System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1) Copyright (c) 1999 by cisco Systems, Inc. TAC:Home:SW:IOS:Specials for info C2600 platform with 65536 Kbytes of main memory program load complete, entry point: 0x80008000, size: 0xf76e54 Self decompressing the image : ###################################################################################################################################################################################################################################################### [OK] Smart Init is enabled smart init is sizing iomem ID MEMORY_REQ TYPE 000092 0X000B3280 C2600 Dual Ethernet 0X00098670 public buffer pools 0X00211000 public particle pools TOTAL: 0X0035C8F0 If any of the above Memory Requirements are "UNKNOWN", you may be using an unsupported configuration or there is a software problem and system operation may be compromised. Rounded IOMEM up to: 3Mb. Using 5 percent iomem. [3Mb/64Mb] Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Cisco IOS Software, C2600 Software (C2600-ADVSECURITYK9-M), Version 12.4(1a), RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2005 by Cisco Systems, Inc. Compiled Fri 27-May-05 15:09 by hqluong Image text-base: 0x80008098, data-base: 0x8184D2DC Port Statistics for unclassified packets is not turned on. This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com. Cisco 2611 (MPC860) processor (revision 0x202) with 62093K/3443K bytes of memory. Processor board ID JAB0316075K (3890829329) M860 processor: part number 0, mask 49 2 Ethernet interfaces 1 Serial interface 32K bytes of NVRAM. 16384K bytes of processor board System flash (Read/Write)  Press RETURN to get started! *Mar 1 00:00:35.554: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up *Mar 1 00:00:38.599: %LINK-5-CHANGED: Interface Ethernet0/1, changed state to administratively down *Mar 1 00:00:38.599: %LINK-5-CHANGED: Interface Serial0/0, changed state to administratively down *Mar 1 00:00:38.603: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed state to up *Mar 1 00:00:38.923: %SYS-5-CONFIG_I: Configured from memory by console *Mar 1 00:58:21.005: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/1, changed state to down *Mar 1 00:58:21.005: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to down *Mar 1 00:58:22.520: %SYS-5-RESTART: System restarted -- Cisco IOS Software, C2600 Software (C2600-ADVSECURITYK9-M), Version 12.4(1a), RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2005 by Cisco Systems, Inc. Compiled Fri 27-May-05 15:09 by hqluong *Mar 1 00:58:22.524: %SNMP-5-COLDSTART: SNMP agent on host Router is undergoing a cold start *Mar 1 00:58:23.525: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed state to down Router> Router> Router> Router> Router> Router> Router>enable Password: Router#show run Building configuration... Current configuration : 758 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! enable secret 5 $1$60Ay$kde9sLQEj2kyUKUknNXyS. ! no aaa new-model ! resource policy ! ip subnet-zero ip cef ! ! --More--  no ip dhcp use vrf connected ! ! no ip ips deny-action ips-interface ! ! ! ! ! ! ! ! ! interface Ethernet0/0 ip address 192.168.1.25 255.255.255.0 half-duplex ! interface Serial0/0 no ip address shutdown ! interface Ethernet0/1 no ip address --More--   shutdown half-duplex ! ip classless ! no ip http server no ip http secure-server ! ! ! control-plane ! ! ! ! line con 0 line aux 0 line vty 0 4 password ch1cken login line vty 5 181 password ch1cken login --More--  ! ! end Router#interface fa0/0 ^ % Invalid input detected at '^' marker. Router#config t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#in  interface e0/0 Router(config-if)#dup Router(config-if)#duplex ? full Force full duplex operation half Force half-duplex operation Router(config-if)#duplex interface e0/0duplex full Router(config-if)#^Z Router#s *Mar 1 01:01:24.630: %SYS-5-CONFIG_I: Configured from console by consolehow run Building configuration... Current configuration : 758 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! enable secret 5 $1$60Ay$kde9sLQEj2kyUKUknNXyS. ! no aaa new-model ! resource policy ! ip subnet-zero ip cef ! ! --More--  no ip dhcp use vrf connected ! ! no ip ips deny-action ips-interface ! ! ! ! ! ! ! ! ! interface Ethernet0/0 ip address 192.168.1.25 255.255.255.0 full-duplex ! interface Serial0/0 no ip address shutdown ! interface Ethernet0/1 no ip address --More--   shutdown half-duplex ! ip classless ! no ip http server no ip http secure-server ! ! ! control-plane ! ! ! ! line con 0 line aux 0 line vty 0 4 password ch1cken login line vty 5 181 password ch1cken login --More--  ! ! end Router#config t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#interface e0 0/1 Router(config-if)#duplex full Router(config-if)#^Z Router# *Mar 1 01:02:12.981: %SYS-5-CONFIG_I: Configured from console by console Router#show run Building configuration... Current configuration : 758 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! enable secret 5 $1$60Ay$kde9sLQEj2kyUKUknNXyS. ! no aaa new-model ! resource policy ! ip subnet-zero ip cef ! ! --More--  no ip dhcp use vrf connected ! ! no ip ips deny-action ips-interface ! ! ! ! ! ! ! ! ! interface Ethernet0/0 ip address 192.168.1.25 255.255.255.0 full-duplex ! interface Serial0/0 no ip address shutdown ! interface Ethernet0/1 no ip address --More--   shutdown full-duplex ! ip classless ! no ip http server no ip http secure-server ! ! ! control-plane ! ! ! ! line con 0 line aux 0 line vty 0 4 password ch1cken login line vty 5 181 password ch1cken login --More--  ! ! end Router#? Exec commands: access-enable Create a temporary Access-List entry access-profile Apply user-profile to interface access-template Create a temporary Access-List entry archive manage archive files auto Exec level Automation bfe For manual emergency modes setting cd Change current directory clear Reset functions clock Manage the system clock cns CNS agents configure Enter configuration mode connect Open a terminal connection copy Copy from one file to another crypto Encryption related commands. ct-isdn Run an ISDN component test command debug Debugging functions (see also 'undebug') delete Delete a file dir List files on a filesystem disable Turn off privileged commands disconnect Disconnect an existing network connection dot1x Dot1x Exec Commands --More--   enable Turn on privileged commands --More--   eou EAPoUDP --More--   erase Erase a filesystem event Event related commands exit Exit from the EXEC help Description of the interactive help system isdn Run an ISDN EXEC command on an ISDN interface lock Lock the terminal login Log in as a particular user logout Exit from the EXEC microcode microcode commands modemui Start a modem-like user interface monitor Monitoring different system events more Display the contents of a file mrinfo Request neighbor and version information from a multicast router mrm IP Multicast Routing Monitor Test mstat Show statistics after multiple multicast traceroutes mtrace Trace reverse multicast path from destination to source name-connection Name an existing network connection no Disable debugging functions pad Open a X.29 PAD connection ping Send echo messages ppp Start IETF Point-to-Point Protocol (PPP) pwd Display current working directory --More--   release Release a resource reload Halt and perform a cold restart rename Rename a file renew Renew a resource restart Restart Connection resume Resume an active network connection rlogin Open an rlogin connection rsh Execute a remote command send Send a message to other tty lines set Set system parameter (not config) setup Run the SETUP command facility show Show running system information slip Start Serial-line IP (SLIP) squeeze Squeeze a filesystem ssh Open a secure shell client connection start-chat Start a chat-script on a line systat Display information about terminal lines tarp TARP (Target ID Resolution Protocol) commands tclquit Quit Tool Command Language shell tclsh Tool Command Language shell telnet Open a telnet connection terminal Set terminal line parameters test Test subsystems, memory, and interfaces --More--   traceroute Trace route to destination tunnel Open a tunnel connection udptn Open an udptn connection undebug Disable debugging functions (see also 'debug') upgrade Upgrade software verify Verify a file vlan Configure VLAN parameters where List active connections which-route Do OSI route table lookup and display results write Write running configuration to memory, network, or terminal x28 Become an X.28 PAD x3 Set X.3 parameters on PAD Router# *Mar 1 01:04:19.689: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed state to up Router#config t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#ip ? Global IP configuration subcommands: access-list Named access-list accounting-list Select hosts for which IP accounting information is kept accounting-threshold Sets the maximum number of accounting entries accounting-transits Sets the maximum number of transit entries address-pool Specify default IP address pooling mechanism admission Network Admission Control (NAC) alias Alias an IP address to a TCP port arp IP ARP global configuration auth-proxy Authentication Proxy bootp Config BOOTP services cef Cisco Express Forwarding classless Follow classless routing forwarding rules ddns Configure dynamic DNS default-gateway Specify default gateway (if not routing IP) default-network Flags networks as candidates for default routes dhcp Configure DHCP server and relay parameters dhcp-client Configure parameters for DHCP client operation dhcp-server Specify target DHCP server parameters dns Configure DNS server for a zone domain IP DNS Resolver --More--   domain-list Domain name to complete unqualified host names. domain-lookup Enable IP Domain Name System hostname translation domain-name Define the default domain name dvmrp DVMRP global commands finger finger server flow-aggregation Configure flow aggregation flow-cache Configure netflow cache parameters flow-capture Capture additional netflow information flow-egress Configure netflow egress flow-export Specify host/port to send flow statistics flow-top-talkers Configure netflow top talkers forward-protocol Controls