838
Using the Help Files The help files are designed to familiarize users with the Cisco Packet Tracer interface, functions, and features. Although the help files may be used as a reference guide, the pages are meant to be read in order (especially the sections presented at the beginning). Annotated screenshots are used to aid your understanding. Important notes or tips are presented in tip boxes like the following: If you are a first-time user, please read the help files in order.

Packet Tracer Help

Embed Size (px)

DESCRIPTION

Descripción y ayuda respecto al programa Packet Tracer

Citation preview

Using the Help FilesThe help files are designed to familiarize users with the Cisco Packet Tracer interface, functions, and features. Although the help files may be used as a reference guide, the pages are meant to be read in order (especially the sections presented at the beginning). Annotated screenshots are used to aid your understanding. Important notes or tips are presented in tip boxes like the following:

If you are a first-time user, please read the help files in order.

Introduction

Welcome to Cisco Packet Tracer.

Packet Tracer is a medium fidelity, network-capable, simulation-based learning environment for networking novices to design, configure, and troubleshoot computer networks at a CCNA-level of complexity. Packet Tracer is an integrated simulation, visualization, collaboration, and assessment environment. Packet Tracer supports student and instructor creation of simulations, visualizations, and animations of networking phenomena. Like any simulation, Packet Tracer relies on a simplified model of networking devices and protocols. Real computer networks, experienced both in-person/hands-on and remotely, remain the benchmark for understanding network behavior and developing networking skills. Packet Tracer was created to help address the Digital Divide in networking education, where many students and teachers lack access to equipment, bandwidth, and interactive modes of learning networking. We invite you to use the help files and tutorials to learn about the major features of the program, which include the items in the following table.

Item Description

Protocols LAN: Ethernet (including CSMA/CD*), 802.11 a/b/g/n wireless*, PPPOESwitching: VLANs, 802.1q, trunking, VTP, DTP, STP*, RSTP*, multilayer switching*, Etherchannel, LACP, PAgP, IP CEFTCP/IP: HTTP, HTTPS, DHCP, DHCPv6, Telnet, SSH, TFTP, DNS, TCP*, UDP, IPv4*, IPv6*, ICMP, ICMPv6, ARP, IPv6 ND, FTP, SMTP, POP3, VOIP(H.323)Routing: static, default, RIPv1, RIPv2, EIGRP, single-area OSPF, multi-area OSPF, BGP, inter-VLAN routing, redistributionOther: ACLs (standard, extended, and named), CDP, NAT (static, dynamic, inside/outside, and overload), NATv6, NetflowWAN: HDLC, SLARP, PPP*, and Frame Relay*Security: IPsec, GRE, ISAKMP, NTP, AAA, RADIUS, TACACS, SNMP, SSH, SYSLOG, CBAC, Zone-based policy firewall, IPSQoS: Layer 2 QoS, Layer 3 Diffserv QoS, FIFO Hardware queues, Priority Queuing, Custom Queuing, Weighted Fair Queuing, MQC, NBAR** indicates substantial modeling limitations imposed

Logical Workspace Network topology creationDevices: generic, real, and modular with customizable imagesRouters, switches, hosts (Server, Desktop and Laptop), hubs, bridges, wireless access points, wireless routers, clouds, ASA, and DSL/cable modemsDevice interconnection through a variety of networking mediaMultiuser remote networks

Physical Workspace Hierarchy of device, wiring closet, building, city, and intercity viewsStructured cabling: create BendPoints and GroupPoints in cables and color code cables

Ethernet cable length display and length limitation connectivity enforcementImages for devices now customizable and scalableLoading and scaling of user-created graphicsWireless association management

Realtime Mode Realtime protocol updatesMedium-fidelity Cisco IOS CLI configuration of routers and switchesMenu based configuration of DHCP, DNS, HTTP, TFTP, Syslog, AAA, and NTP servers

Simulation Mode Packet animationGlobal event list (packet sniffer)OSI Model, Detailed PDU, and Device Table ViewsUser-defined multiple packet scenarios

Local Authoring and Sharing Extensive file-saving optionsMulti-level Activity Wizard for authoring automatically scored practice activities and formative assessmentChallenge Mode allowing users to make device algorithm decisions on packetsEasily translated GUIExtensive textual and graphical annotation featuresExternal Applications (ExApps) through Inter-Process Communication (IPC)

What's New

Users of previous versions of Packet Tracer will note a variety of new features in this version of Packet Tracer.

Protocol ImprovementsPacket Tracer now models these new or improved features:

Netflow Zone-Based Policy Firewall for IPv6 AAA Accounting Commands IPv6 CEF IPv6 IPSEC IPv6 over IPv4 GRE Tunnel Protection Etherchannel Expansion (Layer 3) IOS 15 [15.0.2-SE4(ED)] image support for 2960 OSPF - OSPFv3 Enhancements

o OSPF distance command o "ipv6 ospf neighbor [ipv6-add]" interface subcommand o "neighbor router-id" command o "area [area] range" command o ip ospf network point-to-point (loopback interface only) o "auto-cost reference-bandwidth"

EIGRP - EIGRPv6 Enhancements o EIGRP distance command o "debug ip eigrp summary" commands o EIGRPv6 across FR o EIGRP authentication commands

RIP - RIPng Enhancements o default-information originate for RIPng o RIP distance command update

DHCP Enhancements o DHCP for IPv6 o show and clear ip dhcp conflict o DHCP snooping commands o IPv4 Automatic Private IP Addressing (APIPA) o ipv6config /renew and /release on PC o DHCPv6 commands for IOS 15

o NDv6 Show Commands

o show ip route o show ip/ipv6 route summary

General Improvements

Converted Qt3 code to Qt4.82 Supports Windows 8 and Windows 8.1. Stopped support for Windows Vista. Activity Wizard

o Scripts - Text popup on topology o Scripts - Supported in instruction window o Add variable manager import / export o Explanation of answer tree nodes names o Add show variables to pools and variables page

Simulation Mode o Filter based on IPv4 and IPv6 traffic o Update PDU index in the PDU Window o Expanded buffer for PDUs.

New Devices

Security

ASA 5505

Uses for Packet Tracer

For StudentsWelcome to the world of computer networking. Packet Tracer can be a fun, take-home, flexible piece of software to help with your CCNA studies, allowing you to experiment with network behavior, build models, and ask "what if" questions. We hope that Packet Tracer will be useful to you whatever your goals are in networking, be they further education, certification, employment, or personal fulfillment. We want to emphasize how important it is for you to also gain in-person, hands-on experience with real equipment as part of preparing to join the community of networking professionals. For InstructorsPacket Tracer is a simulation, visualization, collaboration, and assessment tool for teaching networking. Packet Tracer allows students to construct their own model or virtual networks, obtain access to important graphical representations of those networks, animate those networks by adding their own data packets, ask questions about those networks, and finally annotate and save their creations. The term "packet tracing" describes an animated movie mode where the learner can step through simulated networking events, one at a time, to investigate the microgenesis of complex networking phenomena normally occurring at rates in the thousands and millions of events per second.

A typical instructional event might begin with an instructor posing a networking problem to the student. Students can use Packet Tracer to drag and drop networking devices (nodes) such as routers, switches, and workstations into logical topology space (the Logical Workspace). They can then specify the types of interconnections between these devices (links) and configure the devices they created. Once they have designed and configured a network of nodes and links, they can then launch sample data packets into the network, either in real time, or in a user-controlled simulation mode. The packets are displayed graphically. The student can step the packet through the network, examining the processing decisions made by networking devices as they switch and route the packet to its destination. The networks, packet scenarios, and resulting animations can be annotated, saved, and shared. Many important networking domain knowledge representations are available for the student to pursue various modes of inquiry. Of particular interest to instructors may be the Activity Wizard, which allows the authoring of answer networks to which students can compare their progress. Also of possible interest to instructors are Packet Tracer's multi-user feature, whereby different instances of Packet Tracer can be used to create a "virtual Internet" on a real network.

Packet Tracer is based on three learning principles: learning is active, learning is social, and learning is contextual. Hence, it is meant to facilitate the creation of engaging, collaborative, and localized instructional materials. Packet Tracer may be used in a variety of ways:

Group work Class work, Homework, and Distance Learning Formative assessment Hands-on lab reinforcement Lecture demonstrations Modeling and visualization of networking device algorithms and networking protocols

Case studies Multi-user cooperative and competitive activities Competitions Problem-solving activities in concept-building, skill-building, design, and troubleshooting

Four problem types are well-supported by Packet Tracer:

Concept-builders (model-building inquiries leading to student-created explications and animations of networking concepts) Skill-builders (algorithmic problem solving in support of the development of networking procedural knowledge) Design challenges (constraint-based problems with multiple correct solutions) Troubleshooting challenges (diagnosing, isolating, and fixing the simulated network from a previously bugged network file)

Packet Tracer allows activity authoring for approximately 80% of the topics and skills required for CCNA Certification, and has relevance to CCNA-Security, CCNP, IT Essentials, and general TCP/IP courses as well. Although the program includes some sample activities, we strongly encourage you to share activities that you create with others in the CCNA teaching and learning community. In addition, integrated into the Discovery and Exploration courses are hundreds of already-written Packet Tracer activities.

Getting Started

The best place to get started is to review the help files. The help files contain comprehensive documentation on almost all the features in Packet Tracer, complete with descriptive text, screenshots, and animated tutorial guides. You may start using the application and come back to the help files when you have a question. Or you may take a look at "My First PT Lab" which will guide you step by step through some basic features of Packet Tracer.

Interface Overview

When you open Packet Tracer, by default you will be presented with the following interface:

 

This initial interface contains ten components. If you are unsure of what a particular interface item does, move your mouse over the item and a help balloon will explain the item.

1 Menu Bar This bar provides the File, Edit, Options, View, Tools, Extensions, and Help menus. You will find basic commands such as Open, Save, Save as Pkz, Print, and Preferences in these menus. You will also be able to access the Activity Wizard from the Extensions menu.

2 Main Tool Bar This bar provides shortcut icons to the File and Edit menu commands. This bar also provides buttons for Copy, Paste, Undo, Redo, Zoom, the Drawing Palette, and the Custom Devices Dialog. On the right, you will also find the Network Information button, which you can use to enter a description for the current network (or any text you wish to include).

3 Common Tools Bar This bar provides access to these commonly used workspace tools: Select, Move Layout, Place Note, Delete, Inspect, Resize Shape, Add Simple PDU, and Add Complex PDU. See "Workspace Basics" for more information.

4 Logical/Physical Workspace and Navigation Bar

You can toggle between the Physical Workspace and the Logical Workspace with the tabs on this bar. In Logical Workspace, this bar also allows you to go back to a previous level in a cluster, create a New Cluster, Move Object, Set Tiled Background, and Viewport. In Physical Workspace, this bar allows you to navigate through physical locations, create a New City, create a New Building, create a New Closet, Move Object, apply a Grid to the background, Set Background, and go to the Working Closet.

5 Workspace This area is where you will create your network, watch simulations, and view many kinds of information and statistics.

6 Realtime/Simulation Bar You can toggle between Realtime Mode and Simulation Mode with the tabs on this bar. This bar also provides buttons to Power Cycle Devices and Fast Forward Time as well as the Play Control buttons and the Event List toggle button in Simulation Mode. Also, it contains a clock that displays the relative Time in Realtime Mode and Simulation Mode.

7 Network Component Box This box is where you choose devices and connections to put into the workspace. It contains the Device-Type Selection Box and the Device-Specific Selection Box.

8 Device-Type Selection Box

This box contains the type of devices and connections available in Packet Tracer. The Device-Specific Selection Box will change depending on which type of device you choose.

9 Device-Specific Selection Box

This box is where you choose specifically which devices you want to put in your network and which connections to make.

10 User Created Packet Window*

This window manages the packets you put in the network during simulation scenarios. See the "Simulation Mode" section for more details.

 

* You can freely resize the User Created Packet Window (UCPW) by placing the cursor near the left edge of the window (it will turn into a "resize" cursor) and then drag the cursor left or right. You can hide the window from view by dragging the edge all the

way to the right. When the UCPW is hidden, you can bring it back by placing the cursor on the edge (notice when the resize cursor appears) and then dragging the edge back.

 

 

Workspaces and ModesPacket Tracer has two workspaces (Logical and Physical) and two modes (Realtime and Simulation). Upon startup, you are in the Logical Workspace in Realtime Mode. You can build your network and see it run in real time in this configuration. You can switch to Simulation Mode to run controlled networking scenarios. You can also switch to the Physical Workspace to arrange the physical aspects (such as the location) of your devices. Note that you view a simulation while you are in the Physical Workspace. You should return to the Logical Workspace after you are done in the Physical Workspace. 

Setting PreferencesYou can customize your Packet Tracer experience by setting your own preferences. From the Menu Bar, select Options > Preferences (or simply press Ctrl + R) to view the program settings.

Under the Interface panel, you can toggle the Animation, Sound, and Show Link Lights settings to suit the performance of your system and your preferences. You can also manage information clutter with the Show Device Labels, Always Show Port Labels, and Show Port Labels When Mouse Over settings. Also, you can also toggle Show QoS Stamps on Packets shown in Simulation Mode and Enable Cable Length Effects. The

Enable Auto Cable option allows you to toggle the Automatic Connection when connecting devices. The Show Device Dialog Taskbar option allows you to toggle the taskbar that is displayed at the bottom of the workspace which organizes currently opened device dialogs. The Logging feature allows the program to capture all Cisco IOS commands that you enter and export them to a text file (refer to the "Configuring Devices" page for more information). The Simulation - Buffer Full Action feature allows you to set the preferred action that Packet Tracer will perform. You can set the action to Prompt if you want to be prompted when the Simulation buffer is full. At the prompt, you can either Clear Event List or View Previous Events. Alternatively, you can set the action to either Auto Clear Event List to allow Packet Tracer to automatically clear the Event List when the buffer is full or you can set the action to Auto View Previous Events to automatically view the previous events. The Enable Screen Reader Support accessibility feature reads out all the titles and descriptions of the visible window that has the focus. Lastly, you can also change the base language of the program by choosing from the Languages list and then pressing the Change Language button.

 

Under the Administrative panel, you can disable access to a particular interface such as the Interface tab and the Multiuser menu using the Interface Locking feature. In order settings and configurations to apply globally for every user on the machine, you need to click on the Write button to save the PT.conf file to the Packet Tracer installation folder. Optionally, you may change the User Folder to a different location which is where your own settings, configurations, save files, and device templates are stored. Additionally, you can set a Password to prevent others from tampering with these preferences. Note that the password is case-sensitive.

 

Under the Hide panel, you can choose to hide or show the Physical, Config, CLI, Desktop, GUI, HTML GUI, and HTML tabs in the device edit dialog.

 

Under the Font panel, you can select different fonts and font sizes for the Dialogs, Workspace/Activity Wizard, and the General Interface Under the Colors category, you can change the font color of the Router IOS Text, Router IOS Background, PC Console Text, and PC Console Background.

 

Setting a User ProfileYou can set your user profile for activity assessment and Multiuser identification. From the Menu Bar, select Options > User Profile to view the User Profile dialog. In the User Profile dialog, you can enter your Name, E-Mail, and any Additional Info about yourself that you may want to share.

 

Algorithm SettingsThe Algorithms Settings dialog allows the user to make configurations that are otherwise not available in IOS. It also allows tweaking of algorithm settings to make visualization of certain algorithm/protocol behaviors more easily viewable.

CBAC Half-Open Session Multiplier: If the number of half-open CBAC sessions multiplied by this number exceeds the configured max half-open session count, new sessions would not be opened.

TCP Maximum Number of Connections: If the number of connections in SYN-RECEIVED state exceeds this number, any new connections would be rejected.

TCP Maximum Number of Opened Sessions: If the number of connections exceeds this number, any new connections would be rejected.

TCP Maximum Retransmission Timeout in Milliseconds : If a TCP connection does not receive an acknowledgement to a segment it transmitted in this number, it would retransmit the segment.

Switching Storm Control Multiplier: If the bandwidth percentage of broadcast frames used multiplied by this number exceeds the configured threshold, the broadcast frame would be dropped.

 

Saving a PKZPacket Tracer allows you to save your topology (PKT) as well as any custom device icons and backgrounds that you applied to on the Logical Workspace and Physical Workspace to a save file called a PKZ. A PKZ is able to retain any external files you add in a single save file, which allows for portability and compactness from computer to computer. To create a PKZ, go to File > Save as Pkz. Enter a file name for the PKZ and click on Save. In the Pkz Select Files dialog, you will be able to add and remove files that you want to save along with PKT. To add a file, click on the Add button and browse to the file you want to add then click Open. To remove a file, select the file from the list then click Remove. Once you are done adding and removing files, click OK to create the PKZ file.

Be sure to add all custom device image icons and custom backgrounds.

My First Packet Tracer Lab

Introduction Welcome to Packet Tracer. Research has shown that users who master a few basic tasks when first starting to use Packet Tracer get much more out of the software. This lab is designed to familiarize a user with Packet Tracer's features. This activity should take approximately 30 minutes to complete. Use these directions to go through the lab yourself, or view the animated tutorial version of the lab.

 Lab Objectives

I. Viewing Help and Tutorials View Tutorial

II. Creating Your First Network View Tutorial

III. Sending Simple Test Messages in Realtime Mode View Tutorial

IV. Establishing a Web Server Connection Using the PC’s Web Browser

View Tutorial

V. Capturing Events and Viewing Animations in Simulation Mode View Tutorial

VI. Looking Inside Packets in Simulation Mode View Tutorial

VII. Viewing Device Tables and Resetting the Network View Tutorial

VIII. Reviewing Your New Skills 

Important Terminology

1. ICMP ping: command consisting of an echo request message from one device to another, and the returning echo reply. 2. IP address: 32-bit address assigned to devices as identification in the network. 3. Ethernet: one of the most common LAN standards for hardware, communication and cabling. 4. Fast Ethernet Interface: 100 Mbps Ethernet port. In Packet Tracer, a GUI may be used to configure such interfaces. 5. OSI model: 7-layer framework for looking at network protocols and devices, consisting of the application, presentation, session, transport,

network, data link, and physical layers. 6. PDU: protocol data unit, a grouping of data appropriate to a given layer in the OSI model. 7. Packets: OSI Layer 3 protocol data units. Represented by envelopes in Packet Tracer Simulation Mode. 8. Device Tables: includes ARP, switching, and routing tables. They contain information regarding the devices and protocols in the network. 9. ARP Table: Address Resolution Protocol (ARP) table, stores pairings of IP Addresses and Ethernet MAC addresses. 10. Scenario: one topology with a set of PDUs placed in the network to be sent at specific times. Using different scenarios, experiment with

different combinations of packets using the same base topology.

I. Viewing Help and Tutorials (View Tutorial)

1. Launch Packet Tracer. 2. Open the help content by clicking Help > Contents on the Menu bar. You can also click the question mark on the Main toolbar. Another

option is the F1 shortcut key. 3. The menu will always be visible on the left side of the window while browsing through the help files. Skim through the help sections to get an

idea of the functionality of Cisco Packet Tracer. 4. The What's New section under Introduction provides an overview of features that have been added to Packet Tracer. 5. Pay close attention to the Interface Overview section under Getting Started to familiarize yourself quickly to the Packet Tracer interface. 6. Browse the Tutorials section as well. 7. Open the Interface Overview tutorial to learn the basics of the Packet Tracer graphical user interface. Note: Some browsers may prevent the

tutorial from playing. Configure your browser to allow active content to enable the viewing of the tutorial. 8. When the first caption appears, as shown below, click the Pause button in the playback controls.

9. Click the Forward button to skip to the next caption. Then click Pause again. Click the Back button to view the previous caption. 10. Continue viewing the tutorial by pressing the Play button. Parts of the tutorial can also be skipped by dragging the slider to the right. If

needed, click the Rewind button to restart the tutorial. 11. Click Exit to close the tutorial window. Close the help content as well.

Congratulations on learning more about resources that will help you get the most out of Packet Tracer.

 

II. Creating a First Network (View Tutorial)

1. Start creating a network by first selecting the End Devices. Add a Generic PC and a Generic Server to the workspace. 2. Under Connections, select the Copper Straight-through cable (solid black line) and connect the devices with it. The red lights on the link

indicate that the connection is not working. Now, use the Delete tool to remove the Copper Straight-through cable, and use a Copper Cross-over cable (dashed line) instead. The lights should turn green at this point. If the mouse pointer is held over either devices, the link status will be shown as “Up.” The network should look similar to this:

3. Click on the PC. While paying attention to the link lights, turn the power on, off, and on again. Follow the same steps for the server. The link lights turn red when the device is off. This means that the link is down or is not working. The link lights turn green when the device is turned back on.

4. Try all three ways to learn about the devices. First, mouse over the devices to see basic configuration information about them. Second, click on each device with the Select tool to show the device configuration window, which provides several ways to configure the device. Third, use the Inspect tool to view the tables the network device will build as it learns about the network around it. In this example, open the ARP table. Since the devices have not been configured yet, the ARP tables are empty. Always remember to close the windows after viewing them or they will clutter the workspace.

5. Open the PC configuration window and change the settings using the Config tab. Change the display name to Client and set the DNS server to 192.168.0.105. Under Interface, click FastEthernet and set the IP address as 192.168.0.110. Packet Tracer automatically calculates other parameters. Make sure that the Port Status box is checked. For future reference, note that other Ethernet interface settings, such as bandwidth, duplex, MAC address, and subnet mask can be modified using this window.

6. Go to the Desktop Tab and click on IP Configuration. Notice that the IP address, subnet mask and DNS server can be changed here as well. 7. Open the Server configuration window and go to the Config tab. Change the display name to Web Server. Click FastEthernet and set the IP

address as 192.168.0.105. Make sure that the Port Status is also on. Click DNS and set the domain name as www.firstlab.com. Set the IP address as 192.168.0.105 and click Add. Finally, check to make sure that the service for DNS is on.

8. Reposition the network devices by dragging them to a new location. Add a network description by using the “i” button on the upper right corner. Then add some text labels within the Logical Workspace by using the Place Note tool.

9. Load a background grid using the Set Tiled Background button. 10. Save your work using the File > Save As option and create a meaningful filename.

Congratulations on creating your first network.

 

III. Sending Simple Test Messages in Realtime Mode (View Tutorial)

1. Start by opening the file saved in the last section. 2. Notice that the file opens in Realtime Mode. Use the Add Simple PDU tool to send a simple one-time ping message, called an echo request, to

the server. The server responds with an echo reply because all devices have properly configured IP address settings. 3. Scroll up and down the User Created Packet Window to see the different capabilities of this ping message, including an indication that the

ping was successful. 4. Toggle the PDU List Window to see a larger display of this message. One or more of these messages can be saved as a scenario. Scenario 0 is

displayed when starting. Label this first scenario with an “i” note. Different scenarios allow the use of the same topology for experiments with different groupings of user created packets.

5. Click New to create a new scenario. New scenarios will initially be blank. 6. Add two packets using the Simple PDU tool, a PDU from the PC to the Server and a different PDU from the Server to the PC. Then add an

“i” note describing the scenario, to complete Scenario 1. An example is shown below:

7. Several scenarios can be saved with a single network. Alternate between Scenario 0 and 1. 8. Now, remove Scenario 0 using the Delete button. 9. Scenario 1 is now visible. Go to the last column in the User Created Packet Window and double-click (delete) to remove a PDU. 10. Delete the whole scenario. Notice that the scenario list went back to the default Scenario 0.

Congratulations on being able to send and organize simple test messages in Realtime Mode.

 

IV. Establishing a Web Server Connection Using the PC’s Web Browser (View Tutorial)

1. Open the file saved from the previous section. 2. Click on the PC to view the configuration window. 3. Select the Desktop tab, and then click Web Browser. Type in www.firstlab.com as the URL and click the Go button. The Packet Tracer

welcome page, shown below, appears, indicating that the web connection has been successfully established. 4. Clear the URL, type www and click Go. Since the address entered is not complete, a “Host Name Unresolved” message appears. 5. Type 192.168.0.105 as the URL entry and click on Go. Notice that the Packet Tracer welcome page appears again. This is because the Server

IP address can also be used to establish a web connection. 6. Close the window and try the same steps in Simulation Mode. In this mode, the user controls time, so the network can be viewed running at a

slower pace, allowing observation of the paths packets take and inspection of packets in detail (packet tracing!). 7. Select the PC again and go to the Web Browser in the Desktop tab. Type www.firstlab.com as the URL again and click Go. The welcome

page should not appear right away. 8. Switch to the main interface of Packet Tracer without closing the PC configuration window. Notice that a DNS packet is added to the event

list. 9. Click Auto Capture/Play or repeatedly click the Capture/Forward button until the HTTP packet appears on the PC. Go back to the PC

configuration window. The Packet Tracer welcome page is now shown. 10. Close the PC configuration window.

Congratulations on successfully establishing a web server connection.

 

V. Capturing Events and Viewing Animations in Simulation Mode (View Tutorial)

1. Open the previously saved file. 2. In Realtime Mode, send a simple PDU from the PC to the Server. 3. Delete the PDU by using the method learned in the previous section. 4. Switch to Simulation Mode. 5. Click Edit Filters and click All/None to uncheck all fields. Then click ICMP to only view ICMP packets in the animation.

6. Add a simple PDU from the PC to the Server. Notice that the newly created PDU is added to the User Created PDU List. This packet has been captured as the first event in the event list and a new packet icon (envelope) appears in the workspace. The eye icon to the left of the event list indicates that this packet is currently displayed.

7. Click the Capture/Forward button once. This simulates a network sniffing program, capturing the next event that occurs on the network. Note that after clicking Capture/Forward, the packet in the workspace moves from one device to another (this is the ICMP echo request message from the PC to the Server). Another event is added in the event list – this reflects the change in the workspace. The first time through an animation, the meaning of the Capture/Forward is capture; after resetting the simulation, the meaning is forward.

8. Adjust the speed of the animation by dragging the Play Speed slider to the right making it go faster. Dragging the speed slider in the opposite direction (to the left) will slow down the animation.

9. Click the Capture/Forward button a second time. This captures the next network event (this is the echo reply from the Server to the PC, shown as successful with a green check mark on the envelope).

10. Click Capture/Forward button again. The Server has already sent an echo reply to the PC therefore, there are no more ICMP events left to capture.

Congratulations on successfully capturing events and viewing animations in Simulation Mode.

 

VI. Looking Inside Packets in Simulation Mode (View Tutorial)

1. Continuing from the last activity, click Reset Simulation. This clears the entries in the event list except for the original packet. 2. Select the packet envelope on the workspace to show the PDU Information window like the one shown in the screenshot below. This window

contains the OSI Model tab, which shows how the packet is processed at each layer of the OSI model by the current device. Close this window, noting that this packet is indicated in the event list by the eye icon. The whole row in the event list is also highlighted. Clicking on the color square in the Info column is equivalent to clicking directly on the packet envelope (try it!).

3. Use the Next Layer and Previous Layer buttons to see details of the packet processing at the relevant OSI layers. Note that only the Out Layers can be viewed in the case of this original echo request message.

4. Click on the Outbound PDU Details tab. This tab shows exactly what makes up the PDU headers. It is organized into header type and the individual fields in each header.

5. Close the PDU Information window. Click on Capture/Forward button once. 6. Click on the packet in the workspace again to open the PDU Information window. Notice that this time, information regarding both the In

Layers and Out Layers can be viewed. 7. Click on the Inbound PDU Details tab. This shows the details of the inbound echo request packet from the PC to the Server. The Outbound

PDU Details tab, shows similar information, but for the echo reply packet from the Server to the PC. 8. Click on Reset Simulation again. Now click on Auto Capture/Play. The echo request and echo reply are automatically captured. Click on the

Back Button to rewind the animation one step at a time. Now click on the Capture/Forward button to forward the packet through the animation. Note the change in the event list and the workspace. Remember that at any time, a PDU Information Window can be opened by clicking directly on the envelope on the workspace, or by clicking the Info column in the Event List.

9. Click on the Back Button twice to rewind the animation. Now click Auto Capture/Play and the packet animation will automatically occur.

Congratulations on being able to manipulate the Play Controls and PDU Information Window to understand more about packet processing details.

 

VII. Viewing Device Tables and Resetting the Network (View Tutorial)

1. Open the file saved from the previous section. 2. Open the ARP Tables for both devices by clicking them with the Inspect tool. The ARP tables always appear on the same spot. Reposition

them to make them both visible. You can also resize the tables for better viewing. 3. In Realtime Mode, send a simple PDU from the PC to the Server. Notice that the ARP tables are filled in automatically, as shown here:

4. Delete the PDU using the method covered in the previous sections. Notice that the entries in the ARP tables are NOT cleared. ARP entries for both devices have already been learned. Deleting the user created PDUs does not reset events what has already occurred in the network.

5. Click Power Cycle Devices. ARP tables are cleared because the Power Cycle Devices button turns the devices off and back on again therefore, losing temporary information like the ARP table entries.

6. Go to Simulation Mode. In the event list filters, make sure that ICMP and ARP are checked so that you can view ICMP and ARP packets in the animation.

7. Create a new simple PDU from the Server to the PC. 8. Notice that since the devices were power cycled earlier, the ARP tables are empty. ARP request packets need to be issued before the ICMP

ping packets, so that the devices in the network can learn about each other. Click on Auto Capture/Play to watch the animation. 9. Click Reset Simulation. Notice that even though the event list is cleared (except for the user created PDU), the ARP tables remain full. Click

Auto Capture/Play. This time, since the ARP tables are full, there are no new ARP packets issued. 10. Click Power Cycle Devices. Doing so will empty the tables. Notice that new ARP request packets appear automatically in the event list.

Congratulations! You can now view device tables, reset a simulation, and reset the network.

 

VIII. Reviewing Your New Skills

Single-clicking on the Delete button removes the entire scenario including all the PDUs associated with it. Double-clicking on (delete) in the far right column in the PDU List window deletes individual PDUs. The Reset Simulation button clears all entries in the Event List, except for User Created PDUs, and allows the animation to restart. This,

however, does not reset the device tables. The Power Cycle Devices button turns all of the devices in the network off and on so the tables that the devices built are lost along with

configurations and other information not saved. Saving work periodically prevents lost configurations and state changes in the network.

Congratulations on being ready to build and analyze many different networks in Packet Tracer! Be aware that there are many other features that were not covered in this lab. To learn more, please view the other available tutorials and review the help files. Have Fun!

Tutorials

The following tutorials demonstrate the basic functions, features, and aspects of Packet Tracer. Although you can view them at any time, they are most effective when you have read the appropriate section or pages corresponding to each tutorial.

Tutorial Description

Getting Started

Interface Overview Shows how to start using the program.

Options Shows how to customize Packet Tracer using the Options menu.

Managing Windows

Organizing Interface Explains how to organize windows in the Packet Tracer Interface.

Part I Shows how to manage multiple windows when Packet Tracer is launched locally.

Part II Shows how to manage multiple windows when Packet Tracer is launched from a course.

Getting Started

Interface Overview Shows how to start using the program.

Options Shows how to customize Packet Tracer using the Options menu.

Logical Workspace

Creating a Network Topology Demonstrates how to create, arrange, delete, and connect devices.

Custom Device Templates Demonstrates how to create and remove custom device templates.

Clustering a Network Topology Demonstrates how to create, arrange, uncluster, delete, and connect clusters.

Editing and Annotating a Network Topology

Demonstrates how to edit and annotate a network topology.

Configuring Devices

Configuring Devices Using the Config tab

Demonstrates how to configure devices using the Config tab.

Configuring Devices Using the Desktop tab

Demonstrates how to configure devices using the Desktop tab.

Configuring Devices Using the CLI tab Demonstrates how to configure devices using the CLI tab.

Realtime and Simulation Modes

Simulation Environment Introduces an overview of the simulation environment.

Simulation Panel Demonstrates in detail of every feature in the Simulation Panel including the Event List, Play Controls, and Event List Filters.

Advanced Features in Simulation Mode Introduces more advanced features in Simulation Mode to users.

PDU Information Explains the information displayed in a PDU and how to use Challenge mode in a PDU.

Physical Workspace

Navigating Physical Workspace Introduces a brief description of the interface of Physical Workspace and how to navigate Physical Workspace.

Modifying Physical Workspace Explains how to modify Physical Workspace by creating new objects, removing existing objects, and moving objects from one location to another location in Physical Workspace.

Structured Cabling Demonstrates how to create realistic structured cabling in the Physical Workspace.

Interaction between the Logical Workspace and the Physical Workspace

Demonstrates how the Logical Workspace and the Physical Workspace interact.

Activity Wizard Novice

Launch and Exit Activity Wizard Demonstrates how to launch and exit Activity Wizard.

Write Instructions Demonstrates how to write instructions for an activity.

Answer Network Reviews features related to the answer network.

Initial Network Reviews features related to the initial network.

Test Activity and Check Activity Explains how to use the Test Activity and Check Activity features to create a reliable activity.

Set Password, Save and Distribute the Newly Created Activity File

Demonstrates how to set a password, how to save and distribute an activity.

Activity Wizard - Scoring Model

Overview Gives an overview of the Scoring Model interface in the Activity Wizard.

Expressions Goes over basics of expressions.

End to End Example Shows an end to end example of an activity using scoring models.

Activity Wizard - Variable Manager

Introduction Introduces the Variable Manager of the Activity Wizard.

Creating Pools Explains and demonstrates how to create a pool in the Variable Manager.

Creating Variables Explains and demonstrates how to create a variable in the Variable Manager.

Using Variables in the Instructions Demonstrates how to apply variables to the Instructions.

Using Variables in Network Topology Demonstrates how to apply variables to the Network Topology.

Using Variables in Assessment Tree Demonstrates how to apply variables to the Assessment Tree.

Using Variables in Connectivity Tests Demonstrates how to apply variables to the Connectivity Tests section.

Using Variables in Overall Feedback Demonstrates how to apply variables to the Overall Feedback section.

Verifying Variable Assignments Demonstrates how to verify assigned variables.

Concatenation Demonstrates sting concatenation with variables.

Isomorphs Demonstrates isomorphic activities with variables.

Regular Expressions Demonstrates regular expressions with variables.

Activity Wizard - Misc. Features

Importing and Exporting Network Files Goes over importing an existing file as an Answer network.

External Instructions Goes over using external instructions for an activity.

Student Model Variables Goes over changing points and components in an activity.

LinksysWRT300N

Topologies Demonstrates how to use a Linksys WRT300N router in a SOHO network.

Local Loop Connections Demonstrates how to create the local loop section of a SOHO network.

Hiding ISP Demonstrates how to organize and hide an ISP network from a SOHO network.

Configuring Linksys Security Demonstrates how to secure a SOHO network.

Alternate Linksys Configuration Demonstrates how to use the Static IP configuration for a Linksys WRT300N router.

Port Forwarding Demonstrates the Port Forwarding capability for the Linksys WRT300N router.

Multiuser

Enabling Multiuser Demonstrates how to enable the Multiuser feature in Packet Tracer.

Creating Multiuser Connection Demonstrates the creation of a connection between two remote peers.

Enabling Port Visibility Demonstrates the usage of the Port Visibility feature.

Beyond Two PT Instances Demonstrates how to chain three Packet Tracer instances together.

Offline Saving Demonstrates how to use the Offline Saving feature.

WAN Cloud Configuration

Frame Relay Demonstrates how to create a Frame Relay network using the WAN cloud.

DSL and Cable Demonstrates how to create DSL and Cable on the WAN cloud.

Dial Up Demonstrates how to create a Dial-Up network using the WAN cloud.

IPC

Installing Applications Gives an overview of preparing external applications (ExApps) to be used in Packet Tracer.

Configure Applications Window Demonstrates how to use the Configure Apps Window of the IPC feature.

IPC Menu Demonstrates how to use items listed under the IPC menu.

The Logical and Physical Workspaces

Packet Tracer uses two representation schemes for your network: the Logical Workspace and the Physical Workspace. The Logical Workspace allows you to build a logical network topology, without regard to its physical scale and arrangement. The Physical Workspace allows you to arrange devices physically in cities, buildings, and wiring closets. Distances and other physical measures will affect network performance and other characteristics if wireless connections are used. In Packet Tracer, you first build your logical network, and then you can arrange it in the Physical Workspace. Most of your time will be spend working in the Logical Workspace.

The Logical Workspace

The Logical Workspace is where you will spend the majority of your time building and configuring your network. In conjunction with Realtime Mode, you can use this workspace to complete many of the labs you encounter in your CCNA coursework.

First, you will want to create devices. This is done by choosing devices from the Network Component box. Then, you can do any of the following:

Add modules to your devices to install additional interfaces. Note that you must turn off a device (by clicking its power button) before you can add a module.

Connect your devices by choosing the appropriate cables (also found in the Network Component box).

Configure device parameters (such as the device name and IP address) through graphical dialogue boxes or the Cisco IOS (in the case of routers and switches).

Make advanced configurations and view network information from the CLI interface on a router or switch.

 

Creating DevicesTo place a device onto the workspace, first choose a device type from the Device-Type Selection box. Then, click on the desired device model from the Device-Specific Selection box. Finally, click on a location in the workspace to put your device in that location. If you want to cancel your selection, click the Cancel icon for that device. Alternatively, you can click and drag a device from the Device-Specific Selection box onto the workspace. You can also click and drag a device directly from the Device-Type Selection box and a default device model will be chosen for you.

To quickly create many instances of the same device, press and hold the Ctrl button, click on the device in the Device-Specific Selection box, and then release the Ctrl button. The device is now locked and you can click on the workspace multiple times to add multiple copies of the device. Cancel this operation by pressing the Cancel icon for that device. To duplicate devices, you can press and hold the Ctrl button and then drag a device on the workspace or select the devices and then use the Copy and Paste buttons.

 

Adding ModulesMost Packet Tracer devices have modular bays or slots into which you can insert modules. In the workspace, click on a device to bring up its configuration window. By default, you will be in the Physical Device View sub-panel of the device. An interactive picture of the device is on the right of the panel, and a list of compatible modules is on the left. You can resize the picture with the Zoom In, Original Size, and Zoom Out buttons. You can also resize the entire configuration window by dragging its borders with the mouse. Alternatively, you can undock the window so that you can move it around and freely resize it. You can browse (by clicking) through the list of modules and read their description in the information box at the bottom. When you have found the module you want to add, simply drag it from the list into a compatible bay on the device picture. You can remove a module by dragging it from the device back into the list.

You must turn off a device (by clicking its power button) before you can add or remove modules, and you should turn the device back on after you are done.

 

Creating Custom DevicesThe Device Template Manager allows you to save devices as templates and create devices from saved templates. For example, you may save a template of a Cisco 2621XM router with an NM-2FE2W and two WIC-2T modules already installed. To create a device template, first add the device and the appropriate modules that you want as would before. Once you have done that, click on the Custom Devices Dialog on the Main Tool Bar to open the Device Template Manager. Click on the Select button in the Device Template Manager. The Device Template Manager will disappear. Now click on the device that you want to make a template of. The Device Template Manager will reappear. Enter a description for the template (e.g., 2621XM with NM-2FE2W and (2) WIC-2T). Click on the Add button. Packet Tracer will prompt you to save your device template. Browse to the 'templates' directory in the Packet Tracer installation directory, give it a file name, and save your device template file there.

To add a custom device on the Logical Workspace, click on the Custom Made Devices icon in the Device-Type Selection Box to display the custom devices in the Device-Specific Selection Box. Here you will find all of the device templates that have been created. You can then add the custom devices to the Logical Workspace as you would with other devices as described in the Creating Devices section above.

To remove a custom device on the Logical Workspace, click on the Custom Devices Dialog on the Main Tool Bar to open the Device Template Manager. Under the Edit section, select the device template that you want to remove in the drop down menu and then click on the Remove button. The device template file that was saved in the 'templates' directory will be removed as well.

 

Making ConnectionsTo make a connection between two devices, first click the Connections icon from the Device-Type Selection box to bring up the list of available connections. Then click the appropriate cable type. The mouse pointer will change into a "connection" cursor. Click on the first device and choose an appropriate interface to which to connect. Then click on the second device and do the same. A connection cable will appear between the two devices, along with link lights showing the link status on each end (for interfaces that have link lights). If you made a mistake by connecting to an incorrect interface or you want to change the connection to a different interface, click on the link light near the device to unplug the connection from the device. Click on the device again and select the desired interface to reconnect the device. For a full list of connections supported in Packet Tracer, please read the "Connections/Links" help page.

To quickly make many connections of the same type, press and hold the Ctrl button, click on a cable type in the Device-Specific Selection box, and release the Ctrl button. The connection cursor is now locked and you can repeatedly make the same connection type between devices. Cancel this operation by pressing the Cancel icon for the cable type.

 

Logical Topology Editing ToolsYou can use the tools in the Main Tool Bar, Logical/Physical Workspace Bar, and Common Tools Bar to edit and annotate your topology.

Tool Use

Copy Copy the selected items.

Paste Paste the selected items.

Undo Undo the previous action.

Redo Redo the previous action.

Zoom In Zoom in the workspace.

Zoom Reset Reset the zoom back to default.

Zoom Out Zoom in the workspace.

Drawing Palette Create lines, rectangles, and ellipses.

Custom Devices Dialog Refer to the "Creating Custom Devices" section above for information.

New Cluster Refer to the "Clustering Devices" section below for information.

Move Object Refer to the "Clustering Devices" section below for information.

Set Tiled Background Refer to the "Custom Icons & BGs " section for information.

Viewport View a scaled version of the workspace.

Select Click objects and drag them around. This is the default tool. You can also select multiple objects by holding down the mouse button and then dragging your cursor over them. This action draws a rectangle around the objects so you can drag all of them simultaneously. Press the Esc key on the keyboard for quick access to this tool.

Move Layout Move your entire workspace around with the click-and-drag mouse action.

Place Note Write and place sticky notes anywhere on the workspace.

Delete Delete objects from the workspace. When you select the Delete tool, the mouse cursor will change into an "X." You can then click on any object (a device, connection, or note) that you wish to delete.

Inspect Look at tables of a device (such as ARP and MAC tables) that have been modeled in this version of Packet Tracer.

Resize Shape Resize shapes that are drawn with the Drawing Palette. When you select the Resize Shape tool, a red square will appear on shapes on the workspace. Drag the red square to either increase or decrease the shape.

Add Simple PDU Refer to the "Simulation Mode" help section for information.

Add Complex PDU Refer to the "Simulation Mode" help section for information. 

 

Configuring DevicesTo make most of the devices useful, you need to configure some basic settings (for example, an interface IP address and subnet mask). You can set basic parameters through the GUI configuration screen of the device (click the Config tab from the configuration window). Different devices have different settings available. Refer to each help page of the device for detailed information.

 

Cisco IOS: Routers and SwitchesFor routers and switches, you will have access to a model of the Cisco IOS with a limited set of commands. You can use the software to make advanced configurations and view various network information in real time (if you are in Realtime Mode). Here are a few examples of the commands

available to you: ping, traceroute, show interfaces, ip access-list, and switchport access vlan. Refer to the "Configuring Devices" section of the help files for all supported Cisco IOS commands.

 

Clustering DevicesClustering devices allows you to simplify the appearance of the Logical Workspace by visually reducing a group of devices and connections into a single image. By default, all devices are created on the Logical Workspace are located in the Root level, which is indicated on the Logical/Physical Workspace Bar. You may reduce the amount of clutter on the workspace by clustering multiple devices together with the New Cluster feature. To cluster a group of devices, select the devices on the workspace and then click on the New Cluster button. You can then click on the newly created cluster to go inside its lower level (i.e., Cluster0 by default) and create sub-clusters within the main cluster as well. You may also rename the cluster by clicking on its label to enable the label textbox. You can navigate between levels by clicking on the appropriate level on the Navigation Bar. Note that only up to four levels of clustering hierarchy are available with the Logical Workspace (including Root level). To uncluster a group of devices, highlight the cluster and then delete it with the Delete tool.

Once you create a cluster, you can make connections to devices in a cluster. To make a connection to devices in a cluster, you first select the connection type and then the cluster. A menu showing the devices in the cluster appears, allowing you to select a device. When you select the device, a menu showing the available interfaces appears. Select the interface and a connection is made if the selected connection type and interface are compatible.

Also, when you can create a cluster, you can move objects and devices within the cluster hierarchy with the Move Object button. To do so, click on the Move Object button and then select an object or device. This opens a menu showing the cluster hierarchy. You can then select the location to which the object should be moved.

 

Managing Workspace Clutter (Docking/Undocking Sub-windows)There may be times when you need multiple windows open on your screen (especially when you start running simulations and have to keep track of many things at once). To minimize the visual clutter, you can arrange popup and sub-windows in various ways. Many windows can be docked to or undocked (floated) from the workspace. You can drag floating windows (via their title bar) and dock them to the left, right, or bottom edge of the workspace. Simply drag a window by its title bar until your cursor is near an edge and then release the mouse button. The window will dock to that edge. To undock a window, drag the window by its docked title bar and move it out of the workspace edge to anywhere on your screen.

Some more hints regarding docking and undocking windows:

In a docked position, the title bar of a window is unnamed; the window may be at

the top or left border. Use the Close button (x) on the window as a hint to where the title bar is.

You can double click the title bar of a window to quickly toggle between the docked or undocked state.

If there is already another window at an edge, you can dock a second window next to that first window.

If you do not want a window to dock anywhere as you drag it around, press and hold the Ctrl key as you drag it.

The Logical Workspace: Customizing Icons and Backgrounds (BG)

Using Custom IconsIcons that represent devices in Packet Tracer in both Logical and Physical mode can now be customized to an individual users taste. The images used for Physical and Logical mode can be differently customized or the default image can be used for either Logical or Physical with the other being customized. A customized icon must be created by an external painting type of program and saved as either a .PNG or .JPG file. The recommend size of a custom icon is 45 x 31 pixels. If the graphic is of a different size, Packet Tracer will automatically resize the image to fit. So to maintain the best graphic control of the icons it is best to follow the recommended size.

To change an icon for a device, click on the device, which brings up the device configuration pop-up window. On the Physical Configuration Tab below the device image there are two buttons. One changes the icon in Logical Workspace, the other changes the icon in Physical Workspace. To change an icon image in the Logical Workspace follow these steps:

Click on the device to be customized. Click on the Customize Icon in Logical View button. Select the image you want by clicking on it or use the browse button to navigate to a new directory and select the image. Click on the OK button.

The new icon image is used in place of the default on the Logical Workspace. To change the image back to the default, follow these steps.

Click on the device to be customized. Click on the Customize Image in Logical View button. Click on the Reset button.

 

Using Custom Cluster IconsIn addition to custom device icons, you can also use custom icons for clusters as well. To change a cluster icon, perform these steps:

Click on the cluster to be customized. Click on the Set Tiled Background button on the Logical Workspace Bar. Click on the Cluster Icon tab in the Select Background Image dialog. Select the image from the list provided or click the browse button to navigate to the directory where the graphic is located. Click on the Apply button.

The new icon image is used in place of the default on the Logical Workspace. To change the image back to the default, follow these steps.

Click on the cluster to be customized. Click on the Set Tiled Background button on the Logical Workspace Bar. Click on the Cluster Icon tab in the Select Background Image dialog. Click on the Reset button.

 

Using Custom Backgrounds (BG)The Logical Workspace comes with a default set of backgrounds. You can also use your own background images. To use such an image, perform these steps:

Click on the Set Tiled Background button on the Logical Workspace Bar. Select the image from the list provided or click the browse button to navigate to the directory where the graphic is located. If you wish to tile the graphic, click on Display Tiled Background Image. Click on the Apply button.

To return to the default background:

Click on the Set Tiled Background button on the Logical Workspace Bar. Click on the Reset button.

To save custom icons and backgrounds with either a PKT or PKA file, the creator of the file must use the Save As Pkz selection from the File menu. This process is covered in

detail in the Interface Overview section.

The Physical Workspace

The purpose of the Physical Workspace is to give a physical dimension to your logical network topology. It gives you a sense of scale and placement (how your network might look in a real environment).

The Physical Workspace is divided into four layers to reflect the physical scale of four environments: Intercity, City, Building, and Wiring Closet. The intercity is the largest environment. It can contain many cities. Each city can contain many buildings. Finally, each building can contain many wiring closets. The wiring closet provides a view that is different from the other three views. This is where you actually see the devices that were created in the Logical Workspace; positioned in networking racks and on tables. The three other layers provide thumbnail views of their layouts as the next level icons. This is the default arrangement in the Physical Workspace, but the devices in the wiring closet can be moved to any of the layers. When the devices are moved to another layer, they revert to the icons used in Logical Workspace, although those can be customized (covered under Customization) to any graphic you would like to use.

When you first enter the Physical Workspace, the default is the Intercity view (or "map").

By default, the intercity contains one city object called "Home City." You can click and drag the City icon to move it around in the intercity map. You can also simply click on the City icon to change focus to the map of that city.

The Home City also contains one default building object called "Corporate Office." This building, like the Home City object in Intercity view, can be moved anywhere around the city. Click on the Building icon to change focus to the interior selected building. All buildings are limited to one floor. From the City view, you can also return to the Intercity environment by clicking on the Back button twice in the Physical Workspace Bar.

The Corporate Office contains one default wiring closet called "Main Wiring Closet." Click its icon to view its contents. You can also return to any of the previous environments (Intercity or City) by clicking the Back button in the Physical Workspace Bar.

The "Main Wiring Closet" initially houses all the devices that were created in the Logical Workspace. It neatly arranges those devices onto racks and tables so you can see where your devices physically are. The wiring closet view also shows the connected ports and the link light status of the devices in the wiring closet. If the device is clicked, its configuration window pops up just as it does in Logical Workspace. Learn how to move these devices around in the building or even the city in the "Moving Devices" section.

Wiring closets, buildings, and cities can all be renamed.

 

Creating New LocationsThe Physical Workspace allows you to create new locations to expand your physical topology. In the Intercity environment, you can create cities with the New City button. You can place new buildings and closets directly onto the Intercity environment with the New Building and New Closet

buttons. Similarly, you can create new buildings in the City environment and new closets in the Building environment. To keep things simple, you should create locations according to the established hierarchy.

New cities (and buildings and closets) always initially appear on the top left corner of the workspace. To avoid confusion, you should immediately rename and move them.

The Physical Workspace: Moving Devices

The Physical Workspace allows you to move your devices to various locations. To do this click on the Move Object button on the Physical Workspace Bar, then click on the device to be moved. When the device is clicked, an expandable pop-up box will appear that shows a hierarchical layout of the physical workspace. Just click on the level that you want the selected device to be moved. When you move a device to a new level, it always initially appears in the top left corner of the workspace. In addition to moving devices with the Move Object button, you can also move cities, buildings and wiring closets. The procedure is the same.

If you move multiple devices before moving them out of the upper left corner, they are stacked on top of each other in the same physical location. Clicking will select the top device on the stack, dragging around the group will select all the devices and allows them all to be moved simultaneously.

A second more efficient way to quickly move multiple devices is to use the Navigation button on the Physical Workspace Bar. Clicking on the Navigation button reveals an expanded tree view of the arrangement of all levels and devices in the Physical Workspace.

To move a device to a new location using the Navigation button, highlight the device and drag it to the new location in the tree. When that level is in focus, the device(s) will be located in the upper left corner of that level. This is with the exception of the wiring closet view where the devices will appear in a rack or on a table. There is no way to change the order of equipment in the rack or on the tables.

There are few restrictions on where you can move objects and devices. In general, something bigger (a city) cannot be moved inside something smaller (a building); otherwise, all moves are possible. You can move buildings to other cities or directly onto the intercity. Wiring closets can be placed directly onto cities or the intercity view. Devices are not confined by racks or tables and can go anywhere. However, you should maintain their hierarchy to avoid confusion.

In this example, the default "Home City" is renamed to "San Jose," and a new city called "Irvine" is created. Inside San Jose is a building called "Cisco," which has a wiring closet called "MDF." Similarly, Irvine has a building called "Linksys," which has a wiring closet called "IDF." Initially, all devices are located in the MDF, including two routers named "Router0" and "Router1," which are connected via a serial link.

If, for example, you want to move Router0 into the IDF, you would first need to go into the MDF. Inside the MDF, click the Move Object button. Click on Router0, and then go through the hierarchy to find the IDF and select Move to IDF.

If you back out to Intercity view, you will see a black line between Irvine and San Jose. The line tells you that there is a connection between the devices of these cities. In this case, the line represents the serial connection between Router0 and Router1.

You can quickly return to the default wiring closet in any environment by pressing the Working Closet button on the far right of the Physical Workspace Bar.

The Physical Workspace: Distance Measurements

The Physical Workspace provides the dimension of distance to Ethernet and wireless devices. This distance parameter is one of the factors that determine if a device is able to connect or not connect to another device.

Access points can establish connections with wireless end devices that are within a certain distance range. This range is indicated by a gray mesh area surrounding the access point. Note that this mesh area appears as a circle or an oval depending on the dimensions of the background image used. If the background source image is square, the mesh is circular. If the background image is a rectangle, the mesh is oval, scaled by the width and height of the source image.

In this example, three wireless-enabled PCs and two access points are created. They have all been moved from the default wiring closet and placed directly onto the "streets" of the city (for demonstration purposes). Note the following:

PC0 is within the wireless range of Access Point0, so it associates with Access Point0. PC1 is within the wireless range of both Access Point0 and AccessPoint1. However, because it is closer to Access Point1, it associates with

Access Point1. PC2 is not in range of any access point, so it has no connectivity.

Ethernet connectivity is determined by a cable length of 100 meters. There is no partial connectivity for Ethernet, it is either within (has connectivity) the length of 100 meters or outside (no connectivity) of it. By pointing at a cable in physical mode, a pop-up box will appear showing the device interfaces connected to this cable and the segment and total length.

Packet Tracer now also has the ability to bend, group and color code cables. This feature is covered in the Cable Manipulation section.

The Physical Workspace: Customizing Icons and Backgrounds (BG)

Using Custom IconsIcons that represent devices in Packet Tracer in both Logical and Physical mode can now be customized to an individual users taste. The images used for Physical and Logical mode can be differently customized or the default image can be used for either Logical or Physical with the other being customized. A customized icon must be created by an external painting type of program and saved as either a .PNG or .JPG file. The recommend size of a custom icon is 45 x 31 pixels. If the graphic is of a different size Packet Tracer will automatically resize the image to fit. So to maintain the best graphic control of the icons it is best to follow the recommended size. There is a way to resize icon now covered in the Logical Workspace section.

To change an icon for a device, click on the device, which brings up the device configuration pop-up window. On the Physical Configuration Tab below the device image there are two buttons. One changes the icon in Logical Workspace, the other changes the icon in Physical Workspace. To change an icon image in the Physical Workspace follow these steps:

Click on the device to be customized. Click on the Customize Icon in Physical View button. Select the image you want by clicking on it or use the browse button to navigate to a new directory and select the image. Click on the OK button.

The new icon image is used in place of the default on the Physical Workspace. To change the image back to the default, follow these steps.

Click on the device to be customized. Click on the Customize Image in Physical View button. Click on the Reset button.

 

Using Custom Backgrounds (BG)The Physical Workspace comes with a default set of backgrounds (for the Intercity, City, and Building environments). You can replace the background of each environment with your own background images, just like in the Logical Workspace (see "Getting Started"). When using your own images, pay attention to the environment for which an image is appropriate. For example, an image with the map of San Francisco is appropriate for the City environment. To use such an image, perform these steps:

In the city where you want to apply the background, click on the Set Background button on the Physical Workspace Bar. Select the image from the list provided or click the browse button to navigate to the directory where the graphic is located. Click on the Apply button.

To return to the default graphic:

In the city where you want to reset the background, click on the Set Background button on the Physical Workspace Bar. Click on the Reset button.

There is also a scaling option available in the Set Background dialog box. This option specifies the distance scale for Packet Tracer in meters per pixel. This scale directly determines the length of cables and broadcast ranges of wireless access points in both logical and physical modes. The defaults are set to:

Intercity = 8.98473 per pixel City = 1.18694 per pixel Office = 0.058072 per pixel Wiring closet (does not have scaling)

Note that the dimensions of your background images affect the scale and appearance of certain objects.

To create a graphic for a background the recommended sizes, in pixels are:

Intercity = 2226 x 1382 pixels City = 1685 x 1043 pixels Office = 3444 x 2157 pixels

To save custom icons and backgrounds with either a PKT or PKA file, the creator of the file must use the Save As Pkz selection from the File menu. This process is covered in detail in the Interface Overview section.

The Physical Workspace: Cable Manipulation

In Physical Workspace, cables can be manipulated to provide a more realistic representation of a physical layout. Cables can be bent and grouped to allow for organization and easier manipulation. Since cables can be grouped, they now also can be color coded to allow the user to identify specific cables as they enter or leave the group. Individual cables can be ungrouped from cable GroupPoints as well as cable groups and BendPoints may also be deleted from cables without deleting the cables.

 

Creating BendPoints in CablesTo bend a cable, click on a cable, this will show the Create BendPoint / Color Cable menu. Select Create BendPoint and a red dot appears on the cable. Drag the red dot to a new location and the cable follows the BendPoint.

Cables actually can’t be directly deleted in Physical mode, you must return to Logical mode to delete a cable.

 

As many BendPoints as needed can be placed on a cable allowing a pseudo structured cabling look to the physical mode. Adding BendPoints and moving them also changes the length of the cable. The Cable Length is expressed as the distance between to points on the cable and the Total Cable Length is the distance between the two end devices on the cable.

Workaround: Sometimes it appears that you have accurately clicked on a cable and no Window appears. This is due to graphics representation of the cable. All that is necessary to do is move the device that the cable is connected to and try again or move to another spot on the cable. Once a BendPoint is created, it can be moved along the cable to where you want it located.

 

Creating GroupPoints in CablesTo create GroupPoints in cables, there must already be BendPoints located in the cables. The process to create a GroupPoint is drag one BendPoint over the top of a second BendPoint. When this is done the Red Dots turn into a single yellow square.

If you create two GroupPoints on a cable and then click between those two GroupPoints, you can create a new GroupPoint. When a GroupPoint is moved all of the cables in the group are moved as if they are a single cable.

 

Color Coding CablesTo change the color of a cable, click on the cable and then select Color Cable. When the Select Color dialog pops up, select the desired color and then click on the OK button.

Notice that the cable is colored at both ends of the GroupPoints. Cable groups color is always black, it can’t be changed. To reset a color you have selected, follow the same process as assigning a color but click the Cancel button instead of the OK button in the Select Color dialog.

 

Removing GroupPoints and BendPointsRemoving a GroupPoint is actually done as an ungroup. All of the BendPoints that were dragged together to create the group are still on the cables, they just return to the red dots and are now separate again.

To remove the GroupPoint, first click on the Delete tool in the Common Tools Bar or press the Delete key on your keyboard. The Delete tool will now be selected. Point the cursor directly over the GroupPoint that is to be removed (the little circle in the center of the cursor should show the color through it) and click on the GroupPoint. A menu will pop up allowing each individual cable or all cables to be removed from the group.

Selecting an individual cable shows the red dot over the yellow square but doesn't remove the square. Ungrouping all cables removes the yellow square and returns the red dots to each individual cable.

Ungrouping also allows a user to break cables out of a group between GroupPoints as is shown here in the circled area.

To remove a BendPoint, follow the same procedure as removing a GroupPoint. In the case of a BendPoint, the red dot is simply removed from the cable.

The Physical Workspace: Special Notes

Navigation Panel You can click on the Navigation button from the Physical Workspace Bar to bring up the navigation panel of the entire Physical Workspace. The navigation panel contains a physical locations tree that allows you to select a location and then jump to that particular location on the Physical Workspace. The Navigation panel also allows you to move devices from one place to another in physical mode. This is covered in the Moving Devices section. Applying a GridYou can click on the Grid button from the Physical Workspace Bar to apply a customizable grid to the Intercity, City, and Building levels. The Grid tool allows you to set the grid spacing for each level and the ability to choose the color of the grid lines. The grid size is in meters and grid size is affected by the by the Set Background image scaling factor. Wiring Closet LimitEach wiring closet can house as many as three racks, three tables, two tables and one rack, or two racks and one table. End devices are placed on tables; all other devices are mounted on racks. If the Logical Topology contains more devices than a single wiring closet can house, another wiring closet will automatically be created in the default building. That new wiring closet will become the default wiring closet. You will still be able to access the original wiring closet, although you may need to move wiring closet icons around the building so they do not visually overlap. Deleting ObjectsYou can use the Delete tool from the Common Tools Bar to delete cities, buildings, and wiring closets. Devices, however, cannot be deleted in the Physical Workspace. If you delete a wiring closet from the Building environment, the devices in that closet will be extracted and placed directly onto the building "floor." If you delete that building from the City environment, the devices will be placed onto the city "streets." Resizing ObjectsJust as in the Logical Workspace, you can use the Resize Shape tool from the Common Tools Bar to resize cities, buildings, wiring closets, devices, and shapes created drawn with the Drawing Palette.

Operating Modes

Packet Tracer operating modes reflect the network time scheme.

In Realtime Mode, your network runs in a model of real time, within the limits of the protocol models used. The network responds to your actions immediately as they would in a real device. For example, as soon as you make an Ethernet connection, the link lights for that connection will appear, showing the connection state (see the "Connections/Links" page for details). Whenever you type a command in the CLI (such as ping or show), the result or response is generated in real time and you see it as such. All network activity, particularly the flow of PDUs across the network, happens in the Packet Tracer model of real time.

In Simulation Mode, you can "freeze" time -- you have direct control over time related to the flow of PDUs. You can see the network run step by step, or event by event, however quickly or slowly you like. You can set up scenarios, such as sending a ping packet from one device to another. However, nothing "runs" until you capture it (the first time through, as with a protocol sniffer) or play it (re-playing the captured events as an animation). When you capture or play the simulation, you will see graphical representations of packets traveling from one device to another. You can pause the simulation, or step forward or backward in time, investigating many types of information on specific PDUs and devices at specific times. However, other aspects of the network will still run in real time. For example, if you turn off a port, its link light will respond immediately by turning red.

Realtime Mode

In Realtime Mode, your network is always running (like a real network) whether you are working on the network or not. Your configurations are done in real time, and the network responds in near real time. When you view network statistics, they are displayed in real time, as shown in the Realtime toolbar. In addition to using the Cisco IOS to configure and diagnose networks, you can use the Add Simple PDU and User Created PDU List buttons to graphically send pings.

 

Inspecting DevicesAs the network is running, you can use the Inspect tool to view tables of the device as they are populated and updated. For example, to inspect the ARP table of a router, choose the Inspect tool, click on the router to bring up the list of available tables, and then choose ARP Table.

In addition to the Inspect tool, you can simply mouse-over a device to view details such as the link status, IP address, and MAC address of all the ports on a device. Note that the mouse-over feature does NOT show the state of the tables maintained by a device, like a switch, but rather a convenient summary display of port-related information. For example, when you mouse-over a switch, you will see a list of ports and MAC addresses: this is not the switch MAC address table (CAM table, switching table) but rather a list of the MAC addresses of the switch built-in Ethernet interface hardware addresses.

 

Sending PDUs graphicallyAlthough Simulation Mode is the preferred mode for sending PDUs graphically, you can use the Add Simple PDU and User Created PDU List buttons to ping or send other PDUs (see the "Simulation Mode" section for details). The drawback is that you will not see PDU icons traveling slowly through the network; the entire ping sequence happens in real time. However, you can view the result of the ping from the User Created Packet Window.

 

Power Cycle Devices

The Power Cycle Devices button on the Realtime Bar allows you to power-cycle all of the devices in your network. Pressing it turns all devices off and then turns them back on. Pressing this button will also clear all events if you are running a simulation with the network. The Power Cycle Devices button is also available in Simulation Mode. See the "Simulation Mode" help section for more information.

If you reset the network, you will lose the current running configuration on all routers and switches. Before you click the Power Cycle Devices button, be sure to issue the copy running-config startup-config Cisco IOS command sequence on all routers and switches to retain the current network configuration after the reset.

 

Fast Forward TimeYou can converge a network quickly by clicking on the Fast Forward Time button which will advance the realtime by 30 seconds each click. A use case would be where you have a large network of switches connected in loops and STP convergence may take a considerable amount of time. By clicking on the button a few times, STP to converge within a couple seconds instead of up to minutes.

Simulation Mode

In Simulation Mode, you can watch your network run at a slower pace, observing the paths that packets take and inspecting them in detail.

When you switch to Simulation Mode, the Simulation Panel will appear. You can graphically create PDUs to send between devices using the Add Simple PDU button and then pressing the Auto Capture / Play button to start the simulation scenario. The Event List window records (or "captures") what happens as your PDU propagates through the network. You can control the speed of the simulation by using the Play Speed Slider. Pressing the Auto Capture / Play toggle button again will pause the simulation. If you need greater control of the simulation, use Capture / Forward button to manually run the simulation forward one step in time. You can use the Back button to revisit a previous timeframe and view the events that occurred then.

When your instance of Packet Tracer is connected to a Multiuser remote peer, you will not be able to switch to Simulation Mode. When you attempt to switch to Simulation Mode, you will be prompted to save an offline copy that is to be opened in a new instance of Packet Tracer. Clicking Yes will cause Packet Tracer to use the current offline saving settings to create an offline save and open it in a new Packet Tracer instance immediately. From there, you will be able to use Simulation Mode to examine packets in detail. 

You can clear and restart the scenario with the Reset Simulation button, which clears all entries in the Event List.

Note that while a simulation is playing, you may see packets that you did not create yourself. That is because some devices can generate their own packets (such as EIGRP packets) as the network runs. You may also see a QoS Stamp on packets as well, which is described in detail in the "QoS Stamp" section below. You can see what types of packets are being propagated in the network by looking at the Type field in the Event List. You can choose to hide these packets from view by clicking on the Edit Filters button and unchecking the appropriate filter from the menu that appears. To show all types of packets, simply click on the Show All button to re-enable them all. You can also create your own ACL Filter by clicking on the Edit ACL Filters button in the Edit Filters menu. In the ACL Filters dialog, you can create a New ACL Filter, Delete an ACL Filter, and Submit extended ACL statements to an ACL Filter.

You can also hide the Event List (and the entire Simulation Panel) with the Event List button in the Simulation Bar. You will still have access to the Play Controls on the bar.

 

The Event List and Time Flow of EventsPacket Tracer simulations do not run on a linear time scale. Time is determined by the events that occur. An event can be defined as any instance of a PDU that is generated in the network. The Event List keeps track of all such PDU instances and lists their information in various fields: 

Visible: An "eye" icon in the field means that an event is happening at the current simulation time. Whatever packets that are currently visible in the scenario animation will have this icon in the field.

Time: This field indicates the time (in seconds) at which the event occurred, relative to the last time the simulation scenario restarted. This field is also the simulation time index.

Last Device: This field indicates the previous location of the packet. At Device: This field indicates the current location of the packet. Type: This field indicates the packet type (ACL Filter, ARP, BGP, CDP, DHCP, DNS, DTP, EIGRP, FTP, H.323, HTTP, HTTPS, ICMP,

ICMPv6, IPSec, ISAKMP, LACP, NTP, OSPF, PAgP, POP3, RADIUS, RIP, RTP, SCCP, SMTP, SNMP, SSH, STP, SYSLOG, TACACS, TCP, TFTP, Telnet, UDP, and VTP).

Info: This field shows detailed information about the packet instance, broken up into each layer of the OSI model. Learn more about this field in the "PDU info" page.

You can rearrange each of these fields in the Event List by dragging the title of a field to the desired position. 

Some events occur very frequently, happening every few milliseconds. Some events occur very infrequently, happening every minute or so. On the workspace, network events appear to happen one after another at the same speed (set by the slider), when actually they may be separated by milliseconds or by minutes. You can keep track of event timing by looking at the Time field in the Event List. Time only advances when there are events to be captured. If the network has no further events, time will essentially halt (until the next event occurs). The Auto Capture Indicator will tell you where the Event List stopped recording. You can enforce a constant delay of 1 ms between events by using the Constant Delay option. If this option is off, various factors will contribute to the overall delay of the event: transmission delay, propagation delay, and a randomly injected process delay.

If you filter out some type of PDUs on the Event List Filters, they will not show up on the Event List. They are still in the network; you just do not see them. The simulation runs more quickly because you will not see the filtered events, but all filtered PDUs still affect the network. 

Restarting a ScenarioWhenever a simulation restarts, the simulation time resets to 0.000 and the Event List is cleared. You will restart the simulation if you do any of the following: 

Click the Reset Simulation button. Click the Power Cycle Devices button. Switching to Realtime Mode (and switching back). Modify the network in some way, such as deleting a device, adding a device, and changing the configuration on a device.

Enter any command in the global configuration mode of a device (in the CLI). Switch to another scenario (see the "Managing Simulation Scenarios" section below). Remove a PDU from the Protocol Data Units List (see the "Managing Simulation Scenarios" page).

Restarting a simulation does not erase current or scheduled PDU processes; it simply pauses the simulation and removes the visual clutter of events currently displayed on the Event List. The only way to remove PDU processes is from the User Created Packet Window (discussed on the "Managing Simulation Scenarios" page). 

Sending Simple PDUs (Ping)In Packet Tracer, the Add Simple PDU button is essentially a quick, graphical way to send one-shot pings. You can send pings between devices that have at least one interface with an IP address. To send a ping, click the Add Simple PDU button (the cursor changes to a "packet" icon), click on the source device, and then click on the destination device. Note that pings will only work if the devices have configured ports. After you make the request, the source device will queue an ICMP or ARP packet (or both), which will be on standby until you click the Auto Capture / Play or Capture / Forward button. When you click one of these buttons, the packets will start moving and you can observe the ping process. You may want to hide certain types of packets in the Event List Filters to avoid being confused by other packets in the network that you do not wish to observe.

You can keep track of all of the PDUs you created with the Add Simple PDU button in the User Created Packet Window. See the "Scenarios" page for more information.

 

QoS StampsQoS Stamps are visual indicators that the ToS/DiffServ (ToS = Type of Service, DiffServ = Differentiated Services) field has been set in the IP header. Usually this field is 0, but a value other than 0 will cause a color to appear. It does not indicate that it will be processed in any special way or that anything in particular will happen to it. It is just a marker that says "this field is different."

Qos Stamps are useful in that it is one way a QoS algorithm will tag packets as they pass through the interface for processing into queues on the other end. Setting the ToS/DiffServ field on the packet means that the router can check that value later when looking to put packets into certain priority queues. Marking the packets at the edge means that the core routers can treat them however they need to without guessing at the intended priority level. The reason it is referred to as a ToS/DiffServ field is that the field was originally called the TOS field which contained IP precedence bits. That was obsolete by the DiffServ field, which uses a DSCP (Differentiated Services Code Point). This is the 6 most significant bits in that field. The other two bits serve other purposes for congestion notifications. So, the proper name for those 6 bits is the "Differentiated Services Code Point," but they can also be modified by precedence or things that set the Type of Service. So, all still apply.

Packet Tracer will only display QoS Stamps in Simulation Mode and when the ToS/Diffserv field has been set. This field can be set by using the Traffic Generator utility on an end device, the ping command on an end device, extended ping on a router, or the set commands for class-maps inside a policy-map. When using the ping command or Traffic Generator, this value sets the entire ToS field in the header. The ToS/DiffServ Color Table, which is shown below, only goes up to 64 values because the two least significant bits are reserved and not used to show the colors. Because

of this, it is necessary to bit-shift your value two places to the left. The easiest way to do this is to multiply your given ToS value twice. So, if you have the value 1, 1 * 2 = 2, 2 * 2 = 4. Or, for the value 5, 5 * 2 = 10, 10 * 2 = 20.

To read the ToS/DiffServ Color Table, look at the column labeled S0-D2. The values range from 0-63. When the number is 0, the color is empty (no QoS Stamp). The other colors presented there are what will show up when the ToS field takes on that value. Remember, if you use ping or the Traffic Generator utility, you have to multiply that number by two (e.g., to see the first ping color you need to multiply 8 * 2 = 16, 16 * 2 = 32. So, set the value 32 into the ToS field).

TOS/DiffServ Bits

S0 S1 S2 D0 D1 D2 ECT CE S0-D2 Meaning Red Green Blue Color Hex

0 0 0 0 0 0 0 0 0 Default Precedence 255 255 255 0xFFFFFF

0 0 0 0 0 1 0 0 1 Local Use 40 40 40 0x282828

0 0 0 0 1 0 0 0 2 Local Use 45 45 45 0x2D2D2D

0 0 0 0 1 1 0 0 3 Local Use 50 50 50 0x323232

0 0 0 1 0 0 0 0 4 Local Use 55 55 55 0x373737

0 0 0 1 0 1 0 0 5 Local Use 60 60 60 0x3C3C3C

0 0 0 1 1 0 0 0 6 Local Use 65 65 65 0x414141

0 0 0 1 1 1 0 0 7 Local Use 70 70 70 0x464646

0 0 1 0 0 0 0 0 8 Priority Precedence 255 0 255 0xFF00FF

0 0 1 0 0 1 0 0 9 Local Use 75 75 75 0x4B4B4B

0 0 1 0 1 0 0 0 10 AF11 (Class 1 - Low Drop) 255 200 200 0xFFC8C8

0 0 1 0 1 1 0 0 11 Local Use 80 80 80 0x505050

0 0 1 1 0 0 0 0 12 AF12 (Class 1 - Med Drop) 255 110 110 0xFF6E6E

0 0 1 1 0 1 0 0 13 Local Use 85 85 85 0x555555

0 0 1 1 1 0 0 0 14 AF13 (Class 1 - High Drop) 255 0 0 0xFF0000

0 0 1 1 1 1 0 0 15 Local Use 90 90 90 0x5A5A5A

0 1 0 0 0 0 0 0 16 Immediate Precedence 128 255 255 0x80FFFF

0 1 0 0 0 1 0 0 17 Local Use 95 95 95 0x5F5F5F

0 1 0 0 1 0 0 0 18 AF21 (Class 2 - Low Drop) 200 255 200 0xC8FFC8

0 1 0 0 1 1 0 0 19 Local Use 100 100 100 0x646464

0 1 0 1 0 0 0 0 20 AF22 (Class 2 - Med Drop) 150 255 150 0x96FF96

0 1 0 1 0 1 0 0 21 Local Use 105 105 105 0x696969

0 1 0 1 1 0 0 0 22 AF23 (Class 2 - High Drop) 0 255 0 0x00FF00

0 1 0 1 1 1 0 0 23 Local Use 110 110 110 0x6E6E6E

0 1 1 0 0 0 0 0 24 Flash Precedence 128 0 0 0x800000

0 1 1 0 0 1 0 0 25 Local Use 115 115 115 0x737373

0 1 1 0 1 0 0 0 26 AF31 (Class 3 - Low Drop) 190 190 255 0xBEBEFF

0 1 1 0 1 1 0 0 27 Local Use 120 120 120 0x787878

0 1 1 1 0 0 0 0 28 AF32 (Class 3 - Med Drop) 110 110 255 0x6E6EFF

0 1 1 1 0 1 0 0 29 Local Use 125 125 125 0x7D7D7D

0 1 1 1 1 0 0 0 30 AF33 (Class 3 - High Drop) 0 0 255 0x0000FF

0 1 1 1 1 1 0 0 31 Local Use 130 130 130 0x828282

1 0 0 0 0 0 0 0 32 Flash Override Precedence 0 128 0 0x008000

1 0 0 0 0 1 0 0 33 Local Use 135 135 135 0x878787

1 0 0 0 1 0 0 0 34 AF41 (Class 4 - Low Drop) 255 255 200 0xFFFFC8

1 0 0 0 1 1 0 0 35 Local Use 140 140 140 0x8C8C8C

1 0 0 1 0 0 0 0 36 AF42 (Class 4 - Med Drop) 255 255 150 0xFFFF96

1 0 0 1 0 1 0 0 37 Local Use 145 145 145 0x919191

1 0 0 1 1 0 0 0 38 AF43 (Class 4 - High Drop) 255 255 0 0xFFFF00

1 0 0 1 1 1 0 0 39 Local Use 150 150 150 0x969696

1 0 1 0 0 0 0 0 40 CRITIC/ECP Precedence 0 0 128 0x000080

1 0 1 0 0 1 0 0 41 Local Use 155 155 155 0x9B9B9B

1 0 1 0 1 0 0 0 42 Local Use 160 160 160 0xA0A0A0

1 0 1 0 1 1 0 0 43 Local Use 165 165 165 0xA5A5A5

1 0 1 1 0 0 0 0 44 Local Use 170 170 1700xAAAAAA

1 0 1 1 0 1 0 0 45 Local Use 175 175 175 0xAFAFAF

1 0 1 1 1 0 0 0 46 Expedited Forwarding 128 0 128 0x800080

1 0 1 1 1 1 0 0 47 Local Use 180 180 180 0xB4B4B4

1 1 0 0 0 0 0 0 48Internetwork Control Precedence

128 128 0 0x808000

1 1 0 0 0 1 0 0 49 Local Use 185 185 185 0xB9B9B9

1 1 0 0 1 0 0 0 50 Local Use 185 185 185 0xB9B9B9

1 1 0 0 1 1 0 0 51 Local Use 190 190 190 0xBEBEBE

1 1 0 1 0 0 0 0 52 Local Use 195 195 195 0xC3C3C3

1 1 0 1 0 1 0 0 53 Local Use 200 200 200 0xC8C8C8

1 1 0 1 1 0 0 0 54 Local Use 205 205 205 0xCDCDCD

1 1 0 1 1 1 0 0 55 Local Use 210 210 210 0xD2D2D2

1 1 1 0 0 0 0 0 56 Network Control Precedence 0 128 128 0x008080

1 1 1 0 0 1 0 0 57 Local Use 215 215 215 0xD7D7D7

1 1 1 0 1 0 0 0 58 Local Use 220 220 220 0xDCDCDC

1 1 1 0 1 1 0 0 59 Local Use 225 225 225 0xE1E1E1

1 1 1 1 0 0 0 0 60 Local Use 230 230 230 0xE6E6E6

1 1 1 1 0 1 0 0 61 Local Use 235 235 235 0xEBEBEB

1 1 1 1 1 0 0 0 62 Local Use 240 240 240 0xF0F0F0

1 1 1 1 1 1 0 0 63 Local Use 245 245 245 0xF5F5F5 

To find out what type of QoS Stamp is shown in Simulation Mode, look at the second screenshot above as an example. You can see that there is a QoS Stamp on the EIGRP packet that is at QoS_Router. Click on the EIGRP packet where the QoS Stamp appears to open the EIGRP packet's PDU information. Next, click on the Outbound PDU Details tab to reveal the headers in the EIGRP packet (refer to the "PDU Information" page for more details). The field that determines the QoS Stamp's type is the DSCP field. In this EIGRP packet, the DSCP value is 0xe0, which is a hexadecimal value. This hexadecimal value needs to be converted into decimal, which is 224. However, 224 is not in S0-D2 column in the ToS/DiffServ color table. This is because the value has been bit-shifted two places to the left. As a result, it is necessary to unshift the value in order to use the ToS/DiffServ Color Table. To do this, take the DSCP value and divide it twice. In this example, since the value is 224, 224 / 2 = 112, 112 / 2 = 56. For the value of 56, the S0-D2 column in the ToS/DiffServ Color Table indicates that this QoS Stamp is a Network Control Precedence type.

 

By default, Packet Tracer shows QoS Stamps in Simulation Mode. To prevent QoS Stamps from appearing, go to Preferences and uncheck Show QoS Stamps on Packets.

Simulation Mode: PDU Information

During a simulation, you can click on a packet (on the topology or the corresponding event in the Event List) to bring up its information window and view its details. The details window contains three possible tabs: OSI Model, Inbound PDU Details, and Outbound PDU Details.

 

The OSI Model tab shows how the packet is processed at each layer of the OSI model by the current device. The process is further separated by the direction in which the packets are traveling, incoming versus outgoing. The incoming layers (In Layer) show how the device processes an incoming or a buffered packet, and the outgoing layers (Out Layer) show the process a device goes through when it sends a packet to one or multiple ports.

The In Layer is meant to be read starting from bottom to top (from Layer 1 to Layer 7), while the Out Layer is read from top to bottom (from Layer 7 to Layer 1). This is because the physical layer is the first layer at which incoming PDUs are processed, and it is the last layer at which outgoing PDUs are processed when they exit the device.

 The Inbound PDU Details tab only applies if the PDU you clicked on is being received on the device; it will not appear if the PDU originated from that device. The tab shows exactly what is in the headers of the PDU, broken up into header type and the individual fields in each header. For example, a PDU may have an Ethernet II and an ARP header, so the tab will show information such as the preamble, FCS, and source and destination addresses.

The Outbound PDU Details tab shows similar information for outgoing packets. This tab only applies if the device has a PDU to send.

Most of the time, a device will receive a PDU and then, as a result, send out a PDU. In this case, both the Inbound PDU Details and the Outbound PDU Details tabs apply.

 

Challenge ModeYou can quiz yourself on the encapsulation process by entering Challenge Mode when viewing PDU information. Click the Challenge Me button to do so. The layer details are hidden, and the information window is replaced by a question window that asks you what the device does to a PDU at a given layer. Select from a multiple-choice list. If you answer correctly, the details for that layer are shown and the question window advances to the next layer. You can click the Hint button if you need help. 

