Packet Tracer

Packet Tracer
• Powerful tool
• Use virtual routers instead of real ones
First Scenario
• 3 work stations and a hub connectivity
• Hub
• switch 2950 Switch(Use)
Configure IP on the PC. Has to be on the same network
Orange color show switch uses to indicate they are running spanning tree protocol.
Switch and workstation to prevent switching loops
Verifying Connectivity using Ping
Save it
Second Scenario
2621 Series Router( 2 of them used)
Pc is directly connected to Router this time

Interface Overview
When you open Packet Tracer, by default you will be presented with the following interface:
This initial interface contains ten components. If you are unsure of what a particular interface
item does, move your mouse over the item and a help balloon will explain the item.
1 Menu Bar This bar provides the File, Edit, Options, View, Tools, Extensions,
and Help menus. You will find basic commands such as Open, Save,
Save as Pkz, Print, and Preferences in these menus. You will also be
able to access the Activity Wizard from the Extensions menu.
2 Main Tool Bar This bar provides shortcut icons to the File and Edit menu commands.
This bar also provides buttons for Copy, Paste, Undo, Redo, Zoom,
the Drawing Palette, and the Custom Devices Dialog. On the right,
you will also find the Network Information button, which you can use
to enter a description for the current network (or any text you wish to
include).
3 Common Tools Bar This bar provides access to these commonly used workspace tools:
Select, Move Layout, Place Note, Delete, Inspect, Resize Shape,
Add Simple PDU, and Add Complex PDU. See "Workspace Basics"
for more information.
4 Logical/Physical You can toggle between the Physical Workspace and the Logical
Workspace and Workspace with the tabs on this bar. In Logical Workspace, this bar
Navigation Bar also allows you to go back to a previous level in a cluster, create a New
Cluster, Move Object, Set Tiled Background, and Viewport. In
Physical Workspace, this bar allows you to navigate through physical
locations, create a New City, create a New Building, create a New
Closet, Move Object, apply a Grid to the background, Set
Background, and go to the Working Closet.
5 Workspace This area is where you will create your network, watch simulations,
and view many kinds of information and statistics.
6 Realtime/Simulation You can toggle between Realtime Mode and Simulation Mode with the
Bar tabs on this bar. This bar also provides buttons to Power Cycle
Devices as well as the Play Control buttons and the Event List toggle
button in Simulation Mode. Also, it contains a clock that displays the
relative Time in Realtime Mode and Simulation Mode.
7 Network Component This box is where you choose devices and connections to put into the
Box workspace. It contains the Device-Type Selection Box and the Device-
Specific Selection Box.
8 Device-Type This box contains the type of devices and connections available in
Selection Box Packet Tracer. The Device-Specific Selection Box will change
depending on which type of device you choose.
9 Device-Specific This box is where you choose specifically which devices you want to
Selection Box put in your network and which connections to make.
10 User Created Packet This window manages the packets you put in the network during
Window* simulation scenarios. See the "Simulation Mode" section for more
details.
* You can freely resize the User Created Packet

Window (UCPW) by placing the cursor near the left edge
of the window (it will turn into a "resize" cursor) and then
drag the cursor left or right. You can hide the window
from view by dragging the edge all the way to the right.
When the UCPW is hidden, you can bring it back by
placing the cursor on the edge (notice when the resize
cursor appears) and then dragging the edge back.
Connections / Links
Packet Tracer supports a wide range of network connections. Each cable type can only be
connected to certain interface types.
Cable Type Description

Console connections can be made between PCs and routers or switches.
Console Certain conditions must be met for the console session from the PC to work:
the speed on both sides of the connection must be the same, the data bits
must be 7 for both or 8 for both, the parity must be the same, the stop bits
must be 1 or 2 (but they do not have to be the same), and the flow control
can be anything for either side.
This cable type is the standard Ethernet media for connecting between
Copper devices that operate at different OSI layers (such as hub to router, switch to
Straight-through PC, router to hub). It can be connected to the following port types: 10 Mbps
Copper (Ethernet), 100 Mbps Copper (Fast Ethernet), and 1000 Mbps
Copper (Gigabit Ethernet).
This cable type is the Ethernet media for connecting between devices that
Copper operate at the same OSI layer (such as hub to hub, PC to PC, PC to printer).
Cross-over It can be connected to the following port types: 10 Mbps Copper (Ethernet),
100 Mbps Copper (Fast Ethernet), and 1000 Mbps Copper (Gigabit
Ethernet).
Fiber media is used to make connections between fiber ports (100 Mbps or
Fiber 1000 Mbps).
Phone line connections can only be made between devices with modem
Phone ports. The standard application for modem connections is an end device
(such as a PC) dialing into a network cloud.
Coaxial media is used to make connections between coaxial ports such as a
Coaxial cable modem connected to a Packet Tracer Cloud.
Serial connections, often used for WAN links, must be connected between
Serial serial ports. Note that you must enable clocking on the DCE side to bring up
DCE and DTE the line protocol. The DTE clocking is optional. You can tell which end of
the connection is the DCE side by the small “clock” icon next to the port. If
you choose the Serial DCE connection type and then connect two devices,
the first device will be the DCE side and the second device will be
automatically set to the DTE side. The reverse is true if you choose the
Serial DTE connection type.
Wireless Links
You can establish wireless links between access points and end devices (PCs, servers, and
printers). To establish a link, simply remove the existing module on an end device, insert a
wireless module, and turn on the device. The device will automatically try to associate itself with
an access point. Typically, this means it will associate (physically) with the nearest access point.
See the Wireless Devices page under the Physical Workspace section for more information
regarding distances. However, if two or more access points are in the same closet, the distance
from any access point to any end device is essentially the same. In this case, an end device will
associate with the access point that was created first. Recall that the logical topology does not
reflect physical distances, and everything that is created in the Logical Workspace is initially
placed in the same wiring closet in the Physical Workspace. The process for establishing
wireless links between Linksys routers and end devices with Linksys network modules is similar,
but described elsewhere.
Link Status
When you connect two devices, you will typically see link lights on both ends of the connection.
Some connections do not have link lights.
Link Light Status Meaning

Bright green The physical link is up. However, this is not indicative of the line protocol
status on the link.
Blinking green There is link activity.
Red The physical link is down. It is not detecting any signals.
Amber The port is in a blocking state due to the Layer 2 loop-breaking process in
Packet Tracer. This appears only on switches.
Workspaces and Modes

Packet Tracer has two workspaces (Logical and Physical) and two modes (Real-time and
Simulation). Upon startup, you are in the Logical Workspace in Real-time Mode. You can build
your network and see it run in real time in this configuration. You can switch to Simulation
Mode to run controlled networking scenarios. You can also switch to the Physical Workspace to
arrange the physical aspects (such as the location) of your devices. Note that you view a
simulation while you are in the Physical Workspace. You should return to the Logical
Workspace after you are done in the Physical Workspace.
Operating Modes
Packet Tracer operating modes reflect the network time scheme.
In Realtime Mode, your network runs in a model of real time, within the limits of the protocol
models used. The network responds to your actions immediately as they would in a real device.
For example, as soon as you make an Ethernet connection, the link lights for that connection will
appear, showing the connection state (see the "Connections/Links" page for details). Whenever
you type a command in the CLI (such as ping or show), the result or response is generated in
real time and you see it as such. All network activity, particularly the flow of PDUs across the
network, happens in the Packet Tracer model of real time.
I
n Simulation Mode, you can "freeze" time -- you have direct control over time related to the
flow of PDUs. You can see the network run step by step, or event by event, however quickly or
slowly you like. You can set up scenarios, such as sending a ping packet from one device to
another. However, nothing "runs" until you capture it (the first time through, as with a protocol
sniffer) or play it (re-playing the captured events as an animation). When you capture or play the
simulation, you will see graphical representations of packets traveling from one device to
another. You can pause the simulation, or step forward or backward in time, investigating many
types of information on specific PDUs and devices at specific times. However, other aspects of
the network will still run in real time. For example, if you turn off a port, its link light will
respond immediately by turning red.
Simulation Mode: PDU Information

During a simulation, you can click on a packet (on the topology or the corresponding event in the
Event List) to bring up its information window and view its details. The details window contains
three possible tabs: OSI Model, Inbound PDU Details, and Outbound PDU Details.
The OSI Model tab shows how the packet is processed at each layer of the OSI model by the
current device. The process is further separated by the direction in which the packets are
traveling, incoming versus outgoing. The incoming layers (In Layer) show how the device
processes an incoming or a buffered packet, and the outgoing layers (Out Layer) show the
process a device goes through when it sends a packet to one or multiple ports.
The In Layer is meant to be read starting from bottom to

