Editing Commands Through Keystrokes

Capability	Keystroke	Purpose
Move around the command line to make changes or corrections.	Ctrl-B or the left arrow key	Move the cursor back one character.
	Ctrl-F or the right arrow key	Move the cursor forward one character.
	Ctrl-A	Move the cursor to the beginning of the command line.
	Ctrl-E	Move the cursor to the end of the command line.
	Esc B	Move the cursor back one word.
	Esc F	Move the cursor forward one word.
	Ctrl-T	Transpose the character to the left of the cursor with the character located at the cursor.
Recall commands from the buffer and paste them in the command line. The access point provides a buffer with the last ten items that you deleted.	Ctrl-Y	Recall the most recent entry in the buffer.
	Esc Y	Recall the next buffer entry. The buffer contains only the last 10 items that you have deleted or cut. If you press Esc Y more than ten times, you cycle to the first buffer entry.
Delete entries if you make a mistake or change your mind.	Delete or Backspace	Erase the character to the left of the cursor.
	Ctrl-D	Delete the character at the cursor.
	Ctrl-K	Delete all characters from the cursor to the end of the command line.
	Ctrl-U or Ctrl-X	Delete all characters from the cursor to the beginning of the command line.
	Ctrl-W	Delete the word to the left of the cursor.
	Esc D	Delete from the cursor to the end of the word.
Capitalize or lowercase words or capitalize a set of letters.	Esc C	Capitalize at the cursor.
	Esc L	Change the word at the cursor to lowercase.
	Esc U	Capitalize letters from the cursor to the end of the word.
Designate a particular keystroke as an executable command, perhaps as a shortcut.	Ctrl-V or Esc Q
Scroll down a line or screen on displays that are longer than the terminal screen can display.	Return	Scroll down one line.
	Space	Scroll down one screen.
Redisplay the current command line if the access point suddenly sends a message to your screen.	Ctrl-L or Ctrl-R	Redisplay the current command line.