 Each Challenge Question may contain the following answers: 

Encapsulate: Adds a header or a header and trailer to the PDU on this layer to create the PDU at the next lower layer. De-encapsulate: Removes a header or a header and trailer from the PDU on this layer to create the PDU at the next higher layer.

Transfer: Moves the PDU from the inbound OSI stack to the outbound OSI stack. Accept: Accepts and finishes processing of the PDU. Queue: Holds the PDU for processing or sending at a later time. Drop: Eliminates the PDU. Transmit: Sends the signal out the physical media.

PDU Color Legend

Simulation Mode: Managing Simulation Scenarios

In Packet Tracer, you can set up and simulate complex networking situations (scenarios) through the User Created Packet Window (UCPW) found on the lower right corner of the application. A scenario is a set of PDUs that you have placed in the network to be sent at specific times. When you first switch to Simulation Mode, the default scenario is "Scenario 0." You can edit the name of the scenario, and you can write a description for the scenario by clicking the Scenario Description icon next to its name. You can create and delete scenarios with the New and Delete buttons, and you can switch between scenarios by choosing from the scenario drop-down menu. Multiple scenarios can be created for one logical topology, corresponding to different test conditions you may want to model. Note the contrast between the UCPW (packets you create) and the event list (all packets occurring anywhere on the network that you chose to display, whether or not they were originated by you or by protocols running on the network devices).

The Protocol Data Units List is an important part of the UCPW that tracks all of the PDUs you created for the current scenario. You can put the Protocol Data Units List in its own window on the workspace by pressing the Toggle PDU List Window button. Click the button again to integrate it back into the UCPW. 

 Each PDU in the PDU list has the following fields:

 

Fire: You can double click on this field to "send" the PDU immediately in realtime mode or queue for transmission in simulation mode. Last Status: This field indicates the last known status of the PDU (Successful, Fail, or In Progress). Source: This field shows the name of the device from which the PDU originated. Destination: This field shows the name of the device that the PDU is ultimately trying to reach. Type: This field specifies the PDU protocol type. Color: This field shows PDU color as it appears in the animation. (See the tip box below for information about changing the PDU color.) Time: This field displays the simulation time (or timeframe) at which the PDU is scheduled to be sent. Periodic: This field indicates whether the PDU is to be sent periodically (Y) or not (N). Num: This field shows a numerical index for the PDU. Edit: You can double click this button to edit the PDU properties. (See the next page, "Custom PDUs", for more details.) Delete: You can double click this button to remove the PDU from the list. (It will no longer be part of the scenario.)

User-created PDUs are initially assigned a random color in the animation. You can double click the colored "tile" of a PDU in the Protocol Data Units List to bring up the Color Selector of the PDU and then change the color.

 

You can rearrange the placement of each of the fields in the Protocol Data Units List by dragging the title of a field to the desired position.

 

Note that user-created PDUs are not "cleared" from the Protocol Data Units List when the simulation restarts (such as by pressing the Reset Simulation button). Restarting the scenario simply clears all PDUs currently propagating in the network and resets the simulation time. The PDUs on the Protocol Data Units List will propagate the network at their specified times when you run the scenario again. To remove a PDU you created, select it on the Protocol Data Units List and double click its Delete button.

Simulation Mode: Complex PDUs

In addition to simple, quick pings, you can also send customized PDUs. In the Common Tools Bar, click the Add Complex PDU icon, and then click your source device to bring up the Create Complex PDU dialogue. You can choose which port that the PDU will be sent out (or leave it at the default). You can also change the type of the PDU by selecting from the list of applications. Depending on the application and device, the PDU may have the following settings: Destination IP Address, Source IP Address, TTL (Time-To-Live), TOS (Type of Service), Source Port, Destination Port, Sequence Number, and Size.

Packet Tracer supports custom PDUs with source and destination ports corresponding to the following application layer protocols:

DNS, Finger, FTP, HTTP, HTTPS, IMAP, NetBIOS, Ping, POP3, SFTP, SMTP, SNMP, SSH, Telnet, TFTP, Other

 

You can also set the timing parameters of the PDU. The PDU can be a One Shot event; it is to be sent at a time you specify (in seconds). Alternatively, the PDU can be a Periodic event; it will be sent periodically at intervals you specify (also in seconds).

Simulation Mode: Special Notes

Editing the Network and Using the Cisco IOS in Simulation ModeAlthough Realtime Mode is the preferred mode for network configuration, you can also edit the network directly in Simulation Mode. You have full access to the Common Tools Bar and the Network Component Box. You also retain access to the Cisco IOS (or in the case of the PC, the command prompt). When you work with the IOS in Simulation Mode, the network responds to most of your command sequences in realtime. For example, when you issue the shutdown command on a port, that port will go down immediately. Any command that does not involve the propagation of PDUs in the network will have a realtime response. Command sequences that do cause or affect the propagation of PDUs will require the user to click the Auto Capture / Play or Capture / Forward button in order to see the results. For example, after you issue the ping command sequence from the IOS on a router, the appropriate PDU animation icons will appear on the workspace (as if you had used the Add Simple PDU button), but you would need to click the Auto Capture / Play or Capture / Forward button to watch the PDUs propagate. The IOS status messages or indicators will synchronize with the events of the simulation and play speed, appearing to be very slow. Note that packets created by IOS commands do not appear on the User Created PDU List.

 

Time Management Between Realtime and Simulation ModeRealtime Mode and Simulation Mode share a common "master" timeline. The master timeline is transparent to the user; you cannot "see" it in numerical form. The master timeline only moves forward; you cannot "reset" it or move backwards in time. The master timeline is always advancing when you are in Realtime Mode (moving at the modeled speed of realtime as shown in the Realtime/Simulation Bar). When you switch to Simulation Mode, the master timeline pauses and falls somewhat under your control. At that point, you will be running under simulation time, which can be thought of as a "segment" of the master timeline. You can use the Auto Capture / Play or Capture / Forward buttons to move forward in simulation time, which will cause the master timeline to advance accordingly. You can use the Back button to view a previous network state; however, time does not actually "travel backward". The master timeline will remain at its "most-forward" state. For example, if Event A occurs, and then you use the Back button to move back in time to create Event B, the result will not be what you would expect. When you play this scenario, Event B will take place after Event A, even if you think you have "forced" Event B to occur first. Thus, it is impossible to interfere or pre-empt an event that already has occurred, and you should not consider using the Back button for that purpose. If you clear the event list, the simulation time will restart at 0.000, but the master time will continue from the last event.

When you switch back to Realtime Mode, the master timeline will continue off of the last event in Simulation Mode and move forward at realtime speed again. If you started some event in Simulation Mode, and then switch to Realtime Mode, that event will continue and finish in realtime. For example, if you created a ping between two devices in Simulation Mode and then you switch to Realtime Mode, that ping will proceed (even if you have not pressed the Auto Capture / Play or Capture / Forward button back in Simulation Mode). One of the powerful features of Packet Tracer is the ability to manipulate time and events on the model network; however, be aware that interpreting intermediate results, like viewing switching and routing tables while network protocols are still converging, can be a complex task.

Connections / Links

Packet Tracer supports a wide range of network connections. Each cable type can only be connected to certain interface types.

Cable Type Description

ConsoleConsole connections can be made between PCs and routers or switches. Certain conditions must be met for the console session from the PC to work: the speed on both sides of the connection must be the same, the data bits must be 7 for both or 8 for both, the parity must be the same, the stop bits must be 1 or 2 (but they do not have to be the same), and the flow control can be anything for either side.

Copper Straight-through

This cable type is the standard Ethernet media for connecting between devices that operate at different OSI layers (such as hub to router, switch to PC, and router to hub). It can be connected to the following port types: 10 Mbps Copper (Ethernet), 100 Mbps Copper (Fast Ethernet), and 1000 Mbps Copper (Gigabit Ethernet).

Copper Cross-overThis cable type is the Ethernet media for connecting between devices that operate at the same OSI layer (such as hub to hub, PC to PC, PC to printer). It can be connected to the following port types: 10 Mbps Copper (Ethernet), 100 Mbps Copper (Fast Ethernet), and 1000 Mbps Copper (Gigabit Ethernet).

FiberFiber media is used to make connections between fiber ports (100 Mbps or 1000 Mbps).

PhonePhone line connections can only be made between devices with modem ports. The standard application for modem connections is an end device (such as a PC) dialing into a network cloud.

CoaxialCoaxial media is used to make connections between coaxial ports such as a cable modem connected to a Packet Tracer Cloud.

Serial DCE and DTE

Serial connections, often used for WAN links, must be connected between serial ports. Note that you must enable clocking on the DCE side to bring up the line protocol. The DTE clocking is optional. You can tell which end of the connection is the DCE side by the small “clock” icon next to the port. If you choose the Serial DCE connection type and then connect two devices, the first device will be the DCE side and the second device will be automatically set to the DTE side. The reverse is true if you choose the Serial DTE connection type.

OctalThe 8-port asynchronous cable provides the high-density connector on one end and eight RJ-45 plugs on the other.

 

Wireless LinksYou can establish wireless links between access points and end devices (PCs, servers, and printers). To establish a link, simply remove the existing module on an end device, insert a wireless module, and turn on the device. The device will automatically try to associate itself with an access point. Typically, this means it will associate (physically) with the nearest access point. See the Wireless Devices page under the Physical Workspace section for more information regarding distances. However, if two or more access points are in the same closet, the distance from any access point to

any end device is essentially the same. In this case, an end device will associate with the access point that was created first. Recall that the logical topology does not reflect physical distances, and everything that is created in the Logical Workspace is initially placed in the same wiring closet in the Physical Workspace. The process for establishing wireless links between Linksys routers and end devices with Linksys network modules is similar, but described elsewhere.

 

Link StatusWhen you connect two devices, you will typically see link lights on both ends of the connection. Some connections do not have link lights.

Link Light Status Meaning

Bright green The physical link is up. However, this is not indicative of the line protocol status on the link.

Blinking green There is link activity.

Red The physical link is down. It is not detecting any signals.

Amber The port is in a blocking state due to STP. This appears only on switches.

Black This is used by console connections only. Black color indicates the console cable is connected to the correct port.

Devices and Modules

Packet Tracer supports a wide array of modules for networking devices. To change a module in any device, you must first turn off the power for that device. There is a power switch available on the Physical page of any device that can change modules. If the module slot is filled you must drag the existing module out of the device and over to the modules list and then release it. If you are not in the correct place the module will return to the slot. After removing the original module select and drag the new module from the list of modules to directly over the open slot. When the module appears in the open slot, turn the power back on. Note, when you turn off switches or routers and then turn them back on, they will load their startup configuration files. If you do not save the running configuration, it will be lost.

When the network contains routers or switches, develop a habit of saving their running configurations to the startup configuration before you press their power buttons (or the Power Cycle Devices button).

 

Physical Configuration and Module ListWhen you click on a device in the workspace, you are first presented with the Physical Device View of the selected device. You will see an interactive photo on the main panel and a list of compatible modules on the left. You can interact with the device by pressing its power button, adding a module by dragging it from the list into a compatible bay, or removing a module by dragging it from the bay back to the list. You can also zoom in and out of the photo with the zoom controls. The pages in this section show all of the Packet Tracer devices and their supported modules. On these pages, you can click on the thumbnail image of each device or module to view a larger image.

Devices and Modules: Routers

All images on this page are thumbnails on which you can click to bring up a larger image.

 Router: 1841

 The Cisco 1841 Integrated Services Router provides two fixed 10/100 (100BASE-TX) Ethernet ports, two integrated High-Speed WAN Interface Card (HWIC) slots that are compatible with WAN Interface Card (WICs) and Voice/WAN Interface Cards (VWICs), and one internal Advanced Integration Module (AIM) slot.

Module Name Thumbnails Description

HWIC-2T The HWIC-2T is a Cisco 2-Port Serial High-Speed WAN Interface Card, providing 2 serial ports.

HWIC-4ESW The HWIC-4ESW provides four switching ports.

HWIC-8A The HWIC-8A provides up to eight asynchronous EIA-232 connections to console ports.

HWIC-AP-AG-B The HWIC-AP-AG-B module is a High-Speed WAN Interface Card providing integrated Access Point functionality in the Cisco 1800 (Modular), Cisco 2800, and Cisco 3800 Integrated Services Routers. It supports Single Band 802.11b/g or Dual Band 802.11a/b/g radios.

WIC-1AM The WIC-1AM card features dual RJ-11 connectors, which are used for basic telephone service connections. The WIC-1AM uses one port for connection to a standard telephone line, and the other port can be connected to a basic analog telephone for use when the modem is idle.

WIC-1ENET The WIC-1ENET is a single-port 10 Mbps Ethernet interface card, for use with 10BASE-T Ethernet LANs.

WIC-1T The WIC-1T provides a single port serial connection to remote sites or legacy serial network devices such as Synchronous Data Link Control (SDLC) concentrators, alarm systems, and packet over SONET (POS) devices.

WIC-2AM The WIC-2AM card features dual RJ-11 connectors, which are used for basic telephone service connections. The WIC-2AM has two modem ports to allow multiple data communication connections.

WIC-2T The 2-port asynchronous/synchronous serial network module provides flexible multi-protocol support, with each port individually configurable in synchronous or asynchronous mode, offering mixed media dial support in a single chassis. Applications for asynchronous/synchronous support include: low speed WAN aggregation (up to 128 Kbps), dial-up modem support, Async or Sync connections to management ports of other equipment, and transport of legacy protocols such as Bi-sync and SDLC.

WIC-Cover The WIC cover plate provides protection for the internal electronic components. It also helps maintain adequate cooling by normalizing airflow.

 

Router: 1941

 The Cisco 1941 Integrated Services Router (ISR) provides 2 integrated 10/100/1000 Ethernet ports, 2 WAN Interface Card (WIC) slots and 1 Internal Services Module slot.

Module Name Thumbnails Description

HWIC-2T The HWIC-2T is a Cisco 2-Port Serial High-Speed WAN Interface Card, providing 2 serial ports.

HWIC-4ESW The HWIC-4ESW provides four switching ports.

HWIC-8A The HWIC-8A provides up to eight asynchronous EIA-232 connections to console ports.

WIC-Cover The WIC cover plate provides protection for the internal electronic components. It also helps maintain adequate cooling by normalizing airflow.

 

Router: 2620XM

 

The Cisco 2620XM Multiservice Router provides a one-network module slot platform with one fixed 10/100 (100BASE-TX) Ethernet port, two integrated WAN Interface Card (WIC) slots, and one Advanced Integration Module (AIM) slot.

Module Name Thumbnails Description

NM-1E The NM-1E features a single Ethernet port that can connect a LAN backbone which can also support either six PRI connections to aggregate ISDN lines, or 24 synchronous/asynchronous ports.

NM-1E2W The NM-1E2W provides a single Ethernet port with two WIC slots that can support a single Ethernet LAN, together with two serial/ISDN backhaul lines, and still allow multiple serial or ISDN in the same chassis.

NM-1FE-FX The NM-1FE-FX Module provides one Fast-Ethernet interface for use with fiber media. Ideal for a wide range of LAN applications, the Fast Ethernet network modules support many internetworking features and standards. Single port network modules offer autosensing 10/100BaseTX or 100BaseFX Ethernet.

NM-1FE-TX The NM-1FE-TX Module provides one Fast-Ethernet interface for use with copper media. Ideal for a wide range of LAN applications, the Fast Ethernet network modules support many internetworking features and standards. Single port network modules offer autosensing 10/100BaseTX or 100BaseFX Ethernet. The TX (copper) version supports virtual LAN (VLAN) deployment.

NM-1FE2W The NM-1FE2W Module provides one Fast-Ethernet interface for use with copper media, in addition to two Wan Interface Card expansion slots. Ideal for a wide range of LAN applications, the Fast Ethernet network modules support many internetworking features and standards. Single port network modules offer autosensing 10/100BaseTX or 100BaseFX Ethernet. The TX (copper) version supports virtual LAN (VLAN) deployment.

NM-2E2W The NM-2E2W provides two Ethernet ports with two WIC slots that can support two Ethernet LANs, together with two serial/ISDN backhaul lines, and still allow multiple serial or ISDN in the same chassis.

NM-2FE2W The NM-2FE2W Module provides two Fast-Ethernet interfaces for use with copper media, in addition to two Wan Interface Card expansion slots. Ideal for a wide range of LAN applications, the Fast Ethernet network modules support many internetworking features and standards.

NM-2W The NM-2W Module provides two WAN Interface Card expansion slots. It can be used with a broad range of interface cards, supporting a diverse array of physical media and network protocols.

NM-4A/S The 4-port asynchronous/synchronous serial network module provides flexible multi-protocol support, with each port individually configurable in synchronous or asynchronous mode, offering mixed-media dial support in a single chassis. Applications for Asynchronous/Synchronous support include: Low speed WAN aggregation (up to 128 Kbps), dial-up modem support, Async or Sync connections to management ports of other equipment, and transport of legacy protocols such as Bi-sync and SDLC.

NM-4E The NM-4E features four Ethernet ports for multifunction solutions that require higher-density Ethernet than the mixed-media network modules.

NM-8A/S The 8-port asynchronous/synchronous serial network module provides flexible multi-protocol support, with each port individually configurable in synchronous or asynchronous mode, offering mixed-media dial support in a single chassis. Applications for Asynchronous/Synchronous support include: Low speed WAN aggregation (up to 128 Kbps), dial-up modem support, Async or Sync connections to management ports of other equipment, and transport of legacy protocols such as Bi-sync and SDLC.

NM-8AM The NM-8AM Integrated V.92 analog modem network module provides cost-effective analog telephone service connectivity for lower-density remote-access service (RAS), dial-out and fax-out modem access, asynchronous dial-on-demand routing (DDR) plus dial backup, and remote router management. Both the 8-port and 16-port versions use RJ-11 jacks to connect the integrated modems to basic analog telephone lines on the public switched telephone network (PSTN) or private telephony systems.

NM-Cover The NM cover plate provides protection for the internal electronic components. It also helps maintain adequate cooling by normalizing airflow.

WIC-1AM The WIC-1AM card features dual RJ-11 connectors, which are used for basic telephone service connections. The WIC-1AM uses one port for connection to a standard telephone line, and the other port can be connected to a basic analog telephone for use when the modem is idle.

WIC-1T The WIC-1T provides a single port serial connection to remote sites or legacy serial network devices such as Synchronous Data Link Control (SDLC) concentrators, alarm systems, and packet over SONET (POS) devices.

WIC-2AM The WIC-2AM card features dual RJ-11 connectors, which are used for basic telephone service connections. The WIC-2AM has two modem ports to allow multiple data communication connections.

WIC-2T The 2-port asynchronous/synchronous serial network module provides flexible multi-protocol support, with each port individually configurable in synchronous or asynchronous mode, offering mixed media dial support in a single chassis. Applications for asynchronous/synchronous support include: low speed WAN aggregation (up to 128 Kbps), dial-up modem support, Async or Sync connections to management ports of other equipment, and transport of legacy protocols such as Bi-sync and SDLC.

WIC-Cover The WIC cover plate provides protection for the internal electronic components. It also helps maintain adequate cooling by normalizing airflow.

 

Router: 2621XM

 The Cisco 2621XM Multiservice Router provides a one-network module slot platform with two fixed 10/100 (100BASE-TX) Ethernet ports, two integrated WAN Interface Card (WIC) slots, and one Advanced Integration Module (AIM) slot.

The 2621XM supports the same modules that the 2620XM supports.

 

Router: 2811

 The Cisco 2811 Integrated Services Router provides one Enhanced Network-Module slot with two fixed 10/100 (100BASE-TX) Ethernet ports, four integrated High-Speed WAN Interface Card (HWIC) slots that are compatible with WAN Interface Card (WICs), Voice Interface Cards (VICs) and Voice/WAN Interface Cards (VWICs), and dual Advanced Integration Module (AIM) slots.

Module Name Thumbnails Description

NM-1E The NM-1E features a single Ethernet port that can connect a LAN backbone which can also support either six PRI connections to aggregate ISDN lines, or 24 synchronous/asynchronous ports.

NM-1E2W The NM-1E2W provides a single Ethernet port with two WIC slots that can support a single Ethernet LAN, together with two serial/ISDN backhaul lines, and still allow multiple serial or ISDN in the same chassis.

NM-1FE-FX The NM-1FE-FX Module provides one Fast-Ethernet interface for use with fiber media. Ideal for a wide range of LAN applications, the Fast Ethernet network modules support many internetworking features and standards. Single port network modules offer autosensing 10/100BaseTX or 100BaseFX Ethernet.

NM-1FE-TX The NM-1FE-TX Module provides one Fast-Ethernet interface for use with copper media. Ideal for a wide range of LAN applications, the Fast Ethernet network modules support many internetworking features and standards. Single port network modules offer autosensing 10/100BaseTX or 100BaseFX Ethernet. The TX (copper) version supports virtual LAN (VLAN) deployment.

NM-1FE2W The NM-1FE2W Module provides one Fast-Ethernet interface for use with copper media, in addition to two Wan Interface Card expansion slots. Ideal for a wide range of LAN applications, the Fast Ethernet network modules support many internetworking features and standards. Single port network modules offer autosensing 10/100BaseTX or 100BaseFX Ethernet. The TX (copper) version supports

virtual LAN (VLAN) deployment.

NM-2E2W The NM-2E2W provides two Ethernet ports with two WIC slots that can support two Ethernet LANs, together with two serial/ISDN backhaul lines, and still allow multiple serial or ISDN in the same chassis.

NM-2FE2W The NM-2FE2W Module provides two Fast-Ethernet interfaces for use with copper media, in addition to two Wan Interface Card expansion slots. Ideal for a wide range of LAN applications, the Fast Ethernet network modules support many internetworking features and standards.

NM-2W The NM-2W Module provides two WAN Interface Card expansion slots. It can be used with a broad range of interface cards, supporting a diverse array of physical media and network protocols.

NM-4A/S The 4-port asynchronous/synchronous serial network module provides flexible multi-protocol support, with each port individually configurable in synchronous or asynchronous mode, offering mixed-media dial support in a single chassis. Applications for Asynchronous/Synchronous support include: Low speed WAN aggregation (up to 128 Kbps), dial-up modem support, Async or Sync connections to management ports of other equipment, and transport of legacy protocols such as Bi-sync and SDLC.

NM-4E The NM-4E features four Ethernet ports for multifunction solutions that require higher-density Ethernet than the mixed-media network modules.

NM-8A/S The 8-port asynchronous/synchronous serial network module provides flexible multi-protocol support, with each port individually configurable in synchronous or asynchronous mode, offering mixed-media dial support in a single chassis. Applications for Asynchronous/Synchronous support include: Low speed WAN aggregation (up to 128 Kbps), dial-up modem support, Async or Sync connections to management ports of other equipment, and transport of legacy protocols such as Bi-sync and SDLC.

NM-8AM The NM-8AM Integrated V.92 analog modem network module provides cost-effective analog telephone service connectivity for lower-density remote-access service (RAS), dial-out and fax-out modem access, asynchronous dial-on-demand routing (DDR) plus dial backup, and remote router management. Both the 8-port and 16-port versions use RJ-11 jacks to connect the integrated modems to basic analog telephone lines on the public switched telephone network (PSTN) or private telephony systems.

NM-Cover The NM cover plate provides protection for the internal electronic components. It also helps maintain adequate cooling by normalizing airflow.

NM-ESW-161 The NM-ESW-161 provides 16 switching ports.

HWIC-2T The HWIC-2T is a Cisco 2-Port Serial High-Speed WAN Interface Card, providing 2 serial ports.

HWIC-4ESW The HWIC-4ESW provides four switching ports.

HWIC-8A The HWIC-8A provides up to eight asynchronous EIA-232 connections to console ports.

HWIC-AP-AG-B The HWIC-AP-AG-B module is a High-Speed WAN Interface Card providing integrated Access Point functionality in the Cisco 1800 (Modular), Cisco 2800, and Cisco 3800 Integrated Services Routers. It supports Single Band 802.11b/g or Dual Band 802.11a/b/g radios.

WIC-1AM The WIC-1AM card features dual RJ-11 connectors, which are used for basic telephone service connections. The WIC-1AM uses one port for connection to a standard telephone line, and the other port can be connected to a basic analog telephone for use when the modem is idle.

WIC-1ENET The WIC-1ENET is a single-port 10 Mbps Ethernet interface card, for use with 10BASE-T Ethernet LANs.

WIC-1T The WIC-1T provides a single port serial connection to remote sites or legacy serial network devices such as Synchronous Data Link Control (SDLC) concentrators, alarm systems, and packet over SONET (POS) devices.

WIC-2AM The WIC-2AM card features dual RJ-11 connectors, which are used for basic telephone service connections. The WIC-2AM has two modem ports to allow multiple data communication connections.

WIC-2T The 2-port asynchronous/synchronous serial network module provides flexible multi-protocol support, with each port individually configurable in synchronous or asynchronous mode, offering mixed media dial support in a single chassis. Applications for asynchronous/synchronous support include: low speed WAN aggregation (up to 128 Kbps), dial-up modem support, Async or Sync connections to management ports of other equipment, and transport of legacy protocols such as Bi-sync and SDLC.

WIC-Cover The WIC cover plate provides protection for the internal electronic components. It also helps maintain adequate cooling by normalizing airflow.

 

Router: 2901

 The Cisco 2901 Integrated Services Router (ISR) provides 2 integrated 10/100/1000 Ethernet ports, 4 enhanced high-speed WAN interface card (WIC) slots, 2 onboard digital signal processor (DSP) slots and 1 onboard Internal Service Module for application services.

Module Name Thumbnails Description

HWIC-2T The HWIC-2T is a Cisco 2-Port Serial High-Speed WAN Interface Card, providing 2 serial ports.

HWIC-4ESW The HWIC-4ESW provides four switching ports.

HWIC-8A The HWIC-8A provides up to eight asynchronous EIA-232 connections to console ports.

WIC-Cover The WIC cover plate provides protection for the internal electronic components. It also helps maintain adequate cooling by normalizing airflow.

 

Router: 2911

 The Cisco 2901 Integrated Services Router (ISR) provides 2 integrated 10/100/1000 Ethernet ports, 4 enhanced high-speed WAN interface card (WIC) slots, 2 onboard digital signal processor (DSP) slots and 1 onboard Internal Service Module for application services.

Module Name Thumbnails Description

HWIC-2T The HWIC-2T is a Cisco 2-Port Serial High-Speed WAN Interface Card, providing 2 serial ports.

HWIC-4ESW The HWIC-4ESW provides four switching ports.

HWIC-8A The HWIC-8A provides up to eight asynchronous EIA-232 connections to console ports.

WIC-Cover The WIC cover plate provides protection for the internal electronic components. It also helps maintain adequate cooling by normalizing airflow.

 

Router: Router-PT

The Router-PT generic router provides ten slots, one console port, and one auxiliary port.

Module Name Thumbnail Description

PT-ROUTER-NM-1AM The PT-ROUTER-NM-1AM card features dual RJ-11 connectors, which are used for basic telephone service connections. The WIC-1AM uses one port for connection to a standard telephone line, and the other port can be connected to a basic analog telephone for use when the modem is idle.

PT-ROUTER-NM-1CE The PT-ROUTER-NM-1CE features a single Ethernet port that can connect a LAN backbone which can also support either six PRI connections to aggregate ISDN lines, or 24 synchronous/asynchronous ports.

PT-ROUTER-NM-1CFE The PT-ROUTER-NM-1CFE Module provides one Fast-Ethernet interface for use with copper media. Ideal for a wide range of LAN applications, the Fast Ethernet network modules support many internetworking features and standards. Single port network modules offer autosensing 10/100BaseTX or 100BaseFX Ethernet. The TX (copper) version supports virtual LAN (VLAN) deployment.

PT-ROUTER-NM-1CGE The single-port Cisco Gigabit Ethernet Network Module (part number PT-ROUTER-NM-1CGE) provides Gigabit Ethernet copper connectivity for access routers. The module is supported by the Cisco 2691, Cisco 3660, Cisco 3725, and Cisco 3745 series routers. This network module has one gigabit interface converter (GBIC) slot to carry any standard copper or optical Cisco GBIC.

PT-ROUTER-NM-1FFE The PT-ROUTER-NM-1FFE Module provides one Fast-Ethernet interface for use with fiber media. Ideal for a wide range of LAN applications, the Fast Ethernet network modules support many internetworking features and standards. Single port network modules offer autosensing 10/100BaseTX or 100BaseFX Ethernet.

PT-ROUTER-NM-1FGE The single-port Cisco Gigabit Ethernet Network Module (part number PT-ROUTER-NM-1FGE) provides Gigabit Ethernet copper connectivity for access routers. The module is supported by the Cisco 2691, Cisco 3660, Cisco 3725, and Cisco 3745 series routers. This network module has one gigabit interface converter (GBIC) slot to carry any standard copper or optical Cisco GBIC.

PT-ROUTER-NM-1S The PT-ROUTER-NM-1S provides a single port serial connection to remote sites or legacy serial network devices such as Synchronous Data Link Control (SDLC) concentrators, alarm systems, and packet over SONET (POS) devices.

PT-ROUTER-NM-1SS The 2-port asynchronous/synchronous serial network module provides flexible multi-protocol support, with each port individually configurable in synchronous or asynchronous mode, offering mixed media dial support in a single chassis. Applications for asynchronous/synchronous support include: low speed WAN aggregation (up to 128 Kbps), dial-up modem support, Async or Sync connections to management ports of other equipment, and transport of legacy protocols such as Bi-sync and SDLC.

Devices and Modules: Switches

All images on this page are thumbnails on which you can click to bring up a larger image.

 Switch: 2950-24

The Cisco Catalyst 2950-24 is a member of the Cisco Catalyst 2950 series switch family. It is a standalone, fixed-configuration, managed 10/100 switch providing user connectivity for small- to mid-sized networks.

It does not support add-in modules.

 

Switch: 2950T-24

The Cisco Catalyst 2950T-24 is a member of the Catalyst 2950 Series Intelligent Ethernet Switch family. It is a fixed-configuration, standalone switch that provides wire-speed Fast Ethernet and Gigabit Ethernet connectivity for mid-sized networks.

It does not support add-in modules.

 

Switch: 2960-24TT

The Cisco Catalyst 2960-24TT is a member of the Catalyst 2960 Series Intelligent Ethernet Switch family. It is a fixed-configuration, standalone switch that provides wire-speed Fast Ethernet and Gigabit Ethernet connectivity for mid-sized networks.

It does not support add-in modules.

 

Switch: Switch-PT

The Switch-PT generic switch provides ten slots, one console port, and one auxiliary port.

PT-SWITCH-NM-1CE The PT-SWITCH-NM-1CE features a single Ethernet port that can connect a LAN backbone which can also support either six PRI connections to aggregate ISDN lines, or 24 synchronous/asynchronous ports.

PT-SWITCH-NM-1CFE The PT-SWITCH-NM-1CFE Module provides one Fast-Ethernet interface for use with copper media. Ideal for a wide range of LAN applications, the Fast Ethernet network modules support many internetworking features and standards. Single port network modules offer autosensing 10/100BaseTX or 100BaseFX Ethernet. The TX (copper) version supports virtual LAN (VLAN) deployment.

PT-SWITCH-NM-1CGE The single-port Cisco Gigabit Ethernet Network Module (part number PT-SWITCH-NM-1CGE) provides Gigabit Ethernet copper connectivity for access routers. The module is supported by the Cisco 2691, Cisco 3660, Cisco 3725, and Cisco 3745 series routers. This network module has one gigabit interface converter (GBIC) slot to carry any standard copper or optical Cisco GBIC.

PT-SWITCH-NM-1FFE The PT-SWITCH-NM-1FFE Module provides one Fast-Ethernet interface for use with fiber media. Ideal for a wide range of LAN applications, the Fast Ethernet network modules support many internetworking features and standards. Single port network modules offer autosensing 10/100BaseTX or 100BaseFX Ethernet.

PT-SWITCH-NM-1FGE The single-port Cisco Gigabit Ethernet Network Module (part number PT-SWITCH-NM-1FGE) provides Gigabit Ethernet optical connectivity for access routers. The module is supported by the Cisco 2691, Cisco 3660, Cisco 3725, and Cisco 3745 series routers. This network module has one gigabit interface converter (GBIC) slot to carry any standard copper or optical Cisco GBIC.

 

Switch: 3560-24PS

The Cisco Catalyst 3560-24PS is a member of the Catalyst 3560 Series Intelligent Ethernet Switch family. It is a fixed-configuration, standalone switch that provides wire-speed Fast Ethernet and Gigabit Ethernet connectivity for mid-sized networks.

It does not support add-in modules.

 

Bridge-PT

This bridge provides two slots.

The bridge supports the same modules that the Switch-PT supports.

Devices and Modules: End Devices

All images on this page are thumbnails in which you can click to bring up a larger image.

 

PC-PT

The PC-PT provides a console port and one slot.

Module Name Thumbnail Description

Linksys-WMP300N The Linksys-WMP300N module provides one 2.4GHz wireless interface suitable for connection to wireless networks. The module supports protocols that use Ethernet for LAN access.

PC-HOST-NM-1AM The PT-HOST-NM-1AM card features dual RJ-11 connectors, which are used for basic telephone service connection. The WIC-1AM uses one port for connection to a standard telephone line, and the other port can be connected to a basic analog telephone for use when the modem is idle.

PC-HOST-NM-1CE The PT-HOST-NM-1CE features a single Ethernet port that can connect a LAN backbone which can also support either six PRI connections to aggregate ISDN lines, or 24 synchronous/asynchronous ports.

PC-HOST-NM-1CFE The PT-HOST-NM-1CFE Module provides 1 Fast-Ethernet interface for use with copper media. Ideal for a wide range of LAN applications, the Fast Ethernet network modules support many internetworking features and standards. Single port network modules offer autosensing 10/100BaseTX or 100BaseFX Ethernet. The TX (copper) version supports virtual LAN (VLAN) deployment.

PC-HOST-NM-1CGE The single-port Cisco Gigabit Ethernet Network Module (part number PT-HOST-NM-1CGE) provides Gigabit Ethernet copper connectivity for access routers. The module is supported by the Cisco 2691, Cisco 3660, Cisco 3725, and Cisco 3745 series routers. This network module has one gigabit interface converter (GBIC) slot to carry any standard copper or optical Cisco GBIC.

PC-HOST-NM-1FFE The PT-HOST-NM-1FFE Module provides 1 Fast-Ethernet interface for use with fiber media. Ideal for a wide range of LAN applications, the Fast Ethernet network modules support many internetworking features and standards. Single port network modules offer autosensing

10/100BaseTX or 100BaseFX Ethernet.

PC-HOST-NM-1FGE The single-port Cisco Gigabit Ethernet Network Module (part number PT-HOST-NM-1FGE) provides Gigabit Ethernet optical connectivity for access routers. The module is supported by the Cisco 2691, Cisco 3660, Cisco 3725, and Cisco 3745 series routers. This network module has one gigabit interface converter (GBIC) slot to carry any standard copper or optical Cisco GBIC.

PC-HOST-NM-1W The PT-HOST-NM-1W module provides one 2.4GHz wireless interface suitable for connection to wireless networks. The module supports protocols that use Ethernet for LAN access.

PC-HOST-NM-1W-A The PT-HOST-NM-1W-A module provides one 5GHz wireless interface suitable for connection to wireless 802.11a networks. The module supports protocols that use Ethernet for LAN access.

PC-HEADPHONE The headphone allows the user to listen to music and sounds from the computer.

PC-MICROPHONE The microphone allows the computer to record sound.

PC-CAMERA The camera allows the computer to capture images and movies.

PC-USB-HARD-DRIVE The USB hard drive adds extra external storage to the computer.

 

Laptop-PT

The Laptop-PT provides a console port and one slot.

Module Name Thumbnail Description

Linksys-WMP300N The Linksys-WPC300N module provides one 2.4GHz wireless interface suitable for connection to wireless networks. The module supports protocols that use Ethernet for LAN

access.

PC-LAPTOP-NM-1AM The PT-LAPTOP-NM-1AM card features dual RJ-11 connectors, which are used for basic telephone service connections. The WIC-1AM uses one port for connection to a standard telephone line, and the other port can be connected to a basic analog telephone for use when the modem is idle.

PC-LAPTOP-NM-1CE The PT-LAPTOP-NM-1CE features a single Ethernet port that can connect a LAN backbone which can also support either six PRI connections to aggregate ISDN lines, or 24 synchronous/asynchronous ports.

PC-LAPTOP-NM-1CFE The PT-LAPTOP-NM-1CFE Module provides one Fast-Ethernet interface for use with copper media. Ideal for a wide range of LAN applications, the Fast Ethernet network modules support many internetworking features and standards. Single port network modules offer autosensing 10/100BaseTX or 100BaseFX Ethernet. The TX (copper) version supports virtual LAN (VLAN) deployment.

PC-LAPTOP-NM-1CGE The single-port Cisco Gigabit Ethernet Network Module (part number PT-LAPTOP-NM-1CGE) provides Gigabit Ethernet copper connectivity for access routers. The module is supported by the Cisco 2691, Cisco 3660, Cisco 3725, and Cisco 3745 series routers. This network module has one gigabit interface converter (GBIC) slot to carry any standard copper or optical Cisco GBIC.

PC-LAPTOP-NM-1FFE The PT-LAPTOP-NM-1FFE Module provides one Fast-Ethernet interface for use with fiber media. Ideal for a wide range of LAN applications, the Fast Ethernet network modules support many internetworking features and standards. Single port network modules offer autosensing 10/100BaseTX or 100BaseFX Ethernet.

PC-LAPTOP-NM-1FGE The single-port Cisco Gigabit Ethernet Network Module (part number PT-LAPTOP-NM-1FGE) provides Gigabit Ethernet optical connectivity for access routers. The module is supported by the Cisco 2691, Cisco 3660, Cisco 3725, and Cisco 3745 series routers. This network module has one gigabit interface converter (GBIC) slot to carry any standard copper or optical Cisco GBIC.

PC-LAPTOP-NM-1W The PT-LAPTOP-NM-1W module provides one 2.4GHz wireless interface suitable for connection to wireless networks. The module supports protocols that use Ethernet for LAN access.

PC-LAPTOP-NM-1W-A The PT-LAPTOP-NM-1W-A module provides one 5GHz wireless interface suitable for connection to wireless 802.11a networks. The module supports protocols that use Ethernet for LAN access.

PC-HEADPHONE The headphone allows the user to listen to music and sounds from the computer.

PC-MICROPHONE The microphone allows the computer to record sound.

PC-CAMERA The camera allows the computer to capture images and movies.

PC-USB-HARD-DRIVE The USB hard drive adds extra external storage to the computer.

 

Server-PT

The Server-PT provides two slots.

The Server-PT supports the same modules as the PC-PT except for the PC-HOST-NM-1AM module.

 

Printer-PT

The Printer-PT provides one slot.

The Printer-PT supports the same modules as the PC-PT except for the PC-HOST-NM-1AM module.

 

7960

The 7960 IP Phone only provides a port for the power adapter.

Module Name Thumbnail Description

IP_PHONE_POWER_ADAPTER The Cisco VoIP power adapter.

 

Home-VoIP-PT

The Home-VoIP-PT does not support modules.

 

Analog-Phone-PT

The Analog-Phone-PT does not support modules.

 

TV-PT

The TV-PT does not support modules.

 

TabletPC-PT

The TabletPC-PT does not support modules. However, it has a built-in Wireless interface.

 

PDA-PT

The PDA-PT does not support modules. However, it has a built-in Wireless interface.

 

WirelessEndDevice-PT

The WirelessEndDevice-PT does not support modules. However, it has a built-in Wireless interface.

 

WiredDevice-PT

The WiredDevice-PT does not support modules. However, it has a built-in FastEthernet interface.

Devices and Modules: Other Devices

All images on this page are thumbnails on which you can click to bring up a larger image.

 Hub-PT

The Hub-PT provides ten slots.

Module Name Thumbnail Description

PT-REPEATER-NM-1CE The PT-REPEATER-NM-1CE features a single Ethernet port that can connect a LAN backbone which can also support either six PRI connections to aggregate ISDN lines, or 24 synchronous/asynchronous ports.

PT-REPEATER-NM-1CFE The PT-REPEATER-NM-1CFE Module provides one Fast-Ethernet interface for use with copper media. Ideal for a wide range of LAN applications, the Fast Ethernet network modules support many internetworking features and standards. Single port network modules offer autosensing 10/100BaseTX or 100BaseFX Ethernet. The TX (copper) version supports virtual LAN (VLAN) deployment.

PT-REPEATER-NM-1CGE The PT-REPEATER-NM-1CFE Module provides one Fast-Ethernet interface for use with copper media. Ideal for a wide range of LAN applications, the Fast Ethernet network modules support many internetworking features and standards. Single port network modules offer autosensing 10/100BaseTX or 100BaseFX Ethernet. The TX (copper) version supports virtual LAN (VLAN) deployment.

PT-REPEATER-NM-1FFE The PT-REPEATER-NM-1FFE Module provides one Fast-Ethernet interface for use with fiber media. Ideal for a wide range of LAN applications, the Fast Ethernet network modules support many internetworking features and standards. Single port network modules offer autosensing 10/100BaseTX or 100BaseFX Ethernet.

PT-REPEATER-NM-1FGE The single-port Cisco Gigabit Ethernet Network Module (part number PT-REPEATER-NM-1FGE) provides Gigabit Ethernet optical connectivity for access routers. The module is supported by the Cisco 2691, Cisco 3660, Cisco 3725, and Cisco 3745 series routers. This network module has one gigabit interface converter (GBIC) slot to carry any standard copper or optical Cisco GBIC.

 

Repeater-PT

The Repeater-PT provides two slots.

The Repeater-PT supports the same modules that the Hub-PT supports.

 

CoAxialSplitter-PT

The CoAxialSplitter-PT does not support modules.

 

AccessPoint-PT

The AccessPoint-PT has a built-in antenna and provides one slot.

The AccessPoint-PT supports the same modules that the Hub-PT supports.

 

AccessPoint-PT-A

The AccessPoint-PT-A has a built-in antenna and provides one slot.

The AccessPoint-PT-A supports the same modules that the Hub-PT supports.

 

AccessPoint-PT-N

The AccessPoint-PT-N has a built-in antenna and provides one slot.

The AccessPoint-PT-N supports the same modules that the Hub-PT supports.

 

Linksys-WRT300N

The Linksys-WRT300N wireless router has a built-in antenna and provides four fixed 10/100 (100BASE-TX) Ethernet ports and one fixed Internet port (also 100BASE-TX, typically for connection to cable and DSL modems).

The Linksys-WRT300N wireless router does not support modules.

 

Cloud-PT

Although a cloud is not a single device, Packet Tracer gives you access to a representation of a cloud. It provides ten slots, a console port, and an auxiliary port.

Device Name Thumbnail Description

PT-CLOUD-NM-1AM The PT-CLOUD-NM-1AM card features dual RJ-11 connectors, which are used for basic telephone service connections. The WIC-1AM uses one port for connection to a standard telephone line, and the other port can be connected to a basic analog telephone for use when the modem is idle.

PT-CLOUD-NM-1CE The PT-CLOUD-NM-1CE features a single Ethernet port that can connect a LAN backbone which can also support either six PRI connections to aggregate ISDN lines, or 24 synchronous/asynchronous ports.

PT-CLOUD-NM-1CFE The PT-CLOUD-NM-1CFE Module provides one Fast-Ethernet interface for use with copper media. Ideal for a wide range of LAN applications, the Fast Ethernet network modules support

many internetworking features and standards. Single port network modules offer autosensing 10/100BaseTX or 100BaseFX Ethernet. The TX (copper) version supports virtual LAN (VLAN) deployment.

PT-CLOUD-NM-1CGE The single-port Cisco Gigabit Ethernet Network Module (part number PT-CLOUD-NM-1CGE) provides Gigabit Ethernet copper connectivity for access routers. The module is supported by the Cisco 2691, Cisco 3660, Cisco 3725, and Cisco 3745 series routers. This network module has one gigabit interface converter (GBIC) slot to carry any standard copper or optical Cisco GBIC.

PT-CLOUD-NM-1CX The PT-CLOUD-NM-1CX card features a single coaxial connector, which is used for a cable modem service connection.

PT-CLOUD-NM-1FFE The PT-CLOUD-NM-1FFE Module provides one Fast-Ethernet interface for use with fiber media. Ideal for a wide range of LAN applications, the Fast Ethernet network modules support many internetworking features and standards. Single port network modules offer autosensing 10/100BaseTX or 100BaseFX Ethernet.

PT-CLOUD-NM-1FGE The single-port Cisco Gigabit Ethernet Network Module (part number PT-CLOUD-NM-1FGE) provides Gigabit Ethernet optical connectivity for access routers. The module is supported by the Cisco 2691, Cisco 3660, Cisco 3725, and Cisco 3745 series routers. This network module has one gigabit interface converter (GBIC) slot to carry any standard copper or optical Cisco GBIC.

PT-CLOUD-NM-1S The PT-CLOUD-NM-1S provides a single port serial connection to remote sites or legacy serial network devices such as Synchronous Data Link Control (SDLC) concentrators, alarm systems, and packet over SONET (POS) devices.

 

DSL-Modem-PT

The DSL-Modem-PT provides one slot.

Device Name Thumbnail Description

PT-MODEM-NM-1CE The PT-MODEM-NM-1CE features a single Ethernet port that can connect a LAN backbone which can also support either six PRI connections to aggregate ISDN lines, or 24 synchronous/asynchronous ports.

PT-MODEM-NM-1CFE The PT-MODEM-NM-1CFE Module provides one Fast-Ethernet interface for use with copper media. Ideal for a wide range of LAN applications, the Fast Ethernet network modules support many internetworking features and standards. Single port network modules offer autosensing 10/100BaseTX or 100BaseFX Ethernet. The TX (copper) version supports virtual LAN (VLAN) deployment.

PT-MODEM-NM-1CGE The single-port Cisco Gigabit Ethernet Network Module (part number PT-MODEM-NM-1CGE) provides Gigabit Ethernet copper connectivity for access routers. The module is supported by the Cisco 2691, Cisco 3660, Cisco 3725, and Cisco 3745 series routers. This network module has one gigabit interface converter (GBIC) slot to carry any standard copper or optical Cisco GBIC.

 

Cable-Modem-PT

The Cable-Modem-PT provides one slot.

The Cable-Modem-PT supports the same modules that the DSL-Modem-PT supports.

 

ASA 5505

The ASA 5505 is from Cisco's line of network security devices.

It is a fixed-configuration that provides Ethernet connectivity. It has one available slot but it is currently not supported in this version of Packet Tracer.

Configuring Devices

As with real networks, the networks you make in Packet Tracer must be properly configured before they "work." For simple devices, this may just mean entering some fields (such as an IP address and subnet mask) or selecting options in a graphical configuration panel (accessed by the Config tab). Routers and switches, on the other hand, are advanced devices that can be configured with much more sophistication. Some of their settings can be configured in the Config tab, but most advanced configurations will need to be done through the Cisco IOS. This section explains the Config tab for all devices. You will also find the complete listing of supported IOS commands for routers and switches in this section.

 

Booting Sequence and IOS Image Loading in Routers and Switches

When a router or switch boots up, the booting sequence is displayed in the CLI tab of the Edit device dialog. The startup file is loaded if it is present, and the IOS image stored in Flash memory will be loaded into RAM for execution. While the model IOS image is loading, you cannot access the Config tab or enter any commands in the CLI tab. If there is no valid image stored in Flash memory or the image file instructed to load is not valid, the device will boot into ROM Monitor Mode. ROM Monitor Mode can also be entered using the break sequence (i.e., press Ctrl + Break or Ctrl + C) for the device in the first 60 seconds when it boots. Packet Tracer uses 10 seconds to give you faster access to the device. ROM Monitor Mode is a minimalist environment where you can manipulate files in the NVRAM and Flash memory, download IOS images via TFTP, and choose how the device is to be booted.

When the booting sequence and the IOS image loading has been completed, the logout mode is loaded so that you can press ENTER to start.

 

Logging IOS CommandsIf you enabled the IOS logging feature (found in Options > Preferences), you can keep track of all IOS commands you entered in a work session. Click the View button to bring up the IOS Command Log window.

The IOS Command Log window will keep track of all the IOS commands you entered in any given work session. You need to manually click the Update button to see your commands. You can export the log into a text file with the Export button (found in the Preferences window). The log clears any time you start a new workspace or open a file.

Configuring Routers

The Config tab offers four general levels of configuration: global, routing, switching (Cisco 1841 and Cisco 2811 only), and interface. To perform a global configuration, click the GLOBAL button to expand the Settings button (if it has not already been expanded). To configure routing, click the ROUTING button, and then choose Static or RIP. To configure switching, click the SWITCHING button to expand the VLAN Database button. To configure an interface, click the INTERFACE button to expand the list of interfaces, and then choose the interface. Note that the Config tab provides an alternative to the Cisco IOS CLI only for some simple, common features; to access the full set of router commands that have been modeled you must use the Cisco IOS CLI.

Throughout your configurations in the Config tab, the lower window will display the equivalent Cisco IOS commands for all your actions.

 

Global SettingsIn global settings, you can change the display name of the router as it appears on the workspace and the hostname as it appears in the Cisco IOS. You can also manipulate the router configurations files in these various ways: 

Erase the NVRAM (where the startup configuration is stored). Save the current running configuration to the NVRAM. Export the startup and running configuration to an external text file. Load an existing configuration file (in .txt format) into the startup configuration. Merge the current running configuration with another configuration file.

 

Algorithm SettingsIn the Algorithm Settings, you can override the global Algorithm Settings by removing the checkmark Global Settings and then set your own values for the Half-Open Session Multiplier, Maximum Number of Connections, Maximum Number of Opened Sessions, and Maximum Retransmission Timeout in Milliseconds. For the Cisco 1841 and Cisco 2811, you can also set the Storm Control Multiplier.

 

Routing ConfigurationYou can make static routes on the router by choosing the Static sub-panel. Each static route you add requires a network address, subnet mask, and next hop address.

You can enable RIP version 1 on specified networks by choosing the RIP sub-panel. Enter an IP address into the Network field and click the Add button. The RIP-enabled network is added to the Network Address list. You can disable RIP on a network by clicking the Remove button to remove it from the list.

 

VLAN Database Configuration (Cisco 1841 and Cisco 2811 only)The Cisco 1841 and 2811 routers support VLAN configuration. You can manage the VLANs on the router from the VLAN Database sub-panel. You can add VLANs by entering a name and a VLAN number and pressing the Add button. You can see all existing VLAN entries in the list below the button. You can remove a VLAN by selecting it in the list and then pressing the Remove button.

 

Interface ConfigurationA router can support a wide range of interfaces including serial, modem, copper Ethernet, and fiber Ethernet. Each interface type may have different configuration options, but in general, you can set the Port Status (on or off), IP Address, Subnet Mask, and Tx Ring Limit. For Ethernet interfaces, you can also set the MAC Address, Bandwidth, and Duplex setting. For serial interfaces, you can set the Clock Rate setting.

Routers: IOS

Packet Tracer uses a simplified model of the Cisco IOS. Click on the CLI tab in the router configuration window to access the Cisco IOS command line interface for the router. Use the Copy and Paste buttons to copy and paste text to and from the command line. This page lists the Cisco IOS command tree for Packet Tracer routers. For Cisco 1841 and 2811 routers with switching capabilities, refer to the "Switch IOS" page for additional commands. The tree contains only Cisco IOS command chains that are supported in Packet Tracer.

 

User Mode

<1-99> connect [ WORD ] disable disconnect <1-16> enable [ <0-15> | view [ WORD ] ] exit logout ping [ ip | ipv6 ] WORD resume [ <1-16> | WORD ] show

o arpo cdp

entry * [ protocol | version ] WORD [ protocol | version ]

interface Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] Serial <0-9>/<0-24>

neighbors [ detail ]o class-map [ WORD ]o clocko controllers

Ethernet <0-9>/<0-24> FastEthernet <0-9>/<0-24> GigabitEthernet <0-9>/<0-24> Serial <0-9>/<0-24> Serial <0-9> <0-24> <0-4294967295> Serial <0-9> <0-24> <0-4294967295> <16-1022>

o crypto key mypubkey rsao dot11 interfaceo flash:o frame-relay

lmi map pvc

<16-1022>

interface Serial <0-9>/<0-24> [ <16-1022> ] interface Serial <0-9>/<0-24> [ <16-1022> ] interface Serial <0-9> <0-24> <0-4294967295> interface Serial <0-9> <0-24> <0-4294967295> <16-1022>

o historyo hostso interfaces

Dot11Radio <0-9>/<0-24> Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ switchPort ] FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ switchPort ] GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ switchPort ] Loopback <0-2147483647> Serial <0-9>/<0-24> Serial <0-9> <0-24> <0-4294967295> Tunnel <0-2147483647> Virtual-Access <1-2> Virtual-Template <1-200> Vlan <1-1005> switchport trunk

o ip arp bgp [ neighbors | summary ] dhcp binding eigrp

interfaces [ <1-65535> ] neighbors [ <1-65535> ] topology

[ <1-65535> ] [ A.B.C.D A.B.C.D ]

[ A.B.C.D ][ A.B.C.D ] all-links

traffic [ <1-65535> ] interface

Dot11Radio <0-9>/<0-24>/<0-24> Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]

Loopback <0-2147483647> Serial <0-9>/<0-24> Tunnel <0-2147483647> Virtual-Access <1-2> Virtual-Template <1-200> Vlan <1-1005> brief nbar port-map nat translations ospf

<1-65535> <0-4294967295>

database interface

Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] Loopback <0-2147483647> Serial <0-9>/<0-24>

neighbor Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ][ detail ] FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ][ detail ] GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ][ detail ] Loopback <0-2147483647>[ detail ] Serial <0-9>/<0-24>[ detail ] detail

virtual-links A.B.C.D

database interface

Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] Loopback <0-2147483647> Serial <0-9>/<0-24>

neighbor Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ][ detail ] FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ][ detail ]

GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ][ detail ] Loopback <0-2147483647>[ detail ] Serial <0-9>/<0-24>[ detail ] detail

virtual-links border-routers database interface

Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] Loopback <0-2147483647> Serial <0-9>/<0-24>

neighbor Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ][ detail ] FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ][ detail ] GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ][ detail ] Loopback <0-2147483647>[ detail ] Serial <0-9>/<0-24>[ detail ] detail

virtual-links border-routers database interface

Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] Loopback <0-2147483647> Serial <0-9>/<0-24>

neighbor Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ][ detail ] FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ][ detail ] GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ][ detail ] Loopback <0-2147483647>[ detail ] Serial <0-9>/<0-24>[ detail ] detail

virtual-links

protocols rip database route [ WORD | bgp | connected | eigrp | ospf <1-65535> | rip | static ] ssh

o ipv6 access-list [ WORD ] eigrp

interfaces <1-65535> neighbors <1-65535> topology

<1-65535> X:X:X:X::X/<0-128> X:X:X:X::X/<0-128> all-links

traffic <1-65535> general-prefix interface

Ethernet <0-9>/<0-24>[.][<0-4294967295>] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Loopback <0-2147483647> Serial <0-9>/<0-24>[.][<0-4294967295>] Tunnel <0-2147483647> brief

neighbors Ethernet <0-9>/<0-24>[.][<0-4294967295>] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Loopback <0-2147483647> Serial <0-9>/<0-24>[.][<0-4294967295>] Vlan <1-1005>

ospf <1-65535>

<0-4294967295> database interface

Ethernet <0-9>/<0-24>[.][<0-4294967295>] FastEthernet <0-9>/<0-24>[.][<0-4294967295>]

GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Loopback <0-2147483647> Serial <0-9>/<0-24>[.][<0-4294967295>]

neighbor Ethernet <0-9>/<0-24>[.][<0-4294967295>][detail] FastEthernet <0-9>/<0-24>[.][<0-4294967295>][detail] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>][detail] Loopback <0-2147483647> [detail] Serial <0-9>/<0-24>[.][<0-4294967295>][detail] detail

A.B.C.D database interface

Ethernet <0-9>/<0-24>[.][<0-4294967295>] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Loopback <0-2147483647> Serial <0-9>/<0-24>[.][<0-4294967295>]

neighbor Ethernet <0-9>/<0-24>[.][<0-4294967295>][detail] FastEthernet <0-9>/<0-24>[.][<0-4294967295>][detail] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>][detail] Loopback <0-2147483647>[detail] Serial <0-9>/<0-24>[.][<0-4294967295>][detail] detail

border-routers database interface

Ethernet <0-9>/<0-24>[.][<0-4294967295>] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Loopback <0-2147483647> Serial <0-9>/<0-24>[.][<0-4294967295>]

neighbor Ethernet <0-9>/<0-24>[.][<0-4294967295>][detail] FastEthernet <0-9>/<0-24>[.][<0-4294967295>][detail] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>][detail] Loopback <0-2147483647> [detail]

Serial <0-9>/<0-24>[.][<0-4294967295>][detail] detail

border-routers database interface

Ethernet<0-9>/<0-24>[.][<0-4294967295>] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Loopback <0-2147483647> Serial <0-9>/<0-24>[.][<0-4294967295>]

neighbor Ethernet <0-9>/<0-24>[.][<0-4294967295>][detail] FastEthernet <0-9>/<0-24>[.][<0-4294967295>][detail] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>][detail] Loopback <0-2147483647> [detail] Serial <0-9>/<0-24>[.][<0-4294967295>][detail] detail

protocols rip database route ospf

o policy-map [ WORD | interface [ Ethernet <0-9> <0-24> <0-4294967295> | FastEthernet <0-9> <0-24> <0-4294967295> | GigabitEthernet <0-9> <0-24> <0-4294967295> | Serial <0-9> <0-24> | Serial <0-9> <0-24> <0-4294967295> ]

o privilegeo protocolso queue

Ethernet <0-9>/<0-24>[.][<0-4294967295>] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Serial <0-9>/<0-24>[.][<0-4294967295>]

o queueingo sessionso ssho tcp [brief]o terminalo userso versiono vlan-switch [ brief | id <1-1005> | name WORD ]o vtp

counters status

ssho -l WORD [ WORD | -v 1 WORD]o -l WORD [ WORD | -v 2 WORD]o -v 1 -l WORD WORDo -v 2 -l WORD WORD

telnet [ WORD ][<0-65535>] terminal history size <0-256> traceroute WORD

Enable Mode

<1-99> auto secure clear

o aaa local user user lockout [ all | username WORD ]o access-list counters [ <1-199> | <1300-2699> | WORD ]o arp-cacheo cdp tableo frame-relay [inarp | counter]o ip

bgp * nat translation * ospf process route [ * | A.B.C.D | A.B.C.D A.B.C.D ]

o ipv6 dhcp binding nat translation * neighbors

o line tty <2-90>o mac-address-table [ dynamic ]o vtp counters

clock set hh:mm:ss [ <1-31> MONTH <1993-2035> | MONTH <1-31> <1993-2035> ] configure [ terminal ] connect [ WORD ] copy

o flash:

ftp: running-config startup-config tftp:

o ftp: flash: running-config startup-config

o running-config flash: ftp startup-config tftp:

o startup-config flash: ftp running-config tftp:

o tftp: flash: running-config startup-config

debugo aaa authenticateiono crypto [ isakmp | ipsec ]o custom-queueo eigrp

fsm packets

o ephone registero frame-relay lmio ip

icmp inspect

detailed events function-trace object-creation

object-deletion protocol [ http | icmp | tcp | udp ] timers

nat ospf

adj events

packet rip [ events ] routing

o ipv6 inspect

detailed events function-trace icmp object-creation object-deletion tcp timers udp

ospf adj events

o ntp packetso ppp [ authenticateion | negotiation | packet ]

deleteo WORDo flash:

dir [ WORD | flash: | nvram: ] disable disconnect <1-16> enable [ <1-15> | view [ WORD ] ] erase startup-config exit logout mkdir [ WORD | flash: ] more file

noo debug

all aaa authenticateion crypto [ isakmp | ipsec ] custom-queue eigrp

fsm packets

ephone register frame-relay lmi ip

icmp inspect

detailed events function-trace object-creation object-deletion protocol [ http | icmp | tcp | udp ] timers

nat ospf

adj events

packet rip [ events ] routing

ipv6 inspect

detailed events function-trace icmp object-creation object-deletion tcp timers

udp ospf

adj events

ntp packets ppp [ authenticateion | negotiation | packet ]

ping [ WORD ]o [ Protocol ] [ Target IP address ] [ Repeat count ] [ Datagram size ] [ Timeout in seconds ] [ Extended commands ] [ Sweep range of

sizes ] reload resume [ <1-16> | WORD ] rmdir [ WORD | flash: ] setup show

o aaa local user lockout sessions user [ <1-4294967295> | all ]

o access-lists [ <1-999> | WORD ]o arpo cdp

entry * [ protocol | version ] WORD [ protocol | version ]

interfaces Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] Serial <0-9>/<0-24>

neighbors [ detail ]o class-map [ WORD ]o clocko controllers

Ethernet <0-9>/<0-24> FastEthernet <0-9>/<0-24> GigabitEthernet <0-9>/<0-24> Serial <0-9>/<0-24> Serial <0-9> <0-24> <0-4294967295>

o crypto isakmp [ policy | sa ] ipsec [ sa | transform-set ] map crypto key mypubkey rsa

o debuggingo dhcp leaseo dot11 interfaceo ephone [attempted-registrations]o file systemso flash:o frame-relay

lmi map pvc

<16-1022> interface Serial <0-9>/<0-24> [ <16-1022> ]

o historyo hostso interfaces

dot11Radio <0-9>/<0-24>/<0-24> Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ switchPort ] FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ switchPort ] GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ switchPort ] Loopback <0-2147483647> Serial <0-9>/<0-24> Serial <0-9> <0-24> <0-4294967295> Tunnel <0-2147483647> Virtual-Access <1-2> Virtual-Template <1-200> Vlan <1-1005> switchport trunk

o ip access-lists [ <1-199> | WORD ] arp bgp [ neighbors | summary ] dhcp binding

eigrp interfaces [ <1-65535> ] neighbors [ <1-65535> ] topology [ <1-65535> ] [ A.B.C.D A.B.C.D ]

all-links traffic [ <1-65535> ]

inspect all config interfaces name WORD sessions [ detail ] statistics

interface dot11Radio <0-9>/<0-24>/<0-24> Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] Loopback <0-2147483647> Serial <0-9>/<0-24> Serial <0-9> <0-24> <0-4294967295> Tunnel <0-2147483647> Virtual-Access <1-2> Virtual-Template <1-200> Vlan <1-1005> brief

ips all configuration signatures

count sigid WORD subid WORD

nat [translations | statistics] nbar port-map ospf

<1-65535> <0-4294967295>

database

interface Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] Loopback <0-2147483647> Serial <0-9>/<0-24>

neighbor [ detail ] Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ][ detail ] FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ][ detail ] GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ][ detail ] Loopback <0-2147483647>[ detail ] Serial <0-9>/<0-24>[ detail ]

virtual-links A.B.C.D

database interface

Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] Loopback <0-2147483647> Serial <0-9>/<0-24>

neighbor [ detail ] Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ][ detail ] FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ][ detail ] GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ][ detail ] Loopback <0-2147483647>[ detail ] Serial <0-9>/<0-24> [ detail ]

virtual-links border-routers database interface

Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] Loopback <0-2147483647> Serial <0-9>/<0-24>

neighbor [ detail ] Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ][ detail ]

FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ][ detail ] GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ][ detail ] Loopback <0-2147483647>[ detail ] Serial <0-9>/<0-24>[ detail ]

virtual-links border-routers database interface

Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] Loopback <0-2147483647> Serial <0-9>/<0-24>

neighbor [ detail ] Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ][ detail ] FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ][ detail ] GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ][ detail ] Loopback <0-2147483647>[ detail ] Serial <0-9>/<0-24>[ detail ]

virtual-links protocols rip database route [ WORD | bgp | connected | eigrp | ospf <1-65535> | rip | static ] ssh

o ipv6 access-list [ WORD ] dhcp [ binding | interface | pool ] eigrp

interfaces <1-65535> neighbors <1-65535> topology

<1-65535> X:X:X:X::X/<0-128>

X:X:X:X::X/<0-128> all-links traffic <1-65535>

general-prefix inspect

all config interfaces name [ WORD ] sessions [ detail ]

interface Ethernet <0-9>/<0-24>[.][<0-4294967295>] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Serial <0-9>/<0-24>[.][<0-4294967295>] Tunnel <0-2147483647> brief

nat statistics translations

neighbors Ethernet <0-9>/<0-24>[.][<0-4294967295>] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Loopback <0-2147483647>[detail] Serial <0-9>/<0-24>[.][<0-4294967295>]

ospf <1-65535>

<0-4294967295> database interface

Ethernet <0-9>/<0-24>[.][<0-4294967295>] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Loopback <0-2147483647> Serial <0-9>/<0-24>[.][<0-4294967295>]

neighbor Ethernet <0-9>/<0-24>[.][<0-4294967295>][detail] FastEthernet <0-9>/<0-24>[.][<0-4294967295>][detail] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>][detail] Loopback <0-2147483647>[detail] detail

A.B.C.D

database interface

Ethernet <0-9>/<0-24>[.][<0-4294967295>] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet<0-9>/<0-24>[.][<0-4294967295>] Loopback <0-2147483647> Serial <0-9>/<0-24>[.][<0-4294967295>]

neighbor Ethernet <0-9>/<0-24>[.][<0-4294967295>][detail] FastEthernet <0-9>/<0-24>[.][<0-4294967295>][detail] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>][detail] Loopback <0-2147483647>[detail] Serial <0-9>/<0-24>[.][<0-4294967295>][detail] detail

border-routers database interface

Ethernet <0-9>/<0-24>[.][<0-4294967295>] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Loopback <0-2147483647> Serial <0-9>/<0-24>[.][<0-4294967295>]

neighbor Ethernet <0-9>/<0-24>[.][<0-4294967295>][detail] FastEthernet <0-9>/<0-24>[.][<0-4294967295>][detail] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>][detail] Loopback <0-2147483647>[detail] Serial <0-9>/<0-24>[.][<0-4294967295>][detail] detail

protocols rip database route [ ospf ]

o lineo loggingo login [ failures ]o mac-address-table [ static ]o ntp statuso parser view

o policy-map WORD interface

Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] Serial <0-9>/<0-24> Serial <0-9> <0-24> <0-4294967295>

type inspect zone-pair sessionso privilegeo processeso protocolso queue

Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] Serial <0-9>/<0-24> Serial <0-9> <0-24> <0-4294967295>

o queueingo running-configo secure [ bootset ]o sessionso snmpo spanning-tree

active detail interface

FastEthernet <0-9>/<0-24>[portfast] Gigabit <0-9>/<0-24>[portfast] Port-channel <1-6> Vlan <1-4094>[portfast]

summary totals vlan <1-1005>

o ssho standby

FastEthernet <0-2>/<0-1>[brief] brief

o startup-config

o storm-control broadcasto tcp [ brief ]o tech-supporto terminalo userso versiono vlan-switch [ brief | id <1-1005> | name WORD ]o vtp

counters status

ssho -l WORD [ WORD | -v 1 WORD]o -l WORD [ WORD | -v 2 WORD]o -v 1 -l WORD WORDo -v 2 -l WORD WORD

terminal history size <0-256> telnet [ WORD ] traceroute [ WORD ]

o [ Protocol ] [ Target IP address ] [ Source address ] [ Numeric display ] [ Timeout in seconds ] [ Probe count ] [ Minimum Time to Live ] [ Maximum Time to Live ]

undebugo allo aaa authenticateiono crypto [ isakmp | ipsec ]o custom-queueo eigrp

fsm packets

o ip icmp inspect

detailed events function-trace object-creation object-deletion protocol [ http | icmp | tcp | udp ] timers

nat ospf

adj events

packet rip [ events ] routing

vlan database write [ erase | memory | terminal ]

Global Mode

aaao authenticateion

enable default enable group [ radius | tacacs+ ] local none

login [ WORD | default ] enable group [ radius | tacacs+ ] local

enable group [ radius | tacacs+ ] none [ group | local ]

ppp [ WORD | default ] enable group [ radius | tacacs+ ] local [ enable | group [ radius | tacacs+ ] | none ] none [ group [ radius | tacacs+ ] | local ]

authorization [ exec | network ] [ WORD | default ]

group [ radius | tacacs+ ] if-authenticateed local [ group [ radius | tacacs+ ] | if-authenticateed | none ] none [ group [ radius | tacacs+ ] | if-authenticateed | none ]

new-model

access-list (named ACL is under the "ip access-list" branch in Global Mode)o <1-99>

[ deny | permit ] [ A.B.C.D | any | host A.B.C.D ] [ deny | permit ] [ A.B.C.D A.B.C.D ] remark LINE

o <100-199> [ deny | permit ][ ahp | eigrp | esp | gre | ospf ][ A.B.C.D A.B.C.D | any | host A.B.C.D ][ A.B.C.D A.B.C.D | any | host

A.B.C.D ] [ deny | permit ] [ icmp ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ]

<0-256> echo echo-reply host-unreachable net-unreachable port-unreachable protocol-unreachable ttl-exceeded unreachable

[ deny | permit ] [ ip ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] dscp [ <0-63> | af11 |af12 |af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | cs1 | cs2 | cs3 | cs4 | cs5 |cs6 | cs7 |

default | ef ] precedence [ <0-7> | critical | flash | flash=override | immediate | internet | network | priority | routine ]

[ deny | permit ] [ tcp | udp ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | eq <0-65535> | host A.B.C.D | gt <0-65535> | lt <0-65535> | neq <0-65535> | range <0-65535> <0-65535> ] [ eq <0-65535> | gt <0-65535> | lt <0-65535> | neq <0-65535> | range <0-65535> <0-65535> ]

remark LINE banner

o motd LINEo login LINE

boot system [ flash ] WORD cdp run class-map [ type inspect ] [ match-all | match-any ] WORD clock timezone WORD <-23 - 23> [ <0-59> ] config-register WORD crypto

o dynamic-map WORD <1-65535> [ ipsec-isakmp ]o ipsec

security-association lifetime seconds <120-86400>

transform-set WORD [ ah-md5-hmac | ah-sha-hmac ] esp-3des [ esp-md5-hmac | esp-sha-hmac ] esp-aes [ 128 | 192 | 256 ] [ esp-md5-hmac | esp-sha-hmac ] esp-des [ esp-md5-hmac | esp-sha-hmac ] esp-md5-hmac esp-sha-hmac

o isakmp client configuration group WORD enable key WORD address A.B.C.D [ A.B.C.D ] policy <1-10000>

o key [ generate | zeroize ] rsao map WORD

<1-65535> [ ipsec-isakmp ] [dynamic WORD ] client [ authenticateion list WORD | configuration address respond ] isakmp authorization list WORD

do LINE enable

o password 7 WORD LINE level <1-15>

7 WORD LINE

o secret [ 0 | 5 ] LINE level <1-15>

[ 0 | 5 ] LINE end exit hostname WORD interface

o Dot11Radio <0-9>/<0-24>/<0-24>o Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]o FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]o GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]o Loopback <0-2147483647>o Serial <0-9>/<0-24> [ multipoint | point-to-point ]

o Tunnel <0-2147483647>o Virtual-Template <1-200>o Vlan <1-1005>o range

Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] Loopback <0-2147483647> Serial <0-9>/<0-24> [ multipoint | point-to-point ] Vlan <1-1005>

ipo access-list

extended <100-199> WORD

standard <1-99> WORD

o default-network A.B.C.Do dhcp

excluded-address A.B.C.D [ A.B.C.D ] pool WORD

o domain-lookupo domain-name WORDo host WORD [ <0-65535> | A.B.C.D ] [ A.B.C.D ] [ A.B.C.D ]o helper-address A.B.C.Do inspect

alert-off audit-trail dns-timeout <1-2147483> max-incomplete [ high | low ] <1-2147483647> name WORD [ http | icmp | tcp | telnet | udp ]

alert [ off | on ] audit-trail [ off | on ] timeout <5-43200>

one-minute [ high | low ] <1-2147483647> tcp [ finwait-time | idle-time | synwait-time ] <1-2147483> udp idle-time <1-2147483>

o ips config location [ WORD [ retries <1-5>] ] fail closed name WORD [ list [ <1-199> | WORD ] ] notify log signature-category signature-definition

o local pool WORD A.B.C.D A.B.C.Do name-server [A.B.C.D] [X:X:X:X::X]o nat

inside source list [ <1-199> | WORD ] interface [ Ethernet | FastEthernet | GigabitEthernet | Serial ] <0-9>/<0-24>[ . ][ <0-4294967295> ]

[ overload ] list [ <1-199> | WORD ] pool WORD [ overload ] static

A.B.C.D A.B.C.D tcp A.B.C.D <1-65535> A.B.C.D <1-65535> udp A.B.C.D <1-65535> A.B.C.D <1-65535>

outside source list [ <1-199> | WORD ] pool WORD static

A.B.C.D A.B.C.D tcp A.B.C.D <1-65535> A.B.C.D <1-65535> udp A.B.C.D <1-65535> A.B.C.D <1-65535>

pool WORD A.B.C.D A.B.C.D netmask A.B.C.Do route A.B.C.D A.B.C.D

A.B.C.D [ <1-255> ] Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ <1-255> ] FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ <1-255> ] GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ <1-255> ] Loopback <0-2147483647> [ <1-255> ] Serial <0-9>/<0-24> [ <1-255> ] Vlan <1-1005> [ <1-255> ]

o ssh authenticateion retries <0-5> time-out <1-120> version <1-2>

ipv6

o access-list WORDo dhcp pool WORDo general-prefix WORD X:X:X:X::X/<0-128>o host WORD

<0-65535> X:X:X:X::X [ X:X:X:X::X ] [ X:X:X:X::X ] X:X:X:X::X [ X:X:X:X::X ] [ X:X:X:X::X ]

o inspect alert-off audit-trail max-incomplete [ high | low ] <1-2147483647> name WORD [ icmp | tcp | udp ]

alert [ off | on ] audit-trail [ off | on ] timeout <5-43200>

one-minute [ high | low ] <1-2147483647> tcp

finwait-time <1-2147483> idle-time <1-2147483> synwait-time <1-2147483>

udp idle-time <1-2147483>o local pool WORD X:X:X:X::X/<0-128><0-128>o nat

prefix X:X:X:X::X/<0-128> v4v6

pool WORD X:X:X:X::X X:X:X:X::X prefix-length <1-128> source A.B.C.D X:X:X:X::X source list WORD [pool] WORD

v6v4 pool WORD A.B.C.D A.B.C.D prefix-length source X:X:X:X::X A.B.C.D source list WORD [ pool WORD | interface ] [ overload ]

o neighbor X:X:X:::X Ethernet <0-9>/<0-24>[.][<0-4294967295>] H.H.H FastEthernet <0-9>/<0-24>[.][<0-4294967295>] H.H.H GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] H.H.H Loopback <0-2147483647> H.H.H Serial <0-9>/<0-24> H.H.H Vlan <1-1005> H.H.H

o route X:X:X:X::X/<0-128> Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ <1-254> ] FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ <1-254> ] GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ <1-254> ] Loopback <0-2147483647> [ <1-254> ] Serial <0-9>/<0-24> [ <1-254> ] Vlan <1-1005> [ <1-254> ] X:X:X:X::X [ <1-254> ]

o router eigrp <1-65535> ospf <1-65535> rip WORD

o unicast-routing line

o <2-499> [<3-499>]o aux <0-0>o console <0-0>o tty <2-90> [<2-90>]o vty <0-15> [<0-15>]o x/y/z

loggingo A.B.C.Do buffered <4096-2147483647>o consoleo host A.B.C.Do ono trap [ debugging ]o userinfo

logino block-for <1-65535> attempts <1-65535> within <1-65535>o on-failure [ log | trap ]o on-success [ log | trap ]

mac-address-table static H.H.H interfaceo Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] vlan <1-1005>o FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] vlan <1-1005>o GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] vlan <1-1005>

noo aaa

authenticateion enable default

enable group [ radius | tacacs+ ] local none

authorization [ exec | network ] [ WORD | default ]

group [ radius | tacacs+ ] if-authenticateed local none

new-modelo access-list [ <1-99> | <100-199> ]o banner [login | motd]o boot system [ flash ] WORDo cdp runo class-map [ type inspect ] [ match-all | match-any ] WORDo clock timezoneo config-registero crypto

dynamic-map WORD <1-65535> [ ipsec-isakmp ] ipsec

security-association lifetime seconds <120-86400> transform-set WORD

isakmp client configuration group WORD key WORD address A.B.C.D [ A.B.C.D ] policy <1-10000>

map WORD <1-65535> [ ipsec-isakmp ] [dynamic WORD ] client [ authenticateion list WORD | configuration address respond ] isakmp authorization list WORD

o dot11 ssid LINEo enable

password 7 WORD level <1-15>

secret level <1-15>

o hostnameo interface

Dot11Radio <0-9>/<0-24>/<0-24> Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] Loopback <0-2147483647> Serial <0-9>/<0-24> Tunnel <0-2147483647> Virtual-Template <1-200> Vlan <1-1005>

o ip access-list

extended [ <100-199> | WORD ] standard [ <1-99> | WORD ]

default-network A.B.C.D dhcp

excluded-address A.B.C.D [ A.B.C.D ] pool WORD

domain-lookup domain-name host WORD [ <0-65535> ] [ A.B.C.D ] [ A.B.C.D ] [ A.B.C.D ] inspect

alert-off audit-trail dns-timeout <1-2147483> max-incomplete [ high | low ] <1-2147483647> name WORD [ http | icmp | tcp | telnet | udp ] one-minute [ high | low ] <1-2147483647> tcp [ finwait-time | idle-time | synwait-time ] <1-2147483> udp idle-time <1-2147483>

ips config location [ WORD [ retries <1-5>] ] fail closed name WORD [ list [ <1-199> | WORD ] ] notify log

signature-category local pool WORD A.B.C.D A.B.C.D name-server nat

inside source list [ <1-199> | WORD ] static

A.B.C.D A.B.C.D tcp A.B.C.D <1-65535> A.B.C.D <1-65535> udp A.B.C.D <1-65535> A.B.C.D <1-65535>

outside source list [ <1-199> | WORD ] pool WORD static

A.B.C.D A.B.C.D tcp A.B.C.D <1-65535> A.B.C.D <1-65535> udp A.B.C.D <1-65535> A.B.C.D <1-65535>

pool WORD route A.B.C.D A.B.C.D

<1-255> A.B.C.D [ <1-255> ] Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ <1-255> ] FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ <1-255> ] GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ <1-255> ] Loopback <0-2147483647> [ <1-255> ] Null <0-0> <1-255> Serial <0-9>/<0-24> [ <1-255> ] Vlan <1-1005> [ <1-255> ]

ssh version authenticateion-retries time-out version [ 1 | 2 ]

o ipv6 access-list WORD dhcp pool WORD general-prefix WORD X:X:X:X::X/<0-128> host WORD inspect

alert-off

audit-trail max-incomplete [ low | high ] name WORD [ icmp | tcp | udp ] one-minute [ high | low ] tcp [ finwait-time | idle-time | synwait-time ] udp idle-time

nat prefix X:X:X:X::X/<0-128> v4v6

pool WORD X:X:X:X::X X:X:X:X::X source A.B.C.D X:X:X:X::X source list WORD [pool] WORD

v6v4 pool WORD A.B.C.D A.B.C.D source X:X:X:X::X A.B.C.D

source list WORD pool WORD [ overload ] interface

Ethernet <0-9>/<0-24>[.][<0-4294967295>] [ overload ] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] [ overload ] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] [ overload ] Serial <0-9>/<0-24> [ overload ]

neighbor X:X:X:X::X Ethernet <0-9>/<0-24>[.][<0-4294967295>] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Loopback <0-2147483647> Serial <0-9>/<0-24> Vlan <1-1005>

route X:X:X:X::X/<0-128> <1-254> Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ <1-254> ] FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ <1-254> ] GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ <1-254> ] Loopback <0-2147483647> [ <1-254> ] Serial <0-9>/<0-24> [ <1-254> ] X:X:X:X::X [ <1-254> ]

router

eigrp <1-65535> ospf <1-65535> rip WORD

unicast-routingo logging

A.B.C.D buffered console host A.B.C.D on trap [ debugging ] userinfo

o login block-for on-failure [ log | trap ] on-succes [ log | trap ]

o mac-address-table static H.H.H int Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] vlan <1-1005> FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] vlan <1-1005> GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] vlan <1-1005>

o ntp authenticatee authenticateion-key <1-4294967295> server A.B.C.D trusted-key <1-4294967295> update-calendar

o parser view WORDo policy-map [ type inspect ] WORDo priority-list <1-16>

default protocol

ip [ high | low | medium | normal ] [ list <1-199> | tcp <0-65535> | udp <0-65535> ] ipv6 [ high | low | medium | normal ]

queue-limito privilege [ configure | exec | interface | line | router ] [ all ] [ level <0-15> ] LINEo queue-list <1-16>

default protocol

ip <0-16> list [ <1-199> | <1300-2699> ] tcp <0-65535> udp <0-65535>

ipv6 <0-16> queue <0-16>

byte-count <1-16777215> [ limit <0-32767> ] limit <0-32767> [ byte-count <1-16777215> ]

o radius-server host [ A.B.C.D ] [ auth-port <0-65535> ] [ key LINE ] key LINE

o router bgp <1-65535> eigrp <1-65535> ospf <1-65535> rip

o secure boot-config boot-image

o security passwords min-length <0-16>o service

nagle password-encryption timestamps [ debug | log ] datetime msec

o snmp-server [ community WORD [ ro | rw ] ]o spanning-tree

mode portfast default vlan <1-1005> [ priority | root ]

o tacacs-server host A.B.C.D

key LINE single-connection key LINE

key LINEo username WORDo vpdn enableo vpdn-group WORDo zone security WORD

o zone-pair security WORD source [ WORD | self ] destination [ WORD | self ] ntp

o authenticateeo authenticateion-key <1-4294967295> md5 WORD [ <0-4294967295> ]o server A.B.C.D [ key <0-4294967295> ]o trusted-key <1-4294967295>o update-calendar

parser view WORD policy-map [ type inspect ] WORD priority-list <1-16>

o default [ high | low | medium | normal ]o protocol

ip [ high | low | medium | normal ] [ list <1-199> | tcp <0-65535> | udp <0-65535> ] ipv6 [ high | low | medium | normal ]

o queue-limit <0-32767> <0-32767> <0-32767> <0-32767> privilege [ configure | exec | interface | line | router ] [ all ] [ level <0-15> | reset ] LINE queue-list <1-16>

o default <0-16>o protocol

ip <0-16> list [ <1-199> | <1300-2699> ] tcp <0-65535> udp <0-65535>

ipv6 <0-16>o queue <0-16>

byte-count <1-16777215> [ limit <0-32767> ] limit <0-32767> [ byte-count <1-16777215> ]

radius-servero host A.B.C.D [ auth-port <0-65535> ] [ key LINE ]o key LINE

routero bgp <1-65535>o eigrp <1-65535>o ospf <1-65535>o rip

secure [ boot-config | boot-image ] security passwords min-length <0-16> service

o nagleo password-encryptiono timestamps [ debug | log ] datetime msec

snmp-server community WORD [ ro | rw ] spanning-tree vlan <1-1005>

o priority <0-61440>o root [ primary | secondary ]

tacacs-servero host A.B.C.D

key LINE single-connection key LINE

o key LINE username WORD [ privilege <0-15> ]

o password 0 LINE 7 WORD LINE

o secret 0 LINE 5 WORD LINE

vpdn enable vpdn-group WORD zone security WORD zone-pair security WORD source [ WORD | self ] destination [ WORD | self ]

