CISCO IOS commands
General =
commands
Here are some general and simple =
commands=20
shown
NAT =
Entries
Network Address Translation (NAT) =
entries is=20
used for translating the where traffic a specific port =
should be=20
sent. I.e. traffic from the outside WAN on port 21 should go =
to the=20
FTP server and traffic on port 80 should end up at the WWW =
server.=20
This is accomplished using NAT.
Uploading and =
downloading=20
configurations and IOS to the router
The FLASH memory is the memory area =
that=20
contains the IOS. NVRAM is the memory that holds the=20
configuration.
Monitoring of router and swiche
To monitor IOS equipment using Simple Network Management =
Protocol=20
(SNMP) require that community stings are defined
DHCP
In case you did not finde what you =
where looking=20
for try this page
Choose "Start" =
-> "Run"=20
and type:
telnet 192.168.1.1
Where 192.168.1.1 is the IP-adresse of =
the=20
router
By default routers =
are=20
configured to accept telnet on port 23 from the =
inside. In=20
order to get telnet access from the outside, you need to =
create a=20
NAT entry for this popores.=20
Connect to the router -> enable =
-> config.=20
Type:
ip nat ins sou sta tcp 192.168.1.1 23 int =
dialer0=20
23000
Now you have outside telnet access on port =
23000.=20
NB. This also makes your router more open for hacker=20
attack.
Connect to the router. After the initial =
password you are=20
in user mode. The prompt will like Router>. This =
mode is=20
mostly used to view statistics, though it is also a =
stepping-stone=20
for logging into more privileged mode. You can only view and =
change=20
the configuration of a Cisco router in privileged mode, =
which you=20
enter by typing:=20
enable or en
After a =
succesfull login the prompt will have changed to Router# =
To end Priviliged mode type:
disable
Connect to the router -> enable and=20
type:
configure terminal or =
conf=20
t
To end the config mode press <CTRL>+Z=20
(^Z).=20
Remember to save any changes that are =
made by=20
typing: write
Connect to the router, go to enable mode and=20
type:
reload=20
Press enter when prompted to confirm.
In =
enable=20
mode type:
sh run or wr=20
t
Connect =
to the=20
router -> enable -> Config mode, type:
int dialer0
time abs=20
<minutter>
Connect to the =
router ->=20
enable -> Config mode, type:
line vty 0 4
password=20
<PASS>
line con 0
password=20
<PASS>
To change the Enable=20
password:
no enable secret
enable secret=20
<PASS>
Connect to the =
router and=20
type:
sh dsl int atm0
Connect to =
the router=20
and type:
sh ip in br dial0
Connect to the router =
->=20
enable mode and type:
clock set 10:17:00 14 june=20
2001
The format is "hh:mm:ss day month =
year". NB.=20
clock set ? does not show the correct=20
format.
=20
In config =
mode type=20
:
ip nat ins sou sta tcp w.x.y.z 5500 int dialer0 =
5500
ip nat ins sou sta tcp w.x.y.z 5501 int dialer0 =
5501
ip=20
nat ins sou sta tcp w.x.y.z 5502 int dialer0 5502
ip nat =
ins sou=20
sta tcp w.x.y.z 5503 int dialer0 5503
Hvor =
w.x.y.z is=20
the internal IP.
Connect to the=20
router and type:
sh ip nat trans
Connect to the =
router ->=20
enable -> Config mode. The format is:
ip nat =
inside=20
source static <protocol> <internal ip> =
<port>=20
interface dialer0 <port>
Protocol is =
either tcp or=20
udp. I.e. a NAT entry for port 4000 to 192.168.1.10 is done =
by=20
typing:
ip nat inside source static tcp =
192.168.1.10 4000=20
interface dialer0 4000
Connect to the=20
router -> enable mode -> Config mode. The format=20
is:
no ip nat inside source static =
<protocol>=20
<internal ip> <port> interface dialer0 =
<port>=20
I.e. the NAT entry for port 4000 to 192.168.1.10 =
removed=20
by:
no ip nat inside source static tcp =
192.168.1.10 4000=20
interface dialer0 4000
In some cases the command above will not be succesfull, =
because=20
the entry is in use. If this is the case type the following =
before=20
going into config mode.
clear ip nat translation=20
*
To enable an external ip range - i.e. =
212.52.72.184 -=20
191. Connect to the router -> enable mode -> Config =
mode and=20
type:
int eth0
ip address 212.52.72.185 =
255.255.255.248
(Change the ip number to the =
external=20
numbers that is desired)
end=20
write
reload
Login again and delete the =
access=20
list that controls the access inside out
(decide what =
IP's that=20
is given access through the router), in config =
mode:
no=20
access-list 1
access-list 1 permit 212.52.72.184=20
0.0.0.255
Notice the subnet mask 0.0.0.255 is =
opposite=20
and equals 255.255.255.0
To disable NAT =
completely on=20
the inside
no ip nat inside
end=20
write
reload
=20
This satisfy the requirement from some =
firewalls=20
that the routers ip address have to be on the same network =
as the=20
wan link on the firewall. Trafic to DMZ and firewall is now =
going=20
directly through the router to the firewall.
