Startup Config is on the NVRAM/ Running Config is on the RAM Copy run start?

Router(config)# hostname Router(config)# enable password [password] Router(config)# enable secret [password] banner motd #USER RESTRICTED# logging synchronous no ip domain-lookup Route(config)# line console 0 Router(config)# password [password] Router(config)# login Route(config)# line vty 0 4 Router(config)# password [password] Router(config)# login Router(config)#service password-encryption Router(config)#interface fa0/0 Router(config-if)#ip address 192.168.1.1 255.255.255.0 Router(config-if)# no shutdown Router(config-if)#exit Router(config)#interface s0/0/0 Router(config-if)#description Connection to Router 2 Router(config-if)ip address 192.168.1.125 255.255.255.0 Router(config-if)no shutdown Router(config-if)exit Router(config)# ip route 0.0.0.0 0.0.0.0 [next-hop-IP-address]

There are eight basic steps to configuring DHCP using the CLI. Router(config)# ip dhcp excluded-address 192.168.1.1 192.168.1.3 Router(config)# ip dhcp pool DATA {pool name} Router(config-dhcp)#network 192.168.1.0 255.255.255.0 Router(config-dhcp)#domain-name Cisco.com Router(config-dhcp)#dns-server 192.168.1.1 192.168.1.1 Router(config-dhcp)#default-router 192.168.1.1{default gateway} Router(config-dhcp)#lease 7

IP helper address [DHCP server IP address] interface command instructs a router to intercept DHCP broadcast messages and forward them as unicasts to the DHCP server hence providing relay functionality. {Relay Agent}

Configuring NAT and static NAT using the Cisco IOS Router(config)#interface fa0/0 Router(config-if)#ip address 172.31.232.182 255.255.255.0 Router(config-if)#ip nat inside Router(config-if)#no shutdown Router(config-if)#exit Router(config)#interface serial0/0 Router(config-if)#ip address 209.165.201.1 255.255.255.252 Router(config-if)#ip nat outside Router(config-if)#no shutdown Router(config-if)#exit Router(config)#ip nat inside source static 172.31.232.14 209.165.202.130 Router(config)#exit A server with the inside address 172.31.232.14 is always translated to the external address 209.165.202.130.

Network Address Translation (NAT) is very easy to set up. These examples use the following illustration. This example sets up NAT on the router, but implements a one-to-one dynamic mapping. This allows dynamic assignment of the actual addresses, but you have the same number of inside and outside addresses so that every device receives an address.

Without overloading, this is critical. Here are the commands that you need to issue to configure NAT on the router:

interface FastEthernet 0/0 description Inside Interface ip address 192.168.8.1 255.255.255.0 ip nat inside exit interface FastEthernet 0/1 description Inside Interface ip address 192.168.9.1 255.255.255.0 ip nat inside exit interface FastEthernet 0/2 description Outside Interface ip address 192.0.2.1 255.255.255.0 ip nat outside exit access-list 10 permit 192.168.8.8 0.0.0.7 access-list 10 permit 192.168.9.8 0.0.0.7 !--- Access list only allows hosts 192.168.8.8 to !--- 192.168.8.15 and 192.168.9.8 to 192.168.9.15

!--- out through NAT. ip nat pool no-overload 192.0.2.10 192.0.2.25 prefix 24 ip nat inside source list 10 pool no-overload For this example, say you only have one outside address assigned to you by your ISP. All your traffic must go through this one address. This is the PAT example, as the one address will be translated on a port basis. interface FastEthernet 0/0 description Inside Interface ip address 192.168.8.1 255.255.255.0 ip nat inside exit interface FastEthernet 0/1 description Inside Interface ip address 192.168.9.1 255.255.255.0 ip nat inside exit interface FastEthernet 0/2 description Outside Interface ip address 192.0.2.1 255.255.255.252 ip nat outside exit access-list 10 permit 192.168.8.8 0.0.0.7 access-list 10 permit 192.168.9.8 0.0.0.7 !--- Access list only allows hosts 192.168.8.8 to !--- 192.168.8.15 and 192.168.9.8 to 192.168.9.15 !--- out through NAT. ip nat pool ovrld 192.0.2.1 192.0.2.1 prefix 30 ip nat inside source list 10 pool ovrld Finally, you have two servers on the inside of the network that have internal addresses of 192.168.8.20 and 192.168.9.20. The first server is used for e-mail and the second server is a web server. The web server has the site running on the less standard TCP port 8080, but you want outside users to use TCP port 80. interface FastEthernet 0/0 description Inside Interface ip address 192.168.8.1 255.255.255.0 ip nat inside exit interface FastEthernet 0/1 description Inside Interface ip address 192.168.9.1 255.255.255.0 ip nat inside

exit interface FastEthernet 0/2 description Outside Interface ip address 192.0.2.1 255.255.255.252 ip nat outside exit access-list 10 permit 192.168.8.8 0.0.0.7 access-list 10 permit 192.168.9.8 0.0.0.7 !--- Access list only allows hosts 192.168.8.8 to !--- 192.168.8.15 and 192.168.9.8 to 192.168.9.15 !--- out through NAT. ip nat pool ovrld 192.0.2.1 192.0.2.1 prefix 30 ip nat inside source list 10 pool ovrld ip nat inside source static tcp 192.168.9.20 8080 192.0.2.2 80 !--- This uses the second available address on external !--- interface, while it could have used the configured !--- address on FastEthernet0/2. It could have also been !--- configured for the Interface address using this command. ip nat inside source static tcp 192.168.8.20 25 interface FastEthernet0/2 Use your ports when you create static mappings to allow inside resources to publish out through the external interface of your router or firewall. Avoid using commands such asip nat inside source static 192.168.1.50 192.0.2.50, which effectively places your entire host 192.168.1.50 outside of your router or firewall. This is much more exposure than you need for that host. Making use of the interface command is useful when your ISP assigns your outside address through either DHCP or PPPoE dynamically. The interface command allows your configuration to use whatever address happens to be assigned to your router or firewall. Using the later scenario, if you are required to change the IP address of the web server (perhaps moving from the 192.168.9.0/24 network to the 192.168.8.0/24 network, or changing the port number back to the standard port 80), then these changes can be made at the router with no impact to users outside of the network. The DNS entry pointing to the outside address will remain the same and their lives will continue as normal. Often, people are amazed by how easy managing this exterior/interior mapping of their network is.