Chapter 1-10 Commands

Commands:

Chapter 1: Overview of Scalable Internetworks
There are no commands for chapter 1.
Chapter 2: Advanced IP Addressing Management
Commands:
2.6.1 Static NAT:

Router(config)#  ip  nat  inside  source  static  ip-add-local  ip-add-global

LAN interface:
Router(config-if)#  ip  nat  inside

WAN interface:
Router(config-if)#  ip  nat  outside

 

2.6.2 Dynamic NAT:

Router(config)# ip nat pool pool-name start-ip-add end-ip-add netmask mask 
Router(config)# access-list number permit network-address wildcard-mask 
Router(config)# ip nat inside source list number pool pool-name

LAN interface: 
Router(config-if)# ip nat inside 

WAN interface: 
Router(config-if)# ip nat outside

 

2.6.3 NAT Overloading

Router(config)# ip nat pool pool-name start-ip-add end-ip-add netmask mask
Router(config)# access-list number permit network-address wildcard-mask
Router(config)# ip nat inside source list number pool pool-name overload

LAN interface:
Router(config-if)# ip nat inside

WAN interface:
Router(config-if)# ip nat outside

 

2.6.3 TCP Load Distribution (Round-Robin or Rotary)

Router(config)# ip nat pool pool-name start-ip-add end-ip-add prefix-length bits type rotary Router(config)# access-list acl-number permit ip-add-virtual-host

Router(config)# ip nat inside destination list acl-number pool pool-name

LAN interface:
Router(config-if)# ip nat inside

WAN interface:
Router(config-if)# ip nat outside

 

2.6.3 Show commands

Router# show ip nat translations
Router# show ip nat statistics

2.6.3 Miscellaneous commands

Router(config)# ip nat translation timeout seconds
Router(config)# ip nat translation [tcp, udp, dns]-timeout seconds

2.7.2
2.7.3
Usually Serial Interface

Router(config-if)# ip unnumbered interface

2.8.1 Configuring DHCP Pool

Router(config)# ip dhcp pool pool-name

Router(dhcp-config)# network network-address /bits-borrowed-or-mask
Router(dhcp-config)# default-router default-gateway-address

 

2.8.1 Excluding Specific Addresses

Router(config)# ip dhcp excluded-address start-ip-add end-ip-add

2.9.3 On the client's router

Router(config-if)# ip helper-address ip-add-dhcp-server

Chapter 3: Routing Protocols Overview
There are no commands for chapter 3.
Chapter 4: OSPF in a Single Area
Commands:
4.3.1 Configuring OSPF Routing

Router(config)# router ospf process-id
Router(config-router)# network network-address wild-card-mask area area-number

4.3.2 Prioritizing the DR (Router ID)

Sequence (If a router with a higher priority is added to the network, the DR and BDR do not change.):

  1. Priority
    Router(config-if)# ip ospf priority number
     
  2. Highest Loopback Address
    Router(config)# interface loopback 0
    Router(config-if)# ip address ip-address mask
  3. Highest Interface Address

 

Lab 4.3.2 Authentication

Router(config-router)# area area-number authentication

Router(config-if)# ip ospf authentication-key password

 

4.4.3 Point-to-Point Configuration

Router(config-if)#interface type number point-to-point

4.4.5 Point-to-Multipoint Interfaces

Router(config-if)#ip ospf network point-to-multipoint

4.4.6 Multipoint configuration with broadcast network

Router(config-if)#ip ospf network broadcast

4.5.1 Show commands

Router# show ip protocols
Router# show ip ospf
Router# show ip ospf interface interface
Router# show ip ospf neighbor
Router# show ip ospf neighbor detail
Router# show ip ospf database
Router# show ip ospf adjacencies
Router# show ip ospf border-router
Router# show ip ospf virtual-links

Chapter 5: OSPF with Multiple Areas
Commands:
5.3.1 Configuring OSPF Routing

Router(config)# router ospf process-id
Router(config-router)# network network-address wild-card-mask area area-1-number
Router(config-router)# network network-address wild-card-mask area area-2-number

5.3.3 Configuring Route Summarization

On the ABR (Summarizes routes before injecting them into different area)
Router(config-router)# area area-id range network-address subnet-mask

