Cisco Commnds
Static NAT Dynamic NAT Dynamic PAT DST NAT
Static NAT
..........
Configure the router's Define inside & Outside
interface fa0/0
ip nat outside
interface fa0/1
ip nat inside
ip nat inside source static 192.168.10.10 202.202.10.1
Dynamic NAT
............
int f0/0
ip nat outside
exit
int f1/0
ip nat inside
exit
ip nat pool saikat 20.1.1.5 20.1.1.20 netmask 255.255.255.0
access-list 1 permit 192.168.1.0 0.0.0.255
ip nat inside source list 1 pool pool1
show ip nat translations
Dynamic PAT
...........
int f0/0
ip nat outside
exit
int f1/0
ip nat inside
exit
access-list 1 permit 192.168.123.0 0.0.0.255
ip nat inside source list 1 interface fastEthernet 1/0 overload
show ip nat translations
Port Forwarding Commnds
.......................
WAN Interface
.............
conf t
interface gigabitEthernet 0/0
ip address 50.50.50.1 255.255.255.0
ip nat outside <– Configure the WAN as NAT outside interface
no shutdown
exit
LAN Interface
.............
interface gigabitEthernet 0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside <– Configure the LAN as NAT inside interface
no shutdown
exit
ip route 0.0.0.0 0.0.0.0 50.50.50.2 <– Configure default route
access-list 1 permit 192.168.1.0 0.0.0.255 <– Configure ACL to be used for PAT
ip nat inside source list 1 interface GigabitEthernet0/0 overload <– Configure PAT (NAT overload)
ip nat inside source static tcp 192.168.1.10 80 50.50.50.1 80 <– Port Forwarding for Web Server
ip nat inside source static tcp 192.168.1.11 25 50.50.50.1 25 <– Port Forwarding for SMTP Server
show ip nat translations <---- Checking For NAT Working Or Not
HSRP VRRP GLBP Configuration
HSRP Configuration
..................
R1
--
interface Ethernet0/1
description LAN Interface of Active Router
ip address 192.168.1.1 255.255.255.0
standby 1 ip 192.168.1.254 <—- Create HSRP Group 1 and assign Virtual IP
standby 1 priority 101 <—- Assign priority above 100 to make this the primary router
standby 1 preempt <—- Makes router active if it has higher priority
R2
--
interface Ethernet0/1
description LAN Interface of Standby Router
ip address 192.168.1.2 255.255.255.0
standby 1 ip 192.168.1.254 <—- Create HSRP Group 1 and assign Virtual IP
standby 1 preempt <—- Makes router active if it has higher priority
VRRP Configuration
.........................
R1
--
interface Ethernet0/1
description LAN Interface of Active Routerip address
ip address 192.168.1.1 255.255.255.0
vrrp 1 ip 192.168.1.254 <—- Create VRRP Group 1 and assign Virtual IP
vrrp 1 priority 101 <—- Assign priority above 100 to make this the primary router
vrrp 1 preempt <—- Makes router active if it has higher priority
R2
..
interface Ethernet0/1
description LAN Interface of Standby Router
ip address 192.168.1.2 255.255.255.0
vrrp 1 ip 192.168.1.254 <—- Create VRRP Group 1 and assign Virtual IP
vrrp 1 preempt <—- Makes router active if it has higher priority
GLBP Configuration
..................
R1
..
interface Ethernet0/1
description LAN Interface of Primary Router
ip address 192.168.1.1 255.255.255.0
glbp 1 ip 192.168.1.254 <—- Create GLBP Group 1 and assign Virtual IP
glbp 1 priority 101 <—- Assign priority above 100 to make this the primary router
glbp 1 preempt <—- Makes router active if it has higher priority
glbp 1 load-balancing round-robin <—- Configure round-robin balancing of traffic
R2
..
interface Ethernet0/1
description LAN Interface of Secondary Router
ip address 192.168.1.2 255.255.255.0
glbp 1 ip 192.168.1.254 <—- Create GLBP Group 1 and assign Virtual IP
glbp 1 preempt <—- Makes router active if it has higher priority
glbp 1 load-balancing round-robin <—- Configure round-robin balancing of traffic
Additional Commnd
.................
show glbp brief
show glbp
Timers – The default hello timer is 3 seconds. The default hold timer is 10 seconds.
