Showing posts with label Cheat Sheets. Show all posts
Showing posts with label Cheat Sheets. Show all posts

Subnet Cheat Sheet

The tables below are commonly used subnet masks and hosts.



Class C


Mask Notation  Subnets  Hosts 
255.255.255.0/241256
255.255.255.128/252128
255.255.255.192/26464
255.255.255.224/27832
255.255.255.240/281616
255.255.255.248/29328
255.255.255.252/30644
255.255.255.254/311282
255.255.255.255/322561

Class B


Mask Notation  Subnets  Hosts 
255.255.0.0/16165,536
255.255.128.0/17232,768
255.255.192.0/18416,384
255.255.224.0/1988,192
255.255.240.0/20164,096
255.255.248.0/21322,048
255.255.252.0/22641,024
255.255.254.0/23128512
255.255.255.0/24256256

Class A


Mask Notation  Subnets  Hosts 
255.0.0.0/8116,777,216
255.128.0.0/928,388,608
255.192.0.0/1044,194,304
255.224.0.0/1182,097,152
255.240.0.0/12161,048,576
255.248.0.0/1332524,288
255.252.0.0/1464262,144
255.254.0.0/15128131,072
255.255.0.0/1625665,536

 

7/02/2011 06:56:00 AM

Posted by MK | Filed Under | 2 Comments

Linux Cheat Sheet - Command Line


COMMAND INPUT

The colors designate the actual Linux command in blue, while the user input (file, numeric value, etc) is red. 

Basic Operation

#hostame - Displays the hostname and/or FQDN of the system 

#uname -a - Displays the hostname and detailed kernel version 

#cat /etc/redhat-release - Displays the version of Linux installed Example: 

#cat /proc/cpuinfo - Displays information about the CPU(s) 

#df -h - Displays the partitions, their sizes details, and mount points 

#free - Displays detail about the system memory and usage 

#lsof - Displays all open files 

#lsof -nPi:22 - Displays any open files which use port 22 

#locate httpd.conf - Displays the full path to any file named httpd.conf 

#updatedb - Rebuilds index of files for search using the locate utility 

Copy, Move, Delete
#cp file1.txt file2.txt - Copies file1.txt to file2.txt 

#mv old.txt new.txt - Renames a file called old.txt to new.txt 

#rm file1.txt - Deletes file1.txt 

#mkdir httpds - Creates a new directory called httpds 

#cp -R httpd httpds - Recursively copies all files from directory httpd to httpds 

#cp -PR httpd httpds - Recursively copies all files from directory httpd to httpds and retains all permission settings 

#rm -rf httpd - Recursively deletes folder httpd and all contents 

#chkconfig --list - Displays all services and their state (start or stop) at each runlevel 

#chkconfig --level 35 httpd on - Sets httpd to start on runlevels 35 when machine is booted 

#service httpd start - Immediately starts Apache 

File Attributes


#chown apache virtualhosts.txt - Changes ownership of the virtualhosts.txt file to user apache 

#chgrp apache virtualhosts.txt - Changes membership of the virtualhosts.txt file to group apache 

#chmod a+x sniffer.pl - Allows the sniffer.pl file to be executed 

CHMOD
7 rwx read, write, execute 
6 rw- read, write 
5 r-x read, execute 
4 r-- read 
3 -wx write, execute 
2 -w- write 
1 --x execute 
0 --- no permissions 

#chmod 777 passwords.txt - Allows read, write, and execute on the file passwords.txt to anyone 

#chmod 000 passwords.txt - Blocks read, write, and execute on the file passwords.txt to anyone 

Yum
#yum update -y - Updates all packages without prompting 

#yum install iptraf - Installs a package named iptraf 

#yum whatprovides */iostat - Searches all repositories and returns RPMs that provide the program iostat 

#yum update samba - updates a package named samba 

RPM
#rpm -q http - Displays the version of daemon http (apache) 

#rpm -qa | grep bind - Displays all packages installed with the word bind. Example: 


