Cisco Commands List = dl Changing switch hostname Switch(config)#hostname SW Configuring passwords SWi(config)#enable secret cisco MOS hash. SW1(config)#enable password noteisco Clear text. Securing console port SWi(config)#line con ® SW1(config-line)#password cisco SW1(config-line)#login Securing terminal lines SWi(config)#line vty @ 4 SW1(config-line)#password cisco SW1(config-line)#login Encrypting passwords SW1(config)#service password-encryption Configuring banners ‘SW1(config)#banner motd $ UNAUTHORIZED ACCESS TS PROHISITED $ Giving the switch an IP addre: ‘SW1(config)#interface vlan 1 SW1(config-if)#ip address 172.16.1.11 255.255.255.@ (or dhcp) SW1(config-if)#shutdown Setting the default gateway ‘SWi(config)#ip default-gateway 172.16.1.1 Saving configuration SwWiwcopy running-config startup-config Destination filename [startup-config]? Building configuration. Press enter to confirm file name. ‘OK [aber Short for write Building configuration.. memory. | [0K] _ Working environment (name lookup, history, exec-timeout and logging behavior ‘SWi(config)#no ip domain-lookup Sw1(config)#line vty @ 4 SW1(config-line)#history size 15 SW1(config-line)# exec-timeout 10 30 SW1(config-line)#logging synchronous Also valid for line con @. Configuring switch to use SSH + Configure DNS domain name: ‘SW1(config)#ip domain-name example.com * Configure a username and password: SW1(config)#username admin password cisco + Generate encryption keys: SW1(config)#crypto key generate rsa How many bits in the modulus [512]: 1024 + Define SSH version to use: SW1(config)#ip ssh version 2 * Enable vty lines to use SSH: SW1(config)#line vty @ 4 SW1(config-Line)#login local SW1(config-line)#transport input telnet ssh The size of the key modulus in the range of 368 to 2048. You can set vty lines to use only telnet or only ssh or both as in the example.Cisco Commands List CCNA v6 Aliases SW1(config)#alias exec ¢ configure terminal SWi(config)#alias exec s show ip interface brief SWi(config)#alias exec sr show running-config Used to create shortcuts for ong commands. Description, speed and duplex iA(config)#interface fastEthernet 0/1 SW1(config-Lf)#description LINK TO INTERNET ROUTER ‘SW1(config-if)#speed 160 (options: 10, 1¢0, auto) swi(config)#interface range fastEthernet @/5 - 10 Swi (config-if-range)#duplex full (options: half, full, auto) The range keyword used to set a group of interfaces at once. Verify Basic Configuration ‘SWishow version Shows information about the switch and its interfaces, RAM, NVRAM, flash, IOS, etc. ‘SWi#show running-conFig Shows the current configuration file stored in DRAM. ‘SWi¥show startup-config Shows the configuration file stored in NVRAN which is used at first boot process. ‘SWi#show history ‘SWivshow ip interface brief Lists the commands currently held in the history buffer. Shows an overview of all interfaces, their physical status, protocol status and ip address if assigned. ‘SWifshow interface vlan 1 Shows detailed information about the specified interface, its status, protocol, duplex, speed, encapsulation, last 5 min traffic. ‘SWivishow interfaces description Shows the description of all interfaces ‘SWi#show interfaces status | SW1#show crypto key mypubkey rsa Shows the status of all interfaces like connected or not, speed, duplex, trunk or access vlan. ‘Shows the public encryption key used for SSH. ‘SWi#show dhcp lease Shows information about the leased IP address (when an interface is configured to get IP address via a Configuring port security dhep server) _ + Make the switch interface as access port: The sticky SwL(config-if)#switchport mode access keyword 1s used + Enable port security on the interface: ee