CCRG-4-1-2 (1)

Cisco Configuration Reference GuideVersion 4.1.2 (Updated: February 29, 2016)Michel Thomatis, CCIE #6778RouteHub Group, LLCwww.routehub.net Configuration Reference Guide | Topics 1

ROUTEHUB GROUP END-USER LICENSE AGREEMENT END USER LICENSE FOR ONE (1) PERSON ONLY IF YOU DO NOT AGREE WITH THESE TERMS AND CONDITIONS, DO NOT OPEN OR USE THE TRAINING MATERIALS. IMPORTANT! BE SURE TO CAREFULLY READ AND UNDERSTAND ALL OF THE RIGHTS AND RESTRICTIONS SETFORTH IN THIS END-USER LICENSE AGREEMENT (\"EULA\"). YOU ARE NOT AUTHORIZED TO USE THIS NETWORKCONFIGURATION GUIDE/TRAINING UNLESS AND UNTIL YOU ACCEPT THE TERMS OF THIS EULA. This EULA is a binding legal agreement between you and ROUTEHUB GROUP, LLC (hereinafter \"Licensor\") for thematerials accompanying this EULA, including the accompanying computer Network Configuration Guide/Training, associated media,printed materials and any \"online\" or electronic documentation (hereinafter the \"Network Configuration Guide/Training\"). By using theNetwork Configuration Guide/Training, you agree to be bound by the terms of this EULA. If you do not agree to the terms of this EULA,do not install or attempt to use the Network Configuration Guide/Training.The Guide & Training Materials shall be used by only ONE (1) INDIVIDUAL who shall be the sole individual authorized to use the Guide &Training Materials throughout the term of this License.1. Grant of License The Network Configuration Guide/Training is protected by copyright laws and international copyright treaties, as well asother intellectual property laws and treaties. The Network Configuration Guide/Training is licensed, not sold. This EULA grants you thefollowing rights: A. You may use, access, display and run only one copy of the Network Configuration Guide/Training, on asingle computer, workstation or terminal (\"Computer\"). The primary user of the Computer on which the Network ConfigurationGuide/Training is installed may make a second copy for his or her exclusive use for archival purposes only. B. You may store or install a copy of the Network Configuration Guide/Training on a storage device, suchas a network server, used only to run the Network Configuration Guide/Training on your other Computers over an internal network. Youmust, however, acquire a license for each separate Computer on which the Network Configuration Guide/Training is run, displayed orutilized from the server or similar device. A license for the Network Configuration Guide/Training may not be shared or used concurrentlyon different Computers. C. Your license rights under this EULA are non-exclusive. All rights not expressly granted herein arereserved by Licensor. D. You may not sell, transfer or convey the Network Configuration Guide/Training to any third party withoutLicensor's prior express written consent.2. Price and Payment If you have not previously paid the license fee for the Network Configuration Guide/Training, then you must pay thelicense fee within the period indicated in the applicable invoice sent to you by Licensor.3. Support Services This EULA is a license of the Network Configuration Guide/Training only, and Licensor does not assume any obligationto provide maintenance, patches or fixes to the Network Configuration Guide/Training. Licensor further disclaims any obligation toprovide support or to prepare and distribute modifications, enhancements, updates and new releases of the Network ConfigurationGuide/Training. Configuration Reference Guide | Topics 2