top (from Layer 1 to Layer 7), while the Out Layer is
read from top to bottom (from Layer 7 to Layer 1). This is
because the physical layer is the first layer at which
incoming PDUs are processed, and it is the last layer at
which outgoing PDUs are processed when they exit the
device.
The Inbound PDU Details tab only applies if the PDU you clicked on is being received on the
device; it will not appear if the PDU originated from that device. The tab shows exactly what is
in the headers of the PDU, broken up into header type and the individual fields in each header.
For example, a PDU may have an Ethernet II and an ARP header, so the tab will show
information such as the preamble, FCS, and source and destination addresses.
The Outbound PDU Details tab shows similar information for outgoing packets. This tab only
applies if the device has a PDU to send.
Most of the time, a device will receive a PDU and then, as a result, send out a PDU. In this case,
both the Inbound PDU Details and the Outbound PDU Details tabs apply.
Challenge Mode
You can quiz yourself on the encapsulation process by entering Challenge Mode when viewing
PDU information. Press the Challenge Me button to do so. The layer details are hidden, and the
information window is replaced by a question window that asks you what the device does to a
PDU at a given layer. Select from a multiple-choice list. If you answer correctly, the details for
that layer are shown and the question window advances to the next layer. You can press the Hint
button if you need help.
Each Challenge Question may contain the following answers:
• Encapsulate: Adds a header or a header and trailer to the PDU on this layer to create the
PDU at the next lower layer.
• De-encapsulate: Removes a header or a header and trailer from the PDU on this layer to
create the PDU at the next higher layer.
• Transfer: Moves the PDU from the inbound OSI stack to the outbound OSI stack.
• Accept: Accepts and finishes processing of the PDU.
• Queue: Holds the PDU for processing or sending at a later time.
• Drop: Eliminates the PDU.
• Transmit: Sends the signal out the physical media.
TUTORIALS FOR YOU
Creating a First Network (View Tutorial)
1. Start creating a network by first selecting the End Devices. Add a Generic PC and a
Generic Server to the workspace.
2. Under Connections, select the Copper Straight-through cable (solid black line) and
connect the devices with it. The red lights on the link indicate that the connection is not
working. Now, use the Delete tool to remove the Copper Straight-through cable, and use
a Copper Cross-over cable (dashed line) instead. The lights should turn green at this
point. If the mouse pointer is held over either devices, the link status will be shown as
“Up.” The network should look similar to this:
3. Click on the PC. While paying attention to the link lights, turn the power on, off, and on
again. Follow the same steps for the server. The link lights turn red when the device is
off. This means that the link is down or is not working. The link lights turn green when
the device is turned back on.
4. Try all three ways to learn about the devices. First, mouse over the devices to see basic
configuration information about them. Second, click on each device with the Select tool
to show the device configuration window, which provides several ways to configure the
device. Third, use the Inspect tool to view the tables the network device will build as it
learns about the network around it. In this example, open the ARP table. Since the
devices have not been configured yet, the ARP tables are empty. Always remember to
close the windows after viewing them or they will clutter the workspace.
5. Open the PC configuration window and change the settings using the Config tab. Change
the display name to Client and set the DNS server to 192.168.0.105. Under Interface,
click FastEthernet and set the IP address as 192.168.0.110. Packet Tracer automatically
calculates other parameters. Make sure that the Port Status box is checked. For future
reference, note that other Ethernet interface settings, such as bandwidth, duplex, MAC
address, and subnet mask can be modified using this window.
6. Go to the Desktop Tab and click on IP Configuration. Notice that the IP address, subnet
mask and DNS server can be changed here as well.
7. Open the Server configuration window and go to the Config tab. Change the display
name to Web Server. Click FastEthernet and set the IP address as 192.168.0.105. Make
sure that the Port Status is also on. Click DNS and set the domain name as
www.firstlab.com. Set the IP address as 192.168.0.105 and click Add. Finally, check to
make sure that the service for DNS is on.
8. Reposition the network devices by dragging them to a new location. Add a network
description by using the “i” button on the upper right corner. Then add some text labels
within the Logical Workspace by using the Place Note tool.
9. Load a background grid using the Set Tiled Background button.
10. Save your work using the File > Save As option and create a meaningful filename.
Congratulations on creating your first network.
III. Sending Simple Test Messages in Realtime Mode (View Tutorial)
1. Start by opening the file saved in the last section.

2. Notice that the file opens in Realtime Mode. Use the Add Simple PDU tool to send a
simple one-time ping message, called an echo request, to the server. The server responds
with an echo reply because all devices have properly configured IP address settings.
3. Scroll up and down the User Created Packet Window to see the different capabilities of
this ping message, including an indication that the ping was successful.
4. Toggle the PDU List Window to see a larger display of this message. One or more of
these messages can be saved as a scenario. Scenario 0 is displayed when starting. Label
this first scenario with an “i” note. Different scenarios allow the use of the same topology
for experiments with different groupings of user created packets.
5. Click New to create a new scenario. New scenarios will initially be blank.
6. Add two packets using the Simple PDU tool, a PDU from the PC to the Server and a
different PDU from the Server to the PC. Then add an “i” note describing the scenario, to
complete Scenario 1. An example is shown below:
7. Several scenarios can be saved with a single network. Alternate between Scenario 0 and
1.
8. Now, remove Scenario 0 using the Delete button.
9. Scenario 1 is now visible. Go to the last column in the User Created Packet Window and
double-click (delete) to remove a PDU.
10. Delete the whole scenario. Notice that the scenario list went back to the default Scenario
0.
Congratulations on being able to send and organize simple test messages in Realtime Mode.
IV. Establishing a Web Server Connection Using the PC’s Web

Browser (View Tutorial)
1. Open the file saved from the previous section.

2. Click on the PC to view the configuration window.
3. Select the Desktop tab, and then click Web Browser. Type in www.firstlab.com as the
URL and click the Go button. The Packet Tracer welcome page, shown below, appears,
indicating that the web connection has been successfully established.
4. Clear the URL, type www and click Go. Since the address entered is not complete, a
“Host Name Unresolved” message appears.
5. Type 192.168.0.105 as the URL entry and click on Go. Notice that the Packet Tracer
welcome page appears again. This is because the Server IP address can also be used to
establish a web connection.
6. Close the window and try the same steps in Simulation Mode. In this mode, the user
controls time, so the network can be viewed running at a slower pace, allowing
observation of the paths packets take and inspection of packets in detail (packet tracing!).
7. Select the PC again and go to the Web Browser in the Desktop tab. Type
www.firstlab.com as the URL again and click Go. The welcome page should not appear
right away.
8. Switch to the main interface of Packet Tracer without closing the PC configuration
window. Notice that a DNS packet is added to the event list.
9. Click Auto Capture/Play or repeatedly click the Capture/Forward button until the HTTP
packet appears on the PC. Go back to the PC configuration window. The Packet Tracer
welcome page is now shown.
10. Close the PC configuration window.
Congratulations on successfully establishing a web server connection.
V. Capturing Events and Viewing Animations in Simulation Mode

(View Tutorial)
1. Open the previously saved file.

2. In Realtime Mode, send a simple PDU from the PC to the Server.
3. Delete the PDU by using the method learned in the previous section.
4. Switch to Simulation Mode.
5. Click Edit Filters and click All/None to uncheck all fields. Then click ICMP to only view
ICMP packets in the animation.
6. Add a simple PDU from the PC to the Server. Notice that the newly created PDU is
added to the User Created PDU List. This packet has been captured as the first event in
the event list and a new packet icon (envelope) appears in the workspace. The eye icon to
the left of the event list indicates that this packet is currently displayed.
7. Click the Capture/Forward button once. This simulates a network sniffing program,
capturing the next event that occurs on the network. Note that after clicking
Capture/Forward, the packet in the workspace moves from one device to another (this is
the ICMP echo request message from the PC to the Server). Another event is added in the
event list – this reflects the change in the workspace. The first time through an animation,
the meaning of the Capture/Forward is capture; after resetting the simulation, the
meaning is forward.
8. Adjust the speed of the animation by dragging the Play Speed slider to the right making it
go faster. Dragging the speed slider in the opposite direction (to the left) will slow down
the animation.
9. Click the Capture/Forward button a second time. This captures the next network event
(this is the echo reply from the Server to the PC, shown as successful with a green check
mark on the envelope).
10. Click Capture/Forward button again. The Server has already sent an echo reply to the PC
therefore, there are no more ICMP events left to capture.
Congratulations on successfully capturing events and viewing animations in Simulation Mode.
VI. Looking Inside Packets in Simulation Mode (View Tutorial)
1. Continuing from the last activity, click Reset Simulation. This clears the entries in the
event list except for the original packet.
2. Select the packet envelope on the workspace to show the PDU Information window like
the one shown in the screenshot below. This window contains the OSI Model tab, which
shows how the packet is processed at each layer of the OSI model by the current device.
Close this window, noting that this packet is indicated in the event list by the eye icon.
The whole row in the event list is also highlighted. Clicking on the color square in the
Info column is equivalent to clicking directly on the packet envelope (try it!).
3. Use the Next Layer and Previous Layer buttons to see details of the packet processing at
the relevant OSI layers. Note that only the Out Layers can be viewed in the case of this
original echo request message.
4. Click on the Outbound PDU Details tab. This tab shows exactly what makes up the PDU
headers. It is organized into header type and the individual fields in each header.
5. Close the PDU Information window. Click on Capture/Forward button once.
6. Click on the packet in the workspace again to open the PDU Information window. Notice
that this time, information regarding both the In Layers and Out Layers can be viewed.
7. Click on the Inbound PDU Details tab. This shows the details of the inbound echo request
packet from the PC to the Server. The Outbound PDU Details tab, shows similar
information, but for the echo reply packet from the Server to the PC.
8. Click on Reset Simulation again. Now click on Auto Capture/Play. The echo request and
echo reply are automatically captured. Click on the Back Button to rewind the animation
one step at a time. Now click on the Capture/Forward button to forward the packet
through the animation. Note the change in the event list and the workspace. Remember
that at any time, a PDU Information Window can be opened by clicking directly on the
envelope on the workspace, or by clicking the Info column in the Event List.
9. Click on the Back Button twice to rewind the animation. Now click Auto Capture/Play
and the packet animation will automatically occur.
Congratulations on being able to manipulate the Play Controls and PDU Information Window to
understand more about packet processing details.
VII. Viewing Device Tables and Resetting the Network (View Tutorial)
1. Open the file saved from the previous section.