SW1(config-if)#switchport port-security naclenliy + Specify the maximum number of allowed MAC addresses: Tearns and SW1(config-if)#switchport port-security maximum 1 + Define the action to take when violation occurs: ‘MAC addresses Swi(config-if)#switchport port-security violation shutdown of the (options: shutdown, protect, restrict) currently * Specify the allowed MAC addresses: comected ‘SW1(config-if)#switchport port-security mac-address 68b5.9965.1195 | (options: H.H.H, sticky) configures the Verify and troubleshoot port security ‘SW1#show mac-address-table Shows the entries of the mac address table ‘SWiMshow port-security overview of port security of all interfaces ‘SWINshow port-security interface fa0/5 Shows detailed information about port security on the specified interface Configuring VLANs SW1(config)i#vlan 10 ‘SW1(config-vlan)#name SALES Create a new VLAN and give it a nam ‘Assign an access interface to access a specific VLAN: swa(config)#interface fastethernet 0/5 SW1(config-if)#switchport mode access Swi (config-if)#switchport access vlan 10Cisco Commands List CCNA v6 Configuring an auxiliary VLAN for cisco IP phones ‘SW1(config)i#interface fastEthernet 0/5 SW1(config-if )#switchport access vlan 10 Swi(config-if)#switchport voice vlan 12 ‘accessing vlan 20 (data) and 12 (VoIP) Configuring Trunks SW1(config)#interface fastEthernet 0/1 SWi(config-if)#switchport mode trunk (options: access, trunk, dynamic auto, dynamic desirable) SW1(config-if)#switchport trunk allowed vlan add 1@ (options: add, remove, all, except) Securing VLA and Trunking + Adninistratively disable unused int ‘SW1 (config-if)#shutdown + Prevent trunking by disabling auto negotiation on the interface: Swi(config-if)#nonegotiate (or hardcode the port as an access port) Swi(config-if)#switchport mode access + Assign the port to an unused VLAN: Swi(config-if)#switchport access vlan 222 ‘aces: Configuring VIP + Configure VTP mode: SW1(config)i#vtp mode server (options: server, client, transparent) + Configure VTP domain name: swi(config)#vtp domain EXAMPLE (case-sensitive) + Configure VTP password: (optional) The transparent VIP mode is used when an engineer wants to deactivate SW1(config)#vtp password cisco (case-sensitive) particular + Configure VTP pruning: (optional) switch Swi (config)#vtp pruning (only works on VIP servers) + Enable VTP version 2: (optional) SW1(config)#vtp version 2 + Bring up trunks between the switches Verify and troubleshoot VLANS and VTP ‘SWiNshow interfaces if switchport Lists information about administrative setting and operation status of interface ‘SWi#show interfaces trunk Lists all the trunk ports on a switch including the trunk allowed VLANS ‘SWiWshow vian {brief| id] name| summary) | Lists information about the VLANs ‘SWi#show vtp status Lists VTP configuration (mode, domain’ name, version, etc) and revision number ‘SWi#show vtp password Shows the VTP password ‘STP optimization + Hard coding the root bridge (changing bridge priority): ‘SW1(config)#spanning-tree vlan 1 root primary ‘SW1(config)#spanning-tree vlan 1 root secondary ‘SW1(config)#spanning-tree [vlan 1] priority 8192 + Changing the STP mode: ‘SW1(config)#spanning-tree mode rapid-pyst (options: mst, pvst, rapid-pvst) + Enabling portfast and BPDU guard on an interface: sw2(config-if)#spanning-tree portfast ‘SW1(config-if)#spanning-tree bpduguard enable Changing port cost: Swa(config-if)#spanning-tree [vlan 1] cost 25 + Bundling interfaces into an etherchannel: swi(config-if)#channel-group 1 mode on (options: auto, desirable, on) Priority must be a multiply of 4096 Portfast and BPOU guard are enabled only on interfaces connected to end user hostsisco