Crontab – Quick Reference

http://adminschoice.com/crontab-quick-reference
Setting up cron jobs in Unix and Solaris

cron is a unix, solaris utility that allows tasks to be automatically run in the background at regular intervals by the cron daemon. These tasks are often termed as cron jobs in unix , solaris. Crontab (CRON TABle) is a file which contains the schedule of cron entries to be run and at specified times.

This document covers following aspects of Unix cron jobs
1. Crontab Restrictions
2. Crontab Commands
3. Crontab file – syntax
4. Crontab Example
5. Crontab Environment
6. Disable Email
7. Generate log file for crontab activity

1. Crontab Restrictions
You can execute crontab if your name appears in the file /usr/lib/cron/cron.allow. If that file does not exist, you can use
crontab if your name does not appear in the file /usr/lib/cron/cron.deny.
If only cron.deny exists and is empty, all users can use crontab. If neither file exists, only the root user can use crontab. The allow/deny files consist of one user name per line.

2. Crontab Commands

export EDITOR=vi ;to specify a editor to open crontab file.

crontab -e Edit your crontab file, or create one if it doesn’t already exist.
crontab -l Display your crontab file.
crontab -r Remove your crontab file.
crontab -v Display the last time you edited your crontab file. (This option is only available on a few systems.)

3. Crontab file
Crontab syntax :
A crontab file has five fields for specifying day , date and time followed by the command to be run at that interval.

* * * * * command to be executed
- - - - -
| | | | |
| | | | +----- day of week (0 - 6) (Sunday=0)
| | | +------- month (1 - 12)
| | +--------- day of month (1 - 31)
| +----------- hour (0 - 23)
+------------- min (0 - 59)

* in the value field above means all legal values as in braces for that column.
The value column can have a * or a list of elements separated by commas. An element is either a number in the ranges shown above or two numbers in the range separated by a hyphen (meaning an inclusive range).
Notes
A. ) Repeat pattern like /2 for every 2 minutes or /10 for every 10 minutes is not supported by all operating systems. If you try to use it and crontab complains it is probably not supported.

B.) The specification of days can be made in two fields: month day and weekday. If both are specified in an entry, they are cumulative meaning both of the entries will get executed .

4. Crontab Example
A line in crontab file like below removes the tmp files from /home/someuser/tmp each day at 6:30 PM.

30 18 * * * rm /home/someuser/tmp/*

Changing the parameter values as below will cause this command to run at different time schedule below :
min hour day/month month day/week Execution time
30 0 1 1,6,12 * – 00:30 Hrs on 1st of Jan, June & Dec.
0 20 * 10 1-5 –8.00 PM every weekday (Mon-Fri) only in Oct.
0 0 1,10,15 * * – midnight on 1st ,10th & 15th of month
5,10 0 10 * 1 – At 12.05,12.10 every Monday & on 10th of every month
:

Note : If you inadvertently enter the crontab command with no argument(s), do not attempt to get out with Control-d. This removes all entries in your crontab file. Instead, exit with Control-c.

5. Crontab Environment
cron invokes the command from the user’s HOME directory with the shell, (/usr/bin/sh).
cron supplies a default environment for every shell, defining:
HOME=user’s-home-directory
LOGNAME=user’s-login-id
PATH=/usr/bin:/usr/sbin:.
SHELL=/usr/bin/sh

Users who desire to have their .profile executed must explicitly do so in the crontab entry or in a script called by the entry.

6. Disable Email
By default cron jobs sends a email to the user account executing the cronjob. If this is not needed put the following command At the end of the cron job line .

>/dev/null 2>&1

7. Generate log file
To collect the cron execution execution log in a file :

30 18 * * * rm /home/someuser/tmp/* > /home/someuser/cronlogs/clean_tmp_dir.log

CCNA Router and Catalyst Switch IOS Command Reference

By Jamison Schmidt

Router Commands
Terminal Controls:

Config# terminal editing - allows for enhanced editing commands Config# terminal monitor - shows output on telnet session Config# terminal ip netmask-format hexadecimal|bit-count|decimal - changes the format of subnet masks Host Name: Config# hostname ROUTER_NAME Banner: Config# banner motd # TYPE MESSAGE HERE # - # can be substituted for any character, must start and finish the message Descriptions: Config# description THIS IS THE SOUTH ROUTER - can be entered at the Config-if level Clock: Config# clock timezone Central -6 # clock set hh:mm:ss dd month yyyy - Example: clock set 14:35:00 25 August 2003 Changing The Register: Config# config-register 0x2100 - ROM Monitor Mode Config# config-register 0x2101 - ROM boot Config# config-register 0x2102 - Boot from NVRAM Boot System: Config# boot system tftp FILENAME SERVER_IP - Example: boot system tftp 2600_ios.bin 192.168.14.2 Config# boot system ROM Config# boot system flash - Then - Config# reload CDP: Config# cdp run - Turns CDP on Config# cdp holdtime 180 - Sets the time that a device remains. Default is 180 Config# cdp timer 30 - Sets the update timer.The default is 60 Config# int Ethernet 0 Config-if# cdp enable - Enables cdp on the interface Config-if# no cdp enable - Disables CDP on the interface Config# no cdp run - Turns CDP off Host Table: Config# ip host ROUTER_NAME INT_Address - Example: ip host lab-a 192.168.5.1 -or- Config# ip host RTR_NAME INT_ADD1 INT_ADD2 INT_ADD3 - Example: ip host lab-a 192.168.5.1 205.23.4.2 199.2.3.2 - (for e0, s0, s1) DNS: Config# ip domain-lookup - Tell router to lookup domain names Config# ip name-server 122.22.2.2 - Location of DNS server Config# ip domain-name cisco.com - Domain to append to end of names Clearing Counters: # clear interface Ethernet 0 - Clears counters on the specified interface # clear counters - Clears all interface counters # clear cdp counters - Clears CDP counters Static Routes: Config# ip route Net_Add SN_Mask Next_Hop_Add - Example: ip route 192.168.15.0 255.255.255.0 205.5.5.2 Config# ip route 0.0.0.0 0.0.0.0 Next_Hop_Add - Default route -or- Config# ip default-network Net_Add - Gateway LAN network IP Routing: Config# ip routing - Enabled by default Config# router rip -or- Config# router igrp 100 Config# interface Ethernet 0 Config-if# ip address 122.2.3.2 255.255.255.0 Config-if# no shutdown IPX Routing: Config# ipx routing Config# interface Ethernet 0 Config# ipx maximum-paths 2 - Maximum equal metric paths used Config-if# ipx network 222 encapsulation sap - Also Novell-Ether, SNAP, ARPA on Ethernet. Encapsulation HDLC on serial Config-if# no shutdown Access Lists: IP Standard 1-99 IP Extended 100-199 IPX Standard 800-899 IPX Extended 900-999 IPX SAP Filters 1000-1099 IP Standard: Config# access-list 10 permit 133.2.2.0 0.0.0.255 - allow all src ip’s on network 133.2.2.0 -or- Config# access-list 10 permit host 133.2.2.2 - specifies a specific host -or- Config# access-list 10 permit any - allows any address Config# int Ethernet 0 Config-if# ip access-group 10 in - also available: out IP Extended: Config# access-list 101 permit tcp 133.12.0.0 0.0.255.255 122.3.2.0 0.0.0.255 eq telnet -protocols: tcp, udp, icmp, ip (no sockets then), among others -source then destination address -eq, gt, lt for comparison -sockets can be numeric or name (23 or telnet, 21 or ftp, etc) -or- Config# access-list 101 deny tcp any host 133.2.23.3 eq www -or- Config# access-list 101 permit ip any any Config# interface Ethernet 0 Config-if# ip access-group 101 out IPX Standard: Config# access-list 801 permit 233 AA3 - source network/host then destination network/host -or- Config# access-list 801 permit -1 -1 - “-1” is the same as “any” with network/host addresses Config# interface Ethernet 0 Config-if# ipx access-group 801 out IPX Extended: Config# access-list 901 permit sap 4AA all 4BB all - Permit protocol src_add socket dest_add socket -“all” includes all sockets, or can use socket numbers -or- Config# access-list 901 permit any any all any all -Permits any protocol with any address on any socket to go anywhere Config# interface Ethernet 0 Config-if# ipx access-group 901 in IPX SAP Filter: Config# access-list 1000 permit 4aa 3 - “3” is the service type -or- Config# access-list 1000 permit 4aa 0 - service type of “0” matches all services Config# interface Ethernet 0 Config-if# ipx input-sap-filter 1000 - filter applied to incoming packets -or- Config-if# ipx output-sap-filter 1000 - filter applied to outgoing packets Named Access Lists: Config# ip access-list standard LISTNAME -can be ip or ipx, standard or extended -followed by the permit or deny list Config# permit any Config-if# ip access-group LISTNAME in -use the list name instead of a list number -allows for a larger amount of access-lists PPP Setup: Config-if# encapsulation ppp Config-if# ppp authentication chap pap -order in which they will be used -only attempted with the authentification listed -if one fails, then connection is terminated Config-if# exit Config# username Lab-b password 123456 -username is the router that will be connecting to this one -only specified routers can connect -or- Config-if# ppp chap hostname ROUTER Config-if# ppp chap password 123456 -if this is set on all routers, then any of them can connect to any other -set same on all for easy configuration ISDN Setup: Config# isdn switch-type basic-5ess - determined by telecom Config# interface serial 0 Config-if# isdn spid1 2705554564 - isdn “phonenumber” of line 1 Config-if# isdn spid2 2705554565 - isdn “phonenumber” of