2. Open the ARP Tables for both devices by clicking them with the Inspect tool. The ARP
tables always appear on the same spot. Reposition them to make them both visible. You
can also resize the tables for better viewing.
3. In Realtime Mode, send a simple PDU from the PC to the Server. Notice that the ARP
tables are filled in automatically, as shown here:
4. Delete the PDU using the method covered in the previous sections. Notice that the entries
in the ARP tables are NOT cleared. ARP entries for both devices have already been
learned. Deleting the user created PDUs does not reset events what has already occurred
in the network.
5. Click Power Cycle Devices. ARP tables are cleared because the Power Cycle Devices
button turns the devices off and back on again therefore, losing temporary information
like the ARP table entries.
6. Go to Simulation Mode. In the event list filters, make sure that ICMP and ARP are
checked so that you can view ICMP and ARP packets in the animation.
7. Create a new simple PDU from the Server to the PC.
8. Notice that since the devices were power cycled earlier, the ARP tables are empty. ARP
request packets need to be issued before the ICMP ping packets, so that the devices in the
network can learn about each other. Click on Auto Capture/Play to watch the animation.
9. Click Reset Simulation. Notice that even though the event list is cleared (except for the
user created PDU), the ARP tables remain full. Click Auto Capture/Play. This time, since
the ARP tables are full, there are no new ARP packets issued.
10. Click Power Cycle Devices. Doing so will empty the tables. Notice that new ARP request
packets appear automatically in the event list.
Congratulations! You can now view device tables, reset a simulation, and reset the network.
VIII. Reviewing Your New Skills
• Single-clicking on the Delete button removes the entire scenario including all the PDUs
associated with it.
• Double-clicking on (delete) in the far right column in the PDU List window deletes
individual PDUs.
• The Reset Simulation button clears all entries in the Event List, except for User Created
PDUs, and allows the animation to restart. This, however, does not reset the device tables.
• The Power Cycle Devices button turns all of the devices in the network off and on so the
tables that the devices built are lost along with configurations and other information not
saved.
• Saving work periodically prevents lost configurations and state changes in the network.
Congratulations on being ready to build and analyze many different networks in Packet Tracer!
Be aware that there are many other features that were not covered in this lab. To learn more,
please view
Configuring Switches
The Config tab for the switch offers three general levels of configuration: global, switching, and
interface. The global level offers the same settings as a router. The routing level also offers the
same configuration parameters as a router. The switching level, however, is where you can
manage the VLAN database of the switch. The interface level configurations also offer access to
the VLAN settings of the switch. Note that the Config tab provides an alternative to the Cisco
IOS CLI only for some simple, common features; to access the full set of switch commands that
have been modeled you must use the Cisco IOS CLI.
Throughout your configurations in the Config tab, the lower window will display the equivalent
Cisco IOS commands for all your actions.
Global Settings
In global settings, you can change the switch display name as it appears on the workspace and
the hostname as it appears in the Cisco IOS. You can also manipulate the switch configuration
files in these various ways:
• Erase the NVRAM (where the startup configuration is stored).

• Save the current running configuration to the NVRAM.
• Export the startup and running configuration to an external text file.
• Load an existing configuration file (in .txt format) into the startup configuration.
• Merge the current running configuration with another configuration file.
Algorithm Settings
In the Algorithm Settings, you can override the global Algorithm Settings by unchecking
Global Settings and then set your own values for the Maximum Number of Connections,
Maximum Number of Opened Sessions, and Storm Control Multiplier. For the Cisco
Catalyst 3560-24PS, you can also set the Half-Open Session Multiplier.
Routing Configuration (Cisco Catalyst 3560-24PS only)

The Cisco Catalyst 3560-24PS multilayer switch supports IP routing. You can make static routes
on the router by choosing the Static sub-panel. Each static route you add requires a network
address, subnet mask, and next hop address.
You can enable RIP version 1 on specified networks by choosing the RIP sub-panel. Enter an IP
address into the Network field and press the Add button. The RIP-enabled network is added to
the Network Address list. You can disable RIP on a network by clicking the Remove button to
remove it from the list.
VLAN Database Configuration
You can manage the VLANs of the switch from the VLAN Database sub-panel. You can add
VLANs by entering a name and a VLAN number and pressing the Add button. You can see all
existing VLAN entries in the list below the button. You can remove a VLAN by selecting it in
the list and then pressing the Remove button. To associate a particular interface with a VLAN,
go to the configuration panel of that interface.
Interface Configuration
Switches have only Ethernet-type interfaces. For each interface, you can set the Port Status (on
or off), Bandwidth, Duplex setting, VLAN Switch Mode, and Tx Ring Limit. By default, an
interface is a VLAN access port assigned to VLAN 1. You can use the drop-down menu on the
right side of the screen to reassign the port to another existing VLAN. You can also change an
interface into a VLAN trunk port, and then use the drop-down menu on the right to select the
VLANs you want that trunk to handle.
In Packet Tracer, the switch allows all VLANs (1 to 1005)
on a trunk port by default, even if the VLAN does not
actually exist on the switch. In the drop-down menu, you
can see the current VLANs and block (uncheck) them
from the trunk. However, you cannot block VLANs that
do not exist. This does not affect the functionality of the
switch. It is simply a way to display VLANs (or a range of
VLANs) that the trunk supports.
Configuring Routers
The Config tab offers four general levels of configuration: global, routing, switching (Cisco
1841 and Cisco 2811 only), and interface. To perform a global configuration, press the
GLOBAL button to expand the Settings button (if it has not already been expanded). To
configure routing, press the ROUTING button, and then choose Static or RIP. To configure
switching, press the SWITCHING button to expand the VLAN Database button. To configure
an interface, press the INTERFACE button to expand the list of interfaces, and then choose the
interface. Note that the Config tab provides an alternative to the Cisco IOS CLI only for some
simple, common features; to access the full set of router commands that have been modeled you
must use the Cisco IOS CLI.
Throughout your configurations in the Config tab, the lower window will display the equivalent
Cisco IOS commands for all your actions.
Global Settings
In global settings, you can change the display name of the router as it appears on the workspace
and the hostname as it appears in the Cisco IOS. You can also manipulate the router
configurations files in these various ways:
• Erase the NVRAM (where the startup configuration is stored).