forwarding of physical and directed IP broadcasts ftp FTP configuration commands gdp Router discovery mechanism gratuitous-arps Generate gratuitous ARPs for PPP/SLIP peer addresses host Add an entry to the ip hostname table host-list Configure a host list host-routing Enable host-based routing (proxy ARP and redirect) hp-host Enable the HP proxy probe service http HTTP server configuration icmp ICMP options identd Ident server --More--   igmp IGMP global configuration inspect Context-based Access Control Engine ips Intrusion Prevention System kerberos KERBEROS configuration commands local Specify local options mobile Enable Mobile IP services mrm Configure IP Multicast Routing Monitor test parameters mroute Configure static multicast routes msdp MSDP global commands multicast Global IP Multicast Commands multicast-routing Enable IP multicast forwarding name-server Specify address of name server to use nat NAT configuration commands nbar NBAR - Network Based Application Recognition options IP Options treatment ospf OSPF pgm PGM Reliable Transport Protocol pim PIM global commands port-map Port to application mapping (PAM) configuration commands prefix-list Build a prefix list radius RADIUS configuration commands --More--   rcmd Rcmd commands reflexive-list Reflexive access list route Establish static routes routing Enable IP routing rsvp Configure static RSVP information rtcp RTCP parameters sap Global IP Multicast SAP Commands scp Scp commands sdee Security Device Event Exchange security Specify system wide security information sla IP Service Level Agreement source-route Process packets with source routing header options source-track Source Tracker ssh Configure ssh options subnet-zero Allow 'subnet zero' subnets tacacs TACACS configuration commands tcp Global TCP parameters telnet Specify telnet options tftp tftp configuration commands trigger-authentication Trigger-authentication configurations parameters udptn UDPTN configuration commands urlfilter URL Filtering Engine vrf Configure an IP VPN Routing/Forwarding instance --More--   wccp Web-Cache Coordination Protocol Commands Router(config)#ip htt Router(config)#ip http ? access-class Restrict http server access by access-class active-session-modules Set up active http server session modules authentication Set http server authentication method client Set http client parameters max-connections Set maximum number of concurrent http server connections path Set base path for HTML port Set http server port secure-active-session-modules Set up active http secure server session modules secure-ciphersuite Set http secure server ciphersuite secure-client-auth Set http secure server with client authentication secure-port Set http secure server port number for listening secure-server Enable HTTP secure server secure-trustpoint Set http secure server certificate trustpoint server Enable http server session-module-list Set up a http(s) server session module list timeout-policy Set http server time-out policy parameters Router(config)#ip http server Router(config)# Router con0 is now available Press RETURN to get started. *Mar 1 01:15:56.039: %SYS-5-CONFIG_I: Configured from console by console Router>enable Password: Router#ip ? % Unrecognized command Router#ip    config t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#ip ? Global IP configuration subcommands: access-list Named access-list accounting-list Select hosts for which IP accounting information is kept accounting-threshold Sets the maximum number of accounting entries accounting-transits Sets the maximum number of transit entries address-pool Specify default IP address pooling mechanism admission Network Admission Control (NAC) alias Alias an IP address to a TCP port arp IP ARP global configuration auth-proxy Authentication Proxy bootp Config BOOTP services cef Cisco Express Forwarding classless Follow classless routing forwarding rules ddns Configure dynamic DNS default-gateway Specify default gateway (if not routing IP) default-network Flags networks as candidates for default routes dhcp Configure DHCP server and relay parameters dhcp-client Configure parameters for DHCP client operation dhcp-server Specify target DHCP server parameters dns Configure DNS server for a zone domain IP DNS Resolver --More--   domain-list Domain name to complete unqualified host names. --More--   Router(config)#ip access Router(config)#ip access-list ? extended Extended Access List log-update Control access list log updates logging Control access list logging resequence Resequence Access List standard Standard Access List Router(config)#ip access-list                acc Router(config)#access-list ? <1-99> IP standard access list <100-199> IP extended access list <1100-1199> Extended 48-bit MAC address access list <1300-1999> IP standard access list (expanded range) <200-299> Protocol type-code access list <2000-2699> IP extended access list (expanded range) <700-799> 48-bit MAC address access list dynamic-extended Extend the dynamic ACL absolute timer rate-limit Simple rate-limit specific access list Router(config)#access-list 1 ? deny Specify packets