Q.How do I telnet to the router?
Choose "Start" -> "Run" and type:
telnet 192.168.1.1
Where 192.168.1.1 is the IP-adresse of the router
Q.How to enable telnet from the outside?
By default routers are configured to accept telnet on port 23 from the inside. In order to get telnet access from the outside, you need to create a NAT entry for this popores.
Connect to the router -> enable -> config. Type:
ip nat ins sou sta tcp 192.168.1.1 23 int dialer0 23000
Now you have outside telnet access on port 23000. NB. This also makes your router more open for hacker attack.
Q.How to go into privileged (enable) mode?
Connect to the router. After the initial password you are in user mode. The prompt will like Router>. This mode is mostly used to view statistics, though it is also a stepping-stone for logging into more privileged mode. You can only view and change the configuration of a Cisco router in privileged mode, which you enter by typing:
enable or en
After a succesfull login the prompt will have changed to Router#
To end Priviliged mode type:
disable
Q.How to go into configuration mode?
Connect to the router -> enable and type:
configure terminal or conf t
To end the config mode press
Remember to save any changes that are made by typing: write
Q.How to restart the router?
Connect to the router, go to enable mode and type:
reload
Press enter when prompted to confirm.
Q.How to view the configuration?
In enable mode type:
sh run or wr t
Q.How to configure timeout?
Connect to the router -> enable -> Config mode, type:
int dialer0
time abs
Q.How to change password ?
Connect to the router -> enable -> Config mode, type:
line vty 0 4
password
line con 0
password
To change the Enable password:
no enable secret
enable secret
Q.How to see the actual line speed?
Connect to the router and type:
sh dsl int atm0
How to see the external IP adresse
Connect to the router and type:
sh ip in br dial0
Q.How to set the time?
Connect to the router -> enable mode and type:
clock set 10:17:00 14 june 2001
The format is "hh:mm:ss day month year". NB. clock set ? does not show the correct format.
Q.How to run a HotLine server?
In config mode type :
ip nat ins sou sta tcp w.x.y.z 5500 int dialer0 5500
ip nat ins sou sta tcp w.x.y.z 5501 int dialer0 5501
ip nat ins sou sta tcp w.x.y.z 5502 int dialer0 5502
ip nat ins sou sta tcp w.x.y.z 5503 int dialer0 5503
Hvor w.x.y.z is the internal IP.
Q.How to view the NAT entries?
Connect to the router and type:
sh ip nat trans
How to add NAT entries?
Connect to the router -> enable -> Config mode. The format is:
ip nat inside source static
Protocol is either tcp or udp. I.e. a NAT entry for port 4000 to 192.168.1.10 is done by typing:
ip nat inside source static tcp 192.168.1.10 4000 interface dialer0 4000
Q.How to remove NAT entries?
Connect to the router -> enable mode -> Config mode. The format is:
no ip nat inside source static
I.e. the NAT entry for port 4000 to 192.168.1.10 removed by:
no ip nat inside source static tcp 192.168.1.10 4000 interface dialer0 4000
In some cases the command above will not be succesfull, because the entry is in use. If this is the case type the following before going into config mode.
clear ip nat translation *
Q.How to disable NAT and use multible external addresses?
To enable an external ip range - i.e. 212.52.72.184 - 191. Connect to the router -> enable mode -> Config mode and type:
int eth0
ip address 212.52.72.185 255.255.255.248
(Change the ip number to the external numbers that is desired)
end
write
reload
Login again and delete the access list that controls the access inside out
(decide what IP's that is given access through the router), in config mode:
no access-list 1
access-list 1 permit 212.52.72.184 0.0.0.255
Notice the subnet mask 0.0.0.255 is opposite and equals 255.255.255.0
To disable NAT completely on the inside
no ip nat inside
end
write
reload
This satisfy the requirement from some firewalls that the routers ip address have to be on the same network as the wan link on the firewall. Trafic to DMZ and firewall is now going directly through the router to the firewall.
Q.How to change the address where external traffic is routed to...!
By default most routers will route all external traffic to 192.168.1.2. If this is needs to be change to somethin else i.e. a firewall address. Connect to the router - > enable mode and type:
clear ip nat translation *
configure terminal
no ip nat inside source static 192.168.1.2
ip nat inside source static 192.168.0.2
write
reload
Q.How to copy configuration to a TFTP server?
Connect to the router -> enable mode
copy nvram tftp://xx.xx.xx.xx/config.cfg
This saves a configuration file to the TFTP server at ip xx.xx.xx.xx
Q.How to copy configuration from a TFTP server?
Connect to the router -> enable mode
copy tftp://xx.xx.xx.xx/config.cfg nvram
This loads a configuration file to the TFTP server at ip xx.xx.xx.xx
How to remove a configuration
Connect to the router -> enable mode
delete nvram
This removes all configuration parameters and returns the router/switch to factory default settings.
Q.How to back up the Cisco IOS?
Connect to the router -> enable mode and type :
sh flash
This will show the files stored in the flash memory.
System flash directory:
File Length Name/status
1 3641684 soho70-y1-mz.123-6.bin
[3641748 bytes used, 4746860 available, 8388608 total]
8192K bytes of processor board System flash (Read/Write)
In this case an image called soho70-y1-mz.123-6.bin
To back up this file type:
copy flash tftp://192.168.1.2/xxxxx.bin
Source filename [soho70-y1-mz.123-6.bin]?
Address or name of remote host [192.168.1.2]?
Destination filename [xxxxx.bin]?
Where 192.168.1.2 is the ip-address of the tftp server. When prompted for the source file name type the file name found using the sh flash command. xxxxxx.bin will be the file name the IOS is stored under on the server.
Q.How to restore or upgrade the Cisco Router IOS?
Connect to the router -> enable mode and type :
copy tftp://192.168.1.2/xxxxx.bin flash
Destination filename [xxxxx.bin]?
Accessing tftp://192.168.1.2/xxxxx.bin...
Where 192.168.1.2 is the ip-address of the tftp server and xxxxx.bin is the image in the tftp root. If you do not have enough room in the flash memory to store both copies the router will ask to erase the contents of the flash before writing the new file to the memory.
Q.How to set community strings?
Connect to the router -> enable mode - config mode and type:
snmp-server community XXXXX RO
snmp-server location YYYY
snmp-server contact ZZZZ
snmp-server enable traps tty
Where XXXXX is the community name that the software which is collecting the SNMP trap must use. YYYY and ZZZZ are optional.
Q.How to delete community strings?
Connect to the router -> enable mode - config mode and type:
no snmp-server community XXXXX RO
Q.How to limit the DHCP scope?
There are 2 ways to do this. The first and most difficult is done by connecting to the router -> enable mode - config mode and type:
ip dhcp pool
network
default-router
dns-server 212.54.64.170 212.54.64.171
lease 0 1
Default the routers IP is 192.168.1.1.
I.e. you only want to use the following address pool 192.168.1.32-192.168.1.63 (Not include).
The you have to change
This page can used to help you calculating the subnet for you address pool: Subnet calculator.
The second and much easier way is just to reserve some address in the existing DHCP scope. I.e. you don't want to use the IP from 192.168.1.40 tol 192.168.1.72. In config mode type :
ip dhcp exclude 192.168.1.40 192.168.1.72
How to disable DHCP
Connect to the router -> enable mode - config mode and type:
no service dhcp
No comments:
Post a Comment