• Save the current running configuration to the NVRAM.
• Export the startup and running configuration to an external text file.
• Load an existing configuration file (in .txt format) into the startup configuration.
• Merge the current running configuration with another configuration file.
Algorithm Settings
In the Algorithm Settings, you can override the global Algorithm Settings by unchecking
Global Settings and then set your own values for the Half-Open Session Multiplier,
Maximum Number of Connections, and Maximum Number of Opened Sessions. For the
Cisco 1841 and Cisco 2811, you can also set the Storm Control Multiplier.
Routing Configuration
You can make static routes on the router by choosing the Static sub-panel. Each static route you
add requires a network address, subnet mask, and next hop address.
You can enable RIP version 1 on specified networks by choosing the RIP sub-panel. Enter an IP
address into the Network field and press the Add button. The RIP-enabled network is added to
the Network Address list. You can disable RIP on a network by clicking the Remove button to
remove it from the list.
VLAN Database Configuration (Cisco 1841 and Cisco 2811 only)
The Cisco 1841 and 2811 routers support VLAN configuration. You can manage the VLANs on
the router from the VLAN Database sub-panel. You can add VLANs by entering a name and a
VLAN number and pressing the Add button. You can see all existing VLAN entries in the list
below the button. You can remove a VLAN by selecting it in the list and then pressing the
Remove button.
Interface Configuration
A router can support a wide range of interfaces including serial, modem, copper Ethernet, and
fiber Ethernet. Each interface type may have different configuration options, but in general, you
can set the Port Status (on or off), IP Address, Subnet Mask, and Tx Ring Limit. For Ethernet
interfaces, you can also set the MAC Address, Bandwidth, and Duplex setting. For serial
interfaces, you can set the Clock Rate setting.
User Mode
• <1-99>
• connect
• disconnect
• enable [ <1-15> | view [ WORD ] ]
• exit
• logout
• ping WORD
• resume [ <1-16> | WORD ]
• show
o cdp
 entry
 * [ protocol | version ]
 WORD [ protocol | version ]
 interface
 Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 Serial <0-9>/<0-24>
 neighbors [ detail ]
o clock
o controllers
 Ethernet <0-9>/<0-24>
 FastEthernet <0-9>/<0-24>
 GigabitEthernet <0-9>/<0-24>
 Serial <0-9>/<0-24>
o flash:
o frame-relay
 lmi
 map
 pvc
 <16-1022>
 interface Serial <0-9>/<0-24> [ <16-1022> ]
o history
o hosts
o interfaces
 Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ switchPort ]
 FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ switchPort ]
 GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ switchPort ]
 Loopback <0-2147483647>
 Serial <0-9>/<0-24>
 Vlan <1-1005>
 switchport
 trunk
o ip
 dhcp binding
 eigrp
 interfaces [ <1-65535> ]
 neighbors [ <1-65535> ]
 topology [ <1-65535> ] [ A.B.C.D A.B.C.D ]
 all-links
 traffic [ <1-65535> ]
 interface
 Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 Loopback <0-2147483647>
 Serial <0-9>/<0-24>
 Vlan <1-1005>
 brief
 nat translations
 ospf
 <1-65535>
 <0-4294967295>
 database
 interface
 Ethernet <0-9>/<0-24>[ . ][ <0-
4294967295> ]
 FastEthernet <0-9>/<0-24>[ . ][ <0-
4294967295> ]
 GigabitEthernet <0-9>/<0-24>[ . ][ <0-
4294967295> ]
 Loopback <0-2147483647>
 Serial <0-9>/<0-24>
 neighbor [ detail ]
 Ethernet <0-9>/<0-24>[ . ][ <0-
4294967295> ]
 FastEthernet <0-9>/<0-24>[ . ][ <0-
4294967295> ]
4294967295> ]
 Loopback <0-2147483647>
 Serial <0-9>/<0-24>
 A.B.C.D
 database
 interface
 Ethernet <0-9>/<0-24>[ . ][ <0-
4294967295> ]
 FastEthernet <0-9>/<0-24>[ . ][ <0-
4294967295> ]
4294967295> ]
 Loopback <0-2147483647>
 Serial <0-9>/<0-24>
 Ethernet <0-9>/<0-24>[ . ][ <0-
4294967295> ]
 FastEthernet <0-9>/<0-24>[ . ][ <0-
4294967295> ]
4294967295> ]
 Loopback <0-2147483647>
 Serial <0-9>/<0-24>
 database
 interface
 Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295>
]
4294967295> ]
 Loopback <0-2147483647>
 Serial <0-9>/<0-24>
 Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295>
]
4294967295> ]
 Loopback <0-2147483647>
 Serial <0-9>/<0-24>
 database
 interface
 Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 Loopback <0-2147483647>
 Serial <0-9>/<0-24>
 Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 Loopback <0-2147483647>
 Serial <0-9>/<0-24>
 border-routers
 protocols
 rip database
 route [ WORD | connected | eigrp | ospf <1-65535> | rip | static ]
 ssh
o protocols
o processes
o sessions
o ssh
o users
o version
o vlan-switch [ brief | id <1-1005> | name WORD ]
o vtp
 counters
 status
o ipv6
 interface
 Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 Loopback <0-2147483647>
 Serial <0-9>/<0-24>
 brief
 neighbors
 Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 Loopback <0-2147483647>
 Serial <0-9>/<0-24>
 route
 ospf
 rip database
 eigrp
 interfaces <1-65535>
 neighbors <1-65535>
 ospf
 <1-65535> database
 interface [interface]
 neighbor [interface] [detail]
 border-routers
 protocols
 nat translations
 dhcp
 interface
 pool
• telnet [ WORD ]
• traceroute WORD
Enable Mode
• <1-99>
• clear
o aaa local user user lockout [ all | username WORD ]
o access-list counters [ <1-199> | <1300-2699> | WORD ]
o arp-cache
o cdp table
o frame-relay [inarp | counter]
o ip
 nat translation *
 route [ * | A.B.C.D | A.B.C.D A.B.C.D ]
o ipv6
 nat translation *
o mac-address-table dynamic
o vtp counters
• clock set hh:mm:ss [ <1-31> MONTH <1993-2035> | MONTH <1-31> <1993-2035> ]
• configure [ terminal ]
• connect [ WORD ]
• copy
o running-config
 startup-config
 tftp:
o startup-config
 running-config
 tftp:
o tftp:
 flash:
 running-config
 startup-config
• debug
o aaa authentication
o crypto [ isakmp | ipsec ]
o custom-queue
o eigrp
 fsm
 packets
o ip
 icmp
 inspect
 detailed
 events
 function-trace
 object-creation
 object-deletion
 protocol [ http | icmp | tcp | udp ]
 timers
 nat
 ospf
 adj
 events
 packet
 rip [ events ]
 routing
o ipv6
 ospf
 adj
 events
o frame-relay lmi
o ppp [ authentication | negotiation | packet ]
• delete
o WORD
o flash:
• dir [ flash: ]
• disable
• disconnect <1-16>
• enable [ <1-15> | view [ WORD ] ]
• erase startup-config
• exit
• logout
• mkdir [ WORD | flash: ]
• more file
• no
o debug
 all
 aaa authentication
 crypto [ isakmp | ipsec ]
 custom-queue
 eigrp
 fsm
 packets
 ip
 icmp
 inspect
 detailed
 events
 function-trace
 object-creation
 object-deletion
 timers
 nat
 ospf
 adj
 events
 packet
 rip [ events ]
 routing
 ipv6
 ospf
 adj
 events
 frame-relay lmi
 ppp [ authentication | negotiation | packet ]
• ping [ WORD ]
o [ Protocol ] [ Target IP address ] [ Repeat count ] [ Datagram size ] [ Timeout in
seconds ] [ Extended commands ] [ Sweep range of sizes ]
• reload
• resume [ <1-16> | WORD ]
• mkdir [ WORD | flash: ]
• setup
• show
o aaa
 local user lockout
 sessions
 user [ <1-4294967295> | all ]
o access-lists [ <1-999> | WORD ]
o arp
o cdp
 entry
 * [ protocol | version ]
 WORD [ protocol | version ]
 interfaces
 Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 Serial <0-9>/<0-24>
 neighbors [ detail ]
o class-map [ WORD ]
o clock
o controllers
 Ethernet <0-9>/<0-24>
 FastEthernet <0-9>/<0-24>
 GigabitEthernet <0-9>/<0-24>
 Serial <0-9>/<0-24>
o crypto
 isakmp [ policy | sa ]
 ipsec [ sa | transform-set ]
 map
o debugging
o dhcp lease
o flash:
o frame-relay
 lmi
 map
 pvc
 <16-1022>
 interface Serial <0-9>/<0-24> [ <16-1022> ]
o history
o hosts
o interfaces
 Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ switchPort ]
 FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ switchPort ]
 GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ switchPort ]
 Loopback <0-2147483647>
 Serial <0-9>/<0-24>
 Tunnel <0-2147483647>
 Vlan <1-1005>
 switchport
 trunk
o ip
 access-lists [ <1-199> | WORD ]
 arp
 dhcp binding
 eigrp
 interfaces [ <1-65535> ]
 neighbors [ <1-65535> ]
 topology [ <1-65535> ] [ A.B.C.D A.B.C.D ]
 all-links
 traffic [ <1-65535> ]
 inspect
 all
 config
 interfaces
 name WORD
 sessions [ detail ]
 statistics
 interface
 Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 Loopback <0-2147483647>
 Serial <0-9>/<0-24>
 Vlan <1-1005>
 brief
 ips
 all
 configuration
 signatures
 count
 sigid WORD subid WORD
 nat [translations | statistics]
 ospf
 <1-65535>
 <0-4294967295>
 database
 interface
 Ethernet <0-9>/<0-24>[ . ][ <0-
4294967295> ]
 FastEthernet <0-9>/<0-24>[ . ][ <0-
4294967295> ]
4294967295> ]
 Loopback <0-2147483647>
 Serial <0-9>/<0-24>
 Ethernet <0-9>/<0-24>[ . ][ <0-
4294967295> ]
 FastEthernet <0-9>/<0-24>[ . ][ <0-
4294967295> ]
4294967295> ]
 Loopback <0-2147483647>
 Serial <0-9>/<0-24>
 A.B.C.D
 database
 interface
 Ethernet <0-9>/<0-24>[ . ][ <0-
4294967295> ]
 FastEthernet <0-9>/<0-24>[ . ][ <0-
4294967295> ]
4294967295> ]
 Loopback <0-2147483647>
 Serial <0-9>/<0-24>
 Ethernet <0-9>/<0-24>[ . ][ <0-
4294967295> ]
 FastEthernet <0-9>/<0-24>[ . ][ <0-
4294967295> ]
4294967295> ]
 Loopback <0-2147483647>
 Serial <0-9>/<0-24>
 database
 interface
 Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295>
]
4294967295> ]
 Loopback <0-2147483647>
 Serial <0-9>/<0-24>
 Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295>
]
4294967295> ]
 Loopback <0-2147483647>
 Serial <0-9>/<0-24>
 database
 interface
 Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 Loopback <0-2147483647>
 Serial <0-9>/<0-24>
 Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 Loopback <0-2147483647>
 Serial <0-9>/<0-24>
 protocols
 rip database
 route [ WORD | connected | eigrp | ospf <1-65535> | rip | static ]
o logging
o mac-address-table [ static ]
o ntp status
o parser view
o policy-map
 WORD
 interface
 Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 Serial <0-9>/<0-24>
 type inspect zone-pair sessions
o privilege
o processes
o protocols
o queue
 Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 Serial <0-9>/<0-24>
o queueing
o running-config
o secure [ bootset ]
o sessions
o snmp
o spanning-tree [ vlan <1-1005> ]
o startup-config
o terminal
o users
o version
o vlan-switch [ brief | id <1-1005> | name WORD ]
o vtp
 counters
 status
• ssh -l WORD WORD
• terminal history size <0-256>
• telnet [ WORD ]
• traceroute [ WORD ]
o [ Protocol ] [ Target IP address ] [ Source address ] [ Numeric display ]
[ Timeout in seconds ] [ Probe count ] [ Minimum Time to Live ] [ Maximum Time to
Live ]
• undebug
o all
o aaa authentication
o crypto [ isakmp | ipsec ]
o custom-queue
o eigrp
 fsm
 packets
o ip
 icmp
 inspect
 detailed
 events
 function-trace
 object-creation
 object-deletion
 timers
 nat
 ospf
 adj
 events
 packet
 rip [ events ]
 routing
o ipv6
 ospf
 adj
 events
o frame-relay lmi
o ppp [ authentication | negotiation | packet ]
• vlan database
• write [ erase | memory | terminal ]