#rpm -qa | grep bind 
bind-chroot-9.3.6-16.P1.el5 
system-config-bind-4.0.3-4.el5.centos 
bind-utils-9.3.6-16.P1.el5 
bind-9.3.6-16.P1.el5 
bind-libs-9.3.6-16.P1.el5 
ypbind-1.19-12.el5 

#rpm -ivh proftpd - Interactively installs proftpd 

#rpm -Uvh proftpd - Interactive upgrades named proftpd 

#rpm -e proftpd - Removes package proftpd 

#rpm --rebuilddb - Rebuilds a corrupt RPM database 

Compressed files
#unzip package.zip - Unzips the file package.zip 

#tar -zvxf stunnel.tar.gz - Decompressed a gzip file named stunnel.tar.gz 

Networking

#ifup eth0 - Enables network interface eth0 

#ifdown eth0 - Disables network interface eth0 

#vi /etc/sysconfig/network-scripts/ifcfg-eth0 - Uses vi to edit network settings on eth0 

IP tables
#service iptables status - Displays status of iptables (running or not) 

#iptables -L - Displays ruleset of iptables 

#iptables -I INPUT -p tcp -m tcp -s 192.168.15.254/26 --dport 22 -j ACCEPT - Accepts incoming SSH connections from IP range 192.168.15.254/26 
#iptables -I INPUT -p tcp -m tcp -s 0.0.0.0/0 --dport 22 -j DROP - Blocks SSH connections from everywhere else 

#iptables -I INPUT -s "192.168.10.121" -j DROP - Drops all traffic from IP 192.168.10.121 

#iptables -D INPUT -s "192.168.10.121" -j DROP - Removes previously allied drop all from IP 192.168.10.121 

#iptables -I INPUT -s "192.168.10.0/24" -j DROP - Drops all traffic from IP range 192.168.10.0/24 

#iptables -A INPUT -p tcp --dport 25 -j DROP - Blocks all traffic to TCP port 25 

#iptables -A INPUT -p tcp --dport 25 -j ACCEPT - Allows all traffic to TCP port 25 

#iptables -A INPUT -p udp --dport 53 -j DROP - Blocks all traffic to UDP port 53 

#/etc/init.d/iptables save - Saves all IPtables rules and re-applies them after a reboot


Processes
#ps ax - Displays all running processes 

#ps aux - Displays all running processes including CPU and memory usage of each 

#ps ax | wc -l - Displays the total number of processes 

#top - Interactive process manager which allows sorting by criteria
Logs
#tail -f /var/log/messages - Displays the most current entries to the messages log in real-time 

#tail -50 /var/log/messages - Displays the last 50 lines of the messages log 

#head -50 /var/log/messages - Displays the first 50 lines of the messages log 

#cat /var/log/messages - Displays the entire messages log 

#cat /var/log/messages | grep "FTP session opened" - Displays any entries in the messages log that contain the ext FTP session opened 

#cat /var/log/messages | grep "FTP session opened" > log2.txt - Writes any entries in the messages log that contain the ext FTP session opened to a file named log2.txt 

Paths to Common Files

Bind (named)
/var/named - Bind zone files (non chrooted) 
/etc/named.conf - Bind configuration file (non chrooted) 
/var/named/chroot/var/named - Bind zone files (chrooted) 
/var/named/chroot/etc/named.conf - Bind configuration file (chrooted) 

Apache (httpd)
/etc/httpd/conf/httpd.conf - Main apache configuration file 
/var/www/html - Default directory for serving pages 
/var/log/httpd/ - Default location for logs (access and error) 

Networking
/etc/hosts - System hosts file 
/etc/resolv.conf - DNS lookup configuration file 
/etc/sysconfig/network - Network/hostname configuration file 
/etc/selinux - SELinux configuration file 
/etc/sysconfig/network-scripts/ - Default location of a network setting file 
/etc/sysconfig/iptables - Default iptables policy configuration file 
/etc/sysconfig/iptables-config - Default iptables daemon configuration file 
 

7/02/2011 06:55:00 AM

Posted by MK | Filed Under | 2 Comments

ScreenOS Cheat Sheet


COMMAND INPUT

The colors designate the actual ScreenOS command in blue, while the user input (policy name, numeric value, etc) is red. 