On the ASBR (Summarizes external routes before injecting them into the OSPF domain.)
Router(config-router)# summary-address network-address subnet-mask

5.4.3 and 5.4.4 Configuring Stub Areas

The following command must be on all routers in that area, both ABR and internal routers:
Router(config-router)# area process-id stub

5.4.3 and 5.4.5 Totally Stubby Area

These commands must be on the ABR Router:
Router(config-router)# area area-id stub no-summary
Router(config)# ip route 0.0.0.0 0.0.0.0 next-hop-ip

The following command must be on all internal routers in that area:
Router(config-router)# area area-id stub

Router(config-router)# area process-id default-cost metric
Router(config-if)# bandwidth value

 

5.5.2 Virtual Links

Router(config-router)# area area-id virtual-link abr-ip-add

5.6.3 NSSA (Not So Stubby Area)

One of these commands must be on the ABR Router:
Router(config-router)# area area-id nssa
Router(config-router)# area area-id nssa default-information-originate

5.7.1 Show commands

Router#show ip ospf border-routers --- Displays the internal OSPF routing table entries to an ABR.
Router#show ip ospf virtual-links
Router#show ip ospf process-
Router#show ip ospf database
Router#show ip ospf [process-id area-id] database [router] Router#show ip ospf [process-id area-id] database [network] Router#show ip ospf [process-id area-id] database [summary] Router#show ip ospf [process-id area-id] database [asbr-summary] Router#show ip ospf [process-id area-id] database [external] Router#show ip ospf [process-id area-id] database [database-summary]

 

Chapter 6: Configuring EIGRP 
Commands:
6.6.1 Enabling EIGRP Routing

Router(config)# router eigrp process-id
Router(config-router)# network network-address

6.6.1 Miscellaneous

Router(config-router)# default-metric bandwidth delay reliability load mtu

6.6.2 IPX Routing

router(config)#ipx routing
router(config-ipx-router)#ipx router {eigrp autonomous-system-number | rip}
router(config-router)#network network-number

6.6.3 IPX SAP Updates

router(config-if)#ipx sap-incremental eigrp autonomous-system-number [rsup-only]

6.1.4 and 6.8.1 Show commands

Router# show ip eigrp neighbors
Router# show ip eigrp topology
Router# show ip eigrp topology all links
Router# show ip route eigrp
Router# show ip protocols
Router# show ip eigrp traffic

 

6.7.1 EIGRP Interface commands

Router(config-if)# ip summary-address eigrp as-number network-address mask
Router(config-if)# no auto-summary

Chapter 7: Route Optimization
Commands:
7.1.2 and 7.5.9 Using and configuring a Passive Interface

Router(config-router)# passive-interface type number

7.1.3 Using and configuring Route  Filters

Router(config)#distribute-list access-list number [in | out] [interface name]

7.2.1 Gateway of Last Resort

Router(config)# ip default-network xxx.xxx.xxx.xxx
Router(config)# ip default-gateway
Router(config-router)#redistribute static
(also in 7.3.4 and 7.4.3)
Router(config-router)#default metric bandwidth delay reliability load MTU

7.2.2 Gateway of Last Resort fails

Router#debug ip packet (also 7.3.4)
Router#show ip route

7.2.6 Using IP Classles

Router(config)# ip classless

7.4.1 RIP and 0.0.0.0

Router#debug ip rip

7.4.4 0.0.0.0 and IGRP

Router(config)# ip default- network 0.0.0.0
Router#debug ip igrp transactions
Router(config)# ip default network x.x.x.x

7.4.5 Floating Static Routes

Router#debug ip routing

7.5.4, 7.5.5, 7.5.8 and 7.5.9 Redistribution Guidelines

Router(config-router)#redistribute protocol [process-id] [metric metric-value] [metric-type type-value] [subnets]

router(config-router)#default-metric bandwidth delay reliability loading mtu

router(config-router)#default-metric number

7.5.5 Administrative Distance

router(config-router)#distance weight [address mask [access-list-number | name]]

7.5.10 Verifying Redistribution

Router#show running-config
Router#debug
Router#trace x.x.x.x

Example 1: EIGRP and IGRP redistributes automatically as long as the same process-id is used.