Global Mode
• aaa
o authentication
 enable default
 enable
 group [ radius | tacacs+ ]
 local
 none
o authorization
 [ exec | network ] [ WORD | default ]
 if-authenticated
 local
 none
o new-model
• access-list (named ACL is under the "ip access-list" branch in Global Mode)
o <1-99>
 [ deny | permit ] [ A.B.C.D | any | host A.B.C.D ]
 [ deny | permit ] [ A.B.C.D A.B.C.D ]
 remark LINE
o <100-199>
 [ deny | permit ] [ icmp | ip ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ]
[ A.B.C.D A.B.C.D | any | host A.B.C.D ]
 [ deny | permit ] [ tcp | udp ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ]
[ A.B.C.D A.B.C.D | any | eq <0-65535> | host A.B.C.D | gt <0-65535> | lt <0-
65535> | neq <0-65535> | range <0-65535> <0-65535> ] [ eq <0-65535> | gt <0-
65535> | lt <0-65535> | neq <0-65535> | range <0-65535> <0-65535> ]
 remark LINE
• banner
o motd LINE
o login LINE
• boot system flash WORD
• cdp run
• class-map [ type inspect ] [ match-all | match-any ] WORD
• clock timezone WORD <-23 - 23> [ <0-59> ]
• config-register WORD
• crypto
o dynamic-map WORD <1-65535> [ ipsec-isakmp ]
o ipsec
 security-association lifetime seconds <120-86400>
 transform-set WORD [ ah-md5-hmac | ah-sha-hmac ]
 esp-3des [ esp-md5-hmac | esp-sha-hmac ]
 esp-aes [ 128 | 192 | 256 ] [ esp-md5-hmac | esp-sha-hmac ]
 esp-des [ esp-md5-hmac | esp-sha-hmac ]
 esp-md5-hmac
 esp-sha-hmac
o isakmp
 client configuration group WORD
 key WORD address A.B.C.D [ A.B.C.D ]
 policy <1-10000>
o key [ generate | zeroize ] rsa
o map WORD
 <1-65535> [ ipsec-isakmp ] [dynamic WORD ]
 client [ authentication list WORD | configuration address respond ]
 isakmp authorization list WORD
• do LINE
• enable
o password
 7 WORD
 LINE
 level <1-15>
 7 WORD
 LINE
o secret
 [ 0 | 5 ] LINE
 level <1-15>
 [ 0 | 5 ] LINE
• end
• exit
• hostname WORD
• interface
o Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
o FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
o GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
o Loopback <0-2147483647>
o Serial <0-9>/<0-24> [ multipoint | point-to-point ]
o Tunnel <0-2147483647>
o Vlan <1-1005>
o range
 Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 Loopback <0-2147483647>
 Serial <0-9>/<0-24> [ multipoint | point-to-point ]
 Vlan <1-1005>
• ip
o access-list
 extended
 <100-199>
 WORD
 standard
 <1-99>
 WORD
o default-network A.B.C.D
o dhcp
 excluded-address A.B.C.D [ A.B.C.D ]
 pool WORD
o domain-lookup
o domain-name WORD
o host WORD A.B.C.D [ A.B.C.D ] [ A.B.C.D ]
o inspect
 alert-off
 audit-trail
 dns-timeout <1-2147483>
 max-incomplete [ high | low ] <1-2147483647>
 name WORD [ protocol ]
 alert [ off | on ]
 audit-trail [ off | on ]
 timeout <5-43200>
 one-minute [ high | low ] <1-2147483647>
 tcp [ finwait-time | idle-time | synwait-time ] <1-2147483>
 udp idle-time <1-2147483>
o ips
 config location [ WORD [ retries <1-5>] ]
 fail closed
 name WORD [ list [ <1-199> | WORD ] ]
 notify log
 signature-category
 signature-definition
o local pool WORD A.B.C.D A.B.C.D
o name-server [A.B.C.D] [X:X:X:X::X]
o nat
 inside source
 list [ <1-199> | WORD ] interface [ Ethernet | FastEthernet |
GigabitEthernet | Serial ] <0-9>/<0-24>[ . ][ <0-4294967295> ] [ overload ]
 list [ <1-199> | WORD ] pool WORD [ overload ]
 static
 A.B.C.D A.B.C.D
 tcp A.B.C.D <1-65535> A.B.C.D <1-65535>
 udp A.B.C.D <1-65535> A.B.C.D <1-65535>
 outside source
 list [ <1-199> | WORD ] pool WORD
 static
 A.B.C.D A.B.C.D
 tcp A.B.C.D <1-65535> A.B.C.D <1-65535>
 udp A.B.C.D <1-65535> A.B.C.D <1-65535>
 pool WORD A.B.C.D A.B.C.D netmask A.B.C.D
o route A.B.C.D A.B.C.D
 A.B.C.D [ <1-255> ]
 Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ <1-255> ]
 FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ <1-255> ]
 GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ <1-255> ]
 Loopback <0-2147483647> [ <1-255> ]
 Serial <0-9>/<0-24> [ <1-255> ]
 Vlan <1-1005> [ <1-255> ]
o ssh version <1-2>
• ipv6
o general-prefix prefix-name
 ipv6-prefix/prefix-length
o neighbor X:X:X:X::X
 Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] H.H.H
 FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] H.H.H
 GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] H.H.H
 Loopback <0-2147483647> H.H.H
 Serial <0-9>/<0-24> H.H.H
 Vlan <1-1005> H.H.H
o unicast-routing
o route X:X:X:X::X/<0-128>
 Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ <1-254> ]
 FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ <1-254> ]
 GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ <1-254> ]
 Loopback <0-2147483647> [ <1-254> ]
 Serial <0-9>/<0-24> [ <1-254> ]
 Vlan <1-1005> [ <1-254> ]
 X:X:X:X::X [ <1-254> ]
o
o router
 eigrp <1-65535>
 ospf <1-65535>
 rip WORD
o dhcp pool WORD
o access-list WORD
o nat
 prefix X:X:X:X::X/<0-128>
 v4v6
 pool WORD X:X:X:X::X X:X:X:X::X
 source A.B.C.D X:X:X:X::X
 source list WORD [pool] WORD
 v6v4
 pool WORD A.B.C.D A.B.C.D
 source X:X:X:X::X A.B.C.D
 source list WORD [pool WORD | interface] [overload]
o host WORD X:X:X:X::X [X:X:X:X::X] [X:X:X:X::X]
• line
o <0-81> [ <1-81> ]
o console <0-0>
o vty <0-15> [ <1-15> ]
• logging
o A.B.C.D
o buffered <4096-2147483647>
o console
o host A.B.C.D
o on
o trap [ debugging ]
o userinfo
• mac-address-table static H.H.H interface
o Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] vlan <1-1005>
o FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] vlan <1-1005>
o GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] vlan <1-1005>
• no
o aaa
 authentication
 enable default
 enable
 local
 none
 authorization
 [ exec | network ] [ WORD | default ]
 if-authenticated
 local
 none
 new-model
o access-list [ <1-99> | <100-199> ]
o banner [login | motd]
o boot system flash WORD
o cdp run
o class-map [ type inspect ] [ match-all | match-any ] WORD
o clock timezone
o config-register
o crypto
 dynamic-map WORD <1-65535> [ ipsec-isakmp ]
 ipsec
 security-association lifetime seconds <120-86400>
 transform-set WORD [ ah-md5-hmac | ah-sha-hmac ]
 esp-3des [ esp-md5-hmac | esp-sha-hmac ]
 esp-aes [ 128 | 192 | 256 ] [ esp-md5-hmac | esp-sha-
hmac ]
 esp-des [ esp-md5-hmac | esp-sha-hmac ]
 esp-md5-hmac
 esp-sha-hmac
 isakmp
 client configuration group WORD
 key WORD address A.B.C.D [ A.B.C.D ]
 policy <1-10000>
 map WORD
 <1-65535> [ ipsec-isakmp ] [dynamic WORD ]
 client [ authentication list WORD | configuration address
respond ]
 isakmp authorization list WORD
o enable
 password
 7 WORD
 level <1-15>
 secret
 level <1-15>
o hostname
o interface
 Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 Loopback <0-2147483647>
 Serial <0-9>/<0-24>
 Vlan <1-1005>
o ip
 access-list
 extended [ <100-199> | WORD ]
 standard [ <1-99> | WORD ]
 default-network A.B.C.D
 dhcp
 excluded-address A.B.C.D [ A.B.C.D ]
 pool WORD
 domain-lookup
 domain-name
 host WORD [ A.B.C.D ] [ A.B.C.D ] [ A.B.C.D ]
 inspect
 alert-off
 audit-trail
 dns-timeout <1-2147483>
 max-incomplete [ high | low ] <1-2147483647>
 name WORD [ protocol ]
 alert [ off | on ]
 audit-trail [ off | on ]
 timeout <5-43200>
 one-minute [ high | low ] <1-2147483647>
 tcp [ finwait-time | idle-time | synwait-time ] <1-2147483>
 udp idle-time <1-2147483>
 ips
 config location [ WORD [ retries <1-5>] ]
 fail closed
 name WORD [ list [ <1-199> | WORD ] ]
 notify log
 signature-category
 local pool WORD A.B.C.D A.B.C.D
 name-server
 nat
 inside source
 list [ <1-199> | WORD ]
 static
 A.B.C.D A.B.C.D
 tcp A.B.C.D <1-65535> A.B.C.D <1-65535>
 udp A.B.C.D <1-65535> A.B.C.D <1-65535>
 outside source
 list [ <1-199> | WORD ] pool WORD
 static
 A.B.C.D A.B.C.D
 tcp A.B.C.D <1-65535> A.B.C.D <1-65535>
 udp A.B.C.D <1-65535> A.B.C.D <1-65535>
 pool WORD
 route A.B.C.D A.B.C.D
 <1-255>
 A.B.C.D [ <1-255> ]
 Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ <1-255> ]
 FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ <1-255> ]
 GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ <1-
255> ]
 Loopback <0-2147483647> [ <1-255> ]
 Serial <0-9>/<0-24> [ <1-255> ]
 Vlan <1-1005> [ <1-255> ]
 ssh version
o ipv6
 dhcp pool WORD
 general-prefix prefix-name
 ipv6-prefix/prefix-length
 access-list WORD
 nat
 prefix X:X:X:X::X/<0-128>
 v4v6
 pool WORD X:X:X:X::X X:X:X:X::X
 source A.B.C.D X:X:X:X::X
 source list WORD [pool] WORD
 v6v4
 pool WORD A.B.C.D A.B.C.D
 source X:X:X:X::X A.B.C.D
 source list WORD [pool WORD | interface] [overload]
 neighbor X:X:X:X::X
 Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 Loopback <0-2147483647>
 Serial <0-9>/<0-24>
 Vlan <1-1005>
 route X:X:X:X::X/<0-128>
 Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ <1-254> ]
 FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ <1-254> ]
 GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ <1-
254> ]
 Loopback <0-2147483647> [ <1-254> ]
 Serial <0-9>/<0-24> [ <1-254> ]
 Vlan <1-1005> [ <1-254> ]
 X:X:X:X::X [ <1-254> ]
 router
 eigrp <1-65535>
 ospf <1-65535>
 rip WORD
 unicast-routing
 host WORD
o logging
 A.B.C.D
 buffered
 console
 host A.B.C.D
 on
 trap [ debugging ]
 userinfo
o mac-address-table static H.H.H int
 Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] vlan <1-1005>
 FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] vlan <1-1005>
 GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] vlan <1-1005>
o ntp
 authenticate
 authentication-key <1-4294967295>
 server A.B.C.D
 trusted-key <1-4294967295>
 update-calendar
o parser view WORD
o policy-map [ type inspect ] WORD
o priority-list <1-16>
 default
 protocol
 ip [ high | low | medium | normal ] [ list <1-199> | tcp <0-
65535> | udp <0-65535> ]
 ipv6 [ high | low | medium | normal ]
 queue-limit
o privilege [ configure | exec | interface | line | router ] [ all ] [ level <0-15> ]
LINE
o queue-list <1-16>
 default
 protocol
 ip <0-16>
 list [ <1-199> | <1300-2699> ]
 tcp <0-65535>
 udp <0-65535>
 ipv6 <0-16>
 queue <0-16>
 byte-count <1-16777215> [ limit <0-32767> ]
 limit <0-32767> [ byte-count <1-16777215> ]
o router
 eigrp <1-65535>
 ospf <1-65535>
 rip
o service
 nagle
 password-encryption
 timestamps [ debug | log ] datetime msec
o snmp-server [ community WORD [ ro | rw ] ]
o spanning-tree vlan <1-1005> priority
o tacacs-server
 host A.B.C.D
 key LINE
 single-connection key LINE
 key LINE
o username WORD
o zone security WORD
o zone-pair security WORD source [ WORD | self ] destination [ WORD | self ]
• ntp
o authenticate
o authentication-key <1-4294967295> md5 WORD [ <0-4294967295> ]
o server A.B.C.D [ key <0-4294967295> ]
o trusted-key <1-4294967295>
o update-calendar
• parser view WORD
• policy-map [ type inspect ] WORD
• priority-list <1-16>
o default [ high | low | medium | normal ]
o protocol
 ip [ high | low | medium | normal ] [ list <1-199> | tcp <0-65535> | udp
<0-65535> ]
 ipv6 [ high | low | medium | normal ]
o queue-limit <0-32767> <0-32767> <0-32767> <0-32767>
• privilege [ configure | exec | interface | line | router ] [ all ] [ level <0-15> | reset ]
LINE
• queue-list <1-16>
o default <0-16>
o protocol
 ip <0-16>
 list [ <1-199> | <1300-2699> ]
 tcp <0-65535>
 udp <0-65535>
 ipv6 <0-16>
o queue <0-16>
 byte-count <1-16777215> [ limit <0-32767> ]
 limit <0-32767> [ byte-count <1-16777215> ]
• router
o eigrp <1-65535>
o ospf <1-65535>
o rip
• service
o nagle
o password-encryption
o timestamps [ debug | log ] datetime msec
• snmp-server community WORD [ ro | rw ]
• spanning-tree vlan <1-1005> priority <0-61440>
• tacacs-server
o host A.B.C.D
 key LINE
 single-connection key LINE
o key LINE
• username WORD [ privilege <0-15> ]
o password
 0 LINE
 7 WORD
 LINE
o secret
 0 LINE
 5 WORD
 LINE
• zone security WORD
• zone-pair security WORD source [ WORD | self ] destination [ WORD | self ]