Basic Operation

get hostame - Displays the hostname of the device 

set hostname atlanta-firewall - Sets the hostname to atlanta-firewall 

get domain - Displays the domain name of the device 

set domain skullbox.net - Sets the domain name to skullbox.net 

get chassis - Displays chassis information such as temperature, fan status, and slot information 

get system - Displays hardware and software information 

get config - Displays the complete running configuration 

get zone - Displays all zones present in device 

set zone name warehouse - Create new zone named warehouse 

unset zone warehouse - Removes zone warehouse 

get interface - Displays all physical and sub-interfaces 

get interface | include tun - Displayes all intefaces starting with tun (tunnel intefaces) 

get interface ethernet0/2 mip - Displays MIP information on specified interface 

get arp - Displays all number of sessions, MAC addresses,and IP addresses learned by the device 

get ssh - display active management SSH sessions

get counter statistics - Displays statistics for all interfaces 

get counter statistics interface ethernet0/2 - Displays statistics for ONLY specific interface 

get performance cpu - Displays CPU utilization over the last 1,5, and 15 minutes 

get performance session - Displays session utilization over the last 1,5, and 15 minutes 

get dns host settings - Displays DNS servers and assigned interfaces 

get dhcp - Displays DHCP information and assigned interfaces 

get admin - Displays management information such as access ports and filtered IP addresses 

get event - See Troubleshooting Section 

get session - See Troubleshooting Section 

get address untrust - Displays addresses in the untrust zone 

get ike gateway - Displays all gateways configured for VPN 

get vrouter trust-vr - Displays all vrouter information and routes associated with trust-vr 

get sa - Displays information about IKE (VPN) Gateways 

get ntp - Displays network time protocol information 

get service - Displays protocols both native and custom 

set service "RDP" protocol tcp src-port 0-65535 dst-port 3389-3389 Creates a service named RDP with source ports from 0-65535 and a destination port of 3389. 

Security

set admin manager-ip 10.15.15.0 255.255.255.0 - Sets administrator access from 10.15.15.0/24 

Policies
set policy from Cisco2821 to DMZ902 192.168.105.0/24 Any HTTP permit log - Sets policy from zone Cisco2821 to DMZ902 allowing 192.168.105.0/24 (from Cisco2821) and allows communication to any IP range in zone DMZ902 over port 80 (HTTP) and logs all traffic. This assumes 192.168.105.0/24 is contained in the address list. 

set policy from Cisco2821 to DMZ902 192.168.105.0/24 Any ANY nat src permit log - Sets policy from zone Cisco2821 to DMZ902 allowing 192.168.105.0/24 (from Cisco2821) and allows communication to any IP range in zone DMZ902 over any port and logs all traffic. This assumes 192.168.105.0/24 is contained in the address list and this policy also performs NAT. 

set policy from Untrust to warehouse Any MIP(216.93.242.16) DNS permit - Sets policy allowing any IP from Untrust (Internet) zone to MIP with IP 216.93.242.16 allowing ONLY DNS traffic 

set policy from Untrust to warehouse Any MIP(216.93.242.16) ANY deny log - Sets policy allowing any IP from Untrust (Internet) zone to MIP with IP 216.93.242.16 specifically DENYING ALL traffic and logging it 

set policy from Guest to Untrust 192.168.109.0/24 Any HTTP nat src dip-id 5 permit - Sets policy from zone Guest with IP 192.168.109.0/24 to Untrust (Internet) with any IP allowing port 80 (HTTP) performing NAT and using DIP with ID five 

set policy from Untrust to warehouse ras.skullbox.net VIP(ethernet0/2) RDP permit log - Sets policy from zone Utrust (Internet) with hostname ras.skullbox.net to zone wharehouse using the specified VIP on Ethernet0/2 allowing RDP traffic and logging it 

set policy id 43 disable - Keeps policy id 43 in the configuration, but disables it 

set policy id 13 - Modifies policy ID 13 
set src-address fin_servers - Adds group fin_servers from address book 
set src-address fin_users - Adds group fin_users from address book 
set src-address fin_network - Adds group fin_network from address book 
set src-address sales_department - Adds group sales_department from address book 

