CCNA Exploration 4 IOS Commands

IOS Commands

Last update: 2/7/8

Refs: L – Labs
All others are Exploration 4 v4 curriculum material TI references.

2.1.6 R(config-f)# encapsulation hdlc HDLC is the default encapsulation

show interface serial Determine the ecapsulation

show controllers Determine DCE or DTE

2.3.2 interface serial 0/0 PPP encapsulation

encapsulation ppp
compress [predictor | stac] Options
ppp quality percentage
ppp callback [accept | request]
ppp multilink
2.3.4 debug ppp [packet] [negotiation] [error]

2.4.5 ppp authentication PPP authentication

{chap | pap | chap pap | pap chap } [callin]

2.4.5 hostname R1 Configure PAP authentication example

username R3 password sameone
!
int s0/0
encapsulation ppp
ppp authentication pap
ppp pap sent-username R1 password sameone

hostname R1 Configure CHAP authentication example

username R3 password sameone
!
int s0/0
encapsulation ppp
ppp authentication chap

2.4.6 debug ppp authentication

Frame Relay

int s0/0
3.1.5 encapsulation frame-relay [cisco | ietf] Default is cisco

3.1.5 frame-relay lmi-type [cisco | ansi | q933a] From IOS 11.2, the default LMI autosense
feature detects the LMI type
keepalive number Number of secs for LMI keepalive interval.
Default 10 secs.
no frame-relay inverse-arp Disable inverse arp

frame-relay map ip addr dlci [broadcast] Static mapping

[cisco | ietf]

int s0/0/0 Example: Static mapping

ip address 10.10.10.1 255.255.255.0
encapsulation frame-relay
no shutdown
no frame-relay inverse-arp
frame-relay map ip 10.10.10.2 102 broadcast
frame-relay map ip 10.10.10.3 103 broadcast

frame-relay lmi-type [cisco | ansi | q933a] Set LMI switch type (pre IOS 11.2)
keepalive

3.4.1 interface s0/0.103 [multipoint | point-to-point] Creating a FR sub-interface

3.4.1 R1(config-subif)# frame-relay interface-dlci dlci Links a DLCI with a subinterface. Use only with
subinterfaces.

Mel Ralph, Expl4 IOS.doc, 02/07/2008 Page 1

CCNA Exploration 4 IOS Commands

3.4.2 show interfaces

show frame-relay pvc [interface interface] [dlci]
clear counters
3.1.5 show frame-relay map
3.1.5 show frame-relay lmi
debug frame-relay lmi

3.4.2 clear frame-relay inarp Clear dynamically created Frame Relay maps
that are created using Inverse ARP

3.4.3 debug frame-relay lmi

Network Security

4.2.3 R1(config)# do show run | include string

4.2.3 enable password password

4.2.3 username username password password Local database

4.2.3 service password-encryption Use type 7 password encryption

4.2.3 security passwords min-length n IOS 12.3(1) and later.
4.2.4 line aux 0 Prevent login on a line. Default for VTY.
login
no password

4.2.4 transport input protocol Specify a VTY connection protocol

4.2.4 line vty 0 4 Support incoming Telnet and SSH sessions

no transport input
transport input telnet ssh
exec-timeout 3 Prevent idle session.
4.2.4 service tcp-keepalives-in Enable TCP keepalives.

4.2.4 hostname R1 Example: Configure SSH

ip domain-name cisco.com
crypto key generate rsa
username student secret password
line vty 0 4
transport input ssh
login local
ip ssh time-out 15
ip ssh authentication-retries 2

4.2.5 service timestamps Enable time-stamps for debug and log msgs.

4.3.1 no service tcp-small-servers Vulnerable Router Services

no service udp-small-servers
no ip bootp server
no ip finger
no service finger
no ip http server
no snmp-server
no ip bootp server
no ip name-server

no cdp run
no boot network
no service config
no ip source-route
no ip classless

shutdown Interface mode:

no ip directed-broadcast
no ip proxy-arp
no ip unreachable
no ip redirect

4.3.1 ip name-server addresses

no ip domain-lookup

passive-interface default
no passive-interface s0/0/0

4.3.2 key chain RIP_KEY RIPv2 authentication.