Standard Access List Configuration Mode

<1-2147483647>o deny

A.B.C.D [ A.B.C.D ] any host A.B.C.D

o permit A.B.C.D [ A.B.C.D ] any host A.B.C.D

o default

deny A.B.C.D [ A.B.C.D ] any host A.B.C.D

permit A.B.C.D [ A.B.C.D ] any host A.B.C.D

o deny A.B.C.D [ A.B.C.D ] any host A.B.C.D

o exito no

deny A.B.C.D [ A.B.C.D ] any host A.B.C.D

permit A.B.C.D [ A.B.C.D ] any host A.B.C.D

o permit A.B.C.D [ A.B.C.D ] any host A.B.C.D

o remark LINE

Extended Access List Configuration Mode

<1-2147483647>o deny

[ icmp | ip ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ tcp | udp ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | eq<0-65535> | host A.B.C.D | gt<0-65535> | lt

<0-65535> | neq<0-65535> | range<0-65535><0-65535> ]o permit

[ icmp | ip ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ tcp | udp ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | eq<0-65535> | host A.B.C.D | gt<0-65535> | lt

<0-65535> | neq<0-65535> | range<0-65535><0-65535> ] default

o [ deny | permit ] [ icmp | ip ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ]o [ deny | permit ] [ tcp | udp ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | eq <0-65535> | host A.B.C.D | gt

<0-65535> | lt <0-65535> | neq <0-65535> | range <0-65535> <0-65535> ] [ eq <0-65535> | gt <0-65535> | lt <0-65535> | neq <0-65535> | range <0-65535> <0-65535> ]

denyo [ icmp | ip ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ]o [ tcp | udp ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | eq <0-65535> | host A.B.C.D | gt <0-65535> | lt

<0-65535> | neq <0-65535> | range <0-65535> <0-65535> ] [ eq <0-65535> | gt <0-65535> | lt <0-65535> | neq <0-65535> | range <0-65535> <0-65535> ]

exit no

o [ deny | permit ] [ icmp | ip ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ]o [ deny | permit ] [ tcp | udp ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | eq <0-65535> | host A.B.C.D | gt

<0-65535> | lt <0-65535> | neq <0-65535> | range <0-65535> <0-65535> ] [ eq <0-65535> | gt <0-65535> | lt <0-65535> | neq <0-65535> | range <0-65535> <0-65535> ]

permito [ icmp | ip ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ]o [ tcp | udp ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | eq <0-65535> | host A.B.C.D | gt <0-65535> | lt

<0-65535> | neq <0-65535> | range <0-65535> <0-65535> ] [ eq <0-65535> | gt <0-65535> | lt <0-65535> | neq <0-65535> | range <0-65535> <0-65535> ]

remark LINE

Ethernet / FastEthernet / GigabitEthernet Interface Mode

arp timeout <0-2147483> bandwidth <1-10000000> cdp enable crypto map WORD custom-queue-list <1-16> delay <1-16777215> description LINE duplex [ auto | full | half ] exit fair-queue [ <16-4096> ] [ <16-4096> ] [ <0-1000> ] hold-queue <0-4096> out ip

o access-group [ <1-199> | WORD ] [ in | out ]o address

A.B.C.D A.B.C.D dhcp

o hello-interval eigrp <1-65535> <1-65535>o inspect WORD [ in | out ]o ips WORD [ in | out ]o mtu <68-1500>o nat [ inside | outside ]o ospf

authenticateion [ message-digest | null ] authenticateion-key [ <0-7> ] WORD cost <1-65535> dead-interval <1-65535> hello-interval <1-65535> message-digest-key <1-255> md5 LINE priority <0-255>

o proxy-arpo split-horizono summary-address eigrp <1-65535> A.B.C.D A.B.C.D [ <1-255> ]o virtual-reassembly

ipv6o address

WORD X:X:X:X::X/<0-128> X:X:X:X::X link-local X:X:X:X::X/<0-128> [ anycast | eui-64 ] autoconfig

o dhcp client pd WORD server WORD

o eigrp<1-65535>o enableo hello-interval eigrp<1-65535><1-65535>o inspect WORD [ in | out ]o mtu<1280-1500>o nat

prefix X:X:X:X::X/<0-128> [ v4-mapped ] [ WORD ]o nd

other-config-flag ra suppress

o ospf <1-65535> area area-id [ instance instance-id ] cost <1-65535> dead-interval <1-65535> hello-interval <1-65535> priority <0-255>

o rip WORD default-information originate enable

o summary-address eigrp <1-65535> X:X:X:X::X/<0-128> [ <1-255> ]o traffic-filter WORD [ in | out ]

mac-address H.H.H mtu <64-1600> no

o arp timeouto bandwidtho cdp enableo crypto map [ WORD ]o custom-queue-list <1-16>o delayo descriptiono duplexo fair-queue [ <16-4096> ] [ <16-4096> ] [ <0-1000> ]o hold-queue [ <0-4096> ] outo ip

access-group [ <1-199> | WORD ] [ in | out ] address [ dhcp ] hello-interval eigrp <1-65535> inspect WORD [ in | out ] ips WORD [ in | out ] mtu <68-1500> nat [ inside | outside ] ospf

authenticateion authenticateion-key cost

dead-interval hello-interval message-digest-key <1-255> priority

proxy-arp split-horizon summary-address eigrp <1-65535> A.B.C.D A.B.C.D [ <1-255> ] virtual-reassembly

o ipv6 address

autoconfig X:X:X:X::X/<0-128> [ anycast | eui-64 ] X:X:X:X::X link-local WORD

dhcp client pd WORD server WORD

eigrp <1-65535> enable hello-interval eigrp <1-65535> <1-65535> inspect WORD [ in | out ] mtu <1280-1500> nat

prefix X:X:X:X::X/<0-128> [ v4-mapped ] [ WORD ] nd ospf

<1-65535> area area-id [ instance instance-id ] cost <1-65535> dead-interval <1-65535> hello-interval <1-65535> network priority <0-255>

summary-address eigrp <1-65535> X:X:X:X::X/<0-128> [ <1-255> ] rip WORD

default-information originate enable

traffic-filter [ in | out ] WORDo

o mac-addresso mtuo pppoe enableo priority-groupo service-policy [ input | output ] WORDo shutdowno speedo tx-ring-limito zone-member security WORD

pppoe enable priority-group <1-16> service-policy [ input | output ] WORD shutdown speed [ 10 | 100 | 1000 | auto ] (10/100 options are only available for FastEthernet and GigabitEthernet interfaces and 10/100/1000 options are only

available for GigabitEthernet interfaces respectively) tx-ring-limit <1-32767> zone-member security WORD

Ethernet / FastEthernet / GigabitEthernet Sub-Interface Mode

arp timeoute <0-2147483> bandwidth <1-10000000> delay <1-16777215> description LINE encapsulation dot1q <1-1005> [ native ] exit ip

o access-group [ <1-99> | WORD ] [ in | out ]o address

A.B.C.D A.B.C.D dhcp

o hello-interval eigrp <1-65535> <1-65535>o helper-address A.B.C.Do mtu <68-1500>o nat [ inside | outside ]o ospf

authenticateion [ message-digest | null ] authenticateion [ <0-7> ] WORD

cost <1-65535> dead-interval <1-65535> hello-interval <1-65535> message-digest-key <1-255> md5 LINE priority <0-255>

o proxy-arpo split-horizono summary-address eigrp <1-65535> A.B.C.D A.B.C.D [ <1-255> ]

ipv6o address

WORD X:X:X:X::X/<0-128> X:X:X:X::X link-local X:X:X:X::X/<0-128> [ anycast | eui-64 ] autoconfig

o dhcp client pd WORD server WORD

o eigrp <1-65535>o enableo hello-interval eigrp <1-65535> <1-65535>o inspect WORD [ in | out ]o mtu <1280-1500>o nat prefix X:X:X:X::X/<0-128> [ v4-mapped WORD ]o nd [ other-config-flag | ra suppress ]o ospf

<1-65535> area [ [ <0-4294967295> | A.B.C.D ] instance <0-255> ] cost <1-65535> dead-interval <1-65535> hello-interval <1-65535> network [ broadcast | point-to-point ] priority <0-255>

o rip WORD [ default-information originate | enable ]o summary-address eigrp <1-65535> X:X:X:X::X/<0-128> <1-255>o traffic-filter WORD [ in | out ]

mtu <64-1600> no

o arp timeouto bandwidth

o delayo descriptiono encapsulation dot1Qo ip

access-group [ <1-199> | WORD ] [ in | out ] address [ dhcp ] hello-interval eigrp <1-65535> helper-address A.B.C.D mtu nat [ inside | outside ] ospf

authenticateion authenticateion-key cost dead-interval hello-interval message-digest-key <1-255> priority

proxy-arp split-horizon summary-address eigrp <1-65535> A.B.C.D A.B.C.D [ <1-255> ]

o ipv6 address

WORD X:X:X:X::X/<0-128> X:X:X:X::X link-local X:X:X:X::X/<0-128> [ anycast | eui-64 ] autoconfig

dhcp client pd WORD server WORD

eigrp <1-65535> enable hello-interval eigrp <1-65535> inspect WORD [ in | out ] mtu nat prefix X:X:X:X::X/<0-128> [ v4-mapped WORD ] nd [ other-config-flag | ra suppress ] ospf

<1-65535> area [ <0-4294967295> | A.B.C.D ] [ instance <0-255> ] cost dead-interval hello-interval network priority

rip WORD [ default-information originate | enable ] summary-address eigrp <1-65535> X:X:X:X::X/<0-128> <1-255> traffic-filter [ WORD [ in | out ] | [ in | out ] ]

o mtuo shutdowno standby

<0-4095> FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Serial <0-9>/<0-24>[.][<0-4294967295>] ip A.B.C.D ipv6 preempt priority track

FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Serial <0-9>/<0-24>[.][<0-4294967295>]

preempt priority track

FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Serial <0-9>/<0-24>[.][<0-4294967295>]

shutdown standby

o <0-4095> ip A.B.C.D ipv6 autoconfig preempt priority <0-255> track

FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Serial <0-9>/<0-24>[.][<0-4294967295>]

o ip A.B.C.Do ipv6 autoconfigo preempto priority <0-255>o timers <1-254>o track

FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Serial <0-9>/<0-24>[.][<0-4294967295>]

Serial Interface Mode

bandwidth <1-10000000> cdp enable clock rate <1200-4000000> crypto map WORD custom-queue-list <1-16> delay <1-16777215> description LINE encapsulation

o hdlco pppo frame-relay [ ietf ]

exit fair-queue [ <1-4096> ] [ <16-4096> ] [ <0-1000> ] frame-relay

o interface-dlci <16-1007>o lmi-type [ ansi | cisco | q933a ]o map

ip A.B.C.D <16-1007> broadcast [ cisco | ietf ] cisco [ broadcast ] ietf [ broadcast ]

ipv6 X:X:X:X::X <16-1007> broadcast [ cisco | ietf ]

cisco [ broadcast ] ietf [ broadcast ]

hold-queue <0-4096> out ip

o access-group [ <1-199> | WORD ] [ in | out ]o address A.B.C.D A.B.C.Do hello-interval eigrp <1-65535> <1-65535>o inspect WORD [ in | out ]o ips WORD [ in | out ]o mtu <68-1500>o nat [ inside | outside ]o ospf

authenticateion [ message-digest | null ] authenticateion-key [ <0-7> ] WORD cost <1-65535> dead-interval <1-65535> hello-interval <1-65535> message-digest-key <1-255> md5 LINE network [ broadcast | point-to-point ] priority <0-255>

o split-horizono summary-address eigrp <1-65535> A.B.C.D A.B.C.D [ <1-255> ]o virtual-reassembly

ipv6o address

WORD X:X:X:X::X/<0-128> X:X:X:X::X link-local X:X:X:X::X/<0-128> [ anycast | eui-64 ] autoconfig

o dhcp client pd WORD server WORD

o eigrp <1-65535>o enableo hello-interval eigrp <1-65535> <1-65535>o inspect WORD [ in | out ]o mtu <1280-1500>o nat prefix X:X:X:X::X/<0-128> [ v4-mapped WORD ]

o nd [ other-config-flag | ra suppress ]o ospf

<1-65535> area [ <0-4294967295> | A.B.C.D ] [ instance <0-255> ] cost <1-65535> dead-interval <1-65535> hello-interval <1-65535> network [ broadcast | point-to-point ] priority <0-255>

o rip WORD [ default-information originate | enable ]o summary-address eigrp <1-65535> X:X:X:X::X/<0-128> [ <1-255> ]o traffic-filter WORD [ in | out ]

keepalive <0-30> mtu <64-17940> no

o bandwidth <1-10000000>o cdp enableo clock rateo crypto map [ WORD ]o custom-queue-list <1-16>o delayo descriptiono encapsulationo fair-queue [ <1-4096> ] [ <16-4096> ] [ <0-1000> ]o frame-relay

interface-dlci <16-1007> lmi-type [ ansi | cisco | q933a ] map [ ip A.B.C.D | ipv6 X:X:X:X::X ]

o hold-queue [ <0-4096> ] outo ip

access-group [ <1-199> | WORD ] [ in | out ] address [ dhcp ] hello-interval eigrp <1-65535> helper-address A.B.C.D inspect WORD [ in | out ] ips WORD [ in | out ] mtu <68-1500> nat [ inside | outside ] ospf

authenticateion authenticateion-key cost dead-interval hello-interval message-digest-key <1-255> network priority

split-horizon summary-address eigrp <1-65535> A.B.C.D A.B.C.D [ <1-255> ] virtual-reassembly

o ipv6 address

WORD X:X:X:X::X/<0-128> X:X:X:X::X link-local X:X:X:X::X/<0-128> [ anycast | eui-64 ]

dhcp client pd WORD server WORD

eigrp <1-65535> enable hello-interval eigrp <1-65535> inspect WORD [ in | out ] mtu nat [ prefix X:X:X:X::X/<0-128> ] [ v4-mapped WORD ] nd [ other-config-flag | ra suppress ] ospf

<1-65535> area [ <0-4294967295> | A.B.C.D ] [ instance <0-255> ] cost dead-interval hello-interval network priority

rip WORD [ default-information originate | enable ] summary-address eigrp <1-65535> X:X:X:X::X/<0-128> [ <1-255> ] traffic-filter [ WORD ] [ in | out ]

o keepaliveo mtu

o ppp authenticateion pap sent-username

o priority-group <1-16>o service-policy [ input | output ] WORDo shutdowno speedo tx-ring-limito zone-member security WORD

pppo authenticateion chap [ pap ]o authenticateion pap [ chap ]o pap sent-username WORD password [ 0 LINE | LINE ]

priority-group <1-16> service-policy [ input | output ] WORD shutdown tx-ring-limit <1-32767> zone-member security WORD

Tunnel Interface Mode

exit ip address A.B.C.D A.B.C.D ipv6

o address WORD X:X:X:X::X/<0-128> X:X:X:X::X link-local X:X:X:X::X/<0-128> [ anycast | eui-64 ] autoconfig

o eigrp <1-65535>o enableo enableo hello-interval eigrp <1-65535>o nd ra suppresso ospf

<1-65535> area [ 0-4294967295 | A.B.C.D ] [ instance <0-255> ] cost <1-65535> dead-interval <1-65535>

hello-interval <1-65535> network [ broadcast | point-to-point ] priority <0-255>

o rip WORD [ default-information originate | enable ]o summary-address eigrp <1-65535> X:X:X:X::X/<0-128> [ <1-255> ]

noo ip address [ A.B.C.D A.B.C.D ]o ipv6

address WORD X:X:X:X::X/<0-128> X:X:X:X::X link-local X:X:X:X::X/<0-128> [ anycast | eui-64 ] autoconfig

eigrp <1-65535> enable hello-interval eigrp <1-65535> nd ra suppress ospf

<1-65535> area [ <0-4294967295> | A.B.C.D ] [ instance <0-255> cost dead-interval hello-interval network priority

rip WORD [ default-information originate | enable ] summary-address eigrp <1-65535> X:X:X:X::X/<0-128> [ <1-255> ]

o shutdowno tunnel [ destination | mode | source ]

shutdown tunnel

o destination A.B.C.Do mode [ gre ip | ipv6ip isatap ]o source

Ethernet <0-9>/<0-24>[.][ <0-4294967295> ] FastEthernet <0-9>/<0-24>[.][ <0-4294967295> ] GigabitEthernet <0-9>/<0-24>[.][ <0-4294967295> ] Loopback <0-2147483647>

Serial <0-9>/<0-24>

VLAN Interface Mode

arp timeout <0-2147483> bandwidth <1-10000000> delay <1-16777215> description LINE exit ip

o access-group [ <1-199> | WORD ] [ in | out ]o address

A.B.C.D A.B.C.D dhcp

o hello-interval eigrp <1-65535> <1-65535>o helper-address A.B.C.Do nat [ inside | outside ]o ospf

authenticateion [ message-digest | null ] authenticateion-key [ <0-7> ] WORD cost <1-65535> dead-interval <1-65535> hello-interval <1-65535> message-digest-key <1-255> md5 LINE priority <0-255>

o proxy-arpo split-horizono summary-address eigrp <1-65535> A.B.C.D A.B.C.D [ <1-255> ]

ipv6o address

WORD X:X:X:X::X/<0-128> X:X:X:X::X link-local X:X:X:X::X/<0-128> [ anycast | eui-64 ] autoconfig

o dhcp client pd WORD server WORD

o eigrp <1-65535>

o enableo hello-interval eigrp <1-65535> <1-65535>o inspect WORD [ in | out ]o mtu <1280-1500>o nat prefix [ X:X:X:X::X/<0-128> ] [ v4-mapped WORD ]o nd [ other-config-flag | ra suppress ]o ospf

<1-65535> area [ <0-4294967295> | A.B.C.D ] [ instance <0-255> ] cost <1-65535> dead-interval <1-65535> hello-interval <1-65535> network [ broadcast | point-to-point ] priority <0-255>

o rip WORD [ default-information originate | enable ]o summary-address eigrp <1-65535> X:X:X:X::X/<0-128> [ <1-255> ]o traffic-filter WORD [ in | out ]

noo arp timeouto bandwidtho delayo descriptiono ip

access-group [ <1-199> | WORD ] [ in | out ] address [ dhcp ] hello-interval eigrp <1-65535> helper-address A.B.C.D nat [ inside | outside ] ospf

authenticateion authenticateion-key cost dead-interval hello-interval message-digest-key <1-255> priority

proxy-arp split-horizon summary-address eigrp <1-65535> A.B.C.D A.B.C.D [ <1-255> ]

o ipv6 address

WORD X:X:X:X::X/<0-128> X:X:X:X::X link-local X:X:X:X::X/<0-128> [ anycast | eui-64 ] autoconfig

dhcp client pd WORD server WORD

eigrp <1-65535> enable hello-interval eigrp <1-65535> mtu <1280-1500> nat prefix [ X:X:X:X::X/<0-128> ] [ v4-mapped WORD ] nd [ other-config-flag | ra suppress ] ospf

<1-65535> area [ <0-4294967295> | A.B.C.D ] [ instance <0-255> ] cost dead-interval hello-interval network priority

rip WORD [ default-information originate | enable ] summary-address eigrp <1-65535> X:X:X:X::X/<0-128> [ <1-255> ] traffic-filter [ WORD ] [ in | out ]

o shutdowno standby

<0-4095> FastEthernet <0-9>/<0-24>[.][ <0-4294967295> ] GigabitEthernet <0-9>/<0-24>[.][ <0-4294967295> ] Serial <0-9>/<0-24>[.][ <0-4294967295> ] ip A.B.C.D ipv6 preempt priority track

FastEthernet <0-9>/<0-24>[.][ <0-4294967295> ] GigabitEthernet <0-9>/<0-24>[.][ <0-4294967295> ]

Serial <0-9>/<0-24>[.][ <0-4294967295> ] preempt priority track

FastEthernet <0-9>/<0-24>[.][ <0-4294967295> ] GigabitEthernet <0-9>/<0-24>[.][ <0-4294967295> ] Serial <0-9>/<0-24>[.][ <0-4294967295> ]

shutdown standby

o <0-4095> ip A.B.C.D ipv6 autoconfig preempt priority <0-255> track

FastEthernet <0-9>/<0-24>[.][ <0-4294967295> ] GigabitEthernet <0-9>/<0-24>[.][ <0-4294967295> ] Serial <0-9>/<0-24>[.][ <0-4294967295> ]

ip A.B.C.D ipv6 autoconfig preempt priority <0-255> timers <1-254> track

FastEthernet <0-9>/<0-24>[.][ <0-4294967295> ] GigabitEthernet <0-9>/<0-24>[.][ <0-4294967295> ] Serial <0-9>/<0-24>[.][ <0-4294967295> ]

VLAN Configuration Mode

exit no

o vlan <1-1005>o vtp

client password transparent v2-mode

vlan <1-1005> [ name ] [ WORD ] vtp

o cliento domain WORDo password WORDo servero transparento v2-mode

Line Configuration Mode

access-class [ <1-199> | <1300-2699> | WORD ] [ in | out ] databits [ 5 | 6 | 7 | 8 ] default [ databits | flowcontrol | history size | parity | speed | stopbits ] exit exec-timeout <0-35791> [ <0-2147483> ] flowcontrol [ NONE | hardware | software ] history size <0-256> ipv6 access-class WORD [ in | out ] logging synchronous login

o authenticateion [ WORD | default ]o local

motd-banner no

o [ access-class [ <1-199> | <1300-2699> | WORD ] [ in | out ] | databits | flowcontrol | history size | login | motd-banner | parity | password | session-limit | speed | stopbits ]

o databitso exec-timeouto flowcontrolo history sizeo ipv6 access-class WORD [ in | out ]o logging synchronouso motd-bannero parityo passwordo privilege levelo session-limit

o speedo stopbitso transport output

parity [ even | mark | none | odd | space ] password [ 7 WORD | LINE ] privilege level <0-15> session-limit <0-4294967295> speed <0-4294967295> stopbits [ 1 | 1.5 | 2 ] transport output [ all | none | ssh | telnet ]

Class-Map Configuration Mode

description LINE exit match

o access-group <1-2699> name WORD

o anyo class-map WORDo cos <0-7>o destination-address mac H.H.Ho input-interface

Ethernet <0-9>/<0-24>[.][ <0-4294967295> ] FastEthernet <0-9>/<0-24>[.][ <0-4294967295> ] GigabitEthernet <0-9>/<0-24>[.][ <0-4294967295> ] Loopback <0-2147483647> Serial <0-9>/<0-24>

o ip dscp [ <0-63> | af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7 |

default | ef ] precedence [ <0-7> | critical | flash | flash-override | immediate | internet | network | priority | routine ]

o not access-group

<1-2699> name WORD

class-map WORD

cos <0-7> destination-address mac H.H.H input-interface

Ethernet <0-9>/<0-24>[.][<0-4294967295>] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Loopback <0-2147483647> Serial <0-9>/<0-24>

ip dscp [ <0-63> | af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7

| default | ef ] precedence [ <0-7> | critical | flash | flash-override | immediate | internet | network | priority | routine ]

precedence [ <0-7> | critical | flash | flash-override | immediate | internet | network | priority | routine ] protocol [ arp | bgp | cdp | dhcp | dns | eigrp | ftp | gre | h323 | http | icmp | ip | ipsec | ipv6 | ntp | ospf | pop3 | rip | rtp | skinny |

smtp | snmp | ssh | syslog | tcp | telnet | tftp | udp ] qos-group <0-1023>

o precedence [ <0-7> | critical | flash | flash-override | immediate | internet | network | priority | routine ]o protocol

arp bgp cdp dhcp dns eigrp ftp gre h323 http [ host WORD | mime WORD | url WORD ] icmp ip ipsec ipv6 ntp ospf pop3 rip rtp skinny

smtp snmp ssh syslog tcp telnet tftp udp

o qos-group <0-1023> no

o description [ LINE ]o match

access-group <1-2699> name WORD

any class-map WORD cos <0-7> destination-address mac H.H.H input-interface

Ethernet <0-9>/<0-24>[.][<0-4294967295>] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Loopback <0-2147483647> Serial <0-9>/<0-24>

ip dscp [ <0-63> | af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7

| default | ef ] precedence [ <0-7> | critical | flash | flash-override | immediate | internet | network | priority | routine ]

not access-group

<1-2699> name WORD

class-map WORD cos <0-7> destination-address mac H.H.H input-interface

Ethernet <0-9>/<0-24>[.][<0-4294967295>

FastEthernet <0-9>/<0-24>[.][<0-4294967295> GigabitEthernet <0-9>/<0-24>[.][<0-4294967295> Loopback <0-2147483647> Serial <0-9>/<0-24>

ip dscp [ <0-63> | af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | cs1 | cs2 | cs3 | cs4 | cs5 | cs6 |

cs7 | default | ef ] precedence [ <0-7> | critical | flash | flash-override | immediate | internet | network | priority | routine ]

precedence [ <0-7> | critical | flash | flash-override | immediate | internet | network | priority | routine ] protocol

arp bgp cdp dhcp dns eigrp ftp gre h323 http [ host WORD | mime WORD | url WORD ] icmp ip ipsec ipv6 ntp ospf pop3 rip rtp skinny smtp snmp ssh syslog tcp telnet tftp udp

qos-group <0-1023> precedence [ <0-7> | critical | flash | flash-override | immediate | internet | network | priority | routine ] protocol [ arp | bgp | cdp | dhcp | dns | eigrp | ftp | gre | h323 | http | icmp | ip | ipsec | ipv6 | ntp | ospf | pop3 | rip | rtp | skinny |

smtp | snmp | ssh | syslog | tcp | telnet | tftp | udp ] qos-group <0-1023>

Zone Security Configuration Mode

exit

Zone-Pair Security Configuration Mode

exit no

o service-policy type inspect WORD service-policy type inspect WORD

Crypto Map Configuration Mode

description LINE exit match address [ <100-199> | WORD ] no

o description LINEo match addresso set

peer A.B.C.D pfs [ group1 | group2 | group5 ] security-association lifetime seconds transform-set

seto peer A.B.C.Do pfs [ group1 | group2 | group5 ]o security-association lifetime seconds <120-86400>o transform-set WORD [ WORD ] [ WORD ] [ WORD ] [ WORD ] [ WORD ]

ISAKMP Configuration Mode

authenticateion pre-share

encryption [ 3des | aes [ 128 | 192 | 256 ] | des ] exit group [ 1 | 2 | 5 ] hash [ md5 | sha ] lifetime <60-86400> no

o authenticateion pre-shareo encryption [ 3des | aes [ 128 | 192 | 256 ] | des ]o group [ 1 | 2 | 5 ]o hash [ md5 | sha ]o lifetime <60-86400>

IPS Signature Category Configuration Mode

category [ all | ios_ips basic ] exit no

o category [ all | ios_ips basic ]

IPS Signature Category Action Configuration Mode

exit no

o retired [ false | true ] retired [ false | true ]

IPS Signature Definition Configuration Mode

exit retired <1-65535> [ <0-65535> ]

IPS Signature Definition Sig Configuration Mode

engine exit status

IPS Signature Definition Sig Engine Configuration Mode

event-action [ deny-packet-inline | produce-alert ] exit no

o event-action [ deny-packet-inline | produce-alert ]

IPS Signature Definition Sig Status Configuration Mode

enabled [ false | true ] exit no

o enabled [ false | true ]o retired [ false | true ]

retired [ false | true ]

Parser View Configuration Mode

commands [ configure | exec | interface | line | router ] include [ all ] LINE default

o commands [ configure | exec | interface | line | router ] include [ all ] LINEo secret

exit no

o commands [ configure | exec | interface | line | router ] include [ all ] LINEo secret

secret [ 0 | 5 ] LINE

Router Bgp Mode

bgpo log-neighbor-changeso redistribute-internalo router-id A.B.C.D

exit neighbor

o A.B.C.D next-hop-selfo A.B.C.D remote-as <1-65535>

networko A.B.C.D mask A.B.C.D

noo bgp

log-neighbor-changes redistribute-internal router-id A.B.C.D

o neighbor A.B.C.D next-hop-self A.B.C.D remote-as <1-65535>

o network [ A.B.C.D mask A.B.C.D ]o redistribute

connected eigrp <1-65535> ospf <1-65535>

match external internal nssa-external

static synchronization timers bgp <0-65535> <0-65535>

redistributeo connectedo eigrp <1-65535>o ospf <1-65535>

match external internal nssa-external

statico synchronizationo timers <0-65535> <0-65535>

Router EIGRP Mode

auto-summary distance eigrp <1-255> <1-255> exit metric weights <0-8> <0-256> <0-256> <0-256> <0-256>

network A.B.C.D [ A.B.C.D ] no

o auto-summaryo distance eigrpo metric weightso network A.B.C.D [ A.B.C.D ]o redistribute

bgp <1-65535> [ metric <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ] connected [ metric <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ] eigrp <1-65535> [ metric <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ] metric [ <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ] ospf <1-65535> [ match { external [ 1 | 2 ] internal | nssa-external } ] [ metric <1-4294967295> ] [ <0-4294967295> <0-255>

<1-255> <1-65535> ] rip [ metric <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ] static [ metric <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ]

o passive-interface Ethernet <0-9>/<0-24>[.][ <0-4294967295> ] FastEthernet <0-9>/<0-24>[.][ <0-4294967295> ] GigabitEthernet <0-9>/<0-24>[.][ <0-4294967295> ] Loopback <0-2147483647> Serial <0-9>/<0-24> Vlan <1-1005> default

o variance passive-interface

o Ethernet <0-9>/<0-24>[.][ <0-4294967295> ]o FastEthernet <0-9>/<0-24>[.][ <0-4294967295> ]o GigabitEthernet <0-9>/<0-24>[.][ <0-4294967295> ]o Loopback <0-2147483647>o Serial <0-9>/<0-24>o default

redistributeo bgp <1-65535> [ metric <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ]o connected [ metric <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ]o eigrp <1-65535> [ metric <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ]o metric [ <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ]o ospf <1-65535> [ match { external [ 1 | 2 ] internal | nssa-external } ] [ metric <1-4294967295> ] [ <0-4294967295> <0-255> <1-

255> <1-65535> ]

o rip [ metric <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ]o static [ metric <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ]

variance <1-128>

IPv6 Router EIGRP Mode

exit metric weights <0-8> <0-255> <0-255> <0-255> <0-255> no

o metric weights <0-8> <0-255> <0-255> <0-255> <0-255>o redistribute

bgp <1-65535> [ metric <1-4294967295> [ <0-4294967295> <0-255> <1-255> <1-65535> ] ] connected [ metric <1-4294967295> [ <0-4294967295> <0-255> <1-255> <1-65535> ] ] eigrp <1-65535> [ metric <1-4294967295> [ <0-4294967295> <0-255> <1-255> <1-65535> ] ] ospf <1-65535> [ match { external [ 1 | 2 ] | internal | nssa-external } ] [ metric bandwidth delay reliability effective BW MTU ] rip WORD [ metric <1-4294967295> [ <0-4294967295> <0-255> <1-255> <1-65535> ] ] static [ metric <1-4294967295> [ <0-4294967295> <0-255> <1-255> <1-65535> ] ]

redistributeo bgp <1-65535> [ metric <1-4294967295> [ <0-4294967295> <0-255> <1-255> <1-65535> ] ]o connected [ metric <1-4294967295> [ <0-4294967295> <0-255> <1-255> <1-65535> ] ]o eigrp <1-65535> [ metric <1-4294967295> [ <0-4294967295> <0-255> <1-255> <1-65535> ] ]o ospf <1-65535> [ match { external [ 1 | 2 ] | internal | nssa-external } ] [ metric bandwidth delay reliability effective BW MTU ]o rip WORD [ metric <1-4294967295> [ <0-4294967295> <0-255> <1-255> <1-65535> ] ]o static [ metric <1-4294967295> [ <0-4294967295> <0-255> <1-255> <1-65535> ] ]

router-id A.B.C.D metric weights <0-8> <0-255> <0-255> <0-255> <0-255> shutdown

Router OSPF Mode

areao [ <0-4294967295> | A.B.C.D ]

authenticate message-digest default-cost <0-16777215> nssa no-summary stub no-summary virtual-link A.B.C.D

default-information originate

distance <1-255> exit log-adjacency-changes [ detail ] network A.B.C.D A.B.C.D area [ <0-4294967295> | A.B.C.D ] no

o area [ <0-4294967295> | A.B.C.D ]

authenticate message-digest default-cost <0-16777215> nssa no-summary stub no-summary virtual-link A.B.C.D

o default-information originateo distance <1-255>o log-adjacency-changes [ detail ]o network A.B.C.D A.B.C.D area [ <0-4294967295> | A.B.C.D ]o redistribute

bgp <1-65535> [ metric <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ] connected [ metric <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ] eigrp <1-65535> [ metric <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ] metric [ <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ] ospf <1-65535> [ match { external [ 1 | 2 ] internal | nssa-external } ] [ metric <1-4294967295> ] [ <0-4294967295> <0-255>

<1-255> <1-65535> ] rip [ metric <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ] static [ metric <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ]

o passive-interface Ethernet <0-9>/<0-24>[.][<0-4294967295>] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Loopback <0-2147483647> Serial <0-9>/<0-24> Vlan <1-1005< default

o router-id passive-interface

o Ethernet <0-9>/<0-24>[.][<0-4294967295>]o FastEthernet <0-9>/<0-24>[.][<0-4294967295>]o GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>]

o Loopback <0-2147483647>o Serial <0-9>/<0-24>o Vlan <1-1005<o default

redistributeo bgp <1-65535> [ metric <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ]o connected [ metric <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ]o eigrp <1-65535> [ metric <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ]o metric [ <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ]o ospf <1-65535> [ match { external [ 1 | 2 ] internal | nssa-external } ] [ metric <1-4294967295> ] [ <0-4294967295> <0-255> <1-

255> <1-65535> ]o rip [ metric <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ]o static [ metric <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ]

router-id A.B.C.D

IPv6 Router Ospf Mode

area area-ido default-cost <0-16777215>o nssa [ no-summary ]o stub [ no-summary ]o virtual-link A.B.C.D

distance <1-254> exit log-adjacency-changes [ detail ] no

o area area-id default-cost <0-16777215> nssa [ no-summary ] stub [ no-summary ] virtual-link A.B.C.D

o distance <1-254>o log-adjacency-changes [ detail ]o passive-interface

Ethernet <0-9>/<0-24>[.][<0-4294967295>] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Loopback <0-2147483647>

Serial <0-9>/<0-24> default

o redistribute bgp <1-65535> [ metric <0-16777214> | subnets | tag <0-4294967295> ] connected [ metric <0-16777214> | subnets | tag <0-4294967295> ] eigrp [ metric <0-16777214> | subnets | tag <0-4294967295> ] metric <0-16777214> ospf <1-65535> [ match { external [ 1 | 2 ] | internal | nssa-external } ] [ metric <0-16777214> | subnets | tag <0-4294967295> ] rip WORD [ metric <0-16777214> | subnets | tag <0-4294967295> ] static [ metric <0-16777214> | subnets | tag <0-4294967295> ]

o router-id passive-interface

o Ethernet <0-9>/<0-24>[.][<0-4294967295>]o FastEthernet <0-9>/<0-24>[.][<0-4294967295>]o GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>]o Loopback <0-2147483647>o Serial <0-9>/<0-24>o default

redistributeo bgp <1-65535> [ metric <0-16777214> | subnets | tag <0-4294967295> ]o connected [ metric <0-16777214> | subnets | tag <0-4294967295> ]o eigrp [ metric <0-16777214> | subnets | tag <0-4294967295> ]o metric <0-16777214>o ospf <1-65535> [ match { external [ 1 | 2 ] | internal | nssa-external } ] [ metric <0-16777214> | subnets | tag <0-4294967295> ]o rip WORD [ metric <0-16777214> | subnets | tag <0-4294967295> ]o static [ metric <0-16777214> | subnets | tag <0-4294967295> ]

router-id A.B.C.D

Router RIP Mode

auto-summary default-information originate distance <1-255> exit network A.B.C.D no

o auto-summaryo default-information

o distance <1-255>o network A.B.C.Do passive-interface

Ethernet <0-9>/<0-24>[.][<0-4294967295>] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Loopback <0-2147483647> Serial <0-9>/<0-24> Vlan <1-1005> default

o redistribute connected [ metric [ <0-16> | transparent ] ] eigrp <1-65535> [ metric [ <0-16> | transparent ] ] metric [ <0-16> | transparent ] ospf <1-65535> [ match { external [ 1 | 2 ] | internal | nssa-external } ] [ metric default-metric ] rip [ metric [ <0-16> | transparent ] ] static [ metric [ <0-16> | transparent ] ]

o timers basico versions <1-2>

passive-interfaceo Ethernet <0-9>/<0-24>[.][<0-4294967295>]o FastEthernet <0-9>/<0-24>[.][<0-4294967295>]o GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>]o Loopback <0-2147483647>o Serial <0-9>/<0-24>o Vlan <1-1005>o default

redistributeo connected [ metric [ <0-16> | transparent ] ]o eigrp <1-65535> [ metric [ <0-16> | transparent ] ]o metric [ <0-16> | transparent ]o ospf <1-65535> [ match { external [ 1 | 2 ] | internal | nssa-external } ] [ metric default-metric ]o rip [ metric [ <0-16> | transparent ] ]o static [ metric [ <0-16> | transparent ] ]

timers basic <0-4294967295> <1-4294967295> <0-4294967295> <1-4294967295> version <1-2>

IPv6 Router RIP Mode

distance <1-254> exit no

o distanceo redistribute

connected [ metric [ <1-16> | transparent ] eigrp <1-65535> [ metric [ <1-16> | transparent ] metric [ <1-16> | transparent ] ospf <1-65535> [ match { external [ 1 | 2 ] | internal | nssa-external } ] [ metric [ <1-16> | transparent ] rip WORD [ metric [ <1-16> | transparent ] static [ metric [ <1-16> | transparent ]

redistributeo connected [ metric [ <1-16> | transparent ]o eigrp <1-65535> [ metric [ <1-16> | transparent ]o metric [ <1-16> | transparent ]o ospf <1-65535> [ match { external [ 1 | 2 ] | internal | nssa-external } ] [ metric [ <1-16> | transparent ]o rip WORD [ metric [ <1-16> | transparent ]o static [ metric [ <1-16> | transparent ]

DHCP Pool Configuration Mode

default-router A.B.C.D dns-server A.B.C.D exit network A.B.C.D A.B.C.D no dns-server option <0-254> ip A.B.C.D

IPv6 DHCP Pool Configuration Mode

dns-server X:X:X:X::X domain-name WORD exit no

o dns-server X:X:X:X::Xo domain-name WORDo prefix-delegation

X:X:X:X::X/<0-128> WORD [ lifetime ] <60-4294967295> <60-4294967295> pool WORD [ lifetime ] <60-4294967295> <60-4294967295>

prefix-delegationo X:X:X:X::X/<0-128> WORD [ lifetime ] <60-4294967295> <60-4294967295>o pool WORD [ lifetime ] <60-4294967295> <60-4294967295>

Rommon Mode

boot confreg config-register-number dir flash: help reset set tftpdnld unset variable variable=value

Routers: IOS 15

Packet Tracer uses a simplified model of the Cisco IOS. Click on the CLI tab in the router configuration window to access the Cisco IOS command line interface for the router. Use the Copy and Paste buttons to copy and paste text to and from the command line. This page lists the Cisco IOS command tree for Packet Tracer routers. For Cisco 1841 and 2811 routers with switching capabilities, refer to the "Switch IOS" page for additional commands. The tree contains only Cisco IOS command chains that are supported in Packet Tracer.

 

User Mode

<1-99> connect [ WORD ]

disable disconnect <1-16> enable [ <0-15> | view [ WORD ] ] exit logout ping [ ip | ipv6 ] WORD resume [ <1-16> | WORD ] show

o arpo cdp

entry * [ protocol | version ] WORD [ protocol | version ]

interface Ethernet <0-9>/<0-24>[.][<0-4294967295>] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Serial <0-9>/<0-24>[.][<0-4294967295>] neighbors [ details ]

o class-map [ WORD ]o clocko controllers

Ethernet <0-9>/<0-24>[.][<0-4294967295>] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Serial <0-9>/<0-24> Serial <0-9>/<0-24>[.][<0-4294967295>]

o crypto key mypubkey rsao dot11 interfaceo flash:o frame-relay

lmi map pvc

<16-1022> interface

serial <0-9>/<0-24>[.][<0-4294967295>]o history

o hostso interfaces

Dot11Radio <0-24>/<0-24>/<0-24> Ethernet <0-9>/<0-24>[.][<0-4294967295>] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Loopback <0-2147483647> Serial <0-9>/<0-24> Serial <0-9>/<0-24>[.][<0-4294967295>] Tunnel <0-2147483647> Virtual-Access <1-2> Virtual-Template <1-200> Vlan <1-1005> switchport trunk

o ip arp bgp

neighbors summary

dhcp binding eigrp

interface <1-65535> neighbors <1-65535> topology

<1-65535> A.B.C.D [ A.B.C.D ]

A.B.C.D [ A.B.C.D ] all-links

traffic <1-65535> interface

Dot11Radio <0-9>/<0-24>/<0-24> Ethernet <0-9>/<0-24>[.][<0-4294967295>] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Loopback <0-2147483647> Serial <0-9>/<0-24>[.][<0-4294967295>] Tunnel <0-2147483647>

Virtual-Access <1-2> Virtual-Template <1-200> Vlan <1-1005> brief

nbar port-map ospf

<1-65535> <0-4294967295>

database interface

Ethernet <0-9>/<0-24>[.][<0-4294967295>] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Loopback <0-2147483647> Serial <0-9>/<0-24>[.][<0-4294967295>]

neighbor Ethernet <0-9>/<0-24>[.][<0-4294967295>] [ detail ] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] [ detail ] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] [ detail ] Loopback <0-2147483647> [ detail ] Serial <0-9>/<0-24>[.][<0-4294967295>] [ detail ] detail

virtual-links A.B.C.D

database interface

Ethernet <0-9>/<0-24>[.][<0-4294967295>] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Loopback <0-2147483647> Serial <0-9>/<0-24>[.][<0-4294967295>]

neighbor Ethernet <0-9>/<0-24>[.][<0-4294967295>] [ detail ] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] [ detail ] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] [ detail ] Loopback <0-2147483647> [ detail ] Serial <0-9>/<0-24>[.][<0-4294967295>] [ detail ] detail

virtual-links border-routers database interface

Ethernet <0-9>/<0-24>[.][<0-4294967295>] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Loopback <0-2147483647> Serial <0-9>/<0-24>[.][<0-4294967295>]

neighbor Ethernet <0-9>/<0-24>[.][<0-4294967295>] [ detail ] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] [ detail ] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] [ detail ] Loopback <0-2147483647> [ detail ] Serial <0-9>/<0-24>[.][<0-4294967295>] [ detail ] detail

virtual-links border-routers database interface

Ethernet <0-9>/<0-24>[.][<0-4294967295>] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Loopback <0-2147483647> Serial <0-9>/<0-24>[.][<0-4294967295>]

neighbor Ethernet <0-9>/<0-24>[.][<0-4294967295>] [ detail ] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] [ detail ] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] [ detail ] Loopback <0-2147483647> [ detail ] Serial <0-9>/<0-24>[.][<0-4294967295>] [ detail ] detail

virtual-links protocols rip database route [ WORD | bgp | connected | eigrp | ospf <1-65535> | rip | static ] ssh

o ipv6

access-list WORD eigrp

interfaces <1-65535> neighbors <1-65535> topology

<1-65535> [ X:X:X:X::X/<0-128> X:X:X:X::X/<0-128> all-links

traffic <1-65535> general-prefix interface

Ethernet <0-9>/<0-24>[.][<0-4294967295>] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Loopback <0-2147483647> Serial <0-9>/<0-24>[.][<0-4294967295>] Tunnel <0-2147483647> brief

nat [ statistics | translations ] neighbors

Ethernet <0-9>/<0-24>[.][<0-4294967295>] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Loopback <0-2147483647> Serial <0-9>/<0-24>[.][<0-4294967295>] Vlan <1-1005>

ospf <1-65535>

<0-4294967295> database interface

Ethernet <0-9>/<0-24>[.][<0-4294967295>] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Loopback <0-2147483647> Serial <0-9>/<0-24>[.][<0-4294967295>]

neighbor Ethernet <0-9>/<0-24>[.][<0-4294967295>] [ detail ]

FastEthernet <0-9>/<0-24>[.][<0-4294967295>] [ detail ] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] [ detail ] Loopback <0-2147483647> [ detail ] Serial <0-9>/<0-24>[.][<0-4294967295>] [ detail ] detail

A.B.C.D database interface

Ethernet <0-9>/<0-24>[.][<0-4294967295>] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Loopback <0-2147483647> Serial <0-9>/<0-24>[.][<0-4294967295>]

neighbor Ethernet <0-9>/<0-24>[.][<0-4294967295>] [ detail ] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] [ detail ] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] [ detail ] Loopback <0-2147483647> [ detail ] Serial <0-9>/<0-24>[.][<0-4294967295>] [ detail ] detail

border-routers database interface

Ethernet <0-9>/<0-24>[.][<0-4294967295>] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Loopback <0-2147483647> Serial <0-9>/<0-24>[.][<0-4294967295>]

neighbor Ethernet <0-9>/<0-24>[.][<0-4294967295>] [ detail ] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] [ detail ] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] [ detail ] Loopback <0-2147483647> [ detail ] Serial <0-9>/<0-24>[.][<0-4294967295>] [ detail ] detail

border-routers database interface

Ethernet <0-9>/<0-24>[.][<0-4294967295>] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Loopback <0-2147483647> Serial <0-9>/<0-24>[.][<0-4294967295>]

neighbors Ethernet <0-9>/<0-24>[.][<0-4294967295>] [ detail ] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] [ detail ] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] [ detail ] Loopback <0-2147483647> [ detail ] Serial <0-9>/<0-24>[.][<0-4294967295>] [ detail ] detail

border-routers database interface

Ethernet <0-9>/<0-24>[.][<0-4294967295>] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Loopback <0-2147483647> Serial <0-9>/<0-24>[.][<0-4294967295>]

neighbors Ethernet <0-9>/<0-24>[.][<0-4294967295>] [ detail ] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] [ detail ] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] [ detail ] Loopback <0-2147483647> [ detail ] Serial <0-9>/<0-24>[.][<0-4294967295>] [ detail ] detail

o protocolso rip databaseo route ospf

policy-mapo WORDo interface

Ethernet <0-9>/<0-24>[.][<0-4294967295>] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Serial <0-9>/<0-24>[.][<0-4294967295>]

o privilege

o protocolso queue

Ethernet <0-9>/<0-24>[.][<0-4294967295>] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Serial <0-9>/<0-24>[.][<0-4294967295>]

o queueingo sessionso ssho tcp [ brief ]o terminalo userso versiono vlan-switch

brief id <1-1005> name WORD

o vtp [ counters | status ] ssh

o -l WORD [ WORD | -v 1 WORD]o -l WORD [ WORD | -v 2 WORD]o -v 1 -l WORD WORDo -v 2 -l WORD WORD

terminal WORD <0-65535> traceroute

o [ Protocol ] [ Target IP address ] [ Source address ] [ Numeric display ] [ Timeout in seconds ] [ Probe count ] [ Minimum Time to Live ] [ Maximum Time to Live ]

Enable Mode

<1-99> auto secure clear

o aaa local user lockout [ all | username WORD ]o access-list counters [ <1-199> | <1300-2699> | WORD ]o arp-cacheo cdp tableo frame-relay [ inarp | counter ]

o ip bgp * nat translation * ospf process route [ * | A.B.C.D | A.B.C.D A.B.C.D ]

o ipv6 dhcp binding nat translation * neighbors

o line tty <2-90>o mac-address-table [ dynamic ]o vtp counters

clock set hh:mm:ss [ <1-31> MONTH <1993-2035> | MONTH <1-31> <1993-2035> ] configure [ terminal ] connect [ WORD ] copy

o flash: ftp: running-config startup-config tftp:

o ftp: flash: running-config startup-config

o running-config flash: ftp startup-config tftp:

o startup-config flash: ftp running-config tftp:

o tftp: flash: running-config

startup-config debug

o aaa authenticateiono custom-queueo eigrp

fsm packets

o frame-relay lmio ip

icmp nat ospf [ adj | events ] packet rip [ events ] routing

o ipv6 inspect

detailed events function-trace icmp object-creation object-deletion tcp timers udp

ospf [ adj | events ]o ntp packetso ppp [ authenticateion | negotiation | packet ]

deleteo WORDo flash:

dir [ WORD | flash: | nvram: ] disable disconnect <1-16> enable [ <0-15> | view [ WORD ] ] erase startup-config exit

logout mkdir [ WORD | flash: ] more flash:<filename> no

o debug all aaa authenticateion crypto [ isakmp | ipsec ] custom-queue eigrp [ fsm | packets ] ephone register frame-relay lmi ip

icmp inspect

detailed events function-trace object-creation object-deletion protocol [ http | icmp | tcp | udp ] timers

nat ospf [ adj | events ] packet rip [ events ] routing

ipv6o inspect

detailed events function-trace icmp object-creation object-deletion tcp timers udp

o ospf [ adj | events ]o ntp packetso ppp [ authenticateion | negotiation | packet ]

ping [ WORD | ip | ipv6 ]o [ Protocol ] [ Target IP address ] [ Repeat count ] [ Datagram size ] [ Timeout in seconds ] [ Extended commands ] [ Sweep range of

sizes ] reload resume [ <1-16> | WORD ] rmdir [ WORD | flash:<filename> ] send [ * | <0-300> ] setup show

o aaa local user lockout sessions user [ <1-4294967295> | all ]

o access-list [ <1-199> | WORD ]o arpo cdp

entry * [ protocol | version ] WORD [ protocol | version ]

interfaces Ethernet <0-9>/<0-24>[.][<0-4294967295> ] FastEthernet <0-9>/<0-24>[.][<0-4294967295> ] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295> ] Serial <0-9>/<0-24>

neighbors [ detail ]o class-map [ WORD ]o clocko controllers

Ethernet <0-9>/<0-24>[.][<0-4294967295> ] FastEthernet <0-9>/<0-24>[.][<0-4294967295> ] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295> ] Serial <0-9>/<0-24> Serial <0-9>/<0-24>[.][<0-4294967295>]

o crypto key mypubkey rsao debuggin

o dhcp leaseo dot11 interfaceo file systemo frame-relay

lmi map pvc

<16-1022> interface Serial <0-9>/<0-24>[<16-1022>]

o historyo hostso interface

Dot11Radio <0-9>/<0-24>/<0-24> Ethernet <0-9>/<0-24>[.][<0-4294967295> ] FastEthernet <0-9>/<0-24>[.][<0-4294967295> ] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295> ] Loopback <0-2147483647> Serial <0-9>/<0-24> Serial <0-9>/<0-24>/<0-4294967295> Tunnel <0-2147483647> Virtual-Access <1-2> Virtual-Template <1-200> Vlan <1-1005> switchport trunk

o ip access-lists [ <1-199> | WORD ] arp bgp [ neighbors | summary ] dhcp binding eigrp

interfaces [ <1-65535> ] neighbors [ <1-65535> ] topology [ <1-65535> ] [ A.B.C.D A.B.C.D ] traffic [ <1-65535> ]

interface Dot11Radio <0-9>/<0-24>/<0-24> Ethernet <0-9>/<0-24>[.][<0-4294967295> ]

FastEthernet <0-9>/<0-24>[.][<0-4294967295> ] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295> ] Loopback <0-2147483647> Serial <0-9>/<0-24> Serial <0-9>/<0-24>/[.][<0-4294967295> Tunnel <0-2147483647> Virtual-Access <1-2> Virtual-Template <1-200> Vlan <1-1005> brief

nat [ translations | statistics ] nbar port-map ospf

<1-65535> <0-4294967295>

database interface

Ethernet <0-9>/<0-24>[.][<0-4294967295> ] FastEthernet <0-9>/<0-24>[.][<0-4294967295> ] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295> ] Loopback <0-2147483647> Serial <0-9>/<0-24>

neighbor Ethernet <0-9>/<0-24>[.][<0-4294967295> ] [ detail ] FastEthernet <0-9>/<0-24>[.][<0-4294967295> ] [ detail ] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295> ] [ detail ] Loopback <0-2147483647> [ detail ] Serial <0-9>/<0-24> [ detail ] detail

virtual-links A.B.C.D

database interface

Ethernet <0-9>/<0-24>[.][<0-4294967295> ] FastEthernet <0-9>/<0-24>[.][<0-4294967295> ] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295> ] Loopback <0-2147483647> Serial <0-9>/<0-24>

neighbor Ethernet <0-9>/<0-24>[.][<0-4294967295> ] [ detail ] FastEthernet <0-9>/<0-24>[.][<0-4294967295> ] [ detail ] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295> ] [ detail ] Loopback <0-2147483647> [ detail ] Serial <0-9>/<0-24> [ detail ]

virtual-links border-routers database interface

Ethernet <0-9>/<0-24>[.][<0-4294967295> ] FastEthernet <0-9>/<0-24>[.][<0-4294967295> ] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295> ] Loopback <0-9>/<0-24>

neighbor Ethernet <0-9>/<0-24>[.][<0-4294967295> ] [ detail ] FastEthernet <0-9>/<0-24>[.][<0-4294967295> ] [ detail ] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295> ] [ detail ] Loopback <0-2147483647> [ detail ] Serial <0-9>/<0-24> [ detail ]

virtual-links border-routers database interface

Ethernet <0-9>/<0-24>[.][<0-4294967295> ] FastEthernet <0-9>/<0-24>[.][<0-4294967295> ] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295> ] Loopback <0-2147483647> Serial <0-9>/<0-24>

neighbor Ethernet <0-9>/<0-24>[.][<0-4294967295> ] [ detail ] FastEthernet <0-9>/<0-24>[.][<0-4294967295> ] [ detail ] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295> ] [ detail ] Loopback <0-2147483647> [ detail ] Serial <0-9>/<0-24> [ detail ]

virtual-links protocols rip database

route [ WORD | bgp | connected | eigrp | ospf <1-65535> | rip | static ] ssh

o ipv6 access-list [ WORD ] dhcp [ binding | interface | pool ] eigrp

interface <1-65535> neighbors <1-65535> topology

<1-65535> [ X:X:X:X::X/<0-128> X:X:X:X::X/<0-128> all-links

traffic <1-65535> general-prefix inspect

all config interfaces name [ WORD ] sessions [ detail ]

interface Ethernet <0-9>/<0-24>[.][<0-4294967295> ] FastEthernet <0-9>/<0-24>[.][<0-4294967295> ] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295> ] Loopback <0-2147483647> Serial <0-9>/<0-24> brief

nat [ statistics | translations ] neighbors

Ethernet <0-9>/<0-24>[.][<0-4294967295> ] FastEthernet <0-9>/<0-24>[.][<0-4294967295> ] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295> ] Loopback <0-2147483647> Serial <0-9>/<0-24>

ospf <1-65535>

<0-4294967295> database

interface Ethernet <0-9>/<0-24>[.][<0-4294967295> ] FastEthernet <0-9>/<0-24>[.][<0-4294967295> ] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295> ] Loopback <0-2147483647> Serial <0-9>/<0-24>

neighbor Ethernet <0-9>/<0-24>[.][<0-4294967295> ] [ detail ] FastEthernet <0-9>/<0-24>[.][<0-4294967295> ] [ detail ] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295> ] [ detail ] Loopback <0-2147483647> [ detail ] Serial <0-9>/<0-24> [ detail ] detail

A.B.C.D database interface

Ethernet <0-9>/<0-24>[.][<0-4294967295> ] [ detail ] FastEthernet <0-9>/<0-24>[.][<0-4294967295> ] [ detail ] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295> ] [ detail ] Loopback <0-2147483647> [ detail ] Serial <0-9>/<0-24> [ detail ]

neighbor Ethernet <0-9>/<0-24>[.][<0-4294967295> ] [ detail ] FastEthernet <0-9>/<0-24>[.][<0-4294967295> ] [ detail ] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295> ] [ detail ] Loopback <0-2147483647> [ detail ] Serial <0-9>/<0-24> [ detail ] detail

border-routers database interface

Ethernet <0-9>/<0-24>[.][<0-4294967295> ] FastEthernet <0-9>/<0-24>[.][<0-4294967295> ] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295> ] Loopback <0-2147483647> Serial <0-9>/<0-24>

neighbors Ethernet <0-9>/<0-24>[.][<0-4294967295> ] [ detail ]

FastEthernet <0-9>/<0-24>[.][<0-4294967295> ] [ detail ] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295> ] [ detail ] Loopback <0-2147483647> [ detail ] Serial <0-9>/<0-24> [ detail ] detail

border-routers database interface

Ethernet <0-9>/<0-24>[.][<0-4294967295> ] [ detail ] FastEthernet <0-9>/<0-24>[.][<0-4294967295> ] [ detail ] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295> ] [ detail ] Loopback <0-2147483647> [ detail ] Serial <0-9>/<0-24> [ detail ]

neighbors Ethernet <0-9>/<0-24>[.][<0-4294967295> ] [ detail ] FastEthernet <0-9>/<0-24>[.][<0-4294967295> ] [ detail ] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295> ] [ detail ] Loopback <0-2147483647> [ detail ] Serial <0-9>/<0-24> [ detail ]

protocols rip database route [ ospf ]

o licsense [ all | detail | feature | udi ]o lineo loggingo login [ failures ]o mac-address-table [ static ]o ntp statuso parse viewo policy-map

WORD interface

Ethernet <0-9>/<0-24>[.][<0-4294967295> ] FastEthernet <0-9>/<0-24>[.][<0-4294967295> ] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295> ] Loopback <0-2147483647> Serial <0-9>/<0-24> Serial <0-9>/<0-24>[.][<0-4294967295>]

type inspect zone-pair sessionso privilegeso processeso protocolso queue

Ethernet <0-9>/<0-24>[.][<0-4294967295> ] FastEthernet <0-9>/<0-24>[.][<0-4294967295> ] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295> ] Loopback <0-2147483647> Serial <0-9>/<0-24> Serial <0-9>/<0-24>[.][<0-4294967295>]

o queueingo running-configo secure [ bootset ]o sessionso snmpo spanning-tree

active detail interface

FastEthernet <0-9>/<0-24>[.][<0-4294967295> ] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295> ] Port-channel <1-6> Vlan <1-4094> [ portfast ]

summary totals vlan <1-1005>

o ssho standby

FastEthernet <0-2>/<0-1> [ brief ] brief

o startup-configo storm-control broadcasto tcp [ brief ]o tech-supporto terminalo userso userso version

o vlan-switch [ brief | id <1-1005> | name WORD ]o vtp [ counters | status ]

ssho -l WORD [ WORD | -v 1 WORD]o -l WORD [ WORD | -v 2 WORD]o -v 1 -l WORD WORDo -v 2 -l WORD WORD

telnet [ WORD ] [ <0-65535> ] terminal history size <0-256> traceroute [ WORD | ip | ipv6 ]

o [ Protocol ] [ Target IP address ] [ Source address ] [ Numeric display ] [ Timeout in seconds ] [ Probe count ] [ Minimum Time to Live ] [ Maximum Time to Live ]

undebugo allo aaa authenticateiono custom-queueo eigrp [ fsm | packets ]o frame-relay lmio ip

icmp inspect

detailed events function-trace object-creation object-deletion protocol [ http | icmp | tcp | udp ] timers

nat ospf [ adj | events ] packet rip [ events ] routing

o ntp packetso ppp [ authenticateion | negotiation | packet ]

vlan database write [ erase | memory | terminal ]

Global Mode

aaao authenticateion

enable default enable group [ radius | tacacs+ ] local none

login [ WORD | default ] enable group [ radius | tacacs+ ] local

enable group [ radius | tacacs+ ] none [ group | local ]

none group [ radius | tacacs+ ] local [ enable | group [ radius | tacacs+ ] | none ]

ppp [ WORD | default ] enable group [ radius | tacacs+ ] local [ enable | group [ radius | tacacs+ ] | none ] none [ group [ radius | tacacs+ ] | local ]

o authorization [ exec | network ] [ WORD | default ] group [ radius | tacacs+ ] if-authenticateed local [ group [ radius | tacacs+ ] | if-authenticateed | none ] none [ group [ radius | tacacs+ ] | if-authenticateed | local ]

o new-model access-list (named ACL is under the "ip access-list" branch in Global Mode)

o <1-99> [ deny | permit ] [ A.B.C.D | any | host A.B.C.D ] [ deny | permit ] [ A.B.C.D A.B.C.D ] remark LINE

o <100-199> [ deny | permit ] [ ahp | eigrp | esp | gre | ospf ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | host

A.B.C.D ] [ deny | permit ] icmp [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ]

<0-256> echo echo-reply host-unreachable net-unreachable port-unreachable protocol-unreachable ttl-exceeded unreachable

[ deny | permit ] ip [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] dscp [ <0-63> | af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7

| default | ef ] precedence [ <0-7> | critical | flash | flash-override | immediate | internet | network | priority | routine ]

[ deny | permit ] [ tcp | udp ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | eq <0-65535> | host A.B.C.D | gt <0-65535> | lt <0-65535> | neq <0-65535> | range <0-65535> <0-65535> ] [ eq <0-65535> | gt <0-65535> | lt <0-65535> | neq <0-65535> | range <0-65535> <0-65535> ]

remark LINE banner

o motd LINEo login LINE

boot system [ WORD | flash WORD ] cdp run class-map [ type inspect ] [ match-all | match-any ] WORD clock timezone WORD <-23-23> [ <0-59> ] config-register WORD crypto

o dynamic-map WORD <1-65535> [ ipsec-isakmp ]o key [ generate | zeroize ] rsa

do LINE enable

o password 7 WORD LINE level <1-15>

7 WORD LINE

o secret [ 0 | 5 ] LINE

level <1-15> [ 0 | 5 ] LINE

end exit hostname WORD interface

o Dot11Radio <0-9>/<0-24>/<0-24>o Ethernet <0-9>/<0-24>[.][<0-4294967295>]o FastEthernet <0-9>/<0-24>[.][<0-4294967295>]o GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>]o Loopback <0-2147483647>o Serial <0-9>/<0-24> [ multipoint | point-to-point ]o Tunnel <0-2147483647>o Virtual-Template <1-200>o Vlan <1-1005>o range

Ethernet <0-9>/<0-24>[.][<0-4294967295>] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Loopback <0-2147483647> Serial <0-9>/<0-24> [ multipoint | point-to-point ] Vlan <1-1005>

ipo access-list

extended [ <100-199> | WORD ] standard [ <1-99> | WORD ]

o default-network A.B.C.Do dhcp

excluded-address A.B.C.D [ A.B.C.D ] pool WORD

o domain-lookupo domain-name WORDo forward-protocol udp [ <0-65535> | bootpc | bootps | domain | netbios-dgm | netbios-ns | tacacs | tftp | time ]o ftp

passive password [ <0-7> | LINE ] username WORD

o host WORD [ <0-65535> | A.B.C.D ] [ A.B.C.D ] [ A.B.C.D ]

o local pool WORD A.B.C.D A.B.C.Do name-server [ A.B.C.D ] [ X:X:X:X::X ]o nat

inside source list [ <1-199> | WORD ] interface [ Ethernet | FastEthernet | GigabitEthernet | Serial ] <0-9>/<0-24>[.][<0-4294967295>] list [ <1-199> | WORD ] pool WORD [ overload ] static

A.B.C.D A.B.C.D tcp A.B.C.D <1-65535> A.B.C.D <1-65535> udp A.B.C.D <1-65535> A.B.C.D <1-65535>

outside source list [ <1-199> | WORD ] pool WORD static

A.B.C.D A.B.C.D tcp A.B.C.D <1-65535> A.B.C.D <1-65535> udp A.B.C.D <1-65535> A.B.C.D <1-65535>

pool WORD A.B.C.D A.B.C.D netmask A.B.C.Do route A.B.C.D A.B.C.D

A.B.C.D [<1-255>] Ethernet <0-9>/<0-24>[.][<0-4294967295>] [<1-255>] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] [<1-255>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] [<1-255>] Loopback <0-214483647> [<1-255>] Serial <0-9>/<0-24>[.][<1-255>] Vlan <1-1005> [<1-255>]

o ssh authenticateion-retries <0-5> time-out <1-120> version <1-2>

o tcp [ mss <68-1000> | window-size <0-107374823> ] ipv6

o access-list WORDo dhcp pool WORDo general-prefix WORD

X:X:X:X::X/<1-128>o host WORD

<0-65535> [ X:X:X:X::X ] [ X:X:X:X::X ] [ X:X:X:X::X ] [ X:X:X:X::X ] [ X:X:X:X::X ] [ X:X:X:X::X ]

o inspect alert-off audit-trail max-incomplete [ high | low ] <1-2147483647> name WORD [ icmp | tcp | udp ]

alert [ off | on ] audit-trail [ off | on ] timeout <5-43200>

one-minute [ high | low ] <1-2147483647> tcp

finwait-time <1-2147483> idle-time <1-2147483> synwait-time <1-2147483>

udp idle-time <1-2147483>o nat

prefix X:X:X:X::X/<0-128> v4v6

pool WORD X:X:X:X::X X:X:X:X::X prefix-length <1-128> source A.B.C.D X:X:X:X::X source list WORD [ pool ] WORD

v6v4 pool WORD A.B.C.D A.B.C.D prefix-length source X:X:X:X::X A.B.C.D source list WORD

pool WORD [ overload ] interface

Ethernet <0-9>/<0-24>[.][<0-4294967295>] [ overload ] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] [ overload ] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] [ overload ] Serial <0-9>/<0-24> [ overload ]

o neighbor X:X:X:X::X Ethernet <0-9>/<0-24>[.][<0-4294967295>] H.H.H FastEthernet <0-9>/<0-24>[.][<0-4294967295>] H.H.H GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] H.H.H Loopback <0-2147483647> H.H.H Serial <0-9>/<0-24> H.H.H Vlan <1-1005> H.H.H

o route X:X:X:X::X/<0-128>

Ethernet <0-9>/<0-24>[.][<0-4294967295>] [ <1-254> ] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] [ <1-254> ] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] [ <1-254> ] Loopback <0-2147483647> [ <1-254> ] Serial <0-9>/<0-24> [ <1-254> ] Vlan <1-1005> [ <1-254> ] X:X:X:X::X [ <1-254> ]

o unicast-routing license boot module c2900 technology-package [ securityk9 disable | uck9 disable ] line

o <2-499> [ <3-499> ]o aux <0-0>o console <0-0>o tty <2-90> [ <2-90> ]o vty <0-15> [ <0-15> ]o x/y/z

loggingo A.B.C.Do buffered <4096-2147483647>o consoleo host A.B.C.Do ono trap [ debugging ]o userinfo

logino block-for <1-65535> attempt <1-65535> within <1-65535>o on-failure [ log | trap ]o on-success [ log | trap ]

mac-address-table static H.H.H interfaceo Ethernet <0-9>/<0-24>[.][<0-4294967295>] vlan <1-1005>o FastEthernet <0-9>/<0-24>[.][<0-4294967295>] vlan <1-1005>o GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] vlan <1-1005>

noo aaa

authenticateion [ enable default ] authorization [ exec | network ] [ WORD | default ] new-model

o access-list [ <1-99> | <100-199> ]

o banner [ login | motd ]o boot system [ WORD | flash WORD ]o cdp runo class-map [ type inspect ] [ match-all | match-any ] WORDo clock timezoneo config-registero Dot11 ssid LINEo enable

password [ 7 WORD | level <1-15> ] secret [ level <1-15> ]

o hostnameo interface

Dot11Radio <0-9>/<0-24>/<0-24> Ethernet <0-9>/<0-24>[.][<0-4294967295>] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Loopback <0-2147483647> Serial <0-9>/<0-24> Tunnel <0-2147483647> Virtual-Template <1-200> Vlan <1-1005>

o ip access-list

extended [ <100-199> | WORD ] standard [ <1-99> | WORD ]

default-network A.B.C.D dhcp

excluded-address A.B.C.D [ A.B.C.D ] pool WORD

domain [ lookup | name ] domain-lookup domain-name forward-protocol [ <0-65535> | bootpc | domain | netbios-dgm | netbios-ns | tacacs | tftp ] ftp [ passive | password | username ] host WORD [ <0-65535> ] [ A.B.C.D ] [ A.B.C.D ] [ A.B.C.D ] inspect

alert-off audit-trail

dns-timeout <1-2147483> max-incomplete [ high | low ] <1-2147483647> name WORD [ http | icmp | tcp | telnet | udp ] one-minute [ high | low ] <1-2147483647> tcp [ finwait-time | idle-time | synwait-time ] <1-2147483> udp idle-time <1-2147483>

local pool WORD name-server nat

inside source list [ <1-199> | WORD ] static

A.B.C.D A.B.C.D tcp A.B.C.D <1-65535> A.B.C.D <1-65535> udp A.B.C.D <1-65535> A.B.C.D <1-65535>

outside source list [ <1-199> | WORD ] static

A.B.C.D A.B.C.D tcp A.B.C.D <1-65535> A.B.C.D <1-65535> udp A.B.C.D <1-65535> A.B.C.D <1-65535>

route A.B.C.D A.B.C.D <1-255> A.B.C.D [ <1-255> ] Ethernet <0-9>/<0-24>[.][<0-4294967295>] [ <1-255> ] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] [ <1-255> ] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] [ <1-255> ] Loopback <0-2147483647> [ <1-255> ] Null <0-0> <1-255> Serial <0-9>/<0-24> [ <1-255> ] Vlan <1-1005> [ <1-255> ]

ssh authenticateion-retries time-out version [ 1 | 2 ]

tcp [ mss | window-size ]o ipv6

access-list WORD

dhcp pool WORD general-prefix WORD [ X:X:X:X::X/<0-128> ] host WORD inspect

alert-off audit-trail max-incomplete [ high | low ] name WORD [ icmp | tcp | udp ] one-minute [ high | low ] tcp [ finwait-time | idle-time | synwait-time ] udp idle-time

nat prefix X:X:X:X::X/<0-128> v4v6

pool WORD source A.B.C.D X:X:X:X::X source list WORD [ pool ] WORD

v6v4 pool WORD source X:X:X:X::X A.B.C.D source list WORD pool WORD [ overload ]

neighbor X:X:X:X::X Ethernet <0-9>/<0-24>[.][<0-4294967295>] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Loopback <0-2147483647> Serial <0-9>/<0-24> Vlan <1-1005>

route X:X:X:X::X/<0-128> <1-254> Ethernet <0-9>/<0-24>[.][<0-4294967295>] [ <1-254> ] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] [ <1-254> ] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] [ <1-254> ] Loopback <0-2147483647> [ <1-254> ] Serial <0-9>/<0-24> [ <1-254> ] X:X:X:X::X [ <1-254> ]

router eigrp <1-65535>

ospf <1-65535> rip WORD

unicast-routingo license boot module c2900 technology-package [ security disable | uck9 disable ]o logging

A.B.C.D buffered console host A.B.C.D on trap [ debugging ] userinfo

o login block-for on-failure [ log | trap ] on-success [ log | trap ]

o mac-address-table static H.H.H interface Ethernet <0-9>/<0-24>[.][<0-4294967295>] vlan <1-1005> FastEthernet <0-9>/<0-24>[.][<0-4294967295>] vlan <1-1005> GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] vlan <1-1005>

ntp

authenticatee authenticateion-key <1-4294967295> server A.B.C.D trusted-key <1-4294967295> update-calendar

o parser view WORDo policy-map [ type inspect ] WORDo priority-list <1-16>

default protocol

ip [ high | low | medium | normal ] [ list <1-199> | tcp <0-65535> | udp <0-65535> ] ipv6 [ high | low | medium | normal ]

queue-limito privilege [ configure | exec | interface | line | router ] [ all ] [ level <0-15> ] LINEo queue-list <1-16>

default protocol

ip <0-16> list [ <1-199> | <1300-2699> ] tcp <0-65535> udp <0-65535>

ipv6 <0-16> queue <0-16>

byte-count <1-16777215> [ limit <0-32767> ] limit <0-32767> [ byte-count <1-16777215> ]

o radius-server host A.B.C.D

auth-port <0-65535> [ key LINE ] key LINE

key LINEo router

bgp <1-65535> eigrp <1-65535> ospf <1-65535> rip

o secure [ boot-config | boot-image ]o security passwords min-length <0-16>o service

nagle password-encryption timestamps [ debug | log ] [ datetime | msec ]

o snmp-server [ community WORD [ ro | rw ] ]o spanning-tree

mode portfast default vlan <1-1005> [ priority | root ]

o tacacs-server host A.B.C.D

key LINE single-connection key LINE

key LINEo username WORDo vpdn enable

o vpdn-group WORDo zone security WORDo zone-pair security WORD source [ WORD | self ] destination [ WORD | self ]

ntpo authenticateiono authenticateion-key <1-4294967295> md5 WORD [ <0-4294967295> ]o server A.B.C.D [ key <0-4294967295> ]o trusted-key <1-4294967295>o update-calendar

parser view WORD policy-map [ type inspect ] WORD priority-list <1-16>

o default [ high | low | medium | normal ]o protocol

ip [ high | low | medium | normal ] [ list <1-199> | tcp <0-65535> | udp <0-65535> ] ipv6 [ high | low | medium | normal ]

o queue-limit <0-32767> <0-32767> <0-32767> <0-32767> privilege [ configure | exec | interface | line | router ] [ all ] [ level <0-15> | reset ] LINE queue-list <1-16>

o default <0-16>o protocol

ip <0-16> list [ <1-199> | <1300-2699> ] tcp <0-65535> udp <0-65535>

ipv6 <0-16>o queue <0-16>

byte-count <1-16777215> [ limit <0-32767> ] limit <0-32767> [ byte-count <1-16777215> ]

radius-servero host A.B.C.D

auth-port <0-65535> [ key LINE ] key LINE

o key LINE router

o bgp <1-65535>o eigrp <1-65535>o ospf <1-65535>

o rip secure [ boot-config | boot-image ] security password min-length <0-16> service

o nagleo password-encryptiono timestamps [ debug | log ] [ datetime | msec ]

snmp-server community WORD [ ro | rw ] spanning-tree

o mode [ pvst | rapid-pvst ]o portfast defaulto vlan <1-1005>

priority <0-61440> root [ primary | secondary ]

tacacs-servero host A.B.C.D

key LINE single-connection key LINE

o key LINE username WORD [ privilege <0-15> ]

o password [ 0 LINE | 7 WORD | LINE ]o secret [ 0 LINE | 5 WORD | LINE ]

vpdn enable vpdn-group WORD zone security WORD zone-pair security WORD source [ WORD | self ] destination [ WORD | self ]

Standard Access List Configuration Mode

<1-2147483647>o deny

A.B.C.D [ A.B.C.D ] any host A.B.C.D

o permit A.B.C.D [ A.B.C.D ] any host A.B.C.D

o default deny

A.B.C.D [ A.B.C.D ] any host A.B.C.D

permit A.B.C.D [ A.B.C.D ] any host A.B.C.D

o deny A.B.C.D [ A.B.C.D ] any host A.B.C.D

o exito no

deny A.B.C.D [ A.B.C.D ] any host A.B.C.D

permit A.B.C.D [ A.B.C.D ] any host A.B.C.D

o permit A.B.C.D [ A.B.C.D ] any host A.B.C.D

o remark LINE

Extended Access List Configuration Mode

<1-2147483647>o deny

[ icmp | ip ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ tcp | udp ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | eq<0-65535> | host A.B.C.D | gt<0-65535> | lt

<0-65535> | neq<0-65535> | range<0-65535><0-65535> ]o permit

[ icmp | ip ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ]

[ tcp | udp ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | eq<0-65535> | host A.B.C.D | gt<0-65535> | lt <0-65535> | neq<0-65535> | range<0-65535><0-65535> ]

defaulto [ deny | permit ] [ icmp | ip ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ]o [ deny | permit ] [ tcp | udp ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | eq <0-65535> | host A.B.C.D | gt

<0-65535> | lt <0-65535> | neq <0-65535> | range <0-65535> <0-65535> ] [ eq <0-65535> | gt <0-65535> | lt <0-65535> | neq <0-65535> | range <0-65535> <0-65535> ]

denyo [ icmp | ip ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ]o [ tcp | udp ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | eq <0-65535> | host A.B.C.D | gt <0-65535> | lt

<0-65535> | neq <0-65535> | range <0-65535> <0-65535> ] [ eq <0-65535> | gt <0-65535> | lt <0-65535> | neq <0-65535> | range <0-65535> <0-65535> ]

exit no

o [ deny | permit ] [ icmp | ip ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ]o [ deny | permit ] [ tcp | udp ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | eq <0-65535> | host A.B.C.D | gt

<0-65535> | lt <0-65535> | neq <0-65535> | range <0-65535> <0-65535> ] [ eq <0-65535> | gt <0-65535> | lt <0-65535> | neq <0-65535> | range <0-65535> <0-65535> ]

permito [ icmp | ip ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ]o [ tcp | udp ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | eq <0-65535> | host A.B.C.D | gt <0-65535> | lt

<0-65535> | neq <0-65535> | range <0-65535> <0-65535> ] [ eq <0-65535> | gt <0-65535> | lt <0-65535> | neq <0-65535> | range <0-65535> <0-65535> ]

remark LINE

Ethernet / FastEthernet / GigabitEthernet Interface Mode

arp timeout <0-2147483> bandwidth <1-10000000> cdp enable crypto map WORD custom-queue-list <1-16> delay <1-16777215> description LINE duplex [ auto | full | half ] exit fair-queue [ <1-4096> ] [ <16-4096> ] [ <0-1000> ] hold-queue <0-4096> out

ipo access-group [ <1-199> | WORD ] [ in | out ]o address [ A.B.C.D A.B.C.D | dhcp ]o hello-interval eigrp <1-65535> <1-65535>o helper-address A.B.C.Do mtu <68-1500>o ospf

authenticateion [ message-digest | null ] authenticateion-key [ <0-7> ] WORD cost <1-65535> dead-interval <1-65535> hello-interval <1-65535> message-digest-key <1-255> md5 LINE priority <0-255>

o proxy-arpo split-horizono summary-address eigrp <1-65535> A.B.C.D A.B.C.D [ <1-255> ]

ipv6o address

WORD X:X:X:X::X/<0-128> X:X:X:X::X link-local X:X:X:X::X/<0-128> [ anycast | eui-64 ] autoconfig

o dhcp client pd WORD server WORD

o eigrp <1-65535>o enableo hello-interval eigrp <1-65535> <1-65535>o inspect WORD [ in | out ]o mtu <1280-1500>o nat [ prefix X:X:X:X::X/<0-128> [ v4-mapped ] [ WORD ] ]o nd [ other-config-flag | na suppress ]o ospf