set policy id 43 - Modifies policy ID 43 
set service DNS - Adds service DNS to policy 
set service FTP - Adds service FTP to policy 
set service HTTPS - Adds service HTTPS to policy 
set service ICMP-ANY - Adds service ICMP-ANY to policy 

set zone Untrust screen tear-drop - Sets a screen on interface Untrust for tear drop attacks 
set zone Untrust screen syn-flood - Sets a screen on interface Untrust for syn flood attacks 
set zone Untrust screen ping-death - Sets a screen on interface Untrust for ping of death attacks 
set zone Untrust screen land - Sets a screen on interface Untrust for land attacks 

Network Configuration

set interface ethernet0/2 phy full 1000mb - Sets Ethernet0/2 to full-duplex and 1Gbps (not auto-negotiate) 

set interface ethernet0/0 ip 216.93.242.12/26 - Sets IP information on Ethernet0/0 

set interface ethernet3/0.1 tag 205 zone warehouse - Creates a sub-interface from Ethernet3/0 using 802.11q VLAN tag 205 and puts the new interface into the warehouse zone 

set inteface ethernet0/3 route - sets interface Ethernet0/3 to route mode 

set inteface ethernet0/5 nat - sets interface Ethernet0/5 to NAT mode 

set brgroup 3 0 - Enables group number zero on PIM slot 3. A maximum of 8 bgroups can be configured 

Bgroup Configuration
set interface bgroup 3/0 port ethernet3/1 - Add physical interfaces to Bgroup3/0 
set interface bgroup 3/0 port ethernet3/2 - Add physical interfaces to Bgroup3/0 
set interface bgroup3/0 zone warehouse - Assigns bgroup3/0 to the warehouse zone 

set interface ethernet0/5 phy link-down - Physically disables ports 
unset interface ethernet0/5 phy link-down - Physically enables ports 

set interface tunnel.5 zone Untrust - Creates tunnel interface with ID 5 assigned to zone Untrust 
set interface tunnel.5 ip unnumbered interface ethernet0/2 - Sets tunnel.5 as an unnumbered interface with Ethernet0/2 as a gateway 

set interface ethernet3/10 ip managable - Enables management interface on IP address assigned to Ethernet3/10 

set interface ethernet3/10 manage ping - Enables ping on Ethernet3/10 
set interface ethernet3/10 manage ssh - Enables ssh on Ethernet3/10 
set interface ethernet3/10 manage snmp - Enables snmp on Ethernet3/10 
set interface ethernet3/10 manage web - Enables web on Ethernet3/10 
set interface ethernet3/10 manage telnet - Enables telnet on Ethernet3/10 

DHCP Configuration
set interface ethernet3/3 dhcp server service - Enables DHCP server on Ethernet3/3 
set interface ethernet3/3 dhcp server option lease 1440 - Sets DHCP lease time (in minutes) 
set interface ethernet3/3 dhcp server option gateway 192.168.101.1 - Sets gateway provided by DHCP 
set interface ethernet3/3 dhcp server option netmask 255.255.255.0 - Sets subnet mask provided by DHCP 
set interface ethernet3/3 dhcp server option domainname skullbox.lan - Sets domain suffix provided by DHCP 
set interface ethernet3/3 dhcp server option dns1 8.8.8.8 - Sets DNS provided by DHCP 
set interface ethernet3/3 dhcp server option dns1 4.4.4.2 - Sets DNS provided by DHCP 
set interface ethernet3/3 dhcp server ip 192.168.115.200 to 192.168.115.200 - Sets range of IP addresses for DHCP lease 

set interface ethernet 0/2 dip 4 216.93.242.13 216.93.242.13 - Sets interface Ethernet0/2 with a DIP address (ID four) with a range of 216.93.242.13 to 216.93.242.13 

set interface ethernet0/2 mip 216.93.242.14 host 192.168.152.15 netmask 255.255.255.255 vr "trust-vr" - Sets Ethernet0/2 to use 216.93.242.14 as a mapped IP to 192.168.152.15/32 using virtual router trust-vr 

set interface ethernet0/2 vip interface-ip 3389 RDP 192.168.131.15 

Routing
set route 10.145.12.0/24 interface bgroup3/0 gateway 10.145.12.254 description "extranet" - Sets routing desinated for 10.145.12.0/24 to use interface bgroup3/0 with a gateway of 10.145.12.254 and a description called extranet 

set route 192.168.99.0/24 interface tunnel.5 description "dr-vpn" - Sets routing desinated for 10.192.168.99.0/24 to use interface tunnel.5 with a description called dr-vpn 

