Cisco Systems

 


Modules:  1  |  2  |  3  |  4  |  5  |  6  |  7  |  8  |  9  |  10  |  11  |  CS  |  All  |
Module 1-11 Commands
 
Module 1: WANs and Routers
There are no commands in this module.
Module 2: Introduction to Routers
  Command Command Description Command Syntax
2.1.3 enable To enter privileged EXEC mode, or any other security level set by a system administrator, use the enable EXEC command. enable [privilege-level]
  exit Use the exit command at the EXEC levels to exit the EXEC mode. exit
  ? To display a brief description of the help system, enter the help command. ?
  disable To exit privileged EXEC mode and return to user EXEC mode, or to exit to a lower privilege level, enter the disable EXEC command. disable [privilege-level]
2.1.4 show version To display the configuration of the system hardware, the software version, the names and sources of configuration files, and the boot images, use the show version EXEC command. show version
  show flash To display the layout and contents of a Flash memory file system, use the show EXEC command. for Class A Flash file systems:
show flash-filesystem: [all | chips | filesys]

for Class B Flash file systems:
show flash-filesystem: [partition number] [all | chips | detailed | err | summary]

for Class C Flash file systems:
show flash-filesystem:

for all Flash file systems:
show flash is an acceptable, informative usage
2.1.5 copy tftp flash To copy an IOS image stored on a TFTP server into the flash memory of the router. copy tftp {file-id | flash | config}
2.2.1 setup To enter the setup command facility, use the setup privileged EXEC command. You can use the setup command facility to create a basic configuration to get a router up and running, but for advanced features and fine tuning of router processes, use the command line. setup
2.2.5 enable secret To specify an additional layer of security over the enable password command, use the enable secret global configuration command. enable secret [level level] {password | [encryption-type] encrypted-password}
  enable password To set a local password to control access to various privilege levels, use the enable password global configuration command. enable password [level level] {password | [encryption-type] encrypted-password}
  disable To exit privileged EXEC mode and return to user EXEC mode, enter the disable EXEC command. disable [privilege-level]
2.2.6 clock To manually set the system clock, use one of the formats of the clock set EXEC command. clock set hh:mm:ss day month year
clock set
hh:mm:ss month day year
  Ctrl-P Press Ctrl-P or the up arrow to repeat the previous command entry automatically. Ctrl-P
2.2.7 terminal no editing To disable enhanced editing mode, this command is entered at the privileged EXEC mode prompt. terminal no editing
  Ctrl-A Moves cursor to the beginning of a command line. Ctrl-A
  Esc-B Moves cursor back one word. Esc-B
  Ctrl-B Moves cursor back one character. Ctrl-B
  Ctrl-E Moves cursor to the end of the command line. Ctrl-E
  Ctrl-F Moves cursor forward one character. Ctrl-F
  Esc-F Moves cursor forward one word. Esc-F
  Ctrl-Z Ctrl-Z is a command used to back out of configuration mode. Ctrl-Z
2.2.8 terminal history size To change the number of command lines the system records during a terminal session, use the terminal history size or the history size command. terminal history size number-of-lines
  history size To change the number of command lines the system records during a terminal session, use the terminal history size or the history size command. history size number-of-lines
  Ctrl-N Used to recall successively more recent commands. Ctrl-N
  Tab When typing commands, as a shortcut, the Tab key may be entered for a command, and the interface will finish the entry. Tab
2.2.9 show running-config This command allows you to view the current configuration in the RAM. This configuration is the active configuration, and changes made to the router will show up in this configuration file. show running-config
Module 3: Configuring a Router
  Command Command Description Command Syntax
3.1.1 configure terminal This command is used to switch from enable mode to one of the configuration modes. configure terminal
3.1.2 hostname This command is used to give the router a unique name. hostname hostname
  router rip To configure the Routing Information Protocol (RIP) routing process, use the router rip global configuration command. router rip
  interface serial 0 Use the interface global configuration command to configure an interface type and enter interface configuration mode. interface type number
3.1.3 line console 0 To identify a specific line for configuration and begin the line configuration command collection mode, use the line global configuration command. Entering the line command with the optional line type (aux, console , tty , or vty ) designates the line number as a relative line number. Relative line numbers always begin numbering at zero and define the type of line. line [aux | console | tty | vty ] line-number [ending-line-number]
  password To specify a password on a line, use the password line configuration command. Use the no form of this command to remove the password. password password
  login To enable password checking at login, use the login line configuration command. login [local | tacacs]
  line vty 0 4 To identify a specific line for configuration and begin the line configuration command collection mode, use the line global configuration command. Entering the line command with the optional line type (aux , console , tty , or vty ) designates the line number as a relative line number. Relative line numbers always begin numbering at zero and define the type of line. line [aux | console | tty | vty ] line-number [ending-line-number]
  show startup-config This command allows you to view the configuration file "startup-config" in the NVRAM. show startup-config
  service password-encryption The service password-encryption command applies a weak encryption to all unencrypted passwords. service password-encryption
3.1.4 show ? The command show ? provides a list of available show commands. show ?