Source: www.cisco.com

Common TCP UDP Ports

Application	Port	Protocol	Notes
HTTP	80, 8080	TCP	Hyptertext Transfer Protocol. Used by web browsers such as Internet Explorer, Firefox and Opera.
HTTPS	443	TCP, UDP	Used for secure web browsing.
IMAP	143	TCP	Email applications including Outlook, Outlook Express, Eudora and Thunderbird.
FTP	20 to 21	TCP	File Transfer Protocol.
SSH	22	TCP	Secure Shell protocol. Provides a secure session when logging into a remote machine.
Telnet	23	TCP	Used for remote server administration.
DNS	53	TCP, UDP	Domain Name System protocol for converting domain names to IP addresses.
NNTP	119	TCP	Network News Transfer Protocol, used for internet discussion groups.
NETBIOS	137 to 139	TCP, UDP	NETBIOS is used for file transfers between Windows machines.
SNMP	161 to 162	UDP	Simple Network Management Protocol. Used by network administrators for remote statistics and information gathering.
LDAP	389	TCP, UDP	Lightwight Directory Services Protocol, used for accessing centralized databases of users and computers.
Microsoft SQL Server	1433 to 1434	TCP, UDP	Database application.
MySQL	3306	TCP, UDP	Database application.
Oracle SQL	1521, 1522, 1525, 1529	TCP	Database application.
Microsoft Terminal Server / Citrix ICA	1494, 1604	UDP	Remote desktop application.
ICQ	4000	UDP	Instant messenger.
Yahoo Messenger	5010	TCP	Instant messenger.
AOL Instant Messenger	5190	TCP, UDP	Instant messenger.
PCAnywhere	5632	TCP, UDP	Remote desktop application.
VNC	5800, 5900	TCP	Virtual Network Computer, allows remote desktop functionality.
Kerberos	88	TCP, UDP	Used for user authentication, mainly on Windows systems.
POP3	110	TCP	Post Office Protocool. For receiving email.
SMTP	25	TCP	Simple Mail Transfer Protocol, used for sending email.
RIP	520	UDP	Routing Information Protocol, part of the core internet infrastructure.
Microsoft PPTP	1723	TCP	Point-to-Point Tunneling Protocol, a VPN implementation.
Windows Media Streaming	1755, 7007	TCP, UDP
Age of Empires	2300 to 2400, 6073, 47624	TCP, UDP	Multiplayer game.
Call of Duty	20500, 20510, 28960	TCP, UDP	Multiplayer game.
Counter-Strike	1200, 27000 to 27015, 27020 to 27039	TCP, UDP	Multiplayer game.
Doom 3	27650, 27666	TCP, UDP	Multiplayer game.
Everquest	1024, 6000, 7000	TCP, UDP	Multiplayer game.
Far Cry	49001 to 49002, 49124	TCP, UDP	Multiplayer game.
FIFA	3658, 10400 to 10499	TCP, UDP	Multiplayer game.
Microsoft Flight Simulator	2300 to 2400, 6073, 23456, 47624	TCP, UDP	Multiplayer game.
Gamespy Arcade	3783, 6515, 6500, 6667, 13139, 27900, 28900, 29900, 29901	TCP, UDP	Game browser.
Gnutella	6346	TCP, UDP	P2P file sharing application.
GTA2	2300 to 2400, 47624	TCP, UDP	Multiplayer game.
Half Life 2	1200, 27000 to 27015, 27020 to 27039	TCP, UDP	Multiplayer game.
iTunes	3689	TCP, UDP	Music sharing application.
MSN Messenger	1863, 5190, 6891 to 6901	TCP, UDP	Instant messenger.
NBA Live	3658, 9570, 18699 to 28600	UDP	Multiplayer game.
Need For Speed	80, 1030, 3658, 3659, 9442, 13505, 18210, 18215, 30900 to 30999	TCP, UDP	Multiplayer game.
Net2Phone	6801	UDP	VoIP application.
NetFone	10200	TCP	VoIP application.
Neverwinter Nights	5120 to 5300, 6500, 6667, 27900, 28900	UDP	Multiplayer game.
NHL	3658, 10300, 13505	TCP, UDP	Multiplayer game.
No One Lives Forever	2300 to 2400, 7000 to 10000, 27888	TCP, UDP	Multiplayer game.
PhoneFree	1034 to 1035, 2644, 8000, 9900 to 9901	TCP, UDP	VoIP application.
Quake	27650, 27910, 27950, 27952, 27960, 27965	TCP, UDP	Multiplayer game.
Quicktime	6970 to 7000	TCP, UDP	Video streaming application.
Rainbow Six	80, 2346 to 2348, 6667, 7777 to 7787, 8777 to 8787, 40000 to 42999, 44000, 45000	TCP, UDP	Multiplayer game.
RealVNC	5900	TCP, UDP	Remote desktop application.
Remote Desktop	3389	TCP, UDP	Generic remote desktop protocol.
Shiva VPN	2233	TCP, UDP	Tunneling application.
Soldier of Fortune	28910 to 28915, 20100 to 20112	TCP, UDP	Multiplayer game.
Speak Freely	2074 to 2076	UDP	VoIP application.
Starcraft	6112	TCP, UDP	Multiplayer game.
TeamSpeak	8767, 14534, 51234	TCP, UDP	Online voice chat.
Tiger Woods PGA Tour	80, 443, 9570, 13505, 20803, 20809, 32768 to 65535	TCP, UDP	Multiplayer game.
Tight VNC	5800, 5500, 5900	TCP	Remote desktop application.
Tribes	28000, 28001	TCP, UDP	Multiplayer game.
Ultima Online	5001 to 5010, 7775 to 7777, 7875, 8800 to 8900, 9999	TCP	Multiplayer game.
Unreal Tournament	7777 to 7788, 8080, 8777, 9777, 27900, 42292	TCP, UDP	Multiplayer game.
Vonage	5061, 10000 to 20000	UDP	VoIP application.
VPhone	11675	TCP, UDP	VoIP application.
Warcraft	6112 to 6119	TCP, UDP	Multiplayer game.
WebcamXP	8080, 8090	TCP	Video sharing application.
Winamp Streaming	8000 to 8001	TCP	Audio streaming application.
Wingate VPN	809	TCP, UDP	Tunneling application.
World of Warcraft	3724, 6112, 6881 to 6999	TCP	Multiplayer game.
Worms Armageddon	80, 6667, 17010 to 17012	TCP	Multiplayer game.
XBox	80, 1900, 3390, 3074, 3776, 3932, 5555, 7777	TCP, UDP	Game appliance.
Azureus	6881 to 6889	TCP, UDP	P2P file sharing application.
DC++	411, 1025 to 32000	TCP, UDP	P2P file sharing application.
Limewire	6346 to 6347	TCP, UDP	P2P file sharing application.

