Scribd Logo
Upload

Welcome to Scribd!

  • Cli Config Worksheet

    Uploaded by

    Vicky Vaio
    15 views5 pages
    IOS commands

    Copyright

    © © All Rights Reserved

    Available Formats

    XLS, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    IOS commands

    Copyright:

    © All Rights Reserved
    Download as XLS, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    15 views5 pages

    Cli Config Worksheet

    Uploaded by

    Vicky Vaio
    IOS commands

    Copyright:

    © All Rights Reserved
    Download as XLS, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    Command

    Purpose

    service password-encryption
    hostname [Router-Name]
    enable secret [Some-Password]
    enable password [Some-Other-Password]
    aaa new-model
    aaa authentication login default local
    aaa authorization exec default local
    aaa session-id common
    ip http server
    ip http secure-server
    line con 0
    password [Some-Password]
    line vty 0 4
    password [Some-Password]
    ip domain name [Domain-name]
    no ip domain lookup
    username [Your-username] privilege 15 password [Your-password]
    ip dhcp excluded-address [Start-exclude-10] [End-exclude-10]
    ip dhcp excluded-address [Start-exclude-20] [End-exclude-20]
    service dhcp
    ip dhcp pool VLAN10
    network [Network10-ID] [Subnet-mask-10]
    default-router [Gateway-10]
    import all
    domain-name [Domain-name]
    lease 4
    ip dhcp pool VLAN20
    network [Network20-ID] [Subnet-mask-20]
    default-router [Gateway-20]
    import all
    domain-name [Domain-name]
    lease 4
    vpdn enable
    interface Dialer1
    ip address negotiated
    ip nat outside
    ip virtual-reassembly
    encapsulation ppp
    ip tcp adjust-mss 1452
    dialer pool 1
    dialer-group 1
    ppp authentication pap callin
    ppp pap sent-username [DSL-Username] password [DSL-Password]

    Enable password encryption


    Configure your router's name
    Set the enable secret
    Set the password
    Enable aaa authentication model
    Set authentication mode
    Enable Web server
    Enable secure Web server (this will generate self-signed SSL cert)
    Set console password
    Set TELNET and SSH password
    Set the router's domain name
    Turn off router domain lookup
    Set username and password. Used for Web and CLI access
    Set the DHCP exclusion range for subnet A
    Set the DHCP exclusion range for subnet B
    Enables DHCP services
    Create VLAN10 interface
    Set IP and Subnet mask for VLAN10
    Set gateway for VLAN10
    Import DHCP settings for DNS from your ISP (doesn't work for PPPoE)
    Set domain name for DHCP clients
    Set lease time to 4 days
    Create VLAN20 interface
    Set IP and Subnet mask for VLAN20
    Set gateway for VLAN20
    Import DHCP settings for DNS from your ISP (doesn't work for PPPoE)
    Set domain name for DHCP clients
    Set lease time to 4 days
    Enable VPDN for DSL PPPoE configuration
    Create interface Dialer1
    Ask ISP for DHCP assigned address and DNS settings
    Set Dialer1 interface for the outside NAT interface
    Use ppp encapsulation
    Important! Sets packet fragmentation size for 1492 PPPoE
    Create dialer pool 1
    Create dialer group 1
    Use password authentication protocol (clear text)