Mel Ralph, Expl4 IOS.doc, 02/07/2008 Page 2

CCNA Exploration 4 IOS Commands

key 1
key-string cisco

int s0/0
ip rip authentication mode md5
ip rip authentication key-chain RIP_KEY

key chain EIGRP_KEY Configure authentication for EIGRP:

key 1
key-string cisco

int s0/0
ip authentication mode eigrp 1 md5
ip authentication key-chain eigrp 1 EIGRP_KEY

int s0/0 Configure authentication for OSPF:

ip ospf message-digest-key 1 md5 cisco
ip ospf authentication message-digest

router ospf 10
area 0 authentication message-digest

4.3.3 R# auto secure

4.4.2 ip http server Configure a router to use SDM

ip http secure-server
ip http authentication local
username Student privilege 15 secret cisco
line vty 0 4
privilege level 15
login local
transport input telnet ssh

4.5.1 show file systems

4.5.2 copy system:running-config nvram:startup-config copy command is used to move configuration

copy system:running-config tftp: files
copy tftp: system:running-config
copy tftp: nvram:startup-config

4.5.4 show flash: Backing Up IOS Software Image

copy flash: tftp:

4.5.6 service timestamps debug datetime msec

show processes
no debug all
terminal monitor

4.5.7 config-register 0x2102 Configuration register. Factory setting.

L 4.6.1 username name [privilege 0-15] password password Default privilege is 0.

Cpedia R(config)# username mark password kram Use local database to authenticate login
R(config)# line console 0
R(config-line)# login local

R(config)# line console 0 Use password command, no username.

R(config-line)# login
R(config-line)# password cisco

ACLs

5.2.2 R(config)# Configuring Standard ACLs

access-list number {deny|permit|remark}
source [source-wildcard] [log]

no access-list number

5.2.4 R(config-if)# Apply an ACL to an interface

ip access-group
{access-list-number | access-list-name} {in|out}

access-class access-list-number Using an ACL to Control VTY Access

{in [vrf-also] | out}

Mel Ralph, Expl4 IOS.doc, 02/07/2008 Page 3

CCNA Exploration 4 IOS Commands

line vty 0 4 Example

login
password class
access-class 21 in

5.2.5 show run | include access-list Editing Numbered ACLs

no access-list 20

access-list number remark remark

5.2.6 ip access-list [standard | extended] name Standard Named ACLs

ip access-group name [in|out]

5.2.7 show access-lists [ acl-number|name ]

5.3.2 access-list number {deny | permit | remark} Extended ACLs

protocol
sourceIP [source-wildcard] [op port-number]
destIP [dest-wildcard] [op port-number]
[established]

DHCP

7.1.4 ip dhcp excluded-address low-address [high-address]

ip dhcp pool name
network net-addr subnet-msk
default-router ipaddr
dns-server ipaddr

no service dhcp Enable is the default

show ip dhcp binding displays a list of all IP address to MAC address
bindings
show ip dhcp server count information regarding the number of
DHCP messages
show ip dhcp pool view multiple pools
7.1.5 ip address dhcp Configuring a router int as a DHCP Client

7.12.8 R2# show ip dhcp conflict

access-list 100 permit ip host 0.0.0.0 host

255.255.255.255
debug ip packet detail 100

debug ip dhcp server events

NAT

7.2.4 ip nat inside source static Static NAT

192.168.10.254 209.165.200.254
int s0/0
ip nat inside
int s0/1
ip nat outside

access-list 1 permit 192.168.0.0 0.0.255.255 Dynamic NAT

ip nat pool NAT-POOL1

209.165.200.226 209.165.200.240
netmask 255.255.255.224
ip nat inside source list 1 pool NAT-POOL1

7.2.6 ip nat inside source list 1 interface s0/1 overload NAT Overload for a Single Public IP Address

access-list 1 permit 192.168.0.0 0.0.255.255 NAT Overload for a Pool of Public IP Addresses

ip nat pool NAT-POOL2

209.165.200.226 209.165.200.240
netmask 255.255.255.224
ip nat inside source list 1 pool NAT-POOL2 overload

7.2.8 show ip nat translations [verbose]

show ip nat statistics

Mel Ralph, Expl4 IOS.doc, 02/07/2008 Page 4

CCNA Exploration 4 IOS Commands

ip nat translation timeout Default is 24 hrs

timeout_seconds
clear ip nat translation *

debug ip nat [detailed]

IPv6

7.3.2 ipv6 address ipv6-address/prefix-length Assign address to interface

ipv6 address ipv6-prefix/prefix-length eui-64 EUI-64 Interface ID Assignment

7.3.4 ipv6 unicast-routing Dual Stacking example

int fa0/0
ip address 192.168.99.1 255.255.255.0
ipv6 address 3ff:b00:c18:1::3/127

7.3.7 ipv6 host name [port] ipv6-address1 Specify host name

[ipv6-address2...ipv6-address4]

ip name-server address Specify DNS server

7.3.8 ipv6 unicast-routing Configure RIPng with IPv6

ipv6 router rip name
int fa0/0
ipv6 rip name enable

Mel Ralph, Expl4 IOS.doc, 02/07/2008 Page 5