Standard Access List Configuration Mode
• default
o deny
 A.B.C.D [ A.B.C.D ]
 any
 host A.B.C.D
o permit
 A.B.C.D [ A.B.C.D ]
 any
 host A.B.C.D
• deny
o A.B.C.D [ A.B.C.D ]
o any
o host A.B.C.D
• exit
• no
o deny
 A.B.C.D [ A.B.C.D ]
 any
 host A.B.C.D
o permit
 A.B.C.D [ A.B.C.D ]
 any
 host A.B.C.D
• permit
o A.B.C.D [ A.B.C.D ]
o any
o host A.B.C.D
• remark LINE
Extended Access List Configuration Mode
• default
o [ deny | permit ] [ icmp | ip ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ]
o [ deny | permit ] [ tcp | udp ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ]
65535> | neq <0-65535> | range <0-65535> <0-65535> ] [ eq <0-65535> | gt <0-
65535> | lt <0-65535> | neq <0-65535> | range <0-65535> <0-65535> ]
• deny
o [ icmp | ip ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D |
any | host A.B.C.D ]
o [ tcp | udp ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D |
any | eq <0-65535> | host A.B.C.D | gt <0-65535> | lt <0-65535> | neq <0-65535> |
range <0-65535> <0-65535> ] [ eq <0-65535> | gt <0-65535> | lt <0-65535> | neq
<0-65535> | range <0-65535> <0-65535> ]
• exit
• no
o [ deny | permit ] [ icmp | ip ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ]
o [ deny | permit ] [ tcp | udp ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ]
65535> | neq <0-65535> | range <0-65535> <0-65535> ] [ eq <0-65535> | gt <0-
65535> | lt <0-65535> | neq <0-65535> | range <0-65535> <0-65535> ]
• permit
o [ icmp | ip ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D |
any | host A.B.C.D ]
o [ tcp | udp ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D |
any | eq <0-65535> | host A.B.C.D | gt <0-65535> | lt <0-65535> | neq <0-65535> |
range <0-65535> <0-65535> ] [ eq <0-65535> | gt <0-65535> | lt <0-65535> | neq
<0-65535> | range <0-65535> <0-65535> ]
• remark LINE
Ethernet / FastEthernet / GigabitEthernet Interface Mode
• arp timeout <0-2147483>
• bandwidth <1-10000000>
• cdp enable
• crypto map WORD
• custom-queue-list <1-16>
• delay <1-16777215>
• description LINE
• duplex [ auto | full | half ]
• exit
• fair-queue [ <16-4096> ] [ <16-4096> ] [ <0-1000> ]
• hold-queue <0-4096> out
• ip
o access-group [ <1-199> | WORD ] [ in | out ]
o address
 A.B.C.D A.B.C.D
 dhcp
o hello-interval eigrp <1-65535> <1-65535>
o inspect WORD [ in | out ]
o ips WORD [ in | out ]
o mtu <68-1500>
o nat [ inside | outside ]
o ospf
 authentication [ message-digest | null ]
 authentication-key LINE
 cost <1-65535>
 dead-interval <1-65535>
 hello-interval <1-65535>
 message-digest-key <1-255> md5 LINE
 priority <0-255>
o split-horizon
o summary-address eigrp <1-65535> A.B.C.D A.B.C.D [ <1-255> ]
o virtual-reassembly
• ipv6
o address
 autoconfig
 ipv6-prefix/prefix length
 anycast
 eui-64
 ipv6-address
 linklocal
 prefix-name ipv6-prefix/prefix-length
o enable
o rip WORD
 default-information originate
 enable
o eigrp <1-65535>
o summary-address eigrp <1-65535> X:X:X:X::X/<0-128> [ <1-255> ]
o ospf
 <1-65535> area area-id [instance instance-id]
 cost <1-65535>
o dhcp
 client pd WORD
 server WORD
o nat
 prefix X:X:X:X::X/<0-128> [v4-mapped] [WORD]
o mtu <1280-1500>
• mac-address H.H.H
• mtu <64-1600>
• no
o arp timeout
o bandwidth
o cdp enable
o crypto map [ WORD ]
o custom-queue-list <1-16>
o delay
o description
o duplex
o fair-queue [ <16-4096> ] [ <16-4096> ] [ <0-1000> ]
o hold-queue [ <0-4096> ] out
o ip
 access-group [ <1-199> | WORD ] [ in | out ]
 address [ dhcp ]
 hello-interval eigrp <1-65535>
 inspect WORD [ in | out ]
 ips WORD [ in | out ]
 mtu <68-1500>
 nat [ inside | outside ]
 ospf
 authentication
 authentication-key
 cost
 dead-interval
 hello-interval
 message-digest-key <1-255>
 priority
 split-horizon
 summary-address eigrp <1-65535> A.B.C.D A.B.C.D [ <1-255> ]
 virtual-reassembly
o ipv6
 address
 autoconfig
 ipv6-prefix/prefix length
 anycast
 eui-64
 ipv6-address
 linklocal
 prefix-name ipv6-prefix/prefix-length
 dhcp
 client pd WORD
 server WORD
 eigrp <1-65535>
 ospf
 <1-65535> area area-id [instance instance-id]
 cost <1-65535>
 summary-address eigrp <1-65535> X:X:X:X::X/<0-128> [ <1-255> ]
 hello-interval eigrp <1-65535> <1-65535>
 nat
 rip WORD
 default-information originate
 enable
o mac-address
o mtu
o priority-group
o service-policy [ input | output ] WORD
o shutdown
o speed
o tx-ring-limit
o zone-member security WORD
• priority-group <1-16>
• service-policy [ input | output ] WORD
• shutdown
• speed [ 10 | 100 | 1000 | auto ] (10/100 options are only available for FastEthernet and
GigabitEthernet interfaces and 10/100/1000 options are only available for GigabitEthernet interfaces
respectively)
• tx-ring-limit <1-32767>
• zone-member security WORD