<1-65535> area area-id [ instance instance-id ] cost <1-65535> dead-interval <1-65535> hello-interval <1-65535>

priority <0-255>o rip WORD

default-information originate enable

o summary-address eigrp <1-65535> X:X:X:X::X/<0-128> [ <1-255> ]o traffic-filter WORD [ in | out ]

mac-address H.H.H mtu <64-1600> no

o arp timeouto bandwidtho cdp enableo crypto map [ WORD ]o custom-queue-list <1-16>o delayo descriptiono duplexo fair-queue [ <1-4096> ] [ <16-4096> ] [ <0-1000> ]o hold-queue [ <0-4096> ] outo ip

access-group [ <1-199> | WORD ] [ in | out ] address [ dhcp ] hello-interval eigrp <1-65535> helper-address mtu <68-1500> nat [ inside | outside ] ospf

authenticateion authenticateion-key cost dead-interval hello-interval message-digest-key <1-255> priority

proxy-arp split-horizon summary-address eigrp <1-65535> A.B.C.D A.B.C.D [ <1-255> ]

o ipv6

address WORD X:X:X:X::X/<0-128> X:X:X:X::X link-local X:X:X:X::X/<0-128> [ anycast | eui-64 ] autoconfig

dhcp client pd WORD server WORD

eigrp <1-65535> enable hello-interval eigrp <1-65535> inspect WORD [ in | out ] mtu <1280-1500> nat [ prefix X:X:X:X::X/<0-128> [ v4-mapped ] [ WORD ] ] nd ospf

<1-65535> area area-id [ instance instance-id ] cost <1-65535> dead-interval <1-65535> hello-interval <1-65535> network priority <0-255>

summary-address eigrp <1-65535> X:X:X:X::X/<0-128> [ <1-255> ] rip WORD [ default-information originate | enable ] traffic-filter [ in | out ] WORD

o mac-addresso mtuo pppoe enableo priority-groupo service-policy [ input | output ] WORDo shutdowno speedo standby

<0-4095> FastEthernet <0-9>/<0-24>[.][<0-4294967295> ] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Serial <0-9>/<0-24>[.][<0-4294967295>] ip A.B.C.D

ipv6 preempt priority track

FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Serial <0-9>/<0-24>[.][<0-4294967295>]

preempt priority track

FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Serial <0-9>/<0-24>[.][<0-4294967295>]

o tx-ring-limit pppoe enable priority-group <1-16> service-policy [ input | output ] WORD shutdown speed [ 10 | 100 | 1000 | auto ] (10/100 options are only available for FastEthernet and GigabitEthernet interfaces and 10/100/1000

options are only available for GigabitEthernet interfaces respectively) standby

o <0-4095> FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Serial <0-9>/<0-24>[.][<0-4294967295>] ip A.B.C.D ipv6 preempt priority track

FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Serial <0-9>/<0-24>[.][<0-4294967295>]

o preempto priorityo track

FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>]

Serial <0-9>/<0-24>[.][<0-4294967295>] tx-ring-limit <1-32767>

Ethernet / FastEthernet / GigabitEthernet Sub-Interface Mode

arp timeout <0-2147483> bandwidth <1-10000000> delay <1-16777215> description LINE encapsulation dot1q <1-1005> [ native ] exit ip

o access-group [ <1-199> | WORD ] [ in | out ]o address [ A.B.C.D A.B.C.D | dhcp ]o hello-interval eigrp <1-65535> <1-65535>o helper-address A.B.C.Do mtu <68-1500>o nat [ inside | outside ]o ospf

authenticateion [ message-digest | null ] authenticateion-key [ <0-7> ] WORD cost <1-65535> dead-interval <1-65535> hello-interval <1-65535> message-digest-key <1-255> md5 LINE priority <0-255>

o proxy-arpo split-horizono summary-address eigrp <1-65535> A.B.C.D A.B.C.D [ <1-255> ]

ipv6o address

WORD X:X:X:X::X/<0-128> X:X:X:X::X link-local X:X:X:X::X/<0-128> [ anycast | eui-64 ] autoconfig

o dhcp client pd WORD server WORD

o eigrp <1-65535>o enableo hello-interval eigrp <1-65535> <1-65535>o inspect WORD [ in | out ]o mtu <1280-1500>o nat prefix X:X:X:X::X/<0-128> [ v4-mapped WORD ]o nd [ other-config-flag | ra suppress ]o ospf

<1-65535> area [ [ <0-4294967295> | A.B.C.D ] instance <0-255> ] cost <1-65535> dead-interval <1-65535> hello-interval <1-65535> network [ broadcast | point-to-point ]

o rip WORD [ default-information originate | enable ]o summary-address eigrp <1-65535> X:X:X:X::X/<0-128> <1-255>o traffic-filter WORD [ in | out ]

mtu <64-1600> no

o arp timeouto bandwidtho delayo descriptiono encapsulation dot1qo ip

access-group [ <1-199> | WORD ] [ in | out ] address [ dhcp ] hello-interval eigrp <1-65535> helper-address A.B.C.D mtu nat [ inside | outside ] ospf

authenticateion authenticateion-key cost dead-interval hello-interval message-digest-key <1-255> priority

proxy-arp split-horizon summary-address eigrp <1-65535> A.B.C.D A.B.C.D [ <1-255> ]

o ipv6 address

WORD X:X:X:X::X/<0-128> X:X:X:X::X link-local X:X:X:X::X/<0-128> [ anycast | eui-64 ] autoconfig

dhcp client pd WORD server WORD

eigrp <1-65535> enable hello-interval eigrp <1-65535> inspect WORD [ in | out ] mtu nat prefix X:X:X:X::X/<0-128> [ v4-mapped WORD ] nd [ other-config-flag | ra suppress ] ospf

<1-65535> area [ <0-4294967295> | A.B.C.D ] [ instance <0-255> ] cost dead-interval hello-interval network priority

rip WORD [ default-information originate | enable ] summary-address eigrp <1-65535> X:X:X:X::X/<0-128> <1-255> traffic-filter [ WORD [ in | out ] | [ in | out ] ]

o mtuo shutdowno standby <0-4095> ipv6

shutdown standby

o <0-4095> ipv6 autoconfigo ipv6 autoconfig

Serial Interface Mode

bandwidth <1-10000000> cdp enable clock rate <1200-4000000> (only certain clock rates that are listed are valid) crypto map WORD custom-queue-list <1-16> delay <1-16777215> description LINE encapsulation

o hdlco pppo frame-relay [ ietf ]

exit fair-queue [ <1-4096> ] [ <16-4096> ] [ <0-1000> ] frame-relay

o interface-dlci <16-1007>o lmi-type [ ansi | ciso | q933a ]o map

ip A.B.C.D <16-1007> broadcast [ cisco | ietf ] cisco [ broadcast ] ietf [ broadcast ]

ipv6 X:X:X:X::X <16-1007> broadcast [ cisco | ietf ] cisco [ broadcast ] ietf [ broadcast ]

hold-queue <0-4096> out ip

o access-group [ <1-199> | WORD ] [ in | out ]o address A.B.C.D A.B.C.Do hello-interval eigrp <1-65535> <1-65535>o inspect WORD [ in | out ]o ips WORD [ in | out ]o mtu <68-1500>o nat [ inside | outside ]o ospf

authenticateion [ message-digest | null ] authenticateion-key [ <0-7> ] WORD cost <1-65535>

dead-interval <1-65535> hello-interval <1-65535> message-digest-key <1-255> md5 LINE network [ broadcast | point-to-point ] priority <0-255>

o split-horizono summary-address eigrp <1-65535> A.B.C.D A.B.C.D [ <1-255> ]o virtual-reassembly

ipv6o address

WORD X:X:X:X::X/<0-128> X:X:X:X::X link-local X:X:X:X::X/<0-128> [ anycast | eui-64 ] autoconfig

o dhcp client pd WORD server WORD

o eigrp <1-65535>o enableo hello-interval eigrp <1-65535> <1-65535>o inspect WORD [ in | out ]o mtu <1280-1500>o nat prefix X:X:X:X::X/<0-128> [ v4-mapped WORD ]o nd [ other-config-flag | ra suppress ]o ospf

<1-65535> area [ <0-4294967295> | A.B.C.D ] [ instance <0-255> ] cost <1-65535> dead-interval <1-65535> hello-interval <1-65535> network [ broadcast | point-to-point ] priority <0-255>

o rip WORD [ default-information originate | enable ]o summary-address eigrp <1-65535> X:X:X:X::X/<0-128> [ <1-255> ]o traffic-filter WORD [ in | out ]

keepalive <0-30> mtu <64-17940> no

o bandwidth <1-10000000>

o cdp enableo clock rateo crypto map [ WORD ]o custom-queue-list <1-16>o delayo descriptiono ecnapsulationo fair-queue [ <1-4096> ] [ <16-4096> ] [ <0-1000> ]o frame-relay

interface-dlci <16-1007> lmi-type [ ansi | cisco | q933a ] map [ ip A.B.C.D | ipv6 X:X:X:X::X ]

o hold-queue [ <0-4096> ] outo ip

access-group [ <1-199> | WORD ] [ in | out ] address [ dhcp ] hello-interval eigrp <1-65535> helper-address A.B.C.D inspect WORD [ in | out ] ips WORD [ in | out ] mtu <68-1500> nat [ inside | outside ] ospf

authenticateion authenticateion-key cost dead-interval hello-interval message-digest-key <1-255> network priority

split-horizon summary-address eigrp <1-65535> A.B.C.D A.B.C.D [ <1-255> ] virtual-reassembly

o ipv6 address

WORD X:X:X:X::X/<0-128> X:X:X:X::X link-local

X:X:X:X::X/<0-128> autoconfig

dhcp client pd WORD server WORD

eigrp <1-65535> enable hello-interval eigrp <1-65535> inspect WORD [ in | out ] mtu nat [ prefix X:X:X:X::X/<0-128> ] [ v4-mapped WORD ] nd [ other-config-flag | ra suppress ] ospf

<1-65535> area [ <0-4294967295> | A.B.C.D ] [ instance <0-255> ] cost dead-interval hello-interval network priority

rip WORD [ default-information originate | enable ] summary-address eigrp <1-65535> X:X:X:X::X/<0-128> [ <1-255> ] traffic-filter [ WORD ] [ in | out ]

o keepaliveo mtuo ppp [ authenticateion | pap sent-username ]o priority-group <1-16>o service-policy [ input | output ] WORDo shutdowno tx-ring-limito zone-member security WORD

pppo authenticateion chap [ pap ]o authenticateion pap [ chap ]o pap sent-username WORD password [ 0 LINE | LINE ]

priority-group <1-16> service-policy [ input | output ] WORD shutdown tx-ring-limit <1-32767>

zone-member security WORD

Tunnel Interface Mode

exit ip address A.B.C.D A.B.C.D ipv6

o address WORD X:X:X:X::X/<0-128> X:X:X:X::X link-local X:X:X:X::X/<0-128> [ anycast | eui-64 ] autoconfig

o eigrp <1-65535>o enableo hello-interval eigrp <1-65535> <1-65535>o nd ra suppresso ospf

<1-65535> area [ <0-4294967295> | A.B.C.D ] [ instance <0-255> ] cost <1-65535> dead-interval <1-65535> hello-interval <1-65535> network [ broadcast | point-to-point ] priority <0-255>

o rip WORD [ default-information originate | enable ]o summary-address eigrp <1-65535> X:X:X:X::X/<0-128> [ <1-255> ]

noo ip address [ A.B.C.D A.B.C.D ]o ipv6

address WORD X:X:X:X::X/<0-128> X:X:X:X::X link-local X:X:X:X::X/<0-128> [ anycast | eui-64 ] autoconfig

eigrp <1-65535> enable hello-interval eigrp <1-65535> nd ra suppress ospf

<1-65535> area [ <0-4294967295> | A.B.C.D ] [ instance <0-255> ] cost dead-interval hello-interval network priority

rip WORD [ default-information originate | enable ] summary-address eigrp <1-65535> X:X:X:X::X/<0-128> [ <1-255> ]

o shutdowno tunnel [ destination | mode | source ]

shutdown tunnel

o destination A.B.C.Do mode [ gre ip | ipv6ip isatap ]o source

Ethernet <0-9>/<0-24>[.][<0-4294967295>] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Loopback <0-2147483647> Serial <0-9>/<0-24>

VLAN Interface Mode

arp timeout <0-2147483> bandwidth <1-10000000> delay <1-16777215> description LINE exit ip

o access-group [ <1-199> | WORD ] [ in | out ]o address [ A.B.C.D A.B.C.D ] [ dhcp ]o hello-interval eigrp <1-65535> <1-65535>o helper-address A.B.C.Do nat [ inside | outside ]o ospf

authenticateion [ message-digest | null ] authenticateion-key [ <0-7> ] WORD cost <1-65535>

dead-interval <1-65535> hello-interval <1-65535> message-digest-key <1-255> md5 LINE priority <0-255>

o proxy-arpo split-horizono summary-address eigrp <1-65535> A.B.C.D A.B.C.D [ <1-255> ]

ipv6o address

WORD X:X:X:X::X/<0-128> X:X:X:X::X link-local X:X:X:X::X/<0-128> [ anycast | eui-64 ] autoconfig

o dhcp client pd WORD server WORD

o eigrp <1-65535>o enableo hello-interval eigrp <1-65535> <1-65535>o inspect WORD [ in | out ]o mtu <1280-1500>o nat prefix [ X:X:X:X::X/<0-128> ] [ v4-mapped WORD ]o nd [ other-config-flag | ra suppress ]o ospf

<1-65535> area [ <0-4294967295> | A.B.C.D ] [ instance <0-255> ] cost <1-65535> dead-interval <1-65535> hello-interval <1-65535> network [ broadcast | point-to-point ] priority <0-255>

o rip WORD [ default-information originate | enable ]o summary-address eigrp <1-65535> X:X:X:X::X/<0-128> [ <1-255> ]o traffic-filter WORD [ in | out ]

noo arp timeouto bandwidtho delayo description

o ip access-group [ <1-199> | WORD ] [ in | out ] address [ dhcp ] hello-interval eigrp <1-65535> helper-address A.B.C.D nat [ inside | outside ] ospf

authenticateion authenticateion-key cost dead-interval hello-interval message-digest-key <1-255> priority

proxy-arp split-horizon summary-address eigrp <1-65535> A.B.C.D A.B.C.D [ <1-255> ]

o ipv6 address

WORD X:X:X:X::X/<0-128> X:X:X:X::X link-local X:X:X:X::X/<0-128> [ anycast | eui-64 ] autoconfig

dhcp client pd WORD server WORD

eigrp <1-65535> enable hello-interval eigrp <1-65535> inspect WORD [ in | out ] mtu nat prefix [ X:X:X:X::X/<0-128> ] [ v4-mapped WORD ] nd [ other-config-flag | ra suppress ] ospf

<1-65535> area [ <0-4294967295> | A.B.C.D ] [ instance <0-255> ] cost dead-interval hello-interval

network priority

rip WORD [ default-information originate | enable ] summary-address eigrp <1-65535> X:X:X:X::X/<0-128> [ <1-255> ] traffic-filter [ WORD ] [ in | out ]

o shutdowno standby

<0-4095> FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Serial <0-9>/<0-24>[.][<0-4294967295] ip A.B.C.D ipv6 preempt priority track

FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Serial <0-9>/<0-24>[.][<0-4294967295>]

preempt priority track

FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Serial <0-9>/<0-24>[.][<0-4294967295>]

shutdown standby

o <0-4095> ip A.B.C.D ipv6 autoconfig preempt priority <0-255> track

FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Serial <0-9>/<0-24>[.][<0-4294967295>]

o ip A.B.C.Do ipv6 autoconfig

o preempto priority <0-255>o timers <1-254>o track

FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Serial <0-9>/<0-24>[.][<0-4294967295>]

VLAN Configuration Mode

exit no

o vlan <1-1005> [ name ]o vtp

client password transparent v2-mode

vlan <1-1005> [ name ] [ WORD ] vtp

o cliento domain WORDo password WORDo servero transparento v2-mode

Class-Map Configuration Mode

description LINE exit match

o access-group <1-2699> name WORD

o anyo class-map WORDo cos <0-7>

o destination-address mac H.H.Ho input-interface

Ethernet <0-9>/<0-24>[.][<0-4294967295>] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Loopback <0-2147483647> Serial <0-9>/<0-24>

o ip dscp [ <0-63> | af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7 |

default | ef ] precedence [ <0-7> | critical | flash | flash-override | immediate | internet | network | priority | routine ]

o not access-group

<1-2699> name WORD

class-map WORD cos <0-7> destination-address mac H.H.H input-interface

Ethernet <0-9>/<0-24>[.][<0-4294967295>] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Loopback <0-2147483647> Serial <0-9>/<0-24>

ip dscp [ <0-63> | af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7

| default | ef ] precedence [ <0-7> | critical | flash | flash-override | immediate | internet | network | priority | routine ]

precedence [ <0-7> | critical | flash | flash-override | immediate | internet | network | priority | routine ] protocol [ arp | bgp | cdp | dhcp | dns | eigrp | ftp | gre | h323 | http | icmp | ip | ipsec | ipv6 | ntp | ospf | pop3 | rip | rtp | skinny |

smtp | snmp | ssh | syslog | tcp | telnet | tftp | udp ] qos-group <0-1023>

o precedence [ <0-7> | critical | flash | flash-override | immediate | internet | network | priority | routine ]o protocol

arp bgp cdp dhcp

dns eigrp ftp gre h323 http [ host WORD | mime WORD | url WORD ] icmp ip ipsec ipv6 ntp ospf pop3 rip rtp skinny smtp snmp ssh syslog tcp telnet tftp udp

o qos-group <0-1023> no

o description [ LINE ]o match

access-group <1-2699> name WORD

any class-map WORD cos <0-7> destination-address mac H.H.H input-interface

Ethernet <0-9>/<0-24>[.][<0-4294967295>] FastEthernet <0-9>/<0-24>[.][<0-4294967295>]

GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Loopback <0-2147483647> Serial <0-9>/<0-24>

ip dscp [ <0-63> | af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7

| default | ef ] precedence [ <0-7> | critical | flash | flash-override | immediate | internet | network | priority | routine ]

not access-group

<1-2699> name WORD

class-map WORD cos <0-7> destination-address mac H.H.H input-interface

Ethernet <0-9>/<0-24>[.][<0-4294967295>] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Loopback <0-2147483647> Serial <0-9>/<0-24>

ip dscp [ <0-63> | af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | cs1 | cs2 | cs3 | cs4 | cs5 | cs6 |

cs7 | default | ef ] precedence [ <0-7> | critical | flash | flash-override | immediate | internet | network | priority | routine ]

precedence [ <0-7> | critical | flash | flash-override | immediate | internet | network | priority | routine ] protocol

arp bgp cdp dhcp dns eigrp ftp gre h323 http [ host WORD | mime WORD | url WORD ] icmp ip

ipsec ipv6 ntp ospf pop3 rip rtp skinny smtp snmp ssh syslog tcp telnet tftp udp

qos-group <0-1023> precedence [ <0-7> | critical | flash | flash-override | immediate | internet | network | priority | routine ] protocol [ arp | bgp | cdp | dhcp | dns | eigrp | ftp | gre | h323 | http | icmp | ip | ipsec | ipv6 | ntp | ospf | pop3 | rip | rtp | skinny |

smtp | snmp | ssh | syslog | tcp | telnet | tftp | udp ] qos-group <0-1023>

Zone Security Configuration Mode

exit

Zone-Pair Security Configuration Mode

exit no

o service-policy type inspect WORD service-policy type inspect WORD

Dynamic Crypto Map Configuration Mode

exit no

o reverse-routeo set transform-set

reverse-route set transform-set WORD

Parser View Configuration Mode

commands [ configure | exec | interface | line | router ] include [ all ] LINE default

o commands [ configure | exec | interface | line | router ] include [ all ] LINEo secret

exit no

o commands [ configure | exec | interface | line | router ] include [ all ] LINEo secret

secret [ 0 | 5 ] LINE

Router BGP Mode

bgpo log-neighbor-changeso redistribute-internalo router-id A.B.C.D

exit neighbor

o A.B.C.D next-hop-selfo A.B.C.D remote-as <1-65535>

networko A.B.C.D mask A.B.C.D

noo bgp

log-neighbor-changes redistribute-internal router-id A.B.C.D

o neighbor A.B.C.D next-hop-self A.B.C.D remote-as <1-65535>

o network A.B.C.D mask A.B.C.D

o redistribute

connected eigrp <1-65535> ospf <1-65535>

match external internal nssa-external

statico synchronizationo timers bgp <0-65535>

redistributeo connectedo eigrp <1-65535>o ospf <1-65535>

match external internal nssa-external

o static synchronization timers bgp <0-65535> <0-65535>

Router EIGRP Mode

auto-summary distance eigrp <1-255> <1-255> exit metric weights <0-8> <0-256> <0-256> <0-256> <0-256> <0-256> network A.B.C.D [ A.B.C.D ] no

o auto-summaryo distance eigrpo metric weightso network A.B.C.D [ A.B.C.D ]o redistribute

bgp <1-65535> [ metric ] [ <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ] connected [ metric <1-4294967295> <0-4294967295> <0-255> <1-255> <1-65535> ] eigrp <1-65535> [ metric <1-4294967295> <0-4294967295> <0-255> <1-255> <1-65535> ]

metric [ <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ] ospf <1-65535> [ match { external [ 1 | 2 ] | internal | nssa-external } ] [ metric bandwidth delay reliability effective BW MTU ] rip [ metric <1-4294967295> <0-4294967295> <0-255> <1-255> <1-65535> ] static [ metric <1-4294967295> <0-4294967295> <0-255> <1-255> <1-65535> ]

o passive-interface Ethernet <0-9>/<0-24>[.][<0-4294967295>] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Loopback <0-2147483647> Serial <0-9>/<0-24> Vlan <1-1005> default

o variance passive-interface

o Ethernet <0-9>/<0-24>[.][<0-4294967295>]o FastEthernet <0-9>/<0-24>[.][<0-4294967295>]o GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>]o Loopback <0-2147483647>o Serial <0-9>/<0-24>o Vlan <1-1005>o default

redistributeo bgp <1-65535> [ metric ] [ <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ]o connected [ metric <1-4294967295> <0-4294967295> <0-255> <1-255> <1-65535> ]o eigrp <1-65535> [ metric <1-4294967295> <0-4294967295> <0-255> <1-255> <1-65535> ]o metric [ <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ]o ospf <1-65535> [ match { external [ 1 | 2 ] | internal | nssa-external } ] [ metric bandwidth delay reliability effective BW MTU ]o rip [ metric <1-4294967295> <0-4294967295> <0-255> <1-255> <1-65535> ]o static [ metric <1-4294967295> <0-4294967295> <0-255> <1-255> <1-65535> ]

variance <1-128>

IPv6 Router EIGRP Mode

exit metric weights <0-8> <0-255> <0-255> <0-255> <0-255> <0-255> no

o metric weights <0-8> <0-255> <0-255> <0-255> <0-255> <0-255>o redistribute

bgp <1-65535> [ metric <1-4294967295> [ <0-4294967295> <0-255> <1-255> <1-65535> ] ] connected [ metric [ <1-4294967295> <0-4294967295> <0-255> <1-255> <1-65535> ] ] eigrp <1-65535> [ metric <1-4294967295> [ <0-4294967295> <0-255> <1-255> <1-65535> ] ] ospf <1-65535> [ match { external [ 1 | 2 ] | internal | nssa-external } ] [ metric bandwidth delay reliability effective BW MTU ] rip WORD [ metric <1-4294967295> [ <0-4294967295> <0-255> <1-255> <1-65535> ] ] static

o router-ido shutdown

redistributeo bgp <1-65535> [ metric <1-4294967295> [ <0-4294967295> <0-255> <1-255> <1-65535> ] ]o connected [ metric [ <1-4294967295> <0-4294967295> <0-255> <1-255> <1-65535> ] ]o eigrp <1-65535> [ metric <1-4294967295> [ <0-4294967295> <0-255> <1-255> <1-65535> ] ]o ospf <1-65535> [ match { external [ 1 | 2 ] | internal | nssa-external } ] [ metric bandwidth delay reliability effective BW MTU ]o rip WORD [ metric <1-4294967295> [ <0-4294967295> <0-255> <1-255> <1-65535> ] ]o static

router-id A.B.C.D shutdown

Router OSPF Mode

areao [ <0-4294967295> | A.B.C.D ]

authenticateion message-digest default-cost <0-16777215> nssa no-summary stub no-summary virtual-link A.B.C.D

default-information originate distance <1-255> exit log-adjacency-changes [ detail ] network A.B.C.D A.B.C.D area [ <0-4294967295> | A.B.C.D ] no

o area [ <0-4294967295> | A.B.C.D ]

authenticateion message-digest default-cost <0-16777215> nssa no-summary

stub no-summary virtual-link A.B.C.D

o default-information originateo distance <1-255>o log-adjacency-changes [ detail ]o network A.B.C.D A.B.C.D area [ <0-4294967295> | A.B.C.D ]o redistribute

bgp <1-65535> [ metric <0-16777214 | subnets | tag <0-4294967295> ] connected [ metric <0-16777214> | subnets | tag <0-4294967295> ] eigrp <1-65535> [ metric <0-16777214> | subnets | tag <0-4294967295> ] metric <0-16777214> ospf <1-65535> [ match { external [ 1 | 2 ] | internal | nssa-external } ] [ metric <0-16777214> | subnets | tag <0-4294967295> ] rip [ metric <0-16777214> | subnets | tag <0-4294967295> ] static [ metric <0-16777214> | subnets | tag <-0-4294967295> ]

o passive-interface Ethernet <0-9>/<0-24>[.][<0-4294967295>] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Loopback <0-2147483647> Serial <0-9>/<0-24> Vlan <1-1005> default

o router-id passive-interface

o Ethernet <0-9>/<0-24>[.][<0-4294967295>]o FastEthernet <0-9>/<0-24>[.][<0-4294967295>]o GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>]o Loopback <0-2147483647>o Serial <0-9>/<0-24>o Vlan <1-1005>o default

redistributeo bgp <1-65535> [ metric <0-16777214 | subnets | tag <0-4294967295> ]o connected [ metric <0-16777214> | subnets | tag <0-4294967295> ]o eigrp <1-65535> [ metric <0-16777214> | subnets | tag <0-4294967295> ]o metric <0-16777214>o ospf <1-65535> [ match { external [ 1 | 2 ] | internal | nssa-external } ] [ metric <0-16777214> | subnets | tag <0-4294967295> ]o rip [ metric <0-16777214> | subnets | tag <0-4294967295> ]

o static [ metric <0-16777214> | subnets | tag <-0-4294967295> ] router-id A.B.C.D

IPv6 Router OSPF Mode

area <1-65535>o default-cost <0-16777215>o nssa [ no-summary ]o stub [ no-summary ]o virtual-link A.B.C.D

distance <1-254> exit log-adjacency-changes [ detail ] no

o area <1-65535> default-cost <0-16777215> nssa [ no-summary ] stub [ no-summary ] virtual-link A.B.C.D

o distance <1-254>o log-adjacency-changes [ detail ]o passive-interface

Ethernet <0-9>/<0-24>[.][<0-4294967295>] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Loopback <0-2147483647> Serial <0-9>/<0-24> default

o redistribute bgp <1-65535> [ metric <0-16777214> | subnets | tag <0-4294967295> ] connected [ metric <0-16777214> | subnets | tag <0-4294967295> ] eigrp <1-65535> [ metric <0-16777214> | subnets | tag <0-4294967295> ] metric <0-16777214> ospf <1-65535> [ match { external [ 1 | 2 ] | internal | nssa-external } ] [ metric <0-16777214> | subnets | tag <0-4294967295 ] rip WORD [ metric <0-16777214> | subnets | tag <0-4294967295> static [ metric <0-16777214> | subnets | tag <0-4294967295> ]

o router-id passive-interface

o Ethernet <0-9>/<0-24>[.][<0-4294967295>]o FastEthernet <0-9>/<0-24>[.][<0-4294967295>]o GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>]o Loopback <0-2147483647>o Serial <0-9>/<0-24>o default

redistributeo bgp <1-65535> [ metric <0-16777214> | subnets | tag <0-4294967295> ]o connected [ metric <0-16777214> | subnets | tag <0-4294967295> ]o eigrp <1-65535> [ metric <0-16777214> | subnets | tag <0-4294967295> ]o metric <0-16777214>o ospf <1-65535> [ match { external [ 1 | 2 ] | internal | nssa-external } ] [ metric <0-16777214> | subnets | tag <0-4294967295 ]o rip WORD [ metric <0-16777214> | subnets | tag <0-4294967295>o static [ metric <0-16777214> | subnets | tag <0-4294967295> ]

router-id A.B.C.D

Router RIP Mode

auto-summary default-information originate distance <1-255> exit network A.B.C.D no

o auto-summaryo default-informationo distance <1-255>o network A.B.C.Do passive-interface

Ethernet <0-9>/<0-24>[.][<0-4294967295>] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Loopback <0-2147483647> Serial <0-9>/<0-24> Vlan <1-1005> default

o redistribute connected [ metric [ <0-16> | transparent ] ]

eigrp <1-65535> [ metric [ <0-16> | transparent ] ] metric [ <0-16> | transparent ] ospf <1-65535> [ match { external [ 1 | 2 ] | internal | nssa-external } ] [ metric default-metric ] rip [ metric [ <0-16> | transparent ] ] static [ metric [ <0-16> | transparent ] ]

o timers basico version <1-2>

passive-interfaceo Ethernet <0-9>/<0-24>[.][<0-4294967295>]o FastEthernet <0-9>/<0-24>[.][<0-4294967295>]o GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>]o Loopback <0-2147483647>o Serial <0-9>/<0-24>o Vlan <1-1005>o default

redistributeo connected [ metric [ <0-16> | transparent ] ]o eigrp <1-65535> [ metric [ <0-16> | transparent ] ]o metric [ <0-16> | transparent ]o ospf <1-65535> [ match { external [ 1 | 2 ] | internal | nssa-external } ] [ metric default-metric ]o rip [ metric [ <0-16> | transparent ] ]o static [ metric [ <0-16> | transparent ] ]

timers basic <0-4294967295> <1-4294967295> <0-4294967295> <1-4294967295> version <1-2>

IPv6 Router RIP Mode

distance <1-254> exit no

o distanceo redistribute

connected [ metric [ <1-16> | transparent ] ] eigrp <1-65535> [ metric [ <1-16> | transparent ] ] metric [ <1-16> | transparent ] ospf <1-65535> [ match { external [ 1 | 2 ] | internal | nssa-external } ] [ metric [ <1-16> | transparent ] ] rip WORD [ metric [ <1-16> | transparent ] ] static [ metric [ <1-16> | transparent ] ]

redistributeo connected [ metric [ <1-16> | transparent ] ]o eigrp <1-65535> [ metric [ <1-16> | transparent ] ]o metric [ <1-16> | transparent ]o ospf <1-65535> [ match { external [ 1 | 2 ] | internal | nssa-external } ] [ metric [ <1-16> | transparent ] ]o rip WORD [ metric [ <1-16> | transparent ] ]o static [ metric [ <1-16> | transparent ] ]

DHCP Pool Configuration Mode

default-router A.B.C.D dns-server A.B.C.D exit network A.B.C.D A.B.C.D no dns-server option <0-254> ip A.B.C.D

IPv6 DHCP Pool Configuration Mode

dns-server X:X:X:X::X domain-name WORD exit no

o dns-server X:X:X:X::Xo domain-name WORDo prefix-delegation

X:X:X:X::X/<0-128> WORD [ lifetime ] <60-4294967295> <60-4294967295> pool WORD [ lifetime ] <60-4294967295> <60-4294967295>

prefix-delegationo X:X:X:X::X/<0-128> WORD [ lifetime ] <60-4294967295> <60-4294967295>o pool WORD [ lifetime ] <60-4294967295> <60-4294967295>

Line Configuration Mode

access-class [ <1-199> | <1300-2699> | WORD ] [ in | out ] databits [ 5 | 6 | 7 | 8 ] default [ databits | flowcontrol | history size | parity | speed | stopbits ] exit

exec-timeout <0-35791> [ <0-2147483> ] flowcontrol [ NONE | hardware | software ] history size <0-256> ipv6 access-class WORD [ in | out ] logging synchronous login

o authenticateion [ WORD | default ]o local

motd-banner no

o [ access-class [ <1-199> | <1300-2699> | WORD ] [ in | out ]o databitso exec-timeouto flowcontrolo history sizeo ipv6 access-class WORD [ in | out ]o logging synchronouso login

authenticateion [ WORD | default ] local

o motd-bannero parityo passwordo privilege levelo session-limito speedo stopbitso transport output

parity [ even | mark | none | odd | space ] password [ 7 WORD | LINE ] privilege level <0-15> session-limit <0-4294967295> speed <0-4294967295> stopbits [ 1 | 1.5 | 2 ] transport output [ all | none | ssh | telnet ]

Policy-Map Configuration Mode

class [ type inspect ] [ WORD | class-default ] exit no

o class [ type inspect ] [ WORD | class-default ]

Policy-Map Class Configuration Mode

bandwidth [ <8-2000000> | percent <1-100> | remaining percent <1-100> ] exit no

o bandwidtho priorityo queue-limito random-detect

dscp [ <0-63> | af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7 | default | ef ]

dscp-based prec-based precedence <0-7>

o service-policy WORDo set

ip dscp [ <0-63> | af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7

| default | ef ] precedence [ <0-7> | critical | flash | flash-override | immediate | internet | network | priority | routine ]

o shape average priority [ <8-2000000> | percent <1-100> ] [ <32-2000000> ] queue-limit <1-4096> random-detect

o dscp [ <0-63> | af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7 | default | ef ] <1-4096> <1-4096> [ <1-65535> ]

o dscp-basedo prec-basedo precedence <0-7> <1-4096> <1-4096> [ <1-65535> ]

service-policy WORD set

o ip dscp [ <0-63> | af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7 |

default | ef ]o precedence [ <0-7> | critical | flash | flash-override | immediate | internet | network | priority | routine ]

shape average <8000-154400000>

Rommon Mode

boot confreg config-register-number dir flash: help reset set tftpdnld unset variable variable=value

Configuring Switches

The Config tab for the switch offers three general levels of configuration: global, switching, and interface. The global level offers the same settings as a router. The routing level also offers the same configuration parameters as a router. The switching level, however, is where you can manage the VLAN database of the switch. The interface level configurations also offer access to the VLAN settings of the switch. Note that the Config tab provides an alternative to the Cisco IOS CLI only for some simple, common features; to access the full set of switch commands that have been modeled you must use the Cisco IOS CLI.

Throughout your configurations in the Config tab, the lower window will display the equivalent Cisco IOS commands for all your actions.

 

Global Settings

In global settings, you can change the switch display name as it appears on the workspace and the hostname as it appears in the Cisco IOS. You can also manipulate the switch configuration files in these various ways: 

Erase the NVRAM (where the startup configuration is stored). Save the current running configuration to the NVRAM. Export the startup and running configuration to an external text file. Load an existing configuration file (in .txt format) into the startup configuration. Merge the current running configuration with another configuration file.

 

Algorithm SettingsIn the Algorithm Settings, you can override the global Algorithm Settings by removing the checkmark Global Settings and then set your own values for the Maximum Number of Connections, Maximum Number of Opened Sessions, and Storm Control Multiplier. For the Cisco Catalyst 3560-24PS, you can also set the Half-Open Session Multiplier.

 

Routing Configuration (Cisco Catalyst 3560-24PS only)

The Cisco Catalyst 3560-24PS multilayer switch supports IP routing. You can make static routes on the router by choosing the Static sub-panel. Each static route you add requires a network address, subnet mask, and next hop address.

You can enable RIP version 1 on specified networks by choosing the RIP sub-panel. Enter an IP address into the Network field and click the Add button. The RIP-enabled network is added to the Network Address list. You can disable RIP on a network by clicking the Remove button to remove it from the list.

 

VLAN Database ConfigurationYou can manage the VLANs of the switch from the VLAN Database sub-panel. You can add VLANs by entering a name and a VLAN number and pressing the Add button. You can see all existing VLAN entries in the list below the button. You can remove a VLAN by selecting it in the list and then pressing the Remove button. To associate a particular interface with a VLAN, go to the configuration panel of that interface.

 

Interface ConfigurationSwitches have only Ethernet-type interfaces. For each interface, you can set the Port Status (on or off), Bandwidth, Duplex setting, VLAN Switch Mode, and Tx Ring Limit. By default, an interface is a VLAN access port assigned to VLAN 1. You can use the drop-down menu on the right side of the screen to reassign the port to another existing VLAN. You can also change an interface into a VLAN trunk port, and then use the drop-down menu on the right to select the VLANs you want that trunk to handle.

In Packet Tracer, the switch allows all VLANs (1 to 1005) on a trunk port by default, even if the VLAN does not actually exist on the switch. In the drop-down menu, you can see the current VLANs and block (uncheck) them from the trunk. However, you cannot block VLANs that do not exist. This does not affect the functionality of the switch. It is simply a way to display VLANs (or a range of VLANs) that the trunk supports.

Switches: IOS

Packet Tracer uses a simplified model of the Cisco IOS. Click on the CLI tab in the switch configuration window to access the Cisco IOS command line interface for the switch. Use the Copy and Paste buttons to copy and paste text to and from the command line. This page lists the Cisco IOS command tree for Packet Tracer switches. For the Cisco Catalyst 3560-PS switch with Layer 3 capabilities, refer to the "Router IOS" page for additional commands. The tree contains only Cisco IOS command chains that are supported in Packet Tracer.

 

User Mode

<1-99> connect WORD disconnect <1-16> enable <0-15> exit logout ping WORD resume [ <1-16> | WORD ] show

o arpo cdp

entry * [ protocol | version ] WORD [ protocol | version ]

interface Ethernet <0-9>/<0-24>[.][<0-4294967295>] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>]

neighbors [ detail ]o clocko crypto key mypubkey rsao etherchannel

load-balance port-channel summary

o flash:o historyo interface

Ethernet <0-9>/<0-24> [ switchport ] FastEthernet <0-9>/<0-24> [ switchport ] GigabitEthernet <0-9>/<0-24> [ switchport ] Vlan <1-1005> etherchannel switchport trunk

o ip interface Vlan <1-1005> brief

o ipv6 interface Vlan <1-1005>o mac address-table

dynamic interfaces

Ethernet <0-9>/<0-24> FastEthernet <0-9>/<0-24> GigabitEthernet <0-9>/<0-24> Port-channel <1-64>

statico mls [ qos ] [ interface ] [ FastEthernet <0-9>/<0-24> ]o privilegeo sessionso ssho tcp [ brief ]o terminalo userso versiono vlan

brief id <1-1005> name [ WORD ]

o vtp [ counters | status ] telnet [ WORD ] terminal history size [ <0-256> ] traceroute WORD

Enable Mode

<1-99> clear

o access-list counters [ <1-199> | <1300-2699> | WORD ]o arp-cacheo cdp tableo mac address-tableo port-security [ all | configured | dynamic | sticky ]o vtp counters

clock set hh:mm:ss [ <1-31> MONTH <1993-2035> | MONTH <1-31> <1993-2035> ] configure terminal

connect [ WORD ] copy

o flash ftp: running-config startup-config tftp:

o ftp: flash: running-config startup-config

o running-config startup-config tftp: flash: ftp:

o startup-config running-config tftp: flash: ftp:

debugo ip icmpo sw-vlan

packets vtp events

delete [ WORD | flash: ] dir [ flash: ] disable disconnect <1-16> enable [ <0-15> ] erase startup-config exit logout more flash: WORD no debug

o allo ip icmp

o sw-vlan packets vtp events

ping [ WORD ]o [ Protocol ] [ Target IP address ] [ Repeat count ] [ Datagram size ] [ Timeout in seconds ] [ Extended commands ] [ Sweep range of

sizes ] reload resume [ <1-16> | WORD ] setup show

o access-list [ <1-99> | WORD ]o arpo booto cdp

entry * [ protocol | version ] WORD [ protocol | version ]

interfaces Ethernet <0-9>/<0-24>[.][<0-4294967295>] FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>]

neighbors [ detail ]o clocko crypto key mypubkey rsao dhcp leaseo dtpo etherchannel [ load-balance | port-channel | summary ]o flash:o historyo hostso interfaces

Ethernet <0-9>/<0-24>[ switchport ] FastEthernet <0-9>/<0-24>[ switchport ] GigabitEthernet <0-9>/<0-24>[ switchport ] Vlan <1-1005> etherchannel switchport trunk

o ip access-list [ <1-199> | WORD ] arp dhcp binding interface

vlan <1-1005> brief

ssho ipv6 interface Vlan <1-1005>o loggingo mac address-table

static dynamic interfaces

Ethernet <0-9>/<0-24> FastEthernet <0-9>/<0-24> GigabitEthernet <0-9>/<0-24> Port-channel <1-64>

o mls qos interface [ FastEthernet <0-9>/<0-24> ]o port-security

address interface

Ethernet <0-9>/<0-24> FastEthernet <0-9>/<0-24> GigabitEthernet <0-9>/<0-24>

o privilegeo processeso running-configo sessionso snmpo spanning-tree

active detail inconsistentports interface

FastEthernet <0-9>/<0-24> [ portfast ] GigabitEthernet <0-9>/<0-24> [ portfast ] Port-channel <1-6>

Vlan <1-4094> [ portfast ] summary [ totals ] vlan WORD

o ssho startup-configo storm-control broadcasto tcp [ brief ]o tech-supporto terminalo userso versiono vlan [ brief | id <1-1005> | name WORD ]o vtp

counters password status

ssho -l WORD [ WORD | -v [ 1 WORD | 2 WORD ] ]o -v [ 1 | 2 ] -l WORD WORD

telnet [ WORD ] terminal history size <0-256> traceroute [ WORD ]

o [ Protocol ] [ Target IP address ] [ Source address ] [ Numeric display ] [ Timeout in seconds ] [ Probe count ] [ Minimum Time to Live ] [ Maximum Time to Live ]

undebugo allo ip icmpo sw-vlan

packets vtp events

vlan database write [ erase | memory | terminal ]

Global Mode

access-listo <1-99>

[ deny | permit ] [ A.B.C.D | any | host A.B.C.D ]

[ deny | permit ] [ A.B.C.D A.B.C.D ]o <100-199>

[ deny | permit ] [ ahp | eigrp | esp | gre | icmp | ip | ospf ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ]

[ deny | permit ] [ tcp | udp ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | eq <0-65535> | host A.B.C.D | gt <0-65535> | lt <0-65535> | neq <0-65535> | range <0-65535> <0-65535> ] [ eq <0-65535> | gt <0-65535> | lt <0-65535> | neq <0-65535< | range <0-65535> <0-65535> ]

o remark LINE banner motd LINE boot system flash WORD cdp run clock timezone WORD <-23-23> [ <0-59> ] do LINE exec command enable

o password 7 WORD LINE level set exec level password

o secret [ 0 | 5 ] LINE end exit hostname WORD interface

o Ethernet <0-9>/<0-24>o FastEthernet <0-9>/<0-24>o GigabitEthernet <0-9>/<0-24>o Port-channel <1-6>o Vlan <1-1005>o range

Ethernet <0-9>/<0-24> FastEthernet <0-9>/<0-24> GigabitEthernet <0-9>/<0-24> Vlan <1-1005>

ipo access-list

extended [ <100-199> | WORD ] standard [ <1-99> | WORD ]

o default-gateway A.B.C.D

o dhcp excluded-address [ A.B.C.D A.B.C.D ] pool WORD

o domain [ lookup | name WORD ]o domain-lookupo domain-name WORDo ftp

passive password [ <0-7> | LINE ] username WORD

o host WORD A.B.C.D [ A.B.C.D ] [ A.B.C.D ]o name-server A.B.C.Do ssh

authentication-retries <0-5> time-out <1-120> version <1-2>

lineo <0-16> [ <1-16> ]o console <0-0>o vty <0-15> [ <1-15> ]

loggingo A.B.C.Do buffered <4096-2147483647>o consoleo host A.B.C.Do ono trap debugging

mac-address-table static H.H.H vlan <1-1005> interfaceo Ethernet <0-9>/<0-24>o FastEthernet <0-9>/<0-24>o GigabitEthernet <0-9>/<0-24>

noo access-list [ <1-99> | <100-199> ]o banner motdo boot systemo cdp runo clock timezone

o enable password [ 7 WORD | level <1-15> ] secret [ level <1-15> ]

o hostnameo interface

Port-channel <1-6> Vlan <1-1005>

o ip access-list

extended [ <100-199> | WORD ] standard [ <1-99> | WORD ]

default-gateway domain [ lookup | name ] domain-lookup domain-name ftp

passive password username

host WORD [ A.B.C.D ] [ A.B.C.D ] [ A.B.C.D ] name-server ssh

authentication-retries <0-5> time-out <1-120> version <1-2>

o logging A.B.C.D buffered console host A.B.C.D on trap debugging

o mac address-table static H.H.H vlan <1-1005> interface Ethernet <0-9>/<0-24> FastEthernet <0-9>/<0-24> GigabitEthernet <0-9>/<0-24>

o mls qoso port-channel load balance

o privilege configure

LINE all

LINE level <0-15>

level <0-15> exec

LINE all

LINE level <0-15>

level <0-15> interface

LINE all

LINE level <0-15>

level <0-15> line

LINE all

LINE level <0-15>

level <0-15> line

LINE all

LINE level <0-15>

level <0-15> router

LINE all

LINE level <0-15>

level <0-15>o service

password-encryption time stamps

debug [ datetime ] [ msec ] log [ datetime ] [ msec ]

o snmp-server community WORD [ ro | rw ]o spanning-tree vlan WORD [ priority | root [ primary | secondary ] ]o usernameo vlan <1-1005>o vtp [ mode | password | version <1-2> ]

port-channel load-balance [ dst-ip | dst-mac | src-dst-ip | src-dst-mac | src-ip | src-mack ] privilege

o configure LINE all

LINE level <0-15>

level <0-15>o exec

LINE all

LINE level <0-15>

level <0-15>o interface

LINE all

LINE level <0-15>

level <0-15>o line

LINE all

LINE level <0-15>

level <0-15>o router

LINE all

LINE level <0-15>

level <0-15> service

o password-encryptiono timestamps [ debug | log ] [ datetime ] [ msec ]

snmp-server community WORD [ ro | rw ] spanning-tree

o mode [ pvst | rapid-pvst ]o portfast defaulto vlan WORD [ priority <0-61440> | root [ primary | secondary ] ]

username WORDo password [ 0 | 7 ] LINEo privilege <0-15>

password [ 0 | 7 ] LINE secret [ 0 LINE | 5 WORD | LINE ]

o secret vlan <1-1005> vtp

o domain WORDo mode

client server transparent

o password WORDo version <1-2>

Ethernet / FastEthernet / GigabitEthernet Interface Mode

cdp enable channel-group <1-6> mode [ active | auto | desirable | on | passive ] channel-protocol [ lacp | bagp ] description LINE duplex [ auto | full | half ] exit mac-address H.H.H mdix auto mls qos

o cos <0-7>o trust [ cos | device cisco-phone | dscp ]

noo cdp enableo channel-groupo channel-protocolo descriptiono duplexo mac-addresso mdix autoo mls qos

cos <0-7> trust [ cos | device cisco-phone | dscp ]

o shutdowno spanning-tree

bpduguard guard link-type portfast vlan WORD port-priority

o speedo storm-control broadcast levelo switchport

access vlan mode native vlan nonegotiate port-security

mac-address H.H.H sticky [ H.H.H ]

maximum violation

priority extend trunk [ allowed | native ] vlan voice vlan

o tx-ring-limit shutdown

spanning-treeo bpduguard [ disable | enable ]o guard rooto link-type [ point-to-point | shared ]o portfast [ disable | trunk ]o vlan WORD port-priority <0-240>

speed [ 10 | 100 | 1000 | auto ] (10/100 options are only available for FastEthernet and GigabitEthernet interfaces and 10/100/1000 options are only available for GigabitEthernet interfaces respectively)

storm-control broadcast level <0.0-100.0> switchport

o access vlan <1-1005>o mode

access dynamic [ auto | desirable ] trunk

o native vlan <1-1005>o nonegotiateo port-security

mac-address H.H.H sticky [ H.H.H ]

maximum <1-132> violation [ protect | restrict | shutdown ]

o priority extend cos <0-7>o trunk

allowed vlan WORD add <1-1005> all except <1-1005> none remove <1-1005>

native vlan <1-1005>o voice vlan <1-1005>

tx-ring-limit <1-32767>

VLAN Interface Mode

arp timeout <0-2147483> description LINE exit ip

o address [ A.B.C.D A.B.C.D | dhcp ]o helper-address A.B.C.D

noo arp timeouto descriptiono ip

address [ dhcp ] helper-address A.B.C.D

o shutdowno standby

<0-4095> FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Serial Ethernet <0-9>/<0-24>[.][<0-4294967295>] ip A.B.C.D ipv6 autoconfig preempt priority

preempt priority track

FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Serial Ethernet <0-9>/<0-24>[.][<0-4294967295>]

shutdown standby

o <0-4095> FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Serial Ethernet <0-9>/<0-24>[.][<0-4294967295>] ip A.B.C.D ipv6 autoconfig preempt priority

o preempto priorityo track

FastEthernet <0-9>/<0-24>[.][<0-4294967295>] GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] Serial Ethernet <0-9>/<0-24>[.][<0-4294967295>]

VLAN Configuration Mode

exit name WORD The ascii name for the VLAN no

o name Ascii name of the VLAN

Line Configuration Mode

access-class [ <1-199> | <1300-2699> | WORD ] [ in | out ] databits [ 5 | 6 | 7 | 8 ] default [ databits | flowcontrol | history size | parity | speed | stopbits ] exec-timeout <0-35791> Timeout in minutes exit flowcontrol [ NONE | hardware | software ] history size <0-256> ipv6 access-class Filter connections based on an IPv6 access list logging synchronous Synchronized message output login [ local ] motd-banner no [ access-class [ <1-199> | <1300-2699> | WORD ] [ in | out ] | databits | flowcontrol | history size | ipv6 | login | motd-banner | parity |

password | speed | stopbits ] parity [ even | mark | none | odd | space ] password

o 7 WORDo LINE

privilege level Assign default privilege level for line speed <0-4294967295> stopbits [ 1 | 1.5 | 2 ] transport output Define which protocols to use for outgoing connections

Rommon Mode

boot dir flash: flash_init help reset set unset variable variable=value

Configuring ASA

The Config tab for the ASA offers four general levels of configuration: global, clientless vpn, switching, and interface. The global level, switching and interface levels offer the same settings as a switch. Note that the Config tab provides an alternative to the CLI only for some simple, common features; to access the full set of ASA commands that have been modeled you must use the CLI tab.

Throughout your configurations in the Config tab, the lower window will display the equivalent CLI commands for all your actions.

 

Global Settings, Algorithm Settings, VLAN Database, InterfaceFor these sections of the Config tab, please refer to the Switches page as they function similarly with the ASA config tab 

Clientless VPNClientless SSL VPN (WebVPN) allows for limited but valuable secure access to the network from any location. A remote client needs only an SSL-enabled web browser to access http- or https-enabled web servers.

The Bookmark Manager is modeled after ASDM (Adaptive Security Device Manager). A bookmark is similar to a web browser bookmark which contains a name/title and an URL.

The User Manager provides a GUI interface allowing bookmarks to be assigned to valid users. The users are created using ASA CLI command username. When a user accesses the ASA via a browser, the ASA prompts for the username and password. After the authentication, if the user was assigned a bookmark, the bookmark will be show to the user allowing access to the corresponding URL.

ASA

Packet Tracer uses a simplified model of the Cisco Adaptive Security Appliance Software. Click on the CLI tab in the ASA configuration window to access the Cisco command line interface. Use the Copy and Paste buttons to copy and paste text to and from the command line. This page lists the command tree for Packet Tracer ASA. The tree contains only command chains that are supported in Packet Tracer.

 

User Mode

enable [ <0-15> ] exit logout ping [ ip | ipv6 | WORD ] quit show

o version traceroute [ ip | WORD ]

Enable Mode

configure [ terminal ] copy

o disk0: running-config startup-config tftp:

o flash: running-config startup-config tftp:

o running-config disk0: flash: startup-config tftp:

o startup-config disk0: flash: running-config tftp:

o tftp: disk0: flash: running-config startup-config

dir exit

logout ping [ ip | ipv6 | WORD ]

o tcp [ ip | ipv6 | WORD ] reload show

o access-listo activation-keyo arpo clocko crypto

isakmp [ sa ] ipsec [ sa ] map crypto key mypubkey rsa

o dhcpd binding all state

o disk0:o file systemo flash:o interface

inside outside Ethernet <0>/<0-7> Vlan [<1-4090>] ip brief

o ip addresso ipv6

access-list interface brief neighbor route

o nato ntp statuso routeo running-configo ssho startup-config

o switch vlano versiono vlano xlate

traceroute [ ip | WORD ] write [ erase | memory ]

Global Mode

aaao authentication

ssh console LOCAL

telnet console LOCAL

access-group [ WORD ]o in [ interface ] [inside | outside ]o out [ interface ] [inside | outside ]

access-list [ WORD ]o [ deny | permit ]

[ A.B.C.D A.B.C.D | any | host A.B.C.D | icmp A.B.C.D ] [ icmp | icmp6 | object-group WORD | tcp | udp ]

[A.B.C.D A.B.C.D A.B.C.D | any A.B.C.D A.B.C.D | host A.B.C.D A.B.C.D | object WORD A.B.C.D A.B.C.D ] [ echo | echo-reply | unreachable ]

o extended [ deny | permit ]

[ A.B.C.D A.B.C.D | any | host A.B.C.D | icmp A.B.C.D ] [ icmp | icmp6 | object-group WORD | tcp | udp ]

[A.B.C.D A.B.C.D A.B.C.D | any A.B.C.D A.B.C.D | host A.B.C.D A.B.C.D | object WORD A.B.C.D A.B.C.D ] [ echo | echo-reply | unreachable ]

class-map WORD clock set hh:mm:ss [ MONTH | Day of Month] [ Day of Month | MONTH ] [ Year ] configure terminal crypto

o ikev1 policy [ 1-65535 ] enable [ inside | outside ]

o ipsec

ikev1 transform-set WORD [ esp-3des | esp-aes | esp-aes-192 | esp-aes-256 | esp-des | esp-md5-hmac | esp-sha-hmac] [ esp-md5-hmac | esp-sha-hmac ]

security-association lifetime seconds <120-2147483647>o key generate rsa modulus [ 1024 | 2048 | 512 | 768 ]o map WORD

interface [ inside | outside ] <1-65535>

match address WORD set

ikev1 transform-set [ WORD ] peer [ A.B.C.D | X:X:X:X::X ] [ A.B.C.D | X:X:X:X::X ] [ A.B.C.D | X:X:X:X::X ] security-association lifetime seconds <120-2147483647>

dhcpdo address [ WORD ] [ inside | outside ]o auto-config [ inside | outside ]o dns [ Hostname | A.B.C.D ] interface [ inside | outside ]o domain [ WORD ] interface [ inside | outside ]o enable [ inside | outside ]o lease <300-1048575> [ inside | outside ]

domain-name [ WORD ] enable password [ WORD ] [ encrypted | level <1-15> encrypted ] end exit group-policy [ WORD ] [ attributes | internal ] hostname WORD http

o [ WORD ] [ A.B.C.D ] [ inside | outside ]o enableo X:X:X:X::X/<0-128> [ inside | outside ]

interfaceo Ethernet <0>/<0-7>o Vlan <1-4090>

ipv6o access-list WORD

[ deny | permit ] [ icmp | icmp6 | object-group WORD | tcp | udp ]

[A.B.C.D A.B.C.D A.B.C.D | any A.B.C.D A.B.C.D | host A.B.C.D A.B.C.D | object WORD A.B.C.D A.B.C.D ] [ echo | echo-reply | unreachable ]

o route [ inside | outside ] [ Hostname | X:X:X:X::X ] [ <1-255> ] name [ A.B.C.D | X:X:X:X::X ] [ WORD ] names no

o aaa authentication

ssh console LOCAL

telnet console LOCAL

o access-group [ WORD ] in [ interface ] [inside | outside ] out [ interface ] [inside | outside ]

o access-list [ WORD ] [ deny | permit ]

[ A.B.C.D A.B.C.D | any | host A.B.C.D | icmp A.B.C.D ] [ icmp | icmp6 | object-group WORD | tcp | udp ]

[A.B.C.D A.B.C.D A.B.C.D | any A.B.C.D A.B.C.D | host A.B.C.D A.B.C.D | object WORD A.B.C.D A.B.C.D ] [ echo | echo-reply | unreachable ]

extended [ deny | permit ]

[ A.B.C.D A.B.C.D | any | host A.B.C.D | icmp A.B.C.D ] [ icmp | icmp6 | object-group WORD | tcp | udp ]

[A.B.C.D A.B.C.D A.B.C.D | any A.B.C.D A.B.C.D | host A.B.C.D A.B.C.D | object WORD A.B.C.D A.B.C.D ] [ echo | echo-reply | unreachable ]

o class-map WORDo clock set hh:mm:ss [ MONTH | Day of Month] [ Day of Month | MONTH ] [ Year ]o configure terminalo crypto

ikev1 policy [ 1-65535 ] enable [ inside | outside ]

ipsec ikev1 transform-set WORD

[ esp-3des | esp-aes | esp-aes-192 | esp-aes-256 | esp-des | esp-md5-hmac | esp-sha-hmac] [ esp-md5-hmac | esp-sha-hmac ]

security-association lifetime seconds <120-2147483647> key generate rsa modulus [ 1024 | 2048 | 512 | 768 ]

map WORD interface [ inside | outside ] <1-65535>

match address WORD set

ikev1 transform-set [ WORD ] peer [ A.B.C.D | X:X:X:X::X ] [ A.B.C.D | X:X:X:X::X ] [ A.B.C.D | X:X:X:X::X ] security-association lifetime seconds <120-2147483647>

o dhcpd address [ WORD ] [ inside | outside ] auto-config [ inside | outside ] dns [ Hostname | A.B.C.D ] interface [ inside | outside ] domain [ WORD ] interface [ inside | outside ] enable [ inside | outside ] lease <300-1048575> [ inside | outside ]

o domain-name [ WORD ]o enable password [ WORD ] [ encrypted | level <1-15> encrypted ]o endo exito group-policy [ WORD ] [ attributes | internal ]o hostname WORDo http

[ WORD ] [ A.B.C.D ] [ inside | outside ] enable X:X:X:X::X/<0-128> [ inside | outside ]

o interface Ethernet <0>/<0-7> Vlan <1-4090>

o ipv6 access-list WORD

[ deny | permit ] [ icmp | icmp6 | object-group WORD | tcp | udp ]

[A.B.C.D A.B.C.D A.B.C.D | any A.B.C.D A.B.C.D | host A.B.C.D A.B.C.D | object WORD A.B.C.D A.B.C.D ] [ echo | echo-reply | unreachable ]

route [ inside | outside ] [ Hostname | X:X:X:X::X ] [ <1-255> ]o name [ A.B.C.D | X:X:X:X::X ] [ WORD ]o nameso ntp

authenticate authenticateion-key <1-4294967295> md5 WORD [ <0-4294967295> ] server A.B.C.D [ key <0-4294967295> ] trusted-key <1-4294967295>

o object network [ WORD ]o object-group service [ WORD ]

tcp tcp-udp udp

o passwd [ WORD ] encryptedo policy-map

WORD type inspect dns WORD

o route [ inside | outside ] [ Hostname | A.B.C.D ] [ Hostname | A.B.C.D ] [ Hostname | A.B.C.D ] [<1-255>]o service-policy [ WORD ] [ global | interface inside | interface outside ]o setupo ssh

WORD A.B.C.D [ inside | outside ] X:X:X:X::X/<0-128> [ inside | outside ] timeout <1-1440>

o telnet WORD A.B.C.D [ inside | outside ] X:X:X:X::X/<0-128> [ inside | outside ] timeout <1-1440>

o tunnel-group [ WORD ] general-attributes ipsec-attributes type [ ipsec-121 | remote-access ]

o username [ WORD ] [ attributes | password WORD encrypted ]o webvpn

ntpo authenticateo authenticateion-key <1-4294967295> md5 WORD [ <0-4294967295> ]o server A.B.C.D [ key <0-4294967295> ]o trusted-key <1-4294967295>

object network [ WORD ] object-group service [ WORD ]

o tcp

o tcp-udpo udp

passwd [ WORD ] encrypted policy-map

o WORDo type inspect dns WORD

route [ inside | outside ] [ Hostname | A.B.C.D ] [ Hostname | A.B.C.D ] [ Hostname | A.B.C.D ] [<1-255>] service-policy [ WORD ] [ global | interface inside | interface outside ] setup ssh

o WORD A.B.C.D [ inside | outside ]o X:X:X:X::X/<0-128> [ inside | outside ]o timeout <1-1440>

telneto WORD A.B.C.D [ inside | outside ]o X:X:X:X::X/<0-128> [ inside | outside ]o timeout <1-1440>

tunnel-group [ WORD ]o general-attributeso ipsec-attributeso type [ ipsec-121 | remote-access ]

username [ WORD ] [ attributes | password WORD encrypted ] webvpn

Ethernet Interface Mode

exit ip

o address A.B.C.D A.B.C.D dhcp

o

nameif [ WORD ] security-level <0-100> shutdown switchport access vlan <1-4090>

VLAN Interface Mode

exit forward ip

o address A.B.C.D A.B.C.D dhcp

ipv6o access-list [ WORD ] [ deny | permit ]

[ icmp | icmp6 | object-group WORD | tcp | udp ] [A.B.C.D A.B.C.D | any A.B.C.D | host A.B.C.D | object WORD A.B.C.D ]

[ echo | echo-reply | unreachable ]o route

nameif [ WORD ] security-level <0-100> shutdown

Class-Map Configuration Mode

exit match

o access-list [ WORD ]o anyo default-inspection-traffic

Group-policy Configuration Mode

exit webvpn vpn-tunnel-protocol ssl-clientless

Object Configuration Mode

description [ LINE ] host [ A.B.C.D | X:X:X:X::X ] nat ( Open parenthesis for (<internal_if_name>,<external_if_name>) pair subnet [ A.B.C.D A.B.C.D | X:X:X:X::X<0-128>]

Object-group Configuration Mode

description [ LINE ] port-object

o eq [ domain | www | <0-65535> ]o range [ <0-65535> ] [ <0-65535> ]o

Webvpn Configuration Mode

enable password [ WORD ] [ encrypted | level <1-15> encrypted ] exit

Rommon Mode

address addr boot args clear confreg value dev file name gateway addr help history interface name reboot reload repeat arg reset server addr set show cmd tftpdnld unset varname

Configuring Linksys WRT300N

The Config tab offers two general levels of configuration: global and interface. To configure at the global level, click the GLOBAL button to expand the Settings button (if it has not already been expanded). To configure an interface, click the INTERFACE button to expand the list of interfaces, and then choose the interface.

 

Global SettingsIn the global settings, you can change the Display Name of the Linksys WRT300N.

 

Algorithm SettingsIn the Algorithm Settings, you can override the global Algorithm Settings by unchecking Global Settings and then set your own values for the Half-Open Session Multiplier, Maximum Number of Connections, and Maximum Number of Opened Sessions.

 

Internet Interface ConfigurationIn the Internet settings, you can set the Internet port to automatically obtain IP configurations with DHCP, manually set IP configurations with the Static setting, or configure PPPoE authentication.

 

LAN Interface Configuration In the LAN settings, you can set the IP Address and Subnet Mask of the LAN interface.

 

Wireless Interface Configuration In the Wireless settings, you can set the SSID, Channel, and Authentication. You may set the authentication to WEP, WPA-PSK, WPA2-PSK, WPA, or WPA2. For WEP, you need to set the Key to a 10-digit hexadecimal value. For WPA-PSK and WPA2-PSK, the PassPhrase needs to be 8-63 ASCII characters long and the Encryption Type can be set to AES or TKIP. For WPA and WPA2, you need to enter the IP Address and Shared Secret of the RADIUS server and then select AES or TKIP for the encryption type.

Linksys WRT300N: GUI

The GUI tab offers the same configurations and settings as the Config tab with some additional features for access restrictions, port forwarding, DMZ access, administration, as well as router and network status. Make sure you click on the Save Settings button at the bottom to apply the new settings to the Linksys WRT300N before going to any other tab.

 

Setup ConfigurationIn the Setup tab under the Basic Setup sub-tab, you can set the Internet Connection Type to either automatically obtain IP configurations with Automatic Configuration - DHCP, manually set IP configurations with Static IP , or PPPoE. You can also set the LAN IP configurations and DHCP server settings under the Network Setup section.

 

Wireless ConfigurationOn the Wireless tab under the Basic Wireless Settings sub-tab, the only settings you can change are the Network Name (SSID) and the Standard Channel.

Under the Wireless Security sub-tab, you can set the Security Mode to Disabled, WEP, WPA Personal, WPA Enterprise, WPA2 Personal, or WPA2 Enterprise. Depending on the security mode that you select, you will need to enter a WEP key, passphrase and encryption type for WPA/WPA2 Personal, or the RADIUS server IP address, shared secret, and encryption type for WPA/WPA2 Enterprise.

Under the Wireless MAC Filter sub-tab, you can setup a wireless MAC address filter list to permit or prevent wireless clients from accessing the wireless network. To setup the wireless MAC filter, set the wireless MAC filter to Enabled and then select whether you want the MAC filter to prevent the listed clients from accessing the wireless network or to permit only the listed clients from being able to access the wireless network. Afterwards, begin entering the MAC addresses of the clients that you want to include in the MAC filter and then click the Save Settings button.

 

Security ConfigurationOn the Security tab, there are no additional viewable sub-tabs and there are no parameters that you can edit.

 

Access Restrictions ConfigurationOn the Access Restrictions tab under the Internet Access Policy sub-tab, you can apply various access restrictions policies on the connected hosts. To add a policy to the router, first select a policy you would like to edit from the Access Policy drop-down menu and then Enter a Policy Name for the policy. Then, set the Status to Enabled. Next, click on the Edit List button and enter the host IP addresses you would like to apply the policy on in the List of PCs dialog that shows up. After editing the list, click on Save Settings and Close inside the dialog. Back in the Linksys GUI, select Deny to restrict all applications or select Allow for specific application access restriction. If you select Allow, you can choose up to three applications to block. To block an application, select the application from the Applications list and click on the >> button to add it to the Blocked

List. To unblock an application, select the application from the Blocked List and click on the << button. If you want to remove a policy, select the policy from the Access Policy drop-down menu and click Delete This Entry.

 

Applications & Gaming Configuration In the Applications & Gaming tab under the Single Port Forwarding sub-tab, you can forward packets destined to specific ports to an IP Address. To forward a port, select the appropriate application under the Application Name drop-down menu, enter the IP Address under the To IP Address column to which you want the packets to be forwarded, and then click on the box under the Enabled column. To forward a custom port, enter an

application name and then enter the appropriate Externet Port, Internet Port, and Protocol. The Externet Port is the port to which the Linksys router will listen from the WAN side. The Internet Port is the port on your local server to which the Linksys router will forward packets.

Under the DMZ sub-tab, you can set a specific host to have DMZ access. To do so, click on Enabled to enable the DMZ feature and then enter the IP address of the host you want to have DMZ access.

 

Administration Management

In the Administration tab under the Management sub-tab, you can change the default password to access the router through the Linksys Web Configuration using the Web Browser and toggle Remote Management. In addition to this, if you are logged in using the Linksys Web Configuration, you can Backup and Restore Configurations.

Under the Factory Defaults sub-tab, the only available feature is Restore Factory Defaults. This will reset the configuration back to default settings.

Under the Firmware Upgrade sub-tab, you can upgrade the firmware of the Linksys WRT300N. To upgrade the firmware, click on Browse, select a valid firmware image from the dialog that shows up, and then click OK. Once you have selected a firmware, click on the Start to Upgrade button to upgrade the firmware.

 

StatusOn the Status tab under the Router sub-tab, you can view Router Information and Internet Connection configurations. You can Release and Renew the IP address of the Internet port.

Under the Local Network sub-tab, you can view the Local Network and DHCP Server configuration. You can view the DHCP Client Table as well.

Under the Wireless Network sub-tab, you can view the various wireless configurations on the router.

Configuring PCs, Laptops, Tablet PCs, and PDAs

You can configure the global settings and interface settings on the PC, laptop, tablet PC, and PDA end devices with the Config tab. Additionally, the Desktop tab provides tools to configure IP settings, configure dial-up settings, use a terminal window, open a host command line interface, open a web browser, configure Linksys wireless settings, establish a VPN connection, generate PDUs, and issue SNMP requests.

 

Global Settings

In the global settings, you can change the Display Name of the end device. You may set the end device to either automatically obtain IPv4 or IPv6 configurations with DHCP or manually set the Gateway and DNS Server with Static. For IPv6, Auto Config will automatically configure the Gateway and DNS Server IP addresses.

 

Algorithm SettingsIn the Algorithm Settings, you can override the global Algorithm Settings by removing the checkmark from Global Settings and then setting your own values for the Maximum Number of Connections, Maximum Number of Opened Sessions, and Maximum Retransmission Timeout in Milliseconds.

 

Interface ConfigurationPCs and laptops support Ethernet (copper or fiber), modem, and wireless interfaces. On the tablet PC and PDA, only the wireless interface is supported. In general, you can set the interface Port Status, Bandwidth, Duplex, MAC Address, SSID, IP Address, Subnet Mask, Link Local Address, and IPv6 Address. These options vary slightly for each interface type.

 

IP Configuration UtilityOn the Desktop tab, click the IP Configuration icon to bring up the configuration utility. If the end device is connected to a DHCP configured router or server, you can use DHCP to automatically obtain the IP configuration by clicking on the DHCP button. Otherwise, you may use the Static button to manually set the IP configuration.

 

Modem Dial-up UtilityOn the Desktop tab, click the Dial-up icon to bring up the Dial-up utility. Before you can access the dial-up utility, the end device must have the modem interface installed. As a result, only the PC and laptop devices are supported. You can establish a modem connection by connecting a PC or laptop to a cloud that is connected to a router. The cloud acts like a phone company between the PC or laptop and the router. Several conditions must be met before the connection can be successful:  

The router has a modem, and you have established user name authentication on the router (using the Cisco IOS global configuration mode command username WORD password LINE).

The modem ports on the cloud have valid phone numbers. You entered the correct user name, password, and number to dial on the modem utility of the PC or laptop.

If all the requirements are met, click the Dial button to make the call. The status line (as well as link lights) will tell you if the connection is successful. Note that you still must configure all relevant IP settings manually if you want to ping between the router and the PC or laptop. Use the Disconnect button to terminate the connection at any time.

 

Terminal UtilityIf the end device is connected to a router or a switch by a console connection (using the RS 232 port on the PC), use the Terminal application to gain access to the Command Line Interface (CLI) of the device. In the Desktop tab, click the Terminal icon to bring up this utility. Choose the appropriate port configuration parameters for the console session, and then click on the OK button. The Terminal window appears with the CLI of the device.

 

Command Prompt UtilityOn the Desktop tab, click the Command Prompt button to bring up the command line utility. At the prompt, you can issue the following commands:

? arp delete dir ftp help ipconfig ipv6config netstat nslookup ping snmpget snmpgetbulk snmpset ssh telnet tracert

 

Web Browser UtilityOn the Desktop tab, click the Web Browser button to bring up the web browser. The web browser allows you to access a web server or the Linksys Web Configuration interface. If the end device is directly or indirectly connected to a server with HTTP service enabled, you can type in the IP address of the server to access the website on the server. If the end device is connected to a properly configured DNS server, covered in another help topic, you can type in the domain name of the server. If the end device is connected to a Linksys WRT300N wireless router, you can type in the IP address of the Linksys WRT300N wireless router to access the Linksys Web Configuration. A prompt will appear asking for user name and password. The default is admin for both user name and password.

 

PC Wireless UtilityOn the Desktop tab, click the PC Wireless button to bring up the wireless client software. Note that the Linksys-WMP300N wireless hardware module is required for access so only PCs and laptops are supported. In the Linksys wireless client software, you can check Link Information to view wireless network status and statistics, Connect to any available Linksys wireless networks within range, and add/edit/delete Profiles to connect to wireless routers not broadcasting their SSID.

 

VPN UtilityOn the Desktop tab, click the VPN button to bring up the VPN client utility that allows you to create a VPN connection to a VPN server. To create a VPN connection, enter the GroupName, Group Key, Host IP (Server IP), Username, Password, and then click on the Connect button. To disconnect the VPN connection, click on the Disconnect button.

 

Traffic Generator UtilityThe Traffic Generator utility is similar in functionality to the Add Simple PDU and Add Complex PDU tool in the Common Tools Bar, but with some key differences. First of all, when you load a save file, packets are not sent automatically by a Traffic Generator. The Traffic Generator utility must be open to generate traffic, although it can be minimized. Another key difference is that the Traffic Generator is unable to send multiple PDUs simultaneously.

Visually, the Traffic Generator is similar to the Add Complex PDU dialog with some exceptions. Instead of a One Shot parameter, the Traffic Generator has a Single Shot option. There is no field to enter a time value to send the PDU as the PDU will be sent the moment you click on the

Send button. With the Periodic option, when you click on the Send button, the Send button will become a Stop button and the dialog will become gray. The Traffic Generator will then send a PDU at the interval that you entered. If you want to stop sending PDUs, click on the Stop button or close the utility.

PDUs generated by the Traffic Generator are not added to the User Created PDU Window. As such, if you want to see if the PDUs failed or were successful, you will need to view the PDU's status in Simulation Mode.

 

MIB Browser Utility

On the Desktop tab, click the MIB Browser button to issue SNMP requests. This allows you to retrieve router and switch data or make changes to the devices. To set up the MIB Browser for SNMP requests, click on the Advanced button and set the Address, Port, Read Community, and Write Community that is configured on the router or switch. Then, select the desired SNMP Version and click the OK button. The next step is to browse through the SNMP MIB tree and select the desired object instance (OID) for the router or switch. If you want to retrieve data, set Operations to either Get or Get Bulk and then click on the Go button. The data for the OID will be shown in the Result Table. If you want to change a writable OID, select Set in the Operations menu to reveal the SNMP Set dialog. In the SNMP Set dialog, select the appropriate Data Type for the OID, enter a Value, and then click the OK button. Finally, click on the Go button in the main MIB Browser dialog to set the OID value.

 

Cisco IP Communicator UtilityOn the Desktop tab, click the Cisco IP Communicator button to place or answer a call. To place a phone call, enter the number of the recipient phone using the keypad and then click the Dial button. Alternatively, you may click the NewCall button or Speakerphone button first and then enter the recipient's number. If you accidently enter an incorrect number, you may click the Cancel button to clear. Once the call has been placed, a message will indicate that the phone is ringing on the recipient's phone. To answer a call with the Cisco IP Communicator, click the Answer button. Once the recipient has answered the call, the status message will indicate that the Cisco IP Communicator is connected and a green light will show. While the call is still active, click on the Do, Re, or Mi buttons to send the respective sounds to the recipient. A message stating that the sound is playing will be displayed in case sound is disabled. To end the call, click the EndCall button. For the best possible experience while making calls, be sure that Sound is enabled in Preferences.

If you want configure the Cisco IP Communicator to use a different TFTP server from the default TFTP server, follow these steps. On the upper right-hand corner of the Cisco IP Communicator GUI, there are four buttons above the words "Cisco IP Phone." Click on the first button from the left to open a context menu and then select Preferences. Select the option Use these TFTP Servers: and then enter the IP address of the TFTP server that you wish to use.

 

Email UtilityOn the Desktop tab, click the Email button to bring up the email client. On the first launch of the email client, you will need to configure the parameters Your Name, Email Address, Incoming Mail Server, Outgoing Mail Server, User Name, and Password in order to send and receive email. Once the email client has been configured, you may Compose, Receive, view, and Delete emails. If you need to change configuration, click on the Configure Mail button to open the email configuration dialog.

 

PPPoE Dialer UtilityOn the Desktop tab, click the PPPoE Dialer button to bring up the PPPoE Dialer utility. This utility allows you to establish a point-to-point connection to a PPPoE server. To establish a PPPoE connection, enter the User Name and Password and then click on the Connect button. To disconnect the PPPoE connection, click on the Disconnect button.

 

Text Editor UtilityOn the Desktop tab, click the Text Editor icon to bring up the text editor. You can create New text files, Open existing text files, and Save text files through the File menu in the text editor. There are no formatting choices available in the text editor.

Configuring Servers

The Config tab offers three general levels of configuration: global, services, and interface. To configure at the global level, click the GLOBAL button to expand the Settings button (if it has not already been expanded). To configure services, click the SERVICES button to expand the list of services, and then choose the service. To configure an interface, click the INTERFACE button to expand the interface, and then choose the interface. Additionally, the Desktop tab provides tools to configure IP settings, open a host command line interface, and generate PDUs.

 

Global Settings

In the global settings, you can change the Display Name of the server. You may set the server to either automatically obtain IPv4 or IPv6 configurations by selecting the DHCP button or manually set the Gateway and DNS Server using the Static button. For IPv6, Auto Config will automatically configure the Gateway and DNS Server IP addresses and Static allows the data to be manually supplied.

 

Algorithm SettingsIn the Algorithm Settings, you can override the global Algorithm Settings by removing the checkmark from Global Settings and then setting your own values for the Maximum Number of Connections, Maximum Number of Opened Sessions, and Maximum Retransmission Timeout in Milliseconds.

 

HTTP Service ConfigurationIn the HTTP service configuration, you can edit the included HTML pages such as index.html, helloworld.html, and image.html using the following supported HTML tags:

a address b big blockquote body br center cite code dd dfn div dl dt em font h1 h2 h3 h4 h5

h6 head hr html i img kbd meta li nobr ol p pre qt s samp small span strong sub sup table tbody td tfoot th thead title tr tt u ul var

Additionally, you can also add or remove HTML files from the server. When a PC accesses an HTML page on the server using the Web Browser, the HTML page will load in the Web Browser.

 

DHCP Service ConfigurationIn the DHCP service configuration, you can set up a DHCP server with many different IP address pools. To add a DHCP pool, enter the Pool Name, Default Gateway, DNS Server address, Starting IP address to lease, Subnet Mask, and the Maximum number of Users, then click Add. If you want to make changes to an existing DHCP pool, select the pool from the list and edit the fields you want to make changes to, and then click Save. If you want to remove a DHCP IP address pool from the server, select the pool from the list and click Remove.

The default DHCP pool serverPool cannot be modified or edited.

 

TFTP Service ConfigurationIn the TFTP service configuration, there are no parameters to set. The TFTP service contains a selection of IOS images that can be used to flash routers and switches. If you want to remove an IOS image from the server, select the IOS image from the list and click Remove.

 

DNS Service ConfigurationIn the DNS service configuration, you can set up a DNS server to translate domain names with different types of resource records, which are basic data elements in the Domain Name System. Packet Tracer currently supports four different types of resource records: Address (A), Canonical Name (CNAME), SOA (Start of Authority), and NS (Name Server). An Address (A) record is the most common type of resource record where its core functionality is to map a hostname to an IPv4 address. A CNAME record is used to specify that a domain name is an alias of another, canonical domain name. An SOA record is used to specify authoritative information about a DNS zone, including the primary name server, the email of the domain administrator, and several timers relating to refreshing the zone. An NS record is used to delegate a DNS zone to use a given authoritative name server.

To add a resource record, enter the Name of the resource record, select a Type of resource record, and then enter all required fields pertaining to the resource record such as Address for A Record, Host Name for CNAME, or Server Name for NS Record and then click Add. To modify an existing resource record, select the resource record from the list, edit the fields you want to change, and then click Save when you are done. If you want to remove a resource record, just select the resource record from the list and click Remove.

When you click on the DNS Cache button, you can view all of the queries cached by the DNS server. The cached queries will be retained on the DNS server for a period of time (TTL) set on the record stored on the SOA DNS server.

 

SYSLOG Service ConfigurationIn the SYSLOG service configuration, there are no parameters to set. The SYSLOG service logs messages from routers and switches in the network. For each entry, the Time, HostName, and the actual Message are logged in the server.

 

AAA Service ConfigurationIn the AAA service configuration, you can set up the server to be a RADIUS or TACACS server. To add a RADIUS or TACACS server, enter the Client Name, Client IP, Secret key, select either Radius or Tacacs as the Type of AAA server, and then click on the + button. To remove a AAA server, select the AAA server entry in the list and click on the - button. In addition to configuring the AAA server, you also need to add authorized users. To add authorized users, enter the UserName and Password for the user and click on the + button. If you want to remove a user, select the user from the list and click on the - button.

 

NTP Service ConfigurationIn the NTP service configuration, you can set up the server to be an NTP server so that the date and time on the configured routers and switches are synchronized. By default, the date and time on the server is synchronized with your local machine. If you wish, you can manually set the time and date by selecting the date on the calendar display and incrementing or decrementing the time display. You can also set up Authentication by clicking on Enable and then entering a Key and Password.

 

Email Service ConfigurationIn the Email service configuration, you can set up the server to use the SMTP and/or POP3 protocol(s). To configure an email server, first enter a Domain Name and then click the Set button. Next, enter a User name and Password then click the Add button to create an email account. To change a password on an email account, select the desired email account from the list and click Change Password button. A dialog will appear allowing you to enter the new password. To delete an email account, select the desired email account from the list and click the Delete button.