SNMP Configuration
set snmp community "xoop" Read-Write Trap-on traffic version v1 - Specifies a read-write community called xoop 
set snmp host "xoop" 10.16.0.92/32 src-interface bgroup3/0 trap v1 - sets the source interface and destination for SNMP (version one) requests 
set snmp location "rack 34" - Specifies SNMP location information 
set snmp contact "Erik Rodriguez" - Specifies SNMP contact information 
set snmp name "corp-firewall" - Specifies SNMP device information 
set snmp port listen 161 - Specifies SNMP listen port (default is UDP 161) 
set snmp port trap 162 - Specifies SNMP trap port (default is UDP 162) 

Syslog Configuration
set syslog config 192.168.105.76 - Sets the syslog destination IP 
set syslog config 192.168.105.76 facilities local0 local1 - Sets the syslog facilities 
set syslog src-interface ethernet3/2 - Sets the interface used to reach the syslog server 
set syslog enable 

NTP Configuration
set ntp server 216.93.242.12 - Enables NTP with 216.93.242.12 as time source 
set ntp server src-interface ethernet3/0 - Uses interface Ethernet3/0 to reach NTP update source 
set clock ntp - Enables system clock to sync with NTP 
exec ntp update - Forces snyc of clock with NTP server 

Troubleshooting

trace-route 216.93.242.12 from ethernet3/0 - Performs a traceroute from a specific interface 

ping 216.93.242.12 count 100 from ethernet3/11 - Performs ping to 216.93.242.12 with 100 ICMP echos from interface Ethernet3/11 

Sessions
get session src-ip 192.168.1.35 - Displays session information for source device 192.168.1.35 

get session dst-ip 216.93.242.12 - Displays session information for destination device 216.93.242.12 

get session src-port 3636 - Displays session information for source port 3636 

get session dst-port 3389 - Displays session information for destination port 3389 

clear session Immediately clears all software sessions 

Events
get event policy-id 35 - Displays any events logged regarding policy ID 35 

get event level alert Displays any logged events deemed Alerts (requiring immediate action) 

get event start-date 2011-05-03 Displays events starting from May 3rd 2011 

get event start-time 21:26:42 Displays events starting from 9:26:42 PM 

get event include SPI Displays events which include SPI (IKE activity)  

7/02/2011 06:54:00 AM

Posted by MK | Filed Under | 11 Comments

Cisco IOS Cheat Sheet

ROUTER COMMANDS

TERMINAL CONTROLS:
·  Config# terminal editing - allows for enhanced editing commands
·  Config# terminal monitor - shows output on telnet session
·  Config# terminal ip netmask-format hexadecimal|bit-count|decimal - changes the format of subnet masks 

HOST NAME:
·  Config# hostname ROUTER_NAME 

BANNER:
·  Config# banner motd # TYPE MESSAGE HERE # - # can be substituted for any character, must start and finish the message 

DESCRIPTIONS:
·  Config# description THIS IS THE SOUTH ROUTER - can be entered at the Config-if level 

CLOCK:
·  Config# clock timezone Central -6
# clock set hh:mm:ss dd month yyyy - Example: clock set 14:35:00 25 August 2003 

CHANGING THE REGISTER:
·  Config# config-register 0x2100 - ROM Monitor Mode
·  Config# config-register 0x2101 - ROM boot
·  Config# config-register 0x2102 - Boot from NVRAM 

BOOT SYSTEM:
·  Config# boot system tftp FILENAME SERVER_IP - Example: boot system tftp 2600_ios.bin 192.168.14.2
·  Config# boot system ROM
·  Config# boot system flash - Then - Config# reload 