Commands List CCNA v6 STP verification ai ind troubleshooting ‘SWi#show spanning-tree Shows detailed info about STP state ‘SWittshow spanning-tree interface fad/2 Shows STP info only on a specific port SWi#show spanning-tree vlan 1 ‘Shows STP info only for a specific VLAN ‘SWi#tshow spanning-tree [vlan1] root Shows info about the root switch SWINshow spanning-tree [vlan1] bridge Shows info about the local switch SWi#show etherchannel 1 Show the state of the etherchannels Swi#debug spanning-tree events Provides informational messages about the changes in the STP topology Enabling or disabling COP + Enabling COP globally on a switel Sw1(config)##edp run * Disabling CoP on a given interfa swi(config-if)#no cdp enable Using COP for network verif: ‘ication and troubleshooting ‘SWI#show cdp Shows global information about COP itself ‘SWi#show cdp interface fa0/2 ‘Shows information about COP on a specific interface ‘SWi#show cdp neighbors Shows information about the directly connected cisco devices including interfaces names capabilities ‘SWiWshow cdp neighbors detail Shows detailed information about the neighboring cisco devices including device address and version of IOS they run ‘SWittshow cdp entry * Same as show cdp neighbor detail ‘SW1lshow cdp entry SW2 Shows detailed information about the specified entry onlyCisco Commands List Router basic configuration Router(config)#hostname RI R1(config)#enable secret cisco R1(config)#line con @ R1(config-line)#password cisco R1(config-Line)#login R1(config-line)#logging synchronous R1(config-line)#exec-timeout 30 @ R1(config-line)#exit R1(config)#line vty @ 4 R1(config-line)#password cisco R1(config-line)#login R1(config-line)#logging synchronous Ra(config-line)#exec-timeout 30 @ R1(config-line)#exit Ri(config)#line aux @ R1(config-line)#password cisco R1(config-Line)#login R1(config-Line)#logging synchronous R1(config-line)#exec-timeout 30 @ R1(config-line)#exit Ri(config)#banner motd $ UNAUTHORIZED ACCESS IS PROHIBITED $ R1(config)#alias exec ¢ configure terminal R1(config)#alias exec s show ip interface brief Ri(config)#alias exec sr show running-config R1(config)#no ip domain-lookup R1(config)#service password-encryption Ri(config)#ip domain-name example.com Ri(config)#username admin password cisco R1(config)#crypto key generate rsa How many bits in the modulus [512]: 1024 Ri(config)itip ssh version 2 R1(config)#line vty @ 4 R1(config-line)#login local R1(config-Line)#transport input telnet ssh This section includes 105 commands that are absolutely identical on both routers and switches, except the part of line aux 0 which is configured only on router because switches do not have an auxiliary port. Configuring router interfaces Ri(config)#interface fastethernet @/@ R1(config-if)s#description LINK_TO_LOCAL_LAN_THROUGH_SW1 RA(config-if)#ip address 172.16.1.1 255.255.255.0 R(config-if)#no shutdown R1(config-if)#exit Ri(config)#interface serial @/1/2 R1(config-if)#description WAN_CONNECTION_TO_R2 Ri(config-if)#ip address 10.1.1.1 255.255.255.252 R1(config-if)#clock rate 128000 R1(config-if)#no shutdown Clock rate is set only on the DCE side, typically the ISP side. On your router which is DTE you don't need to set clocking. Configuring Router-On-Stick for vlan routing Ri(config)#interface fastEthernet 0/0 R1(config-if)#no shutdown R1(config)# interface fastEthernet 0/0.10 R1(config-subif)# encapsulation dotig 10 R1(config-subif)#tip address 192.168.10.1 255.255.255.0 R1(config-subif)# interface fastethernet 0/8.20 R1(config-subif)# encapsulation dotiq 26 R1(config-subif)#ip address 192.168.20.1 255.255.255.0 Paae l=Cisco Commands Static routes Ri(config)#ip route 10.1.2.0 255.255.255.