to reject permit Specify packets to forward remark Access list entry comment Router(config)#access-list 1 deny ? Hostname or A.B.C.D Address to match any Any source host host A single host address Router(config)#access-list 1 deny so  ho Router(config)#access-list 1 deny host 192.168.1.89 Router(config)#access-list 1 deny host 192.168.1.89deny host 192.168.1.89  host 192.168.1.89  host 192.168.1.89  host 192.168.1.89 p host 192.168.1.89e host 192.168.1.89r host 192.168.1.89 Router(config)#access-list 1 per host 192.168.1.89rm host 192.168.1.89i host 192.168.1.89t host 192.168.1.89 host 192.168.1.89                   ? Hostname or A.B.C.D Address to match any Any source host host A single host address Router(config)#access-list 1 permit any Router(config)#access Router(config)#access-list v ? <1-99> IP standard access list <100-199> IP extended access list <1100-1199> Extended 48-bit MAC address access list <1300-1999> IP standard access list (expanded range) <200-299> Protocol type-code access list <2000-2699> IP extended access list (expanded range) <700-799> 48-bit MAC address access list dynamic-extended Extend the dynamic ACL absolute timer rate-limit Simple rate-limit specific access list Router(config)#access-list             ip a Router(config)#ip acc Router(config)#ip acc   ? Global IP configuration subcommands: access-list Named access-list accounting-list Select hosts for which IP accounting information is kept accounting-threshold Sets the maximum number of accounting entries accounting-transits Sets the maximum number of transit entries address-pool Specify default IP address pooling mechanism admission Network Admission Control (NAC) alias Alias an IP address to a TCP port arp IP ARP global configuration auth-proxy Authentication Proxy bootp Config BOOTP services cef Cisco Express Forwarding classless Follow classless routing forwarding rules ddns Configure dynamic DNS default-gateway Specify default gateway (if not routing IP) default-network Flags networks as candidates for default routes dhcp Configure DHCP server and relay parameters dhcp-client Configure parameters for DHCP client operation dhcp-server Specify target DHCP server parameters dns Configure DNS server for a zone domain IP DNS Resolver --More--   domain-list Domain name to complete unqualified host names. --More--   domain-lookup Enable IP Domain Name System hostname translation --More--   Router(config)#ip    interface e0/0 Router(config-if)#ip aa cc Router(config-if)#ip acc   ? Interface IP configuration subcommands: access-group Specify access control for packets accounting Enable IP accounting on this interface address Set the IP address of an interface admission Apply Network Admission Control auth-proxy Apply authentication proxy authentication authentication subcommands bandwidth-percent Set EIGRP bandwidth limit broadcast-address Set the broadcast address of an interface cef Cisco Express Forwarding interface commands cgmp Enable/disable CGMP ddns Configure dynamic DNS dhcp Configure DHCP parameters for this interface directed-broadcast Enable forwarding of directed broadcasts dvmrp DVMRP interface commands flow NetFlow related commands header-compression IPHC options hello-interval Configures IP-EIGRP hello interval helper-address Specify a destination address for UDP broadcasts hold-time Configures IP-EIGRP hold time idle-group Specify interesting packets for idle-timer igmp IGMP interface commands --More--   information-reply Enable sending ICMP Information Reply messages inspect Apply inspect name ips Create IPS rule irdp ICMP Router Discovery Protocol load-sharing Style of load sharing local-proxy-arp Enable local-proxy ARP mask-reply Enable sending ICMP Mask Reply messages mobile Mobile IP support mrm Configure IP Multicast Routing Monitor tester mroute-cache Enable switching cache for incoming multicast packets mtu Set IP Maximum Transmission Unit multicast IP multicast interface commands nat NAT interface commands nbar Network-Based Application Recognition next-hop-self Configures IP-EIGRP next-hop-self nhrp NHRP interface subcommands ospf OSPF interface commands pgm PGM Reliable Transport Protocol pim PIM interface commands policy Enable policy routing proxy-arp Enable proxy ARP rarp-server Enable RARP server for static arp entries redirects Enable sending ICMP Redirect messages --More--   rgmp Enable/disable RGMP rip Router Information Protocol route-cache Enable fast-switching cache for outgoing packets router IP router interface commands rsvp RSVP Interface Commands rtp RTP parameters sap Session Announcement Protocol interface commands security DDN IP Security Option split-horizon Perform split horizon summary-address Perform address summarization tcp TCP header compression and other parameters unnumbered Enable IP processing without an explicit address unreachables Enable sending ICMP Unreachable messages urd Configure URL Rendezvousing verify Enable per packet validation virtual-reassembly Enable Virtual Fragment Reassembly vrf VPN Routing/Forwarding parameters on the interface wccp WCCP interface commands Router(config-if)#ip acce