4. Replacement, Modification and/or Upgrades Licensor may, from time to time, and for a fee, replace, modify or upgrade the Network Configuration Guide/Training.When accepted by you, any such replacement or modified Network Configuration Guide/Training code or upgrade to the NetworkConfiguration Guide/Training will be considered part of the Network Configuration Guide/Training and subject to the terms of this EULA(unless this EULA is superceded by a further EULA accompanying such replacement or modified version of or upgrade to the NetworkConfiguration Guide/Training).5. Termination You may terminate this EULA at any time by destroying all your copies of the Network Configuration Guide/Training.Your license to the Network Configuration Guide/Training automatically terminates if you fail to comply with the terms of this agreement.Upon termination, you are required to remove the Network Configuration Guide/Training from your computer and destroy any copies ofthe Network Configuration Guide/Training in your possession. No refund with the product will be granted.6. Copyright A. All title and copyrights in and to the Network Configuration Guide/Training (including but not limited toany images, photographs, animations, video, audio, music and text incorporated into the Network Configuration Guide/Training), theaccompanying printed materials, and any copies of the Network Configuration Guide/Training, are owned by Licensor or its suppliers.This EULA grants you no rights to use such content. If this Network Configuration Guide/Training contains documentation that isprovided only in electronic form, you may print one copy of such electronic documentation. Except for any copies of this EULA, you maynot copy the printed materials accompanying the Network Configuration Guide/Training. B. You may not reverse engineer, de-compile, disassemble, alter, duplicate, modify, rent, lease, loan,sublicense, make copies of, create derivative works from, distribute or provide others with the Network Configuration Guide/Training inwhole or part, transmit or communicate the application over a network.7. Export Restrictions You may not export, ship, transmit or re-export Network Configuration Guide/Training in violation of any applicable lawor regulation including but not limited to Export Administration Regulations issued by the U. S. Department of Commerce.8. Disclaimer of Warranties LICENSOR AND ITS SUPPLIERS PROVIDE THE NETWORK CONFIGURATION GUIDE/TRAINING \"AS IS\" AND WITHALL FAULTS, AND HEREBY DISCLAIM ALL OTHER WARRANTIES AND CONDITIONS, EITHER EXPRESS, IMPLIED OR STATUTORY,INCLUDING BUT NOT LIMITED TO ANY (IF ANY) IMPLIED WARRANTIES OR CONDITIONS OF MERCHANTABILITY, OF FITNESS FORA PARTICULAR PURPOSE, OF LACK OF VIRUSES, AND OF LACK OF NEGLIGENCE OR LACK OF WORKMANLIKE EFFORT. ALSO,THERE IS NO WARRANTY OR CONDITION OF TITLE, OF QUIET ENJOYMENT, OR OF NONINFRINGEMENT. THE ENTIRE RISKARISING OUT OF THE USE OR PERFORMANCE OF THE NETWORK CONFIGURATION GUIDE/TRAINING IS WITH YOU.9. Limitation of Damages TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL LICENSOR OR ITS SUPPLIERSBE LIABLE FOR ANY CONSEQUENTIAL, INCIDENTAL, DIRECT, INDIRECT, SPECIAL, PUNITIVE OR OTHER DAMAGESWHATSOEVER ARISING OUT OF OR IN ANY WAY RELATED TO THE USE OF OR INABILITY TO USE THE NETWORKCONFIGURATION GUIDE/TRAINING AND WHETHER BASED ON CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY OROTHERWISE, EVEN IF LICENSOR OR ANY SUPPLIER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THISEXCLUSION OF DAMAGES WILL BE EFFECTIVE EVEN IF ANY REMEDY FAILS OF ITS ESSENTIAL PURPOSE.10. Arbitration Any dispute arising under this EULA will be subject to binding arbitration by a single Arbitrator with the AmericanArbitration Association (AAA), in accordance with its relevant industry rules, if any. The parties agree that this EULA will be governed byand construed and interpreted in accordance with the laws of the State of California. The arbitration will be held in California. The Configuration Reference Guide | Topics 3

