Professional Documents
Culture Documents
[CCNA]CiscoCommandsCheatSheet#4|BoubakrTech
AccessControlLists:
StandardACL:199and13001999
UsearemarktodescribetheACL(Optional):
1
R1(config)#accesslist1remarkACLTODENYACCESSFROMSALESVLAN
CreatetheACL,keepingthefollowinginmind:
ACLusesfirstmatchlogic.
ThereisanimplicitdenyanyattheendoftheACL.
1
2
3
4
5
R1(config)#accesslist2deny192.168.1.77
R1(config)#accesslist2deny192.168.1.640.0.0.31
R1(config)#accesslist2permit10.1.0.00.0.255.255
R1(config)#accesslist2deny10.0.0.00.255.255.255
R1(config)#accesslist2permitany
EnabletheACLonthechosenrouterinterfaceinthecorrectdirection(inorout):
R1(configif)#ipaccessgroup2out
UsingstandardACLtolimittelnetandSSHaccesstoarouter:
CreatetheACLthatdefinesthepermittedtelnetclients:
1
2
R1(config)#accesslist99remarkALLOWEDTELNETCLIENTS
R1(config)#accesslist99permit192.168.1.1280.0.0.15
ApplytheACLinboundthevtylines
1
2
R1(config)#linevty04
R1(configline)#accessclass99in
ExtendedACL:100199and20002699
ExtendedACLshouldbeplacedascloseaspossibletothesourceofthepacket.
ExtendedACLmatchespacketsbasedonsource&des.IPaddresses,protocol,source&des.Portnumbers
andothercriteriaaswell
1
2
3
4
5
6
7
8
9
R1(config)#accesslist101remarkMY_ACCESS_LIST
R1(config)#accesslist101denyiphost10.1.1.1host10.2.2.2
R1(config)#accesslist101denytcp10.1.1.00.0.0.255anyeq23
R1(config)#accesslist101denyicmp10.1.1.10.0.0.0any
R1(config)#accesslist101denytcphost10.1.1.0host10.0.0.1eq80
R1(config)#accesslist101denyudphost10.1.1.7eq53any
R1(config)#accesslist101permitipanyany
R1(config)#interfacefastEthernet0/0
R1(configif)#ipaccessgroup101in
NamedACL:
NamedACLsusenamestoidentifyACLsratherthannumbers,andcommandsthatpermitordenytrafficare
writteninasubmodecallednamedACLmode(nacl).
https://boubakr92.wordpress.com/2013/09/26/ccnacheatsheetpart4/
1/3
4/13/2016
[CCNA]CiscoCommandsCheatSheet#4|BoubakrTech
NamedACLenablestheeditingoftheACL(deletingorinsertingstatements)bysequencingstatementsofthe
ACL.
NamedstandardACL:
1
2
3
4
5
6
R1(config)#ipaccessliststandardMY_STANDARD_ACL
R1(configstdnacl)#permit10.1.1.00.0.0.255
R1(configstdnacl)#deny10.2.2.2
R1(configstdnacl)#permitany
R1(config)#interfacefastEthernet0/1
R1(configif)#ipaccessgroupMY_STANDARD_ACLout
NamedextendedACL:
1
2
3
4
5
6
R1(config)#ipaccesslistextendedMY_EXTENDED_ACL
R1(configextnacl)#denyicmp10.1.1.10.0.0.0any
R1(configextnacl)#denytcphost10.1.1.0host10.0.0.1eq80
R1(configextnacl)#permitipanyany
R1(config)#interfacefastEthernet0/1
R1(configif)#ipaccessgroupMY_EXTENDED_ACLin
EditingACLusingsequencenumbers:
1
2
3
4
R1(config)#ipaccesslistextendedMY_EXTENDED_ACL
R1(configextnacl)#no20!Deletesthestatementofsequencenumber20
R1(config)#ipaccessliststandard99
R1(configstdnacl)#5deny1.1.1.1!insertsastatementwithsequence5
VerifyingACLs:
ShowsallACLsconfiguredonarouterwithcountersattheendofeachstatement:
1
2
3
R1#showaccesslists
!OR
R1#showipaccesslist
ShowsonlythespecifiedACL:
R1#showipaccesslist101
IncludesareferencetotheACLsenabledonthatinterfaceeitherinorout:
R1#showipinterfacef0/0
DHCPServer
DefineaDHCPpoolandgiveitaname:
1
R1(config)#ipdhcppoolMY_POOL
Definenetworkandmasktouseinthispoolandthedefaultgateway:
1
2
R1(dhcpconfig)#network192.168.1.0255.255.255.0
R1(dhcpconfig)#defaultrouter192.168.1.1
DefineoneormoreDNSserver(OPTIONAL):
R1(dhcpconfig)#dnsserver213.131.65.208.8.8.8
https://boubakr92.wordpress.com/2013/09/26/ccnacheatsheetpart4/
2/3
4/13/2016
[CCNA]CiscoCommandsCheatSheet#4|BoubakrTech
Confinetheleasetime(OPTIONAL):
1
R1(dhcpconfig)lease2!Days
Defineoneormorescopesofexcluded(reserved)addresses(OPTIONAL):
1
2
R1(config)#ipdhcpexcludedaddress192.168.1.1192.168.1.100
R1(config)#ipdhcpexcludedaddress192.168.1.200192.168.1.254
DHCPVerificationandTroubleshooting:
Showsthestatusofthespecifiedpoolandtheleasedaddressesfromthatpool:
1
R1#showipdhcppoolPOOL_1
ShowsalltheleasedipaddressesfromallconfiguredDHCPpools:
R1#showipdhcpbinding
Showsanyconflictsthatoccurred:
R1#showipdhcpconflict
Enjoy!
https://boubakr92.wordpress.com/2013/09/26/ccnacheatsheetpart4/
3/3