@ 10.1.128.1 Using next hop Ri(config)#ip route 10.1.2.@ 255.255.255.@ Serial 0/2 Using exit *Note: Exit interface can be used in point-to-point serial links. interface Default Route —_ Ri(config)#ip route 0.0.0.0 0.0.0.0 199.1.1.1 Ripv2 Configuration Ri(config)#router rip R1(config-router)#version 2 R1(config-router)#network 10.0.0.0 (written as an original class A) R1(config-router)#no autosummar; Ri(config-router)#passive- interface serial 0/0 RIPv2 Verification Rivshow ip protocols ‘Shows information about the running routing protocol process Rifshow ip route Shows the entire routing table Rishow ip route rip ‘Shows routes learned via RIP only Rifshow ip route 1.4.1.4 Shows detailed information about the route ee _ to the specified destination network ‘OSPF Configuration + Enter OSPF router configuration mode: Ra(config)#router ospf 1@ (process ID) + Configure one or more network commands to identify which interfaces will run OSPF Ri(config-router)#network 10.0.0.@ @.255.255.255 area @ R1(config-router)#network 172.16.8.@ 0.0.7.255 area @ Ri(config-router)#network 192.168.1.254 @.0.0.@ area 1 + Configure router ID either by: (Optional) © Using router-id ospf subcommand: Ri(config-router)#router-id 1.1.1.1 (© Configuring an IP address on a loopback interface: R1(config)#interface loopback @ Ri(config-if)#ip address 1.1.1.1 255.255.255.255 + Change Hello and Dead intervals per interface: (Optional) Ri(config-if}#ip ospf hello-interval 2 Ri(config-if)#ip ospf dead-interval 6 + Impact routing choices by tuning interface cost using one of the following ways: (Optional) © Changing interface cost: R1(config-if)i#ip ospf cost 55 © Changing interface bandwidth: Ri(config-if)#bandwidth 128 (Kbps) © Changing the reference bandwidth that used by OSPF to calculate the cost: R1(config-router)#auto-cost reference-bandwidth 1000 (Mbps) + Disabling OSPF on a certain interface: (Optional) R1(config-router)#passive-interface serial 0/0 + Configuring OSPF authentication: (Optional) © Type @ authentication (none): R1(config-if)#ip ospf authentication null © Type 1 authentication (clear text): R1(config-if)#tip ospf authentication R1(config-if)#ip ospf authentication-key cisco ‘© Type 2 authentication (mds): Ri(config-if)#ip ospf authentication message-digest Ri(config-if)#ip ospf message-digest-key 1 md5 cisco + Configure maximum equal-cost paths: (Optional) Ri(config-router)#maximum paths 6 Page | 6Cisco Commands OSPF verification Riwshow ip protocols Shows information about the running _ routing protocol process Rivshow ip route Shows the entire routing table "Rifshow ip route ospf Shows routes learned via OSPF only Ri#show ip ospf neighbors Shows all neighboring routers along with their respective adjacency state Ritshow ip ospf database Shows all the information contained in the LsoB Rifshow ip ospf interfaces serial 0/0 Shows detailed information about OSPF running on a specific interface EIGRP Configuration + Enter EIGRP configuration mode and define AS number: R1(config)#router eigrp 121 (AS number) * Configure one or more network commands to enable EIGRP on the specified interfaces: R1(config-router)#network 10.8.0.0 R1(config-router)#network 172.16.0.0 @.0.3.255, R1(config-router)#network 192.168.1.1 0.0.0.0 R1(config-router)#network @.0.0.