R1(config-if)#glbp 10 timers ?
..............................
<1-60> Hello interval in seconds
msec Specify hello interval in milliseconds
redirect Specify timeout values for failed forwarders
Authentication – A router will ignore incoming GLBP packets from routers that
do not have the same
authentication configuration for a GLBP group.
R1(config-if)#glbp 10 authentication ?
......................................
md5 MD5 authentication
text Plain text authentication
By default, GLBP will load balance traffic using the round-robin method.
But we can change it by using the following command:
R1(config-if)#glbp 10 load-balancing ?
.......................................
host-dependent Load balance equally, source MAC determines forwarder choice
round-robin Load balance equally using each forwarder in turn
weighted Load balance in proportion to forwarder weighting
Let’s try changing it from round-robin to weighted
..................................................
R1(config-if)#glbp 10 load-balancing weighted
R1(config-if)#glbp 10 weighting 50
For verification, let’s use the ‘show glbp’ command
...................................................
R1#sh glbp | inc weight
Load balancing: weighted
Active is local, weighting 150
Active is 10.10.10.2 (primary), weighting 100 (expires in 11.424 sec)
Interface Tracking For ISP Link Router s0/0 Port
track 10 interface s0/0 line-protocol
show track
interface fa0/0
glbp 1 weighting track 10 decrement 10
glbp 1 weighting 120
hostname router-A
!
track 1 interface Serial0/0 line-protocol
!
interface FastEthernet0/0
ip address 192.168.10.1 255.255.255.0
glbp 10 ip 192.168.10.254
glbp 10 priority 255
glbp 10 weighting track 1 decrement 100
!
hostname router-B
!
track 1 interface Serial0/0 line-protocol
!
interface FastEthernet0/0
ip address 192.168.10.2 255.255.255.0
glbp 10 ip 192.168.10.254
glbp 10 priority 254
glbp 10 weighting track 1 decrement 100
!
IPSLA Configuration
ip sla 10
icmp-echo 8.8.8.8 source-ip 192.168.1.250
frequency 5
timeout 2000
exit
ip sla schedule 10 start-time now life forever
track 10 rtr 10
exit
interface fa0/0
glbp 10 weighting 110 lower 85 upper 105
glbp 10 weighting track 12 decrement 30
show glbp | include Active
show track
..........
Response Time Reporter 10 state
State is Up
1 change, last change 00:01:57
Latest operation return code: OK
Latest RTT (millisecs) 48
HSRP Configration
.................
interface fa0/1 (Lan interface)
stanby 1 ip 10.10.10.250 (Virtual IP Gateway Configration)
standby 1 preempt
stanby 1 priyority 105
ACL configuration
Standard ACL
............
Deny Traffic Commnd
...................
Method-1
access-list 1 deny 192.168.1.53 0.0.0.0
Method-2
access-list 1 deny host 192.168.1.53
access-list 1 permit any <Make Sure Permit Commnd Otherwise All Traffic Blocked>
show access-list
Assign an ACL Router Interface
..............................
int fa 0/0
ip access-group 1 outbound
Standard Named ACL
...................
ip access-list standard ABC
deny host 192.168.1.53
deny host 192.168.1.54
permit any <Make Sure Permit Commnd Otherwise All Traffic Blocked>
show access-list
int fa 0/0
ip access-group ABC outbound
Modify ACL
..........
ip access-list standard ABC
25 deny host 192.168.1.55 <Top To Bottom Sequence Number Gap>
no 25 <Remove 25 Line ACL Seq No Entry>
Remove ACL From Interface OR Full Remove
----------------------------------------
no ip access-list standard ABC
int fa 0/0
no ip access-group ABC outbound
Extended Numbered ACL
----------------------
access-list 100 deny tcp host 192.168.1.50 host 192.168.10.4 eq 80 <Block HTTP Traffic>
access-list 100 deny icmp host 192.168.1.50 host 192.168.10.4 <Block Ping Traffic>
access-list 100 deny tcp host 192.168.1.50 host 192.168.10.4 eq 23 <Block Telnet>
access-list 100 deny ip host 192.168.1.50 host 192.168.10.4 <All Block>
access-list 100 permit any any
Extended Named ACL
-------------------
ip access-list extended ABC
deny tcp host 192.168.1.50 host 192.168.10.4 eq 80 <Block HTTP Traffic>
deny icmp host 192.168.1.50 host 192.168.10.4 <Block Ping Traffic>
permit ip any any
int fa 0/0
ip access-group ABC outbound
DHCP Server Configuration
DHCP Server Configuration
.........................
