#frame-relay interface-dlel 361 Frame Relay veri ahd freubleshoot Risshow interfaces serial @/@ Shows the encapsulation type Rivshow Frame-relay PVC Lists PVC status information Rieshow Frame-relay map Lists DLCT to IP mapping Risshow frame-relay Imi Lists LMI status information ‘Risdebug frane-relay Imi Displays the content of LMT massages Risdebug frane-relay events Lists massages about certain Frame Relay events, including Inverse ARP messages Network Address Translation (NAT) Static NAT * Define the outside and inside interfaces: Ri(config}#interface serial e/a Ri(config-If}#ip nat outside Ri(config)#interface Fastethernet 1/1 Ri(config-{F)#ip nat inside * Configure static NAT statement: Ru(config)#ip nat inside source static 192.168.1.10 200.2.1.3 Dynamic NAT Define the outside and inside interfaces: * Create an ACL that determines the IP addresses that are allowed to be translated: Ri(config)#access-list 3 permit 192.168.1.6 8.8,8.255 * Create a pool of public IP addresses: Ri(config)#ip nat pool PUB [email protected] 208.1.1.6 netmask 255.255.255.248 © Configure NAT statement: Ri(config)#ip nat inside source list 3 pool PUB Page | 11