Router(config)# router eigrp 44 (or any AS number)
Router(config)# router igrp 44 (or any AS number)

Example 2:

Router(config)# router rip
Router(config-router)# redistribute igrp
Router(config)# router igrp
Router(config-router)# redistribute rip

Example 3:

Router(config)# router igrp 192
Router(config-router)# redistribute ospf 1 metric 56 100 255 1 1500 {k values}

Router(config)# router ospf 1
Router(config-router)# redistribute igrp 192 metric 12 metric-type 1 subnets
{ metric = metric for redistributed network; metric-type = 1 adds internal and external path costs; 2 internal costs only (default)}

 

Chapter 8: Basic BGP
Commands:
8.4.2 and 8.4.3 Configuring BGP for a single connection to an ISP

Router(config)# router bgp autonomous system number
Router(config-router)#neighbor ip address of neighbor remote-as AS#
Router(config)#network x.x.x.x
Router#clear ip bgp *

8.4.4 Comparing EBGP and IBGP connections

Router#show ip bgp neighbors

8.5.1 Show commands

Router#show ip bgp
Router#show ip bgp paths
Router#show ip bgp summary
Router#show ip bgp neighbors

8.6.1 Configuration example: Building Peer Sessions

Router(config)#ip subnet-zero
Router(config)#interface type slot/port
Router(config-if)#ip address ip-address mask [secondary]

Router(config)#router process [process-id]

Router(config-router)#network
Router(config-router)#inverse mask
Router(config-router)#area area-number

Router(config-router)#neighbor
Router(config-router)#no synchronization
Router(config-router)#no auto-summary

ip classless
update-source interface
remote-as
ebgp-multihop 2

8.6.3 How synchronization works

router(config-router)#no synchronization

8.7.4 BGP Route Maps

Router(config)#route-map map-tag [[permit | deny] | [sequence-number]]
Router(config)# route-map MYMAP permit 10
! First set of conditions goes here.
Router(config)#route-map MYMAP permit 20
! Second set of conditions goes here

Router(config)# access-list access-list-number {deny | permit} source [source-wildcard]

 

8.7.8 Next-hop Behavior over NBMA

Router(config-router)#neighbor x.x.x.x next-hop-self

8.8.2 Configuration example: Removing Private AS Numbers

Router(config-router)#neighbor x.x.x.x remove-private-AS

8.8.4 Configuration example: AS-Path Manipulation

Router(config-router)#neighbor x.x.x.x route-map name [in | out]
Router(config)#route-map name {permit | deny} instance number
Router(config-route-map)#set as-path prepend AS# AS# AS#

8.8.6 Configuration example: Setting the Local Preferenece Attribute

Router(config-router)#bgp default local-preference pref-number
Router(config-route-map)#set local-preference pref-number

8.8.7 The MED Attirbute

Router(config-router)# bgp always-compare-med

8.8.8 Configuration example: MED

Router(config-router)# bgp always-compare-med
Router(config-route-map)#set metric value

Chapter 9: Integrating BGP into ISP Networks
Commands:
9.1.4 Route Reflectors: Naming rules and conventions

Router(config-router)#neighbor x.x.x.x route-reflector-client

9.2.3 Configuration example: ID and Filter Routes based on NLRI

Router(config-router)#neighbor x.x.x.x distribute-list number [in | out]
Router(config)# access-list access-list-number {deny | permit} protocol source source-wildcard destination destination-wildcard | mask mask-wildcard

9.2.5 Configuration example: Communities

Router(config-router)#neighbor x.x.x.x send-community
Router(config-router)#neighbor x.x.x.x route-map name [in | out]
Router(config)#route-map name [permit | deny] instance number
Router(config-route-map)#match condition
Router(config-route-map)#set community community type

9.2.9 Configuration example: Peer Groups

Router(config-router)#neighbor peergroup name peer-group
Router(config-router)#neighbor peergroup name conditions
Router(config-router)#neighbor x.x.x.x peer-group peer group name

9.3.4 Dynamically Learned Defaults

Router(config-router)#network 0.0.0.0

9.3.6 Statically Set Defaults

Router(config)# ip route network [mask] {address | interface} [distance]

9.5.1 Inject information dynamically into BGP

Router(config-router)#redistribute protocol

9.5.4 Inject information dynamically into BGP

Router(config-router)# passive-interface type number
Router(config-router)# redistribute protocol