  show interfaces Use the show interfaces EXEC command to display statistics for all interfaces configured on the router or access server. show interfaces {type number}
  show interfaces serial 0/1 Use the show interfaces EXEC command to display statistics for all interfaces configured on the router or access server. show interfaces {type number}
  show controllers serial Use the show controllers serial privileged EXEC command to display information that is specific to the interface hardware. show controllers serial [slot/port]
  show hosts To display the default domain name, the style of name lookup service, a list of name server hosts, and the cached list of host names and addresses, use the show hosts EXEC command. show hosts
  show clock Shows the time set in the router. show clock
  show users Displays all users who are connected to the router. show users
  show history Displays a history of commands that have been entered. show history
  show arp Displays the arp table of the router. show arp
  show protocols Use the show protocols EXEC command to display the configured protocols. show protocols
3.1.5 interface serial 0/0 Use the interface global configuration command to configure an interface type and enter interface configuration mode. interface type slot/port
  ip address <ip address> <netmask> To set IP addresses for an interface, use the ip address interface configuration command. The secondary keyword designates an IP address as an auxiliary address. ip address ip-address mask [secondary]
  clock rate 56000 Use the clock rate (or clockrate) interface configuration command to configure the clock rate for the hardware connections on serial interfaces such as network interface modules (NIMs) and interface processors to an acceptable bit rate. clock rate speed-in-
bits-per-second
  no shutdown To disable an interface, use the shutdown configuration command. To restart a disabled interface, use the no form of this command. This should be done on all interfaces in use as they are shutdown by default. no shutdown
3.1.6 erase startup-config To erase a file system, use the erase EXEC command. The erase nvram: command replaces the write erase command and the erase startup-config command. erase {filesystem:| start-up config}
  copy running-config startup-config To copy any file from a source to a destination, use the copy EXEC command. Use the /erase option to erase the destination file system before copying. copy {flash | ftp | nvram | running-config | startup-config | system | tftp} {flash | ftp | nvram | running-config | startup-config | system | tftp}
3.1.7 shutdown To disable an interface, use the shutdown configuration command. To restart a disabled interface, use the no form of this command. This should be done on all interfaces in use as they are shutdown by default. shutdown
  interface fastethernet 0/0 Use the interface global configuration command to configure an interface type and enter interface configuration mode. interface type slot/port
3.2.4 description To add a description to an interface configuration, use the description interface configuration command. description string
3.2.5 banner motd # # To specify a message-of-the-day (MOTD) banner, use the banner motd global configuration command. banner motd d message d
  clock timezone To set the time zone for display purposes, use the clock timezone global configuration command. To set the time to Coordinated Universal Time (UTC), use the no form of this command. clock timezone zone hours [minutes]
3.2.6 ip host To define a static host name-to-address mapping in the host cache, use the ip host global configuration command. To remove the name-to-address mapping, use the no form of this command. ip host name-of-host [tcp-port-number] ip-address [ip-address2 ... address8]
3.2.7 show hosts To display the default domain name, the style of name lookup service, a list of name server hosts, and the cached list of host names and addresses, use the show hosts EXEC command. show hosts
3.2.9 copy running-config tftp To copy any file from a source to a destination, use the copy EXEC command. Use the /erase option to erase the destination file system before copying. copy {flash | ftp | nvram | running-config | startup-config | system | tftp} {flash | ftp | nvram | running-config | startup-config | system | tftp}
  copy tftp running-config To copy any file from a source to a destination, use the copy EXEC command. Use the /erase option to erase the destination file system before copying. copy {flash | ftp | nvram | running-config | startup-config | system | tftp} {flash | ftp | nvram | running-config | startup-config | system | tftp}
