Scribd
Upload
16 views5 pages

CLI Commands

Uploaded by

GameRanx 034
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
16 views5 pages

CLI Commands

Uploaded by

GameRanx 034
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

ACL

-access-list 1 deny 192.168.2.101 0.0.0.0


-access-list 1 permit any
- int fa0/0
- ip access-group 1 out

IPS
Password – ciscoenpa55
Password – ciscoconpa55

R1(config)#license boot module c1900 technology-package securityk9


R1#copy running-config startup-config
Press enter
R1#reload
Press enter

R1>en
Password:
R1#
R1#
R1#
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#ex
R1#
%SYS-5-CONFIG_I: Configured from console by console

R1#mkdir ipsdir
Create directory filename [ipsdir]?
Created dir flash:ipsdir

R1#conf t
R1(config)#ip ips config location flash:ipsdir
R1(config)#ip ips name iosips

R1(config)#ip ips notify log


R1(config)#service timestamps log datetime msec
R1(config)#logging host 192.168.1.50

R1(config)#ip ips signature-category


R1(config-ips-category)#category all
R1(config-ips-category-action)#?
exit Exit from Category Actions Mode
no Negate or set default values of a command
retired Retire Category Signatures
R1(config-ips-category-action)#retired true
R1(config-ips-category-action)#category ios_ips basic
R1(config-ips-category-action)#retired false
R1(config-ips-category-action)#ex
R1(config-ips-category)#ex
Do you want to accept these changes? [confirm]

R1(config)#interface gigabitEthernet 0/1


R1(config-if)#ip ips iosips out
R1(config-if)#
*Mar 01, 00:10:03.1010: %IPS-6-ENGINE_BUILDS_STARTED: 00:10:03 UTC Mar 01
1993
*Mar 01, 00:10:03.1010: %IPS-6-ENGINE_BUILDING: atomic-ip - 3 signatures - 1 of 13
engines
*Mar 01, 00:10:03.1010: %IPS-6-ENGINE_READY: atomic-ip - build time 8 ms - packets
for this engine will be scanned
*Mar 01, 00:10:03.1010: %IPS-6-ALL_ENGINE_BUILDS_COMPLETE: elapsed time 8 ms
R1(config-if)#ex

R1(config)#ip ips signature-definition


R1(config-sigdef)#signature 2004 0
R1(config-sigdef-sig)#status
R1(config-sigdef-sig-status)#retired false
R1(config-sigdef-sig-status)#enabled true
R1(config-sigdef-sig-status)#ex
R1(config-sigdef-sig)#engine
R1(config-sigdef-sig-engine)#event-action produce-alert
R1(config-sigdef-sig-engine)#event-action deny-packet-inline
R1(config-sigdef-sig-engine)#ex
R1(config-sigdef-sig)#ex
R1(config-sigdef)#ex
Do you want to accept these changes? [confirm]
%IPS-6-ENGINE_BUILDS_STARTED:
%IPS-6-ENGINE_BUILDING: atomic-ip - 303 signatures - 3 of 13 engines
%IPS-6-ENGINE_READY: atomic-ip - build time 480 ms - packets for this engine will be
scanned
%IPS-6-ALL_ENGINE_BUILDS_COMPLETE: elapsed time 648 ms

R1(config)#ex
R1#show ip ips all

THEN

Verify that IPS is working properly.


a. From PC-C, attempt to ping PC-A. Were the pings successful? Explain.
b. From PC-A, attempt to ping PC-C. Were the pings successful? Explain.
VPN TUNNEL –
Router 0
Router#ping 2.0.0.2
Router#conf t
Router(config)#interface tunnel 1
Router(config-if)#ip address 172.16.1.1 255.255.0.0

Router(config-if)#tunnel source FastEthernet0/1


Router(config-if)#tunnel destination 2.0.0.2
Router(config-if)#exit
Router(config)#ip route 192.168.2.0 255.255.255.0 172.16.1.2

Router 2
Router>enable
Router#
Router#configure terminal
Router(config)#interface tunnel 2
Router(config-if)#ip address 172.16.1.2 255.255.0.0

Router(config-if)#tunnel source FastEthernet0/1


Router(config-if)#tunnel destination 1.0.0.2
Router(config-if)#exit
Router(config)#ip route 192.168.1.0 255.255.255.0 172.16.1.1

Ping from C to A
Tracert PC A

You might also like