 

FTP Service ConfigurationIn the FTP service configuration, you can add and remove FTP accounts, modify FTP account permissions, and remove files from the FTP service. To add an FTP account, enter a UserName and Password. Then, select which permissions you would like the user to have such as Write, Read, Delete, Rename, and List. Finally, click the Add button to create the FTP account. To remove an FTP account, select the desired FTP account from the list and click on the Delete button. If you want to remove files from the FTP service, select the desired file from the file list and click on the Remove button.

 

Interface ConfigurationServers can support two interfaces. You can choose from Ethernet (copper or fiber), modem, or wireless interfaces. In general, you can set the Port Status, Bandwidth, Duplex, MAC Address, IP Address, Subnet Mask, Link Local Address, and IPv6 Address. These options vary slightly for each interface type.

 

IP Configuration Utility

On the Desktop tab, click the IP Configuration icon to bring up the configuration utility. If the end device is connected to a DHCP configured router or server, you can use DHCP to automatically obtain the IP configuration by clicking on the DHCP button. Otherwise, you may use the Static button to manually set the IP configuration.

 

Command Prompt UtilityOn the Desktop tab, click the Command Prompt button to bring up the command line utility. At the command prompt, you can issue the following commands:

? arp delete dir ftp help ipconfig ipv6config netstat nslookup ping snmpget snmpgetbulk snmpset ssh telnet tracert

 

Traffic Generator UtilityThe Traffic Generator utility is similar in functionality to the Add Simple PDU and Add Complex PDU tool in the Common Tools Bar, but with some key differences. The Traffic Generator utility is explained in detail in Configuring PCs, Laptops, Tablet PCs, and PDAs.

 

Text Editor UtilityOn the Desktop tab, click the Text Editor icon to bring up the text editor. You can create New text files, Open existing text files, and Save text files through the File menu in the text editor. There are no formatting choices available in the text editor.

 

Web Browser UtilityOn the Desktop tab, click the Web Browser button to bring up the web browser. The web browser allows you to access a web server or the Linksys Web Configuration interface. If the end device is directly or indirectly connected to a server with HTTP service enabled, you can type in the IP address of the server to access the website on the server. If the end device is connected to a properly configured DNS server, covered in another help topic, you can type in the domain name of the server. If the end device is connected to a Linksys WRT300N wireless router, you can type in the IP address of the Linksys WRT300N wireless router to access the Linksys Web Configuration. A prompt will appear asking for user name and password. The default is admin for both user name and password.

 

PPPoE Dialer UtilityOn the Desktop tab, click the PPPoE Dialer button to bring up the PPPoE Dialer utility. This utility allows you to establish a point-to-point connection to a PPPoE server. To establish a PPPoE connection, enter the User Name and Password and then click on the Connect button. To disconnect the PPPoE connection, click on the Disconnect button.

 

VPN UtilityOn the Desktop tab, click the VPN button to bring up the VPN client utility that allows you to create a VPN connection to a VPN server. To create a VPN connection, enter the GroupName, Group Key, Host IP (Server IP), Username, Password, and then click on the Connect button. To disconnect the VPN connection, click on the Disconnect button.

Configuring Clouds

The Config tab offers three general levels of configuration: global, connections, and interface. To configure at the global level, click the GLOBAL button to expand the Settings button (if it has not already been expanded). To configure connections, click the CONNECTIONS button to expand the list of connections, and then choose the connection. To configure an interface, click the INTERFACE button to expand the list of interfaces, and then choose the interface.

 

Global SettingsThe only global setting available for a cloud is its display name.

 

TV SettingsThe TV Settings sub-panel allows you to manage TV images that would be displayed on a connected TV end device. To add a TV image, click the Browse button and select an image. It is recommended that you use .PNG graphics. Afterwards, click the Add button to add the image to the list of TV images. To remove a TV image, select the TV image from the list and click the Remove button.

 

 

Connection SettingsYou can use the Frame Relay sub-panel to establish Frame Relay connections between sub-links on the ports of the cloud. Configure DLCIs on the serial interfaces first, explained in a later section. Then, from the left Port drop down menu, choose a port and in the Sublink drop down menu, one of its sub-links. Then from the right Port drop down menu, choose another port and one of its sub-links. Click the Add button to make a connection between those two sub-links. The connection will now appear on the list. You can remove a connection from the list with the Remove button.

You can also use the DSL or Cable sub-panel to establish connections between modem ports (for DSL) or coaxial ports (for Cable) on the cloud to the Ethernet ports on the cloud. To establish a DSL connection, choose the appropriate modem port on the left-side drop down menu and on the right-side drop down menu choose an Ethernet port, which has its Provider Network set to DSL. Click the Add button to make the connection. You can remove a connection from the list with the Remove button. To establish a Cable connection, choose the appropriate coaxial port on the left-side drop down menu and on the right-side choose an Ethernet port which has its Provider Network set to Cable.

 

Interface ConfigurationClouds can support four interface types: modem, Ethernet, coaxial, and serial. For a modem port, you can set a Phone Number, which another device with a modem port can dial. For an Ethernet port, you can set the Provider Network to either DSL or Cable. For a coaxial port, there are no settings to configure. For a serial port, you can toggle its Port Status, choose an LMI (ANSI, Cisco, or Q933a), and assign DLCIs to the interface. To add a DLCI, enter an identifying number and a name for it, and then click the Add button to add it to the list. You can remove a DLCI from the port with the Remove button.

Configuring Other Devices

The configuration options for all other devices are relatively simple. In general, you can change their display names in their global settings sub-panel and make changes to basic settings on each interface.

 

BridgesA bridge is basically a simplified two-port switch. It does not have VLAN or trunking functions. The available settings for its two Ethernet ports are Port Status, Bandwidth, and Duplex.

 

RepeatersA repeater is a simple two-port device that regenerates the signal it receives on one port and forwards it out the other port. Its port settings cannot be modified.

 

HubsA hub is a multiport repeater that regenerates the signal it receives on one port and forwards it out all other ports except the incoming port. Its port settings cannot be modified.

 

Coaxial Splitter A coaxial splitter is a simple three-port device that splits the signal so that multiple devices can connect to the same coaxial line.

 

Access PointsAn access point is modeled as a repeater with one wireless port and one Ethernet port. In the settings for the wireless port, you can toggle the Port Status, set the SSID, Channel, and Authentication. You may set the authentication to WEP, WPA-PSK, or WPA2-PSK. For WEP, you need to set the Key to a 10-digit hexadecimal value. For WPA-PSK and WPA2-PSK, the PassPhrase needs to be 8-63 ASCII characters long and the Encryption Type can be set to AES or TKIP. The available settings for an access point's Ethernet port are Port Status, Bandwidth, and Duplex.

 

PrintersThe printer has the same configuration options as a PC excluding Algorithm Settings and desktop utilities.

 

7960The 7960 IP Phone does not have any configurable options. In the GUI tab, you can place a call, answer a call, and send Do, Re, and Mi notes to the recipient phone. To place a call enter the recipient's line number first using the keypad and then click on the handset to dial out. Alternatively, you can pickup the handset first and then dial the number to place a call. To answer a phone call on the analog phone, click on the handset when the phone is ringing. While the line is connected, you can send Do, Re, or Mi to the recipient by pressing the respective buttons. In order to hear the sounds, be sure Sound is enabled in Preferences. To end a call, click on the handset.

 

Home VoIPThe Home VoIP only has Server Address configuration.

 

Analog PhoneThe Analog Phone does not have any configurable options. In the GUI tab, you can place a call, answer a call, and send Do, Re, and Mi to the recipient phone just like on the 7960 IP Phone.

 

TVThe TV can only be turned on or off.

 

Wireless End DeviceThe wireless end device has the same configuration options as a wireless PC excluding the Desktop tab utilities. However, the Wireless End Device has a GUI tab which includes an IP Config and Traffic Generator utility that works equivalently to the PC's Desktop variant. The Wireless End Device also has an HTML tab that allows you to manually edit the GUI tab using HTML and it also allows you to optionally lock the HTML with a password.

 

Wired End DeviceThe wired end device features the same configuration options as the wireless end device except that it has a FastEthernet interface.

 

DSL Modem

The DSL modem does not have any configuration options.

 

Cable ModemThe cable modem does not have any configuration options.

Keyboard Shortcuts

Many actions in Packet Tracer are keyboard-accessible for your convenience. In addition to key combinations, the following keys deserve extra attention: 

Alt: Press this key to activate the Menu Bar options. Press Alt plus the underlined letter in the in the menu bar to open the menu. Then press the underlined letter in the command name that you want. In fact, whenever you see an underlined letter in any option or dialogue, you can press that key to select it.

Ctrl: Use this key to quickly create multiple devices and connections. Press and hold the Ctrl key, choose a specific device or a connection type, and then release the key. You can now quickly place multiple instances of that device on the workspace or make multiple connections of that type between devices. Alternatively, you can press and hold the Ctrl key and drag a device on the workspace to duplicate the device. The Ctrl key can also be used to prevent windows from docking (press and hold the key as you drag a window).

Shift: Use this key with the mouse to select multiple objects. Press and hold the Shift key, click and drag the cursor to draw a selection rectangle around the objects you want to select, and then release the key. Alternatively, you can hold Shift, click on all the devices you want to select, and then release the key. You can move the selected objects as one unit. You can also delete them with the Del key.

Esc: This key is a shortcut to the Select tool in the Common Tools Bar. It also serves as a "cancel" key. It closes certain pop-up windows or cancels/stops the current action (e.g., continuously placing devices or continuously making connections).

Shortcut Action

Ctrl + N Start a New network.

Ctrl + O Open an existing network.

Ctrl + Shift + T Open Samples.

Ctrl + S Save the current network.

Ctrl + Shift + S Save the current network to a different name and/or directory (Save As).

Ctrl + Alt + Z Save As Pkz.

Ctrl + P Print the current network.

Alt + F4 Exit Packet Tracer.

Ctrl + C Copy the selected items.

Ctrl + V Paste the selected items.

Ctrl + Z Undo the previous action.

Ctrl + Shift + Z Redo the previous action.

Ctrl + R View Preferences.

Ctrl + Shift + U Open the User Profile dialog.

Ctrl + Shift + M Open the Algorithm Settings dialog.

Ctrl + I Zoom In to the workspace.

Ctrl + T Reset the zoom of the workspace.

Ctrl + U Zoom Out of the workspace.

Ctrl + Shift + A Open/Close Main Toolbar.

Ctrl + Shift + R Open/Close Right Toolbar.

Ctrl + Shift + B Open/Close Bottom Toolbar

Ctrl + D Open the drawing Palette.

Ctrl + W Run the Activity Wizard.

Ctrl + Alt + L For Multiuser Extensions, do Listen.

Ctrl + Alt + P For Multiuser Extensions, do Port Visibility.

Ctrl + Alt + Y For Multiuser Extensions, do Options.

Ctrl + Alt + G For Multiuser Extensions, do Save Offline Copy As.

Ctrl + Shift + C For IPC, do Config Apps.

Ctrl + Shift + Q For IPC, do Show Active Apps.

Ctrl + Shift + J For IPC, do Options.

Ctrl + Shift + K For IPC, do Log.

Shift + L Switch to Logical Workspace.

Shift + P Switch to Physical Workspace.

Shift + R Switch to Realtime Mode.

Shift + S Switch to Simulation Mode.

Shift + U For Logical Workspace, click New Cluster button.

Shift + M For Logical Workspace, click Move Object button.

Shift + I For Logical Workspace, click Set Tiled Background button.

Shift + V For Logical Workspace, click Viewport button.

Shift + N For Physical Workspace, open Navigation Panel.

Shift + C For Physical Workspace, create New City.

Shift + B For Physical Workspace, create New Building.

Shift + W For Physical Workspace, create New Closet.

Shift + G For Physical Workspace, show Grid.

Shift + H For Physical Workspace, open Working Closet.

Alt+S Click the Power Cycle Devices button.

Alt+D Click the Fast Forward Time button.

Alt + B In Simulation mode, click Back button.

Alt + I In Simulation mode, click Show Event List button.

Ctrl + Alt + R Show Router devices in the Device Specific Box.

Ctrl + Alt + S Show Switch devices in the Device Specific Box.

Ctrl + Alt + U Show Hub devices in the Device Specific Box.

Ctrl + Alt + W Show Wireless devices in the Device Specific Box.

Ctrl + Alt + O Show Connection types in the Device Specific Box.

Ctrl + Alt + V Show End Devices in the Device Specific Box.

Ctrl + Alt + N Show WAN Emulation devices in the Device Specific Box.

Ctrl + Alt + T Show Custom Made Devices in the Device Specific Box.

Ctrl + Alt + M Show Multiuser Connection in the Device Specific Box.

Ctrl + Alt + i Add the ith device in the Device Specific Box to the Workspace.

Space Select device.

Enter Show Device Dialog for selected device.

Ctrl + Up Arrow Move selected devices upwards.

Ctrl + Down Arrow Move selected devices downwards.

Ctrl + Right Arrow Move selected devices to the right.

Ctrl + Left Arrow Move selected devices to the left.

Ctrl + Shift + I Open Scenario Description.

Ctrl + Shift + N New Scenario.

Ctrl + Shift + D Delete Scenario.

Ctrl + Shift + O Toggle PDU List Window.

Ctrl + Insert Copy text in CLI console/Cmd Prompt.

Shift + Insert Paste text in CLI console/Cmd Prompt.

Esc Choose the Select tool.

M Choose the Move Layout tool.

N Choose the Place Note tool.

Delete Choose the Delete tool. If you have selected multiple objects, pressing Delete will delete them.

I Choose the Inspect tool.

Alt+R Choose the Resize tool.

P Click the Add Simple PDU button.

C Click the Add Complex PDU button.

Ctrl + N New Text Editor File (Valid in PC Desktop and Server Desktop)

Ctrl + O Open an existing Text Editor File (Valid in PC Desktop and Server Desktop)

Ctrl + S Save the current Text Editor File (Valid in PC Desktop and Server Desktop)

Keyboard Shortcuts

Many actions in Packet Tracer are keyboard-accessible for your convenience. In addition to key combinations, the following keys deserve extra attention: 

Alt: Press this key to activate the Menu Bar options. Press Alt plus the underlined letter in the in the menu bar to open the menu. Then press the underlined letter in the command name that you want. In fact, whenever you see an underlined letter in any option or dialogue, you can press that key to select it.

Ctrl: Use this key to quickly create multiple devices and connections. Press and hold the Ctrl key, choose a specific device or a connection type, and then release the key. You can now quickly place multiple instances of that device on the workspace or make multiple connections of that type between devices. Alternatively, you can press and hold the Ctrl key and drag a device on the workspace to duplicate the device. The Ctrl key can also be used to prevent windows from docking (press and hold the key as you drag a window).

Shift: Use this key with the mouse to select multiple objects. Press and hold the Shift key, click and drag the cursor to draw a selection rectangle around the objects you want to select, and then release the key. Alternatively, you can hold Shift, click on all the devices you want to select, and then release the key. You can move the selected objects as one unit. You can also delete them with the Del key.

Esc: This key is a shortcut to the Select tool in the Common Tools Bar. It also serves as a "cancel" key. It closes certain pop-up windows or cancels/stops the current action (e.g., continuously placing devices or continuously making connections).

Shortcut Action

Ctrl + N Start a New network.

Ctrl + O Open an existing network.

Ctrl + Shift + T Open Samples.

Ctrl + S Save the current network.

Ctrl + Shift + S Save the current network to a different name and/or directory (Save As).

Ctrl + Alt + Z Save As Pkz.

Ctrl + P Print the current network.

Alt + F4 Exit Packet Tracer.

Ctrl + C Copy the selected items.

Ctrl + V Paste the selected items.

Ctrl + Z Undo the previous action.

Ctrl + Shift + Z Redo the previous action.

Ctrl + R View Preferences.

Ctrl + Shift + U Open the User Profile dialog.

Ctrl + Shift + M Open the Algorithm Settings dialog.

Ctrl + I Zoom In to the workspace.

Ctrl + T Reset the zoom of the workspace.

Ctrl + U Zoom Out of the workspace.

Ctrl + Shift + A Open/Close Main Toolbar.

Ctrl + Shift + R Open/Close Right Toolbar.

Ctrl + Shift + B Open/Close Bottom Toolbar

Ctrl + D Open the drawing Palette.

Ctrl + W Run the Activity Wizard.

Ctrl + Alt + L For Multiuser Extensions, do Listen.

Ctrl + Alt + P For Multiuser Extensions, do Port Visibility.

Ctrl + Alt + Y For Multiuser Extensions, do Options.

Ctrl + Alt + G For Multiuser Extensions, do Save Offline Copy As.

Ctrl + Shift + C For IPC, do Config Apps.

Ctrl + Shift + Q For IPC, do Show Active Apps.

Ctrl + Shift + J For IPC, do Options.

Ctrl + Shift + K For IPC, do Log.

Shift + L Switch to Logical Workspace.

Shift + P Switch to Physical Workspace.

Shift + R Switch to Realtime Mode.

Shift + S Switch to Simulation Mode.

Shift + U For Logical Workspace, click New Cluster button.

Shift + M For Logical Workspace, click Move Object button.

Shift + I For Logical Workspace, click Set Tiled Background button.

Shift + V For Logical Workspace, click Viewport button.

Shift + N For Physical Workspace, open Navigation Panel.

Shift + C For Physical Workspace, create New City.

Shift + B For Physical Workspace, create New Building.

Shift + W For Physical Workspace, create New Closet.

Shift + G For Physical Workspace, show Grid.

Shift + H For Physical Workspace, open Working Closet.

Alt+S Click the Power Cycle Devices button.

Alt+D Click the Fast Forward Time button.

Alt + B In Simulation mode, click Back button.

Alt + I In Simulation mode, click Show Event List button.

Ctrl + Alt + R Show Router devices in the Device Specific Box.

Ctrl + Alt + S Show Switch devices in the Device Specific Box.

Ctrl + Alt + U Show Hub devices in the Device Specific Box.

Ctrl + Alt + W Show Wireless devices in the Device Specific Box.

Ctrl + Alt + O Show Connection types in the Device Specific Box.

Ctrl + Alt + V Show End Devices in the Device Specific Box.

Ctrl + Alt + N Show WAN Emulation devices in the Device Specific Box.

Ctrl + Alt + T Show Custom Made Devices in the Device Specific Box.

Ctrl + Alt + M Show Multiuser Connection in the Device Specific Box.

Ctrl + Alt + i Add the ith device in the Device Specific Box to the Workspace.

Space Select device.

Enter Show Device Dialog for selected device.

Ctrl + Up Arrow Move selected devices upwards.

Ctrl + Down Arrow Move selected devices downwards.

Ctrl + Right Arrow Move selected devices to the right.

Ctrl + Left Arrow Move selected devices to the left.

Ctrl + Shift + I Open Scenario Description.

Ctrl + Shift + N New Scenario.

Ctrl + Shift + D Delete Scenario.

Ctrl + Shift + O Toggle PDU List Window.

Ctrl + Insert Copy text in CLI console/Cmd Prompt.

Shift + Insert Paste text in CLI console/Cmd Prompt.

Esc Choose the Select tool.

M Choose the Move Layout tool.

N Choose the Place Note tool.

Delete Choose the Delete tool. If you have selected multiple objects, pressing Delete will delete them.

I Choose the Inspect tool.

Alt+R Choose the Resize tool.

P Click the Add Simple PDU button.

C Click the Add Complex PDU button.

Ctrl + N New Text Editor File (Valid in PC Desktop and Server Desktop)

Ctrl + O Open an existing Text Editor File (Valid in PC Desktop and Server Desktop)

Ctrl + S Save the current Text Editor File (Valid in PC Desktop and Server Desktop)

Time Constants

Packet Tracer uses the following time constants:

RIP/RIPv6 default update 30 secs

RIP/RIPv6 default timeout 3 mins

RIP/RIPv6 default flush timeout 4 mins

RIP/RIPv6 default hold-down 3 mins

MAC table entry timeout 5 mins

ARP request timer 2 secs

ARP table entry timeout 4 hrs

CDP update timer 1 min

CDP neighbor hold-down timer 3 mins

DHCP client timeout 5 secs

CSMA/CD waiting time to resend random

LMI timeout 15 secs

LMI signaling 5 secs

Inverse ARP 30 secs

HDLC keepalive 5 secs

HDLC timeout 15 secs

NAT/NAT-PT entries timeout Depends on the encapsulation protocol

NAT/NAT-PT entry encapsulated in a UDP 5 mins

NAT/NAT-PT entry encapsulated in a TCP 24 hrs

NAT/NAT-PT entry encapsulated in a ICMP 1 min

CHAP timeout 5 secs

CHAP re-authenticate timeout 10 secs

DIALING no answer timeout 5 secs

DIALING no dial tone timeout 2 secs

PPP keepalive interval 5 secs

Timeout 15 secs

EIGRP/EIGRPv6 Hello time interval period 5 secs

EIGRP/EIGRPv6 Hold time interval period 15 secs

ICMP 1 ms

STP Max Age 20 secs

STP Hello 2 secs

STP Forward Delay 15 secs

STP Topology Change Notify Timer 2 secs

STP Topology Change Timer 35 secs

RSTP Migration Delay Timer 3 secs

OSPF/OSPFv3 SPF Hold Time 10 secs

OSPF/OSPFv3 LS Refresh Time 30 mins

OSPF/OSPFv3 SPF Delay Timer 5 secs

OSPF/OSPFv3 LSA Retransmission Time 5 secs

OSPF/OSPFv3 minimum LSA Arrival Time 1 sec

OSPF/OSPFv3 Delayed Acknowledgment Timer

2.5 secs

OSPF/OSPFv3 Dead Interval 40 secs

OSPF/OSPFv3 Hello 10 secs

OSPF/OSPFv3 Wait Interval 40 secs

TCP Connection Timeout 60 secs

TCP Initial Retransmission Timeout 300 msec

TCP Min Retransmission Timeout 50 msec

TCP Max Retransmission Timeout 1000 msec (1 sec)

TCP Inactivity Timeout 1 hour

TCP Close Timeout 10 secs

DNS Request Timeout 3 secs

DHCP Timeout 5 secs

DHCP Discovery Timeout 55 secs

DTP Hello 30 secs

DTP Timeout 5 mins

Password Timeout 30 secs

ND Neighbor Request Timer 2 secs

ND Neighbor Stale Timer 30 secs

ND Neighbor Timeout Timer 4 hrs

ND Router Solicitation Interval 4 secs

ND Router Advertisement Interval <= 16 secs

DHCPv6 Solicitation Timeout 1 sec

DHCPv6 Request Timeout 1 sec

LACP Initial Advertise Interval 1 sec

LACP Advertise Interval 30 secs

LACP Peer Timeout 90 secs

PAgP Initial Advertise Interval 1 sec

PAgP Advertise Interval 30 secs

PAgP Peer Timeout 90 secs

NTP Update Time 5 min

IKE Peer Default Timer 86400 sec

IPSec Peer default timer 3600 sec

CBAC/Zone Based TcpSyn Wait time 30 sec

CBAC/Zone Based TcpFin wait time 5 sec

CBAC/Zone Based Tcp Idle time 3600 sec

CBAC/Zone Based Udp Idle time 30 sec

CBAC/Zone Based Dns Timeout 5 sec

CBAC/Zone Based Icmp Timeout 10 sec

Outside Nat Udp time out value 300 sec

Outside Nat Tcp time out value 86400 sec (24hr)

Outside Nat Icmp time out value 60 sec

Outside Nat Standard time out value 86400sec (24 hr)

SNMP Request Timeout 10 sec

Voip Rtp keepAlive time 15 sec

Voip Rtp keepAlive wait time 90 sec

Voip Sccp keepAlive timer 30 sec

Voip Sccp retry timer 10 sec

PPPoE reset keepAlive time 30 sec

PPPoE authentication failed timer 10 sec

PPPoE keep alive timer 10 sec

PPPoE linksys connect timer 30 sec

PPPoE linksys timeout timer 30 sec

BGP hold down timer 180 sec

BGP connect retry timer 60 sec

BGP keep alive timer 60 sec

Modeling in Packet Tracer

Packet Tracer simulates the behavior of real networks and devices using models. As with all simulations, the program is inherently limited by modeling decisions. The following pages describe how protocols, features, and functions are modeled in Packet Tracer. Refer to these models if you find discrepancies between real-world situations and Packet Tracer simulations. Packets captured from real networks remain the benchmark for understanding networking protocols and devices. You are encouraged to compare and contrast the behavior of the protocol and device models used in Packet Tracer with such captured packet data from real networks.

Layer 1 Models

How hubs process framesWhen a hub receives a frame (flowchart here): 

If two or more ports receive frames at the same time, a collision occurs and the hub forwards a jam signal to all ports. If one port receives a frame, the hub forwards the frame to all ports except the receiving port.

 How repeaters process frames

When a repeater receives a frame: 

The repeater forwards the frame to the other port.

 

How Wireless is modeledPacket Tracer models only certain aspects of the wireless protocols.

Wireless A, B, G, and N are supported. Infrastructure wireless mode is supported. Ad-hoc is not supported. Authentication methods are none and WEP. WEP requires a 10 digit hex key. The authentication method and configuration must match on both

the wireless client and wireless server in order for them to be associated. An antenna's coverage area is set to a specific area and cannot be changed. The signal strength based on distance is not calculated modeling real

physics.

Layer 2 Models

How switches process incoming framesWhen a switch receives a frame (flowchart here): 

It compares the receiving port's type (trunk or access) to the frame's format. o It drops the frame if (any):

The port is an access port while the frame has a Dot1q encapsulation format. The port is a trunk port and the frame is not a Dot1q frame.

o Otherwise, continue to process the frame.

It drops the frame if the receiving port is a blocking port and the frame is not an STP frame. It determines which VLAN the frame is destined.

o If the receiving port is a trunk (and so the frame is a Dot1q frame): It gets the frame's destination VLAN number from the VLAN tag in the Dot1q header. It checks if the switch itself has that particular VLAN configured.

If that VLAN is configured, it refers to that VLAN's MAC table: If the frame's source MAC address is in the MAC table, it resets the entry's timer. If not, it creates a new MAC entry in the table and starts a timer for it. When the timer expires (5 min), it removes the entry.

If that VLAN is not configured, the switch broadcasts the frame to all trunk ports (except the receiving port) that allow that VLAN number.

o If the receiving port is an access VLAN (the frame is destined for that VLAN), it continues to process it. It sends it to a higher process if (any): The frame is an STP frame. The frame's destination MAC address is a CDP multicast address. The frame's destination MAC address is a broadcast MAC address. The frame's destination MAC address matches the active VLAN interface's MAC address.

 How switches send framesWhen a switch wants to send a frame (flowchart here): 

If the frame came from a higher-level process: o It checks if the outgoing port is up.

If outgoing port is up, send the frame out. If outgoing port is not up:

It tries to find the active VLAN interface that is up, and then sends it out that interface. If it cannot find such an interface, it finds the first VLAN that is allowed in the trunk that is configured on the switch.

If it can find such an interface, it encapsulates the frame with a Dot1q header with that VLAN number tag and sends it out to the trunk.

If no such trunk is configured, it drops the frame. If the frame came from a same-level process:

o If the outgoing port is not up (not configured), it drops the frame. Otherwise, it continues the process It checks if the frame's destination MAC address is a unicast. If so:

o If the outgoing port is the same as the incoming port, it drops the frame. o If the outgoing port is not the incoming port:

If the outgoing port is a trunk port: If the frame is a Dot1q frame:

If the trunk port allows the tag in the frame, it sends the frame. If the trunk port does not allow the frame's tag, it drops the frame.

If the frame is not a Dot1q frame: If the trunk port allows the VLAN that the frame is destined for:

The switch encapsulates the Ethernet frame with a Dot1q header and sends it out the trunk port. If the trunk port does not allow the VLAN that the frame is destined for, it drops the frame.

If the outgoing port is an access port: If the frame is a Dot1q frame:

If the frame's tag is the same as the port's VLAN, it de-encapsulates the frame (to an Ethernet frame) and sends it out. If the frame's destination tag is different from the port's VLAN number, it drops the frame.

If the frame is a regular Ethernet frame: If the receiving port's VLAN is the same as the outgoing port's VLAN, it forwards the frame.

If not, it drops the frame. If the frame's destination MAC address is a multicast address:

o For each and every port (trunk and access): It checks if the destination VLAN is allowed in that port. If so, it sends the frame out that port with the appropriate format (see the

unicast frame sending logic). If the destination VLAN is not allowed, or if the port is the same as the receiving port, the switch will not forward the frame out that

port.

 How CSMA/CD is modeledPacket Tracer models only certain aspects of the CSMA/CD process. 

Packet Tracer does not implement the process where each station continuously senses the channel. The program assumes that if a jam signal is not received, the medium is available for transmission. The program does not fragment a CPDU. Therefore, the Ethernet process only has to remember the previous PDU in the case of retransmission

due to collision. The program does not implement the propagation time t from one end of a medium to the other. This forces all frames to take 2t to send. The program implements the binary exponential back-off algorithm (IEEE 802.3):

o In the first collision, each station chooses either the 0 or the 1 slot time. o In the event of a second collision, each station picks from four possible slot times: 0, 1, 2, 3. o In the event of a third collision, each station randomly chooses a slot time from 0 to (2^3 - 1), or 0 to 7. o In the event of further collisions (from the 4th to the 15th collision), each station randomly chooses a slot time from 0 to (2^i - 1), where i is

the number of collisions. o The frame is discarded after the 16th retry

 How switches utilize Spanning Tree Protocol (STP)

The STP is a technology that allows switches and bridges to communicate with each other to prevent loops in the network. When a switch/bridge is added to a network, it sends out Bridge Protocol Data Units (BPDU) announcing itself as root. If the switch/bridge has the lowest ID, it becomes the root. The root marks its ports as designated ports. Non-root switches/bridges mark the port closest to the root as root port. Every non-root switch/bridge will select one root port. Each segment of the network will elect one designated port:

o If the port has the lowest root ID, it becomes the designated port. o If the port has the lowest path cost to the root, it becomes the designated port. o If the port has the lowest send ID, it becomes the designated port. o If the port has the lowest port ID, it becomes the designated port.

Ports not marked as root or designated are marked as blocked. Additionally, in RSTP mode, if a port on a switch is connected to the switch itself, it is marked as a backup port, otherwise it is marked as an alternate port.

The root bridge in the STP will periodically send BPDUs out while non root bridges will forward these frames when it is received. In the RSTP, all bridges periodically send BPDUs out with their current information.

When a switch receives a STP frame (flowchart here): 

If STP is disabled on that port, it drops the frame. If the switch is running the RSTP, it starts the migration delay timer.

o If the migration delay has expired, change the port to run in the STP mode. STP checks the frame type.

o If the frame type is configuration BPDU: If the frame does not contain superior information, the switch drops the frame. The information is superior if it contains lower root ID,

lower root path cost, lower bridge ID, or lower port ID. Records the superior information and selects new root bridge and designated port if necessary. If the device was the root, sends a TCN

BPDU through the root port. If the BPDU is received on the root port, forward the frame out through designated ports.

o If the frame type is Topology Change Notification (TCN) BPDU: If the frame is received on a non-designated port, the switch drops the frame. If the device is the root, the switch sets topology change flag to true in the BPDU. If the device is not the root, the switch forward the frame out through root port.

When a switch receives a RSTP frame (flowchart here):

If the switch is running the STP, it drops the frame. If the frame is an agreement frame, set the port to forwarding state and make it designated. If the frame contains superior information:

o If the port has root guard enabled, block this port and mark it as inconsistent. o Otherwise:

If the frame is from myself, block this port and mark it as a backup port. Otherwise make the received port the new root port and block all other non edge ports.

Send out a reply with the same information as the received BPDU but with the agreement flag set. If the frame contains inferior information:

o If the information is from our root port, check for a better root port. o Otherwise:

If my root path cost is lower than the received root path cost, set my port to be designated forwarding. If my root path costs are the same:

If my bridge ID is lower than the received bridge ID, set my port to be designated forwarding. If my bridge ID is the same as the received bridge ID:

If my port ID is lower than the received port ID, set my port to be designated forwarding. If my port ID is higher than the received port ID, set my port to be backup blocking.

Otherwise set my port to be alternate blocking.

How port security worksWhen switch receives a frame (flowchart here):

If port security is on and the receiving port is not in dynamic mode port security processes the frame. o It sets the last source MAC address and VLAN on the port from the received frame information. o If any Mac entry exists with the same source MAC address:

If the interface of the MAC entry is the same as the receiving interface and same VLAN as the receiving interface, the frame passes port security.

Otherwise If the MAC entry is a dynamic entry then removes the dynamic entry and:

If the maximum allowed secure MAC addresses is reached it drops the frame and goes to the violation mode. If the maximum allowed secure MAC addresses is not reached the frame passes the port security process.

If the MAC entry is a static entry then it applies the violation mode because another port in the same VLAN has the same static MAC address.

o If MAC entry with the same source MAC does not exist: If the maximum allowed secure MAC addresses is reached, drops the frame Otherwise frame passes the port security process.

If the frame passes the security process and the sticky MAC address is on, on the received interface, the MAC entry gets added to the MAC table as a static entry. A switch port can be configured with secure MAC addresses even if the port's line protocol is down. When the port's line protocol changes from down to up, if there is a list of secure MAC addresses for the port waiting to be added to the MAC table, the port security checks the MAC entries with the same VLAN address as the current port.  If there is the same MAC address on the current port which is an sticky MAC, port security deletes the secure MAC from the list and does not

add it to the MAC table. If the MAC address does not exist in the MAC table, then it adds a MAC entry for that secure MAC to the MAC table.  How DTP decides on the mode of the portDTP has the responsibility of setting switch port's modes.Each switch port sends a DTP frame out about its administration mode and operation mode on a regular basis

If the port is configured with dynamic administrative mode and nonegotiate is not on.

When the switch port on the other side of the link receives the DTP update it (flowchart here): 

If there is a VTP domain name mismatch it drops the frame If the port is configured to be in access or trunk administrative mode it drops the frame. If the port is dynamic and is not in the nonegotiate state it processes the frame.

o If the same MAC entry (with the same source MAC address as the received frame) exists on the receiving port then restart the timer for that entry. DTP process updates the port's operational mode based on the received DTP port status.

o Otherwise it adds a new MAC entry to the MAC table and sets a timer for it. DTP process updates the port's operational mode based on the received DTP port status.

To update the port operational mode DTP (flowchart here): 

If the number of neighbors on that port which are sending DTP frames is more than one or is equal to zero o Change the operational mode of the receiving port to static access.

If the number of neighbors is equal to 1 o If local port's administrative mode is dynamic auto

If remote neighbor's port is in the administrative mode of desirable or trunk set the operation mode of local port to trunk. Otherwise, set operation mode to static access.

o If local port's administrative mode is dynamic desirable If remote neighbor's port is in administrative mode of desirable or trunk or auto set the operation mode of local port to trunk. Otherwise,

set operation mode to static access. o If the local port's administrative mode is access then drop the frame and do not process any DTP frames.

 How switches processing incoming VTP framesWhen a switch receives a VTP frame (flowchart here): 

If the switch is in VTP Transparent mode: o Forwards VTP frame to all other trunk ports

If the VTP frame is an Advertisement Request frame: o If the domain name on the VTP frame does not match the switch's, then drop the frame and stop. o Send out a Summary Advertisement frame. o Send out a Subset Advertisement frame.

If the VTP frame is a Summary Advertisement frame: o If the switch's domain name is set and the one in the VTP frame is different, then drop the frame and stop. o If the switch's domain name is not set, then set the domain name to be the one in the VTP frame, and recalculate MD5. o If the MD5 in the VTP frame does not match the on the switch, then drop the frame and stop. o If the version is different, then take the one in the VTP frame. o If the config revision in the VTP frame is smaller than the one on the switch:

Send out a Summary Advertisement frameo If the config revision in the VTP frame is larger than the one on the switch:

If the followers field is 0: Send out an Advertisement Request frame

Wait for the Subset Advertisement frameso If the config revision in the VTP frame is the same as the one on the switch:

Drop the frame If the VTP frame is a Subset Advertisement frame:

o If the domain name on the VTP frame does not match the switch's, then drop the frame and stop. o If not expecting a Subset Advertisement, then drop the frame and stop. o If the config revision in the VTP frame is different than the expecting one, then drop the frame and stop. o If the sequence number in the VTP frame is different than the expecting one, then drop the frame and stop. o Add the subset to the reply o If the VTP frame is the last expecting subset:

Update the VLAN database with the received subsets

Send out a Summary Advertisement frame Send out a Subset Advertisement frame

 When do switches send out VTP framesWhen do switches send out Advertisement Requests: When the switch detects a VTP configuration change and it is in VTP Client mode When receiving a Summary Advertisement but there is no subset following it  

When do switches send out Summary Advertisements: When a trunk port comes up and the switch is already advertising VTP Every 5 minutes When receiving a Summary Advertisement with its config revision smaller than the switch's  

When do switches send out Subset Advertisements: When a trunk port comes up and the switch is not already advertising VTP When a local VLAN change is detected and the switch is in VTP Server mode When the switch detects a VTP configuration change and it is in VTP Server mode After updating VLAN database on the receiving of Subset Advertisements When receiving a Advertisement Request How HDLC Works

HDLC is the default data link protocol for serial interfaces. Sends keepalives periodically to the other end of the link. When it receives a keepalive, it brings up the line protocol. If it does not receive a keepalive from the other end for a certain period of time, it brings down the line protocol. If the interface is configured to not use keepalives, it would bring up the line protocol even if it does not receives keepalives from the other end.

 

How Etherchannel WorksWhen a multilayer switch receives a packet (flowchart here):

Check if the port is active in etherchannel If the frame is LACP/PAgP

o If the partnerDevice in the etherchannel portData matches the partnerDevice in the received frame Negotiation is successful and the port is changed either to trunk or access mode

If the port is not active in the etherchannel o Send the packer to the next highest layer for further processing

When a multilayer switch sends a packet: 

A load balance method is selected depending on what user selects. If no method is selected, uses source Mac address as the load balance method. The frame is then sent to the lower layer for further processing.

 

How Multilayer Switching Works

The new 3560 switch in Packet Tracer is a multilayer switch. It has switching as well as routing capabilities. It supports IPv4 and IPv6 routing protocols such as RIP, EIGRP, and OSPF. Each physical interface can be independently configured to be switched or routed ports. Switched ports are layer 2 ports that allow only layer 2

configurations and functionalities. Routed ports allow layer 3 functionalities just like a port on a router. They are switched ports by default.

 

How HDLC Works

HDLC is the default data link protocol for serial interfaces. Sends keepalives periodically to the other end of the link. When it receives a keepalive, it brings up the line protocol. If it does not receive a keepalive from the other end for a certain period of time, it brings down the line protocol. If the interface is configured to not use keepalives, it would bring up the line protocol even if it does not receives keepalives from the other end.

 

How PPP Works

PPP is a data link protocol for serial interfaces as well as modem connections. PPP requires authentication before a connection is made.  The authentication types available in Packet Tracer are none, PAP, and CHAP. Each side of the connection can use different authentication methods, but the other end must support them. The authentication type set on one side is the authentication type required on the other side. Setting authentication to none means allow the other side to authenticate without any username or password checking.

Both PAP and CHAP use a username and password to authenticate the other side.  CHAP provides a stronger encryption and authentication method.

 

How PPPoE WorksThe Point-to-Point Protocol over Ethernet (PPPoE) is a network protocol for encapsulating Point-to-Point Protocol (PPP) frames inside Ethernet frames. By using PPPoE, users can virtually "dial" from one machine to another over an Ethernet network, establish a point to point connection between them and then transport data packets over the connection. (flowchart here):

PPPoE is a client-server model. PPPoE has two distinct stages.

o Discovery stage: There are four steps to the Discovery stage. When it completes, both peers know the PPPoE SESSION_ID and the peer's Ethernet

address, which together define the PPPoE session uniquely. o PPP Session stage

Server assigns an IP address from the configured pool to the client. Based on the configuration on server side it may need to authenticate the client through:

AAA server authentication Locally saved username/password database. No authentication needed.

Client uses the assigned IP address o When PPPoE client sending a packet out:

Encapsulates all the outgoing packets in the following packets: PPP frame, PPPoE frame adding the session id to the id field of PPPoE header, and Ethernet frame (destination MAC address of

server) o When Client receives a PPPoE packet:

If the session ID matches one of the client's that the server has negotiated with, it de-encapsulates the packet and send it to PPP for future processing.

Server uses the session ID to distinguish between different clients: o When server receives a PPPoE frame, it checks the received PPPoE session ID and if session ID is known:

It removes PPPoE header and sends it to PPP for further processing Otherwise it drops the packet

o When server sends a packet: If packet is destined for a particular client that a session has been negotiated with:

It encapsulates the packet in PPP and PPPoE frames with the particular session ID and sends it to the client Otherwise, it drops the packet.

 

How Frame Relay Works

Frame Relay provides connection-oriented data link layer communication. This means that a defined communication exists between each pair of devices and that these connections are associated with a connection identifier. This service is implemented by using a Frame Relay virtual circuit, which is a logical connection created between two data terminal equipment (DTE) devices across a Frame Relay packet-switched network. Virtual circuits provide a bidirectional communication path from one DTE device to another and are uniquely identified by a data-link connection identifier (DLCI). A number of virtual circuits can be multiplexed into a single physical circuit for transmission across the network. This capability often can reduce the equipment and network complexity required to connect multiple DTE devices.

A Frame Relay PVC is a logical link whose endpoints and class of service are defined by network management. A PVC consists of the originating Frame Relay network element address, originating data-link control identifier, terminating Frame Relay network element address, and termination data-link control identifier. "Originating" refers to the access interface from which the PVC is initiated. "Terminating" refers to the access interface at which the PVC stops. Many data network customers require a PVC between two points. DTE that needs continuous communication uses PVCs.

LMI virtual circuit status messages provide communication and synchronization between Frame Relay DTE and DCE devices. These messages are used to periodically report on the status of PVCs, which prevents data from being sent into black holes (that is, over PVCs that no longer exist).

Frame Relay Inverse ARP can be used as a method of building dynamic routes in Frame Relay networks running IP. Inverse ARP allows the communication server to discover the protocol address of a device associated with the virtual circuit. Inverse ARP is used instead of the frame-relay map command which allows you to define the mappings between a specific protocol and address and a specific DLCI. Inverse ARP is not needed for a point-to-point interface because there is only a single destination and discovery is not required.

Frame Relay subinterfaces provide a mechanism for supporting partially meshed Frame Relay networks. Most protocols assume transitivity on a logical network; that is, if station A can talk to station B, and station B can talk to station C, then station A should be able to talk to station C directly. Transitivity is true on LANs, but not on Frame Relay networks unless A is directly connected to C.

Configuring Frame Relay subinterfaces ensures that a single physical interface is treated as multiple virtual interfaces, which allows you to overcome split horizon rules. Packets received on one virtual interface can be forwarded to another virtual interface, even if they are configured on the same physical interface. Subinterfaces address the limitations of Frame Relay networks by providing a way to subdivide a partially meshed Frame Relay network into a number of smaller, fully meshed (or point-to-point) subnetworks. Each subnetwork is assigned its own network number and appears to the protocols as if it is reachable through a separate interface.

When a Frame Relay Cloud receives a frame, it looks up the connection created by the user. If a connection is found, the Cloud forwards the frame out the port specified in the connection. If the connection is not found, the frame is dropped. When a router receives a frame, it looks up the DLCI specified in the frame. If the DLCI is mapped to an interface, the frame is passed to that interface. If the DCLI is mapped to an interface, the frame is dropped by the router.

 How Cable/DSL Works

DSL

o A digital subscriber line (DSL) connection is a high-speed connection that uses the same wires as a regular telephone line. DSL services are dedicated point-to-point network access over twisted-pair copper wire on the local loop between a network service provider's central office and the customer site.

o DSL circuits connect DSL modems to a digital subscriber line access multiplexer (DSLAM) creating three data channels: a high-speed downstream channel, a low-speed upstream channel, and a basic telephone service channel. The DSLAM (the cloud) provides one of the main differences between DSL and cable modems. Because cable-modem users generally share a network loop that runs through a neighborhood, adding users means lowering performance in many instances. ADSL provides a dedicated connection from each user to the DSLAM. Therefore, users won't see a performance decrease as new users are added.

o A DSL Modem can be used to connect to a modem port defined in the Cloud using telephone wire. Another device (such as a PC or a router) is connected to Ethernet port on the DSL Modem. The DSL Modem acts like a bridge forwarding traffic from one port to the other port.

Cable o In a cable TV system, signals from the various channels are each given a 6-MHz slice of the cable's available bandwidth. When a cable

company offers internet access over the cable, data can use the same cables because the cable modem system puts downstream data into a 6-MHz channel. Thus Internet downstream data takes up the same amount of cable space as any single channel of programming. Upstream data uses 2-MHz channel.

o Just like DSL, high-speed cable requires a modem at the customer end and a cable modem termination system (CMTS) at the provider end. CMTS (the Cloud) functions like DSLAM in a DSL environment. The CMTS takes the traffic coming in from a group of customers on a single channel and routes it to an Internet service provider for connection to the Internet. A CMTS enables many connections to the Internet through a single 6-MHz channel. A single channel is capable of up to 40 Megabits per second of total throughput.

o Unlike DSL, data channels to CMTS are shared. If these channels are saturated with user traffic, the theoretical bandwidth may not be achieved. However, this particular performance issue can be resolved by the cable company by adding a new channel and splitting the user base. Another difference between DSL and cable is that the downstream information flows to all connected users. It is up to the individual network connection to decide whether a particular block of data is intended for it or not. On the upstream side, information is sent from the user to the CMTS directly without other users seeing it.

o A Cable Modem can be used to connect to a coax port defined in the Cloud using coaxial wire. Another device (such as a PC or a router) is connected to an Ethernet port on the Cable Modem. The Cable Modem acts like a bridge forwarding traffic from one port to the other port.

ISP o The Cloud under WAN Emulation is used to model an ISP. o Multiple Ethernet ports can be added to the Cloud emulating ISP networks. o Multiple modem ports can be added to the Cloud emulating a DSLAM. o Multiple coax ports can be added to the Cloud emulating a CMTS. o Multiple modem ports can be mapped to a single Ethernet port that is defined to use DSL as the provider network. o Multiple coax ports can be mapped to a single Ethernet port that is defined to use Cable as the provider network. o For DSL connections, traffic received on a modem port will be forwarded to the corresponding Ethernet port. Traffic received on an Ethernet

DSL port will be forwarded to the correct DSL modem. o For Cable connections, traffic received on a coax port will be forwarded to the corresponding Ethernet port. Traffic received on an Ethernet

Cable port will be forwarded to all coax ports connected to that Ethernet port.

Layer 3 Routing Models - RIPv1 RIPv2 EIGRP OSPF

How a router starts the RIP processThe router generates a RIP request packet to be sent out all ports. The packet will successfully exit a port if the port is (all): 

Functional (the port exists, and the line protocol is up). RIP-enabled.

Not RIP-passive.

 RIP versionsThe router deals with RIP packets differently depending on what version of RIP it is running. 

If it is running RIPv1, it can: o Send and receive RIPv1 packets. o Send broadcasts.

If it is running RIPv2, it can: o Send and receive RIPv2 packets. o Send multicasts.

If the RIP version is not set, it can o Send RIPv1 packets. o Receive RIPv1 and RIPv2 packets. o Send broadcasts.

 How a router sends RIP updatesThere are two types of RIP updates: regular and triggered. 

The router sends regular updates every 30 seconds. The update contains all of the information in the routing table. The router sends triggered updates only when a route has changed or an interface changes state (up or down).

 How a router processes incoming RIP packetsWhen a router receives a RIP packet (flowchart here): 

It drops the packet if (any): o The incoming port does not have a valid IP address or is not RIP-enabled. o The source IP address is not from a directly connected network. o The packet came from the router itself. o The packet's RIP version does not match the router's RIP version.

If the packet is a request packet:

o Check the port to see if it is a passive interface. If it is, drop the packet. If it is not a passive interface, process the packet:

Create a RIP response packet, which contains information about a route or the entire routing table (depending on the request). Send the RIP response out the same port.

If the packet is a response packet, process it: o Look through each RIP route portion of the packet (the portion from address family identifier, or AFI, to the metric). A RIP packet can

contain up to 25 RIP route portions. Ignore any portions where (any):

The metric is greater than infinity. The AFI is not the IP family. It is a broadcast, Class D, or Class E address.

o Set the next hop to the incoming port's address. o For new routes, ignore the route portion if the metric is now 16. o For existing routes, the metric is set to 16. o If the packet contains information about a network that does not exist in the RIP database, it is added to the database. o If a network already has an entry in the RIP database, update it with the latest information. o Send out new and updated routes on the next triggered update.

 How a router processes incoming EIGRP packetsWhen a router receives an EIGRP packet (flowchart here): 

It checks to see if the EIGRP process for the autonomous system that is specified in the packet is enabled. o If it is not enabled, then the router drops the packet. o Otherwise, it sends the packet to that EIGRP process.

When an EIGRP process receives an EIGRP packet: 

It makes the following checks and drops the packet if (any): o The receiving interface does not have EIGRP enabled. o The packet does not come from the same subnet as the receiving interface. o The receiving interface is passive.

It checks if the packet is a Hello packet. o If so, then it processes the Hello packet (skip to next section). o Otherwise, it checks if the packet came from an existing neighbor.

If not, then it drops the packet. If the packet did come from an existing neighbor:

It checks if the packet is an Acknowledgment packet. If so, then it removes the acknowledged packet from the neighbor's output queue. Otherwise, it checks the sequence number on the packet and the neighbor's last heard sequence number.

If the sequence number on the packet is larger than the last heard, then update the last heard. If the sequence numbers are the same or the one on the packet is smaller than the last heard, then it drops the packet.

It checks if the packet piggybacks an Acknowledgment. If so, it removes the acknowledged packet from the neighbor's output queue.

It checks if there are any packets in the neighbor's output queue. If there are not, then it sends an Acknowledgment packet back to the neighbor.

It checks if the packet is an Update packet. If so, then it processes the Update packet. It checks if the packet is a Query packet. If so, then it processes the Query packet. It checks if the packet is a Reply packet. If so, then it processes the Reply packet.

When an EIGRP process processes a Hello packet: 

It checks if the Hello packet has matching K values as the EIGRP process. o If not, then it removes the neighbor from the router's neighbor table.

It checks if the neighbor already exists in the neighbor table. o If so, then it updates the last-heard time and hold timer. o If not, it adds the new neighbor to the neighbor table, and sends a full update of its topology table to the new neighbor.

When an EIGRP process processes an Update packet: 

It goes through all routes in the Update packet and updates the topology table.

When an EIGRP process processes a Query packet: 

It updates the topology table with the route in the query. It checks if updating the topology table does not cause the process to query other neighbors. If it does not, then reply the best route to the queried neighbor.

When an EIGRP process processes a Reply packet: 

It makes the following checks and drops the packet if (any): o The replied route does not exist. o The network is not in ACTIVE state. o The neighbor who replied was not queried.

It checks if the replied route is better than the best heard in the reply table. o If so, then it replaces the best heard in the reply table with the replied route.

It checks if the replied route is the last expected reply. o If it is, then processes the last Reply packet to a query.

When an EIGRP process processes a last Reply packet to a query: 

It replies to all queried neighbors with the best-heard route from the reply table. It sets the network to PASSIVE state. It updates the topology table with the best route.

When an EIGRP process updates the topology table with a route: 

Checks if the network is in ACTIVE state. o If so, it ignores the update.

It gets the old best route and old best metric to the network. It adds the route to the topology table. It gets the new best route and new best metric to the network. It checks if the new best route is unreachable or there is no feasible successor.

o If either is true, then it queries neighbors about the route. If there is no neighbor to query, then it removes the network from topology and routing table.

o If the new best route is feasible, then it adds all successors for the network to the routing table. Update neighbors.

 How a router processes incoming OSPF packetsWhen a router receives an OSPF packet (flowchart here): 

It checks to see if an OSPF process is enabled on the port that received the packet. o If it is not enabled, then the router drops the packet. o Otherwise, it sends the packet to that OSPF process.

When an OSPF process receives an OSPF packet (flowchart here): 

It makes the following checks and drops the packet if (any): o The receiving interface does not have OSPF enabled. o The packet does not come from the same subnet as the receiving interface. o The receiving interface is passive. o The packet is for (backup) designated router and the router is not. o The receiving interface does not have the same area id as indicated in the packet. o The authentication failed for the packet.

It checks if the packet is a Hello packet. o If so, then it processes the Hello packet (skip to next section). o Otherwise, it checks if the packet came from an existing neighbor.

If not, then it drops the packet. If the packet did come from an existing neighbor:

It checks if the packet is a Database Description packet (DDP). If so, then it processes the DDP. It checks if the packet is a Link State Request (LSR) packet. If so, then it processes the LSR. It checks if the packet is a Link State Update (LSU) packet. If so, then it processes the LSU. It checks if the packet is a Link State Acknowledgment (LSAck) packet. If so, then it processes the LSAck.

When an OSPF process processes a Hello packet (flowchart here): 

It checks if the Hello packet has matching hello & dead timer values as the OSPF process. o If not, then it prints out a warning message and drops the packet.

It checks if the neighbor already exists in the neighbor table. o If so, then it resets the dead timer. o If not, it adds the new neighbor to the neighbor table and sets the neighbor state to 2-WAY.

The adjacency is established with the neighbor if: The underlying network is point-to-point. The underlying network is broadcast and the router itself is designated router, backup designated router, the neighboring router is

designated router, or the neighboring router is backup designated router. It checks if backup designated router is present.

o If not, then it performs designated router election after wait timer expires.

When an OSPF process processes a Database Description packet (flowchart here): 

If the state is start, the master/slave relationship is formed based on router ID. The neighbor state is updated to exchange. During the exchange state, the OSPF process goes through all the link state advertisement (LSA) headers stored in the packet. If the router does

not have the LSA described in the header, it stores the header in the queue. If there are no more DDPs, the neighbor state transitions to loading. The headers stored in the queue are used to generate LSRs.

When an OSPF process processes a Link State Request (LSR) packet (flowchart here): 

It looks up its Link State Database and puts the information in the Link State Update (LSU) packet and sends to the adjacent neighbor. After all the corresponding LSUs are received for the LSRs, the neighbor state transitions to full.

When an OSPF process processes a Link State Update (LSU) packet (flowchart here): 

It validates the LSA's checksum. If the checksum is invalid, discard the LSA. It checks the LSA's type. If the type is unknown, discard the LSA. It checks the LSA's age. If the age is equal to maximum allowed value and there is currently no instance of the LSA in the router's database, and

none of router's neighbors are in states exchange or loading states, then the router sends an acknowledge. If the LSA is not in the database or is newer, add to the database. If the LSA is the same instance as the database copy, and the LSU is not used as an implied acknowledgment, send a LSAck to the neighbor. If the database copy is more recent, discard the LSA without acknowledging it.

When an OSPF process processes a Link State Acknowledgment packet (flowchart here): 

It checks neighbor's state. If the neighbor is in a lesser state than exchange, discards the packet. It checks if the acknowledgment is for an instance of a LSA stored in the retransmission list for the neighbor. If yes, the OSPF process removes

the LSU from the retransmission list.

When an OSPF process updates the routing table with a route (flowchart here): 

All routers in the same autonomous system belonging to the same area should have identical database. After a LSA has been added to the database, the OSPF process starts a timer. The router performs shortest path first (SPF) calculation after the

timer expires. The SPF algorithm uses LSAs stored in the database to generate OSPF routes. The routes are added to the routing table.

 

How routes are Redistributed using Redistribution feature.

Redistribution commands can be configured in the router mode of the routers for all types of the routing protocols including EIGRP, EIGRPv6, OSPF, OSPFv3, RIP, and RIPv6.

Once a redistribution command is configured. o Router checks for that specific type of the route in its routing table

 If any exists that matches the redistribution command it will add the route to the destination protocol’s database or topology table and sends out an update to its neighbors for that route.

If there is not any matching route in the routing table, it checks back the routing table for the newly receiving routes. If any matches the command it will add it to the destination protocol’s database and sends out an update for that route to its neighbors.

If route which matches the redistribution command’s protocol gets deleted from the routing table the router sends out an update to its neighbor and announces that specific route’s status as down.

Once a redistribution command is removed from the router o The router marks the metric of the matching routes as unreachable and sends an update to its neighbor about that route.

Once an interface comes up or a network commands gets added to any routing protocols. o Router checks whether a redistribution command is configured. If  there is any configured it will send an update out of that interface.

 

How CEF works

Cisco Express Forwarding uses a cache table for fast forwarding. The CEF cache table contains entries matching destination networks to next hop IP address, next hop layer 2 information, and outgoing interface. The CEF cache table is built from lookups in the routing table and IP address to layer 2 information. When packets are needed to be sent out, whether receiving from an interface or sending from the local device, it looks up the destination network

in the CEF cache table first. If it is found, it uses that information to encapsulate and modify the frame and sends it out. If it is not found, it uses process routing, which is same as looking up routing table and passing to lower layer for layer 2 encapsulation. It also

records the information in the cache table when the layer 2 information is complete.

 

IPv6 Routing and Routing Protocols

Routing in IPv6 works the same way as in IPv4 with "ip classless" enabled, which is always enabled in Packet Tracer. Display of routing table in IPv6 does not group networks together as in different classes in IPv4. RIPv6 works the same way as RIPv2. Multiple instances of RIP can be run at the same time on the same device. EIGRPv6 and OSPFv3 work the same way as in IPv4 except the router-id's are still using IPv4 addresses. They can be either automatically

chosen from the assigned IPv4 addresses on the device or manually configured for the routing protocol instance.

 How a router processes incoming BGP packetsWhen a BGP peer receives an open packet (flowchart here): 

If versions are different o Send BGP error open version notice back o Stop neighbor peering o Start Connect retry timer

If neighbor's AS is not the same as this router's configured neighbor AS: o Send BGP error open Bad AS notice back o Stop neighbor peering o Start Connect retry timer

If neighbor's speaker ID is the same as this router's speaker ID: o Send BGP error open Bad ID notice back o Stop neighbor peering o Start Connect retry timer

If neighbor's holdtime is less than 3: o Send BGP error open Bad Holdtime notice back o Stop neighbor peering o Start Connect retry timer

Negotiate holdtimes, using the smaller of the neighbor's and this router's hold time. Change state to OPEN CONFIRM Send keepalive to neighbor

 When a BGP peer receives a notification packet (flowchart here): 

If error code is Cease o Send Cease back

If error code is hold time expire o Close TCP connection

Stop neighbor peering Start connect retry timer

 When a BGP peer receives an update packet: (flowchart here):

 

If Update packet contains withdrawn routes o Set withdrawn route in neighbor's incoming routing information base table to be unfeasible

If Update packet contains route updates o If new route:

Add route to the neighbor's incoming routing information base table o If existing route exists:

Update routing information Run decision process to pick best routes to the main routing information base and install routes to the routing table

 When a BGP peer receives a keepalive packet: (flowchart here): 

Increment keepalive count Refresh hold down timer Run decision process to pick best routes to the main routing information base and install routes to the routing table

 BGP Decision Process: (flowchart here): 

Check all network statements o If network is not installed in the main BGP routing information base table

If network is reachable If another route is already installed, make the other route unfeasible If route is not already installed, add route to routing table if not there

Check all neighbor's incoming routing information base table o Verify route is loop free (AS Path does not go through local AS) o If synchronization is enabled, verify the route's next hop is reachable through an IGP o If the route is the best route available, add route to routing table if not there

Send routing update for redistributed routes Remove all unfeasible routes from the main routing information base and send withdraws if necessary Send out route updates for all new routes installed Remove all unfeasible routes from the main routing table

Layer 3 IP Models

How IP and IPv6 are modeledPacket Tracer models only certain aspects of IP. 

IP version 4 is modeled.

IP addresses are 32 bits long, and displayed using the dot-decimal notation, where each octet or byte of the IP address is displayed in decimal number and separated by a dot.

All class A, B, and C addresses (1.0.0.0 to 224.255.255.255) except loopback addresses (127.0.0.0 to 127.255.255.255) can be assigned to ports. All IP packet fields are displayed in the PDU details.  However, only the following four fields are used: Destination IP Address, Source IP

Address, TTL, and Protocol.  The Protocol field in the IP packet identifies the layer 4 PDU. When a device sends an IP packet, it places the value corresponding to the layer 4

process or service in the Protocol field. When a device receives an IP packet, it dispatches the layer 4 PDU to a process or service corresponding to the value of the Protocol field.

 Packet Tracer also models IPv6. 

IP addresses are 128 bits long, and displayed as eight groups of four hexadecimal digits separated by colons. There are no classes of addresses in IPv6. Each address assignment has an address and a prefix in the format with / followed by the prefix length

of the network. All IPv6 packet fields are displayed in the PDU details.  However, only the following four fields are in used: Destination IPv6 Address, Source

IPv6 Address, Hop Limit, and Next Header.  The Next Header field in the IPv6 packet identifies the layer 4 PDU or the next option in the IPv6 header. When a device sends an IPv6 packet, it

places the value corresponding to the layer 4 process or service in the Next Header field. When a device receives an IPv6 packet, it dispatches the layer 4 PDU or the IPv6 header to a process or service corresponding to the value of the Next Header field.

 

How devices process incoming ICMP packetsWhen a device receives an ICMP packet: 

It checks the ICMP message contained in the packet. o If the packet contains the message "TTL Exceeded" or "Echo Reply:"

It checks to see if it has recently sent an ICMP message with the same identification as the received ICMP message. If so, it sends out the ICMP.

 

How devices process incoming ICMPv6 packetsICMPv6 works similar to ICMP for Echo, Echo Reply, Hop Limit Expire (TTL Expire), Unreachable messages. For Neighbor Discovery (ND) messages, ICMPv6 process sends them to the ND process. Refer to ND process for more details.

 

How ND for IPv6 processes incoming packetsWhen an ND process for IPv6 receives a packet (flowchart here):

If the packet is a Neighbor Solicitation, the process executes the following actions: o It will drop the packet if it doesn’t contain a Link Layer option. o If the destination IPv6 address doesn’t match with the receiving interface’s IPv6 address:

If there is an entry already exists in the ARP table, the entry will be updated with the information in the packet. o If matched,

If the host device is not a switch, the process will update the ARP table with information from the packet (source IPv6 address, source MAC address).

Then ND process creates an ARP Reply packet that contains its MAC address and sends to the source device. If the packet is a Neighbor Advertisement, the process executes the following actions:

o It will drop the packet if it meets any of the following conditions: It does not contain a Link Layer option. It has not sent an ARP request but received an ARP reply

o Otherwise, it will do the following actions: The device’s ARP process will updates the ARP table with the received information. If there are buffers contained in the received packet, the ARP process takes out these buffers and resends them.

It the packet is a Router Solicitation, the process executes the following actions: o It will drop the packet if the message is a not valid Router Solicitation.  A valid Router Solicitation message must meet the following

conditions: The IP Hop Limit field has a value of 255. ICMP code is 0. ICMP length is 8 or more octets. All included options have a length that is greater than zero. If the IP source address is the unspecified address, there is no source link-layer address option in the message.

o If the packet is a valid Router Solicitation, it will create a Router Advertisement and multicast it to the all-nodes group. If the packet is a Router Advertisement, the process executes the following actions:

o It cancels any existing router solicitation timer scheduled on the receiving interface. o It retrieves information from the Router Advertisement such as source IPv6 address, prefix and prefix length, and with the receiving

interface’s local link address, it creates an IPv6 address. If the Router Advertisement’s prefix option is on-link, the ND process sets the newly created IPv6 address to the receiving interface. If the Router Advertisement’s prefix option is off-link, the ND process removes the IPv6 address from the receiving interface.

 How IP Does Fragmenting

Before sending out a packet, IP follows the process below (flowchart here): 

It checks if the total length (TTL) of the packet is greater than the MTU of the out-going interface. Note that setting of the mtu command will override the ip mtu command. o If yes, it checks if the packet has the DF flag on.

If yes, it drops the packet. It checks if TTL is less than or equal to the value configured via the command ip mtu.

o If yes, it sends the packet. o It no,

It obtains the payload of the packet. It does fragmenting on the payload. It sends out fragments.

 How IP Processes ReassemblingWhen IP receives an incoming packet (flowchart here): 

It checks if this packet is intended for this device. o If yes, the packet is sent to the reassembling function. o If no, it forwards to the routing or host process for more processing.

Reassembling functionality: o It checks if the DF flag is on, and the fragment offset (FO) is 0.

If yes, it forwards to the routing or host process for more processing. o It checks if the buffer ID exists. The buffer ID is a combination of the source and destination address, and the protocol and identification

fields of the IP header. If yes, it loads the reassembling resource for this buffer ID. If no, it creates a new reassembling resource for this buffer ID.

o It updates necessary information for the reassembling resource with this fragment. o It checks if it is the last fragment:

If yes, it starts reassembling all received fragments. If successful, it sends the IP packet to the routing or host process for more processing. If not successful due to missing fragments, it drops all fragments and releases the reassembling resource.

If no, it starts or restarts the reassembling timeout timer for this buffer ID.

 How IPv6 Does Source Fragmenting

Before sending out a packet at the source, IPv6 follows the process below (flowchart here): 

It checks if the total length (TTL) of the packet is greater than the MTU of the out-going interface. Note that setting of the mtu command will override the ipv6 mtu command. o If no, it sends out the packet. o If yes, it checks if TTL is less than or equal to the value configured via the command ipv6 mtu.

If yes, it sends the packet. If no,

It obtains the payload of the packet. It does fragmenting on the payload. It sends out fragments; each has the IPv6 Fragment Extension Header.

 How IPv6 Does Path MTU Discovery at Middle RoutersBefore sending out a packet at the middle router, IPv6 follows the process below (flowchart here): 

It checks if the total length (TTL) of the packet is greater than the MTU of the out-going interface. o If yes, it triggers the Path MTU (PMTU) process to send out an ICMPv6 Packet-Too-Big message to the source.

 How IPv6 Processes ReassemblingWhen IPv6 receives an incoming packet (flowchart here): 

It checks if this packet is intended for this device. o If yes, the packet is sent to the reassembling function. o If no, it forwards to the routing or host process for more processing.

Reassembling functionality: o It checks the IPv6 fragment extension header if the M flag is off, and the fragment offset (FO) is 0.

If yes, it forwards to the routingv6 or hostv6 process for more processing. o It checks if the buffer ID exists. The buffer ID is a combination of the source and destination address, and the protocol and identification

fields of the IP header. If yes, it loads the reassembling resource for this buffer ID. If no, it creates a new reassembling resource for this buffer ID.

o It updates necessary information for the reassembling resource with this fragment.

o It checks if it is the last fragment: If yes, it starts reassembling all received fragments.

If successful, it sends the IP packet to the routing or host process for more processing. If not successful due to missing fragments, it drops all fragments and releases the reassembling resource.

If no, it starts or restarts the reassembling timeout timer for this buffer ID.

 How CBAC worksWhen a packet is send out of a router port (flowchart here): 

If the received port has an ACL configured and its an extended ACL: o It checks if the packet is part of an existing session:

If the lookup finds a matching entry in the session table : It updates the session state table. It sends to the lower process.

Or else if the packet is just a pass through packet after been checked by the received port: It sends to the lower process.

Else It looks for a matching acl statement:

If the packet is DENIED by the ACL, it DROPs the packet. Else

It does the inspection and checks if an inspection rule is present or not: If inspection rule is NOT present, it sends the packet to the lower process without inspection. Else:

It creates a session entry and update the state table. It sends out of the interface to the lower process.

If acl is NOT present: o It does the inspection and checks if an inspection rule is present or not:

If inspection rule is NOT present, it sends the packet to the lower process without inspection. Else

It creates a session entry and update the state table. It sends out of the interface to the lower process.

When a router receives a packet (flowchart here): 

If the received port has an ACL configured and it is an extended ACL:

o It checks if the packet is part of an existing session: If the lookup finds a matching entry in the session table:

It updates the session state table. It sends to the higher process.

If no matching session found: It looks for an ACL matching statement:

if a matching statement found, it permits the packet and sends to the higher process. if the packet is denied, it drops the packet.

If no acl present, it sends the packet to the higher process.

 How Zone based Firewall (ZFW) worksWhen a packet goes out of a zone based firewall router port (flowchart here): 

If ACL NOT present or ACL permits packet: o ZFW checks if the received port and port to send are both zone members.

If both the ports are members of any zone, ZFW finds a match for the current zone-pair (recv port - send port zone pair). If a match FOUND, it gets the policy map for this zone-pair and go through the classmap list.

If a matching class map statement FOUND: If the policy-classmap action is to "drop" or no action set (default action is to drop), it creates a session and updates the state

table and drops the packet. Else it creates a session and updates the state table. Then it passes the packet to the lower layer.

If matching zone-pair NOT found, it drops the packet. Else if either one of the ports is not part of any zone member, it drops the packet. Or else if both the ports are not part of any zone member ( ie., router is not configured fully for Zone based firewall), it passes the packet

to the lower layer. Else if ACL drops the packet, ZFW drops the packet.

When a packet is received on a zone based firewall router port (flowchart here): 

The packet is checked for a matching entry in the session table to see if it is part of an existing session: o If a matching entry FOUND, it updates the state table entries and passes it to the higher layer/process. o If NO matching entry found in the session table, it checks if the packet is intended for THIS router:

If so, it looks for a matching self-zone/zone-self pair. If a matching zone-pair FOUND:

It creates a session entry and update the state table.

It passes the packet to the higher layer. If a matching zone-pair is NOT found, it passes the packet to the higher layer.

 How IPS Signature Scan WorksICMP (2004:0) signature is the only ips signature that is currently supported in PT. The signature is made a built-in signature. The ips config location and category needs to be configured and the ips rule needs to be applied to the interface in order to enable IPS on a router (flowchart here): 

If IPS enabled, the device checks if ACL is present. o If ACL NOT present or acl PERMITS the packet, The device scans through the signature list to see if the signature is unretired and enabled.

If UNRETIRED and ENABLED: If the signature matches, it does all the actions defined for this signature:

If action has to deny the packet along with others, it denies the packet. Else it passes the packet to higher/lower layer.

o If ACL DENIES the packet, the device denies the packet and returns from IPS. If IPS is not enabled, the device returns from IPS, does ACL match, and proceeds.

 How Outside NAT WorksWhen a packet is sent out of the router port (flowchart here): 

If the received port was NOT inside nat port, or the sending port is NOT an outside nat port, or the packet header is invalid: o It passes the packet to the lower layer - NO translation done.

Else o It lookups the NAT table for a matching dynamic entry for the local addresses.

If match FOUND, It starts the timer. It does the packet translation. It passes the packet to the lower layer.

If match NOT found It looks up the table for static matching entry for both source and destination.

If match FOUND for SOURCE and DESTINATION, or if match FOUND for SOURCE only, or match FOUND for destination only It creates a dynamic entry in the nat table. It does the packet translation. It passes the packet to the lower layer.

Else if NO match found, It passes the packet to the lower layer - NO translation done.

When a packet is received by a router port (flowchart here): 

If NAT is NOT configured on the received port or the received packet header is invalid o It passes the packet to the higher layer - no translation done.

If received port is a nat inside port o It passes the packet to the higher layer.

If NOT inside port, check is received port is an outside NAT port. o If NOT outside port, it passes packet to the higher layer. o Else if the received port is an OUTSIDE nat port:

It looks up the nat table for a matching dynamic entry for the global addresses: If match FOUND:

It starts timer. Packet is translated from global to local - Nat translation done. It passes the packet to the higher layer.

If NOT found: Looks up the static matching entry for both source and destination addresses:

If match FOUND for SOURCE and DESTINATION: It creates a new dynamic entry and add to the nat table. It does the packet translation. It passes the translated packet to the higher layer.

Else if match FOUND only for SOURCE It checks whether the next hoping router port is an inside NAT port.

If NOT: It passes the packet to the higher layer - No translation done.

If the next hop port is INSIDE nat port: It creates a new dynamic entry and add the nat table. It does the packet translation. It passes the packet to the higher layer.

Else if match FOUND only for DESTINATION: It creates a new dynamic entry and add to the nat table. It does the packet translation. It passes the translated packet to the higher layer.

 

How QoS WorksWhen a packet is going out of a router interface (flowchart here): 

It classifies the packet based on shaping configured. If shaping configured:

o It checks if shaping is full: If yes, it drops the packet. If no, it puts the packet in shape queue. Then it starts the timer and checks if software queue is full.

If yes, it drops the packet. If no, it puts in software queue.

Else if not configured: o It checks if the software queue is empty or not.

If NOT EMPTY, it calculates using the Weighted Random Early Detection (WRED) whether the packet can be dropped or not. A packet is dropped if the average queue size is greater that maximum threshold or average queue size is between minimum and maximum threshold and the packet count meets the threshold mark. If WRED calculates to DROP the packet: If yes, it drops the packet. Else, it checks if the software queue is full or not:

If FULL, it drops the packet. Else, it puts the packet in the software queue.

If EMPTY: It checks if hardware queue is full or not:

If FULL, it puts in software queue. If NOT,

It puts the packet the in hardware queue. If the hardware queue has packet,

It sends the packet out of the interface Retrieves packets from the software queue places it in the hardware queue.

 How Devices Handle GRE PacketsWhen a device sending a GRE packet (flowchart here): 

If a packet getting out of the device is having the same source IP address as one of the tunnel interfaces that is configured on the device: o It encapsulates it in GRE header. o IP layer encapsulates the GRE header in another IP header with source and destination address of associated tunnel interface.

When a device receiving a GRE packet (flowchart here): 

After Ethernet and IP header are removed from the received data: o If the receiving packet has GRE header:

GRE header is removed and hand it in to the associated tunnel interface. Tunnel interfaces pass it up to the IP layer for the further processing.

 How Routers Handle ESP/AH SegmentsWhen a router sending an ESP/AH segment (flowchart here): 

If the packet is getting out of the device is not encrypted, and it is interested traffic, and if the outgoing port is configured with the crypto map: o ISAKMP negotiation for security SAs:

If Successful: It gets the SA for the interested flow and encapsulates the packet in the ESP packet:

If SAs has been negotiated for AH, the router encapsulates ESP in AH segment and sends it to the lower layers to process. Otherwise, it sends the ESP segment to the lower layers to process.

Otherwise, it drops the packet.

When a router receiving an ESP/AH segment (flowchart here): 

If the packet receiving on the port is ESP/AH packet. o If the port is not configured with a crypto map command, it drops the packet. o Otherwise

If the ESP/AH packet has matching ESP/AH SA numbers: If packet is encapsulated in AH, AH authenticates the packet and removes the AH header and pass the packet to ESP. ESP decrypts the packet and removes the ESP header. Also it passes the decrypted packet to the next layer of data for further

processing. Otherwise, it increments the error counter for the specific flow that matches the packet and drops the packet

Layer 4 Models

How devices process UDP segmentsThis procedure explains how a device sends and receives UDP segments. 

When the device receives a segment: o It de-encapsulates it and examines the UDP header for port information.

o It then maps the local port information and sends the payload up to a higher layer (the application layer) for processing. If it cannot find the upper process based on the port information, it drops the segment.

When the device wants to send a segment: o It encapsulates the payload with a UDP header. o It sends the segment to the lower layer for processing.

 How TCP Connection handles outgoing dataWhen TCP Connection is ready to send data in the out buffer: (flowchart here): 

It checks if the TCP connection State is Established: o If no, it drops the data. o If yes,

It adds the new data onto the out buffer. It checks if the Nagle service is turned on:

If yes, it checks if the size of the out buffer is greater than the MSS: If yes, it starts the initial data sending step. If no, it checks if there is any unacknowledged data:

If no, it starts the initial data sending step. If yes, it continues to wait for more incoming data.

If no, it starts the initial data sending step. The initial data sending step:

o TCP checks if there are any segments to be retransmitted: If yes, it stops and waits. If no, it checks if the usable window is smaller than the MSS, and there is more data in the out buffer than usable window size:

If yes, it stops and waits. If no, it starts the new segment sending step.

The new segment sending step: o It checks if there are any segments to be retransmitted:

If yes, it stops and waits. If no, it goes through the following steps:

It updates and checks the unacknowledged data buffer for any segments needed to be retransmitted and transmits those first. Otherwise, it prepares the data in the out buffer into TCP segments, and it will eventually send all segments out.

 How TCP Connection handles incoming TCP segmentsWhen TCP connection receives a TCP segment (flowchart here):

 

It updates the Receive-Window variable from the TCP header. If the connection is not in the LISTEN state:

o It resets the inactivity timer. o If the sequence number is equal to the ReceiveNext variable:

The TCP segment is expected. Proceeds to the next step.

o Else If the sequence number in the received TCP header is less than the Receive-Next variable.

If connection is not ESTABLISHED, the segment is a duplicate. If the header is not a RST.

Clears the ACK timer. Resets the received ACK counter. Sends an ACK out.

Else This is an unexpected segment. If the header is a RST, processes RESET.

Drops this segment. If the connection is in the LISTEN state:

o If this is a SYN segment, the server port accepts the connection. o Else the server port sends back a RST and drops the segment.

If the connection is in the SYN_SENT state: o If the TCP header is a SYN or ACK:

Clears the timer for retransmitting control data. Calculates the Receive-MSS and Send-MSS variables from the advertised MSS in the TCP header. Updates the local IP. Updates the Receive-Next with the ACK number in the TCP header. Sets the connection's state to ESTABLISHED.

o If the TCP header is a FIN: The TCP connection is refused. Processes FIN.

o If the TCP header is a RST: The TCP connection was refused. Processes RESET.

If the connection is in the SYN_RECEIVED state: o If the header is a SYN or RST

The connection was reset.

Processes RESET. o If the TCP header is FIN

Processes FIN. o If the TCP header is an ACK

Clears the timer for retransmitting control data Sets the connection's state to ESTABLISHED.

If the connection is in the ESTABLISHED state: o If the header is a SYN or RST

The connection was reset. Processes RESET.

o If the header is a FIN: The TCP connection was disconnected. Increments the Receive-Next variable. Processes FIN. If it is an ACK:

Processes ACK. Clears the timer for retransmitting data.

If the header is an ACK and it's not a RST: Checks if it is a duplicate segment. If it's not duplicate and not an empty ACK:

Increments the Receive-Next variable with the size of the received data segment. Processes ACK. If it's duplicate and not an empty ACK:

Drops the duplicate segment. Clears the timer for sending ACK. Sends an ACK.

Else If it is not an empty ACK:

Processes the data. If the connection is ESTABLISHED:

If acked some packets, and nothing is being retransmitted, and there is buffer data, Sends buffer data.

If it is not an empty ACK: Checks if an ACK needs to be sent out.

If the connection is in the FIN_WAIT_1 state: o If the header is a SYN or RST

Processes RESET. o If the TCP header is a FIN:

Clears the timer for retransmitting control data. Sets the connection's state to CLOSING. Sends an ACK.

o If the TCP header is an ACK: Clears the timer for retransmitting control data. Sets the connection's state to FIN_WAIT_2.

If the connection is in the FIN_WAIT_2 state: o If the header is a SYN or RST

Processes RESET. o If the TCP header is a FIN

Sets the connection's state to TIMED_WAIT. If the connection is in the LAST_ACK state:

o If the header is a SYN or RST Processes RESET.

o If the TCP header is an ACK or FIN: Processes ACK. Clears the timer for retransmitting control data. Sets the connection's state to CLOSED.

If the connection is in the CLOSING state: o If the header is a SYN or RST

Processes RESET. o If the TCP header is an ACK

Sets the connection's state to TIMED_WAIT. If the connection is in the CLOSED state:

o Clears the timer for retransmitting control data.

Layer 5 Models

 How Routers Handle ISAKMP SegmentsWhen a router sends an ISAKMP segment (flowchart here): 

If a packet is getting out of the device is not encrypted, and it is an interesting traffic, and also if the outgoing port is configured with a crypto map command:

ISAKMP initiates the negotiation for the first peer. It starts from the lowest crypto map sequence number and tries to negotiate with all peers in the list until the first success. o If an IKE peer with the same IP is not configured, the initiator starts phase I negotiation.

The initiator device sends out the first packet of negotiation by encapsulating all the ISAKMP policies that have been configured with. The responder device sends out the second message of negotiation by

If match found, it encapsulates the matched policy. Otherwise, sends a packet to tell the peer to discontinue the negotiation.

The initiator device sends out the third message: If no match, it deletes the IKE peer. Otherwise, it sends the third message which includes the nonce numbers and the key for the peer to calculate DH values.

The responder device sends out the fourth message: Sends out its nonce numbers and the key to the peer

The initiator device sends the fifth message: Encrypts the identity of the receiver with the DH key and sends it to the peer.

The responder sends the sixth message: Encrypts the identity of the sender with DH key and sends it to the peer.