Module 4: Learning about Other Devices 
  Command Command Description Command Syntax
4.1.2 show cdp neighbors To display information about neighbors, use the show cdp neighbors privileged EXEC command. show cdp neighbors [type number] [detail]
4.1.3 cdp run To enable CDP, use the cdp run global configuration command. Use the no form of this command to disable CDP. CDP is enabled on the router by default, which means the Cisco IOS software will receive CDP information. cdp run
  cdp enable To enable Cisco Discovery Protocol (CDP) on an interface, use the cdp enable interface configuration command. cdp enable
  clear cdp counters Resets the traffic counters to zero. clear cdp counters
  show cdp To display global CDP information, including timer and hold-time information, use the show cdp privileged EXEC command. show cdp
  show cdp entry device-name [protocol | version] To display information about a neighbor device listed in the CDP table, use the show cdp entry privileged EXEC command. show cdp entry {* | device-name [*] [protocol | version]}
  show cdp interface [type number] Displays information about interfaces on which CDP is enabled. show cdp interface [type number]
4.1.5 no cdp run To enable CDP, use the cdp run global configuration command. Use the no form of this command to disable CDP. CDP is enabled on your router by default, which means the Cisco IOS software will receive CDP information. no cdp run
  no cdp enable To enable Cisco Discovery Protocol (CDP) on an interface, use the cdp enable interface configuration command. Use the no form of this command to disable CDP on an interface. CDP is enabled by default on all supported interfaces. no cdp enable
4.1.6 clear cdp table Deletes the CDP table of information about neighbors. clear cdp table
  show cdp traffic Displays the CDP counters, including the number of packets sent and received and checksum errors. show cdp traffic
  show debugging Displays information about the types of debugging that are enabled. show debugging
  cdp holdtime Specifies the hold time to be sent in the CDP update package. cdp holdtime
  debug cdp adjacency Used to troubleshoot or monitor CDP neighbor information debug cdp adjacency
  debug cdp events Used to troubleshoot or monitor CDP events debug cdp events
  debug cdp ip Used to troubleshoot or monitor CDP IP information debug cdp ip
  debug cdp packets Used to troubleshoot or monitor CDP packet related information. debug cdp packets
4.2.2 connect To log on to a host that supports Telnet, rlogin, or LAT, use the connect EXEC command. connect [ip-address | hostname]
  telnet This command will create a connection to a remote system. telnet {hostname | ip-address} [port] [keyword]
  exit Use the exit command at the EXEC levels to exit the EXEC mode. exit
  logout Exits a telnet session. logout
4.2.3 Ctrl-Shift-6, X The procedure for suspending a telnet session. Ctrl-Shift-6, X
  show sessions The command show sessions will show what telnet sessions are taking place. show sessions
4.2.4 session-limit The number of open sessions that are allowed at one time is defined by the session limit command. session-limit session-number
  resume Resumes a telnet connection. resume
4.2.5 traceroute Tests the hops a packet takes from one host to a final destination. traceroute [protocol] destination
  ping Use the ping privileged EXEC command to diagnose basic network connectivity on Apollo, AppleTalk, Connectionless Network Service (CLNS), DECnet, IP, Novell IPX, VINES, or XNS networks. ping [protocol] {ip-address | hostname}
  show ip route Use the show ip route EXEC command to display the current state of the routing table. show ip route [address [mask] [longer-prefixes]] | [protocol [process-id]] | [list access-list-number | access-list-name]
Module 5: Managing Cisco IOS Software
  Command Command Description Command Syntax
5.1.3 boot system To specify the system image that the router loads at startup, use one of the following boot system global configuration commands. boot system file-url
5.1.4 config-register This command is used to define the configuration register. The register is a hexadecimal value from 0x0 to 0xFFFF. This command only applies to platforms which use a software configuration register. config-register register-value
5.2.3 copy running-config tftp To copy any file from a source to a destination, use the copy EXEC command. copy {flash | ftp | nvram | running-config | startup-config | system | tftp} {flash | ftp | nvram | running-config | startup-config | system | tftp}