Arbitrator will have the authority to grant injunctive relief and specific performance to enforce the terms of this EULA. Judgment on anyaward rendered by the Arbitrator may be entered in any Court of competent jurisdiction.11. Severability If any term of this EULA is found to be unenforceable or contrary to law, it will be modified to the least extent necessaryto make it enforceable, and the remaining portions of this Agreement will remain in full force and effect.12. No Waiver No waiver of any right under this EULA will be deemed effective unless contained in writing signed by a duly authorizedrepresentative of the party against whom the waiver is to be asserted, and no waiver of any past or present right arising from any breachor failure to perform will be deemed to be a waiver of any future rights arising out of this EULA.13. Entire Agreement This EULA constitutes the entire agreement between the parties with respect to its subject matter, and supersedes allprior agreements, proposals, negotiations, representations or communications relating to the subject matter. Both parties acknowledgethat they have not been induced to enter into this EULA by any representations or promises not specifically stated herein. Configuration Reference Guide | Topics 4

TOPICS ................................................................................................................................................................ 5[A]........................................................................................................................................................................ 11 AAA .........................................................................................................................................................................11 ACL..........................................................................................................................................................................12 ADSL .......................................................................................................................................................................22 ALIAS ........................................................................................................................................................................23 APPLETALK ...............................................................................................................................................................24 ARCHIVE ...................................................................................................................................................................25 ARP TIMEOUT...........................................................................................................................................................26 ATM .........................................................................................................................................................................27 AUX..........................................................................................................................................................................31[B]........................................................................................................................................................................ 32 BFD..........................................................................................................................................................................32 BGP .........................................................................................................................................................................33 BPDU ......................................................................................................................................................................55[C] ....................................................................................................................................................................... 56 CARRIER DELAY ........................................................................................................................................................56 CBAC ......................................................................................................................................................................57 CEF..........................................................................................................................................................................59 CELLULAR .................................................................................................................................................................60 CGMP .....................................................................................................................................................................61 CISCO ACE SERIES ..................................................................................................................................................62 CISCO ASA/FWSM SERIES......................................................................................................................................65 CISCO CATALYST 3750 SERIES ................................................................................................................................95 CISCO CATALYST 4500 SERIES ................................................................................................................................96 CISCO CATALYST 6500 SERIES ................................................................................................................................98 CISCO CATALYST XL SERIES...................................................................................................................................103 CISCO GSR SERIES................................................................................................................................................105 CISCO IP PHONES...................................................................................................................................................106 CISCO NEXUS SERIES .............................................................................................................................................107 CISCO UCM EXPRESS ............................................................................................................................................137 Configuration Reference Guide | Topics 5

CISCO UNITY EXPRESS............................................................................................................................................178 COMMITTED ACCESS RATE (CAR)...........................................................................................................................187 CONTENT FILTERING ...............................................................................................................................................188 CBWFQ .................................................................................................................................................................189 COPY ......................................................................................................................................................................190 CRTP .....................................................................................................................................................................191[D]...................................................................................................................................................................... 192 DAMPING ................................................................................................................................................................192 DEFAULT INTERFACE ...............................................................................................................................................193 DELETE ...................................................................................................................................................................194 DHCP ....................................................................................................................................................................195 DHCP SNOOPING...................................................................................................................................................197 DMVPN .................................................................................................................................................................198 DO ..........................................................................................................................................................................204 DS-3 ......................................................................................................................................................................205 DYNAMIC ARP INSPECTION.....................................................................................................................................207 DYNAMIC DNS (DDNS) ..........................................................................................................................................208[E] ...................................................................................................................................................................... 209 EEE ........................................................................................................................................................................209 EVN .......................................................................................................................................................................210 EEM .......................................................................................................................................................................212 EIGRP....................................................................................................................................................................213 ERROR DISABLE ......................................................................................................................................................221 ETHERNET OVER MPLS (EOMPLS) ........................................................................................................................222 EXTREME SWITCHES SOLUTIONS.............................................................................................................................225 EZVPN...................................................................................................................................................................226[F] ...................................................................................................................................................................... 228 FABRICPATH ...........................................................................................................................................................228 FLEX LINK ...............................................................................................................................................................231 FLOW CONTROL......................................................................................................................................................232 FOUNDRY SOLUTIONS .............................................................................................................................................233 FRF.12...................................................................................................................................................................235 FRAME RELAY .........................................................................................................................................................236 FRAME RELAY TRAFFIC SHAPING (FRTS) ................................................................................................................242 FWSM ...................................................................................................................................................................243 FXO........................................................................................................................................................................246 FXS ........................................................................................................................................................................247[G] ..................................................................................................................................................................... 249 GET VPN ...............................................................................................................................................................249 GLBP.....................................................................................................................................................................253 Configuration Reference Guide | Topics 6