line 2 Config-if# encapsulation PPP - or HDLC, LAPD DDR - 4 Steps to setting up ISDN with DDR Configure switch type Config# isdn switch-type basic-5ess - can be done at interface config Configure static routes Config# ip route 123.4.35.0 255.255.255.0 192.3.5.5 - sends traffic destined for 123.4.35.0 to 192.3.5.5 Config# ip route 192.3.5.5 255.255.255.255 bri0 - specifies how to get to network 192.3.5.5 (through bri0) Configure Interface Config-if# ip address 192.3.5.5 255.255.255.0 Config-if# no shutdown Config-if# encapsulation ppp Config-if# dialer-group 1 - applies dialer-list to this interface Config-if# dialer map ip 192.3.5.6 name Lab-b 5551212 connect to lab-b at 5551212 with ip 192.3.5.6 if there is interesting traffic can also use “dialer string 5551212” instead if there is only one router to connect to Specify interesting traffic Config# dialer-list 1 ip permit any -or- Config# dialer-list 1 ip list 101 - use the access-list 101 as the dialer list Other Options Config-if# hold-queue 75 - queue 75 packets before dialing Config-if# dialer load-threshold 125 either -load needed before second line is brought up -“125” is any number 1-255, where % load is x/255 (ie 125/255 is about 50%) -can check by in, out, or either Config-if# dialer idle-timeout 180 -determines how long to stay idle before terminating the session -default is 120 Frame Relay Setup Config# interface serial 0 Config-if# encapsulation frame-relay - cisco by default, can change to ietf Config-if# frame-relay lmi-type cisco - cisco by default, also ansi, q933a Config-if# bandwidth 56 Config-if# interface serial 0.100 point-to-point - subinterface Config-if# ip address 122.1.1.1 255.255.255.0 Config-if# frame-relay interface-dlci 100 -maps the dlci to the interface -can add BROADCAST and/or IETF at the end Config-if# interface serial 1.100 multipoint Config-if# no inverse-arp - turns IARP off; good to do Config-if# frame-relay map ip 122.1.1.2 48 ietf broadcast -maps an IP to a dlci (48 in this case) -required if IARP is turned off -ietf and broadcast are optional Config-if# frame-relay map ip 122.1.1.3 54 broadcast Show Commands Show access-lists - all access lists on the router Show cdp - cdp timer and holdtime frequency Show cdp entry * - same as next Show cdp neighbors detail - details of neighbor with ip add and ios version Show cdp neighbors - id, local interface, holdtime, capability, platform portid Show cdp interface - int’s running cdp and their encapsulation Show cdp traffic - cdp packets sent and received Show controllers serial 0 - DTE or DCE status Show dialer - number of times dialer string has been reached, other stats Show flash - files in flash Show frame-relay lmi - lmi stats Show frame-relay map - static and dynamic maps for PVC’s Show frame-relay pvc - pvc’s and dlci’s Show history - commands entered Show hosts - contents of host table Show int f0/26 - stats of f0/26 Show interface Ethernet 0 - show stats of Ethernet 0 Show ip - ip config of switch Show ip access-lists - ip access-lists on switch Show ip interface - ip config of interface Show ip protocols - routing protocols and timers Show ip route - Displays IP routing table Show ipx access-lists - same, only ipx Show ipx interfaces - RIP and SAP info being sent and received, IPX addresses Show ipx route - ipx routes in the table Show ipx servers - SAP table Show ipx traffic - RIP and SAP info Show isdn active - number with active status Show isdn status - shows if SPIDs are valid, if connected Show mac-address-table - contents of the dynamic table Show protocols - routed protocols and net_addresses of interfaces Show running-config - dram config file Show sessions - connections via telnet to remote device Show startup-config - nvram config file Show terminal - shows history size Show trunk a/b - trunk stat of port 26/27 Show version - ios info, uptime, address of switch Show vlan - all configured vlan’s Show vlan-membership - vlan assignments Show vtp - vtp configs Catalyst Commands For Native IOS - Not CatOS Switch Address: Config# ip address 192.168.10.2 255.255.255.0 Config# ip default-gateway 192.168.10.1 Duplex Mode: Config# interface Ethernet 0/5 - “fastethernet” for 100 Mbps ports Config-if# duplex full - also, half | auto | full-flow-control Switching Mode: Config# switching-mode store-and-forward - also, fragment-free MAC Address Configs: Config# mac-address-table permanent aaab.000f.ffef e0/2 - only this mac will work on this port Config# mac-address-table restricted static aaab.000f.ffef e0/2 e0/3 -port 3 can only send data out port 2 with that mac -very restrictive security Config-if# port secure max-mac-count 5 - allows only 5 mac addresses mapped to this port VLANS: Config# vlan 10 name FINANCE Config# interface Ethernet 0/3 Config-if# vlan-membership static 10 Trunk Links: Config-if# trunk on - also, off | auto | desirable | nonegotiate Config-if# no trunk-vlan 2 -removes vlan 2 from the trunk port -by default, all vlans are set on a trunk port Configuring VTP: Config# delete vtp - should be done prior to adding to a network Config# vtp server - the default is server, also client and transparent Config# vtp domain Camp - name doesn’t matter, just so all switches use the same Config# vtp password 1234 - limited security Config# vtp pruning enable - limits vtp broadcasts to only switches affected Config# vtp pruning disable Flash Upgrade Config# copy tftp://192.5.5.5/configname.ios opcode - “opcode” for ios upgrade, “nvram” for startup config Delete Startup Config: Config# delete nvram