5.2.5 copy flash tftp To copy any file from a source to a destination, use the copy EXEC command. copy {flash | ftp | nvram | running-config | startup-config | system | tftp} {flash | ftp | nvram | running-config | startup-config | system | tftp}
  dir flash: To display a list of files on a file system, use the dir EXEC command. dir [/all] [filesystem: | file-url]
  boot flash: Command tells the router to boot the flash device. boot flash [flash-fs:] [partition-number:] [filename]
  confreg To change the configuration register settings while in ROM monitor mode, use the confreg ROM monitor command.  confreg [value
  xmodem To copy a Cisco IOS image to a router using the ROM monitor and the Xmodem or Ymodem protocol, use the xmodem ROM monitor command. xmodem [-c][-y][-e][-f][-r][-x][-s data-rate] [filename]
5.2.7 tftpdnld Image download utility.  
  set Sets environmental variables  
  IP_ADDRESS IP address of router when in ROMmon mode.  
  IP_SUBNET_MASK Subnet mask of router when in ROMmon mode.  
  DEFAULT_GATEWAY The default gateway of router when in ROMmon mode.  
  TFTP_SERVER The IP address of the TFTP server that router in ROMmon mode will download from.  
  TFTP_FILE The file the router in ROMmon mode will download from the TFTP server.  
Module 6: Routing and Routing Protocols
  Command Command Description Command Syntax
6.1.2 ip route To establish static routes, use the ip route global configuration command. To remove static routes, use the no form of this command. ip route prefix mask {address | interface} [distance] [tag tag] [permanent]
6.1.4 ip route 0.0.0.0 0.0.0.0 [next-hop-address | outgoing interface] To establish static routes, use the ip route global configuration command. To remove static routes, use the no form of this command. ip route prefix mask {address | interface} [distance] [tag tag] [permanent]
6.1.5 ip default-network To select a network as a candidate route for computing the gateway of last resort, use the ip default-network global configuration command. ip default-network network-number
6.1.6 show ip route Use the show ip route EXEC command to display the current state of the routing table. show ip route [address [mask] [longer-prefixes]] | [protocol [process-id]] | [list access-list-number | access-list-name]
6.3.2 router rip To configure the Routing Information Protocol (RIP) routing process, use the router rip global configuration command. router rip
  network x.x.x.x To specify a list of networks for a Routing Information Protocol (RIP), RIP version 2, or Interior Gateway Routing Protocol (IGRP) routing process, use this form of the network router configuration command. network network-address
Module 7: Distance Vector Routing Protocols
  Command Command Description Command Syntax
7.2.2 router rip To configure the Routing Information Protocol (RIP) routing process, use the router rip global configuration command. router rip
  network network-number To specify a list of networks for a Routing Information Protocol (RIP), RIP version 2, or Interior Gateway Routing Protocol (IGRP) routing process, use this form of the network router configuration command. network network-address
7.2.3 ip classless At times the router might receive packets destined for a subnet of a network that has no network default route. To have the Cisco IOS software forward such packets to the best supernet route possible, use the ip classless global configuration command. To disable this feature, use the no form of this command. When this feature is disabled, the software discards the packets when a router receives packets for a subnet that numerically falls within its subnetwork addressing scheme. ip classless
  no ip classless At times the router might receive packets destined for a subnet of a network that has no network default route. To have the Cisco IOS software forward such packets to the best supernet route possible, use the ip classless global configuration command. To disable this feature, use the no form of this command. When this feature is disabled, the software discards the packets when a router receives packets for a subnet that numerically falls within its subnetwork addressing scheme. no ip classless
7.2.4 ip split-horizon On by default, stops split horizon from occurring. ip split-horizon
  no ip split- horizon Allows routers to send updates out the same interface from which they came. no ip split-horizon
  timers basic Changes the holddown timer for routing updates. timers basic update invalid holddown flush [sleeptime]