GOLD ....................................................................................................................................................................255 GRE .......................................................................................................................................................................256 GROUNDSTART .......................................................................................................................................................258[H] ..................................................................................................................................................................... 259 HSRP.....................................................................................................................................................................259 HTTP .....................................................................................................................................................................263[I] ....................................................................................................................................................................... 264 IGMP SNOOPING....................................................................................................................................................264 IOS RECOVERY.......................................................................................................................................................265 INCLUDE..................................................................................................................................................................266 INTERFACES ............................................................................................................................................................267 INTERFACE RANGE ..................................................................................................................................................268 IP ACCOUNTING ......................................................................................................................................................269 IP HELPER ..............................................................................................................................................................270 IP SLA....................................................................................................................................................................271 IPSEC VPN ............................................................................................................................................................273 IPV6: GENERAL.......................................................................................................................................................285 IPS .........................................................................................................................................................................288 IPX .........................................................................................................................................................................289 IRB .........................................................................................................................................................................290 ISATAP ..................................................................................................................................................................291 ISDN PRI ...............................................................................................................................................................293[J] ...................................................................................................................................................................... 294 JUMBO FRAMES ......................................................................................................................................................294 JUNIPER ..................................................................................................................................................................295[L] ...................................................................................................................................................................... 297 LAN CAMPUS DESIGN ............................................................................................................................................297 LINUX SOLUTIONS ...................................................................................................................................................301 LLDP......................................................................................................................................................................302 LLQ........................................................................................................................................................................303 LOAD INTERVAL .......................................................................................................................................................304 LOGGING.................................................................................................................................................................305 LOOPGUARD ...........................................................................................................................................................306 L2TPV3 ..................................................................................................................................................................307[M] ..................................................................................................................................................................... 310 MACROS .................................................................................................................................................................310 MD5 FILE VALIDATION.............................................................................................................................................312 MGCP ...................................................................................................................................................................313 MICROSOFT SOLUTIONS..........................................................................................................................................314 Configuration Reference Guide | Topics 7

MLPPP ..................................................................................................................................................................318 MODULES ...............................................................................................................................................................320 MPLS VPN ............................................................................................................................................................321 MULTI-VRF CE (VRF-LITE).....................................................................................................................................327 MULTICAST .............................................................................................................................................................335 MULTICAST: MONITORING .......................................................................................................................................339 MULTICAST: RP ......................................................................................................................................................340 MULTICAST: SECURITY ............................................................................................................................................342 MSDP ....................................................................................................................................................................345[N] ..................................................................................................................................................................... 350 NAM ......................................................................................................................................................................350 NAT .......................................................................................................................................................................351 NEC (VOICE) SOLUTIONS ........................................................................................................................................359 NETFLOW ................................................................................................................................................................360 NETGEAR SOLUTIONS.............................................................................................................................................364 NTP .......................................................................................................................................................................366[O] ..................................................................................................................................................................... 367 OSPF .....................................................................................................................................................................367[P]...................................................................................................................................................................... 380 PIM ........................................................................................................................................................................380 PPPOE ...................................................................................................................................................................382 PPTP .....................................................................................................................................................................388 POLICY BASED ROUTING (PBR) ..............................................................................................................................389 PORT CHANNEL ......................................................................................................................................................390 PORT MONITOR.......................................................................................................................................................395 PORT SECURITY ......................................................................................................................................................398 PROTECTED PORTS.................................................................................................................................................400[Q] ..................................................................................................................................................................... 401 QOS: GENERAL ......................................................................................................................................................401 QOS: CLASSIFICATION & MARKING .........................................................................................................................402 QOS: LINK EFFICIENCIES.........................................................................................................................................404 QOS: POLICING ......................................................................................................................................................408 QOS: QUEUING & DROPPING ..................................................................................................................................411[R]...................................................................................................................................................................... 414 RADIUS .................................................................................................................................................................414 REFLEXIVE ACL (RACL) ..........................................................................................................................................415 RIP .........................................................................................................................................................................417 ROOTGUARD ...........................................................................................................................................................419 ROUTE TAGGING .....................................................................................................................................................420 Configuration Reference Guide | Topics 8