config t
ip dhcp pool 10 <For VLAN 10>
network 10.10.10.0 255.255.255.0
default router 10.10.10.1
dns-server 8.8.8.8
exit
config t
ip dhcp pool 20
network 10.10.20.0 255.255.255.0
default router 10.10.20.1
dns-server 8.8.8.8
exit
config t
ip dhcp pool 30
network 10.10.30.0 255.255.255.0
default router 10.10.30.1
dns-server 8.8.8.8
exit
CDP & LLDP Configuration
CDP (Cisco Discovery Protocol) Devolop By Cisco
...............................................
Show Commnds
............
show cdp
show cdp neighbor
show cdp neighbor detail
Commnds To enable the CDP
.........................
cdp run
Commnds To disable the CDP
.........................
no cdp run
Commnds To disable the CDP on Port
..................................
interface fa0/1
no cdp run
LLDP (IEEE 802.1AB standard.) Support All Vendor
.................................................
Show Commnds
............
show lldp
show lldp neighbor
show cdp neighbor detail
Commnds To Activate lldp on cisco devices
.........................................
lldp run
no lldp run
Commnds To disable/enable the LLDP on Port
..........................................
interface fa0/1
no lldp transmit
no lldp receive
lldp transmit
lldp receive
Router Backup & Restore & Upgarde
How to Installing an IOS CISCO Router
.....................................
Prerequisites
.............
Router: Ensure your Cisco router is compatible with the IOS version you plan to install.
IOS Image: Obtain the IOS image file (typically a .bin file).
TFTP Server: Set up a TFTP server on your PC.
Console Cable: Connect your PC to the router via a console cable.
Terminal Emulator: Use a terminal emulator like PuTTY, Tera Term, or HyperTerminal.
Step-by-Step Installation
.........................
Connect to the Router: Use your terminal emulator to connect to the router’s console port.
Enter ROMMON Mode (if necessary):If the router does not boot,
you may need to interrupt the boot sequence
by pressing Ctrl + Break. This will take you to ROMMON mode.
Configure TFTP Settings:In ROMMON mode, set the IP address of the router and the TFTP server
IP_ADDRESS=192.168.1.1 <Router IP Address>
IP_SUBNET_MASK=255.255.255.0 <Router Subnet Mask>
DEFAULT_GATEWAY=192.168.1.254 <Router Gateway Address>
TFTP_SERVER=192.168.1.100 <TFTP Server IP Address>
TFTP_File=iosvbgfjuyng2rrgh.bin <IOS Bin File Path>
tftpdnld <Copy the IOS Image Last Commnd>
boot <Boot Commnd For IOS To Ram>
How To IOS Upgrade Process Router
Upgrading Cisco IOS on a router involves a few key steps to ensure
a smooth transition to a newer version. Here’s a step-by-step guide
for upgrading IOS:
..................................................................
Prerequisites
.............
IOS Image: Download the desired IOS image file from Cisco’s website.
TFTP Server: Set up a TFTP server on your computer.
Console Connection: Connect to the router using a console cable.
Backup: Back up the current configuration.
...........................................
Step-by-Step Upgrade Process
............................
Open a terminal emulator (like PuTTY or Tera Term) and
connect to the router via the console port.
Check Current IOS Version:
..........................
Use the following command to check the current IOS version:
show version
Backup Current Configuration:
.............................
It’s good practice to back up your current configuration:
copy running-config startup-config
copy startup-config tftp
Copy the New IOS Image to the Router:
.....................................
conf t
interface fa0/1
ip address 192.168.1.1 255.255.255.0
no shutdown
exit
copy tftp: flash:
Follow the prompts to enter the TFTP server IP and the filename of the IOS image.