Understanding "IP classless" command in Cisco Routers

IP Classless

Where the ip classless configuration command falls within the routing and forwarding processes is often confusing. In reality, IP classless only affects the operation of the forwarding processes in IOS; it doesn't affect the way the routing table is built. If IP classless isn't configured (using the no ip classless command), the router won't forward packets to supernets. As an example, let's again place three routes in the routing table and route packets through the router.
Note: If the supernet or default route is learned via IS-IS or OSPF, the no ip classless configuration command is ignored. In this case, packet switching behavior works as though ip classless were configured.

router# show ip route
....
     172.30.0.0/16 is variably  subnetted, 2 subnets, 2 masks
D        172.30.32.0/20 [90/4879540] via  10.1.1.2
D       172.30.32.0/24  [90/25789217] via 10.1.1.1
S*   0.0.0.0/0 [1/0] via 10.1.1.3  

Remembering that the 172.30.32.0/24 network includes the addresses 172.30.32.0 through 172.30.32.255, and the 172.30.32.0/20 network includes the addresses 172.30.32.0 through 172.30.47.255, we can then try switching three packets through this routing table and see what the results are.

• A packet destined to 172.30.32.1 is forwarded to 10.1.1.1, since this is the longest prefix match.
  
• A packet destined to 172.30.33.1 is forwarded to 10.1.1.2, since this is the longest prefix match.
  
• A packet destined to 192.168.10.1 is forwarded to 10.1.1.3; since this network doesn't exist in the routing table, this packet is forwarded to the default route.
  
• A packet destined to 172.30.254.1 is dropped.
  

The surprising answer out of these four is the last packet, which is dropped. It's dropped because its destination, 172.30.254.1, is within a known major network, 172.30.0.0/16, but the router doesn't know about this particular subnet within that major network.
This is the essence of classful routing: If one part of a major network is known, but the subnet toward which the packet is destined within that major network is unknown, the packet is dropped.
The most confusing aspect of this rule is that the router only uses the default route if the destination major network doesn't exist in the routing table at all.
This can cause problems in a network where a remote site, with one connection back to the rest of the network, is running no routing protocols, as illustrated.

The remote site router is configured like this:

interface Serial 0
     ip address 10.1.2.2 255.255.255.0
   !
   interface Ethernet 0
     ip address 10.1.1.1 255.255.255.0
   !
   ip route 0.0.0.0 0.0.0.0 10.1.2.1
   !
   no ip classless

With this configuration, the hosts at the remote site can reach destinations on the Internet (through the 10.x.x.x cloud), but not destinations within the 10.x.x.x cloud, which is the corporate network. Because the remote router knows about some part of the 10.0.0.0/8 network, the two directly connected subnets, and no other subnet of 10.x.x.x, it assumes these other subnets don't exist and drops any packets destined for them. Traffic destined to the Internet, however, doesn't ever have a destination in the 10.x.x.x range of addresses, and is therefore correctly routed through the default route.
Configuring ip classless on the remote router resolves this problem by allowing the router to ignore the classful boundaries of the networks in its routing table and simply route to the longest prefix match it can find.
info source:
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094823.shtml

Understanding Unicast Reverse Path Forwarding (uRPF)

Introduction

Network administrators can use Unicast Reverse Path Forwarding (Unicast RPF) to help limit the malicious traffic on an enterprise network. This security feature works by enabling a router to verify the reachability of the source address in packets being forwarded. This capability can limit the appearance of spoofed addresses on a network. If the source IP address is not valid, the packet is discarded. Unicast RPF works in one of three different modes: strict mode, loose mode, or VRF mode. Note that not all network devices support all three modes of operation. Unicast RPF in VRF mode will not be covered in this document.
When administrators use Unicast RPF in strict mode, the packet must be received on the interface that the router would use to forward the return packet. Unicast RPF configured in strict mode may drop legitimate traffic that is received on an interface that was not the router's choice for sending return traffic. Dropping this legitimate traffic could occur when asymmetric routing paths are present in the network.
When administrators use Unicast RPF in loose mode, the source address must appear in the routing table. Administrators can change this behavior using the allow-default option, which allows the use of the default route in the source verification process. Additionally, a packet that contains a source address for which the return route points to the Null 0 interface will be dropped. An access list may also be specified that permits or denies certain source addresses in Unicast RPF loose mode.
Care must be taken to ensure that the appropriate Unicast RPF mode (loose or strict) is configured during the deployment of this feature because it can drop legitimate traffic. Although asymmetric traffic flows may be of concern when deploying this feature, Unicast RPF loose mode is a scalable option for networks that contain asymmetric routing paths.