[S]...................................................................................................................................................................... 425 SCHEDULER ............................................................................................................................................................425 SECONDARY IP .......................................................................................................................................................426 SENDING MESSAGE IN IOS......................................................................................................................................427 SIP .........................................................................................................................................................................428 SLB (CISCO IOS)....................................................................................................................................................429 SMTP ....................................................................................................................................................................431 SNMP ....................................................................................................................................................................432 SONICWALL SOLUTIONS........................................................................................................................................434 SOURCE GUARD, IP ................................................................................................................................................435 SPANNING TREE PROTOCOL....................................................................................................................................436 SRST .....................................................................................................................................................................440 SSH .......................................................................................................................................................................442 SSL VPN ...............................................................................................................................................................443 STATIC ROUTING.....................................................................................................................................................447 STORM CONTROL ...................................................................................................................................................449[T] ...................................................................................................................................................................... 450 TACACS+ .............................................................................................................................................................450 TEMPLATES .............................................................................................................................................................451 TERMINAL SERVER ROUTER ....................................................................................................................................464 TFTP ......................................................................................................................................................................465 TIME-ZONE .............................................................................................................................................................466 TRUNKING (802.1Q) ...............................................................................................................................................467 T-1 .........................................................................................................................................................................470[U]...................................................................................................................................................................... 472 UNICAST RPF, IP....................................................................................................................................................472 UDLD.....................................................................................................................................................................473 URBL .....................................................................................................................................................................473[V] ...................................................................................................................................................................... 476 VLAN .....................................................................................................................................................................476 VLAN TRUNKING PROTOCOL (VTP) ........................................................................................................................481 VOICE GATEWAY .....................................................................................................................................................482 VPLS......................................................................................................................................................................484 VRRP .....................................................................................................................................................................494 VSS........................................................................................................................................................................495[W]..................................................................................................................................................................... 502 WCCP ...................................................................................................................................................................502 WIRELESS ...............................................................................................................................................................504 WRED....................................................................................................................................................................516 Configuration Reference Guide | Topics 9

[0-9] .................................................................................................................................................................. 517 802.1X ...................................................................................................................................................................517 Configuration Reference Guide | Topics 10

Solution/Services: Administration/SystemRelated: RADIUS, TACACS+Lower Case • Enable local accounts to be case sensitiveaaa authentication login default group tacacs+ local-caseTesting AAA • Testing RADIUS (or TACACS+ if configured) using the username “alynn” in the domain of “RHG”test aaa group radius RHG\alynn Configuration Reference Guide | [A] 11