Router(config-if)#ip access-group ? <1-199> IP access list (standard or extended) <1300-2699> IP expanded access list (standard or extended) WORD Access-list name Router(config-if)#ip access-group 1 ? in inbound packets out outbound packets Router(config-if)#ip access-group 1 nterface e0/0 p access-group 1 in Router(config-if)#^Z Router#conf *Mar 1 01:28:00.514: %SYS-5-CONFIG_I: Configured from console by consoleig t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#interface e0/1 Router(config-if)# ip address 192.168.1.44 255.255.255.0 % 192.168.1.0 overlaps with Ethernet0/0 Router(config-if)# ip address 192.168.1.44 255.255.255.01.44 255.255.255.0 2.44 255.255.255.0 Router(config-if)#no shut Router(config-if)# *Mar 1 01:38:03.210: %LINK-3-UPDOWN: Interface Ethernet0/1, changed state to up *Mar 1 01:38:04.212: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/1, changed state to up Router(config-if)#acce Router(config-if)#access-expression                   ^Z Router#con *Mar 1 01:39:32.024: %SYS-5-CONFIG_I: Configured from console by consolefig t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#acc Router(config)#access-list 2 ? <1-99> IP standard access list <100-199> IP extended access list <1100-1199> Extended 48-bit MAC address access list <1300-1999> IP standard access list (expanded range) <200-299> Protocol type-code access list <2000-2699> IP extended access list (expanded range) <700-799> 48-bit MAC address access list dynamic-extended Extend the dynamic ACL absolute timer rate-limit Simple rate-limit specific access list Router(config)#access-list 2 ? deny Specify packets to reject permit Specify packets to forward remark Access list entry comment Router(config)#access-list 2 permit2 permit ? Hostname or A.B.C.D Address to match any Any source host host A single host address Router(config)#access-list 2 permit hot st ? Hostname or A.B.C.D Host address Router(config)#access-list 2 permit host 192.3 168.2.79 Router(config)# Router(config)#interface e0/1 Router(config-if)#acce Router(config-if)#access-expression            g Router(config-if)#access-g        ip acce Router(config-if)#ip access-group ? <1-199> IP access list (standard or extended) <1300-2699> IP expanded access list (standard or extended) WORD Access-list name Router(config-if)#ip access-group 1 2 ? in inbound packets out outbound packets Router(config-if)#ip access-group 2 in Router(config-if)#line      ^Z Router#line *Mar 1 01:44:30.561: %SYS-5-CONFIG_I: Configured from console by console Translating "line"...domain server (255.255.255.255) Translating "line"...domain server (255.255.255.255) (255.255.255.255) Translating "line"...domain server (255.255.255.255) % Unknown command or computer name, or unable to find computer address Router# Router# Router# Router# Router# Router# Router# Router#^Z Router#^Z Router#^Z Router# Router#^Z Router# Router#^Z Router# Router#^Z Router# Router#^Z Router# Router#^@ Router#line  Router#line ? % Unrecognized command Router#line      config t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#line ? <0-247> First Line number aux Auxiliary line console Primary terminal line tty Terminal controller vty Virtual terminal x/y Slot/Port for Modems Router(config)#line vty 0 181 Router(config-line)#acc Router(config-line)#access-class        ? <1-199> IP access list <1300-2699> IP expanded access list WORD Access-list name Router(config-line)#access-         password  Router(config-line)#password ? 0 Specifies an UNENCRYPTED password will follow 7 Specifies a HIDDEN password will follow LINE The UNENCRYPTED (cleartext) line password Router(config-line)#password          ^Z Router#con *Mar 1 01:50:10.987: %SYS-5-CONFIG_I: Configured from console by console % Ambiguous command: "con" Router#config t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#line vty          acc Router(config)#access-list 2  Router(config)#access-list 2 permit 192.168.1.89 ? A.B.C.D Wildcard bits log Log matches against this entry Router(config)#access-list 2 permit 192.168.1.89 192.168.1.89              ? Hostname or A.B.C.D Address to match any Any source host host A single host address Router(config)#access-list 2 permit host ? Hostname or A.B.C.D Host address Router(config)#access-list 2 permit host 192.168.1.89 ? log Log matches against this entry Router(config)#access-list 2 permit host 192.168.1.89 Router(config)#line vty 0 181 Router(config-line)#acc Router(config-line)#access-class ? <1-199> IP access list <1300-2699> IP expanded access list WORD Access-list name Router(config-line)#access-class 2 ? in Filter incoming connections out Filter outgoing connections Router(config-line)#access-class 2 in   Router(config-line)#^Z Router#co *Mar 1 01:53:03.262: %SYS-5-CONFIG_I: Configured from console by consolepy run start Destination filename [startup-config]? Building configuration... [OK] Router#sho run Building configuration... Current configuration : 978 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! enable secret 5 $1$60Ay$kde9sLQEj2kyUKUknNXyS. ! no aaa new-model ! resource policy ! ip subnet-zero ip cef ! ! --More--  no ip dhcp