  update-timer seconds Changes the update timer for the routing updates. update-timer seconds
  passive-interface The passive-interface command keeps a router from sending routing updates out an interface. passive-interface type number
7.2.5 show ip route Use the show ip route EXEC command to display the current state of the routing table. show ip route [address [mask] [longer-prefixes]] | [protocol [process-id]] | [list access-list-number | access-list-name]
  show ip protocols To display the parameters and current state of the active routing protocol process, use the show ip protocols EXEC command. show ip protocols
  show interfaces interface To display statistics for all interfaces configured on the router or access server, use the show interfaces command in privileged EXEC mode. show interfaces interface
  show ip interface interface To display the usability status of interfaces configured for IP, use the show ip interface EXEC command. show ip interface interface-type number
7.2.6 debug ip rip This command displays RIP transactions. debug ip rip
  show ip rip database Displays the contents of the RIP private database. show ip rip database [ip -address {mask}]
  Show ip protocols {summary} To display the parameters and current state of the active routing protocol process, use the show ip protocols EXEC command. show ip protocols {summary}
  debug ip rip {events} This command displays RIP transactions. debug ip rip
  Show ip interface brief To display a brief summary of the information and status for an IP address, use the show ip interface brief command in EXEC mode. show ip interface brief
7.2.7 passive- interface The passive-interface command keeps a router from sending routing updates out an interface. passive-interface type number
7.2.9 maximum-paths [number] To control the maximum number of parallel routes an IP routing protocol can support, use the maximum-paths command in address family or router configuration mode. maximum-paths maximum
7.2.10 redistribute static To redistribute routes from one routing domain into another routing domain, use the redistribute router configuration command. To disable redistribution, use the no form of this command. redistribute protocol [process-id] [metric metric-value] [metric-type type-value] [match {internal | external 1 | external 2}] [tag tag-value] [route map map-tag] [weight weight] [subnets]
7.3.5 router igrp as-number To configure the Interior Gateway Routing Protocol (IGRP) routing process, use the router igrp global configuration command. To shut down an IGRP routing process, use the no form of this command. router igrp autonomous-system
  no router igrp as-number To configure the Interior Gateway Routing Protocol (IGRP) routing process, use the router igrp global configuration command. To shut down an IGRP routing process, use the no form of this command. no router igrp autonomous-system
  network To specify a list of networks for a Routing Information Protocol (RIP), RIP version 2, or Interior Gateway Routing Protocol (IGRP) routing process, use this form of the network router configuration command. To remove an entry, use the no form of this command. network network-address
  no network To specify a list of networks for a Routing Information Protocol (RIP), RIP version 2, or Interior Gateway Routing Protocol (IGRP) routing process, use this form of the network router configuration command. To remove an entry, use the no form of this command. no network network-address
7.3.6 default-information originate To generate a default route into RIP, use the default-information originate router configuration command. To disable this feature, use the no form of this command. default-information originate [route-map mapname]
  ip default-network To select a network as a candidate route for computing the gateway of last resort, use the ip default-network global configuration command. To remove a route, use the no form of this command. ip default-network network-number
  clear ip route * This command removes a route from the IP routing table clear ip route {network [mask] | * }
7.3.7 show running-config interface interface Shows the running configuration for the specified interface. show running-config interface interface
  show running-config | begin interface interface Begins the running configuration output at the specified interface. show running-config | begin interface interface
  show running config | begin igrp Shows the running configuration beginning at the specified routing protocol. show running config | begin igrp