Configuring NAT to Allow Internal Users to Access the Internet NAT Router

VLAN Types
1. Native VLAN: It's a VLAN that is not tagged when used on dot1q trunk. Frames using native VLAN traverse without any tagging. Workstations and some switches do not understand dot1q, and only work with frames without tag (Native VLAN).

2. Default VLAN: It's typically VLAN 1 (At least on Cisco switches) - Vlan that is assigned to the switch port, when u get switch "out of box". You can change the default VLAN to any other specific VLAN by using "native vlan" command on Cisco swiches.

3. Static VLAN: "Static VLAN membership is perhaps the most widely used method because of the relatively small administration overhead and security it provides. With Static VLANs, the administrator will assign each port of the switch to one VLAN. Once this is complete, they can simply connect each device or workstation to the appropriate port." The other method is 4.

4.Dynamic VLAN: Static VLANs are the most common form of port VLAN assignments. It is possible to have the switch dynamically choose a VLAN based on the MAC address of the device connected to a port. For dynamic VLAN assignment, you need a VTP database file, a VTP server, a VTP client switch, and a dynamic port. After you have properly configured these components, a dynamic port can choose the VLAN based on whichever device is connected to that port.

5. Access

Wireless Networking in the Developing World

Limehouse Book Sprint Team
Purpose of The Book By Publishers

The overall goal of this book is to help you build affordable communication technology in your local community by making best use of whatever resources are available. Using inexpensive off-the-shelf equipment, you can build high speed data networks that connect remote areas together, provide broadband network access in areas that even dialup does not exist, and ultimately connect you and your neighbors to the global Internet. By using local sources for materials and fabricating parts yourself, you can build reliable network links with very little budget. And by working with your local community, you can build a telecommunications infrastructure that benefits everyone who participates in it.

This book is not a guide to configuring a radio card in your laptop or choosing consumer grade gear for your home network. The emphasis is on building infrastructure links intended to be used as the backbone for wide area wireless networks. With that goal in mind, information is presented from many points of view, including technical, social, and financial factors. The extensive collection of case studies present various groups' attempts at building these networks, the resources that were committed to them, and the ultimate results of these attempts.

Since the first spark gap experiments at the turn of the last century, wireless has been a rapidly evolving area of communications technology. While we provide specific examples of how to build working high speed data links, the techniques described in this book are not intended to replace existing wired infrastructure (such as telephone systems or fiber optic backbone). Rather, these techniques are intended to augment existing systems, and provide connectivity in areas where running fiber or other physical cable would be impractical.......

We hope you find this book useful for solving your particular communication challenges.

Click to Read More/Download

TCP/IP Network Administration Third Edition

by Craig Hunt

The first edition of TCP/IP Network Administration was written in 1992. In the decade since, many things have changed, yet some things remain the same. TCP/IP is still the preeminent communications protocol for linking together diverse computer systems. It remains the basis of interoperable data communications and global computer networking. The underlying Internet Protocol (IP), Transmission Control Protocol, and User Datagram Protocol (UDP) are remarkably unchanged. But change has come in the way TCP/IP is used and how it is managed.
A clear symbol of this change is the fact that my mother-in-law has a TCP/IP network connection in her home that she uses to exchange electronic mail, compressed graphics, and hypertext documents with other senior citizens. She thinks of this as "just being on the Internet," but the truth is that her small system contains a functioning TCP/IP protocol stack, manages a dynamically assigned IP address, and handles data types that did not even exist a decade ago.
In 1991, TCP/IP was a tool of sophisticated users. Network administrators managed a limited number of systems and could count on the users for a certain level of technical knowledge. No more. In 2002, the need for highly trained network administrators is greater than ever because the user base is larger, more diverse, and less capable of handling technical problems on its own. This book provides the information needed to become an effective TCP/IP network administrator.
TCP/IP Network Administration was the first book of practical information for the professional TCP/IP network administrator, and it is still the best. Since the first edition was published there has been an explosion of books about TCP/IP and the Internet. Still, too few books concentrate on what a system administrator really needs to know about TCP/IP administration. Most books are either scholarly texts written from the point of view of the protocol designer, or instructions on how to use TCP/IP applications. All of those books lack the practical, detailed network information needed by the Unix system administrator. This book strives to focus on TCP/IP and Unix and to find the right balance of theory and practice.
I am proud of the earlier editions of TCP/IP Network Administration. In this edition, I have done everything I can to maintain the essential character of the book while making it better. Dynamic address assignment based on Dynamic Host Configuration Protocol (DHCP) is covered. The Domain Name System material has been updated to cover BIND 8 and, to a lesser extent, BIND 9. The email configuration is based on current version of sendmail 8, and the operating system examples are from the current versions of Solaris and Linux. The routing protocol coverage includes Routing Information Protocol version 2 (RIPv2), Open Shortest Path First (OSPF), and Border Gateway Protocol (BGP). I have also added a chapter on Apache web server configuration, new material on xinetd, and information about building a firewall with iptables. Despite the additional topics, the book has been kept to a reasonable length.
TCP/IP is a set of communications protocols that define how different types of computers talk to each other. TCP/IP Network Administration is a book about building your own network based on TCP/IP. It is both a tutorial covering the "why" and "how" of TCP/IP networking, and a reference manual for the details about specific network programs. ......... Click to Read More

Building Internet Firewalls Second Edition

By Elizabeth D. Zwicky, Simon Cooper and D. Brent Chapman

This book is divided into five parts.