Unicast RPF in an Enterprise Network

In many enterprise environments, it is necessary to use a combination of strict mode and loose mode Unicast RPF. The choice of the Unicast RPF mode that will be used will depend on the design of the network segment connected to the interface on which Unicast RPF is deployed.
Administrators should use Unicast RPF in strict mode on network interfaces for which all packets received on an interface are guaranteed to originate from the subnet assigned to the interface. A subnet composed of end stations or network resources fulfills this requirement. Such a design would be in place for an access layer network or a branch office where there is only one path into and out of the branch network. No other traffic originating from the subnet is allowed and no other routes are available past the subnet.
Unicast RPF loose mode can be used on an uplink network interface that has a default route associated with it.

Unicast RPF Examples

Cisco IOS Devices

An important consideration for deployment is that Cisco Express Forwarding switching must be enabled for Unicast RPF to function. This command has been enabled by default as of IOS version 12.2. If it is not enabled, administrators can enable it with the following global configuration command: ip cef
Unicast RPF is enabled on a per-interface basis. The ip verify unicast source reachable-via rx command enables Unicast RPF in strict mode. To enable loose mode, administrators can use the any option to enforce the requirement that the source IP address for a packet must appear in the routing table. The allow-default option may be used with either the rx or any option to include IP addresses not specifically contained in the routing table. The allow-self-ping option should not be used because it could create a denial of service condition. An access list such as the one that follows may also be configured to specifically permit or deny a list of addresses through Unicast RPF:

interface FastEthernet 0/0
ip verify unicast source reachable-via {rx | any} [allow-default]
[allow-self-ping] [list]

Addresses that should never appear on a network can be dropped by entering a route to a null interface. The following command will cause all traffic received from the 10.0.0.0/8 network to be dropped even if Unicast RPF is enabled in loose mode with the allow-default option: ip route 10.0.0.0 255.0.0.0 Null0

PIX/ASA/FWSM

Unicast RPF can be configured on the PIX Security Appliance, the ASA Security Appliance, the Catalyst 6500 switch, or the Cisco 7600 router Firewall Services Module on a per-interface basis with the following global command: ip verify reverse-path interface interface_name

Troubleshooting Unicast RPF

Cisco IOS Devices

The show cef interface interface_name command can be used to show that Cisco Express Forwarding and Unicast RPF have been enabled on an interface. The following response is an example of output for this command.

router#show cef interface FastEthernet 0/0
FastEthernet0/0 is up (if_number 3)
Corresponding hwidb fast_if_number 3
Corresponding hwidb firstsw->if_number 3
Internet address is 10.81.7.118/28
ICMP redirects are always sent
Per packet load-sharing is disabled
IP unicast RPF check is enabled
Inbound access list is not set
Outbound access list is not set
Hardware idb is FastEthernet0/0
Fast switching type 1, interface type 18
IP CEF switching enabled
IP CEF Fast switching turbo vector
Input fast flags 0x0, Input fast flags2 0x0, Output fast flags 0x0, Output fast flags2 0x0
ifindex 1(1)
Slot 0 Slot unit 0 Unit 0 VC -1
Transmit limit accumulator 0x0 (0x0)
IP MTU 1500
router#

PIX/ASA/FWSM

The show ip verify statistics command can provide information about Unicast RPF statistics on a PIX/ASA/FWSM firewall. The following example shows 21 drops by Unicast RPF on the outside interface and 2738 packets dropped by Unicast RPF on the inside interface. Dropped packets should be investigated to determine their source and administrators should consider whether the packets indicate attempts to circumvent network security.

R4-ASA5520a# show ip verify statistics
interface outside: 21 unicast rpf drops
interface inside: 2738 unicast rpf drops
interface vpn: 0 unicast rpf drops
R4-ASA5520a#

Configuring IOS CA Server

Configuring Cisco Router as CA Server

R1(config)#ip domain-name networkexpert.co
R1(config)#crypto key generate rsa general-keys label netx exportable
R1(config)#crypto key export rsa netx pem url nvram: 3des netx123
!generate and export RSA keys

R1#show crypto key mypubkey rsa

R1(config)#ip http server
R1(config)#crypto pki server netxCA
R1(cs-server)#database url nvram:
!If this command is not specified, all database entries are written to Flash.
R1(cs-server)#database level <minimum | names | complete>
!Minimum: Enough information is stored only to continue issuing new certificates without
conflict; the default value.
!Names: In addition to the information given in the minimal level, the serial number and
subject name of each certificate.
!Complete: In addition to the information given in the minimal and names levels, each issued
certificate is written to the database.
R1(cs-server)#issuer-name CN=iosca.networkexpert.co L=Blr C=In
R1(cs-server)#lifetime ca-certificate 365
!default 3year
R1(cs-server)#lifetime certificate 200  
!default 1 year
R1(cs-server)#cdp-url http://172.18.108.26/netxcdp.netx.crl
R1(cs-server)#lifetime crl 24  
!default 1week
R1(cs-server)#grant auto
R1(cs-server)#no shutdown





R1# show crypto pki server

Automatic Backup of Cisco Router Configuration using KRON

About KRON:

The Command Scheduler (KRON) Policy for System Startup features enables support for Command Scheduler upon system startup.

