-->
Network Site Protection Cisco IOS Commands
General commands
Here are some general and simple commands shown
NAT Entries
Network Address Translation (NAT) entries is used for translating the where traffic a specific port should be sent. I.e. traffic from the outside WAN on port 21 should go to the FTP server and traffic on port 80 should end up at the WWW server. This is accomplished using NAT.
Uploading and downloading configurations and IOS to the router
The FLASH memory is the memory area that contains the IOS. NVRAM is the memory that holds the configuration.
Monitoring of router and swiche
To monitor IOS equipment using Simple Network Management Protocol (SNMP) require that community stings are defined
DHCP
In case you did not finde what you where looking for try this page
Where 192.168.1.1 is the IP-adresse of the router
Connect to the router -> enable -> config. Type:
ip nat ins sou sta tcp 192.168.1.1 23 int dialer0 23000
Now you have outside telnet access on port 23000. NB. This also makes your router more open for hacker attack.
enable or en
After a succesfull login the prompt will have changed to Router#
To end Priviliged mode type:
disable
Remember to save any changes that are made by typing: write
Connect to the router, go to enable mode and type:
reloadPress enter when prompted to confirm.
sh run or wr t
int dialer0
time abs <minutter>
line vty 0 4
password <PASS>
line con 0
password <PASS>
To change the Enable password:
no enable secret
enable secret <PASS>
In some cases the command above will not be succesfull, because the entry is in use. If this is the case type the following before going into config mode.
clear ip nat translation *
This satisfy the requirement from some firewalls that the routers ip address have to be on the same network as the wan link on the firewall. Trafic to DMZ and firewall is now going directly through the router to the firewall.
clear ip nat translation *
configure terminal
no ip nat inside source static 192.168.1.2 <external ip>
ip nat inside source static 192.168.0.2 <external ip>
write
reload
Connect to the router -> enable mode
copy nvram tftp://xx.xx.xx.xx/config.cfg
This saves a configuration file to the TFTP server at ip xx.xx.xx.xx
Connect to the router -> enable mode
copy tftp://xx.xx.xx.xx/config.cfg nvram
This loads a configuration file to the TFTP server at ip xx.xx.xx.xx
Connect to the router -> enable mode
delete nvram
This removes all configuration parameters and returns the router/switch to factory default settings.
Connect to the router -> enable mode and type :
sh flash
This will show the files stored in the flash memory.
System flash directory:
File Length Name/status
1 3641684 soho70-y1-mz.123-6.bin
[3641748 bytes used, 4746860 available, 8388608 total]
8192K bytes of processor board System flash (Read/Write)
In this case an image called soho70-y1-mz.123-6.bin
To back up this file type:
copy flash tftp://192.168.1.2/xxxxx.bin
Source filename [soho70-y1-mz.123-6.bin]?
Address or name of remote host [192.168.1.2]?
Destination filename [xxxxx.bin]?
Where 192.168.1.2 is the ip-address of the tftp server. When prompted for the source file name type the file name found using the sh flash command. xxxxxx.bin will be the file name the IOS is stored under on the server.
Connect to the router -> enable mode and type :
copy tftp://192.168.1.2/xxxxx.bin flash
Destination filename [xxxxx.bin]?
Accessing tftp://192.168.1.2/xxxxx.bin...
Where 192.168.1.2 is the ip-address of the tftp server and xxxxx.bin is the image in the tftp root. If you do not have enough room in the flash memory to store both copies the router will ask to erase the contents of the flash before writing the new file to the memory.
Connect to the router -> enable mode - config mode and type:
snmp-server community XXXXX RO
snmp-server location YYYY
snmp-server contact ZZZZ
snmp-server enable traps tty
Where XXXXX is the community name that the software which is collecting the SNMP trap must use. YYYY and ZZZZ are optional.
Connect to the router -> enable mode - config mode and type:
no snmp-server community XXXXX RO
ip dhcp pool <SCOPE name>
network <network> <subnet>
default-router <the routers internal ip>
dns-server 212.54.64.170 212.54.64.171
lease 0 1
Default the routers IP is 192.168.1.1.
I.e. you only want to use the following address pool 192.168.1.32-192.168.1.63 (Not include).
The you have to change <network> to 192.168.1.32 and <subnet> tol 255.255.255.224.
This page can used to help you calculating the subnet for you address pool: Subnet calculator.
The second and much easier way is just to reserve some address in the existing DHCP scope. I.e. you don't want to use the IP from 192.168.1.40 tol 192.168.1.72. In config mode type :
ip dhcp exclude 192.168.1.40 192.168.1.72
Connect to the router -> enable mode - config mode and type:
no service dhcp