Solution/Services: SecurityRelated: CBAC, Reflexive ACLPublic Interface: Guest/DMZ ACL Policy • DMZ/Guest network exist in VLAN11 (192.168.11.0) • On DMZ/Guest network will only allow the following: (1) DMZ/Guest can access host 192.168.10.10 located on the LAN. (2) Allow DHCP services for the DMZ. (3) Restrict all other access to the LAN (192.168.10.0). And all other traffic (UDP, TCP) is allowed and be stateful to be allowed back inip access-list extended public-ingress-aclpermit ip 192.168.11.0 0.0.0.255 host 192.168.10.10 reflect reflexive-public-aclpermit udp any eq bootpc host 255.255.255.255 eq bootpsdeny ip 192.168.11.0 0.0.0.255 192.168.10.0 0.0.0.255permit udp any any reflect reflexive-public-aclpermit tcp any any reflect reflexive-public-acldeny ip any any logip access-list extended public-egress-aclpermit icmp any anyevaluate reflexive-public-acldeny ip any any loginterface Vlan11ip address 192.168.11.1 255.255.255.0ip access-group public-ingress-acl inip access-group public-egress-acl out Configuration Reference Guide | [A] 12

Internal Interface: Outbound ACL Policy • Outbound ACL policy for (1) allowing SMTP from one mail server (192.168.10.10) to send emails. (2) Any other systems sending emails will be dropped. And (3) allow everything else • Apply policy to LAN facing interface (FE0/1) outboundip access-list extended hfc-outgoing-aclpermit tcp host 192.168.1.10 any eq smtpdeny tcp any any eq smtp logpermit ip any anyinterface FastEthernet0/1ip address 192.168.10.1 255.255.255.0ip access-group hfc-outgoing-acl in Configuration Reference Guide | [A] 13

Public Interface: RFC1918 Filtering • Configure ACL to restrict any source address using a private IP Address. • Apply ACL policy inbound on WAN facing interface (FE4)access-list 100 deny ip 10.0.0.0 0.255.255.255 anyaccess-list 100 deny ip 172.16.0.0 0.15.255.255 anyaccess-list 100 deny ip 192.168.0.0 0.0.255.255 anyaccess-list 100 deny ip 224.0.0.0 31.255.255.255 anyaccess-list 100 permit ip any anyinterface FastEthernet4ip address 1.1.1.1 255.255.255.0ip access-group 100 inBlack Hole (NULL) Routing • Any host trying to route to any host on the 6.7.7.0 network will be dropped. • Any host trying to route to host 7.7.7.7 will be droppedip route 6.7.7.0 255.255.255.0 null0ip route 7.7.7.7 255.255.255.255 null0 Configuration Reference Guide | [A] 14

Time-Based ACL • Configure Time-Based ACL to (1) allow VNC (TCP/5900, 5800) access to server 192.168.10.10 starting at 12/9/2009 at 10AM and sending at 12/9/2009 at 12PM. (2) restrict all traffic to server 192.168.10.10 once the time-based ACL has expired. (3) Allow other traffic • Apply policy to LAN facing interface (FE0/1) outboundtime-range \"lab-time\"absolute start 10:00 09 December 2009 end 12:00 09 December 2009ip access-list extended lab-aclpermit tcp any host 192.168.10.10 eq 5800 5900 time-range lab-timedeny ip any host 192.168.10.10 anypermit ip any anyinterface FastEthernet0/1ip address 192.168.11.1 255.255.255.0ip access-group lab-acl in Configuration Reference Guide | [A] 15

Using Random TCP/UDP Ports • Configure ACL to allow HTTP, HTTPS, & SMTP to server 192.168.10.10 (on LAN) • Apply ACL policy inbound on WAN facing interface (FE0/0)ip access-list extended ACL-FWpermit tcp any host 192.168.10.10 eq 80 443 25interface FastEthernet0/0ip address 1.1.1.1 255.255.255.0ip access-group ACL-FW in Configuration Reference Guide | [A] 16

ACL on VLAN Interface (In and Out directions) • Configure two-way ACL on VLAN 10. • Configure ACL policy (INBOUND) to allow host in VLAN 10, 192.168.10.10, access to the 192.168.11.0 network. • Configure ACL policy (OUTBOUND) to allow the 192.168.11.0 network access to 192.168.10.10 for HTTP only. • Apply applies under VLAN10 interfaceip access-list extended RHG-VLAN10-ACL-INpermit ip host 192.168.10.10 192.168.11.0 0.0.0.255ip access-list extended RHG-VLAN10-ACL-OUTpermit tcp 192.168.11.0 0.0.0.255 host 192.168.10.10 eq 80interface Vlan10ip address 192.168.10.1 255.255.255.0ip access-group RHG-VLAN10-ACL-IN inip access-group RHG-VLAN10-ACL-OUT out Configuration Reference Guide | [A] 17