Part I, "Network Security", explores the problem of Internet security and focuses on firewalls as part of an effective strategy to address that problem.

• Chapter 1, "Why Internet Firewalls?", introduces the major risks associated with using the Internet today; discusses what to protect, and what to protect against; discusses various security models; and introduces firewalls in the context of what they can and can't do for your site's security.
• Chapter 2, "Internet Services", outlines the services users want and need from the Internet, and summarizes the security problems posed by those services.
• Chapter 3, "Security Strategies", outlines the basic security principles an organization needs to understand before it adopts a security policy and invests in specific security mechanisms.

Part II, "Building Firewalls", describes how to build firewalls.

• Chapter 4, "Packets and Protocols ", describes the basic network concepts firewalls work with.
• Chapter 5, "Firewall Technologies", explains the terms and technologies used in building firewalls.
• Chapter 6, "Firewall Architectures", describes the major architectures used in constructing firewalls, and the situations they are best suited to.
• Chapter 7, "Firewall Design", presents the process of designing a firewall.
• Chapter 8, "Packet Filtering" describes how packet filtering systems work, and discusses what you can and can't accomplish with them in building a firewall.
• Chapter 9, "Proxy Systems", describes how proxy clients and servers work, and how to use these systems in building a firewall.
• Chapter 10, "Bastion Hosts", presents a general overview of the process of designing and building the bastion hosts used in many firewall configurations.
• Chapter 11, "Unix and Linux Bastion Hosts", presents the details of designing and building a Unix or Linux bastion host.
• Chapter 12, "Windows NT and Windows 2000 Bastion Hosts ", presents the details of designing and building a Windows NT bastion host.

Part III, "Internet Services", describes how to configure services in the firewall environment.

• Chapter 13, "Internet Services and Firewalls", describes the general issues involved in selecting and configuring services in the firewall environment.
• Chapter 14, "Intermediary Protocols", discusses basic protocols that are used by multiple services.
• Chapter 15, "The World Wide Web", discusses the Web and related services.
• Chapter 16, "Electronic Mail and News", discusses services used for transferring electronic mail and Usenet news.
• Chapter 17, "File Transfer, File Sharing, and Printing", discusses the services used for moving files from one place to another.
• Chapter 18, "Remote Access to Hosts", discusses services that allow you to use one computer from another computer.
• Chapter 19, "Real-Time Conferencing Services", discusses services that allow people to interact with each other online.
• Chapter 20, "Naming and Directory Services", discusses the services used to distribute information about hosts and users.
• Chapter 21, "Authentication and Auditing Services", discusses services used to identify users before they get access to resources, to keep track of what sort of access they should have, and to keep records of who accessed what and when.
• Chapter 22, "Administrative Services", discusses other services used to administer machines and networks.
• Chapter 23, "Databases and Games", discusses the remaining two major classes of popular Internet services, databases and games.
• Chapter 24, "Two Sample Firewalls", presents two sample configurations for basic firewalls.

Part IV, "Keeping Your Site Secure", describes how to establish a security policy for your site, maintain your firewall, and handle the security problems that may occur with even the most effective firewalls.

• Chapter 25, "Security Policies", discusses the importance of having a clear and well-understood security policy for your site, and what that policy should and should not contain. It also discusses ways of getting management and users to accept the policy.
• Chapter 26, "Maintaining Firewalls", describes how to maintain security at your firewall over time and how to keep yourself aware of new Internet security threats and technologies.
• Chapter 27, "Responding to Security Incidents", describes what to do when a break-in occurs, or when you suspect that your security is being breached.

Part V, "Appendixes", consists of the following summary appendixes:

• Appendix A, "Resources", contains a list of places you can go for further information and help with Internet security: World Wide Web pages, FTP sites, mailing lists, newsgroups, response teams, books, papers, and conferences.
• Appendix B, "Tools", summarizes the best freely available firewall tools and how to get them.
• Appendix C, "Cryptography", contains background information on cryptography that is useful to anyone trying to decrypt the marketing materials for security products.

Click to Read More

Cisco Configuring NAT

Configuring NAT to Allow Internal Users to Access the Internet

interface ethernet 0
ip address 10.10.10.1 255.255.255.0
ip nat inside

!--- Defines Ethernet 0 with an IP address and as a NAT inside interface.


interface ethernet 1
ip address 10.10.20.1 255.255.255.0
ip nat inside

!--- Defines Ethernet 1 with an IP address and as a NAT inside interface.


interface serial 0
ip address 172.16.10.64 255.255.255.0
ip nat outside

!--- Defines serial 0 with an IP address and as a NAT outside interface.


ip nat pool no-overload 172.16.10.1 172.16.10.63 prefix 24
!

!--- Defines a NAT pool named no-overload with a range of addresses
!--- 172.16.10.1 - 172.16.10.63.


ip nat inside source list 7 pool no-overload
!
!