use vrf connected ! ! no ip ips deny-action ips-interface ! ! ! ! ! ! ! ! ! interface Ethernet0/0 ip address 192.168.1.25 255.255.255.0 ip access-group 1 in full-duplex ! interface Serial0/0 no ip address shutdown ! interface Ethernet0/1 --More--   ip address 192.168.2.44 255.255.255.0 ip access-group 2 in full-duplex ! ip classless ! ip http server no ip http secure-server ! access-list 1 deny 192.168.1.89 access-list 1 permit any access-list 2 permit 192.168.2.79 access-list 2 permit 192.168.1.89 ! ! control-plane ! ! ! ! line con 0 line aux 0 line vty 0 4 --More--   access-class 2 in password ch1cken login line vty 5 181 access-class 2 in password ch1cken login ! ! end Router#config t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#acc Router(config)#access-list access-list 2 permit 192.168.1.89 ^ % Invalid input detected at '^' marker. Router(config)#access-list 1 deny 192.168.1.89 Router(config)#access-list 1 permit any Router(config)#access-list 2 permit 192.168.2.79 Router(config)#access-list 2 permit 192.168.1.89 Router(config)#access-list 1 deny 192.168.1.89 Router(config)#access-list 1 permit any Router(config)#access-list 2 permit 192.168.2.79 Router(config)# show acc Router(config)# show acc         do show acc Router(config)#do show access-list Standard IP access list 1 10 deny 192.168.1.89 (109 matches) 20 permit any Standard IP access list 2 10 permit 192.168.2.79 (393 matches) 20 permit 192.168.1.89 Router(config)#access-list 2 permit 192.168.1.89 Router(config)#access-list 2 permit 192.168.1.89do show access-list  Standard IP access list 1 10 deny 192.168.1.89 (109 matches) 20 permit any Standard IP access list 2 10 permit 192.168.2.79 (393 matches) 20 permit 192.168.1.89 Router(config)#no acc Router(config)#no access-list ? <1-99> IP standard access list <100-199> IP extended access list <1100-1199> Extended 48-bit MAC address access list <1300-1999> IP standard access list (expanded range) <200-299> Protocol type-code access list <2000-2699> IP extended access list (expanded range) <700-799> 48-bit MAC address access list dynamic-extended Extend the dynamic ACL absolute timer rate-limit Simple rate-limit specific access list Router(config)#no access-list 1                show      do show access-list Standard IP access list 1 10 deny 192.168.1.89 (112 matches) 20 permit any Standard IP access list 2 10 permit 192.168.2.79 (393 matches) 20 permit 192.168.1.89 Router(config)#no acc Router(config)#no access-list 10 Router(config)#no access-list 10  20 Router(config)#no access-list 20                 no access-list 10do show access-list Standard IP access list 1 10 deny 192.168.1.89 (112 matches) 20 permit any Standard IP access list 2 10 permit 192.168.2.79 (393 matches) 20 permit 192.168.1.89 Router(config)# *Mar 1 01:57:26.089: %SYS-5-CONFIG_I: Configured from console by vty0 (192.168.2.79) Router(config)#do show access-list Standard IP access list 1 10 deny 192.168.1.89 (112 matches) 20 permit any Standard IP access list 2 10 permit 192.168.2.79 (396 matches) 20 permit 192.168.1.89 Router(config)#no access-list 1 deny 192.168.1.89 Router(config)#no access-list 1 deny 192.168.1.89do show access-list  Standard IP access list 2 10 permit 192.168.2.79 (396 matches) 20 permit 192.168.1.89 Router(config)#no access-list 2 permit 192.168.2.79 Router(config)#no access-list 2 permit 192.168.2.79 permit 192.168.2.79                                    do show access-listno access-list 1 deny 192.168.1.89do show access-list  Router(config)#do show access-list Router(config)#access-list 2 permit 192.168.1.89 Router(config)#access-list 1 deny 192.168.1.89 Router(config)#access-list 1 permit any Router(config)#access-list 2 permit 192.168.2.79 Router(config)#access-list 2 permit 192.168.2.791 permit any deny 192.168.1.892 permit 192.168.1.89do show access-list  Standard IP access list 1 10 deny 192.168.1.89 20 permit any Standard IP access list 2 20 permit 192.168.2.79 10 permit 192.168.1.89 Router(config)#no access Router(config)#no access-list 2                do show access-list do show access-listaccess-list 2 permit 192.168.2.79naccess-list 2 permit 192.168.2.79oaccess-list 2 permit 192.168.2.79 access-list 2 permit 192.168.2.79access-list 2 permit 192.168.2.79 1 permit 192.168.2.79 permit 192.168.2.79  192.168.2.79  192.168.2.79  192.168.2.79  192.168.2.79  192.168.2.79 d 192.168.2.79e 192.168.2.79n 192.168.2.79y 192.168.2.79 192.168.2.799 89 Router(config)#no access-list 1 deny 192.168.2.89 no access-list 1 deny 192.168.2.89do show access-list  Standard IP access list 2 20 permit 192.168.2.79 10 permit 192.168.1.89 Router(config)#do show access-listno access-list 1 deny 192.168.2.89ny 192.168.2.8do show access-list access-list 2 permit 192.168.2.791 permit any deny 192.168.1.892 permit 192.168.1.89do show access-list no access-list 2 permit 192.168.2.79do show access-list access-list 2 permit 192.168.1.891 deny 192.168.1.89permit any 2 permit 192.168.2.79do show access-list no access-list 1 deny 192.168.2.89do show access-list  access Router(config)#access-list deny host 192.168.1.89 ^ % Invalid input detected at '^' marker. Router(config)#access-list deny host 192.168.1.89                      ? <1-99> IP standard access list <100-199> IP extended access list <1100-1199> Extended 48-bit MAC address access list <1300-1999> IP standard access list (expanded range) <200-299> Protocol type-code access list <2000-2699> IP extended access list (expanded range) <700-799> 48-bit MAC address access list dynamic-extended Extend the dynamic ACL absolute timer rate-limit Simple rate-limit specific access list Router(config)#access-list do show access-listno access-list 1 deny 192.168.2.89do show access-list no access-list 1 deny 192.168.2.89do show access-list access-list deny host 192.168.1.89 1deny host 192.168.1.89 deny host 192.168.1.89 Router(config)#access-list 1 deny host 192.168.1.89deny host 192.168.1.89 do show access-list no access-list 1 deny 192.168.2.89do show access-list  Standard IP access list 1 10 deny 192.168.1.89 (38 matches) Standard IP access list 2 20 permit 192.168.2.79 (3 matches) 10 permit 192.168.1.89 (2 matches) Router(config)#inter Router(config)#interface e0/0 Router(config-if)#acc Router(config-if)#access-expression             ? input Filter input packets output Filter output packets Router(config-if)#access-         ip acc Router(config-if)#ip acc ? % Ambiguous command: "ip acc " Router(config-if)#ip acc  ess ? <1-199> IP access list (standard or extended) <1300-2699> IP expanded access list (standard or extended) WORD Access-list name Router(config-if)#ip access        ? Interface IP configuration subcommands: access-group Specify access control for packets accounting Enable IP accounting on this interface address Set the IP address of an interface admission Apply Network Admission Control auth-proxy Apply authentication proxy authentication authentication subcommands bandwidth-percent Set EIGRP bandwidth limit broadcast-address Set the broadcast address of an interface cef Cisco Express Forwarding interface commands cgmp Enable/disable CGMP ddns Configure dynamic DNS dhcp Configure DHCP parameters for this interface directed-broadcast Enable forwarding of directed broadcasts dvmrp DVMRP interface commands flow NetFlow related commands header-compression IPHC options hello-interval Configures IP-EIGRP hello interval helper-address Specify a destination address for UDP broadcasts hold-time Configures IP-EIGRP hold time idle-group Specify interesting packets for idle-timer igmp IGMP interface commands --More--   Router(config-if)#ip access-g Router(config-if)#ip access-group 1 ? in inbound packets out outbound packets Router(config-if)#ip access-group 1 in Router(config-if)#no acc Router(config-if)#no access-expression             ? input Filter input packets output Filter output packets Router(config-if)#no access-            exit Router(config)#no acc Router(config)#no access-list ? <1-99> IP standard access list <100-199> IP extended access list <1100-1199> Extended 48-bit MAC address access list <1300-1999> IP standard access list (expanded range) <200-299> Protocol type-code access list <2000-2699> IP extended access list (expanded range) <700-799> 48-bit MAC address access list dynamic-extended Extend the dynamic ACL absolute timer rate-limit Simple rate-limit specific access list Router(config)#no access-list 1 Router(config)#show access Router(config)#show access- Router(config)#show access-l Router(config)#show access-lis Router(config)#show access-lisno access-list 1show access-lis dshow access-lisoshow access-lis show access-lisshow access-lisst show access-lisst ^ % Invalid input detected at '^' marker. Router(config)#do show access-lisstt  Standard IP access list 2 20 permit 192.168.2.79 (15 matches) 10 permit 192.168.1.89 (2 matches) Router(config)#no access-list 2 Router(config)#no access-list 2do show access-list Router(config)#do show access-listno access-list 2  Router(config)#no access-list 2 Router(config)#no access-list 2 Router(config)#no access-list 2 1 Router(config)#no access-list 1 Router(config)#access Router(config)#access-list ? <1-99> IP standard access list <100-199> IP extended access list <1100-1199> Extended 48-bit MAC address access list <1300-1999> IP standard access list (expanded range) <200-299> Protocol type-code access list <2000-2699> IP extended access list (expanded range) <700-799> 48-bit MAC address access list dynamic-extended Extend the dynamic ACL absolute timer rate-limit Simple rate-limit specific access list Router(config)#access-list 1 110 ? deny Specify packets to reject dynamic Specify a DYNAMIC list of PERMITs or DENYs permit Specify packets to forward remark Access list entry comment Router(config)#access-list 110 deny ? <0-255> An IP protocol number ahp Authentication Header Protocol eigrp Cisco's EIGRP routing protocol esp Encapsulation Security Payload gre Cisco's GRE tunneling icmp Internet Control Message Protocol igmp Internet Gateway Message Protocol ip Any Internet Protocol ipinip IP in IP tunneling nos KA9Q NOS compatible IP over IP tunneling ospf OSPF routing protocol pcp Payload Compression Protocol pim Protocol Independent Multicast tcp Transmission Control