CDP:
·  Config# cdp run - Turns CDP on
·  Config# cdp holdtime 180 - Sets the time that a device remains. Default is 180
·  Config# cdp timer 30 - Sets the update timer.The default is 60
·  Config# int Ethernet 0
·  Config-if# cdp enable - Enables cdp on the interface
·  Config-if# no cdp enable - Disables CDP on the interface
·  Config# no cdp run - Turns CDP off 

HOST TABLE:
·  Config# ip host ROUTER_NAME INT_Address - Example: ip host lab-a 192.168.5.1
-or-
·  Config# ip host RTR_NAME INT_ADD1 INT_ADD2 INT_ADD3 - Example: ip host lab-a 192.168.5.1 205.23.4.2 199.2.3.2 - (for e0, s0, s1) 

DOMAIN NAME SERVICES:
·  Config# ip domain-lookup - Tell router to lookup domain names
·  Config# ip name-server 122.22.2.2 - Location of DNS server
·  Config# ip domain-name cisco.com - Domain to append to end of names 

CLEARING COUNTERS:
·  # clear interface Ethernet 0 - Clears counters on the specified interface
·  # clear counters - Clears all interface counters
·  # clear cdp counters - Clears CDP counters 
STATIC ROUTES:
·  Config# ip route Net_Add SN_Mask Next_Hop_Add - Example: ip route 192.168.15.0 255.255.255.0 205.5.5.2
·  Config# ip route 0.0.0.0 0.0.0.0 Next_Hop_Add - Default route
-or-
·  Config# ip default-network Net_Add - Gateway LAN network 

IP ROUTING:
·  Config# ip routing - Enabled by default
·  Config# router rip
-or-
·  Config# router igrp 100
·  Config# interface Ethernet 0
·  Config-if# ip address 122.2.3.2 255.255.255.0
·  Config-if# no shutdown 

IPX ROUTING:
·  Config# ipx routing
·  Config# interface Ethernet 0
·  Config# ipx maximum-paths 2 - Maximum equal metric paths used
·  Config-if# ipx network 222 encapsulation sap - Also Novell-Ether, SNAP, ARPA on Ethernet. Encapsulation HDLC on serial
·  Config-if# no shutdown 
ACCESS LISTS:
IP Standard
1-99
IP Extended
100-199
IPX Standard
800-899
IPX Extended
900-999
IPX SAP Filters
1000-1099

IP STANDARD:
·  Config# access-list 10 permit 133.2.2.0 0.0.0.255 - allow all src ip’s on network 133.2.2.0
-or-
·  Config# access-list 10 permit host 133.2.2.2 - specifies a specific host
-or-
·  Config# access-list 10 permit any - allows any address
·  Config# int Ethernet 0
·  Config-if# ip access-group 10 in - also available: out 

IP EXTENDED:
·  Config# access-list 101 permit tcp 133.12.0.0 0.0.255.255 122.3.2.0 0.0.0.255 eq telnet
    -protocols: tcp, udp, icmp, ip (no sockets then), among others
    -source then destination address
    -eq, gt, lt for comparison
    -sockets can be numeric or name (23 or telnet, 21 or ftp, etc)
-or-
·  Config# access-list 101 deny tcp any host 133.2.23.3 eq www
-or-
·  Config# access-list 101 permit ip any any
·  Config# interface Ethernet 0
·  Config-if# ip access-group 101 out 

IPX STANDARD:
·  Config# access-list 801 permit 233 AA3 - source network/host then destination network/host
-or-
·  Config# access-list 801 permit -1 -1 - “-1” is the same as “any” with network/host addresses
·  Config# interface Ethernet 0
·  Config-if# ipx access-group 801 out 

IPX EXTENDED:
·  Config# access-list 901 permit sap 4AA all 4BB all
    - Permit protocol src_add socket dest_add socket
    -“all” includes all sockets, or can use socket numbers
-or-
·  Config# access-list 901 permit any any all any all
    -Permits any protocol with any address on any socket to go anywhere
·  Config# interface Ethernet 0
·  Config-if# ipx access-group 901 in 

