Here are some general and simple commands shown
* How do I telnet to the router?
* How to enable telnet from the outside
* How to go into Privileged (Enable) mode
* How to go into Configuration mode
* How to restart the router
* How to view the configuration
* How to configure timeout
* How to change password
* How to see the actual line speed
* How to see the external IP-adresse
* How to set the time
* How to run a HotLine server
NAT Entries
Network Address Translation (NAT) entries is used for translating the where traffic a specific port should be sent. I.e. traffic from the outside WAN on port 21 should go to the FTP server and traffic on port 80 should end up at the WWW server. This is accomplished using NAT.
* How to view the NAT entries
* How to add NAT entries
* How to remove NAT entries
* How to disable NAT and use multiple external addresses
* How to change where the external traffic is routed to
Uploading and downloading configurations and IOS to the router
The FLASH memory is the memory area that contains the IOS. NVRAM is the memory that holds the configuration.
* How to copy configuration to a TFTP server
* How to copy configuration from a TFTP server
* How to remove a configuration
* How to back up the Cisco IOS to a TFTP server
* How to upgrade or restore Cisco IOS
Monitoring of router and swiche
To monitor IOS equipment using Simple Network Management Protocol (SNMP) require that community stings are defined
* How to set community strings
* How to delete community strings
DHCP
* How to limit the DHCP scope
* How to disable the DHCP scope
In case you did not finde what you where looking for try this page
How do I telnet to the router
Choose "Start" -> "Run" and type:
telnet 192.168.1.1
Where 192.168.1.1 is the IP-adresse of the router
How to enable telnet from the outside
By default routers are configured to accept telnet on port 23 from the inside. In order to get telnet access from the outside, you need to create a NAT entry for this popores.
Connect to the router -> enable -> config. Type:
ip nat ins sou sta tcp 192.168.1.1 23 int dialer0 23000
Now you have outside telnet access on port 23000. NB. This also makes your router more open for hacker attack.
How to go into privileged (enable) mode
Connect to the router. After the initial password you are in user mode. The prompt will like Router>. This mode is mostly used to view statistics, though it is also a stepping-stone for logging into more privileged mode. You can only view and change the configuration of a Cisco router in privileged mode, which you enter by typing:
enable or en
After a succesfull login the prompt will have changed to Router#
To end Priviliged mode type:
disable
How to go into configuration mode
Connect to the router -> enable and type:
configure terminal or conf t
To end the config mode press
Remember to save any changes that are made by typing: write
How to restart the router
Connect to the router, go to enable mode and type:
reload
Press enter when prompted to confirm.
How to view the configuration
In enable mode type:
sh run or wr t
How to configure timeout
Connect to the router -> enable -> Config mode, type:
int dialer0
time abs
How to change password
Connect to the router -> enable -> Config mode, type:
line vty 0 4
password
line con 0
password
To change the Enable password:
no enable secret
enable secret
How to see the actual line speed
Connect to the router and type:
sh dsl int atm0
How to see the external IP adresse
Connect to the router and type:
sh ip in br dial0
How to set the time
Connect to the router -> enable mode and type:
clock set 10:17:00 14 june 2001
The format is "hh:mm:ss day month year". NB. clock set ? does not show the correct format.
How to run a HotLine server
In config mode type :
ip nat ins sou sta tcp w.x.y.z 5500 int dialer0 5500
ip nat ins sou sta tcp w.x.y.z 5501 int dialer0 5501
ip nat ins sou sta tcp w.x.y.z 5502 int dialer0 5502
ip nat ins sou sta tcp w.x.y.z 5503 int dialer0 5503
Hvor w.x.y.z is the internal IP.
How to view the NAT entries
Connect to the router and type:
sh ip nat trans
How to add NAT entries
Connect to the router -> enable -> Config mode. The format is:
ip nat inside source static
Protocol is either tcp or udp. I.e. a NAT entry for port 4000 to 192.168.1.10 is done by typing:
ip nat inside source static tcp 192.168.1.10 4000 interface dialer0 4000
How to remove NAT entries?