7.3.8 debug ip igrp events Shows all igrp events that are occurring debug ip igrp events
  debug ip igrp transactions Shows igrp updates that are occurring between IGRP routers debug ip igrp transactions
  bandwidth To set a bandwidth value for an interface, use the bandwidth command in interface configuration mode. The bandwidth command sets an informational parameter to communicate only the current bandwidth to the higher-level protocols. bandwidth kilobits
  no ip route-cache Use the ip route-cache interface configuration command to control the use of high-speed switching caches for IP routing. To disable any of these switching modes, use the no form of this command. no ip route-cache
  variance To control load balancing in an EIGRP-based internetwork, use the variance router configuration command. The variance value determines whether IGRP will accept unequal-cost routes. An IGRP router will only accept routes equal to the local best metric for the destination multiplied by the variance value. To reset the variance to the default value, use the no form of this command. variance multiplier
  debug ip packet Use the debug ip packet EXEC command to display general IP debugging information. debug ip packet
  undebug all Turns off all debugging. undebug all
  ip route-cache Use the ip route-cache interface configuration command to control the use of high-speed switching caches for IP routing. To disable any of these switching modes, use the no form of this command. ip route-cache
Module 8: TCP/IP Suite Error and Control Messages
  Command Command Description Command Syntax
8.2.2 no ip redirects Disable ICMP redirects. no ip redirects
Module 9: Basic Router Troubleshooting
  Command Command Description Command Syntax
9.1.1 show ip route connected Use the show ip route EXEC command to display the current state of the routing table. show ip route [address [mask] [longer-prefixes]] | [protocol [process-id]] | [list access-list-number | access-list-name]
  show ip route network Use the show ip route EXEC command to display the current state of the routing table. show ip route [address [mask] [longer-prefixes]] | [protocol [process-id]] | [list access-list-number | access-list-name]
  show ip route rip Use the show ip route EXEC command to display the current state of the routing table. show ip route [address [mask] [longer-prefixes]] | [protocol [process-id]] | [list access-list-number | access-list-name]
  show ip route igrp Use the show ip route EXEC command to display the current state of the routing table. show ip route [address [mask] [longer-prefixes]] | [protocol [process-id]] | [list access-list-number | access-list-name]
  show ip route static Use the show ip route EXEC command to display the current state of the routing table. show ip route [address [mask] [longer-prefixes]] | [protocol [process-id]] | [list access-list-number | access-list-name]
9.1.2 ip default-network To select a network as a candidate route for computing the gateway of last resort, use the ip default-network global configuration command. To remove a route, use the no form of this command. ip default-network network-number
9.1.8 show ip rip database Displays the contents of the RIP private database. show ip rip database [ip-address {mask}]
9.2.5 ping [protocol] {host | address} Use the ping privileged EXEC command to diagnose basic network connectivity on Apollo, AppleTalk, Connectionless Network Service (CLNS), DECnet, IP, Novell IPX, VINES, or XNS networks. The optional protocol argument can be any of the following: apollo, appletalk, clns, decnet, ip, ipx, vines, or xns. To perform an extended ping, enter the ping command with no arguments. ping [protocol] {ip-address | hostname}
9.2.6 debug telnet The telnet negotiation process can be viewed using the debug telnet command. debug telnet
9.3.1 clear counters Many steps occur during the processing of a packet, and tests are performed at each step. The outcome of each step is recorded in an interface counter. Network administrators can analyze these interface counters to determine the reasons for sluggish router and network performance. This command is used to set all the counters of the specified interfaces to zero. clear counters interface-type number
9.3.7 debug all To enable all system diagnostics, enter the debug all command in privileged EXEC mode. The no debug all command turns off all diagnostic output. Using the no debug all command is a convenient way to ensure that you have not accidentally left any debug commands turned on. debug all