Protocol udp User Datagram Protocol Router(config)#access-list 110 deny tcp ? A.B.C.D Source address any Any source host host A single source host Router(config)#access-list 110 deny tcp any ? A.B.C.D Destination address any Any destination host eq Match only packets on a given port number gt Match only packets with a greater port number host A single destination host lt Match only packets with a lower port number neq Match only packets not on a given port number range Match only packets in the range of port numbers Router(config)#access-list 110 deny tcp any 192.168.1.89 255.255.255           0.0.0.255   0 ? ack Match on the ACK bit dscp Match packets with given dscp value eq Match only packets on a given port number established Match established connections fin Match on the FIN bit fragments Check non-initial fragments gt Match only packets with a greater port number log Log matches against this entry log-input Log matches against this entry, including input interface lt Match only packets with a lower port number neq Match only packets not on a given port number precedence Match packets with given precedence value psh Match on the PSH bit range Match only packets in the range of port numbers rst Match on the RST bit syn Match on the SYN bit time-range Specify a time-range tos Match packets with given TOS value urg Match on the URG bit Router(config)#access-list 110 deny tcp any 192.168.1.89 0.0.0.0 eq ? <0-65535> Port number bgp Border Gateway Protocol (179) chargen Character generator (19) cmd Remote commands (rcmd, 514) daytime Daytime (13) discard Discard (9) domain Domain Name Service (53) drip Dynamic Routing Information Protocol (3949) echo Echo (7) exec Exec (rsh, 512) finger Finger (79) ftp File Transfer Protocol (21) ftp-data FTP data connections (20) gopher Gopher (70) hostname NIC hostname server (101) ident Ident Protocol (113) irc Internet Relay Chat (194) klogin Kerberos login (543) kshell Kerberos shell (544) login Login (rlogin, 513) lpd Printer service (515) nntp Network News Transport Protocol (119) --More--   Router(config)#access-list 110 deny tcp any 192.168.1.89 0.0.0.0 eq 23 Router(config)#access-list 110 deny tcp any 192.168.1.89 0.0.0.0 eq 23 tcp any 192.168.1.89 0.0.0.0 eq 23  tcp any 192.168.1.89 0.0.0.0 eq 23  tcp any 192.168.1.89 0.0.0.0 eq 23  tcp any 192.168.1.89 0.0.0.0 eq 23 p tcp any 192.168.1.89 0.0.0.0 eq 23e tcp any 192.168.1.89 0.0.0.0 eq 23r tcp any 192.168.1.89 0.0.0.0 eq 23m tcp any 192.168.1.89 0.0.0.0 eq 23i tcp any 192.168.1.89 0.0.0.0 eq 23t tcp any 192.168.1.89 0.0.0.0 eq 23 tcp any 192.168.1.89 0.0.0.0 eq 23  any 192.168.1.89 0.0.0.0 eq 23  any 192.168.1.89 0.0.0.0 eq 23 a any 192.168.1.89 0.0.0.0 eq 23n any 192.168.1.89 0.0.0.0 eq 23y any 192.168.1.89 0.0.0.0 eq 23 any 192.168.1.89 0.0.0.0 eq 23                            ^ % Invalid input detected at '^' marker. Router(config)#access-list 110 permit any any     ^ % Invalid input detected at '^' marker. Router(config)#access-list 110 permit any   ? <0-255> An IP protocol number ahp Authentication Header Protocol eigrp Cisco's EIGRP routing protocol esp Encapsulation Security Payload gre Cisco's GRE tunneling icmp Internet Control Message Protocol igmp Internet Gateway Message Protocol ip Any Internet Protocol ipinip IP in IP tunneling nos KA9Q NOS compatible IP over IP tunneling ospf OSPF routing protocol pcp Payload Compression Protocol pim Protocol Independent Multicast tcp Transmission Control Protocol udp User Datagram Protocol Router(config)#access-list 110 permit ip any any Router(config)#interface e0/0 Router(config-if)#a ip acce Router(config-if)#ip access-group 110 ? in inbound packets out outbound packets Router(config-if)#ip access-group 110 in Router(config-if)#interface e0/1 Router(config-if)#ip access Router(config-if)#ip access-group 110 in Router(config-if)#do sh ru  % Ambiguous command: "sh r" Router(config-if)#do show run Building configuration... Current configuration : 948 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! enable secret 5 $1$60Ay$kde9sLQEj2kyUKUknNXyS. ! no aaa new-model ! resource policy ! ip subnet-zero ip cef ! ! --More--  no ip dhcp use vrf connected ! ! no ip ips deny-action ips-interface ! ! ! ! ! ! ! ! ! interface Ethernet0/0 ip address 192.168.1.25 255.255.255.0 ip access-group 110 in full-duplex ! interface Serial0/0 no ip address shutdown ! interface Ethernet0/1 --More--   ip address 192.168.2.44 255.255.255.0 ip access-group 110 in full-duplex ! ip classless ! ip http server no ip http secure-server ! access-list 110 deny tcp any host 192.168.1.89 eq telnet access-list 110 permit ip any any ! ! control-plane ! ! ! ! line con 0 line aux 0 line vty 0 4 access-class 2 in password ch1cken --More--   login line vty 5 181 access-class 2 in password ch1cken login ! ! end Router(config-if)# c o p y  r u n           d o  c o p y  r u n  s t a r t  Destination filename [startup-config]? Building configuration... [OK] Router(config-if)#exit Router(config)#exit Router#exi *Mar 1 02:15:28.988: %SYS-5-CONFIG_I: Configured from console by consolet Router con0 is now available Press RETURN to get started.