Ethernet / FastEthernet / GigabitEthernet Sub-Interface Mode
• bandwidth <1-10000000>
• delay <1-16777215>
• encapsulation dot1Q <1-1005> [ native ]
• exit
• ip
o address
 A.B.C.D A.B.C.D
 dhcp
o ospf
 cost <1-65535>
o split-horizon
• no
o arp timeout
o bandwidth
o delay
o description
o encapsulation dot1Q
o ip
 ospf
 authentication
 cost
 dead-interval
 hello-interval
 priority
 split-horizon
o shutdown
• shutdown
Serial Interface Mode
• bandwidth <1-10000000>
• cdp enable
• clock rate <1200-4000000> (only certain clock rates that are listed are valid)
• crypto map WORD
• custom-queue-list <1-16>
• delay <1-16777215>
• encapsulation
o hdlc
o ppp
o frame-relay [ ietf ]
• exit
• fair-queue [ <16-4096> ] [ <16-4096> ] [ <0-1000> ]
• frame-relay
o interface-dlci <16-1007>
o lmi-type [ ansi | cisco | q933a ]
o map ip A.B.C.D <16-1007>
 broadcast [ cisco | ietf ]
 cisco [ broadcast ]
 ietf [ broadcast ]
• hold-queue <0-4096> out
• ip
o address A.B.C.D A.B.C.D
o inspect WORD [ in | out ]
o ips WORD [ in | out ]
o mtu <68-1500>
o ospf
 cost <1-65535>
o split-horizon
o virtual-reassembly
• keepalive <0-30>
• mtu <64-17940>
• no
o bandwidth <1-10000000>
o cdp enable
o clock rate
o crypto map [ WORD ]
o custom-queue-list <1-16>
o delay
o description
o encapsulation
o fair-queue [ <16-4096> ] [ <16-4096> ] [ <0-1000> ]
o frame-relay
 interface-dlci <16-1007>
 lmi-type [ ansi | cisco | q933a ]
 map ip A.B.C.D
o hold-queue [ <0-4096> ] out
o ip
 inspect WORD [ in | out ]
 ips WORD [ in | out ]
 mtu <68-1500>
 ospf
 authentication
 cost
 dead-interval
 hello-interval
 priority
 split-horizon
 virtual-reassembly
o keepalive
o mtu
o ppp
 authentication
 pap sent-username
o priority-group <1-16>
o service-policy [ input | output ] WORD
o shutdown
o speed
o tx-ring-limit
o zone-member security WORD
• ppp
o authentication chap [ pap ]
o authentication pap [ chap ]
• priority-group <1-16>
• service-policy [ input | output ] WORD
• shutdown
• tx-ring-limit <1-32767>
• zone-member security WORD

Tunnel Interface Mode
• exit
• ip address A.B.C.D A.B.C.D
• no
o ip address [ A.B.C.D A.B.C.D ]
o shutdown
o tunnel [ destination | source ]
• shutdown
• tunnel
o destination A.B.C.D
o source
 Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 Loopback <0-2147483647>
 Serial <0-9>/<0-24>
VLAN Interface Mode
• bandwidth <1-10000000>
• delay <1-16777215>
• exit
• ip
o address
 A.B.C.D A.B.C.D
 dhcp
o ospf
 cost <1-65535>
o split-horizon
• mac-address H.H.H
• no
o arp timeout
o bandwidth
o delay
o description
o ip
 ospf
 authentication
 cost
 dead-interval
 hello-interval
 priority
 split-horizon
o mac-address
o shutdown
• shutdown
VLAN Configuration Mode
• exit
• no
o vlan <1-1005>
o vtp
 client
 password
 transparent
 v2-mode
• vlan <1-1005> [ name ] [ WORD ]
• vtp
o client
o domain WORD
o password WORD
o server
o transparent
o v2-mode
Line Configuration Mode
• access-class [ <1-199> | <1300-2699> | WORD ] [ in | out ]
• databits [ 5 | 6 | 7 | 8 ]
• default [ databits | flowcontrol | history size | parity | speed | stopbits ]
• exit
• exec-timeout <0-35791> [<0-2147483>]
• flowcontrol [ NONE | hardware | software ]
• history size <0-256>
• ipv6 access-class WORD [in | out]
• logging synchronous
• login
o authentication [ WORD | default ]
o local
• motd-banner
• no
o [ access-class [ <1-199> | <1300-2699> | WORD ] [ in | out ] | databits |
flowcontrol | history size | login | motd-banner | parity | password | session-limit |
speed | stopbits ]
o databits
o exec-timeout
o flowcontrol
o history size
o ipv6 access-class WORD [in | out]
o logging synchronous
o motd-banner
o parity
o password
o privilege level
o session-limit
o speed
o stopbits
o transport output
• parity [ even | mark | none | odd | space ]
• password
o 7 WORD
o LINE
• privilege level <0-15>
• session-limit <0-4294967295>
• speed <0-4294967295>
• stopbits [ 1 | 1.5 | 2 ]
• transport output [ all | none | ssh | telnet ]

Class-Map Configuration Mode
• exit
• match
o access-group <1-2699>
o any
o class-map WORD
o cos <0-7>
o destination-address mac H.H.H
o input-interface
 Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 Loopback <0-2147483647>
 Serial <0-9>/<0-24>
o ip
 dscp [ <0-63> | af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 |
af41 | af42 | af43 | cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7 | default | ef ]
 precedence [ <0-7> | critical | flash | flash-override | immediate |
internet | network | priority | routine ]
o not
 access-group <1-2699>
 class-map WORD
 cos <0-7>
 destination-address mac H.H.H
 input-interface
 Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 Loopback <0-2147483647>
 Serial <0-9>/<0-24>
 ip
 dscp [ <0-63> | af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32
| af33 | af41 | af42 | af43 | cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7 | default | ef ]
 precedence [ <0-7> | critical | flash | flash-override | immediate
| internet | network | priority | routine ]
 protocol [ arp | cdp | dhcp | dns | eigrp | ftp | http | icmp | ip | ipsec |
ipv6 | ospf | rip | ssh | tcp | telnet | tftp ]
 qos-group <0-1023>

o precedence [ <0-7> | critical | flash | flash-override | immediate | internet |
network | priority | routine ]
o protocol
 arp
 cdp
 dhcp
 dns
 eigrp
 ftp
 http [ host WORD | mime WORD | url WORD ]
 icmp
 ip
 ipsec
 ipv6
 ospf
 rip
 ssh
 tcp
 telnet
 tftp
o qos-group <0-1023>
• no
o description [ LINE ]
o match
 any
 class-map WORD
 cos <0-7>
 input-interface
 Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 Loopback <0-2147483647>
 Serial <0-9>/<0-24>
 ip
 not
 class-map WORD
 cos <0-7>
 input-interface
 Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 Loopback <0-2147483647>
 Serial <0-9>/<0-24>
 ip
 dscp [ <0-63> | af11 | af12 | af13 | af21 | af22 | af23 |
af31 | af32 | af33 | af41 | af42 | af43 | cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7 |
default | ef ]
 precedence [ <0-7> | critical | flash | flash-override |
immediate | internet | network | priority | routine ]
 protocol
 arp
 cdp
 dhcp
 dns
 eigrp
 ftp
 http [ host WORD | mime WORD | url WORD ]
 icmp
 ip
 ipsec
 ipv6
 ospf
 rip
 ssh
 tcp
 telnet
 tftp
 protocol [ arp | cdp | dhcp | dns | eigrp | ftp | http | icmp | ip | ipsec |
ipv6 | ospf | rip | ssh | tcp | telnet | tftp ]
Policy-Map Configuration Mode
• class [ type inspect ] [ WORD | class-default ]
• exit
• no
o class [ type inspect ] [ WORD | class-default ]

Policy-Map Class Configuration Mode
• bandwidth [ <8-2000000> | percent <1-100> | remaining percent <1-100> ]
• drop
• exit
• fair-queue [ <16-4096> ]
• inspect
• no
o bandwidth
o drop
o fair-queue
o inspect
o pass
o priority
o random-detect
 dscp-based
 prec-based
 precedence <0-7>
o service-policy WORD
o set
 ip
o shape average
• pass
• priority [ <8-2000000> | percent <1-100> ] [ <32-2000000> ]
• queue-limit <1-4096>
• random-detect
o dscp [ <0-63> | af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 |
af42 | af43 | cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7 | default | ef ] <1-4096> <1-4096>
[ <1-65535> ]
o dscp-based
o prec-based
o precedence <0-7> <1-4096> <1-4096> [ <1-65535> ]
• service-policy WORD
• set
o ip
o precedence [ <0-7> | critical | flash | flash-override | immediate | internet |
network | priority | routine ]
• shape average <8000-154400000>

Zone Security Configuration Mode
• exit
Zone-Pair Security Configuration Mode
• exit
• no
o service-policy type inspect WORD
• service-policy type inspect WORD

Crypto Map Configuration Mode
• exit
• match address [ <100-199> | WORD ]
• no
o match address
o set
 peer A.B.C.D
 pfs [ group1 | group2 | group5 ]
 security-association lifetime seconds
 transform-set
• set
o peer A.B.C.D
o pfs [ group1 | group2 | group5 ]
o security-association lifetime seconds <120-86400>
o transform-set WORD [ WORD ] [ WORD ] [ WORD ] [ WORD ] [ WORD ]