Command Scheduler allows customers to schedule fully-qualified EXEC mode CLI commands to run once, at specified intervals, at specified calendar dates and times, or upon system startup. Originally designed to work with CNS commands, Command Scheduler has a broader application. Using the CNS image agent feature, remote routers residing outside a firewall or using Network Address Translation (NAT) addresses can use Command Scheduler to launch CLI at intervals to update the image running in the router.

Command Scheduler has two basic processes. A policy list is configured containing lines of fully-qualified EXEC CLI commands to be run at the same time or interval. One or more policy lists are then scheduled to run after a specified interval of time, at a specified calendar date and time, or upon system startup. Each scheduled occurrence can be set to run once only or on a recurring basis. 

Commands

RX2(config)# kron policy-list netx

RX2(config-kron-policy)# cli sh running-config | redirect tftp://172.16.1.150/backup-cfg

RX2(config-kron-policy)#  exit

RX2(config)#  kron occurrence netx-kron at 10:00 recurring

RX2(config-kron-occurrence)#  policy-list netx

RX2(config-kron-occurrence)#  exit

Verification:

RX2#sh kron schedule

Kron Occurrence Schedule

netx-kron inactive, will run again in 0 days 21:03:06 at 10:00 on

The above configuration can be used to schedule automatic backup of Cisco Router Configuration. As per the configuration given, Router is scheduled to take backup at 10:00AM everyday to TFTP Server specified.

Automatic Backup of Cisco Router Configuration using Archive

RX2(config)#archive

RX2(config-archive)#  path tftp://172.16.1.150/backup-cfg

RX2(config-archive)#  time-period 1440

RX2(config-archive)#  write-memory

RX2(config-archive)#  exit

The above configuration can be used to schedule automatic backup of Cisco Router Configuration. As per the configuration given, Router is scheduled to take backup every 24hrs as well as when ever user saves the changes using write-memory command to TFTP Server specified in path command.

Configuration Change Notification and Logging

About Configuration Log

The Configuration Change Notification and Logging feature tracks changes made to the Cisco IOS software running configuration by maintaining a configuration log. This configuration log tracks changes initiated only through the command-line interface (CLI) or HTTP. Only complete commands that result in the invocation of action routines are logged. The following types of entries are not logged:

•Commands that result in a syntax error message

•Partial commands that invoke the router help system

For each configuration command that is executed, the following information is logged:

•The command that was executed

•The configuration mode in which the command was executed

•The name of the user that executed the command

•The time at which the command was executed

•A configuration change sequence number

•Parser return codes for the command

You can display information from the configuration log through the use of the show archive log config command, with the exception of the parser return codes, which are for use by internal Cisco IOS applications only.

About Configuration Change Notifications and Config Change Logging

You can configure the Configuration Change and Notification Logging feature to send notification of configuration changes to the Cisco IOS software system logging (syslog) process. Syslog notifications allow monitoring of the configuration log information without performing polling and information gathering tasks.

The Configuration Change Notification and Logging feature allows the tracking of configuration changes entered by users on a per-session and per-user basis. This tool allows administrators to track any configuration change made to the Cisco IOS software running configuration, and identify the user that made that change. 

Commands

RX2(config)#archive

RX2(config-archive)#  log config

RX2(config-archive-log-cfg)#  hidekeys

RX2(config-archive-log-cfg)#  logging  enable

RX2(config-archive-log-cfg)#  notify syslog

RX2(config-archive-log-cfg)#  exit

Keyword “hidekeys” suppresses output of password while logging. 

Verification:

RX2#sh archive log config all

 idx   sess           user@line      Logged command

    1     1        console@console  |  logging enable

    2     1        console@console  |  notify syslog

    3     1        console@console  |  exit

    4     1        console@console  |   exit

    5     2        console@console  |router rip

    6     2        console@console  | exit

    7     2        console@console  |no router rip

     8    2        console@console  |enable password *****