IPv6 ACL • Policy #1: Allow ICMP from 2002:100:50::/48 subnets (ISP) to the 2002:100:10::/48 subnets (internal) • Policy #2: Allow ISP Router (2002:100:20:20::1) to establish a BGP session with the R1 router (2002:100:20:20::2) • Apply ACL inbound on WAN facing interface on R1ipv6 unicast-routingipv6 cefipv6 access-list ROUTEHUB-ACL-IPV6permit icmp 2002:100:50::/48 2002:100:10::/48permit tcp host 2002:100:20:20::1 host 2002:100:20:20::2 eq bgpinterface GigabitEthernet0/0ipv6 traffic-filter ROUTEHUB-ACL-IPV6 inPermit Even Numbered Routes and Deny Odd Numbered Routes • 172.17.X.X /16 • Even Numbered Networks: 172.17.2.0, 172.17.4.0, 172.17.6.0 • Odd Numbered Networks: 172.17.1.0, 172.17.3.0, 172.17.5.0access-list 1 deny 172.17.1.0 0.0.254.255access-list 1 permit 172.17.0.0 0.0.254.255 Configuration Reference Guide | [A] 18

LAND.c Attack ACL • A LAND.c attack occurs when the source and destination IP address are the same.access-list 101 remark LAND ATTACK ACLaccess-list 101 deny ip 192.168.10.0 0.0.0.255 192.168.10.0 0.0.0.255 logaccess-list 101 permit ip any anyinterface serial 0ip access-group 101 inSMURF Attack ACL • A typical SMURF attack occurs when the destination IP address in a packet goes to a broadcast or network address.access-list 101 remark SMURF ATTACK ACLaccess-list 101 deny ip any host 192.168.10.255 logaccess-list 101 deny ip any host 192.168.10.0 logaccess-list 101 permit ip any anyinterface serial 0ip access-group 101 inVLAN ACL • Allow all TCP and UDP traffic for VLAN 200 • Supported on selective Layer 2/3 switches like the Cisco Catalyst 6500 series. Not all switch models support this. • Note: Configuring Standard or Extended ACLs then applying it to a VLAN SVI interface is more common than using VLAN ACLs.ip access-list extended vlan-tcppermit tcp any anyip access-list extended vlan-udppermit udp any anyvlan access-map 1 10match ip address vlan-tcpaction forwardvlan access-map 1 20match ip address vlan-udpaction forwardvlan filter map 1 vlan-list 200 Configuration Reference Guide | [A] 19

Object GroupsIn this sample configuration we are using object groups within an ACL policy for allowing a group of services (oraddresses). In this example we are doing the following: • Static NAT where internal IP is 192.168.10.10 mapped to external IP 1.1.1.10 • ACL with objects to allow all LabTech services to the server 1.1.1.10 • ACL with objects to allow LabTech addresses to RDP to server 1.1.1.10 • ACL with objects to allow any host on Internet to access routehub services (HTTP, HTTPS, VNC, and TCP/8080) • ACL with objects to allow MailSource (Email Spam filtering service) to mail server 1.1.1.10Note: supported on Cisco IOS Router devicesip access-list extended acl-nonat-staticpermit ip host 192.168.10.10 anyip nat inside source static 192.168.10.10 1.1.1.10 route-map rm-nonat-staticobject-group network LabTechhost 70.46.245.125host 63.145.136.125object-group service LabTechServicestcp eq 70tcp eq 80tcp eq 443tcp range 5500 5999tcp range 40000 40050udp range 70 75udp range 40000 41000object-group network MailSource 98.111.187.0 255.255.255.224 216.107.61.96 255.255.255.224 216.75.199.0 255.255.255.0 72.35.20.96 255.255.255.224object-group service rhServicestcp eq 80tcp eq 443tcp eq 8080tcp eq 5900 Configuration Reference Guide | [A] 20