Chapter 10: Managing IP Traffic
Commands:
10.2 Configuring IP Standard Access Lists

Router(config)#access-list[1-99] [permit/deny] source source-mask
Router(config)#interface interface-type interface-number
Router(config-if)#ip access group list-number [in/out]

10.3 Restricting Virtual Terminal Access

Router(config)#line vty line-number-range
Router(config-if)#access-class Access-list-number [in/out]

10.4 Configuring Extended Access Lists

Router(config)# access-list [100-199] [permit/deny] protocol source source-wildcard destination destination-wildcard operator port-number
Router(config)#interface interface-type interface-number
Router(config-if)#ip access group list-number [in/out]

10.4 Configuring Named Access Lists

Router(config)# ip access-list extended name
Router(config-nacl-ext)# [permit/deny] protocol source source-wildcard destination destination-wildcard operator port-number
Router(config)#interface interface-type interface-number
Router(config-if)#ip access group list-name [in/out]

10.4 Verifying Access List Configurations

Router# show access-list
Router# show ip access-list [access-list-number]
Router# clear access-list counters [access-list-number]

10.5 Using an Alternative to Access Lists

Router(config)# ip route address mask null 0

10.6 Configuring Lock-and-Key Security (Dynamic Access Lists)

Router(config)#access-list access-list-number [dynamic dynamic-name]
[timeout minutes]] {deny | permit} telnet source
source-wildcard destination destination-wildcard
[precedence precedence] [tos tos] [established] [log]
Router(config)# interface type number
Router(config-if)# ip access-group access-list-number
Router(config)# line VTY line-number [ending-line-number]
Router(config-line)# login tacacs
or
Router(config-line)#username name password secret
or
Router(config-line)#password password
Router(config-line)#login local
Router(config-line)#autocommand access-enable [host] [timeout minutes]

Verifying lock and key operation
Router# show access-lists [access-list-number]
Router# clear access-template [access-list-number | name] [dynamic-name] [source] [destination]

10.7 Configuring IP Session Filtering (Reflective Access Lists)

Define the Reflexive Access List(s)
If you are configuring reflexive access lists for an external interface, the extended named IP access list should be one that is applied to outbound traffic. If you are configuring reflexive access lists for an internal interface, the extended named IP access list should be one that is applied to inbound traffic.

Router(config)# ip access-list extended name
Router(config-nacl-ext)# permit protocol any any reflect name[timeout seconds] Router(config)#interface interface type number
Router(config-if)# ip access-group name [in/out]

Nest the Reflexive Access List(s)
If you are configuring reflexive access lists for an external interface, nest the reflexive access list within an extended named IP access list applied to inbound traffic. If you are configuring reflexive access lists for an internal interface, nest the reflexive access list within an extended named IP access list applied to outbound traffic.

Router(config)#ip access-list extended name
Router(config-nacl-ext)# evaluate name
Router(config)#interface interface type number
Router(config-if)# ip access-group name [in/out]

 

10.8 Context Based Access Control

Configure Application-Layer Protocol Inspection
Router(config)# ip inspect name inspection-name protocol [timeout seconds]
Router(config)# ip inspect name inspection-name rpc program-number number [wait-time minutes] [timeout seconds]

Configure Java Inspection
Router(config)# access-list access-list-number {deny | permit}source [source-wildcard]
Router(config)# ip inspect name inspection-name http [java-list access-list] [timeout seconds]

Configure Generic TCP and UDP Inspection
Router(config)# ip inspect name inspection-name tcp [timeout seconds]
Router(config)# ip inspect name inspection-name udp [timeout seconds]

Apply the Inspection Rule to an Interface
Router(config-if)#ip inspect inspection-name {in | out}

Display Configuration, Status, and Statistics for Context-Based Access Control
Router#show ip inspect name inspection-name
Router#show ip inspect config
Router#show ip inspect interfaces
Router#show ip inspect session [detail]
Router#show ip inspect all

Debug Context-Based Access Control
Router(config)#ip inspect audit trail

Generic Debug Commands
Router#debug ip inspect function-trace
Router#debug ip inspect object-creation
Router#debug ip inspect object-deletion
Router#debug ip inspect events
Router#debug ip inspect timers
Router#debug ip inspect detail
Router#debug ip inspect protocol