IPX SAP FILTER:
·  Config# access-list 1000 permit 4aa 3 - “3” is the service type
-or-
·  Config# access-list 1000 permit 4aa 0 - service type of “0” matches all services
·  Config# interface Ethernet 0
·  Config-if# ipx input-sap-filter 1000 - filter applied to incoming packets
-or-
·  Config-if# ipx output-sap-filter 1000 - filter applied to outgoing packets 

NAMED ACCESS LISTS:
·  Config# ip access-list standard LISTNAME
    -can be ip or ipx, standard or extended
    -followed by the permit or deny list
·  Config# permit any
·  Config-if# ip access-group LISTNAME in
    -use the list name instead of a list number
    -allows for a larger amount of access-lists 

PPP SETUP:
·  Config-if# encapsulation ppp
·  Config-if# ppp authentication chap pap
    -order in which they will be used
    -only attempted with the authentification listed
    -if one fails, then connection is terminated
·  Config-if# exit
·  Config# username Lab-b password 123456
    -username is the router that will be connecting to this one
    -only specified routers can connect
-or-
·  Config-if# ppp chap hostname ROUTER
·  Config-if# ppp chap password 123456
    -if this is set on all routers, then any of them can connect to any other
    -set same on all for easy configuration 

ISDN SETUP:
·  Config# isdn switch-type basic-5ess - determined by telecom
·  Config# interface serial 0
·  Config-if# isdn spid1 2705554564 - isdn “phonenumber” of line 1
·  Config-if# isdn spid2 2705554565 - isdn “phonenumber” of line 2
·  Config-if# encapsulation PPP - or HDLC, LAPD 

DDR - 4 Steps to setting up ISDN with DDR
  1. Configure switch typeConfig# isdn switch-type basic-5ess - can be done at interface config
  2. Configure static routesConfig# ip route 123.4.35.0 255.255.255.0 192.3.5.5 - sends traffic destined for 123.4.35.0 to 192.3.5.5Config# ip route 192.3.5.5 255.255.255.255 bri0 - specifies how to get to network 192.3.5.5 (through bri0)
  3. Configure InterfaceConfig-if# ip address 192.3.5.5 255.255.255.0
    Config-if# no shutdown
    Config-if# encapsulation ppp
    Config-if# dialer-group 1 - applies dialer-list to this interfaceConfig-if# dialer map ip 192.3.5.6 name Lab-b 5551212
        connect to lab-b at 5551212 with ip 192.3.5.6 if there is interesting traffic
        can also use “dialer string 5551212” instead if there is only one router to connect to
  4. Specify interesting trafficConfig# dialer-list 1 ip permit any
    -or-    Config# dialer-list 1 ip list 101 - use the access-list 101 as the dialer list
  5. Other OptionsConfig-if# hold-queue 75 - queue 75 packets before dialingConfig-if# dialer load-threshold 125 either
        -load needed before second line is brought up
        -“125” is any number 1-255, where % load is x/255 (ie 125/255 is about 50%)
        -can check by in, out, or either     Config-if# dialer idle-timeout 180
        -determines how long to stay idle before terminating the session
        -default is 120
FRAME RELAY SETUP:
·  Config# interface serial 0
·  Config-if# encapsulation frame-relay - cisco by default, can change to ietf
·  Config-if# frame-relay lmi-type cisco - cisco by default, also ansi, q933a
·  Config-if# bandwidth 56
·  Config-if# interface serial 0.100 point-to-point - subinterface
·  Config-if# ip address 122.1.1.1 255.255.255.0
·  Config-if# frame-relay interface-dlci 100
    -maps the dlci to the interface
    -can add BROADCAST and/or IETF at the end
·  Config-if# interface serial 1.100 multipoint
·  Config-if# no inverse-arp - turns IARP off; good to do
·  Config-if# frame-relay map ip 122.1.1.2 48 ietf broadcast
    -maps an IP to a dlci (48 in this case)
    -required if IARP is turned off
    -ietf and broadcast are optional
·  Config-if# frame-relay map ip 122.1.1.3 54 broadcast
SHOW COMMANDS