Connect to the router -> enable mode -> Config mode. The format is:
no ip nat inside source static
I.e. the NAT entry for port 4000 to 192.168.1.10 removed by:
no ip nat inside source static tcp 192.168.1.10 4000 interface dialer0 4000
In some cases the command above will not be succesfull, because the entry is in use. If this is the case type the following before going into config mode.
clear ip nat translation *
How to disable NAT and use multible external addresses
To enable an external ip range - i.e. 212.52.72.184 - 191. Connect to the router -> enable mode -> Config mode and type:
int eth0
ip address 212.52.72.185 255.255.255.248
(Change the ip number to the external numbers that is desired)
end
write
reload
Login again and delete the access list that controls the access inside out
(decide what IP's that is given access through the router), in config mode:
no access-list 1
access-list 1 permit 212.52.72.184 0.0.0.255
Notice the subnet mask 0.0.0.255 is opposite and equals 255.255.255.0
To disable NAT completely on the inside
no ip nat inside
end
write
reload
This satisfy the requirement from some firewalls that the routers ip address have to be on the same network as the wan link on the firewall. Trafic to DMZ and firewall is now going directly through the router to the firewall.
How to change the address where external traffic is routed to
By default most routers will route all external traffic to 192.168.1.2. If this is needs to be change to somethin else i.e. a firewall address. Connect to the router - > enable mode and type:
clear ip nat translation *
configure terminal
no ip nat inside source static 192.168.1.2
ip nat inside source static 192.168.0.2
write
reload
How to copy configuration to a TFTP server
Connect to the router -> enable mode
copy nvram tftp://xx.xx.xx.xx/config.cfg
This saves a configuration file to the TFTP server at ip xx.xx.xx.xx
How to copy configuration from a TFTP server
Connect to the router -> enable mode
copy tftp://xx.xx.xx.xx/config.cfg nvram
This loads a configuration file to the TFTP server at ip xx.xx.xx.xx
How to remove a configuration
Connect to the router -> enable mode
delete nvram
This removes all configuration parameters and returns the router/switch to factory default settings.
How to back up the Cisco IOS
Connect to the router -> enable mode and type :
sh flash
This will show the files stored in the flash memory.
System flash directory:
File Length Name/status
1 3641684 soho70-y1-mz.123-6.bin
[3641748 bytes used, 4746860 available, 8388608 total]
8192K bytes of processor board System flash (Read/Write)
In this case an image called soho70-y1-mz.123-6.bin
To back up this file type:
copy flash tftp://192.168.1.2/xxxxx.bin
Source filename [soho70-y1-mz.123-6.bin]?
Address or name of remote host [192.168.1.2]?
Destination filename [xxxxx.bin]?
Where 192.168.1.2 is the ip-address of the tftp server. When prompted for the source file name type the file name found using the sh flash command. xxxxxx.bin will be the file name the IOS is stored under on the server.
How to restore or upgrade the Cisco Router IOS
Connect to the router -> enable mode and type :
copy tftp://192.168.1.2/xxxxx.bin flash
Destination filename [xxxxx.bin]?
Accessing tftp://192.168.1.2/xxxxx.bin...
Where 192.168.1.2 is the ip-address of the tftp server and xxxxx.bin is the image in the tftp root. If you do not have enough room in the flash memory to store both copies the router will ask to erase the contents of the flash before writing the new file to the memory.
How to set community strings
Connect to the router -> enable mode - config mode and type:
snmp-server community XXXXX RO
snmp-server location YYYY
snmp-server contact ZZZZ
snmp-server enable traps tty
Where XXXXX is the community name that the software which is collecting the SNMP trap must use. YYYY and ZZZZ are optional.
How to delete community strings
Connect to the router -> enable mode - config mode and type:
no snmp-server community XXXXX RO
How to limit the DHCP scope
There are 2 ways to do this. The first and most difficult is done by connecting to the router -> enable mode - config mode and type:
ip dhcp pool
network
default-router
dns-server 212.54.64.170 212.54.64.171
lease 0 1
Default the routers IP is 192.168.1.1.
I.e. you only want to use the following address pool 192.168.1.32-192.168.1.63 (Not include).
The you have to change
This page can used to help you calculating the subnet for you address pool: Subnet calculator.
The second and much easier way is just to reserve some address in the existing DHCP scope. I.e. you don't want to use the IP from 192.168.1.40 tol 192.168.1.72. In config mode type :
ip dhcp exclude 192.168.1.40 192.168.1.72
How to disable DHCP
Connect to the router -> enable mode - config mode and type:
no service dhcp
Reference: http://www.loeppenthien.dk/Network_IOS.asp#How_to_back_up_the_Cisco_IOS_