  terminal monitor Debug output and system messages can be redirected to the remote terminal using this command. terminal monitor
  service timestamps debug uptime This command configures a timestamp that will show the hour:minute:second of the output, the amount of time since the router was last powered up, and when a reload command was executed. service timestamps message-type [uptime]
  debug ip rip This command displays RIP transactions. debug ip rip
  show debugging To view what is currently being examined by a debug command use the show debugging command. show debugging
Module 10: Intermediate TCP/IP
  Command Command Description Command Syntax
10.1.6 ip http server To enable a Cisco router to be configured from a browser using the Cisco IOS ClickStart software, and to enable any router to be monitored or have its configuration modified from a browser using the Cisco Web browser interface, use the ip http server global configuration command. To disable this feature, use the no form of this command. ip http server  
Module 11: Access Control Lists (ACLs)
  Command Command Description Command Syntax
11.1.3 access-list To define an access-control list, use the access-list global configuration command. To remove a standard access list, use the no form of this command. access-list access-list-number {deny | permit | remark line} {any | source [source-wildcard]} [log]
  ip access-group To control access to an interface, use the ip access-group command in interface configuration mode.  To remove the specified access group, use the no form of this command. ip access-group access-list-number | access-list-name {in | out}
  no access-list access-list-number To define an access-control list, use the access-list global configuration command. To remove a standard access lists, use the no form of this command. no access-list access-list-number | access-list-name
11.1.4 any Use the keyword any as an abbreviation for a source and source-wildcard of 0.0.0.0 255.255.255.255. access-list access-list-number {deny | permit | remark line} {any | source [source-wildcard]} [log]
  host Use host source as an abbreviation for a source and source-wildcard of source 0.0.0.0. access-list access-list-number {deny | permit | remark line} {host source | source [source-wildcard]} [log]
11.1.5 show access-lists To display the contents of current access lists, use the show access-lists privileged EXEC command. show access-lists [access-list-number | access-list-name]
11.2.1 access-list access-list-number {deny | permit} source [source-wildcard ] [log] To define an access-control list, use the access-list global configuration command. To remove a standard access lists, use the no form of this command. access-list access-list-number {deny | permit | remark line} source [source-wildcard] [log]
  no access-list access-list-number To define an access-control list, use the access-list global configuration command. To remove a standard access lists, use the no form of this command. no access-list access-list-number | access-list-name
11.2.2 access-list 101 deny tcp 192.168.14.0 0.0.0.255 any eq 80 To define an extended IP access list, use the extended version of the access-list global configuration command. Access lists can be used to control the transmission of packets on an interface, control virtual terminal line access, and restrict contents of routing updates. The Cisco IOS software stops checking the extended access list after a match occurs. access-list access-list-number [dynamic dynamic-name [timeout minutes]] {deny | permit} protocol source source-wildcard destination destination-wildcard [precedence precedence] [tos tos] [log | log-input]
  ip access-group access-list-number {in | out} To configure an access list to be used for packets transmitted to and from the host, use the ip access-group interface configuration command. To disable control over packets transmitted to or from a host, use the no form of this command. ip access-group access-list-number | access-list-name {in | out}
11.2.3 ip access-list extended name-of-access-list Define an extended IP access list using a name. ip access-list {standard | extended} name
11.2.6 access-class To restrict incoming and outgoing connections between a particular vty and the addresses in an access list, use the access-class command in line configuration mode.  To remove access restrictions, use the no form of this command. access-class access-list-number {in | out}
Case Study: Routing
There are no commands in this case study.
Close Window
All contents copyright © 2003 Cisco Systems, Inc. All rights reserved.