By default most routers =
will=20
route all external traffic to 192.168.1.2. If this is needs =
to be=20
change to somethin else i.e. a firewall address. Connect to =
the=20
router - > enable mode and type:=20
clear ip nat translation =
*
configure=20
terminal
no ip nat inside source static 192.168.1.2 =
<external=20
ip>
ip nat inside source static 192.168.0.2 =
<external=20
ip>
write
reload
Connect to the router -> enable=20
mode
copy nvram=20
tftp://xx.xx.xx.xx/config.cfg
This saves a configuration file to the =
TFTP=20
server at ip xx.xx.xx.xx
Connect to the router -> enable=20
mode
copy tftp://xx.xx.xx.xx/config.cfg =
nvram
This loads a configuration file to the =
TFTP=20
server at ip xx.xx.xx.xx
Connect to the router -> enable=20
mode
delete nvram
This removes all configuration parameters and returns the =
router/switch to factory default settings.
Connect to the router -> enable =
mode and type=20
:
sh flash
This will show the files stored in the =
flash=20
memory.
System flash directory:
File =
Length=20
Name/status
1 3641684 soho70-y1-mz.123-6.bin
[3641748 =
bytes=20
used, 4746860 available, 8388608 total]
8192K bytes of =
processor=20
board System flash (Read/Write)
In this case an image called=20
soho70-y1-mz.123-6.bin
To back up this file type:
copy flash tftp://192.168.1.2/xxxxx.bin
Source =
filename=20
[soho70-y1-mz.123-6.bin]?
Address or name of remote host=20
[192.168.1.2]?
Destination filename [xxxxx.bin]?
Where 192.168.1.2 is the ip-address of the tftp server. =
When=20
prompted for the source file name type the file name found =
using the=20
sh flash command. xxxxxx.bin will be the file name the IOS =
is stored=20
under on the server.
Connect to the router -> enable =
mode and type=20
:
copy tftp://192.168.1.2/xxxxx.bin =
flash
Destination=20
filename [xxxxx.bin]?
Accessing=20
tftp://192.168.1.2/xxxxx.bin...
Where 192.168.1.2 is the ip-address of the tftp server =
and=20
xxxxx.bin is the image in the tftp root. If you do not have =
enough=20
room in the flash memory to store both copies the =
router will=20
ask to erase the contents of the flash before writing the =
new file=20
to the memory.
Connect to the router -> enable =
mode - config=20
mode and type:
snmp-server community XXXXX RO
snmp-server =
location=20
YYYY
snmp-server contact ZZZZ
snmp-server enable traps =
tty
Where XXXXX is the community name that the software which =
is=20
collecting the SNMP trap must use. YYYY and ZZZZ are =
optional.
Connect to the router -> enable =
mode - config=20
mode and type:
no snmp-server community XXXXX RO
There =
are 2=20
ways to do this. The first and most difficult is done by=20
connecting to the router -> enable mode - config =
mode and=20
type:=20
ip dhcp pool <SCOPE =
name>
=20
network <network> <subnet>
=
default-router=20
<the routers internal ip>
dns-server =
212.54.64.170=20
212.54.64.171
lease 0 1
Default the =
routers=20
IP is 192.168.1.1.
I.e. you only want to use the =
following address=20
pool 192.168.1.32-192.168.1.63 (Not include).
The you =
have to=20
change <network> to 192.168.1.32 and <subnet> =
tol=20
255.255.255.224.
This page can used to help you =
calculating the subnet for you address pool: Subnet=20
calculator.
The second and much easier way is =
just to=20
reserve some address in the existing DHCP scope. I.e. you =
don't want=20
to use the IP from 192.168.1.40 tol 192.168.1.72. In config =
mode=20
type :
ip dhcp exclude 192.168.1.40 =
192.168.1.72=20
Connect to the router -> enable =
mode - config=20
mode and type:
no service =
dhcp=20