Cisco Router Cheat Sheet

This is a list of useful things that I’ve done using Cisco IOS via the command line interface. It’s really only for my own use, on my 861W, but in the case it comes in handy for someone else, here it is…

Show the configuration:

show config
! to show running configuration instead:
show running-conf

Save the active configuration to startup config:

copy running-config startup-config

Show the access lists:

sh ip access-lists

Editing an access list for telnet access:

!using netmask 198.0.0.0 as an example
config
  ip access-list standard 23
    permit 198.0.0.0 0.0.0.255
    exit
    ! use 'no 10' to delete the original acl
  exit

Changing the router’s IP address:

!Changing router IP to 198.0.0.108 as an example
ip dhcp excluded-address 198.0.0.108
ip dhcp pool ccp-pool
  default-router 198.0.0.108
  exit
interface Vlan1
  ip address 198.0.0.108 255.255.255.0
  exit

Setting up DNS proxy and name servers to point at comcast:

ip domain name lan
ip name-server 68.87.69.146
ip name-server 68.87.85.98
ip dns server

Setting hostname for the router:

hostname scottsrouter

Setting local DNS entries

!puts smbaker4.lan and smbaker4 at 198.0.0.54
ip host smbaker4 198.0.0.105
ip host smbaker4.lan 198.0.0.105

Enable SNMP monitoring:

snmp-server community public ro
access-list 60 permit 198.0.0.0 0.0.0.255

Port-forwarding:

! Let's assume you have an internal web server on 198.0.0.123 port 80
! and you want it to be externally visible on port 8080 on the router
! and your WAN interface is FastEthernet4
ip nat inside source static tcp 198.0.0.123 80 interface FastEthernet4 8080

Show port-forwarding

! This will dump the whole NAT table. If you configured static port forwarding, then
! you ought to see your entries in there somewhere.
show ip nat translations

Show DHCP Leases

show ip dhcp binding

Useful SNMP variables:

useful snmp variables:
  new cpu:
    5s cpu use: 1.3.6.1.4.1.9.9.109.1.1.1.1.6.1
    1m cpu use: 1.3.6.1.4.1.9.9.109.1.1.1.1.7.1
    5min cpu use: 1.3.6.1.4.1.9.9.109.1.1.1.1.8.1
  older ones:
    5sec: 1.3.6.1.4.1.9.2.1.56.0
    1min: 1.3.6.1.4.1.9.2.1.57.0
    5min: 1.3.6.1.4.1.9.2.1.58.0
  memory:
    pool name: 1.3.6.1.4.1.9.9.48.1.1.1.2.x
    pool used: 1.3.6.1.4.1.9.9.48.1.1.1.5.x
    pool free: 1.3.6.1.4.1.9.9.48.1.1.1.6.x
    where x=1: processor, x=2: io
  using snmpwalk:
    snmpwalk -Os -c public -v 1 198.0.0.108  1.3.6.1.4.1.9.9.48

Wireless access point stuff

The wireless accesspoint resides in the same box as the 861W but is a functionally separate device. If you gave it a separate IP address (you probably did) then you can telnet into your AP and configure it using IOS. The sections below will deal with access point stuff:

Changing the SSID of the router from ‘CISCO’ to ‘NETGEAR’:

interface Dot11Radio0
  ssid NETGEAR
    authentication open
    guest-mode
      exit
    exit
  exit
dot11 ssid CISCO
  no authentication open
  no guest-mode
  exit
interface Dot11Radio0
  no ssid CISCO
  exit

Disabling and re-enabling the radio (good for testing multi-AP settings):

# disable radio
interface Dot11Radio0
  shutdown
  exit

# enable radio
interface Dot11Radio0
  no shutdown
  exit

Debugging DNS stuff

debug domain
terminal monitor

When DNS stops working for a domain

# not sure what the problem is, but sometimes it just stops returning A records
# for a particular domain. 
clear host *.ebay.com

See Also:

Comments (1)

  1. Kevin Walter says:

    Have reccomended this page to my lvel 6 undergraduate degree students as a source to be read.
    They have been tasked to set up a secure network using the 861W without documentation, therefore sites like yours are very useful, yours in particular is exceptionaL.
    Thanks
    Kevin Walter
    Course Leader BT/IT
    University of Gloucestershire

Leave a Reply

Your email address will not be published. Required fields are marked *