@ 255.255.255.255, * Disable auto summarization: (Optional) config-router)#no autosummary + Disable EIGRP on a specific interface: (Optional) R1(config-router)#passive- interface serial @/@ + Configure load balancing parameters: (Optional) R1(config-router)#maximum-paths 6 R1(config-router)#variance 4 + Change interface Hello and Hold timers: (Optional) R1(config-if)#ip hello-interval eigrp 121 3 Ri(config-if)#ip hold-time eigrp 121 10 * Impacting metric calculations by tuning BW and delay of the interface: (Optional) R1(config-if)#bandwidth 265 (kbps) R1(config-if)#delay 120 (tens of microseconds) EIGRP Authentication * Create an authentication key chain as follows: The key-string © Create a key chain and give it a name; value and the R1(config)#key chain MY_KEYS mode must be © Create one or more keys giving them numbers: palin R1(config-keychain)#key 1 pene © Define the key value: options of the R1(config-keychain-key)#key-string 1stKEY keys requires. (© Define the life time of the keys (optional): the clock of R1(config-keychain-key)#send-lifetime [start time] [end time] the routers to R1(config-keychain-key)#accept-lifetime [start time] [end time] be set + Enable md5 authentication mode for EIGRP on the interface: correctly, R1(config-if)#ip authentication mode eigrp 121 md5 better use NTP, * Refer to the correct key chain to be used on the interface: ae | R1(config-if)#ip authentication key-chain eigrp 121 MY_KEYS f EIGRP Verification Rishow ip route eigrp Shows routes learned via EIGRP only Riftshow ip eigrp neighbors ‘Shows EIGRP neighbors and status Ri#show ip eigrp topology ‘Shows EIGRP topology table, including successor and feasible successor Riishow ip eigrp interfaces Shows interfaces that run EIGRP Riftshow ip eigrp traffic Lists statistics on numbers of EIGRP messages sent and received by the routerCisco Commands ‘Access Control Lists (ACLs) Standard ACL + Plane the location (router and interface) and direction (in or out) on that interface: © Standard ACL should be placed as close as possible to the destination of the packet. © Identify the source IP addresses of packets as they go in the direction that the ACL is examining. + Use a remark to describe the ACL: (Optional): Ri(config)#access-list 1 remark ACL TO DENY ACCESS FROM SALES VLAN + Create the ACL, keeping the following in mind: © ACL uses first-match logic. © There is an implicit deny any at the end of the ACL. Ri(config)i#access-list 2 deny 192.168.1.77 Ri(config)#access-list 2 deny 192.168.1.64 @.0.0.31 Ri(config)#access-list 2 permit 10.1.8.@ @.0.255.255, Ri(config)#access-list 2 deny 10.0.0.0 @.255.255.255 R1(config)#access-list 2 permit any * Enable the ACL on the chosen router interface in the correct direction (in or out): Ri(config-if)#ip access-group 2 out Standard ACL number ranges: 1 - 99 and 13¢0 - 1999, + Using standard ACL to limit telnet and SSH access to a router: © Create the ACL that defines the permitted telnet clients: R1(config)#access-list 99 remark ALLOWED TELNET CLIENTS Ri(config)#access-list 99 permit 192.168.1.128 0.0.0.15 ‘© apply the ACL inbound the vty lines Ri(config)#line vty @ 4 Ri(config-line)#access-class 99 in Extended ACL = Note: © Extended ACL should be placed as close as possible to the source of the packet. © Extended ACL matches packets based on source & des. IP addresses, protocol, source & des. Port numbers and other criteria as well. Ri(config)#access-list 101 remark MY_ACCESS_LIST Ri(config)#access-list 101 deny ip host 10.1.1.1 host 10.2.2.2 Ri(config)#access-list 101 deny tcp 10.1.1.