    ppp ipcp dns request


    ppp ipcp address accept
    access-list 1 permit [Network10-ID] [Reverse-mask-10]
    access-list 1 permit [Network20-ID] [Reverse-mask-20]
    dialer-list 1 protocol ip list 1
    ip nat inside source list 1 interface Dialer1 overload
    ip access-list extended Guest-ACL
    deny ip any [Network10-ID] [Reverse-mask-10]
    permit ip any any
    interface FastEthernet4
    pppoe enable
    pppoe-client dial-pool-number 1
    no cdp enable
    ip route 0.0.0.0 0.0.0.0 Dialer1
    interface FastEthernet0
    switchport access vlan 20
    spanning-tree portfast
    interface FastEthernet1
    switchport access vlan 10
    spanning-tree portfast
    interface FastEthernet2
    switchport access vlan 10
    spanning-tree portfast
    interface FastEthernet3
    switchport access vlan 10
    spanning-tree portfast
    bridge irb
    interface Dot11Radio0
    encryption vlan 10 mode ciphers tkip
    encryption vlan 20 mode ciphers tkip
    ssid [WLAN20]
    vlan 20
    authentication open
    authentication key-management wpa
    guest-mode
    wpa-psk ascii [WPA-secret-for-guests]
    ssid [WLAN10]
    vlan 10
    authentication open
    authentication key-management wpa
    wpa-psk ascii [WPA-secret-for-internal]
    channel [BG-channel]
    no cdp enable
    no dot11 extension aironet

    Get DNS server info from DSL provider


    Allow VLAN10 inside of Access List 1
    Allow VLAN20 inside of Access List 1
    Assign access-list 1 to dialer-list 1 with IP protocol access
    Tell all internal NAT IP addresses to map to Dialer1 IP
    Create the Guest-ACL access list. Used to restrict guests.
    Prevent guests from accessing VLAN10
    Let guests access everything else
    Enter the WAN port configuration
    Enable PPPoE for DSL dialup
    Set PPPoE to use Dialer1
    Turn off CDP (Cisco Discovery Protocol) on WAN interface
    Set the default gateway to point to ISP via Dialer1
    Enter port 0
    Set port to vlan 10
    Turn on fast spanning-tree mode
    Enter port 1
    Set port to vlan 10
    Turn on fast spanning-tree mode
    Enter port 2
    Set port to vlan 10
    Turn on fast spanning-tree mode
    Enter port 3
    Set port to vlan 10
    Turn on fast spanning-tree mode
    Enable wireless bridge mode (important!)
    Enter physical radio interface 0 (this model has only 1 radio)
    Set vlan 10 to use TKIP encryption
    Set vlan 20 to use TKIP encryption
    Create a virtual WLAN called [WLAN20]
    Assign WLAN to VLAN20
    Use open authentication
    Use WPA key management
    Turn on SSID broadcast for this WLAN (only 1 allowed)
    Set WPA secret for this WLAN
    Create a virtual WLAN called [WLAN10]
    Assign WLAN to VLAN10
    Use open authentication
    Use WPA key management
    Set WPA secret for this WLAN
    Set to channel 802.11 b/g channel 1 at 2412 MHz
    Turn off CDP (Cisco Discovery Protocol) on wireless side
    Turn off Cisco proprietary extensions

    interface Dot11Radio0.10
    encapsulation dot1Q 10
    no snmp trap link-status
    bridge-group 10
    bridge-group 10 subscriber-loop-control
    bridge-group 10 spanning-disabled
    bridge-group 10 block-unknown-source
    no bridge-group 10 source-learning
    no bridge-group 10 unicast-flooding
    interface Dot11Radio0.20
    encapsulation dot1Q 20
    no snmp trap link-status
    bridge-group 20
    bridge-group 20 subscriber-loop-control
    bridge-group 20 spanning-disabled
    bridge-group 20 block-unknown-source
    no bridge-group 20 source-learning
    no bridge-group 20 unicast-flooding
    interface Vlan10
    description Internal Network
    ip nat inside
    ip virtual-reassembly
    bridge-group 10
    bridge-group 10 spanning-disabled
    interface Vlan20
    description Guest Network
    ip nat inside
    ip virtual-reassembly
    bridge-group 20
    bridge-group 20 spanning-disabled
    interface BVI20
    description Bridge to Guest Network
    ip address [Gateway-20] [Subnet-mask-20]
    ip access-group Guest-ACL in
    ip nat inside
    ip virtual-reassembly
    interface BVI10
    description Bridge to Internal Network
    ip address [Gateway-10] [Subnet-mask-10]
    ip nat inside
    ip virtual-reassembly
    bridge 10 route ip
    bridge 20 route ip