Verify the New IOS Image:
........................
dir flash:
Set the Boot Variable:
Set the router to boot from the new IOS image:
..............................................
conf t
boot system flash flash:<your_ios_image.bin>
exit
Save the Configuration:
Save the updated configuration Commnd
.....................................
write memory
Reboot the Router:
Reload the router to apply the new IOS:
.......................................
reload
Post-Upgrade Checks
...................
show version
Translating "192.168.1.100t"...domain server For Cancel
.......................................................
press Ctrl+Shift+6 to immediately cancel
ping 192.168.1.100 repeat 1000
How to Check Switch Or Router Firmware
show version
show flash
How To Backup Router Or Switch IOS Firmware
copy flash tftp
source file 10215nbcisco.bin <Check Router or Switch IOS Name– show flash 10215nbcisco.bin>
remote host tftp ip 192.168.1.100
How to Delete IOS
delete flash://2012546873201mkfd320.bin
show flash
How to New IOS Restore TFTP
copy tftp flash
tftp adress 192.168.1.100 <TFTP Server IP Address>
source filename <IOS File Name ciscoiosver2.004.bin>
destination filename
show flash <IOS Check>
copy run startup-config <Save IOS>
reloade
How To Backup And Restore Router Configuraion File
Notes- First Setup Router Interfaces IP Address Then working TFTP Server
1. Router Configuration Backup
copy nvram: tftp:
source filename startup-config
Address remote host 192.168.1.100
Destination filename enter
2. Router Configuration Restore
Notes- Router IP Setup
copy tftp: nvram
Address remote host 192.168.1.100
Source filename Itindex-confg
Destination filename enter
Router Configurtion backup Commnd Testing By Packet Tracer
..........................................................
copy startup-config tftp:
remote host 192.168.1.100 <TFTP Server IP >
Router Configurtion Restore Commnd Testing By Packet Tracer
.............................................................
copy tftp startup-config
remote host 192.168.1.100 <TFTP Server IP And Config File Name>
hostname R1
router ospf 1
router-id 1.1.1.1
interface FastEthernet0/0
ip address 10.0.0.1 255.255.255.0
ip ospf 1 area 0
no shut
interface FastEthernet0/1
ip address 10.0.13.1 255.255.255.0
ip ospf 1 area 13
no shutdown
interface Serial1/0
ip address 10.0.12.1 255.255.255.0
ip ospf 1 area 12
no shut
interface Serial1/1
ip address 10.0.16.1 255.255.255.0
ip ospf 1 area 16
no shutdown
hostname R2
router ospf 1
router-id 2.2.2.2
interface FastEthernet0/0
ip address 10.0.0.2 255.255.255.0
ip ospf 1 area 0
no shut
interface FastEthernet0/1
ip address 10.0.2.2 255.255.255.0
ip ospf 1 area 12
no shut
interface Serial1/0
ip address 10.0.12.2 255.255.255.0
ip ospf 1 area 12
no shut
hostname R3
router ospf 1
router-id 3.3.3.3
interface FastEthernet0/0
ip address 10.0.0.3 255.255.255.0
ip ospf 1 area 0
no shut
interface FastEthernet0/1
ip address 10.0.13.3 255.255.255.0
ip ospf 1 area 13
no shut
interface loopback0
ip address 10.0.3.3 255.255.255.0
ip ospf 1 area 3
hostname R4
router rip
version 2
network 10.0.0.0
no auto-summary
redistribute ospf 1 metric 1
router ospf 1
router-id 4.4.4.4
redistribute rip subnets
interface FastEthernet0/0
ip address 10.0.0.4 255.255.255.0
ip ospf 1 area 0
no shut
interface FastEthernet0/1
ip address 10.0.45.4 255.255.255.0
no shutdown
hostname R5
interface FastEthernet0/1
ip address 10.0.45.5 255.255.255.0
no shut
interface loopback0
ip address 10.0.5.5 255.255.255.0
router rip
version 2
network 10.0.0.0
no auto-summary
hostname R6
router ospf 1
router-id 6.6.6.6
interface serial 1/1
ip address 10.0.16.6 255.255.255.0
ip ospf 1 area 16
no shutdown