!--- Indicates that any packets received on the inside interface that
!--- are permitted by access-list 7 has
!--- the source address translated to an address out of the
!--- NAT pool "no-overload".


access-list 7 permit 10.10.10.0 0.0.0.31
access-list 7 permit 10.10.20.0 0.0.0.31

!--- Access-list 7 permits packets with source addresses ranging from
!--- 10.10.10.0 through 10.10.10.31 and 10.10.20.0 through 10.10.20.31.
 

Cisco IP Addressing Commands

IP Addressing Commands:

arp (global) arp (interface) arp timeout clear arp-cache clear host clear ip nat translation clear ip nhrp clear ip route ip address ip broadcast-address ip classless ip default-gateway ip directed-broadcast ip domain-list ip domain-lookup ip domain-lookup nsap ip domain-name ip forward-protocol ip forward-protocol any-local-broadcast ip forward-protocol spanning-tree ip forward-protocol turbo-flood ip helper-address ip host ip hp-host ip irdp ip mobile arp ip name-server ip nat ip nat inside destination ip nat inside source ip nat outside source ip nat pool ip nat translation ip netmask-format

ip nhrp authentication ip nhrp holdtime ip nhrp interest ip nhrp map ip nhrp map multicast ip nhrp max-send ip nhrp network-id ip nhrp nhs ip nhrp record ip nhrp responder ip nhrp use ip probe proxy ip proxy-arp ip redirects ip routing ip subnet-zero ip unnumbered ping (privileged) ping (user) show arp show hosts show ip aliases show ip arp show ip interface show ip irdp show ip masks show ip nat statistics show ip nat translations show ip nhrp show ip nhrp traffic show ip redirects term ip netmask-format trace (privileged) trace (user) tunnel mode

Routing with Cisco 2500 and 1000 Series for LAN-ISDN Service

Commands - General

There are 3 different modes of operation within the Cisco IOS.

1. Disabled mode
2. Enabled mode
3. Configuration mode

In the Disabled mode you can use a limited number of commands. This is used primarily to monitor the router.

The Enabled mode is used to show configuration information, enter the configuration mode, and make changes to the configuration.

The Configuration mode is used to enter and update the runtime configuration.

To get a list of the commands for the cisco type '?' at the prompt. To get further information about any command, type the command followed by a '?'.

clear	Reset functions
clock	Manage the system clock
configure	Enter configuration mode
debug	Debugging functions (see also 'undebug')
disable	Turn off privileged commands
enable	Turn on privileged commands
erase	Erase flash or configuration memory
exit	Exit from the EXEC
help	Description of the interactive help system
login	Log in as a particular user
logout	Exit from the EXEC
no	Disable debugging functions
ping	Send echo messages
reload	Halt and perform a cold restart
setup	Run the SETUP command facility
show	Show running system information
telnet	Open a telnet connection
terminal	Set terminal line parameters
test	Test subsystems, memory, and interfaces
traceroute	Trace route to destination
tunnel	Open a tunnel connection
undebug	Disable debugging functions (see also 'debug')
verify	Verify checksum of a Flash file
write	Write running configuration to memory, network, or terminal
show
access-lists	List access lists
arp	ARP table
buffers	Buffer pool statistics
configuration	Contents of Non-Volatile memory
controllers	Interface controller status
debugging	State of each debugging option
dialer	Dialer parameters and statistics
extended	Extended Interface Information
flash	System Flash information
flh-log	Flash Load Helper log buffer
history	Display the session command history
hosts	IP domain-name, lookup style, name servers, and host table
interfaces	Interface status and configuration
ip	IP information
isdn	ISDN information
line	TTY line information
logging	Show the contents of logging buffers
memory	Memory statistics
privilege	Show current privilege level
processes	Active process statistics
protocols	Active network routing protocols
queue	Show queue contents
queueing	Show queueing configuration
reload	Scheduled reload information
route-map	route-map information
running-config	Current operating configuration
sessions	Information about Telnet connections
smf	Software MAC filter
stacks	Process stack utilization
startup-config	Contents of startup configuration
subsys	Show subsystem information
tcp	Status of TCP connections
terminal	Display terminal configuration parameters
users	Display information about terminal lines
version	System hardware and software status

Other Useful Commands

View the Software Version

Cisco>en
Cisco#wr term    <--- Shows the running configuration    
Building configuration...
Current configuration:
!
version 11.2
no service udp-small-servers
no service tcp-small-servers
!
hostname Cisco
!
interface Ethernet0
 ip address 192.168.1.1 255.255.255.0
!
interface Serial0
 ip address 192.168.6.1 255.255.255.0
 encapsulation frame-relay
 frame-relay lmi-type ansi
!
interface Serial1
 ip address 192.168.4.2 255.255.255.0
 encapsulation frame-relay
 bandwidth 1536
 keepalive 5
 frame-relay map ip 192.168.4.1 101 IETF
!
router rip
 version 2
 network 192.168.4.0
 network 192.168.6.0
 neighbor 192.168.6.2
 neighbor 192.168.4.1
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.6.2
ip route 0.0.0.0 0.0.0.0 192.168.4.1
!
line con 0
line aux 0
line vty 0 4
login
!
end

View the Ethernet IP

Router#wr term

This will show the running configuration.
Within the configuration, you will see an interface ethernet 0 section:


interface Ethernet0
ip address 38.150.93.1 255.255.255.0
no ip directed-broadcast

View the Serial IP

Router#wr term

Within the configuration, you will see an interface serial 0 section:

interface Serial0
ip address 38.21.10.100 255.255.255.0
ip broadcast-address 38.21.10.255
ip access-group 106 in
encapsulation frame-relay
bandwidth 56
no fair-queue
frame-relay map ip 38.21.10.1 500 IETF

View the Default Route

Router#wr term


Within the configuration, you will see an ip route section. 