    Create a virtual radio for VLAN10


    Assign 802.1q VLAN tag of 10 to this virtual radio
    Bind this virtual radio to bridge 10

    Set bridge parameters

    Create a virtual radio for VLAN20


    Assign 802.1q VLAN tag of 20 to this virtual radio
    Bind this virtual radio to bridge 20

    Set bridge parameters

    Create VLAN (Virtual Local Area Network) interface 10


    Set the description of this VLAN as "Internal Network"
    Define this as an internal network for NAT
    Assign this VLAN to bridge 10
    Turn off spanning
    Create VLAN (Virtual Local Area Network) interface 20
    Set the description of this VLAN as "Guest Network"
    Define this as an internal network for NAT
    Assign this VLAN to bridge 20
    Turn off spanning
    Create bridge interface 20
    Set description to "Bridge to Guest Network"
    Assign IP address and subnet mask for this bridge interface
    Enforce Guest-ACL access list in the in-bound direction
    Define this as an internal network for NAT
    Create bridge interface 10
    Set description to "Bridge to Internal Network"
    Assign IP address and subnet mask for this bridge interface
    Define this as an internal network for NAT
    Enable IP routing on Bridge 10
    Enable IP routing on Bridge 20

    Variable name

    User defined

    Description

    [Router-Name]
    [Domain-name]
    [Some-Password]
    [Some-Other-Password]
    [Your-username]
    [Your-password]
    [Resolver1]
    [Resolver2]
    [DSL-Username]
    [DSL-Password]
    [Network10-ID]
    [Subnet-mask-10]
    [Reverse-mask-10]
    [Start-exclude-10]
    [End-exclude-10]
    [Gateway-10]
    [Network20-ID]
    [Subnet-mask-20]
    [Reverse-mask-20]
    [Start-exclude-20]
    [End-exclude-20]
    [Gateway-20]
    [BG-Channel]
    [WLAN10]
    [WPA-secret-for-internal]
    [WLAN20]
    [WPA-secret-for-guests]

    SomeRouterName
    YouDomain.com
    YourPassword
    YourPassword
    YourUserName
    YourPassword
    206.13.28.12

    Name of your router


    Your domain name
    Your password
    This can be same as secret
    For Web and CLI access
    For Web and CLI access
    You must enter a valid DNS server
    Optional second DNS server (may leave blank)
    Your DSL username for PPPoE access
    Your DSL password for PPPoE access
    Network ID for VLAN10
    Subnet mask for VLAN10
    ACLs use this reverse form of subnet masks
    DHCP exclude beginning IP
    DHCP exclude ending IP
    Default gateway for VLAN10
    Network ID for VLAN20
    Subnet mask for VLAN20
    ACLs use this reverse form of subnet masks
    DHCP exclude beginning IP
    DHCP exclude ending IP
    Default gateway for VLAN20
    802.11 b/g channel setting (1, 6, or 11)
    Name of wireless LAN for VLAN10
    WPA passphrase for VLAN10
    Name of wireless LAN for VLAN20
    WPA passphrase for VLAN20

    YourDSLUsername
    YourDSLPassword
    192.168.1.0
    255.255.255.0
    0.0.0.255
    192.168.1.1
    192.168.1.99
    192.168.1.1
    192.168.2.0
    255.255.255.0
    0.0.0.255
    192.168.2.1
    192.168.2.99
    192.168.2.1
    1
    InternalWLAN
    YourWLANSecret
    GuestWLAN
    YourGuestSecret

    Copyright 2006 CNET Networks, Inc. All rights reserved.


    To see more downloads and get your free TechRepublic membership, please visit http://downloads.techrepublic.com.

    Replace
    Reference Sheet Name: 871W

    You might also like