@ @.0.0.255 any eq 23 Ri(config)i#taccess-list 101 deny icmp 10.1.1.1 0.0.0.0 any Ri(config)#access-list 11 deny tcp host [email protected] host 10.0.0.1 eq 80 Ri(config)#access-list 101 deny udp host 10.1.1.7 eq 53 any Ri(config)#access-list 101 permit ip any any Ri(config)#interface fastethernet 0/8 Ri(config-if)#ip access-group 161 in Extended ACL umber ranges: 188 - 199 and 20@0 - 2699, ‘Named ACL + Notes © Named ACLs use names to identify ACLs rather than numbers, and commands that permit or deny traffic are written in a sub mode called named ACL mode (nacl). © Named ACL enables the editing of the ACL (deleting or inserting statements) by sequencing statements of the ACL. + Named standard ACL: Ri(config)#ip access-list standard MY_STANDARD_ACL Ri(config-std-nacl)#permit 1.1.1.0 0,0.0,255 Ri(config-std-nacl)#deny 10.2.2.2 Ri(config-std-nacl)#permit any Ri(config)#interface fastethernet 0/1 Ri(config-if)#ip access-group MY_STANDARD_ACL out Pane! 8Ctsco Commands + Named extended ACL: Ra(config)#ip access-list extended MY_EXTENO! R1(config-ext-nacl)s#deny icmp 10.1.1.1 0.6.0. R1(config-ext-nacl)fdeny tcp host [email protected] hi R1(config-ext-nacl)# permit ip any any R1(config)#interface fastethernet @/1 Ra(config-if)#ip access-group MY_EXTENDED_AC! Editing ACL using sequence numbers: Ra(config)#ip access-list extended MY_EXTENO! R1(config-ext-nacl)#ino 2 (deletes the statement of sequence number 20) R1(config)#ip access-list standard 99 R1(config-std-nacl)#5 deny 1.1.1.1 (inserts a You can edit aD Ach humbered ACLS ean using the m configuration jost 10.0.0.1 eq 8@ ceylatae the named ACLS in as shown in the L in last example, ED_ACL statement with sequence 5) Verifying ACLs Rilishow access-lists Ritshow ip access-list ‘Shows all ACLs configured on a router with counters at the end of each statement ‘Same as the previous command Rifishow ip access-list 101 Shows only the specified ACL Rilishow ip interface 0/0 Includes a reference to the ACLs enabled on that interface either in or out. DHCP Server * Define a DHCP pool and give it a name: R1(config)#ip dhcp pool MY_POOL Define network and mask to use in this gateway: R1(dhcp-config)#network 192.168.1.0 255.255. R1(dhcp-config)#default-router 192.168.1.1 + Confine the lease time (OPTIONAL): Ra(dhcp-config)lease 2 (days) Define one or more scopes of excluded (OPTIONAL) : Ri(config)#ip dhcp excluded-address 192.2 Define one or more DNS server (OPTIONAL, Ra(dhcp-config)#dns-server 213.131.65.20 8.8.8 pool and the default 255.0 (reserved) addresses 1,1 192,168.1.100 200 192.168.1.254 Ri(config)#ip dhcp excluded-address 192.168 DHCP Verification and Troubleshooting Rivshow ip dhep pool POOL_1 shows the status of the specified pool and the leased addresses from that pool Rilishow ip dhep binding Shows all the leased ip addresses from all configured DHCP pools Rivishow ip dhep conflict Shows any conflicts that occurred Page 19Cisco Commands PPP Configuration Ri(config)#interface serial 0/@ R1(config-if)#encapsulation ppp PPP Authentication ‘CHAP + Configure the hostname: Ri(config)#hostname ALPHA + Configure the name of the other end router and the shared password: ALPHA(config)#username BETA password XYZ + Enable CHAP authentication on the interface: ALPHA(config)#tinterface serial 0/2 ALPHA(config-if)#ppp authentication chap The password used is shared password, that means it’ must be the same on both routers PAP + Configure the hostname: Ri(config)#hostname ALPHA * Configure the name of the other end router and the shared password: ALPHA(config)#username BETA password XYZ + Enable PAP authentication on the interface and define the username and password to be sent by PAP: ALPHA(config)#interface serial 0/2 ALPHA(config-if)#ppp authentication pap ALPHA(config-if)#ppp pap sent-username ALPHA password XYZ PPP Verification and troubleshoot Riftshow interface s0/O Shows the encapsulation type and the control protocols of PPP Ri#show run Useful for viewing the configuration of authenticate ppp usernames and passwords used to Rivdebug ppp authentication Displays the authentication process of ppp in real time Frame Relay DLCI = 301 Multipoint (one subnet) + Give the interface an ip address and enable Frame Relay encapsulation: Ri(config)#interface serial 0/2 Ri(config-if)#ip address 1.1.1.1 255.255.255.0 Ri(config-if)#encapsulation frame-relay (ietf) + Configure LMI signaling type: (Optional as discussed with ISP) Ri(config-if)#frame-relay Imi-type ansi (options: ansi, cisco, 4933a) + Configure Frame Relay mapping: Ri(config-if)#frame-relay map ip Ri(config-if)# frame-relay map ip 1@2 broadcast (ietf) 1. 