Otherwise phase II: o The initiator device encrypts the SA payload with the DH key calculated in the phase I, encapsulates it in an ISAKMP and sends it to the

peer. o The responder device sends the second message of phase II:

If the match policy with sender found, it sends the encrypted matching policy to the peer. Otherwise, it sends a notification to the peer, drops the packet, and deletes the IKE peer.

o The initiator device: If the receiving device has sent back a matching policy, the initiator sends an ACK to the receiving device and successfully finishes

phase II. Otherwise, it deletes the IKE peer.

When a router receives an ISAKMP segment: 

If the port, that is receiving the ISAKMP packet, is not configured with crypto map: o It drop the packets and stops.

If the port, that has received the ISAKMP packet, is configured with crypto map: It checks if an IKE peer exists with the source IP of the receiving packet.

o IKE phase I negotiation is already done, and it starts negotiating for IKE phase II. If an IKE peer does not exist with the same source IP of the receiving packet:

o The Initiator adds the peer to the IKE peer list and starts negotiating IKE phase I with the new peer. o If the packet is the first IKE packet, the responder device processes the security associates payload to find a matching policy.

If a key exists, that has been associated with the peer IP, and a matching policy found. It will continue with the negotiation by sending the accepting policy to the peer.

Otherwise, it sends a packet and rejects the policy. It also deletes the associated IKE peer. o If the packet is the second packet of ISAKMP main mode, the initiator processes the payload:

If the payload is a notification, it processes the payload and deletes the IKE peer because there was not an existing policy or key. If the payload is a security associate payload which means that the peer has found a match with that policy the device:

Encapsulates a nonce (g,p) payload and its key payload in an ISAKMP packet and sends it back to the peer. Calculates the public key (TA = g power a mod p). "a" is the private key for this peer.

If the receiving packet is the third packet of the main mode negotiation, the responder processes the nonce and key payload. Get the nonce (g,p) Calculate its public key (TB = g power b mod p). "b" is the private key for this peer. The receiving device also encapsulates a nonce (g,p) payload and its key in an ISAKMP packet and sends it back to the peer. Calculates the DH shared secret K = TA power b mod p.

If the packet is the fourth packet of the main mode negotiation that is receiving initiator processes the private key and nonce payload: Calculates the DH shared secret key K = TB power a mod p. Encrypts the peer IP with K and sends it to the peer

If the packet is the fifth packet of the main mode negotiation responder: Gets the payload and identifies the identity of the peer by decrypting the encrypted msg. Encrypts the peer IP with K and sends it to the peer. Marks the IKE peer for phase II negotiation.

If the packet is the sixth packet of the main mode negotiation initiator: Gets the payload and identifies the identity of the peer by decrypting the encrypted message. Marks the IKE peer for phase II negotiation. Initiator also starts phase II by encrypting (with the key) the existing SAs and sends it to the peer.

o IKE peer exists and marks with the phase II negotiation. If the received packet is the first packet of the quick mode negotiation the responder processes it and sends the second message:

It gets the ISAKMP data and decrypts it with the key that has been calculated in phase I. Goes through all the security associates that the peer has sent.

If it finds a match Generates outbound SAs. Encrypts and sends the accepting SA to the peer. Creates an IPsec peer.

If no matching SA found, Sends a packet and denies continuing the negotiation.

If the packet has received is the second message of the quick mode, the initiator processes it and sends the third message: It gets the ISAKMP data and decrypts it with they key that has been calculated in phase I. If SA has been accepted by the peer:

Gets the accepted security associate that the peer has accepted. Generates outbound SAs. Creates IPsec peer. Encrypts and sends an ACK to the peer.

If SA has not been accepted by the peer: Discontinues the negotiation.

If the received packet is the third message of the quick mode, the responder gets the ACK and creates SAs and IPSec peers. IT marks the peer with phase II completed.

 How PCs Handle ISAKMP SegmentsIf PC, which is an easy VPN client, has a request to connect to an easy VPN server (flowchart here): 

PC sends ISAKMP policies that it has been configured with plus nonce, a key, and identification payload. Server sends a reply back after getting the first packet and checking for AAA values.

o If the AAA authorization is not configured, it drops the packet. o Otherwise, it continues with the IKE phase I negotiation: o Either finds a matching policy

Server sends the accepting policy back plus ID, nonce, and key payload back to the client. The IKE peer on the server enters XAUTH mode

o Otherwise It does not find a matching policy, it drops the packet. If the group name and group key, that the client has sent the request to, do not match or do not exist, it drops the packet.

If the server has sent back its ID, Key and nonce with the matching policy. o PC sends back an ACK. o This ACK packet is encrypted with the DH shared key that has been calculated with nonce, and key of the received packet from the server. o IKE peer on the PC enters XAUTH negotiation phase.

Otherwise, it drops the packet and removes the PKE peer. Server sends its first XAUTH packet to the client:

o If server is configured with AAA authentication for the client it sends a prompt to the client and requests the client's username/password. o Otherwise server authenticates the user and continues with the next message.

The client sends username/password when it receives the prompt from the server. The server receives the username/password. It consults with either AAA server or its local configuration (based on the configuration):

o If match found: Authenticates the client Gets an IP from the IP pool and sends it to the client.

o Otherwise, it denies the client to access the server and sends a notification back to the client.

The client receives the packet: o If it is a notification, the client stops the negotiation. o Otherwise, the client gets the IP, assigns the IP to its tunnel interface, and sends the last message of XAUTH mode, which is an ACK to the

server. Server gets the ACK and:

o Creates a new route in its routing table to the tunnel IP address of the new client. o Creates an interesting traffic for the client. o Marks the IKE peer with XAUTH mode complete . o Sends a packet to the client to notify the PC to start the phase II.

Client receives the notification from the server and sends first phase II packet to the server. (for phase II please refer to router's phase II)

If PC which is an easy VPN client has a request to disconnect from an easy VPN server (flowchart here): 

The client sends an informational packet to the server and requests to disconnect. The server receives the request to disconnect from the client:

o Removes the static route to the client. o Releases the borrowed IP to the pool. o Removes the interesting traffic and its associated SA for the client from its interested traffic table. o Sends an informational packet back to the client.

The client receives the informational packet that sever has been disconnected: o Removes the tunnel interface and disconnects.

Layer 7 Models

How DHCP clients work DHCP client sends a DHCP-DISCOVER packet (flowchart here):When a DHCP client device receives a packet:

 

It drops the packet if (any): o The packet is not a valid DHCP packet. o The packet's destination MAC address does not match its own MAC address.

It checks the packet's DHCP type (its DHCP message). o If the packet is a DHCP-OFFER packet, it uses the information in the packet (including client IP address, offered IP address, server IP

address, and gateway address) to construct a DHCP-REQUEST packet and sends it back to the server. o If the packet is a DHCP-ACK packet, it gets the IP address, subnet mask, and the gateway IP address from the packet and sets its IP address

configuration accordingly. o If the packet is not a DHCP-OFFER or a DHCP-ACK packet, it will drop the packet.

When a DHCP client device does not receive a packet: 

It starts to assign an auto-configuration ip address in the 169.254.0.0/16 address block. It sends out ARP Gratuitous to detect duplicate ip address.

o If it gets an arp reply, it starts to assign the next available ip address from the 169.254.0.0/16 address block and sends out another ARP Gratuitous.

o If it does not get an arp reply, it assigns the ip address to the port and continue sending out DHCP-DISCOVER packet.

 How DHCP servers process incoming packetsWhen a DHCP server device receives a packet (flowchart here): 

It drops the packet if: o The packet is not a valid DHCP packet.

It checks the packet's DHCP type (its DHCP message). o If the packet is a DHCP-DISCOVER packet:

If the client already has a lease: Send a DHCP-OFFER packet with the associated IP to the client.

If the client does not already have a lease: If there is an available IP address:

Send a DHCP-OFFER packet with the available IP address to the client. Otherwise, drop the packet and stop.

o If the packet is a DHCP-REQUEST packet: If the requested IP address is available:

Send a DHCP-ACK packet with the available IP address to the client. Bind the client to the IP address.

Otherwise, drop the packet and stop. o If the packet is a DHCP-RELEASE packet:

If the client is bound to the IP address: Unbind the IP address and the client.

Otherwise, drop the packet and stop. o If the packet is a DHCP-OFFER or a DHCP-ACK packet, drop the packet.

 

How DHCP for IPv6 clients process incoming packetsWhen a DHCP for IPv6 client device receives a packet (flowchart here):

It drops the packet if (any): o The packet is a Solicit message. o The packet is an Advertise message that meets any of the following conditions:

The message does not include a Server Identifier option. The message does not include a Client Identifier option. The content of the Client Identifier option does not match the client’s DUID. The “transaction-id” field does not match the value the client used in its Solicit message.

o The packet is a Request message. o The packet is a Reply message that meets any of the following conditions:

The message does not include a Server Identifier option. The “transaction-id” field does not match the value used in the original message.

It checks the packet's DHCP type (its DHCP message). o If the packet is an Advertise message, it will do the following actions:

It terminates retransmission of its Solicit message. It sends a Request message to the DHCP server that the Advertise message was sent from.

o If the packet is a Reply message, it gets the prefix and prefix length from the message and combines with its received interface’s local link address to create an IPv6 address and subnet mask.  It also retrieves the gateway IPv6 address from the packet.  Then the client sets its IPv6 address configuration accordingly.  

 

How DHCP for IPv6 servers process incoming packetsWhen a DHCP for IPv6 server device receives a packet (flowchart here):

It drops the packet if: o The packet is a Solicit message that meets any of the following conditions:

The message does not include a Client Identifier option. The message does not include a Server Identifier option.

o The packet is an Advertise message. o The packet is a Request message that meets any of the following conditions:

The message does not include a Server Identifier option The content of the Server Identifier option does not match the server’s DUID. The message does not include a Client Identifier option.

o The packet is a Reply message. It checks the packet's DHCP type (its DHCP message).

o If the packet is a Solicit message, it uses the information in the packet and its server configuration to construct an Advertise message and sends it back to the client.

o If the packet is a Request message, it uses the information in the packet and its prefix pool configuration to construct a Reply message and sends it back to the client.

 

How FTP client processes work

File Transfer Protocol (FTP) is a standard network protocol used to exchange and manipulate files over a TCP/IP-based network, such as the Internet. FTP is built on a client-server architecture and utilizes separate control and data connections between the client and server applications. FTP uses user-based password authentication and is used for transferring configuration files between Cisco Switches and Routers and also available as a command in PC device.

When a FTP client receives a packet (flowchart here):

If the packet is not a valid FTP response packet, it drops the packet. Otherwise, it writes the received information stored in the packet onto the screen.

o Informs the application that uses FTP whether the response is successful or not. o It then checks to see if any further FTP commands are expected to be sent and sends them out.

 

How FTP server processes work

The FTP server listens on the TCP port 21 for control connections and awaits FTP commands from the client. FTP can be run in active mode or passive mode, which control how the data connection is opened.

In active mode the client sends the server the IP address port number that the client will use for the data connection, and the server opens the connection. Passive mode was devised for use where the client is behind a firewall and unable to accept incoming TCP connections. The server sends the client an IP address and port number and the client opens the connection to the server. By default passive mode is supported in this version of PT.

The FTP server is available in Server device and is enabled by default. It can be configured via FTP configuration page for customizing FTP server behavior.

When a FTP server receives a packet (flowchart here):

If the user is not valid or fails authentication, then it informs the FTP client and terminates the control connection. If the packet is not a valid FTP packet, it drops the packet. Otherwise, it checks the packet and:

o If the FTP command is not supported by the server, an error message is sent back to the client. o If the FTP command is supported by the server, the action is performed and result of the operation is sent back to the client. o The list of supported FTP commands are:

USER PASS TYPE PASV RETR STOR RNFR RNTO DELE QUIT

 

How TELNET client processes work

TELetype NETwork is a network protocol that utilizes TCP/IP protocol stack to establish a client/server connection. The user starts a TELNET client process on a PC or a Cisco device using telnet command with server IP address. The TELNET server usually listens on TCP port 23 and awaits client connection requests. A TELNET packet is generated from the client process when a key is pressed.

 When a TELNET client receives a packet (flowchart here): 

If the packet is not a valid TELNET packet, it drops the packet.

Otherwise, it writes the received information stored in the packet onto the screen.

 How TELNET server processes work

TELetype NETwork is a network protocol that utilizes TCP/IP protocol stack to establish a client/server connection. The user starts a TELNET client process on a PC or a Cisco device using telnet command with server IP address. The TELNET server is started automatically on a Cisco router or switch. The server listens on TCP port 23 awaiting client connection requests.

When a TELNET server receives a packet (flowchart here): 

If the packet is not a valid TELNET packet, it drops the packet. Otherwise, it checks the packet and:

o If the information received is part of a command, it sends an echo back to the client. o If the server is able to determine the command entered by the client, it sends the result back to the client. o If the server does not understand the information received, it sends an error message back to the client.

 

How SSH client processes work

SSH client utilizes TCP/IP protocol stack to establish a client/server connection. Before a SSH connection could be established between client and server, both need to have an RSA key pairs generated, if the keys are not

generated connection will be refused by the other side. In order for the Cisco device to generate RSA keys it needs to be configured with hostname and IP domain name. The user starts a SSH client process on a PC or a router using “ssh –l” (-l is for login) command with the associated client’s user name which is

already configured on the SSH server, and IP address of the SSH server. The SSH server, usually listens on TCP port 22, awaits client connection requests. A SSH packet is generated from the client process when a key is pressed.

When a SSH client receives a packet:

If the packet is not a valid SSH packet, it drops the packet. Otherwise, it writes the received the information stored in the packet onto the screen.

 

How SSH server processes work

SSH is a network protocol that utilizes TCP/IP protocol stack and RSA key pairs to establish a secure client/server connection. The user starts a SSH client process on a PC or a Cisco device using ssh –l command with client’s associated user name and also the server’s IP address. The SSH server is started automatically on a Cisco router. The server listens on TCP port 22 awaiting client connection requests.

When a SSH server receives a packet:

If the packet is not a valid SSH packet it drops the packet. If both client and server are not configured with RSA keys the connection will be refused by SSH server. Otherwise, it checks the packet and:

o If the username received in the connection request packet is configured on the server it will prompt the client for the password Client will be prompted for the correct password up to 3 times. If the password that the client provides is not valid for the third time it

will be disconnected by the server. o If the information received is part of a command, it sends an echo back to the client. o If the server is able to determine the command entered by the client, it sends the result back to the client. o If the server does not understand the information received, it sends an error message back to the client.

 How HTTP works (HTTPS works the same as HTTP)When a client needs to find a webpage from a server: 

If the address is empty or starts with anything else other than http protocol, it drops the request since it is not supported in Packet Tracer. If the address is an IP address or starts with http:// the HTTP client processes it.

o The HTTP client first finds the server IP through the server name by parsing the address in the address bar and: If server name is not found, it tries to resolve the domain name through a DNS query. If server name is found, it gets the IP address.

o The HTTP client constructs a request HTTP segment and connects the server through TCP sockets and starts a timer for its request.

When an HTTP client receives a packet (flowchart here): 

If the HTTP message has the HTTP OK code, it fetches the page from the message and displays the message. Otherwise, the HTTP page displays an error page.

When HTTP server receives a request (flowchart here):  

If the HTTP service is enabled, and a TCP connection with the HTTP client is established:

o If the HTTP request is an HTTP GET: If the username and password in the HTTP request are not correct: The server sends back an unauthorized error message to the client.

o If the Request is for an html page: If the requested page exists on the server, the server creates a response packet and sends back an HTTP reply to the client. If the requesting page does not exist on the server, the server sends back an error message to the client.

o If the Request is for an image: If the requested image exists on the server, the server creates a response packet and sends back an HTTP reply to the client. If the requesting page does not exist on the server, the server sends back an error message to the client.

If the HTTP request is an HTTP Post: o If the post request is successful, the sever sends an HTTP success reply to the client. o If the post request fails, the server sends an HTTP error reply to the client.

Other message codes are not supported in this version of PT, and the server drops the packet.

 How SMTP worksWhen a client needs to send a mail: 

If there is no outgoing mail server configured, it drops the request. If outgoing mail server name is not found it tries to resolve the domain name through a DNS query. If outgoing mail server name is found it gets the IP address. The SMTP client constructs a request SMTP segment and connects the server through TCP sockets and starts a timer for its request.

When an SMTP client receives a packet (flowchart here): 

If the SMTP message has the SMTP success codes it indicate that mail has been sent successfully Else the error message from server is passed to mail browser to display appropriate error message.

When SMTP server receives a request (flowchart here):  

If the SMTP service is enabled, and a TCP connection with the SMTP client is established: o If the SMTP request is not for this server:

Send a error message to cliento If sender of mail does not exist on this server:

Send user does not exist error message to client

o If receiver of mail does not exist on remote server: Send user does not exist error mail to sender of mail.

o If mail belong to this server: If receiver of mail exist at this server:

Add mail to users account Else

If sender of this mail has user account on this server: Add a delivery failure mail to this users account

If Sender of this mail does not have user account on this server: Send a delivery failure mail to sender of mail

o Else ( Mail does not belong to this server) If the request is forward request and sender does not have user account on this server:

Send a error mail to sender of a mail Forward mail to receiver's server

 How POP3 worksWhen a client needs to receive a mail: 

If there is no incoming mail server configured, it drops the request . If incoming mail server name is not found it tries to resolve the domain name through a DNS query. If incoming mail server name is found it gets the IP address The POP3 client constructs a request POP3 segment and connects the server through

TCP sockets and starts a timer for its request.

When an POP3 client receives a packet (flowchart here): 

If the Pop3 message has the Pop3 success codes it indicate that mail has been received successfully and mail/mails are displayed in mail browser Else the error message from server is passed to mail browser to display appropriate error message.

When POP3 server receives a request (flowchart here):  

If the SMTP service is enabled, and a TCP connection with the SMTP client is established: o Verify the user o If User Exist:

Fetch the mail/mails from mail server and send to client

o Else: Send user does not exist error message to client

 How TFTP servers process incoming packetsWhen a TFTP server receives a packet (flowchart here): 

If the packet is a READ request: o If the file with the requested name exists on the TFTP server:

Start a write session with the client. o If the file with the requested name does not exist on the TFTP server:

Send back a TFTP ERROR packet to the client. If the packet is a WRITE request:

o Start a read session with the client. If the packet is anything else:

o Drop the packet and stop.

 How TFTP servers and clients process incoming packets during a sessionWhen a TFTP server or client receives a packet during a session (flowchart here): 

If the packet is a READ or WRITE request: o Drop the packet and stop.

If the packet is a DATA packet: o If the session is a WRITE session or the block number on the packet is not the expecting one:

Drop the packet and stop. o Save the data on the packet. o Send back an ACK packet. o Increment the block number. o If this is the last packet:

Write data to file. Stop the TFTP session.

If the packet is an ACK packet: o If the session is a READ session or the block number on the packet is not the expecting one:

Drop the packet and stop.

o If this is not the last packet: Increment the block number. Send the next block of data in a DATA packet.

o If this is the last packet: Stop the TFTP session.

If the packet is an ERROR packet: o Stop the TFTP session.

 How an SNMP Manager processes a command from the UserWhen an SNMP Manager processes a command (flowchart here): 

If it is a GET-Request command: o The SNMP Manager creates an SNMP GET-Request packet and sends to the destination agent.

If it is a GET-BULK-Request command: o The SNMP Manager checks against the selected SNMP version and only sends out an SNMP GET-BULK-Request packet if the SNMP

version is of version 2 or above. If it is a SET-Request command:

o The SNMP Manager creates an SNMP-SET-Request packet and sends to the destination agent.

 How an SNMP Manager processes incoming packetsWhen an SNMP Manager receives an incoming packet (flowchart here): 

It checks if the packet has a correct SNMP header. If it's correct, it goes to the next step. Otherwise, it drops the packet. It checks if the timeout from the last sent request to this destination has expired. If it's not expired, it goes to the next step. Otherwise, it drops the

packet. It checks if the SNMP header contains a correct SNMP PDU. If it's correct, it goes to the next step. Otherwise, it drops the packet. It checks if the SNMP PDU is of the SNMP-GET-Response type. If it's correct, it goes to the next step. Otherwise, it drops the packet. It checks for the error status of the PDU:

o If there is an error, it will signal the MIB browser to display the error string. Or the error string can be displayed via the command line. o If there is no error:

It processes the PDU Variable Bindings in the SNMP PDU. It signals the MIB browser to display the result. Or the result can be displayed via the command line.

 

How an SNMP Agent processes incoming requestsWhen an SNMP Agent receives an incoming packet (flowchart here): 

It checks if the packet has a correct SNMP header. If it's correct, it goes to the next step. Otherwise, it drops the packet. It checks if it has configured the same community string as in the received SNMP header. If it has the community string configured, it goes to the

next step. Otherwise, it drops the packet. It checks if the SNMP header contains a correct SNMP PDU. From the PDU Variable Binding section in the SNMP PDU, the agent obtains the OID and checks if it has the MIB for this OID. Based on the type of the request:

o If it is an SNMP GET-Request, the SNMP Agent obtains the value configured for this OID and sends back an SNMP-GET-Response packet. o If it is an SNMP GET-BULK-Request, the SNMP Agent obtains the values of all the child OIDs and sends back an SNMP-GET-Response

packet. o If it is an SNMP SET-Request, the SNMP Agent checks the type of the value, and if it is correct, it configures the new value to the device

and sends back an SNMP-Get-Response method.

 How a Syslog Client worksWhen a client needs to send a log message to the syslog server (flowchart here): 

If logging is disabled, the syslog client does nothing. If logging is enabled:

o If the client has syslog servers (1 - N) configured, it constructs a syslog packet and sends the packet to the configured servers (1- N) over UDP.

o Otherwise, the syslog client does nothing.

 How a Syslog Server worksWhen Syslog server receives a packet (flowchart here): 

If the Syslog server is enabled: o If the received packet is a valid syslog packet:

Information from packet is extracted and stored in syslog table. o If the received packet is not a valid syslog packet, server drops the packet.

 How NTP worksWhen a client needs to update its time from a server:  

If the NTP server address is configured, the NTP client creates and sends a time update request to the NTP server over UPD.

When an NTP server receives a request (flowchart here): 

If the received packet is a valid NTP request: o The server updates the NTP request packet with current time and other relevant information and sends it back to client over UDP.

Otherwise, the server drops the packet.

When an NTP client receives a packet (flowchart here): 

If the received packet is not a valid packet, the packet is dropped. If authentication is not enabled at the NTP server, and the NTP client or authentication is not enabled at the client but enabled at the server:

o Time is fetched from the packet, and device time is updated with this time. Else If the authentication is enabled at the client but not enabled at the server:

o Server authorization is not there, hence the packet is dropped. Else (authentication is enabled at the NTP server as well as at the NTP client)

o If key & password are not same for both the client and server: It drops the packet, and clock is unsynchronized.

o Else If trusted key is not same for client and server: It drops the packet, and clock is unsynchronized.

o Else If key is a valid key: Time is fetched from the packet, and device time is updated with this time to make clock synchronized.

 How a DNS Client resolves a name to an IP AddressWhen a domain name resolution process starts, a DNSClient gets the DNS Resolver. The DNS Resolver: 

Creates DNS query packet. Generates a random query id and set it in the packet. Sets type= A Record.

Sends the DNS query message to the DNS server over UDP.

The response will be received in the DNS Resolver.  How a DNS Resolver handles receiving messagesWhen a DNS Resolver receives a message (flowchart here): 

If the packet received is a valid DNS Response packet , it continues else drops the packet. It checks if the Query Id matches with the pending request’s Query Id:

o If yes, it continues. o If not, it drops the packet.

If this DNS Resolver belongs to a DNS Server (which means, this DNS Resolver is used by a DNS Server for sending secondary queries to servers pointed by the NS records.) o It deletes the corresponding query from the waiting-query-vector. o It checks for the condition if the response code = 0 (which means failure) OR if the number of answer Resource Records =0,

If yes, it adds the query into the failed queries list. Else, it adds the answer records to the Cache.

o The DNS Resolver gets the DNS server to which it belongs to and calls the step - SearchDnsRecursively. (This step: gets the name to translate and searches the local Database and Cache. If required, it searches other Name Servers as pointed by the NS records. Then it returns the answers in a result vector.)

o If the step SearchDnsRecursively returns failure: The DNS Resolver creates a DNS Error response packet with,

Response Code=3, Number of Answers=0,

Then, it sends to the waiting client, through the UDP Process. o Otherwise it continues execution. o If the step SearchDnsRecursively‘s result Vector size > 0 (which means, the address resolution is success)

The DNS Resolver creates a DNS Response packet. Sets response code=0. Adds all the answer records. Sets the number of answer records field. Sends to the waiting client, through the UDP Process.

If this Resolver DOES NOT belong to a DNS Server (which means it is functioning as part of a DNS Client) o If number of answers in the response = 0, the resolver sends an event "name resolution failure" through a callback. o Else if,

The resolved IP is present in the answers, the resolver extracts the IP Addresses.

The resolver sends an event "domain name resolution success" and sends the IP Addresses through a callback. o Else, the resolver sends an event, "name resolution failure" through a callback.

 How a DNS server worksWhen a DNS server receives a message (flowchart here): 

If the Service is disabled the server drops the message. If the Message is an invalid or a non-DNS message ignore it. Otherwise,

o The server extracts the DNS query. o The server calls the step - SearchDnsRecursively. (This step: gets the name to translate and searches the local Database and Cache. If

required, it searches other Name Servers as pointed by the NS records. Then it returns the answers in a result vector.) If the step SearchDnsRecursively returns Failure

o The DNS Server creates a DNS search failure Message. o It sets Response Code=3, o It sets Number of Answer records= 0, o It sends back to the client.

If the step SearchDnsRecursively‘s result Vector size > 0 o The DNS Server creates a DNS reply Message. o It Adds all the answer records. (Which contains the resolved IP Addresses) o It checks if the answer record is from the local database and if an SOA record is present in the Database:

If yes, it sets the TTL = minimum TTL Value. Otherwise, it sets the TTL=default value.

o The server then sends the reply to the client.

 How the step - SearchDNSRecursively works(flowchart here): 

If the DNS query is in waiting-query-vector,

It returns success and result vector with size=0.

Otherwise

It continues.

It adds the DNS-query to the waiting-query-vector. It searches the Database and the Cache for the queried name. Find all the matching Resource Records (RRs). If a matching A-record is found.

It returns success (true) and the result vector, with all matching RRs.

Otherwise

Performs the step - CnameSearchRecursively. (This step tries to resolve the name searching for CNAME records recursively.)

If a matching A-record is found.

It returns success (true) and the result vector, with all matching RRs .

Otherwise

It performs the step - NSSearchRecursively - (This step searches for NS records, and if required sends query to servers pointed by NS records )

If the step NSSearchRecursively returns false, (i.e., failed to find a related name server).

It gets the next level domain name ie; parent of the name (unless it reduces to null string) and repeats the same process recursively SearchDnsRecursively

Otherwise

It returns success (true) and result vector of size zero.

 How the step - NSSearchRecursively works(flowchart here): 

If the DNS query is in waiting-query-vector,

It returns failure ( false)

Otherwise

It continues.

Adds the DNS-query to the waiting-query-vector. Searches the Database (DB) and Cache for the queried name. Finds all matching NS - Resource Records (RRs). If NO matching NS-record is found.

Reduce the name to next level domain name Ie; parent of the domain name and Perform the step - NSSearchRecursively.

If matching NS-record is found,

It adds the NS record to Answer Records Vector

Iterates through the matching NS records and searches for one which is not in the failed-queries list. Perform the step - SearchDnsRecursively for the name pointed by the NS Record. (this is for finding out the IP address pointed by the NS

record. This step gets the name-to-translate from NS record. Searches the local Database and Cache and if required searches other Name Servers as pointed by NS records.)

If the step SearchDnsRecursively returns failure or the result vector size=0,

Returns failure (false) and exits

Otherwise,

If IP is resolved , Get the DNSClient from the owner device. From the DNS client, it sends a new DNS query to the resolved IP (of name server) with the original query.it returns success/true

 How the step - CNAMESearchRecursively works(flowchart here): 

It searches in the given vector of RRs, for CNAME resource records (RR) matching with the given name.

Lets the result be stored in resultVect.

If No records found in resultVect,

Returns failure (false)Returns zero size vector as result.

Otherwise

Gets the first record from resultVect and extract the cname.Lets name-to-translate=cname

Performs the step - SearchDnsRecursively for the name-to-translate. (SearchDnsRecursively: It searches the local Database and Cache, and if required, it searches other Name Servers as pointed by NS records for the name-to-translate).

If the step SearchDnsRecursively returns failure,

It repeats SearchDnsRecursively for next matching CNAME record in the resultVect until no matching records are left in the resultVect.

If SearchDnsRecursively result Vector size = 0

Returns failure (false).Returns zero size vector as result.

Iterates through the result vector search for A-record matching the initial query name. If matching RR found,

Returns success (true).Returns matching RRs in a vector as the result.

Otherwise,

Returns failure (false).Returns zero size vector as result

 How Radius Clients process incoming packetsWhen a Radius client receives a packet (flowchart here): 

It checks if the received Packet is NOT a valid Radius Packet.

o If yes, it drops the packet o Otherwise, if the received packet is NOT A response for a pending authentication request.

If yes, it drops the packet. Otherwise, it extracts the Authentication result.

It checks if the result is Access Accept, o If yes, it sends the event authentication success to the user module through call back. o Otherwise

If the result is Access Reject, it sends event-authentication failure to the user module through call back. Otherwise, it sends the event authentication Error to the user module through call back.

 How Radius servers process incoming packetsWhen a Radius Server receives a packet (flowchart here): 

It checks if the radius service is disabled. o If yes, it drops the packet. o Otherwise, if the received packet is NOT a valid Radius Packet.

If yes, it drops the packet. Otherwise, it continues.

The Radius server verifies Client IP-client key matching and client type matching. o If any of the above NOT matching, it drops the packet. o Otherwise:

The Radius server extracts UserName and Password. Authenticates. Checks if the authentication is success.

If yes, it creates Access Accept packet and sends back to the client. Otherwise, it creates Access Reject packet and sends back to the client.

 How Tacacs Clients process incoming packetsWhen a Tacacs Client receives a packet (flowchart here): 

It checks if the Tacacs service is disabled: o If yes, it drops the packet. o Otherwise

If the received packet is NOT a valid Tacacs Packet, it drops the packet.

Otherwise, it continues. It checks if the TCP connection is NOT in the ESTABLISHED state:

o If yes, it drops the packet. o Otherwise

If the packet is NOT a proper reply for a pending request, it drops the packet. Otherwise, it extracts the Tacacs packet type:

If the packet is - user name prompt: If yes, it sends the event user name prompt to the client module through the call back. If no, it checks if the packet is - Password prompt

It sends the event password prompt to the client module through the call back. If the packet is Authentication Result

If it is authentication Success, it sends the event Authentication Success to the client module through the call back. Otherwise, it sends the event Authentication Failure to the client module through the call back.

 How Tacacs servers process incoming packetsWhen a Tacacs Server receives a packet (flowchart here): 

It checks if the Tacacs service is disabled o If yes, it drops the packet. o Otherwise

If the received packet is NOT a valid Tacacs Packet, it drops the packet. Otherwise

If Client IP-client key not matching or client type does not match: The Tacacs server creates an Authentication Reject Packet and sends back to the Client.

If the packet contains - request for user name prompt It gets the UserName Prompt. It creates the Reply packet and sends back to the client.

If the packet contains - request for Password prompt It gets Password Prompt . It creates the reply packet and sends back to the client.

If the packet contains - user name, it stores the UserName. If the packet contains - password, it authenticates the username and password:

If Authentication Success, it creates Authentication Accept Packet and sends back to the Client. Otherwise, it creates Authentication Reject Packet and sends back to the Client.

 

How VoIP registration worksWhen IP phone connected to a configured CME is powered on (flowchart here): 

Initiates a dhcp request o IP phone receives an ip address. Check if tftp is enabled by default or manually entered. If tftp is not configured

Ip phone will not register. It will retry in 10 seconds. o Else if tftp is configured

Start connecting to server/CME. If connection is not successful, Will retry in 10 seconds.

Else Send registration request to server Server checks if the MAC is permitted. If NOT permitted,

Server throws a phone rejected log message Phone will retry in 10 seconds

Else Check if CME has a line number available for this phone. If NOT,

Registration is failed. Close connection Will retry in 10 seconds

Else Returns line number and registration ACK to the client/phone. Registration successful.

 How local call works in VoIPWhen IP phone lifts handset and start dialing number, : 

Router receives the number Checks in the local directory to find the number. If NOT found,

o Send back “Unknown number” to the client/phone. Else if called number is in another call,

o Send back “busy” to the client/caller. Else

o Send Sccp Ringermessage to the destination phone. o Destination phone starts ringing. o Also send Ringout to the caller phone. o When destination phone picks up handset,

Create an RTP port. Sends openReceiveChannelAck to the CME with the udp port. Caller phone creates udp port and sends openReceiveChannelAck to the CME with this udp port. Both phones now start media transmission.

 How remote call works in VoIPWhen IP phone lifts handset and start dialing number, (flowchart here): 

Router receives the number. Sccp session is updated with callstate and incoming/outgoing number If dial-peer finds target router for the number,

o Create an RTP port. o Send H.323 setup message with RTP port to the target router. o Target router looks up local directory for the dialed number. If NOT found,

Send back “unknown number” to the client/phone. o Else if target phone is in another call,

Send back a “busy” to the source phone. Do a release complete of the connection

o Else Create RTP port. Send Ringin to the client/phone. Send back H.323 callProceeding to the source router/CME with the RTP port created. Creates a call information with caller/callee number. Call is answered by lifting handset. Sends a connect H.323 message to the source router. Target phone create another udp port and sends openReceiveChannelAck to the CME with the udp port. Source router send openReceiveChannel SCCP message to the caller phone. Caller phone creates udp port and sends openReceiveChannelAck to the CME with this udp port. Both phones now start media transmission.

Else if doesn’t find target router o Send back “unknown number” to the client/phone.

Other Models

How routers process incoming packets (NAT process)When a router receives a packet: 

It checks if the receiving port is a NAT outside port. o If so:

It checks to determine whether the packet is UDP, TCP or ICMP to get the packet's source and destination port. It refers to the NAT table (using the global addresses) for the necessary translation.

If it finds a match for the packet (a translation exists): It replaces the inside address and port with the local version. It translates the destination IP address and port

o If the receiving port is not a NAT outside port, or if it is a NAT outside port but the requested IP address is not in the NAT table: The router checks to see if there is a route to the destination IP.

It drops the packet if (any): There is no route. It finds a route, but the outgoing port of that route entry is the same as the receiving port.

If there is a route, it sends a reply with the receiving port's MAC address.

 How routers process outgoing packets (NAT process)When a router wants to send a packet out a port: 

It checks if the outgoing port is a NAT inside port. o If so:

It looks up its NAT table for the necessary translations. It captures the packet's source and destination ports and sets a timer for the packet (depending on the packet's encapsulation type).

For a TCP packet the timer is 24 hours. For a UDP packet the timer is 5 minutes. For an ICMP packet the timer is 1 minute.

It looks up the NAT table o If the receiving port is not a NAT outside port, or if it is a NAT outside port but the requested IP address is not in the NAT table:

The router checks to see if there is a route to the destination IP. It drops the packet if (any):

There is no route.

It finds a route, but the outgoing port of that route entry is the same as the receiving port. If there is a route, it sends a reply with the receiving port's MAC address.

 How routers process incoming packets in the NATv6 processWhen a router receives a packet (flowchart here):

It checks if the packet is received from v4 lower process or v6 lower process. If so: Check if the prefix address is valid. If the destination is in the valid network:

o It checks to determine whether the packet is UDP, TCP or ICMPv6/ICMPv4 to get the packet's source and destination port. o It refers to the NAT table (using the inside global addresses) for the necessary translation. o If it finds a match for the packet (a translation exists):

It replaces the inside global address and port with the local version. Then it translates the destination IP address and port. If a valid NAT entry is found in the table, form a new IP header – IPv6 or IPv4 depending on which higher process the packet has to be

sent. If the requested IP address is not in the NAT table:

o The packet is sent to the corresponding higher process from where it was received. o The router checks to see if there is a route to the destination IP. o It drops the packet if (any):

There is no route. It finds a route, but the outgoing port of that route entry is the same as the receiving port. If there is a route, it sends a reply with the receiving port's MAC address.

                                                                                

How routers process outgoing packets in the NATv6 processWhen a router wants to send a packet out a port (flowchart here):

It checks if the packet is send from v4 higher process or v6 higher process. If packet is from higher process of v4 stack:

o Send it to the lower process of v4 stack. If packet is from higher process of v6 stack:

o Send it to the lower process of v6 stack.

 How devices use ARP to send IP packetsWhen a device sends an IP packet (flowchart here): 

If the destination IP is a broadcast, it sets the packet's destination MAC address to the broadcast MAC address and sends the packet out. If the destination IP is a multicast, it sets the packet's destination MAC address to the multicast MAC address and sends the packet out. If the destination IP is a unicast, it looks up the ARP table to see if the destination IP matches an entry's IP address in the ARP table.

o If a match exists, it: Sets the packet's destination MAC address to the entry's MAC address. Sends out the IP packet.

o If a match does not exist, it: Drops the IP packet. Sends an ARP request out. Adds that request to the list of ARP requests. Sets and starts the timer for it as it waits for an ARP reply.

 How devices send ARP requestsWhen a device wants to send an ARP request (flowchart here): 

It will NOT send the request if (any): o The sending port is down. o The sending port does not have a valid IP address. o A request for the same IP address is already sent.

If none of the above is true, it proceeds with the ARP request. It: o Constructs an ARP request for the IP address in question. o Sets the destination MAC address to the broadcast address. o Adds the request to the list of existing requests. o Sets and starts a timer for this request. o Sends the request. o Waits for an ARP reply. o Drops the request from the list if time expires.

 How devices process incoming ARP packets

When a device receives an ARP packet (flowchart here): 

It drops the packet if (any): o The receiving port is not up. o The device is a switch and an active VLAN interface is not up. o The packet's source IP is not in the same subnet as the receiving port's subnet.

If the above is not true, it proceeds to process the packet: o It checks to see if the packet is an ARP request or an ARP reply. o If the packet is an ARP request, it checks to see if the packet's destination IP matches the receiving port's IP address.

If they match, the device sends a reply with the receiving port's MAC address. If they do not match:

If the device is not a router, it drops the packet. If the device is a router, refer to "How routers process ARP requests."

o If the packet is an ARP reply, the device checks if it submitted a request for the IP address found in the reply. It drops the packet if there is no such request in the list. If the packet is in the ARP request list:

The device now removes the request from the list. If the ARP table does not contain an entry with the IP and MAC addresses found in the packet, it will make a new entry with those

addresses. If the ARP table already contains an entry with the IP and MAC addresses found in the packet, it just resets that entries' timer. That

entry will be removed from the table when its timer expires.

 How routers process ARP requestsWhen a router receives an ARP packet (continuing from "How devices process incoming ARP packets"): 

It checks the NAT status on the receiving port. o If the receiving port is a NAT outside port, the router checks the NAT table for the packet's destination IP.

If the requested IP address is in the NAT table, the router sends a reply with the receiving port's MAC address. o If the receiving port is not a NAT outside port, or if it is a NAT outside port but the requested IP address is not in the NAT table:

The router checks to see if there is a route to the destination IP. It drops the packet if (any):

There is no route. It finds a route, but the outgoing port of that route entry is the same as the receiving port.

If there is a route, it sends a reply with the receiving port's MAC address.

 How an ACL worksACL for IPv4 and IPv6 works the same way except the input of different versions of IP addresses. When a router receives a packet on an interface:  

ACL checks for inbound ACL and if inbound ACL is configured on the interface: o If the inbound ACL is empty, it permits the packet. o If the inbound ACL contains statements:

If the packet matches the criteria of any of the statements and: If the statement permits the packet, it passes the ACL process. If the statement denies the packet it drops the packet.

If there is no match in the list ACL drops the packet by default.

When a router sends a packet on an interface: 

ACL checks for outbound ACL and if outbound ACL is configured on the interface: o If the packet is generated locally, it permits the packet. o If the outbound ACL is empty, it permits the packet. o If the outbound ACL contains statements:

If the packet matches the criteria of any of the statements and: If the statement permits the packet, the packet passes the ACL process. If the statement denies the packet, it drops the packet.

If there is no match in the list, the ACL drops the packet by default.

Activity Wizard

The Activity Wizard is an assessment tool that allows you to create highly specific networking scenarios for other users. You can simply create activities with instructions, an initial network, and an answer network. User can also create more dynamic activities with the Variable Manager and design them using Evidence Centered Design methodologies using the Scoring Model.

This tool is particularly useful for instructors creating activities for students to complete. When students start an activity, they are presented with an initial network and a set of instructions. Students follow the instructions to complete the activity, and then they can check their finished network with the instructor's answer network. Instructors have full control over all aspects of the activity. The typical sequence for creating an activity is as follows:

1. Create the answer network and set the assessment items, connectivity tests, and overall feedback. 2. Create the initial network, which will be the students' starting point. Typically, this network is similar to the finished answer network but with

specific features missing, devices with missing configurations and/or devices with misconfigured features. Alternatively, a blank initial network may also be used.

3. Optionally, put constraints on the students' ability to use certain features during the activity. 4. Optionally, set up the Variable Manager to add dynamism to the activity. 5. Optionally, use the Scoring Model and Scripting engine in place of the assessment tree to create complex scoring rules for the grading of

activities. 6. Write a clear set of instructions for the activity. 7. Password-protect the activity to prevent unauthorized changes to activity parameters. 8. Save the activity.

Before opening the Activity Wizard, be sure to save your work on the workspace. Packet Tracer will clear the workspace when closing the Activity Wizard.

You can access the Activity Wizard from the Extension menu. When you do so, you have the option to use the existing workspace as the answer network.

A welcome screen that explains the basic steps to create an activity (similar to this page) will appear. You can then click on any of the pages in the Activity Menu (on the left) to edit the various aspects of the activity.

After going through the various panels to create the activity, select Save from the Activity Menu to save the activity. Packet Tracer activity are saved in the .pka file format.

Choose Exit from the Activity Menu to exit the Activity Wizard. Note that the workspace will be cleared after you exit, so remember to save your files.

Instructions

The student instructions for the activity are entered in the Instructions panel. When students open the activity file, the instructions will appear in a separate window that remains visible. The instructions should explain clearly the objectives for the activity. If tight restrictions are set for the activity, you should also mention the intended methods to accomplish the objectives so as not to confuse students with locked out functions. You can use the following supported HTML tags to format the instructions:

a address b big blockquote body br center cite code dd dfn div dl dt em font h1 h2 h3 h4 h5 h6 head hr html i img kbd meta li nobr ol p

pre qt s samp small span strong sub sup table tbody td tfoot th thead title tr tt u ul var

However, note that if you do decide to use HTML tags, you must manually format every aspect of the text, including line breaks and paragraph tags. Alternatively, you are able to import instructions from *.htm files using Import Page or Import All. Likewise, you can also export the instructions to *.htm files by using Export Page or Export All. Use the Preview as HTML button to see how the text would look with HTML formatting applied. If you do not use any HTML tags in the instructions, the text you type into the panel is exactly what students see. Additionally, you may separate the instructions into multiple pages to reduce clutter or to divide contents within the activity.

The instructions in the screenshot tells the student to configure PPP. Depending on the assessment parameters, you may also need to specify such details as exactly which port to connect to which device, the name of each device, and so on.

Answer Network

In the Answer Network panel, you construct the answer network, and mark the elements of the network on which you want to assess the students.

Click on the Show Answer Network button to view the workspace for the answer network. If you chose to convert the existing workspace to the answer network when you first entered the Activity Wizard, that network will already be in place, and you may further edit it here. If you did not do the conversion, you will have a blank workspace from which to work. Another option is to import an existing .pkt file and use it as the answer network using the Import File to Answer Network button. After you have completed the answer network, you can export it (saving it as another .pkt file) using the Export Answer Network to File button. Note: any changes to an imported .pkt file will be lost upon exiting the Activity Wizard unless you export the answer network to file.

 

Setting the Assessment Items

An assessment item is a feature in the student configuration that must match the configuration of that feature in the answer network. Choose the assessment options by checking items in the expandable tree. You can check specific features or entire categories. For example, you can check just the IP address of a port of a particular router, or click on the Ports category to check all settings of all ports on the router. A regular check indicates a specific feature or an entire category is assessed. A gray checkbox indicates that only some of the features in the category are assessed. In general, it is better to check specific features rather than checking entire categories. Take care to uncheck irrelevant items that are not being tested. Carefully setting up the assessment tree avoids frustrating students who essentially complete an activity but whose work had a few insignificant differences with the answer network. With this system, the student solution may be different from the instructor answer network, but it still can be correct as long as the assessed features match.

For convenience, you can show only certain components in the tree by using the View Filter. For example, entering the keyword "Ip" will hide assessment items that are not under the "Ip" component. Also, checking Show Checked Only will only show assessment items that are checked. By Expand/Collapse All button the Assessment Items tree gets expanded or collapsed. You can also Add Shape Test as assessment items.

Additionally, you can manually set the amount of points a particular assessment item is worth and categorize which component(s) the assessment item belongs to. Also, you can set per-assessment item feedbacks, which provide hints to students if their assessed item is incorrect. The per-assessment item feedback is displayed in the Assessment Items tab in the Check Results for incorrect assessment items only.

 

Connectivity TestsConnectivity Testing is another method of assessment. Unlike the assessment items, which look up the student's network configuration and compare it to the answer network configuration, connectivity testing is based on Realtime PDUs that are sent when the user clicks Check Results. Connectivity Testing allows the activity to be graded based on network functionality and performance rather than matching of static configuration parameters. The types of connectivity testing supported are the types of User Created PDUs contained in the first scenario of the answer network. For each PDU, you may set the Test Condition to Do Not Test, Successful, or Fail.

 

Overall FeedbackThe Overall Feedback allows you to set custom feedback messages for completed and incomplete activities. The Completed Feedback message is shown when the activity is 100% complete. Otherwise, the Incomplete Feedback message is shown. There is also support for a subset of HTML tags, as with the Instructions.

 

SettingsIn the Settings tab, you may time the activity (keeping track of the elapsed time as students work on the activity with the Time Elapsed option) or set a time limit (with the Countdown option).

You may also set Feedback Settings which will assess the user network against the assessment tree every few seconds. Enabling Dynamic percentage feedback will assess the user network against the assessment tree every few seconds. Connectivity tests will not be assessed. Note that large activities may degrade system performance. You have these options for dynamic feedback: No Dynamic Feedback, Show Score, Show Item Count Percentage, Show Item Count and Show Score Percentage.

To prevent students from changing their user profile during an activity, you may enable User Profile Locking. If an attempt to change the user profile is made while an activity is running, a dialog will appear warning that the activity will reset if the user information is changed. Optionally, you may set the amount of time (in ms) to forward the answer network using the Answer Network Convergence option. A typical use case of Answer Network Convergence is when you check the activity results after loading an activity, the results may show that the activity is incomplete as the answer network has not converged in time. By setting an arbitrary time to forward the answer network, this issue would be resolved.

Initial Network

In the Initial Network panel, you set the network from which the user will start the activity. One option for setting up the initial network is to simply copy from the answer network and edit parts of it. Do this by pressing the Copy from Answer Network button. Another option is to import a file using the Import File to Init Network button and to edit that file. After creating the initial network, you can export it using the Export Init Network to File button.

 

Using the Locking TreeThe tree in this mode is used to lock out functions to which you do not wish the student to have access. For example, you can prevent the student from switching to the Physical Workspace (under the Interface branch). The restrictions can be much more specific, such as preventing changes to the interface type on a specific port on a specific device (under the Topology > Existing Devices branch). Be careful about what functions you lock because certain restrictions may prevent the student from finishing the activity.

The first screenshot above shows some appropriate items that should be locked for our simple example. This configuration takes away the student's ability to use Simulation Mode features. Without Simulation Mode, the student has to use the command prompt on a PC to send pings and troubleshoot.

 

Initial Network SetupBy default, an activity will use the values defined in the Initial Network. The tree in the Initial Network Setup tab allows you to define alternative initial values for some items. For example, a server may have the default gateway set to 192.168.1.1 in the Initial Network. However, as shown in the screenshot below, by selecting the Default Gateway item for the server in the Initial Network Setup tree and then changing the value to 192.168.4.1, the server would have the default gateway set to 192.168.4.1 instead of 192.168.1.1.

 

Object LocationsYou can create some sets of location for devices on answer network. For this purpose create a set of logical workspace object locations. Then click on Append Current Locations to create a location set. You can create multiple location sets and append them to this list.

To overwrite, load or delete that location set, input a number into the Edit Set text field. Enter a value in the Index Variable text field to use a variable to determine the device location set to choose from when an activity starts or rests. If you leave the field blank, a random one will be selected when the activity starts.

Password

The Password panel allows you to set a password for the Activity Wizard features of the activity file. If no password is set, anyone who opens the activity file can access the Activity Wizard and edit its parameters. The password system protects the author's exclusive ability to modify an activity. Note that the password is case sensitive.

Testing/Checking the Activity (Previewing)

When you choose the Test Activity tab from the Activity Menu, you can do a trial run of the activity you created from the beginning of the activity. This allows you as the author to see the activity from a student's point of view (see Running Activities). Meanwhile, the Check Activity tab will allow you to test the activity without restarting from the beginning. This will give you a chance return to the Activity Wizard and fine tune the activity before you finally save it. Return to the Activity Wizard at any time by clicking the icon on the lower left corner of the workspace.

Running Activity Files

You start an activity by opening a saved activity (.pka) file. You will first see the Instructions window telling you how to complete the activity. You can reposition or minimize this window to the Windows taskbar as you work on the activity. The Instructions window will also provide you a Dynamic Percentage Feedback next to the word Completion on how far you are in the activity, which is updated every 3 seconds. Optionally, the activity may display a timer, which is either the amount of time that has elapsed since the start of the activity or the amount of time left to complete the activity. The Instructions window also contains several buttons: Top, Check Results, Reset Activity and < >. Turning on the Top option will cause the Instruction window to stay on top at all times. Use the Check Results button to see your progress in completing the activity. Use the Reset Activity button to return to the activity's initial settings and start over. Use the < > buttons to go forward or back a page in multiple-paged instructions.

As a user (not the author of the activity), you can use the File > Save (or Save As ) command to save your current progress in the activity and finish the activity later from where you left off. It is preferable to save it as a new file so you do not overwrite the original activity file. When you re-open the file later on, you can still use the Reset Activity button to restart from the initial network.

 

Overall Feedback The Completed Feedback message is shown when the activity is 100% complete. Otherwise, the Incomplete Feedback message is shown.

 

Assessment Items The screenshot below displays the results for the Assessment Items. For each Assessment Item, a message will display if it is Correct or Incorrect, which depends on the answer network. An activity is fully completed when there are green checks on all components. A white check indicates that a category is only partially complete. A red x indicates that an assessment item is missing or incorrect. The number of points the assessment item is worth and the component(s) the assessment item belongs to are also shown as well. In this particular screenshot, it shows that the activity was nearly completed, with only a few items incorrect. Also, per-assessment item feedback messages may be shown for incorrect items.

 

Connectivity Tests The screenshot below shows the Connectivity Test results which are compared to the connectivity test conditions of the answer network.

Variable Manager

The Variable Manager provides the ability for an activity author to add dynamic capabilities into an activity. These capabilities allow an author to create activities that change each time they are loaded or reset. This capability is enabled by creating pools of values and then creating variables which use the pool values to enable dynamic capabilities. The variables allow you to change many aspects of an activity, including but not limited too, Device names, IP addressing, Routing statements, DHCP and DNS records.

There are four types of variables that can be created in the Variable Manager and they are Seeds, Number, Strings and IP Addresses. With the exception of the Seeds, the variables are created using a combination of a resource pool and an associated variable. Each type tab has a place to enter both the pool and the variable information. The seeds tab, due to the simplicity of the type combine both parts into one operation.

You can set variables to select values in one of 4 ways. From drop-down menu if you select Random then the value will be selected randomly from any values in the pool. By selecting Element Position the value will be an integer that selects the same position from the pool each time. Seed refers to a position defined by a Seed variable in the Seed tab. This is a method for allowing the same position to be used in multiple variable selections. Entire Range is a variable used in the Activity Wizard answer network to accept any input as correct as long as it is contained in the associated pool. The typical sequence for creating a variable is:

1. Fill in the variable Name 2. Select the associated Pool Name (the pool must be already created to show in the dropdown list) 3. Specify the Variable Type (dropdown: Random, Element Position, Seed, Entire Range) 4. Specify the Value (if Element Position is selected a number within the range of values is specified, if seed is selected a seed name is entered

for the value)

An important setting to notice is the Show Variable Manager Interface at the bottom of the screen. By checking this checkbox you can set or assign variables in the Instructions text, Assessment Items, and Initial Items. You can add all of the variables created by clicking on the Arrow (<--) next to the variable name. In the Instructions panel, place the cursor where you want the variable to be placed at and then click on the Insert "<--" button in the Variable Manager Interface. In the Assessment Items and Initial Items, only the items marked with a green dot can be assigned a variable. To remove an assignment of the variable, select the appropriate variable and hit Delete on the keyboard.

 

SeedsSeed values should be thought of as Index values for selecting other data variables, while not required. Make sure the pool range in greater or equal to the Seed range of values. Valid Seed range is from 0 to 2,147,483,647. A seed should be a positive value, although negative values are legal, otherwise using them as indexes in other variable pools and variables can cause unpredictable results.

To add Seeds you should fill in the required fields like Name, Minimum (usually "0") and Maximum Values by clicking on each cell of table and typing in. The maximum value should match the total number of pool entries that the seed is used to select. If left blank, both values are set to zero (0), so the first value in any pool is always selected.

Inserting the Test Value is optional and will specify the value to be used for the seed. This overrides random selection and is only used during Test Activity mode. If a value is specified in the Test Value cell, it is used during any subsequent testing or running of the activity, until the value in the cell is deleted or changed. To test all combinations simply increment the value in the Test Value cell until you have reached the value specified in the Maximum cell.

For Edit entire rows just like Adding new Seed you can double-click in the cell and change the value and to Remove click anywhere in the row to be deleted and press the Delete key. So to delete a value in the Variable Manager tables you must select and highlight the value, then delete. Do not just click in the cell of the value you want to delete, because if you press delete after just selecting the cell and not the actual value, you will delete the entire row in the table.

Seed values can be placed anywhere in Packet Tracer that a variable is accepted, in the Initial Network, the Answer Network, the Instructions, as well as Device names and Notes on the workspace. The format for using a seed is the same as for any variable, using two braces to open and close with the seed name in between the braces like this [[Index1]]. This is the same format that is used when Seeds are used in other pools or variables setup. The value that is selected from the seed range will be displayed or used in other variable selections.

 

NumberNumber Values enable the ability to add dynamic numbers into a PT scenario. These are often used like the graphic shows, creating a range of numbers that can be concatenated and used as IP addresses. An example of how that would be done would be to use the four variables created like this [[Oct1]]. [[Oct2]]. [[Oct3]]. [[Oct4]].

Numeric variables may be used in String and IP address pools using the [[Variable]] format after they have been created on the Number page.

Number Pools:To Add Number Pools: fill in the required Name, Minimum and Maximum Values. You can edit entire rows of Number Pools by double-click on the cell and change the value and for removing click anywhere in the row to be deleted and press the Delete key. Valid numbers range is positive and negative integer. But remember to not use negative numbers as selection or index variables. Both of these values are required or the entry will not remain in the table. Seed variables can also be substituted for integers by using this format: [[variablename]].To Edit a Pool: just click in the cell and type a new value or new name.To Remove a Pool value: Highlight the contents of any cell in the row and press the "Delete" Key, it you just click on the cell and delete the entire row will be deleted and any associated number variables will be deleted also.To Remove a Pool (an entire row in the table): click on a cell in the row and press delete. The entire row will be deleted and any number variables using this Pool Name will be deleted also.

Number Variables:After the number Pool has been created a variable can be created to use with the pool by entering a Variable Name, selecting a Pool Name from the dropdown list, and then specifying a Value Type from its dropdown list. The four choices are:Random: Select any value from the pool choices Element Position: Will select the Pool value as the specified position for the variable Seed: Will select the Pool value specified by the resolved Seed variable value Entire Range: Used in the Answer Network, any value entered into the AW Answer Tree that is included in the Pool will be considered correct.

If Element Position or Seed is specified, the associated integer value or Seed name must be entered in the Value cell. In the graphic above the Oct1 variable would resolve to a value of between 198 to 210 inclusive, based on the table and variable values. You can double-click in the cell and change the value or reselect the dropdowns values. Clicking anywhere in the row and press the Delete key will cause the cell be deleted.

 

StringsString Pools can be used to create different names for devices in the Packet Tracer activity, or again like Seeds and Numbers anywhere a variable can be used. Text variables can also be used in the instructions area to change the scenario text. Since Packet Tracer initially converts every to strings, text strings can also be used for IP addresses like the IP octet pool shows.

String variables may be used in IP Address Pools, using the [[Variable]] format.

String Pool:To Add a Pool: Fill in the required Name and Text Field. The Text field can contain text, numbers, Seeds and Number Variable data, separated by semi-colons. Seed and Number variables can be substituted for text data using [[variablename]].To Edit a Pool: Select and highlight the text to be change and type over it.To Remove a Pool value: Select and highlight the text, then press the "Delete" Key,To Remove a Pool (an entire row in the table): click on a cell in the row and press delete. The entire row will be deleted and any number variables using this Pool Name will be deleted also.

String Variables:You can also add String Variables by filling in the required Name, Pool Name and Value type field. If Value Type is Element Position, an integer value or Number Variable is specified in the value field. In case of Value Type is Seed, a Seed variable name is used in the Value field. See also Number Variables.

 

IP AddressesIP address pools allow for dynamic addressing schemes in Packet Tracer, they also allow for dynamic configurations in the initial network including DNS and DHCP records. They also allow for multiple correct answers, for example in addressing schemes, when used in the answer network.

IP Address Pool:To Add a pool: Fill in the required Name, Network Address, and Mask Values. The First and Last IP Address fields will automatically filled in based on the Network and Mask fields, although they can be manually changed to the specific range of addresses needed. Seed, Number, and String variables can be substituted for address data using [[variablename]].To Edit a Pool: Double-Click in the cell and change the value. The First and Last IP Address fields can be edited to specify a smaller range of addresses that is set by default.To Remove: Click anywhere in the row to be deleted and press the Delete key

IP Address Variables:To Add IP Address Variable fill in the required Name, Pool Name and Value type fields. If Value Type is Element Position, an integer value or Numeric Variable is specified in the value field. If Value Type is Seed, a Seed variable name is used in the Value field. Editing and removing any rows is just like IP Address Pool. See also Number variables.

 

Using Regular ExpressionsAn alternative to using the conventional variables in the Variable Manager is to use regular expressions to check dynamic assessment items like default gateway or IP addresses. Instead of assigning a variable in the assessment items tree to an assessment item as described in the previous section, you may insert a regular expression. The syntax to use a regular expression in Activity Wizard is {{RegEx:expression}}. For example, the following is a valid regular expression to check if an IP address is in the 192.168.1.0 network:

{{RegEx:\b(192?)\.(168?)\.(1?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b}}

 

You would then insert the regular expression in replacement of a variable in assessment items tree by selecting the assessment item (e.g. IP Address) and clicking once more on the current value of the assessment item (e.g. 0.0.0.0) such that field would becomes editable. Once the field is editable, you can type in the regular expression and pressing Enter after you are done.

 

For more help with regular expressions, visit the Qt QRegExp documentation here:

http://qt-project.org/doc/qt-4.8/qregexp.html

 

 

Scoring Model/Scripting

The Scoring Model is an Evidence Centered Design process by which to assess work products through the application of scoring rules and textual feedback. The Scoring Model is used to create complex rules for the grading of activities. When using the new Scoring Model, it is possible to display customized feedback for every work product in the assessment tree (both positive and negative feedback) as well as overall and partial feedback. It is not even necessary to link the feedback text to a work product if the purpose is to provide a simple message to the user.

The Scripting engine is a component of Packet Tracer that was designed to allow greater flexibility in creating scoring rules for Packet Tracer activities that use the new Scoring Model. The Scripting engine is what allows this complex scoring model to exist. Each item created in the Scoring Model exists as an object in the Scripting engine so that it can be accessed by any expression/scoring rule that the user creates.

An example of where the Scoring Model and Scripting engine would be beneficial is when an instructor wants to display a message to the user indicating that the IP addressing is mostly correct, but not completely correct and not totally incorrect. This may happen when there are several devices on the stage and one or two of the three are correctly addressed, but the third is not. Using the new Scoring Model, it is possible to provide this sort of feedback based on the combination of multiple work products. The major benefit here is the ease of customization in complex scoring scenarios, as well as a model that more closely aligns with the Evidence Centered Design process.

 

Scoring Model InterfaceThe Scoring Model tab allows you to define individual Work Product Features along with corresponding Scoring Rules. For each section, there are buttons to Add, Remove, Edit, and Move the work product features and scoring rules. Refer to the "Example" & "Terms" sections below for further explanation and terminology.

 

Scripting Interface

Packet Tracer comes bundled with four important scripts written in JavaScript. EventManager.js stores custom event handlers for Core Events. ProficiencyModel.js stores and evaluates the Scoring Model. ScoringModel.js holds the data classes for the Scoring Model. Main.js is the main function called from the core, where subsequent communication from the core is processed via Events. By default, Main.js supports the Scoring Model by adding events for saving, loading, evaluating, and reporting for the Proficiency Model.

In the Scripting tab, you can add, remove, edit, rename, import, and export scripts including the four core scripts described above. Optionally, you can click on the debug button to reveal a debug window, which can assist you in scripting.

In most use cases, you will not need to edit the four core scripts. However, should you have any reason to edit these scripts, each script is fully editable and removable per activity file. If you edited or removed any of the four core scripts and you want to restore them, go to Info tab and select PT 5.2 Activity from the template list to bring back the scripts to their original configurations.

In the screenshot below, an XML file called PROFICIENCY_MODEL is also in the list. Refer to the "Example" & "Terms" sections below for further explanation and terminology.

 

Scripts defined in Activity Wizard are per activity file and not per instance of Packet

Tracer. Included scripts can be extended or removed per activity file.

 

ExampleAn instructor wants to test that students know how to properly power on three devices in a network. However, the instructor wants to provide positive feedback if all devices are turned on, and a single negative feedback if at least one of the devices is not powered. This particular style of feedback doesn’t fit the standard Packet Tracer model of scoring and feedback so it is necessary to use the Scoring Model.

The instructor starts by placing three devices on the stage, Router0, Router1, and Router2. The Activity Wizard is then started and the existing network is to be used as the answer network.

In the Answer Network page, the instructor will select the Scoring Model tab instead of using the Assessment Tree tab. Here, the instructor will need to make a work product feature for each item that is to be retrieved from the user’s network. Since the activity is to test the power status of three devices, three work product features will be needed. For simplicity, the items created will be named r0power, r1power, and r2power.

To create one of these work product features, the instructor clicks the + button under the Work Product Features section. In the dialog that pops up, the name "r0power" is entered into the Name field. The Description is optional and left blank. For the expression, the instructor must use the help in the nodes box at the bottom to find the proper path to the network setting that is to be checked. By default, the search starts in the "Network" and moves into devices from there. Clicking after the string "Network:", the instructor then types any character to see the updated available nodes. Noticing that Router0 is available, the phrase is completed to form "Network:Router0:". Once the final colon is entered, the list of options inside

Router0 is shown. Since, the purpose is to test the power, the final phrase is "Network:Router0:Power". The instructor would then create a work product feature for each of Router1 and Router2 as well.

Now that the work product features are created, the instructor needs to compose the tests for each of the work product features. This is done using the Scoring Rules section beneath that. According to Evidenced Centered Designed process, each work product feature must be assessed by applying a scoring rule to it, which creates a Primary Observable. Previously, the work product features just defined the items we were interested in. Primary observables take those interesting pieces of information and test them against some rule or expression. In this case, the instructor needs to determine if the devices are powered, which is to say that our work product features have the value '1'. To make naming simple, the primary observables are to be called r0poweron, r1poweron, and r2poweron.

To do this, the instructor clicks the + button under the Scoring Rules section, and selects Primary Observable from the Type drop-down list. In the Name field, "r0poweron" is entered. The Description again is optional so is not entered. Next is the expression. This is a JavaScript string that will be used to test the value of the work product feature. The template contains a portion for the condition, a true value, and a false value. The evaluation of this expression is directly assigned to the value of the primary observable created. For this instance, the instructor wants to assign the value 1 if the test is true and the value 0 if the test is false (it could also be assigned text strings, other numbers, scores, or other valid script commands as well). The condition part of the expression is to test to see that our work product feature r0power has the value '1'. Erasing the condition part of the template, it is replaced with "r0power == '1'". This directly compares the work product feature r0power against the string value of '1'. Since the instructor wants to assign the number 1 when true, and 0 when false, each of those portions is replaced with 1 and 0 respectively.

This produces the final expression of "( r0power == ‘1’ ) ? 1 : 0;". This JavaScript command will assign the value 1 to r0poweron when the work product feature r0power is equal to '1', and the value 0 for everything else. The instructor then repeats the process for the other two primary observables.

Next, the instructor needs to create an indicator for all three devices. This particular type of observable is called a Compound Observable since it will be combining multiple primary observables in some manner into a single value. This value could be a score, or just another indicator of correctness. To keep things simple, the instructor has decided to create it as an indicator which will take on the value 1 if all three devices are turned on and 0 if at least one of the devices is off. The observable will be named "allpower".

To create this observable, the instructor again clicks the + button underneath Scoring Rules, but this time selects Compound Observable in the Type drop-down list. In the Name field, "allpower" is entered and the Description is left blank. Like the primary observable, the same template applies to compound observables. Here, the instructor needs to test that all three primary observables have the value 1 and assign the compound the value 1 if they do, or 0 if they do not. One way the instructor can do this is to add up the values of all three primary observables and determine if the value is 3. If it is, then all devices are powered on. If it is less than 3, at least one device is unpowered. The expression the instructor enters is the following "( r0poweron + r1poweron + r2poweron == 3 ) ? 1 : 0;".

Lastly, the instructor wants to display some feedback. Since Packet Tracer has only one text to display feedback in it is necessary to place the entire string into the unique Reporting Variable called OVERALL_REPORT. If all devices are powered on, the feedback should be "You have powered all devices." If at least one device is unpowered the feedback should read "X devices are unpowered. Please fix the error and try again." The value X should be the number of devices that are incorrectly powered.

Again, the instructor clicks the + under the Scoring Rules section and creates a Reporting Variable this time. In the Name field, the special name "OVERALL_REPORT" is used. The expression this time is a little more complicated since the observable allpower does not contain the number of devices, but a correctness indicator. It is possible to create another compound observable to show this, but the instructor decides to do the calculations right in the expression to save time. The resulting expression is:

( allpower == 1 ) ? "You have powered all devices." : (3 – ( r0poweron + r1poweron + r2poweron)) + " devices are unpowered. Please fix the error and try again.";

This particular expression checks the value allpower. If it is true then it display the first string, otherwise it composes an alternate string that contains the value 3 – the number of correct devices (the number of incorrect devices).

When the instructor checks the Scripting tab, the instructor will notice that a new XML file called DATA: PROFICIENCY_MODEL has been automatically generated which includes all of the work product features and scoring rules that were created as seen in the screenshot in the "Scripting" section above.

Before the instructor can test the activity, the initial network is configured by copying it from the answer network and turning off the power to all three devices. Instructions are entered to tell the student what to do, and then the activity is tested.

When the instructor tests the activity without turning any devices on it displayed "3 devices are unpowered. Please fix the error and try again." However, if two devices are powered on, the feedback is "1 devices are unpowered. Please fix the error and try again." And lastly, when all three devices are powered on, the feedback is "You have powered all devices."

 

TermsExpression - A sequence of JavaScript commands that results in a value that can be assigned to an observable.

Work Product Feature - A particular element of interest in the Packet Tracer network. For example, the IP address assigned to Router0’s FastEthernet0/0 port.

Primary Observable - The result of the application of a scoring rule or expression against a work product feature. Usually there is one primary observable for each work product feature, and typically the value is true or false. As an example, if the IP address on Router0’s FastEthernet0/0 port is equal to 10.0.0.1, then award 2 points.

Compound Observable - An application of aggregation rules to multiple Primary Observables. The values stored in a compound observable can be any legal JavaScript value but typically are numerical scores or correctness indicators. As an example, add the points from IP addressing and routing together.

Reporting Observable - Typically a string value named that represents some portion of feedback. For example: If the score is greater the 70, display "Passed".

Assessment Items

What are Assessment Items?The assessment items are found in the Assessment Items tab of the Answer Network section in the Activity Wizard.

Most configurations in the answer network have corresponding assessment items. To assess certain items, place a check mark next to the item. The default behavior is to compare the student network configuration to what is defined in the answer network configuration. For more advanced activities, the assessment items can be replaced with a variable. In this case, the student network configuration is compared with the value defined in the variable.

How to Add Variables to the ItemsVariables can only replace existing configured values. All leaf items can be replaced with a variable. A solid green dot indicates that a node has been replaced by a variable.

There are two options for replacing a configured value with a variable:Option 1: Use the Variable Manager interface, click on <--Option 2: Single click on the assessment item. A text field will pop up; replace the text with a variable.

Assessment Items and Values:Assessment item values are loosely-typed; in fact, they are all of type String. However, some values follow this generic template:

Boolean: Less than or equal to 0 is false. Greater than or equal to 1 is true.Numbers: A decimal (base 10) number.IP Addresses: Must follow this format: 192.168.1.1; all digits between 0 and 255.MAC Addresses: Must follow this format: ABCD.ABCD.ABCD; all digits must be hexadecimal. Strings: Any regular string. A few string types require adherence to a specific format. This format is specified in the assessment item tree of the Activity Wizard.

Definition of Assessment Items and ValuesThese are the available nodes in Packet Tracer. The nodes follow a tree structure, where the leaf nodes are the nodes that can be graded. "<User Defined>" nodes take the name of a user configured value. For example, if a user configures a VLAN Name: "Engineering", the value "Engineering" will show in the runtime Assessment Tree but in this table, it will show as "<User Defined>."