In the ip route section, look for a route:
ip route 0.0.0.0 0.0.0.0 38.167.29.1
The last ip address is the POP ip.

View the Filters

Router#wr term

Under interface serial 0, look for:


ip access-group 104 in
ip access-group 105 out


This means that access-group 104 is the inbound filter set and
access-group 105 is the outbound filter set.
Then, continue to look in the configuration for the access-list statements:


(Example access-list statements)
access-list 104 deny   ip 38.166.101.0 0.0.0.255 any
access-list 104 permit tcp any any established
access-list 104 permit tcp any eq ftp-data any gt 1023
access-list 104 permit udp any eq domain any gt 1023
access-list 104 permit udp any eq domain any eq domain
access-list 104 permit icmp any any
access-list 104 permit udp any eq snmp any gt 1023
access-list 105 deny   ip any 38.166.101.0 0.0.0.255
access-list 105 permit tcp any any established
access-list 105 permit tcp any any eq ftp
access-list 105 deny   udp any eq netbios-ns any
access-list 105 deny   udp any eq netbios-dgm any
access-list 105 permit ip any any

View the Bandwidth

Router#wr term


Within the config, you will see an interface serial 0 section:


interface Serial0
ip address 38.21.10.100 255.255.255.0
ip broadcast-address 38.21.10.255
ip access-group 106 in
encapsulation frame-relay
bandwidth 56
no fair-queue
frame-relay map ip 38.21.10.1 500 IETF

Add a Static Route

Cisco#config t
Enter configuration commands, one per line.  End with CNTL/Z.
Cisco(config)#ip route DEST.DEST.DEST.DEST MASK.MASK.MASK.MASK GATE.GATE.GATE.GATE
where: DEST.DEST.DEST.DEST = The destination network the static route is for
       MASK.MASK.MASK.MASK = The subnet mask of the destination network
       GATE.GATE.GATE.GATE = The gateway of the static route
Example route statement:
ip route 38.222.75.0 255.255.255.0 38.20.5.1
Cisco(config)#^Z (hit  z)


Write the entry to memory:


Cisco#wr mem
Building configuration...
[OK]

Change the Dial Number

Type en to put the router in enable mode:


test.com>en


The password should be the same as the one used to telnet in.


Password:


To view the router's configuration, type:


test.com#show config


There will be a line in the configuration that says:


dialer map IP 38.1.1.1 speed 64 name LD3330 2707000


The 2707000 is the dial number.


NOTE: Record what interface the dialer map IP line is under because you will need to
use that interface when changing the number.


Type config t to configure from terminal.


test.com#config t


Enter configuration commands, one per line.  End with CNTL/Z.
Enter the interface that the dialer map IP line is under:


test.com(config)#interface BRI0


Add in the new dialer map IP line with the new phone number:


test.com(config)#dialer map IP 38.1.1.1 speed 64 name LD3330 [new number]


Now, remove the old dialer map IP line.
To remove a line, type no and then the line.
For example, to remove the old dialer map IP, type:


test.com(config)#no dialer map IP 38.1.1.1 speed 64 name LD3330 2707020


Now leave config mode:


test.com(config)# [control] z


Save changes:


test.com# write mem
Building configuration...
[OK]


Verify the new number is in the config:


test.com#show config


The new number should be in the dialer map IP line.

Turn Filters On and Off

To turn the filters off:


Router#configure terminal
Router(config)#interface Serial0
Router(config-if)#no ip access-group 104 in
Router(config-if)#no ip access-group 105 out
Router(config-if)# Hit CTRL-Z
Router#wr mem
Building configuration...
[OK]
Router#


To turn the filters on:


Router#configure terminal
Router(config)#interface Serial0
Router(config-if)#ip access-group 104 in
Router(config-if)#ip access-group 105 out
Router(config-if)# Hit CTRL-Z
Router#wr mem
Building configuration...
[OK]
Router#

Ping from the Router

Cisco#ping 
Example:
Cisco#ping 38.8.14.2

DHCP: Dynamic Host Configuration Protocol

http://www.networkdictionary.com/protocols/dhcp.php

Dynamic Host Configuration Protocol (DHCP) is a communications enabling network administrators manage centrally and automate the assignment of IP addresses in a network. In an IP network, each device connecting to the Internet needs a unique IP address. DHCP lets a network administrator supervise and distribute IP addresses from a central point and automatically sends a new IP address when a computer is plugged into a different place in the network.

