Saturday, June 10, 2017

CCNA Cisco Packet Tracer Command List 2017

Packet Tracer command list 2017
Radius Authentication default login setup
aaa new-model
aaa authentication login default group radius
radius-server host <IP> auth-port 1645 key Cisco

<set hostname>
ip domain-name
crypto key generate rsa
ip ssh version 2
line vty 0 4
transport input ssh
SSH from host command line: ssh –l <username> <IP address>

Site-to-site VPN
crypto isakmp enable
crypto isakmp policy 10
encryption aes 256
authentication pre-share
group 5
lifetime 3600
crypto isakmp key VPNKEY address <outside public IP of remote site>
crypto ipsec transform-set MYTRANS esp-aes 256 esp-sha-hmac
crypto map MYMAP 1 ipsec-isakmp
set peer <outside public IP of remote site>
set transform-set MYTRANS
match address AAA
ip access-list extended AAA
permit ip <source network> <source wildcard mask> <destination network> <destination wildcard
show crypto isakmp sa
show crypto ipsec sa

CBAC (inspect) ICMP example
Create block for incoming traffic
ip access-list extended lockout
deny icmp any any
Apply to outer interface, inbound
interface fa0/x
ip access-group lockout in
Create inspection rule to allow ICMP requests from the inside
ip inspect name ICMP icmp
Apply to inner interface, inbound or outbound depending on situation
interface fa0/x
ip inspect ICMP in
Debug inspected ICMP traffic
debug ip inspect protocol icmp

ntp server <NTP Server IP>
ntp authentication-key <x> md5 <password>
ntp update-calendar
ntp authenticate
ntp trusted-key

logging <Syslog Server IP>
logging trap <trap type>
logging on
logging userinfo
logging console
logging buffered

enable password cisco
enable secret cisco (encrypted)
service password-encryption (global)
line con 0 (console)
password cisco
line vty 0 4 (vty connections)
password cisco

Local authentication
username user password cisco
line vty 0 4
login local

Layer 2 security
switchport port-security
switchport port-security mac-address
switchport port-security maximum
switchport port-security violation
switchport nonegotiate
switchport mode access
switchport mode trunk

Blogger Gadgets