AaaProcess | AclProcess | AclV6Process | AcsServerProcess | BgpProcess | Category | Cbac | CbacProcess | CbacProtocol | CdpProcess | ClassMapManager | ClientGroup | CMEProcess | CryptoMapSeq | CryptoMapSet | CustomQueueInfo | CustomQueueManager | DialPeer | DhcpPool | DhcpServerProcess | DhcpV6ClientProcess | DhcpV6LocalPrefixPool | DhcpV6Pool | DhcpV6ServerMainProcess | DhcpV6ServerProcess | DnsClient | DnsServerProcess | DynamicCryptoMap | EasyVpnServer | EigrpMainProcess | EigrpProcess | EigrpV6MainProcess | EigrpV6Process | EmailClient | EmailServer | EmailUser | Ephone | EphoneDirectory | FileManager | FtpServerProcess | GreProcess | HttpServer | HttpsServer | IcmpSignature | IkePolicy | IpsecPeer | IpsecProcess | IpsProcess | ISATAP | NatProcess | NatV6Process | NdProcess | NtpClientProcess | NtpServerProcess | OspfMainProcess | OspfProcess | OspfV3MainProcess | OspfV3Process | ParserView | ParserViewManager | PolicyMapManager |

PolicyMapQosClass | PolicyMapZfwClass | PortKeepAliveProcess | PortSecurity | PppoeServer | PriorityQueueManager | PrivilegeManager | QueueProtocol | RadiusClientProcess | RadiusServerProcess | RipProcess | RipV6MainProcess | RipV6Process | RoutingProcess | RoutingProcessV6 | Settings | Security | Signature | SnmpAgent | Signature | SshServerProcess | StpMainProcess | SyslogClient | SyslogServer | TacacsClientProcess | TcpProcess | TelephonyService | TerminalLine | TftpServer | TransformSet | TunnelInterface | VirtualTemplateInterface | VirtualTemplateManager | VpdnGroup | VpnIpPool | VtpProcess | WirelessClientProcess | WirelessCommon | WirelessServerManager | WirelessServerPortData | WirelessServerProcess | ZfwProcess | ZonePair |

AccessPoint | AnalogPhone | Asa | Bridge | CableModem | CiscoDevice | Cloud | CloudPotsPort | CloudSerialPort | Console | Device | DslModem | EtherChannel | EtherChannelManager | FRSubInterface | HomeVoip | HostPort | Hub | IPPhone | Laptop | MultiLayerSwitch | MURemoteNetwork | Network | Pc | Pda | Printer | Port | RoutedSwitchPort | Router | RouterPort | Server | Switch | SwitchPort | TabletPC | TerminalLineDevice | TV | WiredEndDevice | WirelessRouter |

AaaProcess - up

Name Node Type Variable Type

AAA Head

   New-model Leaf Number

   Authentication Head

      Authen Command <User Defined> Leaf String

   Authorization Head

      Authorize Command <User Defined> Leaf String

AcsServerProcess - up

Name Node Type Variable Type

ACS Head

   ACS Enabled Leaf Boolean

   Network Configuration Head

      Client <User Defined> Head

         Client IP Leaf IP Address

         Client Leaf String

         Secret String Leaf String

         Server Type Leaf Number

   User Setup Head

      User <User Defined> Head

         User Description Leaf String

         User Name Leaf String

         User Password Leaf String

RadiusClientProcess - up

Name Node Type Variable Type

RADIUS Client Head

   RADIUS Server Hosts Head

      <User Defined> Leaf Number

   RADIUS server key Leaf String

RadiusServerProcess - up

Name Node Type Variable Type

RADIUS Server Head

   Port Leaf Number

TacacsClientProcess - up

Name Node Type Variable Type

TACACS Client Head

   TACACS Server Hosts Head

      <User Defined> Leaf String

   TACACS server key Leaf String

AclProcess - up

Name Node Type Variable Type

ACL Head

   <User Defined> Leaf String

AclV6Process - up

Name Node Type Variable Type

ACLV6 Head

   <User Defined> Leaf String

Cbac - up

Name Node Type Variable Type

Inspect name <User Defined> Head

   Name Leaf String

   Protocols Head

      <CbacProtocol> Head

CbacProcess - up

Name Node Type Variable Type

Firewall Head

   IP Inspect Names Head

      <Cbac> Head

   Global Alert Leaf Number

   Global Audit Trail Leaf Number

   DNS Timeout Leaf Number

   FIN-WAIT Time Leaf Number

   SYN-WAIT Time Leaf Number

   UDP Idle Time Leaf Number

   TCP Idle Time Leaf Number

   MAX Incomplete High Leaf Number

   MAX Incomplete Low Leaf Number

   One Minute High Leaf Number

   One Minute Low Leaf Number

CbacProtocol - up

Name Node Type Variable Type

Protocol <User Defined> Head

   Protocol name Leaf String

   Alert Leaf Number

   Audit trail Leaf Number

   Timeout Leaf Number

CdpProcess - up

Name Node Type Variable Type

CDP Head

   CDP Enabled Leaf Boolean

DhcpPool - up

Name Node Type Variable Type

Pool <User Defined> Head

   IPs Leaf String

   Name Leaf String

   DNS Server Leaf String

   Default Gateway Leaf String

   Start IP address Leaf String

   Subnet mask Leaf String

   Max Users Leaf Number

   TFTP Server Leaf IP Address

DhcpServerProcess - up

Name Node Type Variable Type

DHCP Head

   DHCP Enable Leaf Boolean

   Pools Head

      <DhcpPool> Head

   Excluded Addresses Head

      <User Defined> Leaf String

DhcpV6ClientProcess - up

Name Node Type Variable Type

DHCPV6 Client Head

   DHCPV6 Client PD Name Leaf String

DhcpV6LocalPrefixPool - up

Name Node Type Variable Type

Local Pool Name <User Defined> Head

   <User Defined> Head

      Local Pool Name Leaf String

      Prefix Leaf String

      Prefix Length Leaf Number

      Sub Prefix Length Leaf Number

DhcpV6Pool - up

Name Node Type Variable Type

Pool Name <User Defined> Head

   <User Defined> Head

      Pool Name Leaf String

      DNS Leaf String

      Domain Name Leaf String

      Prefix Delegations Head

         Prefix Delegations <User Defined> Head

            Prefix Delegations Leaf String

            DUID Leaf MAC Address

            Static Preferred Lifetime Leaf Number

            Static Valid Lifetime Leaf Number

      Prefix Delegation Pool Head

         Name <User Defined> Head

            Name Leaf String

            Dynamic Preferred Lifetime Leaf Number

            Dynamic Valid Lifetime Leaf Number

DhcpV6ServerMainProcess - up

Name Node Type Variable Type

DHCPv6 Head

   DHCPv6 Pools Head

      <DhcpV6Pool> Head

   Local Pools Head

      <DhcpV6LocalPrefixPool> Head

DhcpV6ServerProcess - up

Name Node Type Variable Type

DHCPv6 Server Head

   DHCPv6 Server Pool Name Leaf String

DnsClient - up

Name Node Type Variable Type

DNS Head

   IP Domain Lookup Leaf Boolean

   IP Domain Name Leaf String

   IP Name Server Leaf IP Address

   IPv6 Name Server Leaf IP Address

   IP Host Header Head

      Host <User Defined> Leaf String

   IPv6 Host Header Head

      Host <User Defined> Leaf String

DnsServerProcess - up

Name Node Type Variable Type

DNS Server Head

   DNS Enable Leaf Boolean

   Resource Records Head

      Record <User Defined> Head

         A Records Head

            Address Leaf IP Address

         NS Records Head

            Server name Leaf String

         SOA Records Head

            SOA Record <User Defined> Head

               Primary Server Name Leaf String

               Mailbox Leaf String

               Min TTL Leaf Number

               Refresh Time Leaf Number

               Retry Time Leaf Number

               Expire Time Leaf Number

         CNAME Records Head

            Hostname Leaf String

ClientGroup - up

Name Node Type Variable Type

Group <User Defined> Head

   Name Leaf String

   Key Leaf String

   Pool name Leaf String

   Netmask Leaf String

DynamicCryptoMap - up

Name Node Type Variable Type

Map <User Defined> Head

   Name Leaf String

   Sequence number Leaf String

   Crypto IpSec Transform Sets Head

      <TransformSet> Head

   Reverse-route Leaf Number

EasyVpnServer - up

Name Node Type Variable Type

Easy VPN Server Head

   IP Local Pools Head

      <VpnIpPool> Head

   Client Configuration Groups Head

      <ClientGroup> Head

VpnIpPool - up

Name Node Type Variable Type

Pool <User Defined> Head

   Name Leaf String

   Start IP Leaf String

   End IP Leaf String

FileManager - up

Name Node Type Variable Type

Files Head

   <User Defined Directory> Head

      <User Defined File> Leaf String

FtpServerProcess - up

Name Node Type Variable Type

FTP Server Head

   FTP Enable Leaf Boolean

   User Accounts Head

      Account <User Defined> Head

         User Name Leaf String

         User Password Leaf String

         User Permission Leaf String

   Server Files Head

      <User Defined> Leaf String

GreProcess - up

Name Node Type Variable Type

GRE Head

   Interface Tunnels Head

      <TunnelInterface> Head

TunnelInterface - up

Name Node Type Variable Type

Tunnel <User Defined> Head

   Port number Leaf String

   Source Leaf String

   Destination Leaf String

HttpServer - up

Name Node Type Variable Type

HTTP Server Head

   HTTP Enable Leaf Boolean

   Server Files Head

      <User Defined> Leaf String

HttpsServer - up

Name Node Type Variable Type

HTTPS Server Head

   HTTPS Enable Leaf Boolean

Category - up

Name Node Type Variable Type

Category <User Defined> Head

   NAME Leaf String

   Retired Leaf Number

Signature - up

Name Node Type Variable Type

Signature Head

   Enabled Leaf Number

   Retired Leaf Number

IcmpSignature - up

Name Node Type Variable Type

<Signature> Head

   Icmp Signature ID Leaf Number

   Icmp Sub ID Leaf Number

IpsProcess - up

Name Node Type Variable Type

IPS Head

   Config Location Retries Leaf Number

   Config Location Leaf String

   Ips List Head

      IPS Name <User Defined> Head

         IPS Name Leaf String

         Ips List Leaf String

   Signature Categories Head

      <Category> Head

   <IcmpSignature> Head

   Notify Log Leaf Number

Signature - up

Name Node Type Variable Type

Signature Head

   Enabled Leaf Number

   Retired Leaf Number

EmailClient - up

Name Node Type Variable Type

Email Client Head

   <EmailUser> Head

EmailServer - up

Name Node Type Variable Type

Email Server Head

   SMTP Service Enabled Leaf Boolean

   POP3 Service Enabled Leaf Boolean

   Domain Name Leaf String

   Users Head

      User <User Defined> Head

         User Name Leaf String

         User Password Leaf String

EmailUser - up

Name Node Type Variable Type

Email User Head

   Name Leaf String

   Email Leaf String

   Incoming Mail Server Leaf String

   Outgoing Mail Server Leaf String

   User Name Leaf String

   User Password Leaf String

NatProcess - up

Name Node Type Variable Type

NAT Head

   Pools Head

      Pool Name <User Defined> Leaf String

   Inside Source List Head

      NAT Source Setting <User Defined> Leaf String

   Outside Source List Head

      NAT Source Setting <User Defined> Leaf String

   Inside Source Static Head

      NAT Source Setting <User Defined> Leaf String

   Outside Source Static Head

      NAT Source Setting <User Defined> Leaf String

NatV6Process - up

Name Node Type Variable Type

NATV6 Head

   Pools Head

      <User Defined V6V4> Leaf String

      <User Defined V4V6> Leaf String

   Prefix Head

      Prefix IP Leaf IP Address

      Prefix Mask Leaf IP Address

   Inside Source List Head

      <User Defined V4V6> Leaf String

      <User Defined V6V4> Leaf String

   Inside Source Static Head

      Name Leaf String

NdProcess - up

Name Node Type Variable Type

NDV6 Head

   General Prefixes Head

      General Prefix <User Defined> Leaf String

   Neighbors Head

      Neighbor <User Defined> Head

         IPv6 Address Leaf IP Address

         Mac Address Leaf MAC Address

NtpClientProcess - up

Name Node Type Variable Type

NTP Client Head

   NTP Authenticate Leaf Number

   Update Calendar Leaf Number

   Authentication Keys Head

      Key <User Defined> Head

         Name Leaf String

         Password Leaf String

   Trusted Keys Head

      Key Leaf Number

   NTP Server Information Head

      Address Leaf IP Address

      Key Leaf String

NtpServerProcess - up

Name Node Type Variable Type

NTP Server Head

   Service Leaf Boolean

   Authentication Leaf Number

   Key Leaf Number

   Password Leaf String

PppoeServer - up

Name Node Type Variable Type

PPPOE Server Head

   <VirtualTemplateManager> Leaf Boolean

VirtualTemplateManager - up

Name Node Type Variable Type

Virtual Template Head

   Interfaces Head

      <VirtualTemplateInterface> Head

   VPDN Enable Leaf Boolean

   VPDN Groups Head

      <VpdnGroup> Head

VirtualTemplateInterface - up

Name Node Type Variable

Type

Virtual Template Interface Head

   IP Unnumbered Enabled Leaf String

   Default IP Address Pool Leaf String

   PPP CHAP Hostname Leaf String

   PPP CHAP Password Leaf String

   PPP Authentication Leaf Number

VpdnGroup - up

Name Node Type Variable Type

VPDN Group Head

   Group Name Leaf String

   Dial-in Leaf Boolean

   Virtual Template Leaf Number

   Protocol PPPOE Leaf Boolean

ClassMapManager - up

Name Node Type Variable Type

Class Maps Head

   Class Map List Head

      <User Defined> Head

         Map Type Leaf Number

         Statements Head

            <User Defined> Leaf String

CustomQueueInfo - up

Name Node Type Variable Type

Custom Queue Info <User Defined> Head

   Protocol List Head

      <QueueProtocol> Head

   Queues Infos Head

      Queue Info Leaf String

      Default Queue Leaf String

CustomQueueManager - up

Name Node Type Variable Type

Custom Queues Head

   Custom Queue Info List Head

      <CustomQueueInfo> Head

PolicyMapManager - up

Name Node Type Variable Type

Policy Maps Head

   Policy Map List Head

      Policy Map <User Defined> Head

         Policy Map Name Leaf String

         Policy Map Type Leaf Number

         <PolicyMapQosClass | PolicyMapZfwClass> Head

PolicyMapQosClass - up

Name Node Type Variable Type

QoS Class <User Defined> Head

   Map Name Leaf String

   Bandwidth Leaf Number

   Queue Limit Leaf Number

   Priority Leaf Number

   Service Policy Leaf String

PriorityQueueManager - up

Name Node Type Variable Type

Priority Queue Head

   Priority List Head

      <User Defined> Head

         Protocol Leaf String

         Queue Limit Head

            High Leaf String

            Medium Leaf String

            Normal Leaf String

            Low Leaf String

            Default Leaf String

QueueProtocol - up

Name Node Type Variable Type

Queue Protocol Head

   IP Leaf Number

   IPv6 Leaf Number

   Keyword Leaf Number

   Key Value Leaf Number

   Queue Index Leaf Number

BgpProcess - up

Name Node Type Variable Type

BGP Head

   Autonomous System Leaf Number

   Router ID Leaf IP Address

   Log Neighbor Changes Leaf Boolean

   Redistribute-internal Leaf Boolean

   Networks Head

      Route <User Defined> Leaf String

   Neighbors Leaf Boolean

      <User Defined> Leaf IP Address

         Autonomous System Leaf Number

         Next-Hop-Self Leaf Boolean

   Timers Head

      Keepalive Leaf Number

      Holdtime Leaf Number

   Synchronization Leaf Boolean

   Redistribution Head

      <User Defined> Leaf String

EigrpMainProcess - up

Name Node Type Variable Type

EIGRP Head

   <EigrpProcess> Head

EigrpProcess - up

Name Node Type Variable Type

Autonomous System <User Defined> Head

   Auto Summary Leaf Number

   Networks Head

      Route <User Defined> Leaf IP Address

   Passive Interface Head

      Default Leaf Number

      <User Defined> Leaf String

   Metrics Leaf String

   Variance Leaf Number

   Redistribution Head

      <User Defined> Leaf String

OspfMainProcess - up

Name Node Type Variable Type

OSPF Head

   <OspfProcess> Head

OspfProcess - up

Name Node Type Variable Type

Process ID <User Defined> Head

   Area Authentication Head

      Area <User Defined> Leaf Number

   Area Head

      Area <User Defined> Leaf Number

      Area Status Leaf String

      Default Cost Leaf Number

      Virtual Link Head

         <User Defined> Leaf String

   Default Information Leaf Number

   Log Adjacency Changes Leaf String

   Passive Interface Head

      Default Leaf Number

      <User Defined> Leaf String

   Networks Head

      Route <User Defined> Head

   Redistribution Head

      <User Defined> Leaf String

   Router ID Leaf String

RipProcess - up

Name Node Type Variable Type

RIP Head

   Version Leaf Number

   Auto Summary Leaf Number

   Default Information Originate Leaf Boolean

   Redistribution Head

      <User Defined> Leaf String

   Timers Leaf String

   Networks Head

      Route <User Defined> Leaf String

   Passive Interface Head

      Default Leaf Number

      <User Defined> Leaf String

RoutingProcess - up

Name Node Type Variable Type

Routes Head

   (deprecated) Static Routes Head

      Route <User Defined> Leaf String

   Static Routes Head

      Route <User Defined> Leaf String

   Default Networks Head

      <User Defined> Leaf IP Address

   IP Routing Leaf Boolean

   Forward Protocols Head

      <User Defined> Leaf String

EigrpV6MainProcess - up

Name Node Type Variable Type

EIGRPV6 Head

   <EigrpV6Process> Head

EigrpV6Process - up

Name Node Type Variable Type

EIGRPv6 <User Defined> Head

   Metrics Leaf String

   Shutdown Leaf Number

   Router ID Leaf IP Address

   Redistribution Head

      <User Defined> Leaf String

OspfV3MainProcess - up

Name Node Type Variable Type

OSPFV6 Head

   <OspfV3Process> Head

OspfV3Process - up

Name Node Type Variable Type

OSPFv6 <User Defined> Head

   Area Head

      Area <User Defined> Head

         Area Status Leaf String

         Default Cost Leaf Number

         Virtual Link Head

            <User Defined> Leaf String

   Log Adjacency Changes Leaf Number

   Passive Interface Head

      Default Leaf Number

      <User Defined> Leaf String

   Shutdown Leaf Number

   Redistribution Head

      <User Defined> Leaf String

RipV6MainProcess - up

Name Node Type Variable Type

RIPV6 Head

   <RipV6Process> Head

RipV6Process - up

Name Node Type Variable Type

RIPv6 <User Defined> Head

   Distance Leaf Number

   Redistribution Head

      <User Defined> Leaf String

   ShutDown Leaf Number

RoutingProcessV6 - up

Name Node Type Variable Type

Routesv6 Head

   IPv6 Unicast Routing Leaf Number

   (deprecated) Static Routes Head

      <User Defined> Leaf String

   Static Routes Head

      <User Defined> Leaf String

   Default Networks Head

      <User Defined> Leaf IP Address

Security - up

Name Node Type Variable Type

Security Head

   Crypto Key Set Leaf String

   Boot Config Leaf String

   Boot Image Leaf String

   Modulus Bits Leaf Number

SnmpAgent - up

Name Node Type Variable Type

SNMP Head

   SNMP Communities Head

      Community <User Defined> Leaf Number

SshServerProcess - up

Name Node Type Variable Type

SSH Server Head

   SSH Version Leaf Number

   SSH Authentication-retries Leaf Number

   SSH Timeout Leaf Number

StpMainProcess - up

Name Node Type Variable Type

STP Head

   VLANs Head

      <User Defined> Head

         VLAN Number Leaf Number

         Priority Leaf Number

   RSTP Leaf Number

   PortFast Default Leaf Number

PortSecurity - up

Name Node Type Variable Type

Port Security Head

   Enabled Leaf Boolean

   Static MACs Head

      <User Defined> Leaf MAC Address

   Port Security Violation Leaf Number

   Max Static MACs Leaf Number

   Sticky Enabled Leaf Boolean

   Sticky MACs Head

      <User Defined> Leaf MAC Address

SyslogClient - up

Name Node Type Variable Type

SYSLOG Client Head

   Server Addresses Head

      Address Leaf String

SyslogServer - up

Name Node Type Variable Type

SYSLOG Server Head

   Service Leaf Boolean

TcpProcess - up

Name Node Type Variable Type

TCP Head

   Service Nagle Leaf Boolean

   TCP MSS Leaf Number

TftpServer - up

Name Node Type Variable Type

TFTP Head

   TFTP Enable Leaf Boolean

   ServerFiles Head

      <User Defined> Leaf String

CMEProcess - up

Name Node Type Variable Type

Call Manager Express Head

   Dial Peers Head

      <DialPeer> Head

   <TelephonyService> Head

   EPhones Head

      <Ephone> Head

   EPhone Directories Head

      <EphoneDirectory> Head

DialPeer - up

Name Node Type Variable Type

Dial Peer <User Defined> Head

   Tag Number Leaf Number

   Destination Pattern Leaf Number

   Session Target Leaf IP Address

Ephone - up

Name Node Type Variable Type

EPhone <User Defined> Head

   Number Leaf Number

   MAC Address Leaf MAC Address

   Buttons Head

      Button <User Defined> Head

         Button Leaf Number

         <EphoneDirectory> Head

EphoneDirectory - up

Name Node Type Variable Type

EPhone Directory <User Defined> Head

   Directory Number Leaf Number

   Directory Line Number Leaf String

TelephonyService - up

Name Node Type Variable Type

Telephony Service Head

   Auto Assign Commands Head

      Auto Assign <User Defined> Leaf String

   Max Directory Number Leaf Number

   Max EPhone Number Leaf Number

   Source IP Leaf IP Address

   Source Port Leaf Number

CryptoMapSeq - up

Name Node Type Variable Type

Sequence Head

   Number Leaf String

   Peers Head

      <IpsecPeer> Head

   Match address Leaf String

CryptoMapSet - up

Name Node Type Variable Type

Set Head

   Name Leaf String

   Respond Leaf String

   Sequence List Head

      <CryptoMapSeq> Head

   Ports Head

      Port Leaf Number

IkePolicy - up

Name Node Type Variable Type

Policy <User Defined> Head

   Number <User Defined> Leaf Number

   Authentication type Leaf String

   Hash algorithm Leaf String

   Encryption Leaf String

   Group Leaf Number

   Lifetime Leaf Number

IpsecPeer - up

Name Node Type Variable Type

Peer Head

   Address Leaf String

IpsecProcess - up

Name Node Type Variable Type

IKE Head

   Crypto ISAKMP Policy Head

      <IkePolicy> Head

   Crypto ISAKMP Key Address Pairs Head

      <User Defined> Leaf String

   Crypto IpSec Transform Sets Head

      <TransformSet> Head

   Crypto Map Sets Head

      <CryptoMapSet> Head

   Crypto Dynamic Maps Head

      <DynamicCryptoMap> Head

   ISAKMP Enable Leaf Number

   Security Association Leaf Number

TransformSet - up

Name Node Type Variable Type

Set Head

   Name Leaf String

   AH Transform Leaf Number

   ESP Authentication Transform Leaf Number

   ESP Encryption Transform Leaf Number

ISATAP - up

Name Node Type Variable Type

ISATAP Client Head

   ISATAP Client Enabled Leaf Boolean

   ISATAP Router Leaf String

VtpProcess - up

Name Node Type Variable Type

VTP Head

   Domain Name Leaf String

   VTP Mode Leaf Number

   VTP Password Leaf String

   VTP Version Leaf Number

WirelessClientProcess - up

Name Node Type Variable Type

<WirelessCommon> Head

   Security Mode Head

      User Id Leaf String

      Password Leaf String

WirelessCommon - up

Name Node Type Variable Type

Wireless Head

   SSID Leaf String

   Security Mode Head

      Authen Type Leaf Number

      WEP Key Leaf String

      PassPhrase Leaf String

      Encryption Type Leaf Number

WirelessServerManager - up

Name Node Type Variable Type

Dot11 Configuration Head

   SSID Configurations Head

      SSID <User Defined> Leaf String

         SSID name Leaf String

         Authentication Leaf String

            WPA key management Leaf Number

            EAP method Leaf String

            EAP list name Leaf String

            Wpa-psk Head

               Key entered as Leaf String

               Unencrypted Leaf Number

               Key Leaf Number

   Dot11Radio Configurations Head

      <WirelessServerPortData> Head

WirelessServerPortData - up

Name Node Type Variable Type

Dot11Radio Head

   Bridge Group Leaf Number

   Station Role Leaf Boolean

   Speed Leaf String

   Encryption Head

      Key Leaf String

      Size Leaf String

      Type Leaf String

      Hex String Leaf String

      Mode WEP Leaf String

      Mode Cipher Leaf String

   SSID Leaf String

WirelessServerProcess - up

Name Node Type Variable Type

<WirelessCommon> Head

   Security Mode Head

      RADIUS Server IP Leaf String

      RADIUS Shared Secret Leaf String

   SSID BroadCast Leaf Number

   Mac Filter Mode Head

      Mode Leaf Boolean

      Access Restriction Leaf Number

      Mac Address List Head

         Mac Address Leaf MAC Address

PolicyMapZfwClass - up

Name Node Type Variable Type

Inspect Class <User Defined> Head

   Class Map Leaf String

   Action Leaf Number

ZfwProcess - up

Name Node Type Variable Type

Zone Based Firewall Head

   Zone Names Head

      <User Defined> Leaf String

   Zone Pairs Head

      <ZonePair> Head

ZonePair - up

Name Node Type Variable Type

Zone Pair <User Defined> Head

   Name Leaf String

   Source Zone Leaf String

   Destination Zone Leaf String

   Service Policy Leaf String

Settings - up

Name Node Type Variable Type

Algorithm Settings Head

   CBAC Head

      Half-Open Session Multiplier Leaf Number

   TCP Head

      Maximum Number of Connections Leaf Number

      Maximum Number of Open Sessions Leaf Number

   Switching Head

      Storm Control Multipler Leaf Number

PrivilegeManager - up

Name Node Type Variable Type

Command Privilege Head

   Commands Head

      Command Leaf String

ParserView - up

Name Node Type Variable Type

View Head

   View name Leaf String

   Secret Leaf String

   Commands Head

      Command Leaf String

ParserViewManager - up

Name Node Type Variable Type

Parser View Head

   Views Head

      <ParserView> Head

TerminalLine - up

Name Node Type Variable Type

RS232 | Console Line |VTY Line <User Defined> |

Head

   Speed Leaf Number

   Data Bits Leaf Number

   Parity Leaf Number

   Stop Bits Leaf String

   Flow Control Leaf Number

   Transport Input Leaf Number

   Transport Output Leaf Number

   History Size Leaf Number

   MOTD Banner Leaf Number

   Login Leaf Number

   Password Leaf String

   AAA Method List Name Leaf String

   Session Limit Leaf Number

   Access Class In Leaf String

   Access Class Out Leaf String

   Exec-timeout Leaf Number

   Logging Synch Leaf Number

   Privilege Level Leaf Number

   IPv6 Access-class In Leaf String

   IPv6 Access-class Out Leaf String

AccessPoint - up

Name Node Type Variable Type

<Device> Head

   <WirelessServerProcess> Head

AnalogPhone - up

Name Node Type Variable Type

<Device> Head

Bridge - up

Name Node Type Variable Type

<Device> Head

CableModem - up

Name Node Type Variable Type

<Device> Head

CiscoDevice - up

Name Node Type Variable Type

   <AaaProcess> Head

   Banner login Leaf String

   Banner motd Leaf String

   Boot System Head

      <User Defined> Leaf String

   <CdpProcess> Head

   Clock Timezone Leaf String

   Config-Register Leaf Number

   <Console> Head

   <DnsClient> Head

   Enable Password Leaf String

   Flash Files Head

      <User Defined> Leaf String

   FTP Passive Leaf Number

   FTP Password Leaf String

   FTP Username Leaf String

   Host Name Leaf String

   IP Domain Name Leaf String

   Login Options Head

      Login On Success Leaf Number

      Login On Failure Leaf Number

      Blocking Head

         Enabled Leaf Boolean

         Duration Leaf Number

         Attempts Leaf Number

         Period Leaf Number

   <NtpClientProcess> Head

   <RadiusClientProcess> Head

   <Settings> Head

   <Security> Head

   Security Password Min-Length Leaf Number

   Service Password Encryption Leaf Number

   <SshServerProcess> Head

   Startup Config Leaf Number

   Static MAC Head

      <User Defined> Leaf String

   <SyslogClient> Head

   <TacacsClientProcess> Head

   <TerminalLine> Head

   User Names Head

      User Name Leaf String

   VTY Lines Head

      <TerminalLine> Head

Cloud - up

Name Node Type Variable Type

<Device> Head

   Frame Relay Connections Head

      <User Defined> Leaf String

   DSL Connections Head

      <User Defined> Leaf String

   Cable Connections Head

      <User Defined> Leaf String

Device - up

Name Node Type Variable Type

<User Defined> Head

   Custom Model Name Leaf String

   Custom Variables Head

      <User Defined> Leaf String

   Device Model Leaf String

   Device Type Leaf Number

   In Logical Shape Leaf String

   In Physical Shape Leaf String

   Ports Head

      <Port> Head

   Power Leaf Number

Authorization Leaf String

DslModem - up

Name Node Type Variable Type

<Device> Head

HomeVoip - up

Name Node Type Variable Type

<Device> Head

   SCCP Server Address Leaf IP Address

Hub - up

Name Node Type Variable Type

<Device> Leaf Number

IPPhone - up

Name Node Type Variable Type

<Device> Leaf Number

Laptop - up

Name Node Type Variable Type

<Pc> Head

MultiLayerSwitch - up

Name Node Type Variable Type

<Router> Head

   <EtherChannelManager> Head

   MLS QoS Enabled Leaf Number

Pc - up

Name Node Type Variable Type

<TerminalLineDevice> Head

   Accessories Head

      Camera Connected Leaf Boolean

      Headphone Connected Leaf Boolean

      Microphone Connected Leaf Boolean

      USB Hard Drive Connected Leaf Boolean

   Default Gateway Leaf IP Address

   Default Gateway IPv6 Leaf IP Address

   DNS Server Leaf IP Address

   DNS Server IPv6 Leaf IP Address

   <EmailClient> Head

   Files Head

      C Directory Head

         sampleFile.txt Leaf String

         <User Defined> Leaf String

      Desktop Head

         sampleFile.txt Leaf String

         <User Defined> Leaf String

   <Settings> Head

   <TerminalLine> Head

   <WirelessClientProcess> Head

Pda - up

Name Node Type Variable Type

<Pc> Head

Printer - up

Name Node Type Variable Type

<Pc> Head

Router - up

Name Node Type Variable Type

<CiscoDevice> Head

   <AclProcess> Head

   <AclV6Process> Head

   <CbacProcess> Head

   <ClassMapManager> Head

   <CMEProcess> Head

   <CustomQueueManager> Head

   <BgpProcess> Head

   <CbacProcess> Head

   <DhcpServerProcess> Head

   <DhcpV6ServerMainProcess> Head

   DHCP Relay Agent Head

     Enabled Leaf Boolean

     Relay Information Trust All Leaf

   <EasyVpnServer> Head

   <EigrpMainProcess> Head

   <EigrpV6MainProcess> Head

   <GreProcess> Head

   <IpsecProcess> Head

   <IpsProcess> Head

   <NatProcess> Head

   <NatV6Process> Head

   <NdProcess> Head

   <OspfMainProcess> Head

   <OspfV3MainProcess> Head

   <ParserViewManager> Head

   <PolicyMapManager> Head

   <PriorityQueueManager> Head

   <PrivilegeManager> Head

   <RipProcess> Head

   <RipV6Process> Head

   <RoutingProcess> Head

   <RoutingProcessV6> Head

   <SnmpAgent> Head

   <SshServerProcess> Head

   <Security> Head

   <StpMainProcess> Head

   <TcpProcess> Head

   VLANS Head

      <User Defined> Head

         VLAN Name Leaf String

   <VirtualTemplateManager> Head

   <VtpProcess> Head

   <WirelessServerManager> Head

   <ZfwProcess> Head

Server - up

Name Node Type Variable Type

<Pc> Head

   <AcsServerProcess> Head

   <DhcpServerProcess> Head

   <DnsServerProcess> Head

   <EmailServer> Head

   <FtpServerProcess> Head

   <HttpServer> Head

   <HttpsServer> Head

   <NtpServerProcess> Head

   <RadiusServerProcess> Head

   <SyslogServer> Head

   <TftpServer> Head

   <EmailServer> Head

Switch - up

Name Node Type Variable Type

<CiscoDevice> Head

   Default Gateway Leaf IP Address

   DHCP Relay Agent Head

     Enabled Leaf Boolean

     Relay Information Trust All Leaf

   DHCP Snooping Head

     Enabled Leaf Boolean

     MAC Address Verified Leaf

     Option 82 Inserted Leaf

     Option 82 Trusted Leaf

     VLANs Head

       VLAN <num> Leaf Number

   DHCP Snooping Binding DB Agent Head

     Flash Leaf

     Write Delay Leaf

   Ports Head

     Switch Port Head

       DHCP Snooping Limit Rate Leaf

       DHCP Snooping Trust Leaf

   <EtherChannelManager> Head

   <SnmpAgent> Head

   <StpMainProcess> Head

   VLANS Head

      <User Defined> Leaf String

         VLAN Name Leaf String

   <VtpProcess> Head

ASA - up

Name Node Type Variable Type

<CiscoDevice> Head

   Default Gateway Leaf IP Address

   Clientless Settings Head

     Bookmarks Head

      Bookmark Leaf

       Title Leaf

     Users Head

      User Leaf

       Bookmark Leaf

       Group Policy Leaf

       Profile Name Leaf

       Username Leaf

   DHCP Server (inside) Head

     Enabled Leaf Boolean

     DHCPD Auto_config Leaf

   DHCP Server (outside) Head

     Enabled Leaf Boolean

     DHCPD Auto_config Leaf

     VLANs Head

       VLAN <num> Leaf Number

   Ports Head

     Switch Port Head

   <StpMainProcess> Head

   VLANS Head

      <User Defined> Leaf String

         VLAN Name Leaf String

   <VtpProcess> Head

TabletPC - up

Name Node Type Variable Type

<Pc> Head

TerminalLineDevice - up

Name Node Type Variable Type

<Device> Head

   Enable Secret Leaf String

   Logging Head

      Service timestamp debug Leaf Number

      Service timestamp log Leaf Number

      Logging console Leaf Number

      Logging buffered Leaf Number

      Logging On Leaf Number

   Trap Debug Leaf Number

TV - up

Name Node Type Variable Type

<Device> Head

WiredEndDevice - up

Name Node Type Variable Type

<Pc> Head

WirelessRouter - up

Name Node Type Variable Type

<Device> Head

   Default Gateway Leaf IP Address

   <DhcpServerProcess> Head

   DNS Server IP Leaf IP Address

   Internet Connection Leaf Number

   Password Leaf String

   Remote Management Leaf Boolean

   Single Port Forwarding Head

      <User Defined> Leaf String

   <WirelessServerProcess> Head

Console - up

Name Node Type Variable Type

<Port> Head

CloudPotsPort - up

Name Node Type Variable Type

<Port> Head

   Phone Number Leaf String

CloudSerialPort - up

Name Node Type Variable Type

<Port> Head

   Frame Relay Head

      LMI Type Leaf Number

      Sublinks Head

         <User Defined> Leaf String

FRSubInterface - up

Name Node Type Variable Type

<RouterPort> Head

   Type (Point-to-Point/ MultiPoint) Leaf Number

   DLCI Head

      DLCI <User Defined> Leaf Number

HostPort - up

Name Node Type Variable Type

<Port> Head

   ARP Timeout Leaf Number

   Auto Config Leaf Number

   DHCP client enable Leaf Boolean

   <DhcpV6ClientProcess>

     Enabled Leaf Boolean

     Pool Name Leaf String

   IP Address Leaf IP Address

   ip mtu Leaf Number

   Ipv6 Address Head

   IPv6 Enable Leaf Number

      <User Defined> Head

         IP Address Leaf IP Address

         Prefix Leaf String

         Type Leaf String

   ipv6 mtu Leaf Number

   Link Local Leaf IP Address

   mtu Leaf Number

   Subnet Mask Leaf IP Address

Port - up

Name Node Type Variable Type

<User Defined> Head

   Bandwidth Auto Negotiate Leaf Number

   Clock Rate Leaf Number

   Description Leaf String

   Duplex Auto Negotiate Leaf String

   MAC Address Leaf MAC Address

   Port Type Leaf Number

   <PortKeepAliveProcess> Head

   Power Leaf Number

   Tx Ring Limit Leaf Number

   (Wireless) Link to <User Defined> Head

      Connects to <User Defined> Leaf String

      DCE Port Name Leaf String

      Type Leaf Number

PortKeepAliveProcess - up

Name Node Type Variable Type

Port Keepalive Head

   Keepalive interval Leaf Number

RoutedSwitchPort - up

Name Node Type Variable Type

<SwitchPort | RouterPort> Head

   SwitchPort Leaf Number

EtherChannel - up

Name Node Type Variable Type

<RoutedSwitchPort> Head

   Channel group Head

      Channel mode Leaf Number

   Channel protocol Leaf Number

EtherChannelManager - up

Name Node Type Variable Type

EtherChannel Head

   Load Balance Method Leaf Number

RouterPort - up

Name Node Type Variable Type

<HostPort> Head

   802.1Q Head

      VLAN ID Leaf Number

      Native VLAN Leaf Number

   Access-group In Leaf String

   Access-group Out Leaf String

   CDP Enabled Leaf Number

   Crypto Map Leaf String

   Bandwidth Info Leaf Number

   Delay Leaf Number

   <Dhcpv6ServerProcess> Head

     Pool Name Leaf String

   EIGRP Hello Interval Head

      Autonomous System <User Defined> Leaf Number

   EIGRP Summary Addresses Head

      Autonomous System <User Defined> Head

         <User Defined> Leaf String

   EIGRPv6 Head

      EIGRPv6 <User Defined> Enabled Leaf Boolean

   EIGRPV6 Hello Interval Head

      Autonomous System <User Defined> Leaf Number

   Eigrpv6 Summary Addresses Head

      Autonomous System <User Defined> Head

         <User Defined> Leaf String

   Encapsulation Leaf String

   Frame Relay Head

      Encapsulation Type Leaf Number

      LMI Type Leaf Number

      IP Maps Head

         <User Defined> Leaf String

   Helper Addresses Head

      Helper Address <User Defined> Leaf IP Address

   Hold Queue Leaf Number

   Ip Inspect In Leaf String

   Ip Inspect Out Leaf String

   Ips In Leaf String

   Ips Out Leaf String

   IPv6 NAT Leaf Number

   IPv6 NAT Prefix Leaf String

   IPv6 Traffic Filter In Leaf String

   IPv6 Traffic Filter Out Leaf String

   Keepalive Leaf Boolean

   NAT Mode Leaf Number

   OSPF Authentication Leaf Number

   OSPF Authentication Key Leaf String

   OSPF Cost Leaf Number

   OSPF Dead Interval Leaf Number

   OSPF Hello Interval Leaf Number

   OSPF Message Digest Key Head

      Key ID <User Defined> Leaf Number

   Ospf Network Type Leaf Number

   OSPF Priority Leaf Number

   OSPFv3 Head

      OSPFv3 Process ID Leaf Number

      OSPFv3 Area ID Leaf String

      OSPFv3 Instance ID Leaf Number

      OSPFv3 Priority Leaf Number

      OSPFv3 Dead Interval Leaf Number

      OSPFv3 Hello Interval Leaf Number

      OSPFv3 cost Leaf Number

   PPP Head

      Authentication Leaf Number

   PPPOE Enabled Leaf Number

   Priority Group | Custom Queue List | Fair Queue Leaf Number | Number | String

   RIP Split Horizon Leaf Boolean

   RIPv6 Head

      RIPv6 <User Defined> Enabled Leaf Boolean

   Route cef Leaf Boolean

   Service Policy Input Leaf String

   Service Policy Output Leaf String

   Virtual Reassembly Leaf Number

   Zone Member Leaf String

SwitchPort - up

Name Node Type Variable Type

<Port> Head

   Access VLAN Leaf Number

   Bpduguard Leaf Number

   CDP Enabled Leaf Number

   Dynamic Mode Leaf Number

   Native VLAN Leaf Number

   Nonegotiate Leaf Boolean

   Port Mode Leaf Number

   PortFast Leaf Number

   <PortSecurity> Head

   Root guard Leaf Number

   Storm Control Leaf String

   Trunk VLANs Head

      <User Defined> Leaf String

   Voice Vlan Leaf Number

Network - up

Name Node Type Variable Type

Network Head

   <Device> Head

   <MURemoteNetwork> Head

MURemoteNetwork - up

Name Node Type Variable Type

<Device> Leaf Number

   Peer Address Leaf String

   Peer Network Name Leaf String

   Password Leaf String

   Connected Leaf Boolean

Multiuser

Multiuser communication allows multiple point-to-point (peer) connections between multiple instances of Packet Tracer. By allowing communication between Packet Tracer instances, a new door has been opened to a fun, interactive, social, collaborative, and competitive learning environment. Instructors will now be able to create a variety of activities for students to learn in groups that will facilitate greater social interaction between students. Students will benefit from this environment by working together to solve problems and share ideas. Both students and teachers should take full advantage that Multiuser will offer in their learning environment.

 

Technical Information

Communicates between instances using PTMP. PTMP is TCP based.

By default, uses TCP port 38000, is customizable, and each new instances on the same PC will use the next available port. On by default. UPnP will attempt to establish port forwarding to facilitate home networks. All network communication allowed between instances. Console cable also allowed. Transparent to the simulated network. Default password: cisco Wireless is not supported over Multiuser.

 

DialogsMultiuser is on by default, users who wish to turn this feature off may do so in the Extensions > Multiuser > Listen menu. The server settings can be configured from this dialog. The default password is "cisco", it is highly recommended to change this password. To configure the port number, click Stop Listening and then change it and click Listen again.

Existing Remote Networks refers to multiuser connection clouds that already exist on your desktop. The options allow the user to Always Accept a remote connection request with no prompt, which is very handy in gaming and central connection scenarios. The second option will Always Deny connections, refusing any connectivity to existing multiuser clouds on the desktop. The third option Prompts the user on the receiving side of the connection to manually accept or deny the connection.

New Remote Networks supports the same three options as the previous option. The key difference is that the multiuser clouds don't yet exist on the receiving user's workspace. If the option is set to Always Accept a new multiuser cloud is created on the workspace and connection to the initiating copy of Packet Tracer is established. If the option is set to Always Deny nothing happens as the connection is refused. If the option is set to Prompt the user on the receiving side of the connection to manually accept or deny the connection, if accepted a new multiuser cloud is created on that user’s workspace.

The Extensions > Multiuser > Options dialog can be used to configure other settings. Allow Remote Saving controls whether this network can be saved from a remote network using offline saving. Depth for Remote Saving configures how far deep into the remote user sessions will be saved. For example, if the users are connected as such:

A <-> BB <-> CC <-> DD <-> EE <-> FF <-> A

If A is configured with a depth of 2 and attempts to offline save, A will receive a copy of B, C, E, and F's networks, but not D's. Always Start Listening When Application Starts controls whether Multiuser will be on or off during startup. Allow Peers to see connected devices and port names controls whether the remote user will see the device name and port name when they create a cable connection to your networks. Forward remote PTMP broadcast messages works in conjunction with Packet Tracer External Applications (ExApps). Its function is to allow the ExApp to communicate with all connected copies of Packer Tracer. This option has no effect on the Packet Tracer program by itself.

 

Port VisibilityThe Port Visibility dialog allows you to control what ports on which devices in your network will automatically show up as an available port on connected remote peer's networks. The remote peer can connect to these ports without requiring your end to create the link.

 

Connection StatesMultiuser has four different connection states. The Multiuser cloud is in the Disconnected state when there is no remote network connection to a remote peer. The Multiuser cloud goes into the Connecting state when a request is sent to a remote peer to make a remote network connection. When two remote peers make a remote network connection, the Multiuser cloud goes into the Connected state. The Error state indicates there is a remote network connection error with the remote peer. For example, if the remote peer's connection suddenly lost network connectivity, then the Error state would appear.

 

User GuideTo create a Multiuser connection to another user, click on the Multiuser Connection in the Device-Type Selection Box. Then select the Remote Network cloud and create it on the workspace. This cloud will represent one entry point to another user. Multiple multiuser entry-points to the same user are allowed. Click on the cloud to open the Multiuser Connection dialog.

To create an outgoing connection, choose the Outgoing option for Connection Type. In the Peer Address field, enter the remote user's IP address. In the peer port number, enter the port their instance of Packet Tracer is listening on. Peer Network Name is optional. The option allows this outgoing connection to connect to a specific incoming cloud the remote peer has set up. For example, if the remote peer created an Incoming connection cloud named Routers, then you can enter Routers in this field and it will connect to the Routers cloud in the remote peer's network. Leaving this field blank will create a new cloud in the remote peer's network. The new cloud will have the same name as the cloud that initiated the connection unless that name already exists, and then the name will be incremented to the next available “name+number”. The password field is the password set in the Listen dialog from the remote peer's Packet Tracer instance. When the fields are set properly, click on the Connect button.

When an incoming connection happens, you will be prompted (by default, but can be changed under Extensions > Multiuser > Listen) to accept this connection. When the incoming connection has been accepted, a Multiuser session has started. Each peer will have a cloud for connecting a cable to the remote user. This cloud can be thought of as a universal patch panel. Both users must establish a connection to this cloud to create a link between two remote devices.

To create a link between devices, it is very similar to a normal connection, except the other user must also make the connection. Start by selecting a connection type in the Device-Specific Selection Box, and create the link to your device on one end, and select the cloud on the other end. As with clusters, automatic connections are not allowed with Multiuser clouds. When you click on the cloud, a popup list similar to the list of ports in a device will appear. The first option will be Create New Link, and subsequent items will be available ports. Create New Link will connect your cable to the cloud as one side of a cable run. If ports are available, it means the other user has cables connected to their end of the cloud and you may connect to these ports. Connecting to one of these available ports will establish a fully connected cable between remote devices.

Although the cloud has so far been described as like a patch panel, it is not the same as a real patch panel. For example, both sides of the remote links must use the same cable type to work. A straight-through cable connected to a crossover cable will not result in a crossover cable, similarly with a rollover cable as well. If user A's side of a serial cable is a DCE, then on user B's side, the cloud end should be the DCE. With the Port

Visibility turned on for a port, if the remote peer connects to one of your Port Visibility enabled ports, you will not need to create your end of the cable. It will automatically be created for you. If the remote user deletes that link, it will delete your end of that link also. However, if you delete your end of the link, the remote user's end will not be automatically deleted.

 

Offline SavingThere are now two options for saving networks. The normal Save in the Menu Bar and Main Tool Bar will create a save file with only your network and any remote peer connections will be saved as a remote peer connection. Offline Saving will save your network and remote peer networks as a cluster into a single large network. Offline Saving is controlled by the Depth for Remote Saving that you set and the permission the remote user set. Opening up a normal save file with a remote peer connection will cause Packet Tracer to attempt to reconnect these remote peer connections. Opening up an offline saved network will be a regular network with clusters for remote peer networks. Offline Saving is useful to examine others' networks or to use Simulation Mode.

When your instance of Packet Tracer is connected to a remote peer, you will not be able to switch to Simulation Mode. When you attempt to switch to Simulation Mode, you will be prompted to save an offline copy that is to be opened in a new instance of Packet Tracer. Clicking Yes will cause Packet Tracer to use the current offline saving settings to create an offline save and open it in a new Packet Tracer instance immediately. From there, you will be able to use Simulation Mode to examine packets in detail.

IPC (Inter-Process Communication)

The IPC (Inter-Process Communication) feature controls an external programming extension for Packet Tracer that enables external applications (ExApps) to be added to Packet Tracer to extend its functionality. ExApps are being created by Cisco and other interested groups for use in the Academy Program. An example ExApp use case might include a program that can automate the task of remotely sending and receiving activity assessments between students and instructors. Because of the control that the IPC provides in relation to the ExApps, it greatly expands the capabilities that Packet Tracer can provide without having to wait for the actual Packet Tracer core program to be enhanced.

 

Configure AppsThe Configure Apps dialog allows you to Add, Remove, and Launch ExApps from the Apps List. To add an ExApp, click on the Add button and then open the ExApp's App Meta File (*.pta). The default directory to store ExApps is in the extensions directory in the Packet Tracer directory. To remove an ExApp, select the ExApp from the Apps List and then click on the Remove button. To manually launch an ExApp, select the ExApp from the Apps List and then click on the Launch button.

In the Description tab, you can view various information about the ExApp such as its description, version number, the ExApp author's name, the ExApp author's contact info, and the path of the ExApp's executable.

In the Settings tab, you can change how the ExApp launches. You can set it to On Startup, On Demand, or Disabled. If the setting is set to On Startup, when a Packet Tracer instance launches, the ExApp will launch as well. If the setting is set to On Demand, Packet Tracer will launch the ExApp when a file indicates to load it or another ExApp launches it. Otherwise, if the startup option is set to Disabled, Packet Tracer will not accept connections from this ExApp and the ExApp will need to be launched manually.

In the Security tab, you can view the ExApp's Security Privileges which are determined by the ExApp itself and cannot be changed manually.

 

Show Active AppsIn the Show Active Apps dialog, you can view a list of active ExApps and disconnect them from Packet Tracer. To disconnect an active ExApp, select the 32 hexadecimal UUID (Universally Unique Identifier) enclosed in the curly brackets associated with the active ExApp then click on Disconnect. For example, in the screenshot below, the UUID for the UPnP ExApp is da7df6ee-4709-4380-ba25-4e27cc374ae4.

 

OptionsIn the Options dialog, you can change the Listen Port Number of the Packet Tracer instance. By default, IPC uses TCP port 39000. You may change the Listen Port Number to any available port. Also, each new instance of Packet Tracer on the same machine will use the next available port. You may also toggle the Allow Remote Applications option which allows remote ExApps to connect and communicate with the Packet Tracer instance on the local machine. You may also toggle Listening by either clicking on the Stop Listening or Start Listening buttons. To prevent the IPC from listening when Packet Tracer launches, uncheck the Always Listen On Start option.

 

LogThe Log dialog allows you to view debug messages output from active ExApps. To clear the log, click on the Clear button.

Script Modules

Script Modules are independent entities that add new functionality to Packet Tracer similar to External Applications (ExApps). But unlike ExApps, Script Modules run within PT rather than as external processes, and therefore, provide better integration with PT. Also unlike ExApps, Script Modules are developed directly in PT with no external development environment needed. While the basic components of Script Modules are not new -- PT already has had a script engine, web views, and IPC in various internal components for some time, Script Modules simply unite them and provide a generic way to extend PT functionality.

 

Packet Tracer Architecture

Illustrated above is an architectural view of PT's run-time components showing that Script Modules are running inside the PT process. Script Modules communicate with the PT core the same way that ExApps communicate with PT, using Inter-Process Communication (IPC) calls. The IPC

framework in PT has been extended to allow direct object manipulation, using objects in calls, event callbacks, and delegates. Script Modules and ExApps can also talk to each other using the PT messaging mechanism between ExApps.

 

Script Module ArchitectureEach Script Module can be described using the Model-View-Controller architectural pattern.

Model - PT engine and GUI accessed via IPC, Script Module data store, and save data in each pka/pkt file View - custom interfaces in web views, written in html, css, images, js Controller - scripts in script engine, written in ECMAScript (JavaScript)

Each Script Module has its own sandbox, and cannot access or change the sandbox of other Script Modules.

 

Types of Script ModulesThere are two places where Script Modules can exist, and so they are named appropriately.

PT Script Modules are encrypted .pts files. They are like ExApps, added to PT by the user (or auto-detected during PT launch), and they persist as long as PT is running. They can be started or stopped manually, started on PT launch, or on demand.

The File Script Module is contained inside each pka/pkt file. When the pka/pkt file opens, the Script Module starts; when the file closes, the Script Module stops. The File Script Module is backwards compatible with activity files before 5.3.3 -- scripts in these pka files are loaded into the File Script Module.

The following table is a summary of differences between the two types of Script Modules:

PT Script Module File Script Module

Location Per PT installPT can have multiple PT Script Modules

One per pka/pkt file

Manage Add/remove in Extensions->Scripting->Configure PT Script Modules...

Open the pka/pkt file, and go to Extensions->Scripting->Edit File Script Module...

Start On PT startOn demandDisabled

On file openCannot disable

Stop On PT close On file close

Manual start/stop

Yes Yes

Security privileges

When the user adds a PT Script Module, it shows in the dialogIf a user does not feel safe with the requested privileges, the Script Module can be removed

When the file opens, PT prompts the user to allow the File Script Module to runIf denied, the pka/pkt file may still open but not function correctly or may be prevented from opening. The File Script Module developer decides which action

 

Script Modules - Scripting Interface

The Scripting Interface is the Script Module development environment inside PT. This is extended from the Scripting page in the Activity Wizard. If editing a File Script Module, open the pka/pkt file in PT, and go to Extensions->Scripting->Edit File Script Module to bring it up. If editing a PT Script Module, go to Extensions->Scripting->Configure PT Script Module, add it to PT, and click the Edit button. If creating a new Script Module, go to Extensions->Scripting->New PT Script Module.

The Scripting Interface is divided into 6 parts, and the Script Module developer would generally use them in the following order.

 

Info TabThe first screen after entering the Scripting Interface gives some basic information about Script Modules and the general steps to create a Script Module. It also provides actions associated with each step. The first step is to select a Script Module template. The templates will include Script Modules that PT ships with, such as the PC software/services interface, chat, and visualization modules, as well as others. This can help developers get a jump-start on a new Script Module, or it can be used to undo their changes if they make too many mistakes. This replaces the Defaults button in the Activity Wizard Scripting page.

 

General TabThe General tab is used to fill out information about the Script Module. The Info fields at the top of the page are for identifying and describing the Script Module. The ID should be unique, and is used for saving, messaging, as well as many other important functions in PT. Because Cisco or PT cannot guarantee the uniqueness of IDs, we recommend using the hierarchical naming pattern, for example: com.yourcompany.scriptModule1. The password fields are used to lock the Script Module so other people cannot see or edit the Script Module. If the file saved is an activity file, the activity password is used instead.

 

Startup

The Startup configuration section defines how the Script Module will start up.

If this is a PT Script Module:

On Startup: when PT starts, the Script Module will start.

On Demand: starts in the following cases:

a file opens and it has save data for this Script Module a web view is loading one of the custom interfaces in this Script Module a message from another Script Module or ExApp is destined to this Script Module

Disabled: the Script Module will not be started under any cases.

A File Script Module will always start when the file opens.

 

Security Privileges

The security privileges indicate which IPC calls this Script Module can make. Calls to unselected privileges will be denied. A developer should select only the privileges required for this Script Module to run. Selecting more than the required privileges may lead users to think this Script Module is doing more than described and it could be seen as a malicious Script Module.

After adding a Script Module, the user can look at the security privileges required, and may remove the Script Module if s/he feels unsafe about the requested privileges.

When a pka/pkt file containing a File Script Module is loaded, the user will be prompted to allow it to run. If the user does not allow the script to run, one of the following actions will take place as defined by the developer:

Continue loading the file - this may lead to a nonfunctional file because none of the IPC calls are allowed now; this may be desirable if the developer still wants the file contents like the network to be accessed by the user.

Stop loading the file - this will make sure the file loaded will have access to the requested privileges; this is useful for example, a time expiration for a pka/pkt file.

 

Script Engine Tab

This tab is used to add, remove, edit, rename, import, and export script engine files. Script engine files are scripts written in ECMAScript (Javascript) language. The text editor allows editing the selected file in the Scripting Interface. Or if the developer chooses, s/he can edit the files in an external editor using the #include preprocessor directive. The #include directive loads external files inline into the script engine files. Each script file can include multiple external files. However, the included external files cannot include a reference to another external file. The Script Module only resolves the first level of included external files to prevent file inclusion loops. When saving or exporting a Script Module with the #include directive, it will prompt the developer to resolve and expand them inline. This should be done before distributing the pts file so only the pts file needs to be distributed. But for the developing version, it should not resolve them so the developer can continue to use external editors to edit external files.

#include "chat.js"

The Script Engine tab also has some feature buttons to make debugging a Script Module easier. These feature buttons are:

Run File - runs (evaluates) the currently editing file in the script engine; this makes it easier to load new values and behavior into the script engine without having to stop and start the Script Module; but be careful with this action because the script engine can now be in an unstable state.

Start/Stop - starts and stops the Script Module Debug - brings up the Debug Dialog for this Script Module

 

Custom Interfaces TabThis tab is used to add, remove, edit, rename, import, and export custom interface files. Custom interfaces are coded in html, css, images, and js. The js files are included in html files, and they are different from the js files in the script engine. Imported images can be displayed in the text editor. If the developer chooses, s/he can edit the files in an external editor using the #include preprocessor directive. See previous section.

 

Data Store TabThis tab is used to add, remove, edit, rename, import, and export data store files. The data store has a list of data files represented in json, xml, csv, or any plain text format. They can be treated as files or as a hash table. Data can be added when developing the Script Module and it can also be added, removed, and edited dynamically during run time by the Script Module. See Data Store section later on this page.

 

Debug DialogScript Modules can be debugged (primitively) in PT. Debugging is launched using the Debug button in the Info, Script Engine, Custom Interface, or Data Store tab. Each Script Module has its own debug dialog that accesses only the Script Module. Statements can be entered into the input field, and they will be evaluated in the script engine. The dprint() function is available in the Script Engine, as well as in web views to print out a debug message in the Debug Dialog.

 

Script Modules - Script Engine

Each Script Module has one instance of a Qt Script Engine. A Script Module can contain multiple script files written in ECMAScript language (JavaScript). When the Script Module starts, all script files are executed (evaluated) in the Script Engine in the same order as listed in the Scripting Interface. As long as the Script Module is running, the Script Engine is running. Script Module logics should be coded in these files.

When the Script Module starts, it will call the main() function defined in the Script Engine. Setup code for this Script Module should be placed in this function, such as adding menu items, registering for events, launching extra web views, locking GUI, etc.

When the Script Module stops, it will call the cleanUp() function defined in the Script Engine. Clean-up code should be placed here, such as removing menu items, unregistering for events, closing any web view created by this Script Module, unlocking GUI locked by this Script Module, etc.

Changes made to the Script Engine after it has started DO NOT take effect until it has been stopped and started again. The Run File button in the Scripting Interface can be used to make changes to the Script Engine during run-time as described in a previous section.

The Script Engine has access to the IPC and to custom interfaces in web views as described in later sections.

 

IPC AccessA main part of the Packet Tracer model is the PT engine and GUI. They can be accessed via IPC calls the same way ExApps can access them. Although they are not considered IPC calls since Script Modules are in the same process as PT, we will still use the term IPC to refer to the API that PT exposes. Each Script Module has a set of security privileges that it requests before it can make any IPC calls to PT.

The complete IPC API reference is located at the Packet Tracer Community. They are declared in .pki files. Each file contains the declaration of an interface, data, or PDU. An interface is a class that associates to a PT core object that the Script Module can manipulate (make calls and receive events). Data is a data structure that is returned to the Script Module. Once returned, the data does not associate to any object in PT core. A PDU is a special type of data that describes a frame, packet, or other PDU types that PT simulates.

IPC calls can be made from the Script Engine or in web views. The main IPC object is ipc, which is the same as the IPCFrameWork in C++ IPC Framework, or the IPC interface in CMainParser.pki.

Direct IPC calls

Now with better integration, we can do:

var ip = ipc.network().getDevice(deviceName).getPort(portName).getIpAddress();

 

Object Manipulation

We can also assign objects to variables, IPC calls return objects, and pass objects as arguments into IPC calls:

var device = ipc.network().getDevice(deviceName);var port = device.getPort("FastEthernet0/0");port.setPower(true);port.setIpSubnetMask(ip1, mask1);...var otherPort = port.getLink().getOtherPortConnectedTo(port);otherPort.setPower(true);otherPort.setIpSubnetMask(ip2, mask2);

 

Events

Events use the same process as in ExApps. If the Script Module wants to be notified when an event in PT core happens, register to it first. But with Script Module, events are handled easier and more directly:

// register an event to callback a method of an objectport.registerEvent("ipChanged", obj, obj.callbackFunc);

// register an event to callback a global functionport.registerEvent("powerChanged", null, globalFunc);

 

The callback function should always have the same function prototype:

callbackFunc = function(src, args) { ... }

 

The src argument is always an object that has three members: className, objectUuid, and eventName. They describe the source of the event. The args argument is an object, but depending on the event, it would have different members. The members are the variable names in the pki event definition.

For example, the IpChanged event for HostPort.pki

event: ipChanged(ip newIp, ip newMask, ip oldIp, ip oldMask) - PrivGetNetwork;

 

In the Script Module callback function:

Argument and members Values

src.className "HostPort"

src.objectUuid port's object UUID

src.eventName "ipChanged"

args.newIp port's new IP

args.newMask port's new subnet mask

args.oldIp port's old IP

args.oldMask port's old subnet mask

 

Delegates

A new type of communication is also added to the IPC just for Script Modules -- delegates. When there is functionality that PT wants Script Modules to implement or supply, it will send that request to its delegates. Delegates are like events, except they return values back to the one sending it. They are added in pki files:

delegate#one: bool processData(QString data, ip srcIp, int srcPort) - PrivChangeNetwork;

delegate#all: string getCustomInfo(Device device) - PrivMiscGui;

The delegate#one means the delegating source expects only one delegate and it will only execute and take the return value of the first delegate registered to it. The delegate#all means the delegating source will execute and take the return values of all delegates registered to it. The delegating source will define how the returned value of all delegates will be used in the delegate definition in pki file.

In Script Modules, registering for them is similar to registering for events. However, the callback functions need to return the same type as what the delegate definition expects.

var process = ....;process.registerDelegate("processData", this, this.callbackFunc);

var quickDeviceInfo = ....;quickDeviceInfo.registerDelegate("getCustomInfo", null, globalFunc);

 

With delegates, we are able to extend PT functionality in the core, such as adding new protocols, reacting to GUI events, and suppressing default behavior (future feature).

 

Event and Delegate Limitations

There is one limitation to the events and delegates -- the registering and callback functions must be in the script engine, they cannot be in web views. This is intended as web views are not as persistent as the script engine, and it breaks the MVC design pattern.

 

Messages

Script Modules and ExApps can send messages to other Script Modules and other ExApps. These IPC calls use the Script Module or ExApp ID as the destination.

// send message to Script Module or ExApps with specified IDipc.ipcManager().sendMessageTo("com.yourcompany.stpTree", "message");

// send message to Script Module or ExApp with specified ID and instance IDipc.ipcManager().sendMessageToInstance("{12345678-....}", "message");

// send message to all Script Modules and ExAppsipc.ipcManager().sendMessageToAll("message");

 

Script Modules cannot run multiple instances like ExApps do, and so the sendMessageToInstance() call is not intended for Script Modules.

In order to receive messages, the Script Module needs to register to the messageReceived event.

ipc.ipcManager().thisInstance().registerEvent("messageReceived", null, onMessage);

onMessage = function(src, args){ doSomething(args.msg);}

 

Script Modules - Web Views

Web ViewsWeb views are using the QtWebKit functionality to render HTML5. Script Modules use web views to create custom interfaces in PT. It can include html, css, images, and js files. See Custom Interface tab in Scripting Interface in a previous section.

Each Script Module has a Web View Manager, which allows multiple web views. Each web view is owned by only one Script Module; no two Script Modules can own a web view at the same time. Web views can access IPC calls the same way as in the Script Engine, with the exception that events and delegates are not supported in web views.

 

Script Engine and Web View Communication

The Script Engine has access to the Script Module's webViewManager and can use it to create new web views that open up as separate windows or use the built-in web views in PT.

In Script Engine// create a new web view with width and height and assign it to a variablevar newWebView = webViewManager.createWebView("window title", "http://www.cisco.com", 600, 400);newWebView.show();...// change urlnewWebView.setUrl("http://cisco.netacad.net");

 

Other calls to manipulate the web view are also available, such as change title, size, window flags and modality.

The Script Engine can also ask a web view to evaluate a JavaScript statement.

In Script EnginenewWebView.evaluateJavaScript("alert('hello')");

 

This method is the main way for the Script Engine to talk to web views -- ask the web view to evaluate JavaScript statements to show some interface changes. An evaluateJavaScriptAsync() function should be used for calls that initiate from a different thread than the main GUI's and the evaluate statements may change the GUI. For example, when a process receives a packet, and it needs to change a web view, it should use the evaluateJavaScriptAsync() function.

Web views can also communicate with the Script Engine, using the $se() built-in function.

In Script Enginefunction doSomething(argInt, argStr, argBool){ ... }

 

In Custom Interface<html>...

<script>function onClick(){ // call doSomething function in Script Engine with 3 arguments $se("doSomething", 1, "some string", true);}</script>...</html>

 

Each web view has a webView variable that is the IPC object of itself. It can use it to change its own properties.

In Custom Interface<html>...<script>function onClick(){ webView.setUrl("http://www.cisco.com");}</script>...</html>

 

There might be cases when the custom interface asks the Script Engine to do a task, and upon completing the task or on event, the Script Engine calls back a function in the custom interface. Because there can be multiple web views owned by the Script Module, we need a way to identify the different web views. Each web view has a web view ID that it can pass to the Script Engine along with the name of a function call. The Script Engine can use this ID to look up and call the function in that web view.

In Custom Interface<html>...<script>$se("doSomething", webView.getWebViewId(), "callbackFunc");...function callbackFunc(argInt, argStr){ ... }</script>...</html>

 

In Script Enginefunction doSomething(webViewId, callbackFunc){ ... var webView = webViewManager.getWebView(webViewId); $wvca(webView, callbackFunc, 123, "hello");}

 

There are function shortcuts for web view's evaluateJavaScript() and evaluateJavaScriptAsync(). They are $wvc() and $wvca() respectively. Their first argument is the web view object.

Custom Interface URL Scheme

To point a web view to a custom interface in Script Modules, use this scheme: scriptModuleID:customInterfaceID. There are two predefined Script Module IDs:

this-sm - points to a custom interface in this Script Module; this-sm:Interface0.htm file-sm - points to a custom interface in the File Script Module; file-sm:Interface0.htm

It can also point to a custom interface in a different Script Module by using the other Script Module's ID: net.netacad.cisco.PcChat:chat.htm.

In Script EnginewebView.setUrl("this-sm:Interface0.htm");...webView.setUrl("net.netacad.cisco.PcChat:chat.htm");

 

This also works from links inside the web views.

In Custom Interface<a href="this-sm:Interface0.htm">htm in this Script Module</a><a href="file-sm:Interface0.htm">htm in the File Script Module</a><a href="net.netacad.cisco.PcChat:chat.htm">htm in another Script Module</a>

 

If the target link is in the same Script Module, the ID can be omitted.

In Custom Interface<a href="Interface0.htm">htm in this Script Module</a>

 

After pointing a web view to load a custom interface in another Script Module, this Script Module no longer owns the web view, and will not have access to the web view any more. This is to enforce the sandbox for each Script Module and to prevent hijacking of web views after the page goes to a different Script Module.

 

Images, css, and js files should be imported to the Script Module's Custom Interface using the Import button. Once resources are imported, the custom interface can load them using standard HTML tags. External resources may not be resolved if an absolute path is not supplied.

In Custom Interface<html>...<link type="text/css" href="jquery-ui-1.8.7.custom.css" rel="stylesheet" /><script type="text/javascript" src="jquery-1.4.4.min.js"></script><script type="text/javascript" src="jquery-ui-1.8.7.custom.min.js"></script>...</html>

 

PT Built-In Web Views

There are two built-in web views in PT at the current time, the activity file instructions window and the device dialog.

 

Activity File Instructions Window

The activity file instructions window always renders the instructions set for the activity file. So the user can use the same instructions tab in Activity Wizard to edit this. The File Script Module is the owner of this web view.

 

Device Dialog

Each device dialog has a new tab with a web view that has direct access to the device. It has a device variable built-in that is the device's IPC object. So, within this web view, the custom interface can do the following.

In Custom Interface<html>...<script>device.getPort("FastEthernet").setIpSubnetMask("1.1.1.1", "255.0.0.0");</script>...</html>

 

The default custom interface to render in each device's dialog can only be selected using the PT GUI. However, once a Script Module has ownership of the device dialog's web view, it can use setUrl() in the Script Module code to change the custom interface. The PT GUI allows changing the device dialog custom interface for this file only or for the PT globally. Go to Extensions->Scripting->Config File Custom Interface for this file, and Extensions->Scripting->Config Global Custom Interface or go to Custom Interfaces tab in Options->Preferences for the PT globally.

 

 

PT is packaged with a PcSoftware Script Module for the PC device dialog's Software/Services tab similar to the one in Cisco Aspire Game. It also comes with a separate Script Module for a new feature, PcChat, to be added to the main page of the PcSoftware Script Module. Because Script Modules work in a sandbox and cannot see or change anything about another Script Module, we send messages from PcChat to PcSoftware to register itself when it starts.

In PcChat Script Modulefunction main(){ ipc.ipcManager().sendMessageTo("net.netacad.cisco.PcSoftware", "ADD_SOFTWARE,Chat,net.netacad.cisco.PcChat:chat.htm");}

 

Software in Script Modules developed by others can do the same and add themselves to the PC's Software/Services automatically.

Script Modules - Data Store

The data store is the other part of the model in the Script Module. The data store has a list of data files, in json, xml, csv, or any plain text format. They can be treated as files or as a hash table. Data can be added when developing the Script Module. It can also be added, removed, and edited dynamically during run time by the Script Module. They are saved in the PT options file for persistence because the user may not have write access to the pts file, and a way is needed to save the dynamic data. The data is also saved when a Script Module is edited and saved. Use the $putData(), $getData(), and $removeData() built-in functions.

$putData("helloData", "hello world");var data = $getData("helloData");$removeData("helloData");

 

Save Data in pka/pkt filesDynamic data can also be added to pka/pkt files the same way as ExApps do. Register for the onSave event and in the callback function, put the save data.

ipc.ipcManager().registerEvent("onSave", null, onSaveCallback);...

onSaveCallback = function(src, args){ ipc.ipcManager().putSaveData(args.saveId, data);}

 

When the pka/pkt file opens, PT will send the data to the Script Module if it has registered to the onOpen event.

ipc.ipcManager().registerEvent("onOpen", null, onOpenCallback);...

onOpenCallback= function(src, args){ doSomething(args.openData);}

 

When the pka/pkt file opens, before sending the data to the Script Module, PT also checks if the Script Module has started. If not, it will start the Script Module if it is not set to disabled.

 

Script Modules - Data Store

The data store is the other part of the model in the Script Module. The data store has a list of data files, in json, xml, csv, or any plain text format. They can be treated as files or as a hash table. Data can be added when developing the Script Module. It can also be added, removed, and edited dynamically during run time by the Script Module. They are saved in the PT options file for persistence because the user may not have write access to the pts file, and a way is needed to save the dynamic data. The data is also saved when a Script Module is edited and saved. Use the $putData(), $getData(), and $removeData() built-in functions.

$putData("helloData", "hello world");var data = $getData("helloData");$removeData("helloData");

 

Save Data in pka/pkt filesDynamic data can also be added to pka/pkt files the same way as ExApps do. Register for the onSave event and in the callback function, put the save data.

ipc.ipcManager().registerEvent("onSave", null, onSaveCallback);...

onSaveCallback = function(src, args){ ipc.ipcManager().putSaveData(args.saveId, data);}

 

When the pka/pkt file opens, PT will send the data to the Script Module if it has registered to the onOpen event.

ipc.ipcManager().registerEvent("onOpen", null, onOpenCallback);...

onOpenCallback= function(src, args){ doSomething(args.openData);}

 

When the pka/pkt file opens, before sending the data to the Script Module, PT also checks if the Script Module has started. If not, it will start the Script Module if it is not set to disabled.

 

Script Modules - Custom UDP Processes

With Script Modules, instructors and students can now develop and add new protocols to PT. They are called custom processes and for now, PT only supports custom processes on top of UDP.

 

Create

The process can be created and started as follow:

// create the custom process on the devicevar process = device.getProcess('UdpProcess').createCustomUdpProcess();

// start the process listening on a specified UDP portprocess.start(1234);

 

Send Data

It can send data, but only supports a text payload right now.

// send data to IP and UDP portprocess.sendData("text data", "1.1.1.1", 1234, null, null);

 

The last argument in sendData() is the outgoing port. If null, the lower processes, such as routing process on routers, would decide the outgoing port. Or it can be supplied:

// send data to IP and UDP port and FastEthernet portvar outPort = device.getPort("FastEthernet");process.sendData("some data", "1.1.1.1", 1234, null, outPort);

 

The second to last argument in sendData() is the frame instance. It is used in Simulation Mode to show the PDU color and details, such as what decisions are made on the PDU. There is currently no representation of the PDU format in PDU Details.

// create a frame instance with color and destinationvar frameInstance = process.createFrameInstance(0xff0000, "1.1.1.1");

// add a decision node so it shows in PDU Infoif (frameInstance != null) frameInstance.addDecision("CHAT_SEND", "The chat process sends a message.", false, 7);

process.sendData(data, dstIp, dstPort, frameInstance, null);

// finalize the frame instance so it shows up in Simulation Modeprocess.finalizeFrameInstance(frameInstance);

 

Receive Data

When the custom UDP process receives a packet, it would use the delegate mechanism to have a Script Module do custom processing with the packet. First, the Script Module needs to register for the delegate, and then in the delegate function, process the data.

// register for the processData delegateprocess.registerDelegate("processData", null, processData);

processData = function(src, args){ doSomething(args.data, args.srcIp, args.srcPort);}

 

Script Modules - Tips

The dprint() function is per Script Module. Check the Debug Dialog of the correct Script Module for these outputs. Changes made to the Script Engine after it has started DO NOT take effect until it has been stopped and started again. A web view can only be owned by one Script Module at a time. When a Script Module points a web view to a custom interface in another Script

Module, it transfer the web view's ownership to the other Script Module, and will no longer have access to it. Local resources for custom interface such as images, css, and js files should be imported into the Custom Interface tab. External resources may

not be resolved if an absolute path is not supplied. Editing a Script Module does not save it to disk until you click on Save in the Scripting Interface for PT Script Modules, or File Save for File

Script Modules. Script Modules need to clean up when stopping by placing clean-up code in the cleanUp() function. Menu items added, web views created, GUI

locked, and anything else done at or after the Script Module started should be cleaned up. Data store files of all Script Modules are saved in PT options. They are not saved to the pts file unless the user edits the Script Module and saves

it to pts file. Events and delegates are not supported in web views. JavaScript statements to web views that may change the GUI, such as alert popups, layouts, HTML element changes should use

evaluateJavaScriptAsync(). Using evaluateJavaScript() may crash PT. After creating a new web view, show() needs to be called in order to show the web view. To check a connectivity test PDU, use AssessmentModel.getLastConnectivityTestResultsAt(index). To check a PDU from the user's working network, use AssessmentModel.getPDUStatus("Scenario Name", index). If the user's PDU is a

periodic PDU, you must stop it first, otherwise the status will always be "In Progress". To stop it, use AssessmentModel.stopPeriodicPDU("Scenario name", index).

JavaScript's setTimeout(), setInterval(), clearTimeout(), and clearInterval() are supported in both the Script Engine and web views. Use AssessmentModel for activity file related calls. See API for reference. setExclusive() in CIpcManager.pki affects both ExApps and Script Modules. Once an ExApp or Script Module makes this call, all other

ExApps and Script Modules will be disconnected.

 

Sample Files, File Compatibility, and Design Patterns

There are over 300 Packet Tracer .pka files that exist embedded in the Discovery and Exploration courses. They are also packaged for instructor convenience in the Tools section for a given course in Academy Connection. Included with this version of Packet Tracer are two ways to open files: Open and Open Samples. The Open selection will access a local directory that you choose upon installation and can change through the Options > Preferences > Administrative tab. The Open Samples choice will access a directory within the Packet Tracer installation directory, and includes sample activities of some of the new protocols in this version of Packet Tracer.

There are also three ways to save files. The Save selection will access the directory you specified (in a Windows environment, in "My Documents" typically. The Save As selection allows you to choose different directories at the time of the save. Finally, Save As Pkz creates a zip-like collection of .pka files and associated graphics, templates, and other files to allow a more customized experience in an activity file. In the following sections, we suggest four design patterns – approaches or problem templates for authoring your own .pka files: concept builders, skill builders, design challenges, and troubleshooting. We encourage you to modify existing .pka files, share your own files, or write them from scratch using the extensive new Activity Wizard features, following one of the four main design patterns, described in more depth below.

Concept Builders

Concept builders are model-building inquiries and investigations leading to student-created explanations and animations of networking concepts, especially device algorithms and networking protocols. One intended use for Packet Tracer is for students to construct their own model or virtual networks, obtain access to important graphical representations of those networks, animate those networks by adding their own data packets, ask questions about those networks, and finally annotate and save their creations. The term "packet tracing" describes an animated movie mode where the learner can step through simulated networking events, one at a time, to investigate the microgenesis of complex networking phenomena normally occurring at rates of thousands and millions of events per second.

For example, a simple concept builder prompt might be "Illustrate the forwarding behavior of hubs" or "Demonstrate the filtering, forwarding, flooding, learning, and aging behavior of switches." Other prompts might include: "Build a PT network that compares and contrasts the behavior of hubs and switches," "How does switch behavior differ from router behavior?," and "Build a model demonstrating the behavior of ARP, ping, trace, CDP, RIP, or EIGRP." More complex modeling might be prompted by "Model a network that you use at home or at work," "Illustrate the behavior of ping with empty ARP tables on a LAN and across a WAN," "Demonstrate the building of RIP and EIGRP routing tables," or "Create a routing loop with static routes and show how the TTL field of an IP packet launched into this loop is decremented."

Many users may want to model networks they encounter at home or at work. Though this is often limited by the current device and protocol feature set of Packet Tracer, reasonably sophisticated models can be built. Model-building may be an effective way to learn many networking concepts, and often leads to more questions and research projects. Concept building problems are probably best written as blank or partially completed .pkt files. Given the open-ended inquiry nature of modeling, it is somewhat difficult to author an appropriate .pka file. Some instructors may want to give students a pre-existing topology via a .pkt file and focus students on different packet scenarios; other instructors may want to focus students on modeling a sequence of networks, from scratch, such as PC to PC, PC to hub, and PC to switch, and then on to more complex combinations of switches, routers, and clouds. Some instructors have students present their Packet Tracer models to the class.

Skill Builders

Skill builders support algorithmic problem solving in support of the development of networking procedural knowledge. For example, simple skill building problems can include having students complete hands-on practical labs in Packet Tracer before working on real equipment (as a pre-lab, or what some call a lab entry ticket); after having worked on real equipment (as a post-lab review); or just for practice (similar to an e-lab, but without as much structure). Within the limits of Packet Tracer modeling and supported command set, and often with some minor modifications required, IOS configurations may be exported (as text files) for input into real switches and routers. Such configuration files may also be imported back into Packet Tracer. Hence students might create and test their lab configurations before attending class, hopefully getting more out of their often limited time on real equipment.

Skill builders can be as complex as Packet Tracer versions of hands-on skills exams. Skill builders may be authored as simple .pkt files with either integrated or printed instructions (handouts). Skill builders may be also be authored as .pka files with the configurable components specified in the grading tree. The use of the .pka activity timer is particularly relevant for skill building activities. For example, friendly competitions can be held to see how well students have mastered configuration tasks.

Design Challenges

Design challenges are constraint-based problems with multiple correct solutions. They may range from very simple (devise a classful addressing scheme for a network consisting of 2 PCs and 2 routers), to intermediate (devise a VLSM addressing scheme for a school with various classroom and administrative subnet needs), to complex (doing large parts of semester case studies in Packet Tracer). Some instructors have students use Packet Tracer to verify the functionality of IP addressing schemes they have designed. Design challenges are probably best done as blank or partially-completed .pkt files: given the open-ended nature of many design problems it may be difficult to author a graded .pka activity because the current version of the activity wizard, despite the variable manager, still has limited provisions for determining equivalence between the multiple correct answers that often occur in design problems.

The physical mode of Packet Tracer (with its Inter-City, City, Office, and Wiring Closet views), ability to load background images, and a variety of other annotation features (such as "i" boxes for network and scenario descriptions, customizable device names, place note tool, translatable GUI) may also be relevant for contextualizing case-study type design problems. Some instructors have students create designs in Packet Tracer and defend them in classroom design reviews before allowing students to implement them on real equipment.

Troubleshooting

Troubleshooting activities include diagnosing, isolating, and fixing the simulated network from a previously bugged network file. Troubleshooting problems may range from simple (Ethernet speed and duplex mismatches, IP addresses on the wrong subnet, incorrect choices of cables, or missing clock settings on serial interfaces) to complex (improper VLSM schemes, incorrect routing updates, multiple interacting network faults). Both .pkt network files and .pka activity files may be effectively authored for troubleshooting-type problems. Precisely controlled troubleshooting situations may be authored as .pka files with the configurable components specified in the answer network (grading tree) of the Activity Wizard. For example, even very complex networks with thousands of potential configurable components can have a single bug introduced, and a .pka activity authored which requires the student to diagnose, isolate, and fix that one bug to complete the activity. The use of the .pka-file activity timer is particularly relevant for troubleshooting activities; for example, friendly competitions to see how efficiently students can repair a network.

Packet Tracer Translation Process

Packet Tracer supports semi-automated translation to all Unicode-supported languages. The first part of this guide explains the translation process for the main application. The second part explains the process for translating the help files. A short FAQ guide is provided at the end of each part to answer questions regarding the processes.

 OverviewThe translation process involves the translation of three separate parts of the program, each one with a small dependency on the translation of the Main Application. The most important translation is the main application as described in Part 1. This will translate the interface of the program. The help file screenshots depend on the translation of the main application in order to display the graphics in the translated language. The save files reference the language files to use upon opening the program so that the program will display in the native language of the save file if available.

To standardize the language files, the naming convention for language filenames should follow ISO 639-2. Packet Tracer uses the Alpha-3 code for representation of names of languages. A list of language names to code is defined here: ISO-639-2_values_8bits-utf-8.csv. An example of an appropriate name is: "English_eng".

 Translation Best PracticesPlease consider the following best practices when translating:

Agree on terminology that will be used BEFORE starting translation Ensure terminology is consistent throughout the GUI Have a subject matter expert, other than the translator, review the translation when it is complete Allow for text expansion, words may need to be translated differently to accommodate limited space Formatting should be the same as English version Where possible, try to utilize a tool that enables the use of translation memory.

 Part 1: Translating the Main ApplicationRequired Tools 

Cisco Packet Tracer Qt Linguist File to be translated (*.ts file)

Setup: You can translate to another language or change/continue translations on a previously translated language file. If you are translating to a new language, copy "template.ts" to "<new language name>.ts". Be sure that the <new language name> follows the ISO 639-2 standard defined in the overview section above.

Instructions:

1. Open Qt Linguist. 2. Go to File-->Open and choose the "<language name>.ts" file to translate. 3. Select an unfinished context on the left navigation bar. 4. Enter the text in the Translation text field and mark finish by pressing Ctrl + Enter. (See additional important notes below.) 5. Release the language file [File-->Release As…], from fromat type menue select All files (*) and save it as "<language name>.ptl" in the "\

languages" folder. Remember to save this project (the .ts file) by [File-->Save As…] as well as releasing it. The help files will reference this project file.

6. Open Packet Tracer. In the Options-->Preferences, Interface tab, select the recently translated language and restart Packet Tracer. 7. Packet Tracer is now translated.

Some Important Notes:

1. Variables: %1, %2, %3, %n, and [[SOME_VAR_NAME]]. Do NOT translate those variable names. However, moving the variables as makes sense is fine.

2. Accelerators: The character "&" defines an accelerator key. An example of an accelerator is &File, pressing Alt-F on the keyboard is equivalent to clicking on the file menu. When you are translating to another language, an accelerator key can be placed on any character, but be sure to not use the same character twice.

3. Rich text: HTML tags may be used to manipulate the text shown on screen. Rich text is useful for certain language fonts that are too small or too large.

FAQ: Q1. Where do I find the "template.ts" file?A1. It is located in the "languages" folder of the installation path for the application. Example: "C:\Program Files\Packet Tracer 5.2.1\languages"

Q2. Do I need to translate the whole file before I can see the results?A2. To see the results at any point in the installation, just release the file and place it in the languages folder. Then select the language in the Preferences window of Packet Tracer.

Q3. I have some network files (.pkt) and some activity files (.pka) that need to be translated. How do I go about translating those?A3. To translate the content in the saved files (e.g., device names, information boxes, or activity instructions), you must open those files and edit them in Packet Tracer.

 

Part 2: Translating the Help FilesRequired Tools 

Fully translated Cisco Packet Tracer A text editor (for example, Notepad++); however, it is recommended that you use an HTML editor (for example, Adobe Dreamweaver) GIMP to take and edit screenshots. Adobe Captivate for translating tutorials

Translating HTML Text Content:Working in the duplicate folder (e.g., "\help\japanese_jpn"), open each .htm file in a text editor or HTML editor (recommended). Translate the text content in each file and save when finished.

Note that the HTML source code uses the style sheet definitions found in the "styleMenu.css" and "styleNormal.css" files.

Recapturing Screenshots:

1. Start Cisco Packet Tracer. 2. If Packet Tracer is not already using the desired language, go to Options->Preferences and change to the desired language. Also disable

screen reader support if not already done so. Restart Packet Tracer. 3. Click on the desired window to capture (e.g., the Activity Wizard Answer Network page). 4. Hold down the Alt key on the keyboard and press Print Screen on the keyboard. 5. Open an image manipulator program and create a new blank document. 6. Go to Edit > Paste to paste the screen capture into the new blank document. 7. Add any additional edits to the screenshot. 8. Go to File > Save As and browse to the images directory (e.g., "\help\japanese_jpn\images\"). 9. Save the image using the same name as the original screenshot and in the JPEG format (e.g., "activityWizard_answerNetwork_1.jpg").

 Part 3a: Translating the TutorialsRequired Tools 

Cisco Packet Tracer Adobe Captivate 2 or greater

Setup Important: Make sure screen reader support is disabled while capturing the tutorials.

In the "\help\language" folder, replace all of the tutorials in the tutorials folder with the newly captured localized tutorials. More information about using Adobe Captivate can be found in the help files for Captivate.

Translation Process

1. Start Cisco Packet Tracer. 2. If Packet Tracer is not already using the desired language, go to Options->Preferences and change to the desired language. Also disable

screen reader support if not already done so. Restart Packet Tracer. 3. Start a new Project in Captivate and capture using the Demonstration mode. 4. Select the Packet Tracer window to be captured. 5. Click the record button. You may follow the default installed English tutorials step by step or create your own if desired. It is advisable to

have another computer running the original tutorials if you wish to follow the originals. 6. After the tutorial is done, press the End key or whichever key was set to end the capture. 7. Save the project. Publish the project to the "help\language\tutorials\" folder using the same name as the original file.

The tutorial should now be translated. Repeat the process for the remaining tutorials.

Part 3b: Translating the Tutorials (Captions Only)Required Tools 

Cisco Packet Tracer Adobe Captivate 2 or greater A good word document editor, such as Microsoft Word.

Setup Obtain the tutorial source from the Academy Connection forums.

Translating Captions

1. Open Adobe Captivate. 2. Go to File-->Open and choose the " .cp" file in the duplicate folder (i.e. "\help\japanese_jpn\tutorials") to translate. 3. Once "<tutorial title>.cp" file has been loaded, go to File-->Import/Export and choose Export movie captions. 4. Save the captions (you may be asked to overwrite the file, if so, accept). 5. Leave Captivate and the "<tutorial title>.cp" file open. 6. Open Microsoft Word or an equivalent word document editor. 7. Go to File-->Open and open the "<tutorial title>.doc" file that was exported in step 3. 8. Under the Original Text Caption Data and Updated Text Caption Data, translate the text content under those categories (both of them

should have the same text).

9. Once finished, save the word document and follow the instructions from the Compiling the Tutorial section below to implement the translated captions.

Compiling the Tutorial

1. With Captivate and "<tutorial title>.cp" still open from step 5 of the Translating Captions section above, go to File-->Import/Export and choose Import movie captions.

2. Open the translated word document containing the caption from the Translating Captions section above. 3. Once the translated captions has been imported successfully, go to File-->Publish. 4. Browse to the duplicate folder (i.e. "\help\japanese_jpn\tutorials") if the directory is not pointed there. 5. Click on Publish (you may be asked to overwrite the tutorial, if so, accept).

The tutorial should now be translated. Repeat the process for the remaining tutorials.

Frequently Asked Questions (FAQ)/Troubleshooting Guide

General Issues1. My computer frequently crashes when I use Packet Tracer.2. The program screen is cluttered with too many windows! I can't see the workspace.3. What Cisco IOS version do the routers and switches support?4. Can I learn the necessary information for CCNA certification just by using Packet Tracer?5. Does Packet Tracer support all of the features found in Cisco devices?6. When I make an entry into a text field (such as an IP address), how do I know it goes into effect? Is there an "Apply" button?7. Can I create unlimited devices?8. I cannot access the tutorial files.9. May I distribute Packet Tracer to my students?10. Why is Packet Tracer running so slowly?11. Some text in the program is cut off or is not correctly displayed.12. I have a saved topology from older version of Packet Tracer. Can I open it with this version of Packet Tracer?13. What is the password to edit the included activities with Activity Wizard?14. When I try to launch Packet Tracer in Ubuntu 6.10, the terminal gives a Fatal Arithmetic error.15. I have a saved topology from this version of Packet Tracer. Can I open it with an older version of Packet Tracer?16. How do I convert PKA files to a PKT file?17. If I save my file in the default Packet Tracer saves directory in Windows Vista, the save file is found in another directory. However, if I choose another directory, this issue does not occur.18. When I try to launch Packet Tracer in Wine, Packet Tracer crashes.19. On Ubuntu, if I try to create a custom device template, an error message pops up stating "Unable to write to file."20. How can I save the PKA that I have opened in Activity Wizard to a different file (i.e. Save As)?21. Is it possible to drag and drop a save file from my operating system inside Packet Tracer to load up the save file?22. How come the Recent Files list is empty?23. How do you create an activity PKZ file?24. How do you modify a PKZ activity file?25. When creating PKZ files, do I need to ensure all of the background images are in the same folder as the PKA/PKT file?26. My display resolution is 1024 x 768 or lower. When I go to Simulation Mode and click on the Auto Capture / Play button, events are not displayed in the Event List.27. Why doesn't Packet Tracer display fonts properly in Linux?28. Why does Packet Tracer stop abruptly when right clicking on the Windows taskbar and then selecting "Close Group"?29. I can't seem to write options to the Packet Tracer installed folder using the function in Preferences.30. How do I save images added to the cloud for the TV correctly?31. What's the transparent bar at the bottom edge of the workspace and is there a way to get rid of it?32. Packet Tracer looks bad in Ubuntu (fonts, layouts, buttons, etc.).33. Ctrl+Break doesn't work on Linux.

34. All router config windows are closed without warning when closing the Preferences window.35. Why can't I connect to another Packet Tracer instance using multiuser?36. Why do upnp.exe and PTUpdater.exe not quit after I submit my online PT exam?37. When I use the Save Offline Copy feature for Multiuser, sometimes the remote networks in the offline copy will not go up (i.e. link lights stays red).38. I do not see the arp, bandwidth, delay, and other commands for the 2960 Switch, as well as some other switches. Why are they missing?39. I do not see the Hop Limit field in the PDU information window.40. Why are the IPv6 Src/Dest address fields not taking up four rows each?41. Why can you only use Courier and Courier New for the CLI text?42. Why can't I close the LAN Multiuser Agent and WAN Multiuser Agent windows?43. Why do parts of some PKA instructions get replaced by strange characters after it has been saved and reopened? 