DHCP uses the concept of a "lease" or amount of time that a given IP address will be valid for a computer. The lease time can vary depending on how long a user is likely to require the Internet connection at a particular location. It"s especially useful in education and other environments where users change frequently. Using very short leases, DHCP can dynamically reconfigure networks in which there are more computers than there are available IP addresses.

DHCP supports static addresses for computers containing Web servers that need a permanent IP address.

DHCP is an alternative to another network IP management protocol, Bootstrap Protocol (BOOTP). DHCP is a more advanced protocol, but both configuration management protocols are commonly used. Some operating systems, including Windows NT/2000, come with DHCP servers. A DHCP or BOOTP client is a program that is located in each computer so that it can be configured.

History of Internet Addressing

Internet Routing Architectures, Second Edition-CISCO Press

The addressing scheme that is used today in the Internet is based on version 4 of the Internet
Protocol (IPv4)[], usually referred to simply as IP. This section discusses the following:
• Basic IP addressing
• Basic IP subnetting
• Variable-length subnet mask (VLSM

Basic IP Addressing
An IP address is a unique 4-octet (32-bit) value expressed in dotted-decimal (or dotted-quad)notation of the form W.X.Y.Z, where periods (dots) are used to separate each of the 4 octets of the address (for example, 10.0.0.1). The 32-bit address field consists of two parts: a network or link number (which represents the network portion of the address) and a host number (which identifies a host on the network segment).
The network and host boundaries were traditionally defined based on the class of the IP address, with five defined classes (three of which are used for unicast addressing): A, B, C, D,and E.
Table 1-1 illustrates the different classes of address space and their functions.

Table 1-1, IP Address Classes and Functions

Class Address Range High-Order Bits Network Bits Host Bits Function
A 0.0.0.0 to 127.255.255.255 0 7 24 Unicast
B 128.0.0.0 to 191.255.255.255 10 14 16 Unicast
C 192.0.0.0 to 223.255.255.255 110 21 8 Unicast
D 224.0.0.0 to 239.255.255.255 1110 Multicast
E 240.0.0.0 to 255.255.255.255 1111 Reserved

Notice that only Class A, B, and C addresses are used for unicast. Class D addresses are used for multicast, and Class E address space is reserved. Several addresses within these classes are reserved for special use. Table 3-2 lists some of these addresses.

Table 1-2, Special-Purpose IP Addresses
Address Range Purpose
0.0.0.0 Unknown network; commonly represents default
10.0.0.0 – 10.255.255.255 Reserved for private use (RFC 1918)
127.0.0.0 – 127.255.255.255 Reserved for loopback/local address
172.16.0.0 – 172.31.255.255 Reserved for private use (RFC 1918)
192.168.0.0 – 192.168.255.255 Reserved for private use (RFC 1918)
255.255.255.255 Limited broadcast

This class-based addressing scheme is often referred to as the classful model. The different classes lend themselves to different network configurations, depending on the desired ratio of networks to hosts. The full implications of the different classes will become more apparent as this chapter proceeds. The next few sections focus on the basic definitions of each class.

Class A Addressing
Class A networks are represented by a 0 in the leftmost bit position of the address. The first octet (bits 0 to 7) of the address, beginning from the leftmost bit, represents the network number, and the remaining 3 octets (bits 8 to 31) represent a host number on that network. An example of a Class A network is 124.0.0.1, where 124.0.0.0 represents the network number and the host number is 1. The outcome of this representation, illustrated in Figure-1, is 128(27) Class A network numbers. However, because 0.0.0.0 is not a valid network number, only 127(27–1) Class A addresses are possible.
Figure-1 General Class A Address Format

After the network is defined, the first and last host addresses within the network serve special functions. The first address (124.0.0.0 in the previous example) is used to represent the network number, and the last address of the network is used to represent the directed broadcast address of the network (124.255.255.255). Therefore, Class A addresses have only 16,777,214 (224–2) hosts per network, rather than 16,777,216 (224) hosts per network.

Class B Addressing
Class B networks are represented by a 1 and a 0 in the leftmost two bits of the address. The first two octets of the address (bits 0 to 15) represent the network portion of the address, and the remaining two octets (bits 16 to 31) represent the host number of that network. The outcome of this representation, illustrated in Figure-2, is 16,384 (214) network numbers, with 65,534 (216–2) hosts per network. An example of a Class B address is 172.16.0.1, where 172.16.0.0 is the Class B network and 1 is the host.

Figure-2 General Class B Address Format

Class C Addressing
Class C networks are represented by 1, 1, and 0 in the leftmost three bits of the address. The first three octets (bits 0 to 23) represent the network number, and the last octet (bits 24 to 31) represents the host number in that network. The outcome of this representation, as illustrated in Figure-3, is 2,097,152 (221) network numbers with 254 (28–2) hosts per network. An example of a Class C network is 192.11.1.1, where 192.11.1.0 is the network number and the host number is 1.
Figure-3. General Class C Address Format

Class D Addressing
Class D networks are represented by 1, 1, 1, and 0 in the leftmost 4 bits of the address. The Class D address space is reserved for multicast, used to represent multicast group numbers.

Class E Addressing
Class E networks are represented by 1, 1, 1, and 1 in the leftmost 4 bits of the address. Class E address space is currently reserved for experimental use.