object-group service MailSourceServicestcp eq 389tcp eq 636tcp eq 25ip access-list extended ingress-aclpermit object-group LabTechServices any host 1.1.1.10permit tcp object-group LabTech host 1.1.1.10 eq 3389permit tcp any host 1.1.1.10 object-group rhServicespermit tcp object-group MailSource host 1.1.1.10 object-group MailSourceServicesinterface FastEthernet0/0ip address 1.1.1.1 255.255.255.0ip access-group ingress-acl in Configuration Reference Guide | [A] 21

Solution/Services: Media Connection, BroadbandRelated: N/AADSL on Cisco 877 (ATM) • ADSL configuration on a Cisco 877 ATM interfaceinterface ATM0no ip addressno atm ilmi-keepalivedsl operating-mode autono shutdowninterface ATM0.35 point-to-pointip address 1.1.1.1 255.255.255.0pvc 0/35 Configuration Reference Guide | [A] 22

Solution/Services: Administration/SystemRelated: N/AAlias (EXEC) • Alias where entering the command “c” will go into the config modealias exec c config t • Configure alias where typing in “acl” will translate to “show access-list”alias exec acl show access-list • Configure alias called “run-tftp” which will automatically copy the running config to the TFTP serveralias exec run-tftp copy system:running-config tftp://192.168.10.10/RHG-configshow aliases Configuration Reference Guide | [A] 23

Solution/Services: Other ProtocolsRelated: N/A • Enable AppleTalk • Define AppleTalk address range and zone on FE1/1appletalk routinginterface FastEthernet1/1ip address 192.168.10.1 255.255.255.0no ip redirectsno ip unreachablesno ip proxy-arpappletalk cable-range 11219-11219 11219.97appletalk zone Classroom 4 Configuration Reference Guide | [A] 24

Solution/Services: Administration/SystemRelated: N/AViewing Configuration Differencesshow archive config differences nvram:start-up system:running-config\"+\" means lines in \"run config\" not in \"start config\"\"-\" means lines in \"start config\" not in \"run config\" Configuration Reference Guide | [A] 25

Solution/Services: Administration/SystemRelated: N/A • Changes ARP timeout from 4 hours (default) to 200 secondsarp timeout 200 Configuration Reference Guide | [A] 26

Solution/Services: Media Connection, WANRelated: N/AATM PVC • Configure ATM in the topology (see below) • On R1 configure a 1Mbps PVC to 10.1.1.2 (VPI=2,VCI=100) • On R1 configure a 50Mbps PVC to 10.1.2.1 (VPI=2,VCI=200) • On R1 configure a 512kbps PVC to 10.1.3.1 (VPI=2,VCI=300)>> R1 <<interface ATM2/0no ip addressno ip directed-broadcastload-interval 30no atm ilmi-keepaliveno atm enable-ilmi-trapinterface ATM2/0.1 point-to-pointip address 10.1.1.1 255.255.255.252no ip directed-broadcastno atm enable-ilmi-trappvc Peer1 2/100 vbr-nrt 1000 1000 Configuration Reference Guide | [A] 27

interface ATM2/0.2 point-to-pointip address 10.1.2.1 255.255.255.252no ip directed-broadcastno atm enable-ilmi-trappvc Peer2 2/200 vbr-nrt 50000 50000interface ATM2/0.3 point-to-pointbandwidth 512ip address 10.1.3.1 255.255.255.252no ip directed-broadcastpvc Peer3 2/300 vbr-nrt 512 512show atm pvcshow atm map Configuration Reference Guide | [A] 28