1.1.1.3 163 broadcast Page |10R2(config-if)#ip address 1.1.1.2 255.255.2550 R2(config-if)#encapsulation frame-relay R2(config-if)# frame-relay map ip 1.1.1.1 201 broadcast R2(config-if)# frame-relay map ip 1.1.1.3 201 broadcast R3(config)#interface serial 0/@ R3(config-iF)#ip address 1.1.1.3 255.255.255.0 R3(config-if)#encapsulation frame-relay R3(config-iF)# frame-relay map ip 4.1.1.1 301 broadcast R3(config-iF)# frame-relay map ip 1.1.1.2 301 broadcast Point-to-point (different subnets; one subnet per subinterface) + Enable Frame Relay encapsulation R1(config)#interface serial 0/@ R1(config-if)#encapsulation frane-relay + Give an ip address to a subinterface and configure its DLCI R1(config)#interface serial @/@.102 point-to-point Ri(config-subif)i#tip address 1.1.1.1 255.255.255.0 R1(config-subif)#frame-relay interface-dici 102 R1(config)#interface serial @/@.103 point-to-point R1(config-subif)#ip address 2.2.2.1 255.255.255.0 Ri(config-subif)#frame-relay interface-dici 1@3 R2(config)#interface serial 0/0 R2(config-if)#encapsulation frane-relay R2(config)#interface serial @/@.201 point-to-point R2(config-subif)#ip address 1.1.1.2 255.255.255.0 R2(config-subif)#frame-relay interface-dici 202 R3(config)#interface serial 0/0 R3(config-if)#encapsulation frane-relay R3(config)#interface serial @/@.301 point-to-point R3(config-subif)#ip address 2.2.2.2 255.255.255.0 R3(config-subif)#frame-relay interface-dici 301 Frame Relay Verification and troubleshoot Ritshow interfaces serial 0/0 Shows the encapsulation type [RaWshow frame-relay PVC Lists PVC status information Ritshow frame-relay map Lists OLCI to IP mapping Ritshow frame-relay Imi Lists LMI status information Rikdebug frame-relay Imi Displays the content of LMI messages Rindebug frame-relay events Lists messages about certain Frame Relay events, including Inverse ARP messages Network Address Translation (NAT) Static NAT + Define the outside and inside interfaces: Ri(config)#interface serial 0/0 Ri(config-if)#ip nat outside Ri(config)#interface FastEthernet 1/1 Ru(config-if)#ip nat inside + Configure static NAT statement: Ri(config)#ip nat inside source static 192.168.1.10 200.1.1.2 Dynamic NAT + Define the outside and inside interfaces: + Create an ACL that determines the IP addresses that are allowed to be translated: Ri(config)#access-list 3 permit 192.168.1.0 @.0.0.255 + Create a pool of public IP addresses Ri(config)#ip nat pool PUB 200.1.1,1 200.1.1.6 netmask 255.255.255.248 + Configure NAT statement: R1(config)#ip nat inside source list 3 pool PUBusco Commands NAT Overload (PAT) + The same as dynamic NAT with the use of the overload keyword at ‘the end of NAT statement: Ri(config)#ip nat inside source list 3 pool PUB overload NAT verification and troubleshoot RiWshow run Useful in viewing the configuration of NAT pool and the inside and outside interfaces Rilishow access-lists Displays access lists, including the one used for NAT Ritshow ip nat stasitics Shows counters for packets and NAT table entries, as well as basic configuration information Ridshow ip nat translations Displays the NAT table Ridclear ip nat translations * Clears all the dynamic entries in the NAT table Rindebug ip nat Issues a log message describing each packet whose ip address is translated with NAT