ISAKMP Configuration Mode
• authentication pre-share
• encryption [ 3des | aes [ 128 | 192 | 256 ] | des ]
• exit
• group [ 1 | 2 | 5 ]
• hash [ md5 | sha ]
• lifetime <60-86400>
• no
o authentication pre-share
o encryption [ 3des | aes [ 128 | 192 | 256 ] | des ]
o group [ 1 | 2 | 5 ]
o hash [ md5 | sha ]
o lifetime <60-86400>
IPS Signature Category Configuration Mode
• category [ all | ios_ips basic ]
• exit
• no
o category [ all | ios_ips basic ]

IPS Signature Category Action Configuration Mode
• exit
• no
o retired [ false | true ]
• retired [ false | true ]

IPS Signature Definition Configuration Mode
• exit
• retired <1-65535> [ <0-65535> ]

IPS Signature Definition Sig Configuration Mode
• engine
• exit
• status
IPS Signature Definition Sig Engine Configuration Mode
• event-action [ deny-packet-inline | produce-alert ]
• exit
• no
o event-action [ deny-packet-inline | produce-alert ]

IPS Signature Definition Sig Status Configuration Mode
• enabled [ false | true ]
• exit
• no
o enabled [ false | true ]
o retired [ false | true ]
• retired [ false | true ]

Parser View Configuration Mode
• commands [ configure | exec | interface | line | router ] include [ all ] LINE
• exit
• no
o commands [ configure | exec | interface | line | router ] include [ all ] LINE
o secret
• secret [ 0 | 5 ] LINE
Router EIGRP Mode
• auto-summary
• exit
• metric weights <0-8> <0-256> <0-256> <0-256> <0-256> <0-256>
• network A.B.C.D [ A.B.C.D ]
• redistribute
o connected [metric <1-4294967295> <0-4294967295> <0-255> <1-255> <1-
65535>]
o eigrp <1-65535> [metric <1-4294967295> <0-4294967295> <0-255> <1-
255> <1-65535>]
o rip [metric <1-4294967295> <0-4294967295> <0-255> <1-255> <1-65535>]
o static [metric <1-4294967295> <0-4294967295> <0-255> <1-255> <1-
65535>]
o ospf <1-65535> [ match { external [1 | 2] | internal | nssa-external } ] [ metric
bandwidth delay reliability effective BW MTU ]
• no
o auto-summary
o metric weights
o network A.B.C.D [ A.B.C.D
o redistribute
 connected [metric <1-4294967295> <0-4294967295> <0-255> <1-
255> <1-65535>]
 eigrp <1-65535> [metric <1-4294967295> <0-4294967295> <0-255>
<1-255> <1-65535>]
 rip [metric <1-4294967295> <0-4294967295> <0-255> <1-255> <1-
65535>]
 static [metric <1-4294967295> <0-4294967295> <0-255> <1-255>
<1-65535>]
 ospf <1-65535> [ match { external [1 | 2] | internal | nssa-external } ]
[ metric bandwidth delay reliability effective BW MTU ]
o passive-interface
 Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 Loopback <0-2147483647>
 Serial <0-9>/<0-24>
 default
o variance <1-128>
• passive-interface
o Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
o FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
o Loopback <0-2147483647>
o Serial <0-9>/<0-24>
o default
• variance <1-128>
IPv6 Router Eigrp Mode
• router-id A.B.C.D
• metric weights <0-8> <0-255> <0-255> <0-255> <0-255> <0-255>
• shutdown
• no
o router-id
o metric weights <0-8> <0-255> <0-255> <0-255> <0-255> <0-255>
o shutdown
Router OSPF Mode
• area
o [ <0-4294967295> | A.B.C.D ] authentication [ message-digest ]
o [ <0-4294967295> | A.B.C.D ] nssa [no-summary]
o [ <0-4294967295> | A.B.C.D ] virtual-link A.B.C.D
• default-information originate
• exit
• log-adjacency-changes [ detail ]
• network A.B.C.D A.B.C.D area [ <0-4294967295> | A.B.C.D ]
• redistribute
o connected [metric <0-16777214>] [subnets]
o eigrp <1-65535> [metric <0-16777214>] [subnets]
o ospf <1-65535> [ match { external [1 | 2] | internal | nssa-external } ] [ metric
ospf-default-metric ] [subnets]
o rip [metric <0-16777214>] [subnets]
o static [metric <0-16777214>] [subnets]
• no
o area
 [ <0-4294967295> | A.B.C.D ] authentication [ message-digest ]
 [ <0-4294967295> | A.B.C.D ] nssa [no-summary]
 [ <0-4294967295> | A.B.C.D ] virtual-link A.B.C.D
o default-information
o log-adjacency-changes [ detail ]
o network A.B.C.D A.B.C.D area [ <0-4294967295> | A.B.C.D ]
o redistribute
 connected [metric <0-16777214>] [subnets]
 eigrp <1-65535> [metric <0-16777214>] [subnets]
 ospf <1-65535> [ match { external [1 | 2] | internal | nssa-external } ]
[ metric ospf-default-metric ] [subnets]
 rip [metric <0-16777214>] [subnets]
 static [metric <0-16777214>] [subnets]
o passive-interface
 Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 Loopback <0-2147483647>
 Serial <0-9>/<0-24>
 default
o Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
o FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
o Loopback <0-2147483647>
o Serial <0-9>/<0-24>
o default
IPv6 Router Ospf Mode
• router-id A.B.C.D
• area area-id
o default-cost <0-16777215>
o nssa [no-summary]
o stub [no-summary]
o virtual-link A.B.C.D
• log-adjacency-changes [ detail ]
o Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
o FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
o Loopback <0-2147483647>
o Serial <0-9>/<0-24>
o default
• no
o log-adjacency-changes [ detail ]
o passive-interface
 Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 Loopback <0-2147483647>
 Serial <0-9>/<0-24>
 default
Router RIP Mode
• auto-summary
• default-information originate
• distance <1-255>
• exit
• network A.B.C.D
• redistribute
o connected [metric [<0-16> | transparent]]
o eigrp <1-65535> [metric [<0-16> | transparent]]
o static [metric [<0-16> | transparent]]
o ospf <1-65535> [ match { external [1 | 2] | internal | nssa-external }] [ metric
default-metric ]
• no
o auto-summary
o default-information
o distance <1-255>
o network A.B.C.D
o redistribute
 connected [metric [<0-16> | transparent]]
 eigrp <1-65535> [metric [<0-16> | transparent]]
 static [metric [<0-16> | transparent]]
 ospf <1-65535> [ match { external [1 | 2] | internal | nssa-external }]
[ metric default-metric ]
o passive-interface
 Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
 Loopback <0-2147483647>
 Serial <0-9>/<0-24>
 default
o timers basic
o version <1-2>
o Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
o FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
o Loopback <0-2147483647>
o Serial <0-9>/<0-24>
o default
• timers basic <0-4294967295> <1-4294967295> <0-4294967295> <1-4294967295>
• version <1-2>
IPv6 Router RIP Mode
• distance <1-254>
• no distance
DHCP Pool Configuration Mode
• default-router A.B.C.D
• dns-server A.B.C.D
• exit
• network A.B.C.D A.B.C.D
• no dns-server
IPv6 DHCP Pool Configuration Mode
• prefix-delegation
o X:X:X:X::X/<0-128> WORD [lifetime] <60-4294967295>
o pool WORD [lifetime] <60-4294967295>
• dns-server X:X:X:X::X
• exit
• no
o prefix-delegation
 X:X:X:X::X/<0-128> WORD [lifetime] <60-4294967295>
 pool WORD [lifetime] <60-4294967295>

Rommon Mode
• boot
• confreg config-register-number
• dir flash:
• help
• reset
• set
• tftpdnld
• unset variable
• variable=value

Packet Tracer

Încărcat de

Informații document

Descriere originală:

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Packet Tracer

Încărcat de

Drepturi de autor:

Formate disponibile

Packet Tracer

• Use virtual routers instead of real ones

• switch 2950 Switch(Use)

Configure IP on the PC. Has to be on the same network

Verifying Connectivity using Ping

2621 Series Router( 2 of them used)

Pc is directly connected to Router this time

* You can freely resize the User Created Packet

Cable Type Description

Link Light Status Meaning

Workspaces and Modes

Simulation Mode: PDU Information

The In Layer is meant to be read starting from bottom to

Creating a First Network (View Tutorial)

Congratulations on creating your first network.

III. Sending Simple Test Messages in Realtime Mode (View Tutorial)

1. Start by opening the file saved in the last section.

IV. Establishing a Web Server Connection Using the PC’s Web

1. Open the file saved from the previous section.

Congratulations on successfully establishing a web server connection.

V. Capturing Events and Viewing Animations in Simulation Mode

1. Open the previously saved file.

VI. Looking Inside Packets in Simulation Mode (View Tutorial)

1. Open the file saved from the previous section.

VIII. Reviewing Your New Skills

• Erase the NVRAM (where the startup configuration is stored).

Routing Configuration (Cisco Catalyst 3560-24PS only)

• Erase the NVRAM (where the startup configuration is stored).

• write [ erase | memory | terminal ]

• zone-pair security WORD source [ WORD | self ] destination [ WORD | self ]

• zone-member security WORD

• zone-member security WORD

• transport output [ all | none | ssh | telnet ]

o class [ type inspect ] [ WORD | class-default ]

• shape average <8000-154400000>

• service-policy type inspect WORD

o transform-set WORD [ WORD ] [ WORD ] [ WORD ] [ WORD ] [ WORD ]

o category [ all | ios_ips basic ]

• retired [ false | true ]

• retired <1-65535> [ <0-65535> ]

o event-action [ deny-packet-inline | produce-alert ]

• retired [ false | true ]

 pool WORD [lifetime] <60-4294967295>

S-ar putea să vă placă și