·  Show access-lists - all access lists on the router
·  Show cdp - cdp timer and holdtime frequency
·  Show cdp entry * - same as next
·  Show cdp neighbors detail - details of neighbor with ip add and ios version
·  Show cdp neighbors - id, local interface, holdtime, capability, platform portid
·  Show cdp interface - int’s running cdp and their encapsulation
·  Show cdp traffic - cdp packets sent and received
·  Show controllers serial 0 - DTE or DCE status
·  Show dialer - number of times dialer string has been reached, other stats
·  Show flash - files in flash
·  Show frame-relay lmi - lmi stats
·  Show frame-relay map - static and dynamic maps for PVC’s
·  Show frame-relay pvc - pvc’s and dlci’s
·  Show history - commands entered
·  Show hosts - contents of host table
·  Show int f0/26 - stats of f0/26
·  Show interface Ethernet 0 - show stats of Ethernet 0
·  Show ip - ip config of switch
·  Show ip access-lists - ip access-lists on switch
·  Show ip interface - ip config of interface
·  Show ip protocols - routing protocols and timers
·  Show ip route - Displays IP routing table
·  Show ipx access-lists - same, only ipx
·  Show ipx interfaces - RIP and SAP info being sent and received, IPX addresses
·  Show ipx route - ipx routes in the table
·  Show ipx servers - SAP table
·  Show ipx traffic - RIP and SAP info
·  Show isdn active - number with active status
·  Show isdn status - shows if SPIDs are valid, if connected
·  Show mac-address-table - contents of the dynamic table
·  Show protocols - routed protocols and net_addresses of interfaces
·  Show running-config - dram config file
·  Show sessions - connections via telnet to remote device
·  Show startup-config - nvram config file
·  Show terminal - shows history size
·  Show trunk a/b - trunk stat of port 26/27
·  Show version - ios info, uptime, address of switch
·  Show vlan - all configured vlan’s
·  Show vlan-membership - vlan assignments
·  Show vtp - vtp configs
CATALYST COMMANDS
For Native IOS - Not CatOS

SWITCH ADDRESS:
·  Config# ip address 192.168.10.2 255.255.255.0
·  Config# ip default-gateway 192.168.10.1 

DUPLEX MODE:
·  Config# interface Ethernet 0/5 - “fastethernet” for 100 Mbps ports
·  Config-if# duplex full - also, half | auto | full-flow-control 

SWITCHING MODE:
·  Config# switching-mode store-and-forward - also, fragment-free 

MAC ADDRESS CONFIGS:
·  Config# mac-address-table permanent aaab.000f.ffef e0/2 - only this mac will work on this port
·  Config# mac-address-table restricted static aaab.000f.ffef e0/2 e0/3
    -port 3 can only send data out port 2 with that mac
    -very restrictive security
·  Config-if# port secure max-mac-count 5 - allows only 5 mac addresses mapped to this port 

VLANS:
·  Config# vlan 10 name FINANCE
·  Config# interface Ethernet 0/3
·  Config-if# vlan-membership static 10 

TRUNK LINKS:
·  Config-if# trunk on - also, off | auto | desirable | nonegotiate
·  Config-if# no trunk-vlan 2
    -removes vlan 2 from the trunk port
    -by default, all vlans are set on a trunk port 

CONFIGURING VTP:
·  Config# delete vtp - should be done prior to adding to a network
·  Config# vtp server - the default is server, also client and transparent
·  Config# vtp domain Camp - name doesn’t matter, just so all switches use the same
·  Config# vtp password 1234 - limited security
·  Config# vtp pruning enable - limits vtp broadcasts to only switches affected
·  Config# vtp pruning disable 

FLASH UPGRADE:
·  Config# copy tftp://192.5.5.5/configname.ios opcode - “opcode” for ios upgrade, “nvram” for startup config 

DELETE STARTUP CONFIG:
·  Config# delete nvram

7/02/2011 06:45:00 AM

Posted by MK | Filed Under | 0 Comments

Search This Blog

Blog Archive

Total Pageviews