Specific Issues1. In the Physical Workspace, the wiring closet does not display all of the devices I have created in the Logical Workspace.2. If I turn off the ARP filter in the Event List Filters, does that mean devices won't build ARP tables?3. Does Packet Tracer use the Spanning Tree Protocol?4. How does loop-breaking process work in Packet Tracer? Why don't I have the option of viewing packets associated with the loop-breaking process?5. When I reset the network in Simulation Mode, why do some switch ports show amber link lights and stay that color?6. Why does the command clockrate not work?7. I created a ping packet in Simulation Mode and ran it. Why do I still see packets/frames (like CDP) running on the network after the ping process is completed?8. When I issue an extended ping, the parameters I am asked to fill in do not match an extended ping on a real device.9. Why can't I access sub-interfaces on serial ports?10. Why can't I test port connectivity with a command such as ping 192.168.1.5:80?11. Does Packet Tracer support VTP?12. I can't seem to add a secondary address to a port.13. How does the Auto settings for bandwidth and duplex work on a port?14. At the end of a simulation (after the last event), I viewed a device table (such as ARP or MAC) and saw that it was blank. Why is this?15. Sometimes the CLI screen seems to display text incorrectly. For example, when activating an interface, the router prompt appears at the end of the sys log message instead of a new line.16. When I make the interface a trunk port in a interface sub-panel for the switch (under Config), the VLAN range is set to 1 to 1005 even though the switch does not have that many VLANs set up?17. When I turn off a router that has its link lights up and then turn it back on, why do the links remain down?18. When I choose a tool from the Common Tools Bar (such as the Inspect tool), how can I cancel that tool or deselect it?19. What's the difference between the Reset Simulation button and the Power Cycle Devices button?20. When I use the Add Simple PDU tool to ping a router, the destination IP address is the Ethernet interface rather than the serial interface. What determines the default destination interface for a ping?

21. When I have a static route and RIP configured on a router, why is it that the static route with an administrative distance of 1 is preferred over RIP routes with an administrative distance of 120? 22. When I configure static NAT on a router and perform a ping, why does the router eventually lose the NAT translations after several successful pings?23. When I enter an EIGRP network command, such as network 192.168.1.0 255.255.255.0, the result should be network 0.0.0.0 255.255.255.0 instead. However, on a real router, the result is actually network 192.168.1.0.24. When I try to do an extended ping in the CLI with a source IP address that doesn't belong to the device, it gives me an invalid source error message.25. In Simulation Mode, when I only have a single Event List Filter enabled, such as UDP, and then click on Capture / Forward, I get the message, "The maximum number of events has been reached..." This is counter-intuitive since no events are shown in the Event List at all.26. When a router doesn't have a next hop MAC address, it sends an ARP request and will drop the ICMP packet as well. Is this normal behavior?27. When I save a configuration to the router NVRAM (wr mem or copy run start), the router does not save the configuration when Packet Tracer is shut down. This only occurs if you save the topology.28. When you use the same network/subnet on two different devices, the Cisco IOS CLI reports an error saying that the IP address conflicts with another interface.29. Which cable do I use to connect an Access Point to other networking devices?30. What is the difference between the activity file (.pka) that I author and the activity file that I give to others?31. Is it possible to import or open Packet Tracer activity files from a previous version?32. What is the correct version for EIGRP? I have seen only two versions, v0 and v1. However, in the PDU Information Window, the version reported is version 2.33. In Simulation Mode, why do some devices/ports sometimes buffer frames and say the ports are sending other frames when there are no frames shown in the Event List?34. When creating multiple connections between the same two devices (e.g. trunking), the cables connected earlier may be hidden by the new ones. How do I know how many cables are connected?35. Using the Activity Wizard, how do I lock out the GUI configuration for routers and switches to force the users to use only the CLI?36. What happens to the IP address of a device when I duplicate the device?37. What is the limit for the number of wireless hosts and access points in the same coverage area?38. When I create a template of a device with additional IOS images besides the default IOS image, only the default IOS image of the device appears in the custom device.39. Is Realtime mode exactly in sync with real world time?40. Why, when I enable logging and configure devices in the CLI and then save the file, does the save file not save the log?41. When I send a PDU over devices with multiple links between them, with one of the links shutdown, why does the PDU traverse the shutdown link instead of the active link in Simulation Mode?42. Why do I get two different average round trip times for the exact same pings in Realtime Mode and Simulation Mode?43. When I issue the "clear ip route *" command in CLI, it doesn't clear the routing tables.44. Why can't enable secret passwords be assessed reliably in activities?45. I can add a WEP key that is out of the hex range for the Linksys router when I shouldn't be able to.46. In the Event List filter window, why does unchecking HTTP filter have no effect when TCP is checked?47. Why does the Inspect tool have no effect on the Linksys router?

48. When I telnet into another device, the config tab does not work.49. Why do static routes with admin distances of 255 show up on the routing table?50. Packet Tracer crashes when I have many instances of Packet Tracer opened.51. How can configurations from Packet Tracer and real devices be used in activities to check enable secret and other passwords with service password-encryption on?52. Why are values in Config tab not changed when I have already changed them in console?53. Why do HTTP packets still show up when I have the HTTP filter unchecked?54. Why does Packet Tracer generate the same encryption string when the same password is entered more than once?55. How do I add a graphic image of a topology in the activity instructions?56. Why am I able to add and remove content from the activity instructions window when it should be read-only?57. When I enter "show interface s0/0/0" in the CLI, the IOS output says "show interface s0/0/0" is an ambiguous command.58. How come I cannot use Variable Manager for scoring with VLAN interface IDs (SVIs)?59. Is there a way to speed up convergence of the network when I open a file? Sometimes my activity is graded incorrectly since the answer network hasn't converged.60. I cannot make a Multiuser connection between Windows and Linux machines.61. I can still access the Config tab of a router or switch even if there is an enable secret password in the running configuration.62. Is there a way to distinguish between outgoing and incoming Multiuser remote network clouds? Also, when I have an incoming Multiuser connection, Packet Tracer creates a Multiuser remote network cloud if the name is incorrect.63. When I try to set a variable value to Elemental Position in Variable Manager, the value sets itself to zero and cannot be changed to any other position.64. When I try to copy text from the CLI tab using "Ctrl + C", the output has unorganized text that can be dragged around.65. How come I am able to enter negative point values for Assessment Items in activities?66. Can a wireless PC associate to an access point that is from a Multiuser remote network?67. When I try to create a loop on a switch by connecting a straight-through or cross-over cable to different ports on the same switch, I get a connection error stating that "The cable cannot be connected to that port?"68. How come when I have multiple wireless profiles in a wireless PC and then delete the wireless router that the wireless PC is currently associated to, the wireless PC does not automatically associate to the other wireless routers that has a profile?69. In Physical Workspace, sometimes the geoicons do not work correctly. For example, I am able to move the geoicons beyond the "border." Also, the geoicon labels are sometimes detached from the geoicon itself after navigating between locations.70. How come the output for various commands in Packet Tracer, such as "show ipv6 nat translations," is different from a real router?71. When I click on Save Settings in the Applications & Gaming section in the Linksys GUI, the last item in focus does not save.72. How come when I create a complex PDU, the Outgoing Port drop-down list does not contain any ports?73. The Variable Manager Interface in the Activity Wizard Answer Network panel is too narrow.74. When I have a router with 2 LANs (e.g. 192.168.1.1 and 192.168.2.1), a PC with an IP address in the 192.168.1.0 network can be pinged by a PC in the 192.168.2.0 network even if the PC in the 192.168.1.0 network has the incorrect default gateway (e.g. 192.168.2.1).75. When I copy and paste the entire "show running-config" output in Global Config Mode, some commands return "% Invalid input detected at '^' marker."76. When I undo a deleted device/link that was connected to a Multiuser remote network, Packet Tracer crashes.77. When I delete a link to a Multiuser remote network, the link isn't removed from the Multiuser remote network.

78. Packet Tracer appears to be able to ping a default gateway that does not exist.79. When I am configuring Frame-Relay, the "show running-config" shows that the encapsulation is IETF, but the "show frame-relay lmi" command shows that it is Cisco.80. The Linksys router icon looks too similar to the Cisco 1841 ISR icon.81. When I create a new file, a registered IPC device creation event such as deviceAdded in the previous topology disappears.82. Does Packet Tracer support SHA1 encryption?83. The source IP address field does not appear in the Add Complex PDU dialog.84. Where does the server device look for images to load pages with image tags from?85. When routers exchange routes to the same route, their routes become possibly down after a while.86. Where are the RADIUS and TACACS server configurations for the server device?87. Why am I not able to move or control cables connected to Multiuser remote network clouds in Physical Workspace?88. How do I navigate to a previous cluster level or Physical Workspace level?89. When I close a device dialog while in Simulation Mode, the simulation resets.90. Where is the Viewport feature located in Physical Workspace?91. When I issue the command "show crypto map", the output differs from what I see on a real router.92. When I do "show cdp neighbors" after loading a save file, not all neighbors are in the output, but the neighbors show up after a while.93. If I move a device with a BendPoint or GroupPoint in Physical Workspace, the BendPoint or GroupPoint disappears.94. Packet Tracer generated a configuration file on my computer's local user directory.95. The Ethernet interface configuration dialogs in the GUI looks different from other types of interfaces.96. When I try to issue CTRL + Shift + 6 + X on the keyboard to terminate a telnet session on a PC device, nothing happens.97. The number of packets encapsulated and deencapsulated shown in the "show crypto ipsec sa" are not equal.98. Sometimes when I view PDU details of STP packets, the PDU details would say SSTP Multicast Address instead of STP Multicast Address.99. The MIB Browser does not have a horizontal scrollbar for the MIB tree so it is hard to navigate and view the tree.100. Why do wireless end devices sometimes form random associations?101. When I add a DNS resource record with the name in upper-case letters, Packet Tracer adds the name in lower-case instead.102. Cables in Physical Workspace aren't redrawn correctly while resizing objects.103. When I close the Preferences dialog, any other dialog that I have opened closes also.104. When I click on the link lights on a cable, the connection detaches from the nearest connected device and I am able to make a connection with the same cable again.105. Switches are not able to detect a new route when an old route is down.106. I was trying to create a device after clicking on the Place Note tool. The mouse cursor stayed as the Place Note cursor icon, instead of the Select tool cursor icon. Why is it like that?107. Frame-relay map statement is not accepted under interface mode. When I run the command to add a map it says "%Address already in map". I get this message even after I delete the entry and try to add it again.108. In the Activity Wizard, when I click on the close button on the Instructions window, the window gets minimized.109. In a router or switch's CLI, sometimes when I type a password, "circles" or "asterisks" fail to appear while entering characters for the password.110. Why are end devices with the Linksys WMP300N module able to connect to a Linksys router that operates in BG-Mixed mode?111. Which types of wireless networks do the Tablet PC and PDA support?112. I changed the time and date on an NTP server on a server end device. After closing the server device dialog, and reopening it, the time and date

reverted back to the previous settings.113. When I try to ping a host that is connected to a Linksys router's LAN port, the ping fails.114. Pressing Ctrl+A on the keyboard does not select all text in certain areas of the GUI.115. Even though there is no power cord attached to an IP Phone, it still appears to be on.116. When I hover over an end device that is supposed to be configured with a line number, the line number only shows when I open the Cisco IP Communicator.117. When I enter the command "mac-address H:H:H" in ephone configuration mode, I receive an invalid input error message in the CLI.118. When I press the "Do" "Re" or "Mi" notes in the GUI of the phones, I don't hear anything.119. I connected a cloud's Ethernet6 port to a router. When the cloud receives a DHCP packet, it does not send out to the Ethernet6 port. Why?120. Why does Packet Tracer always do PAT when there is no overload command?121. When I use the Copy from Answer Network function in the Initial Network panel of Activity Wizard, the variables from the Answer Network do not get copied over.122. When I try to copy and paste a Multiuser cloud, nothing happens.123. When I try to create a multiuser connection while in Activity Wizard, an error message appears stating that "Cannot make multiuser connection to this instance of Packet Tracer."124. After I invoked the command "ssid test" from interface Dot11Radio0/3/0 on a router, there still seems to be some kind of wireless signal detected on a wireless PC. Is this correct behavior?125. When I switch from Realtime Mode to Simulation Mode, the time seems to shift forward.126. When I press CTRL+C or CTRL+Shift+6 to terminate a traceroute, it doesn't work.127. When I try to telnet to a switch from itself, the connection attempt times out.128. Packet Tracer's CPU and memory usage increases when I have a network with many switches connected in loops.129. When I leave the WEP key field blank on a wireless device and click on a button in the Config tab, the button remains depressed after I get the WEP key cannot be empty error popup.130. Why do the routing tables display the CIDR subnet mask such as /30 on routers connected by serial connections?131. Why is the CPU usage from Packet Tracer so high sometimes?132. Why do 1841 Routers not support voice commands anymore?133. Why in Simulation Mode, CDP packets are shown even though they are not selected in the Event List Filters?134. Why are the routing tables different when I reopen a file that involves route redistribution?135. Why does the PC Web Browser not detect IPv6 addresses like aaaa:2::2 as a valid address?136. When I tried to move a device inside a cluster in maximum zoom out mode, the move object popup is not aligned with the device.137. When I changed the MAC address of the Fast Ethernet port on a PC, the IPv6 link local address doesn't change accordingly.138. Why does PT print out "UUUUU" instead of "NNNNN" if a ping's source IP is beyond scope (source IP is a link local address and the destination IP is beyond its LAN)?139. When I copy a device inside a cluster, I cannot paste the device into a different cluster?140. When I issue the command "show interface" on a router, the output shows that the line protocol is up even though it is the DTE interface and the DCE interface has not been issued the clock rate command.141. There is CLI for the frame relay cloud. The only option is to configure using the GUI.142. When I author a PKA with variables in assessment items and then try to test my activity, certain assessment items such as the default gateway or DNS server IP addresses are marked incorrect, even if the values are equal to the answer network.

143. After creating a complex network, clicking "reset simulation" does not clear ARP tables or DNS caches. Is this a bug?144. In the activity wizard circling tool, how come some shapes do not grade correctly? 145. Can I add two wireless modules to an end device?146. When I pasted in my commands to a router, the case is not preserved. For example, I pasted in "hostname R1" and PT changed it to "hostname r1".147. If I setup a network with two LANs, can one PC from one network ping another PC from the other network?148. I cannot find "show device dialogue taskbar" in preferences anymore. Has it been removed?149. Why can't I find any routing configuration on the 3560-24PS switch when I open my file in PacketTracer6.0?150. When I setup a server with two NICs, and I setup a PPPoE dialer, the connection fails. Why is that?151. When I mouse over Octal cables, it doesn't show much information. Why is that?152. Why does PT crash when I test activity or load an activity with 0 sets of object locations?153. Why are IPv6 Neighbor Discovery Protocol (NDP) packets are labeled as NDP instead of ICMPv6?154. For IPv6 addressing, why don't we get a partial credit if we enter the prefix length correctly but with a wrong IPv6 address?155. What should I expect to see on Netflow Collector GUI when it receives a flow that matches one of the flows that it has in the cache?156. Why does the alert saying "Cannot write to file" sometimes appears when I save my scripts?157. Why does the device show a default hostname in Packet Tracer 6.1 and not in previous versions?158. Why does "standby version 2" always show up in the running configuration when HSRP is configured eventhough the command was not entered?159. Why does Packet Tracer fail to elect the correct root for (R)STP causing loops in the topology when a hub is in between two switches? 

Protocol Modeling Issues1. For EIGRP, why are new adjacencies being formed after the "no auto" command--this does not happen on real routers?2. Why does the "no keepalive" command give me an error in some situations?3. On real devices, the link lights would still come up if there is a duplex mismatch between both sides of the Ethernet connection. Why does Packet Tracer not model this behavior?4. On real switches, if there is a native VLAN mismatch on both sides of the same trunk, CDP and STP would print out error messages. Why does Packet Tracer not model that?5. I cannot disable STP on switching devices.6. On a real device, I can ping the loopback address 127.0.0.1, what about in Packet Tracer?7. On a real router, I can configure an interface with a valid IP address and subnet mask even though it is a supernet (e.g., 172.24.11.1 255.254.0.0), but in Packet Tracer it says that the subnet mask is a "Bad mask."8. I cannot configure an IP address on a modem interface module on the router, but there is a configuration interface in the Config tab.9. If there is a DHCP request with two or more DHCP servers, and then a DHCP request fails due to a possible collision when the DHCP servers try to respond simultaneously, there should be lots of traffic but there are no further events after the collision.10. Why doesn't STP block the ports if the native VLAN mismatches?11. On a real router, the timer is reset for OSPF and EIGRP routes after a "clear ip route *" command, but not in Packet Tracer.12. Why does the Linksys remote management override HTTP port forwarding?13. The show ip ospf neighbor command shows a priority of 1. Actual 1841 shows priority of 0.

14. Static routes with 255 admin distance should not be added to routing table.15. Why do wireless ports always buffer the frames before sending?16. Why are LMI statistics not updated when the link state changes?17. Why can I only ping one VLAN interface on the switch when there are more than one with the status and line protocol up?18. Why does OSPF not work over physical serial interface using frame relay?19. In Simulation Mode, routing tables are updated before the packet arrives in the simulation.20. On a router with multiple switching modules, there should be individual MAC tables for each switching module. However, "show mac-address table" shows only one MAC table.21. Why is the command "ip ospf network" not available in the loopback interface mode?22. The round trip times for pings in Multiuser networks are very long. 23. When I issue the command "debug ppp negotiate" before enabling PPP encapsulation, debug messages do not show.24. On a real switch, when I create a VLAN and then assign a name to the VLAN, VTP revision number increases by 1. In Packet Tracer, the VTP revision number increases by 2.25. The EtherChannel group does not come back up after an error disable.26. Configuring shape in a nested policy map gives an error message.27. When I enter "switchport mode trunk" on a switch without changing the encapsulation to dot1q first, the command is not rejected like on a real switch with a message saying "An interface whose trunk encapsulation is 'Auto' can not be configured to 'trunk' mode."28. "show ipv6 eigrp interfaces" seems to have incorrect or static output.29. Class-maps with inspect type appear to have a different subset of match sub-commands compared to real routers.30. When I configure manual EIGRP summarization, sometimes the classful mask is shown in the routing table for a route.31. No warning is shown when exiting the interface range mode without typing exit.32. Is the command "tunnel source [ip address]" supported?33. Does the command "ip mtu [value]" have a dynamic range?34. When I do "show vtp counter", the values for VTP pruning statistics seems to be incorrect?35. Why can I not modify the serverPool DHCP pool on the server device?36. When I copy a "show running-config" output from Packet Tracer and paste the output into CLI, not all commands are accepted.37. When I issue the command, "more flash:c2960-lanbase-mz.122-25.FX.bin", the output is different each time.38. When I delete the IOS image from a router or switch and then save and reopen the file, the device boots up when it should not.39. If I issue "debug ip packets" then "logging trap debug" on a router, it seems that one or the other is not issued at all.40. The output in "show policy-map type inspect zone-pair sessions" seems to differ compared to real routers in regards to the type of protocol detected in the established sessions.41. The "show clock" output is always Mon Mar 1 1993 by default.42. When I enter the command "no ip ips signature-category", it brings the router prompt to the IPS category configuration mode.43. Access-lists do not have ESP, AH, or ISAKMP port options available. As a result, site-to-site VPNs can be created, but are not functional if CBAC or ACLs applied.44. Static routes should be able to specify an outbound interface and next hop address.45. A carriage return is missing after removing a subinterface from a router.46. There is no error message when two connected switches have different EtherChannel modes.47. When I try to issue an SNMP request using a port other than 161, SNMP request times out.

48. AAA authorization commands are supported, but the functionality does not work.49. When I enter "config t" in global configuration mode, Packet Tracer returns "%Invalid hex value."50. When I try to enter interface configuration mode for a non-existent interface, Packet Tracer returns a different error from a real router.51. The number of matched packets under the protocol match statement is greater than the number of matched packets for the class-map in the "show policy-map" command.52. The QoS bandwidth setting does not appear to have an effect on drop rates.53. The labs in the curriculum expects more options for the "debug ip rip" command, but Packet Tracer only supports the events option.54. When I have a PC on a VPN connection, it seems that DNS packets are sending to the VPN server first and the DNS packets are not encapsulated in Simulation Mode.55. An RS232 port is displayed in the physical device view of the IP Phone, but the RS232 port is not one of the available ports in the Logical Workspace.56. Why doesn't Packet Tracer show all of the packets involved in a typical SMTP/POP transaction?57. On a 3560 multilayer switch's interface, when its trunk encapsulation is set to "auto", it cannot be configured to "trunk" mode. The command "switchport mode trunk" is rejected. Why?58. When I create a Telnet packet while another TCP connection exists, the Telnet packet that I created gets dropped.59. When I view a TCP packet's PDU details in Simulation Mode after initiating an HTTP request, the HTTP client sets the connection state to SYN_SENT.60. How come phones don't register with auto-reg-ephone enabled and auto assign configured in CME?61. When I open a PC's device dialog with DHCP enabled, it keeps sending a DHCP packet.62. Why does VoIP still work even though switchport voice vlan 1 is not configured?63. When a call is made to a Cisco IP Communicator that is closed, is the Cisco IP Communicator supposed to open in ringing mode or connected mode?64. How come PPPoE clients do not get connected in multi-server environments?65. How come the routers in Packet Tracer do not show ppp negotiation debug messages after I turn on debug?66. I have "debug ppp authentication" enabled on a PPPoE server. When a PPPoE client is getting connected to the PPPoE server, it does not show any debug messages on the server.67. Why are log messages for IP phone registrations different than real devices?68. I created an access-list that denies FTP data transfers on port 20, but data transfers are still successful.69. When I delete a wireless client from the workspace, the Linksys router's DHCP client table doesn't refresh when I click on the refresh button.70. The MAC address column in the Linksys router's DHCP Client Table is labeled as 00:00:00:00:00:00.71. The Expires Times field in the DHCP Client Table is always empty.72. What's the purpose of the TFTP Server field in the DHCP service on the server device?73. Why do PCs sometimes get default gateway from DHCP, but sometimes not?74. When I use the "no redistribute connected metric 1000000" command, it removes the entire "redistribute" command.75. Shaping stats are not shown all for nested policy maps.76. When I configure a destination-pattern of "10.." with two dots for one dial-peer and a destination-pattern "10." with only a single dot for a second dial-peer, only numbers such as "1022" can be dialed.77. Why does Packet Tracer slow down for long periods when running BGP?78. Why does the command show ip bgp give a different output than what I see on a real router?

79. RIPv2 poison and poison-reverse do not work.80. Why do some wireless devices not get connected to the access point?81. Duplicate IPv6 addresses are not detected.82. Why does an IPv6 device not be able to ping another anycast address when the old anycast address device is disconnected?83. The network mask of the route does not get updated after applying "ipv6 ospf network broadcast" or "ipv6 ospf network point-to-point" in the interface.84. The command "show ipv6 ospf neighbor detail" shows some missing output such as the Option detail and link local address.85. It appears that loading IOS IPS signature package is not required when configuring IPS.86. When I enter the command "show ipv6 dhcp pool" on a DHCP server, the value for active clients value is 0.87. There was no application layer information in the PDU details when simulating SSH traffic. Layers 1, 2, 3 and 4 are reflected in the PDU details, but the application layer traffic isn't reflected.88. When I enter the command "show ipv6 dhcp interface", the value for when the renewal will be sent is always 0d0h.89. There is no support for the command "ip default-router" on the Cisco Catalyst 3560-24PS multilayer switch.90. When I shutdown an interface on a router configured on a RIP network, the routing table shows that the network is possibly down and the RIP timers are started. However, on real routers, the network is immediately withdrawn from the routing table and the RIP timers are not started.91. Can't I enter the command "no router ospf " within the command mode for "router ospf "?92. When entering acl statements without specifying the sequence number, why does the "show access-list" command show the acl statements in a different order from the order shown on Cisco router?93. Why can't key chains be entered consecutively without exiting to normal config mode first?94. Why doesn't the show running-config output show async interfaces when HWIC-8A modules are used?95. In Simulation mode, why are there scenarios where a packet is still able to cross a link that is connected to a port that has been recently shutdown? 

General IssuesQuestion/Problem Answer/Solution

1 My computer frequently crashes when I use Packet Tracer.

You need to update your video card drivers, especially if your computer has an ATI video card. If you are using an IBM laptop issued by Cisco, you can use Windows Update or this link to lenovo support. If you are using a computer built by another company please check their web site for updates or if you know you have an ATI video card, go to http://ati.amd.com/products/index.html to find an updated driver.

2 The program screen is cluttered with too many windows! I can't see the workspace.

You can undock sub-windows by double-clicking on the title bar and move them away from the workspace area. You can also prevent sub-windows from docking by holding down Ctrl while moving them.

3 What Cisco IOS version do the routers and switches support?

Packet Tracer uses simplified models Cisco IOS, using real Cisco IOS images as references. The Cisco 1841 router supports Cisco IOS version 12.3(14)T7, 12.4(12), and 12.4(15)T1. The Cisco 1941 router supports Cisco IOS version 15.1(4)M4. The Cisco 2600

series routers support Cisco IOS version 12.2(28), 12.4(8), and 12.4(15)T1. The Cisco 2811 router supports Cisco IOS version 12.3(14)T7, 12.4(8), and 12.4(15)T1. The Router-PT router supports Cisco IOS version 12.2(28). The Cisco 2901 router supports Cisco IOS version 15.1(4)M5. The Cisco 2911 router supports Cisco IOS version 15.1(4)M5.

The Cisco Catalyst 2950 series switches supports Cisco IOS version 12.1(22)EA4 and 12.1(22)EA8. The Cisco Catalyst 2960-24TT switch supports Cisco IOS version 12.2(25)FX and 12.2(25)SEE1. The Switch-PT switch supports Cisco IOS Version 12.1(22)EA4. The Cisco Catalyst 3560-24PS switch supports Cisco IOS version 12.2(37)SE1.

4 Can I learn the necessary information for CCNA certification just by using Packet Tracer?

No. Packet Tracer is a tool to supplement the CCNA curriculum. Students can learn basic to intermediate router and switch configuration and see how packets are processed by networking devices as they traverse the network.

5 Does Packet Tracer support all of the features found in Cisco devices?

No. The program supports a small subset of the features from Cisco devices. Please see the "Router IOS" or "Switch IOS" help pages. Packet Tracer uses simplified models of networking protocols and Cisco IOS; you should always compare your results to those obtained from real equipment.

6 When I make an entry into a text field (such as an IP address), how do I know it goes into effect? Is there an "Apply" button?

Text field inputs are updated and applied as soon as they lose focus (e.g., when you click somewhere else on the screen). There are no "Apply" buttons.

7 Can I create unlimited devices? No. The number of devices is limited by the amount of free memory on your computer.

8 I cannot access the tutorial files. Pop-up blockers can stop the tutorial files from running. Make sure you have these disabled when trying to view the tutorials.

9 May I distribute Packet Tracer to my students? Yes. Please distribute Packet Tracer to currently enrolled Cisco Networking Academy Program students. If the distribution method is through a website, ensure that the website is password protected. Refer to the "Copyrights" page for more information.

10 Why is Packet Tracer running so slowly? Does your system meet the minimum requirements? The minimum requirements, listed in the help documentation, allow for the basic use of Packet Tracer in creating small- to medium-size networks. It is recommended that you use a faster machine with more memory to create large networks. You can turn off the Sound and Animation options to increase performance.

11 Some text in the program is cut off or is not correctly displayed.

Packet Tracer by default requires that your system supports the Verdana font to display text correctly. Alternatively, you may change the fonts for dialogs, workspace/Activity Wizard, and the general interface in Preferences under the Font tab.

12 I have a saved topology from older version of Most simple topologies will load from previous versions of Packet Tracer, however, Packet

Packet Tracer. Can I open it with this version of Packet Tracer?

Tracer only offers limited backward-compatibility and not all files are guaranteed to open.

13 What is the password to edit the included activities with Activity Wizard?

Instructors may obtain the password from the Packet Tracer forums on the Academy Connection website.

14 When I try to launch Packet Tracer in Ubuntu 6.10, the terminal gives a Fatal Arithmetic error.

Ubuntu 6.10 is not supported.

15 I have a saved topology from this version of Packet Tracer. Can I open it with an older version of Packet Tracer?

No. Forward compatibility of save files is not fully supported. An "Invalid File" message may appear if you have a save file from this version Packet Tracer and then try to open it in an older version Packet Tracer.

16 How do I convert PKA files to a PKT file? There are actually multiple "PKT" files inside an activity file.

To "convert" from a PKA to a PKT file:1. Open the PKA2. Go to Activity Wizard.

If you are interested in the Answer Network, go to the Answer Network section and click on "Export Answer Network to File" and save it as a PKT.

If you are interested in the Initial Network, go to the Initial Network section and click on "Export Initial Network to File" and save it as a PKT.

17 If I save my file in the default Packet Tracer saves directory in Windows Vista, the save file is found in another directory. However, if I choose another directory, this issue does not occur.

This appears to be how Windows Vista handles saving items in the Program Files directory. You can change the User Folder in Preferences to a folder that you have write permission to.

18 When I try to launch Packet Tracer in Wine, Packet Tracer crashes.

Wine is not supported. Please use the Linux version of Packet Tracer instead.

19 On Ubuntu, if I try to create a custom device template, an error message pops up stating "Unable to write to file."

If Packet Tracer is installed as root, then you need to run as root in order to write to templates folder in the Packet Tracer directory. You can change the User Folder in Preferences to a folder that you have write permission to.

20 How can I save the PKA that I have opened in Activity Wizard to a different file (i.e. Save As)?

While in Activity Wizard, go to File -> Save As in the main Packet Tracer window and then save the PKA to a different file.

21 Is it possible to drag and drop a save file from my operating system inside Packet Tracer to load up the save file?

Currently, drag and dropping files into Packet Tracer is not supported.

22 How come the Recent Files list is empty? Make sure that your User Folder in Preferences is set to the user folder on your computer.

23 How do you create an activity PKZ file? First create your PKA file as a normal PKA. Make sure all of your images and other files

that go along with the PKA is set in the initial network as necessary (and answer network for completeness). Then, in the Activity Wizard, go to Test Activity and do a File -> Save as PKZ. Include any extra files as necessary. This will save your PKA as a PKZ file with an activity.

24 How do you modify a PKZ activity file? Open the PKZ file and go to Activity Wizard. Modify the activity as desired. Then go to Test Activity and do File -> Save as PKZ.

25 When creating PKZ files, do I need to ensure all of the background images are in the same folder as the PKA/PKT file?

Yes. While creating the PKZ, add the PKT or PKA and any images from the same directory as the images' path added in the PKT or PKA relative to the PKT or PKA file path.

26 My display resolution is 1024 x 768 or lower. When I go to Simulation Mode and click on the Auto Capture / Play button, events are not displayed in the Event List.

Increasing the display resolution to 1280 x 1024 or higher will make the GUI appear properly.

27 Why doesn't Packet Tracer display fonts properly in Linux?

Packet Tracer uses fonts such as Verdana, Times New Roman, etc. which may not be installed on Linux distributions by default. All Linux distributions that do not have these fonts installed need to install them first.

28 Why does Packet Tracer stop abruptly when right clicking on the Windows taskbar and then selecting "Close Group"?

This is a Qt framework issue. When closing the group, all opened windows get a simultaneous kill signal, and the current version of Qt (v4.4.3) does not call the destructors/closeEvent() of the open windows. Therefore, widgets that depend on other widgets to close first do not wait and Packet Tracer stops abruptly. A better solution is expected in future Qt versions.

29 I can't seem to write options to the Packet Tracer installed folder using the function in Preferences.

Launch Packet Tracer as an administrator in order to write to a system folder where Packet Tracer is installed.

30 How do I save images added to the cloud for the TV correctly?

The save file must be saved as a PKZ. While creating the PKZ, add the PKT and TV images from the same directory as the TV images' path added in the PKT relative to the PKT file path.

31 What's the transparent bar at the bottom edge of the workspace and is there a way to get rid of it?

The bar is the Device Dialog Taskbar which makes device dialogs that are currently opened more accessible. To remove the Device Dialog Taskbar, go to Preferences and uncheck "Show Device Dialog Taskbar" under the Miscellaneous tab.

32 Packet Tracer looks bad in Ubuntu (fonts, layouts, buttons, etc.).

Packet Tracer for Linux is built against the Qt 4.4.3 Commercial edition. As a result, for systems without these libraries custom built on their system, we have included the libraries as part of Packet Tracer to ensure Packet Tracer runs on their system. However, since the libraries are not built against your particular system, the layouts, fonts, and general interface may not match your system and therefore look bad. You can install your own Qt libraries and link against them for Packet Tracer, however it is unsupported as the versions may not match exactly and therefore bugs may be introduced.

33 Ctrl+Break doesn't work on Linux. Qt issue on Linux -- it doesn't capture the Ctrl+Break keys. A workaround is to use Ctrl+C on Linux.

34 All router config windows are closed without warning when closing the Preferences window.

This is the intended behavior.

35 Why can't I connect to another Packet Tracer instance using multiuser?

Please check the other Packet Tracer instance's IP address, port, and password. Packet Tracer does not currently show an error message or indicator for incorrect password. Please retype the password to make sure. This will be fixed in the next version.

36 Why do upnp.exe and PTUpdater.exe not quit after I submit my online PT exam?

This is an interaction issue between the PT exam, PT, and some Windows platforms. We have only experienced it on some Windows Vista machines. You can manually end these two processes in Task Manager.

37 When I use the Save Offline Copy feature for Multiuser, sometimes the remote networks in the offline copy will not go up (i.e. link lights stays red).

When you save an offline copy, your local network and each remote network has its own Home City in Physical Workspace. If you have the option Enable Cable Length Effects enabled in preferences, the connections may stay down if the connected cities in Physical Workspace are far apart. A workaround to this issue is to go into Physical Workspace and move the connected cities closer together or disable the option Enable Cable Length Effects in preferences.

38 I do not see the arp, bandwidth, delay, and other commands for the 2960 Switch, as well as some other switches. Why are they missing?

The ports on the model themselves have these limitations.

39 I do not see the Hop Limit field in the PDU information window.

The Hop Limit field has been renamed HL in Packet Tracer so that the value can be displayed without scrolling.

40 Why are the IPv6 Src/Dest address fields not taking up four rows each?

Src/Dest IPv6 address fields are 128 bits but in PDU Packet Tracer shows them occupying only one row because it is enough to hold the IPv6 address in text format.

41 Why can you only use Courier and Courier New for the CLI text?

Only fixed size fonts are supported for CLI text now.

42 Why can't I close the LAN Multiuser Agent and WAN Multiuser Agent windows?

This is intentional. The LAN Multiuser Agent and WAN Multiuser Agent script modules require frequent updates (keepalives) between the Multiuser server and clients in order to operate. To close the windows, you will need to stop the script module(s). To do so, go to Extensions menu > Scripting > Configure PT Script Modules then select LAN Multiuser Agent or WAN Multiuser Agent and click on the Stop button.

43 Why do parts of some PKA instructions get replaced by strange characters after it has been saved and reopened?

For instructions that use HTML, entity codes must be used for some characters.

 

Specific Issues

Question/Problem Answer/Solution

1 In the Physical Workspace, the wiring closet does not display all of the devices I have created in the Logical Workspace.

A wiring closet can have a maximum of three tables or racks. When closets become full, additional ones will be created automatically to accommodate more devices. When multiple closets are created they are one on top of the other, so you must move the first one to see the second and the third, etc.

2 If I turn off the ARP filter in the Event List Filters, does that mean devices won't build ARP tables?

No. The filters are for display purposes only and do not affect the actual function of the network. The packets are in the network but are not visible. Note that while users new to networking may not want to display ARP packets, many behaviors involving Ethernet (such as the first ping across a router being dropped while ARP is occurring) are not fully explainable without reference to ARP.

3 Does Packet Tracer use the Spanning Tree Protocol?

Yes. Packet Tracer models Per Vlan Spanning Tree Protocol to break possible switching loops. When first loading files with switches, or routers with switchports, the Spanning Tree Protocol will go through the different states on the ports before putting them in forwarding state, indicated by an amber light. If this causes an annoying delaying, toggling between Realtime and Simulation mode 3 or 4 times will decrease the delay caused by the transition of states.

4 How does loop-breaking process work in Packet Tracer? Why don't I have the option of viewing packets associated with the loop-breaking process?

Layer 2 loop-breaking is done in STP. You can view these packets in Simulation Mode. Layer 1 loop-breaking is still done in a Packet Tracer proprietary protocol and converges immediately.

5 When I reset the network in Simulation Mode, why do some switch ports show amber link lights and stay that color?

The amber link light indicates that the switch port is not in STP forwarding state. STP takes over 30 seconds to put a port into forwarding state if there are no loops. A port may be put in blocking mode and stay in amber color if the port is in a loop.

6 Why does the command clockrate not work? The term "clockrate" is not a documented Cisco IOS command. Use clock rate instead.

7 I created a ping packet in Simulation Mode and ran it. Why do I still see packets/frames (like CDP) running on the network after the ping process is completed?

Routers and switches send out CDP frames every 60 seconds regardless of what packets you created yourself. If you do not want to see the CDP events, uncheck the CDP filter in the Event List Filters. You can also disable CDP on the Cisco devices by using the Cisco IOS CLI. There are other protocols that periodically send out packets/frames without any configurations, including STP and DTP.

8 When I issue an extended ping, the parameters I am asked to fill in do not match an extended ping on a real device.

Some parameters, such as the following, are not supported:

Sweep range of sizes [n]:

9 Why can't I access sub-interfaces on serial ports? Packet Tracer supports serial sub-interfaces for frame relay encapsulation only. HDLC and PPP serial sub-interfaces are not supported in this version. In order to create a serial sub-interface, the physical interface must be configure to use frame relay encapsulation first.

Then, in creating a serial sub-interface, the type (point-to-point or multipoint) must be defined.

10 Why can't I test port connectivity with a command such as ping 192.168.1.5:80?

Packet Tracer does not support this specific ping feature.

11 Does Packet Tracer support VTP? Packet Tracer supports several commands relating to VTP domain, mode, password, and version.

12 I can't seem to add a secondary address to a port. Packet Tracer does not support the ip address secondary command.

13 How does the Auto settings for bandwidth and duplex work on a port?

The Auto setting enables auto-negotiation on the port of the device. When two ports are connected and both have auto-negotiation on, the best connection settings will be determined automatically and the link will be functional. The link will also be functional if one port has auto-negotiation on and the other is set at Half Duplex. However, if the other port is set at Full Duplex, the link will not be functional.

14 At the end of a simulation (after the last event), I viewed a device table (such as ARP or MAC) and saw that it was blank. Why is this?

Did you press the Capture / Forward button after the last event occurred? The ARP table clears after the end of the animation because after the last packet, the only timers left are ARP entry timeout timers. Because the Capture / Forward button advances in time to the next event (but there are no more future packets), the ARP entry timeout timer will expire. Thus, the ARP table becomes empty. This is similarly true for MAC tables.

15 Sometimes the CLI screen seems to display text incorrectly. For example, when activating an interface, the router prompt appears at the end of the sys log message instead of a new line.

There is a no line break after the interface status messages because that is how it is displayed on real devices. However, note that the Packet Tracer status messages are displayed immediately after the event occurs. Real devices may have a delay of about 1 second.

16 When I make the interface a trunk port in a interface sub-panel for the switch (under Config), the VLAN range is set to 1 to 1005 even though the switch does not have that many VLANs set up?

In Packet Tracer as well as on real equipment, the switch allows all VLANs (1 to 1005) on a trunk port by default, even if the VLAN does not actually exist on the switch. From the drop-down menu, you can view the VLANs that do exist and block (uncheck) them from the trunk. However, you cannot block VLANs that do not exist. This action does not affect the switch functionality. It is simply a way to display VLANs (or a range of VLANs) that the trunk supports.

17 When I turn off a router that has its link lights up and then turn it back on, why do the links remain down?

By default, router ports are in a "shutdown" state unless the no shutdown command has been issued. When a router is turned off and then on, it reads the startup-config file for configuration information. If the router contains no saved startup configuration that included the no shutdown command on a port, that port will not come up automatically.

18 When I choose a tool from the Common Tools Bar (such as the Inspect tool), how can I cancel that tool or deselect it?

Press the Esc key or click on another tool in the Common Tools Bar.

19 What's the difference between the Reset The Power Cycle Devices button does everything the Reset Simulation button does in

Simulation button and the Power Cycle Devices button?

addition to power-cycling devices that are powered on. Reset Simulation impacts the display and animation of already captured packets but not change the actual state of the networking devices.

20 When I use the Add Simple PDU tool to ping a router, the destination IP address is the Ethernet interface rather than the serial interface. What determines the default destination interface for a ping?

The Add Simple PDU tool is a quick way to create PDUs. The source device does not specify a source interface. It uses the outgoing interface as the source interface. The destination IP address is chosen to be the first interface with a set IP address on the destination device. The order of the interfaces is the same order as displayed in the show running-config and show interfaces commands.

To specify the destination address manually, use either the CLI or the Add Complex PDU tool. Both of these allow for configuration of the outgoing interface and destination IP address of the source device.

21 When I have a static route and RIP configured on a router, why is it that the static route with an administrative distance of 1 is preferred over RIP routes with an administrative distance of 120?

Packet Tracer is modeled from real routers, in which a static route with a smaller administrative distance is preferred over RIP routes. Instead of using the default administrative distance of 1 for the static routes, you can try using an administrative distance larger than 120 so that RIP routes would be installed in the routing table when they are available and static routes would be installed if RIP routes are not there.

22 When I configure static NAT on a router and perform a ping, why does the router eventually lose the NAT translations after several successful pings?

The ICMP NAT entries timeout in 1 minute. So, if 1 minute has passed either in Realtime or Simulation Mode, the NAT entries generated by ICMP packets would be removed from the NAT table.

23 When I enter an EIGRP network command, such as network 192.168.1.0 255.255.255.0, the result should be network 0.0.0.0 255.255.255.0 instead. However, on a real router, the result is actually network 192.168.1.0.

The network command for EIGRP should accept a wildcard mask for the second argument, as stated in the help command network 192.168.1.0 ?. So, the command network 192.168.1.0 0.0.0.255 means the network 192.168.1.0/8. However, this command is inconsistent with the help command in which network 192.168.1.0 255.255.255.0 also means the network 192.168.1.0/8. Packet Tracer implements the command like a real router.

24 When I try to do an extended ping in the CLI with a source IP address that doesn't belong to the device, it gives me an invalid source error message.

This is how extended ping works. You can only specify an IP address on the device as the source address. Otherwise, it gives an error.

25 In Simulation Mode, when I only have a single Event List Filter enabled, such as UDP, and then click on Capture / Forward, I get the message, "The maximum number of events has been reached..." This is counter-intuitive since no

The Event List Filters are not connected to how events are captured. Even if nothing is checked to display, Packet Tracer still captures everything. So, after capturing 500 events, Packet Tracer will show that message. However, the last part of the message says that the user can adjust the Event List Filters to see previous events.

events are shown in the Event List at all.

26 When a router doesn't have a next hop MAC address, it sends an ARP request and will drop the ICMP packet as well. Is this normal behavior?

Yes. When a router does not have the next hop MAC address, it will send an ARP request, but will also drop the packet. It does not buffer the packet and wait for the ARP reply to come back because that could cause considerable performance decreases if there are a lot of pending ARP entries.

27 When I save a configuration to the router NVRAM (wr mem or copy run start), the router does not save the configuration when Packet Tracer is shut down. This only occurs if you save the topology.

Yes. Saving the configuration to NVRAM only saves to the current file. You have to save the topology as a .pkt file to preserve your work between different Packet Tracer sessions.

28 When you use the same network/subnet on two different devices, the Cisco IOS CLI reports an error saying that the IP address conflicts with another interface.

This is no longer an issue in Packet Tracer. You will see the following similar error messages if those two devices were connected already, and if you were trying to assign the same IP address:

%DUAL-5-NBRCHANGE: IP-EIGRP 1: Neighbor 10.1.0.1 (FastEthernet0/0) is down: interface down %IP-4-DUPADDR: Duplicate address 10.1.0.1 on FastEthernet0/0, sourced by 0090.0CEC.5C01 %IP-4-DUPADDR: Duplicate address 10.1.0.1 on FastEthernet0/0, sourced by 0090.0CEC.5C01

29 Which cable do I use to connect an Access Point to other networking devices?

Access points connect to hubs and switches with a straight-through cable. Meanwhile, a crossover cable is needed to connect an access point to routers and end devices.

30 What is the difference between the activity file (.pka) that I author and the activity file that I give to others?

The activity file created with Activity Wizard contains both the authoring information and the activity itself. If you do not want others to view or change the contents of your activity, you may password protect the activity in Activity Wizard.

Just like a regular Packet Tracer network file (.pkt), the progress of activity files can be saved at any time. To have a fresh activity for redistribution, be sure to reset the activity in the instructions box, then save the activity.

31 Is it possible to import or open Packet Tracer activity files from a previous version?

The short answer is "No." However, Packet Tracer can import old Packet Tracer network files (.pkt), with some limitations. You may export the answer and initial networks from an older version of Packet Tracer, then import then into Packet Tracer using Activity Wizard. It is best to re-author activities in the latest version of Packet Tracer, though existing work from previous versions can be imported and adjusted.

32 What is the correct version for EIGRP? I have seen only two versions, v0 and v1. However, in the PDU Information Window, the version reported is version 2.

The version field in the EIGRP packet indicates the EIGRP version of the sender. There is only one version of EIGRP. However, from the packet captures from routers, the version number is always 2. This is a constant. Packet Tracer is modeling as it would be captured from a real network.

33 In Simulation Mode, why do some devices/ports sometimes buffer frames and say the ports are sending other frames when there are no frames shown in the Event List?

There are some types of frames that Packet Tracer does not display to the user, such as keepalives on the serial links. When these frames are being sent, the device will buffer the other frames that are waiting.

34 When creating multiple connections between the same two devices (e.g. trunking), the cables connected earlier may be hidden by the new ones. How do I know how many cables are connected?

Packet Tracer will display several distinct cables in parallel. However, there is a limit. A workaround is to use another device, such as a repeater for Ethernet connections, to emphasize the visual distinction of a particular link.

35 Using the Activity Wizard, how do I lock out the GUI configuration for routers and switches to force the users to use only the CLI?

Attach a console cable from the PC to the switch or router. In the Initial Network section of the Activity Wizard, lock "Configuration" for the switch or the router. Now, users must console into the switch or router from the terminal of the PC to configure them.

36 What happens to the IP address of a device when I duplicate the device?

When you duplicate a device with an IP address assigned to any of its interfaces, the IP addressing will be cleared on the duplicate device.

37 What is the limit for the number of wireless hosts and access points in the same coverage area?

The limit is 10 wireless hosts with 3 access points in the same coverage area. Beyond that limit, wireless connections become unpredictable. This is similar to real equipment except Packet Tracer has a lower limit.

38 When I create a template of a device with additional IOS images besides the default IOS image, only the default IOS image of the device appears in the custom device.

The template devices store the hardware information only, including the device model and what modules are installed on them. The workaround to this issue is to copy and paste the device. The duplicated device will have the same IOS images as the original device.

39 Is Realtime mode exactly in sync with real world time?

No. Realtime mode in Packet Tracer runs at a different rate than real world time. It may run slower as more devices and protocols are added to the network. The speed of the computer running Packet Tracer also affects the Realtime mode.

40 Why, when I enable logging and configure devices in the CLI and then save the file, does the save file not save the log?

The command log is not saved with the save file and is session based. Alternatively, you may export the log under the Interface tab in Preferences.

41 When I send a PDU over devices with multiple links between them, with one of the links shutdown, why does the PDU traverse the shutdown link instead of the active link in Simulation Mode?

This is a result of an animation error. The PDU takes the center path between the two devices instead of the center path between the two endpoints of the links. A possible workaround is to use hubs or repeaters to connect some of the links.

42 Why do I get two different average round trip times for the exact same pings in Realtime Mode and Simulation Mode?

In Realtime Mode, time is always running regardless of the events occurring in the network. In Simulation Mode, time is event driven, under your control. The time in Realtime Mode may be affect by the speed of the computer Packet Tracer is running on and the number of devices and protocols running in Packet Tracer. For more information, please view the "Time Management Between Realtime and Simulation Mode" section in

the Simulation Mode: Special Notes page.

43 When I issue the "clear ip route *" command in CLI, it doesn't clear the routing tables.

The "clear ip route *" command just clears the routing table. For some protocols like EIGRP and OSPF, the routes are added back to the routing table immediately if there are no changes. For RIP, the routes are added back when receiving the next updates from its neighbors. However, in Realtime mode, it may happen before "show ip route" is issued again. You can see its effects easier in Simulation Mode.

44 Why can't enable secret passwords be assessed reliably in activities?

This is no longer an issue in Packet Tracer.

45 I can add a WEP key that is out of the hex range for the Linksys router when I shouldn't be able to.

This is no longer an issue in Packet Tracer.

46 In the Event List filter window, why does unchecking HTTP filter have no effect when TCP is checked?

HTTP packets are also TCP packets, so they are not filtered out.

47 Why does the Inspect tool have no effect on the Linksys router?

This is no longer an issue in Packet Tracer.

48 When I telnet into another device, the config tab does not work.

This is no longer an issue in Packet Tracer.

49 Why do static routes with admin distances of 255 show up on the routing table?

This is no longer an issue in Packet Tracer.

50 Packet Tracer crashes when I have many instances of Packet Tracer opened.

We recommend using one instance of Packet Tracer at a time. Although Packet Tracer does not impose a limitation on how many instances may be running at the same time, system resources (RAM, disk swap, or GDI objects) may affect the actual number of simultaneous instances.

51 How can configurations from Packet Tracer and real devices be used in activities to check enable secret and other passwords with service password-encryption on?

Packet Tracer generates password encryptions only once, with only one seed. If the same password is entered more than once, Packet Tracer only generates one encryption string. In order for passwords generated from outside of Packet Tracer to work in activity checking, you must re-enter the passwords again after importing.

52 Why are values in Config tab not changed when I have already changed them in console?

Packet Tracer does not keep opened dialogs in sync when changes are made from a different dialog. To see the updated values, please close the opened dialog and open it again.

53 Why do HTTP packets still show up when I have the HTTP filter unchecked?

If the HTTP filter is unchecked, but the TCP filter is checked, HTTP packets would still show up, because HTTP packets are TCP packets. This is the same behavior for other packets that are encapsulated within TCP or UDP. If you want control over the types of packets you want to see, use ACL Filters.

54 Why does Packet Tracer generate the same On real devices, each time a password is entered, the seed changes, and it would generate a

encryption string when the same password is entered more than once?

different encryption string. Even if the same password is entered twice, the encryption string would be different. In order for activity checking to work, we must always generate the same encryption string so that the user's password and the Answer Network password generate the same encryption string.

55 How do I add a graphic image of a topology in the activity instructions? Use tags to add images in the activity instructions.

56 Why am I able to add and remove content from the activity instructions window when it should be read-only?

You have to lock Edit Instructions in the Locking Items tree to make the instructions content read-only.

57 When I enter "show interface s0/0/0" in the CLI, the IOS output says "show interface s0/0/0" is an ambiguous command.

This is no longer an issue in Packet Tracer.

58 How come I cannot use Variable Manager for scoring with VLAN interface IDs (SVIs)?

Variables cannot be used to check for nodes that depend on names, such as device names, port names, dhcp pool names, etc.

59 Is there a way to speed up convergence of the network when I open a file? Sometimes my activity is graded incorrectly since the answer network hasn't converged.

You can speed up convergence of the network by switching to Simulation Mode and then switching back to Realtime mode. Do this as many times as required (depends on the network). If you are creating an activity, you can forward the Answer Network Convergence in the Activity Wizard as well.

60 I cannot make a Multiuser connection between Windows and Linux machines.

Make sure to disable all firewalls on both the Windows and Linux machines (procedure will vary depending on the firewall). If the machines are behind NAT (e.g. a SOHO router), be sure to forward the appropriate ports (i.e. 38000 by default) as well.

61 I can still access the Config tab of a router or switch even if there is an enable secret password in the running configuration.

You can use Activity Wizard to lock Use Config Tab or you can hide the Config tab in Preferences if needed.

62 Is there a way to distinguish between outgoing and incoming Multiuser remote network clouds? Also, when I have an incoming Multiuser connection, Packet Tracer creates a Multiuser remote network cloud if the name is incorrect.

You can mouse over a Multiuser remote network cloud to show who the other side is connected to. Also, changing the Multiuser remote network cloud's name does not reflect on the other side.

63 When I try to set a variable value to Elemental Position in Variable Manager, the value sets itself to zero and cannot be changed to any other position.

When you set a value for a variable, you must press Enter on the keyboard to change the value.

64 When I try to copy text from the CLI tab using "Ctrl + C", the output has unorganized text that

There is no way to prevent this in the interface as of now. A workaround is to use the Copy button in the CLI tab.

can be dragged around.

65 How come I am able to enter negative point values for Assessment Items in activities?

Negative point values in Assessment Items has several useful benefits. For example, if you ask a student to configure a network using RIP and they use static routes to trick the connectivity tests, you can give them negative points for configuring static routes instead of RIP. Also, negative point values varies the point system which allows different types of game related activities.

66 Can a wireless PC associate to an access point that is from a Multiuser remote network?

No. Wireless requires the devices to be within physical range of each other. Multiuser remote networks are in different physical spaces.

67 When I try to create a loop on a switch by connecting a straight-through or cross-over cable to different ports on the same switch, I get a connection error stating that "The cable cannot be connected to that port?"

A workaround is to use a hub or repeater to create a loop between the two ports on the same switch.

68 How come when I have multiple wireless profiles in a wireless PC and then delete the wireless router that the wireless PC is currently associated to, the wireless PC does not automatically associate to the other wireless routers that has a profile?

In Packet Tracer, there is no way to choose multiple wireless profiles in the Config tab.

69 In Physical Workspace, sometimes the geoicons do not work correctly. For example, I am able to move the geoicons beyond the "border." Also, the geoicon labels are sometimes detached from the geoicon itself after navigating between locations.

This is no longer an issue in Packet Tracer.

70 How come the output for various commands in Packet Tracer, such as "show ipv6 nat translations," is different from a real router?

This is due to differing versions of IOS images. Please see General Issue #3 for a list of IOS images that Packet Tracer supports.

71 When I click on Save Settings in the Applications & Gaming section in the Linksys GUI, the last item in focus does not save.

The workaround is to click on another item to change the focus before clicking on Save Settings.

72 How come when I create a complex PDU, the Outgoing Port drop-down list does not contain any ports?

To select an Outgoing Port, the source device interface needs to be configured properly with an IP address.

73 The Variable Manager Interface in the Activity Wizard Answer Network panel is too narrow.

This is no longer an issue in Packet Tracer.

74 When I have a router with 2 LANs (e.g. 192.168.1.1 and 192.168.2.1), a PC with an IP address in the 192.168.1.0 network can be pinged by a PC in the 192.168.2.0 network even if the PC in the 192.168.1.0 network has the incorrect default gateway (e.g. 192.168.2.1).

This is how it works on a real router.

75 When I copy and paste the entire "show running-config" output in Global Config Mode, some commands return "% Invalid input detected at '^' marker."

Some commands are not supported, but shows in the "show running-config" output.

76 When I undo a deleted device/link that was connected to a Multiuser remote network, Packet Tracer crashes.

This is no longer an issue in Packet Tracer. However, undo still does not undo deletion of Multiuser remote network clouds. So, if deleting Multiuser remote network clouds with other devices, undo will only bring back other devices.

77 When I delete a link to a Multiuser remote network, the link isn't removed from the Multiuser remote network.

This is no longer an issue in Packet Tracer.

78 Packet Tracer appears to be able to ping a default gateway that does not exist.

This is correct behavior. PCs will send packets to a gateway that is not in the same network as itself. And Cisco routers reply to ARP requests if the requested IP has a route in its routing table.

79 When I am configuring Frame-Relay, the "show running-config" shows that the encapsulation is IETF, but the "show frame-relay lmi" command shows that it is Cisco.

The output in the "show running-config" is encapsulation type, which is IETF and the output in the "show frame-relay lmi" is the LMI type. Since the LMI type is Cisco, it is not displayed in the "show running-config".

80 The Linksys router icon looks too similar to the Cisco 1841 ISR icon.

You can change the icon to any other icon you wish by using the Customize Image in Logical/Physical View feature in the device dialog.

81 When I create a new file, a registered IPC device creation event such as deviceAdded in the previous topology disappears.

The deviceAdded event is registered to the workspace object. Packet Tracer creates a new workspace for each new/opened file. So, the ExApp needs to re-register the events previously registered to the old workspace in the old file.

82 Does Packet Tracer support SHA1 encryption? Yes. If you issue "crypto ipsec transform-set mycrypto ?", you will see that all of the sub-commands that contains*-sha-* in them supports SHA1.

83 The source IP address field does not appear in the Add Complex PDU dialog.

This feature is used to manually change the source ip address of packets sent and is mainly used for games and activities to fake source ip. We removed it from routers and switches because Cisco devices (should) check for that when sending packets out.

84 Where does the server device look for images to load pages with image tags from?

The server looks for images with the same name in the same folder as the pkt/pka file, or if the file is not saved/opened, it looks inside the Packet Tracer /bin folder.

85 When routers exchange routes to the same route, their routes become possibly down after a while.

This is correct behavior and real routers do the same thing. For example, if a 10.0.0.0/8 route is from Router1 and it sends it to Router2 and Router2 has the same route. Then Router2 advertises it to Router1 before Router1 sends the same route to Router2. Also, say for instance Router1 has 10.10.10.0/24 also. It will accept the 10.0.0.0/8 route and put it into routing table. But, once Router2 receives the same route from Router1, it will stop sending the route to Router1. And the route in Router1 will eventually timeout.

86 Where are the RADIUS and TACACS server configurations for the server device?

The configurations are located in the AAA panel in the Config tab.

87 Why am I not able to move or control cables connected to Multiuser remote network clouds in Physical Workspace?

Since the remote networks are not in our physical world, Multiuser remote network clouds are located at some outside point. Also, cable length does not have an effect on these connections.

88 How do I navigate to a previous cluster level or Physical Workspace level?

To navigate to a previous level, click on the Back button on the Logical/Physical Workspace Bar until you get to the desired level.

89 When I close a device dialog while in Simulation Mode, the simulation resets.

This is normal behavior. Actions that may cause the simulation to reset are deleting devices, deleting connections, closing dialogs, and toggling power on ports.

90 Where is the Viewport feature located in Physical Workspace?

To open the Viewport in Physical Workspace, go to View > Show Viewport on the Menu Bar.

91 When I issue the command "show crypto map", the output differs from what I see on a real router.

There is a possibility that the IOS version you are using on the real router is different from the IOS version currently used in Packet Tracer, which could be the cause of the discrepancies.

92 When I do "show cdp neighbors" after loading a save file, not all neighbors are in the output, but the neighbors show up after a while.

CDP sends every 60 seconds and so after 60 seconds it shows up. The first CDP packet probably got dropped or was sent before the link went up so the first one did not get sent. It is also possible that the first CDP packet is sent, but the network may not have converged.

93 If I move a device with a BendPoint or GroupPoint in Physical Workspace, the BendPoint or GroupPoint disappears.

BendPoints and GroupPoints are not kept when moving a device. This is intentional behavior to have consistency.

94 Packet Tracer generated a configuration file on my computer's local user directory.

This is by design and is intentional. The only to have Packet Tracer writable cross-platform and work the same way, the user folder needs to be utilized as Windows Vista and Linux has stricter write permissions on installation directories.

95 The Ethernet interface configuration dialogs in the GUI looks different from other types of interfaces.

This is a Packet Tracer implementation issue and no workaround exists at the moment.

96 When I try to issue CTRL + Shift + 6 + X on the keyboard to terminate a telnet session on a PC device, nothing happens.

This is intentional as the PC's telnet cannot suspend.

97 The number of packets encapsulated and deencapsulated shown in the "show crypto ipsec sa" are not equal.

The number of packets that a router encapsulates and encrypts does not necessarily have to be equal to the number of packets that it deencapsulates and decrypts. Depends on the protocols in has configured, packets get lost on their way to destination those numbers are different too.

98 Sometimes when I view PDU details of STP packets, the PDU details would say SSTP Multicast Address instead of STP Multicast Address.

PVST+ uses two STP packets, one is addressed to the IEEE STP multicast MAC address and the other is to the SSTP (Shared Spanning Tree Protocol) multicast MAC address. The two are different addresses, both are for STP. The SSTP is for PVST+ Cisco devices and the regular STP is for connecting Cisco devices to non-PVST+ switches. Both are needed in Packet Tracer to have native VLANs working properly.

99 The MIB Browser does not have a horizontal scrollbar for the MIB tree so it is hard to navigate and view the tree.

This is a known limitation in the current version of the UI framework that Packet Tracer utilizes. This will be fixed in a subsequent version of Packet Tracer.

100 Why do wireless end devices sometimes form random associations?

This can be due to the effect of interference of access points within range. As a result, the access points that wireless end devices connect to are not deterministic. That is, it is somewhat random.

101 When I add a DNS resource record with the name in upper-case letters, Packet Tracer adds the name in lower-case instead.

All functionality works the same since DNS is case insensitive.

102 Cables in Physical Workspace aren't redrawn correctly while resizing objects.

This is no longer an issue in Packet Tracer.

103 When I close the Preferences dialog, any other dialog that I have opened closes also.

This is the intended behavior. The user may be changing fonts or hiding tabs. The dialogs need to close to take effect on these changes in Preferences.

104 When I click on the link lights on a cable, the connection detaches from the nearest connected device and I am able to make a connection with the same cable again.

This is the intended behavior. The purpose is to allow users to unplug cables and replug them.

105 Switches are not able to detect a new route when an old route is down.

MAC entries time out after 5 minutes of no activity. Fast forward the time to 5 minutes and send again. It should be successful.

106 I was trying to create a device after clicking on the Place Note tool. The mouse cursor stayed as the Place Note cursor icon, instead of the Select tool cursor icon. Why is it like that?

This is an expected behavior. The mouse cursor icon will not change by clicking on any component in the network component box.

107 Frame-relay map statement is not accepted under interface mode. When I run the command to add a map it says "%Address already in map". I get

Frame-relay maps are dynamically populated by Inverse ARP. Inverse ARP sends mappings every 30 seconds or so. You can do "show frame-relay map" and if a mapping says "dynamic", then it is from Inverse ARP.

this message even after I delete the entry and try to add it again.

Cisco routers have Inverse Address Resolution Protocol (IARP) turned on by default. This means that the router will go out and create the mapping for you. If the remote router does not support IARP, or you want to control broadcast traffic over the PVC, you must statically set the DLCI/IP mappings and turn off IARP. IARP will be supported later.

108 In the Activity Wizard, when I click on the close button on the Instructions window, the window gets minimized.

The close button cannot close the Instructions window because this is a limitation reported by Qt.

109 In a router or switch's CLI, sometimes when I type a password, "circles" or "asterisks" fail to appear while entering characters for the password.

This is an expected behavior and is a security feature. The "circles" or "asterisks" will NOT be echoed for password field. The reason for this is that it limits a perpetrator from knowing the length of the password.

110 Why are end devices with the Linksys WMP300N module able to connect to a Linksys router that operates in BG-Mixed mode?

End devices with the Linksys WPC300N module supports B, G, and N wireless networks. If the access point or router is configured for BG or B only or G only, then the Linksys WPC300N will reduce its speed to B or G. However if you have a B or G module on the end device, and the access point or router is set to N only, then it would not connect.

111 Which types of wireless networks do the Tablet PC and PDA support?

The Tablet PC and PDA only support B and G wireless networks.

112 I changed the time and date on an NTP server on a server end device. After closing the server device dialog, and reopening it, the time and date reverted back to the previous settings.

After changing the year or month, you have to click on a date to set the date.

113 When I try to ping a host that is connected to a Linksys router's LAN port, the ping fails.

This is the correct behavior on real Linksys router, but Packet Tracer modeled it incorrectly in previous versions. A Linksys router will drop all pings into it from the Internet port.

114 Pressing Ctrl+A on the keyboard does not select all text in certain areas of the GUI.

This is a Qt framework related issue.

115 Even though there is no power cord attached to an IP Phone, it still appears to be on.

By default, 3560 multilayer switches have power over Ethernet. If an IP Phone is connected to a 3560 multilayer switch, then it would be powered on.

116 When I hover over an end device that is supposed to be configured with a line number, the line number only shows when I open the Cisco IP Communicator.

This is the correct behavior. In the real Cisco IP Communicator application, the line number is only set when the Cisco IP Communicator application is opened.

117 When I enter the command "mac-address H:H:H" in ephone configuration mode, I receive an invalid input error message in the CLI.

The correct MAC address format is H.H.H, not H:H:H. Thus, the correct command input would be "mac-address H.H.H".

118 When I press the "Do" "Re" or "Mi" notes in the Be sure that Sound is enabled in Preferences.

GUI of the phones, I don't hear anything.

119 I connected a cloud's Ethernet6 port to a router. When the cloud receives a DHCP packet, it does not send out to the Ethernet6 port. Why?

You need to add a DSL connection between the modem port and Ethernet port on the cloud.

120 Why does Packet Tracer always do PAT when there is no overload command?

The "ip nat inside source" command automatically puts "overload" if an interface is specified. This is correct behavior.

121 When I use the Copy from Answer Network function in the Initial Network panel of Activity Wizard, the variables from the Answer Network do not get copied over.

The answer network and initial network trees are different. As a result, they cannot be copied from one to another.

122 When I try to copy and paste a Multiuser cloud, nothing happens.

Copy and paste of remote networks is not supported.

123 When I try to create a multiuser connection while in Activity Wizard, an error message appears stating that "Cannot make multiuser connection to this instance of Packet Tracer."

Creating Multiuser connections while in Activity Wizard is not supported.

124 After I invoked the command "ssid test" from interface Dot11Radio0/3/0 on a router, there still seems to be some kind of wireless signal detected on a wireless PC. Is this correct behavior?

Only when you invoke "not dott11 ssid test" in the Global Configuration Mode, then it will remove the SSID configuration and bring the interface that has the same SSID down. If you only remove "no ssid test" in Interface Configuration Mode, it would reset the SSID at the interface to empty string "". So the wireless client detects a network with "" as the SSID.

125 When I switch from Realtime Mode to Simulation Mode, the time seems to shift forward.

When switching from Realtime to Simulation mode or when Reset Simulation, time forwards about 10 seconds or if there are many events, it will forward less time.

126 When I press CTRL+C or CTRL+Shift+6 to terminate a traceroute, it doesn't work.

This is expected behavior. The telnet client intercepts the Ctrl+C or CTRL+Shift+6 and does not send it over to the telnet server.

127 When I try to telnet to a switch from itself, the connection attempt times out.

A newly created switch in Packet Tracer or a real switch without any interfaces connected will exhibit this behavior. The reason being that VLAN1 is the default management VLAN interface for a switch. Since a switch is a Layer 2 device, it does not have an IP interface. Thus, the necessity for a Layer 3 interface in the form of VLAN1 interface was introduced. VLAN1 interface's protocol will go up if at least one FastEthernet interface is also up. Then, will only telnet and other services of VLAN1 will become active.

128 Packet Tracer's CPU and memory usage increases when I have a network with many switches connected in loops.

Packet Tracer allows STP to have loops and Packet Tracer simulates the behavior of "infinitely" forwarding frames inside a loop. The same frame does stop forwarding after a while, but if there are branches in the loops, the frames will exponentially duplicate and will increase CPU and memory usage. Because of this, misconfigurations in networks can

cause Packet Tracer to slow down.

129 When I leave the WEP key field blank on a wireless device and click on a button in the Config tab, the button remains depressed after I get the WEP key cannot be empty error popup.

This is a graphical glitch when wireless input fields are involved and it cannot be fixed.

130 Why do the routing tables display the CIDR subnet mask such as /30 on routers connected by serial connections?

The routers learn the /32 routes from serial PPP links.

131 Why is the CPU usage from Packet Tracer so high sometimes?

If there are many workspace notes, including device labels, and port labels, the CPU usage can be high due to the nature of the Qt library.

132 Why do 1841 Routers not support voice commands anymore?

It was a bug that we added voice commands in 5.3.0 on 1841s. We removed them in 5.3.1.

133 Why in Simulation Mode, CDP packets are shown even though they are not selected in the Event List Filters?

In Simulation Mode, if frames are collided, PT will show the frames even though the frame protocol is not selected in the event list filters.

134 Why are the routing tables different when I reopen a file that involves route redistribution?

This is a bug. It will be fixed in the next version of Packet Tracer.

135 Why does the PC Web Browser not detect IPv6 addresses like aaaa:2::2 as a valid address?

This is correct behavior. The correct way to enter an IPv6 address in the browser is to enclose the address in square brackets. The right format is http://[aaaa:2::2] or http://[aaaa:2::2]:80.

136 When I tried to move a device inside a cluster in maximum zoom out mode, the move object popup is not aligned with the device.

This is a bug. It will be fixed in the next version.

137 When I changed the MAC address of the Fast Ethernet port on a PC, the IPv6 link local address doesn't change accordingly.

To see the new link local address, click on the FastEthernet button after making the change in MAC address.

138 Why does PT print out "UUUUU" instead of "NNNNN" if a ping's source IP is beyond scope (source IP is a link local address and the destination IP is beyond its LAN)?

This is a bug. We will fix it in the next version.

139 When I copy a device inside a cluster, I cannot paste the device into a different cluster?

This is a bug. The workaround is manually move the copy from inside the cluster to outside outside the cluster.

140 When I issue the command "show interface" on a router, the output shows that the line protocol is up even though it is the DTE interface and the

This is the correct behavior. The DCE interface auto includes the clock rate command, defaulting to 2000000. Also, if you attempt to issue the clock rate command on the DTE interface, the output will show "This command applies only to DCE interfaces".

DCE interface has not been issued the clock rate command.

141 There is CLI for the frame relay cloud. The only option is to configure using the GUI.

This is the intended behavior.

142 When I author a PKA with variables in assessment items and then try to test my activity, certain assessment items such as the default gateway or DNS server IP addresses are marked incorrect, even if the values are equal to the answer network.

For runtime states, like DHCP assigned addresses and configurations, use variables to grade the assessment items. For the default gateway or IP address, use regular expression or static values.

143 After creating a complex network, clicking "reset simulation" does not clear ARP tables or DNS caches. Is this a bug?

No, "reset simulation" does not clear tables. "Reset Simulation" clears out any packet on the event list. Resetting visible tables does not reset router tables. "Power Cycle Devices" would reset all tables.

144 In the activity wizard circling tool, how come some shapes do not grade correctly?

This is usually a configuration error on the shape. A common issue happens when a user creates two shape tests intended to be different, but one shape test is wholly a subset of another shape test. e.g., shape test 0 only includes router1, and shape test 1 includes router1, router2, and router3. In this situation, the evaluation can fail to accurately grade the intended circle. When a user circles router1 with shape A, and router1 2 and 3 with shape B, the system may end up choosing shape B for shape test 0 (with only router1), and once a shape has been used, it is not used again for another shape. That leaves shape B for the answer to shape test 1 (router 1 2 and 3). So in this scenario, shape test 1 will only receive 1 of 3 correct, and shape test 0 receives 1 of 1 correct. To mitigate such a scenario, be sure that two different shape tests can be differentiated from one another either with inclusion or exclusion points that are in one shape test but not the other. In short, make sure one shape test is not wholly a subset of another shape test.

145 Can I add two wireless modules to an end device?

No, Packet Tracer currently does not support two wireless interfaces per end devices at the moment.

146 When I pasted in my commands to a router, the case is not preserved. For example, I pasted in "hostname R1" and PT changed it to "hostname r1".

Do not copy commands from a word document or PDF directly into the router. Instead, copy the commands into a notepad file first. This will remove all hidden formatting. Then copy the commands in the notepad file and paste into the router.

147 If I setup a network with two LANs, can one PC from one network ping another PC from the other network?

When you have a router with two LANs, a PC with an IP address in the first network can be pinged by a PC in the second network, despite the PC in the first network having an incorrect default gateway.).

148 I cannot find "show device dialogue taskbar" in preferences anymore. Has it been removed?

The option "show device dialogue taskbar" has been moved to the miscellaneous tab.

149 Why can't I find any routing configuration on the 3560-24PS switch when I open my file in PacketTracer6.0?

There was a bug in PacketTracer releases before 6.0 which allows the configuration of routing protocols (Rip, eigrp, ospf...) on the switch even though "ip routing" is not configured. With this fix, files created before 6.0 that contain switches will lose the entire routing protocol configuration on the switches if "ip routing" wasn't there.

150 When I setup a server with two NICs, and I setup a PPPoE dialer, the connection fails. Why is that?

For Packet Tracer purposes, servers with two NICs are designed for dual-homed configurations. PPPoE would be out of scope.

151 When I mouse over Octal cables, it doesn't show much information. Why is that?

Octal cables are for terminal server behavior, so it is not necessary to have interface async for octal cables. Instead, mouse over octal cables shows the line number instead.

152 Why does PT crash when I test activity or load an activity with 0 sets of object locations.

This can be worked around by making sure there is at least one object location set. If you created an object location set and deleted it afterwards, you should add at least one set in the list. If no object location sets were ever created, you do not need to add a set.

153 Why are IPv6 Neighbor Discovery Protocol (NDP) packets are labeled as NDP instead of ICMPv6?

Neighbor Discovery Protocol (NDP) defines five ICMPv6 packet types, however in Packet Tracer, we differentiate the ICMPv6 messages for NDP in Simulation Mode for event filtering convenience. When you view the PDU details of a packet that is labeled as NDP in Simulation Mode, the PDU details will still identify the packets as an ICMPv6 neighbor message.

154 For IPv6 addressing, why don't we get a partial credit if we enter the prefix length correctly but with a wrong IPv6 address?

The current development, if IPv6 address is wrong, but the prefix-length is right, you get no credit. If IPv6 address is right, but the prefix-length is wrong, you get a partial credit.

155 What should I expect to see on Netflow Collector GUI when it receives a flow that matches one of the flows that it has in the cache?

Netflow Collector displays the top 10 flows with the most count on the pie chart. Additional information about each flow is displayed on the window next to it. When Netflow Collect receives a flow that matches 1 of the flows in the cache, it'll increment the count of that flow without updating the existing flow with the new flow. Therefore, users will see the pie chart get updated but the flow information will remain the same.

156 Why does the alert saying "Cannot write to file" sometimes appears when I save my scripts?

The alert message comes up when there are permission problems. Try saving to a different file/location.

157 Why does the device show a default hostname in Packet Tracer 6.1 and not in previous versions?

Cisco devices does not allow hostnames with spaces. If an old Packet Tracer file contains spaces in the hostnames, Packet Tracer 6.1 will display the default hostname.

158 Why does "standby version 2" always show up in the running configuration when HSRP is configured eventhough the command was not entered?

Version 2 supports IPv6. Since we want Packet Tracer to support IPv6, version 2 is automatically added to the configuration.

159 Why does Packet Tracer fail to elect the correct root for (R)STP causing loops in the topology when a hub is in between two switches?

In topologies containing hubs, the hubs are causing collisions preventing RSTP frames reaching devices which prevents the ability to detect the loop.

 

Protocol Modeling IssuesQuestion/Problem Answer/Solution

1 For EIGRP, why are new adjacencies being formed after the "no auto" command--this does not happen on real routers?

To accurately implement the "no auto" command, when it is issued, the router needs to calculate which directly connected and learned routes are advertised to which neighbors as summary routes. The router needs to tell those neighbors those routes are down now and advertise the new non-summarized routes. The Packet Tracer model simply resets the neighbor adjacencies and consequently removes all previous routes and has to relearn them. This process does not simulate the real process of convergence but shares the same results after the convergence.

2 Why does the "no keepalive" command give me an error in some situations?

Packet Tracer only supports "no keepalive" on serial links.

3 On real devices, the link lights would still come up if there is a duplex mismatch between both sides of the Ethernet connection. Why does Packet Tracer not model this behavior?

On real devices, the link lights would come up in the case of duplex mismatch, but the error rate on the ports would go up because of mismatch. However, Packet Tracer does not model the statistics on the ports, and there is no other way to show that having mismatch duplex is a problem. So, Packet Tracer makes the link not come up to indicate the problem.

4 On real switches, if there is a native VLAN mismatch on both sides of the same trunk, CDP and STP would print out error messages. Why does Packet Tracer not model that?

In Packet Tracer, CDP prints out an error message, but STP does not.

5 I cannot disable STP on switching devices. This is a modeling decision in Packet Tracer since disabling STP may cause loops that can generate broadcast storms in the network. This can severely impact the performance of Packet Tracer.

6 On a real device, I can ping the loopback address 127.0.0.1, what about in Packet Tracer?

Packet Tracer now supports pinging loopback addresses on PCs, but not on routers and switches.

7 On a real router, I can configure an interface with a valid IP address and subnet mask even though it is a supernet (e.g., 172.24.11.1 255.254.0.0), but in Packet Tracer it says that the subnet mask is a "Bad mask."

This is no longer an issue in Packet Tracer.

8 I cannot configure an IP address on a modem interface module on the router, but there is a configuration interface in the Config tab.

Packet Tracer has a simplified model of modem interfaces and does not model all modem operations accurately.

9 If there is a DHCP request with two or more DHCP servers, and then a DHCP request fails

Packet Tracer has a simplified model of layer 1 collisions. Once a frame is sent out on an interface, and if a collision happens before the frame reaches the destination, the source

due to a possible collision when the DHCP servers try to respond simultaneously, there should be lots of traffic but there are no further events after the collision.

device would not retransmit.

10 Why doesn't STP block the ports if the native VLAN mismatches?

STP in this version of Packet Tracer does not implement this feature. However, CDP detects the error and prints out an error message. This modeling limitation is fixed in Packet Tracer.

11 On a real router, the timer is reset for OSPF and EIGRP routes after a "clear ip route *" command, but not in Packet Tracer.

This is a modeling limitation of Packet Tracer.

12 Why does the Linksys remote management override HTTP port forwarding?

The problem is that the Linksys router uses port 80 for remote management. On a real Linksys router, it uses port 80 on the LAN side and port 8080 on the Internet port. The current implementation of Packet Tracer determines whether or not to allow remote management by using an ACL on the Internet port that blocks all traffic to port 80.

The workaround is to enable remote management on the Linksys router. This allows traffic to port 80 into the device. NAT then translates to the IP address on the destination device and then sends it out to the destination device.

13 The show ip ospf neighbor command shows a priority of 1. Actual 1841 shows priority of 0.

The OSPF priority depends on the IOS version. On version 12.2, it shows 1. On version 12.3 and later, it shows 0 even if the priority is manually changed to 100. This may be a bug in the IOS and would not be modeled in this version of Packet Tracer.

14 Static routes with 255 admin distance should not be added to routing table.

This is no longer an issue in Packet Tracer.

15 Why do wireless ports always buffer the frames before sending?

This is because the wireless port is doing CSMA/CA and sends a Request To Send (RTS) before sending any data frame. It then has to receive a Clear To Send (CTS) from the destination device before sending the data frame. Packet Tracer is not showing the wireless management frames, so it would show the data frames being buffered without seeing any other frames.

16 Why are LMI statistics not updated when the link state changes?

This is no longer an issue in Packet Tracer.

17 Why can I only ping one VLAN interface on the switch when there are more than one with the status and line protocol up?

This is no longer an issue in Packet Tracer.

18 Why does OSPF not work over physical serial interface using frame relay?

OSPF over NBMA networks is not currently supported in this version. This includes physical serial interfaces and multipoint sub-interfaces. However, it works on point-to-

point sub-interfaces.

19 In Simulation Mode, routing tables are updated before the packet arrives in the simulation.

This is a modeling limitation of Packet Tracer.

20 On a router with multiple switching modules, there should be individual MAC tables for each switching module. However, "show mac-address table" shows only one MAC table.

This is a modeling limitation of Packet Tracer.

21 Why is the command "ip ospf network" not available in the loopback interface mode?

This command is only available on Serial interfaces to allow OSPF to work over Frame Relay.

22 The round trip times for pings in Multiuser networks are very long.

This is a modeling limitation of Packet Tracer. The delay can also be caused by the propagation of real TCP packets.

23 When I issue the command "debug ppp negotiate" before enabling PPP encapsulation, debug messages do not show.

This is no longer an issue in Packet Tracer.

24 On a real switch, when I create a VLAN and then assign a name to the VLAN, VTP revision number increases by 1. In Packet Tracer, the VTP revision number increases by 2.

This is a modeling limitation of Packet Tracer.

25 The EtherChannel group does not come back up after an error disable.

This is a bug in Packet Tracer and was discovered late in the testing process. It will be fixed in a future version of Packet Tracer.

26 Configuring shape in a nested policy map gives an error message.

This is no longer an issue in Packet Tracer.

27 When I enter "switchport mode trunk" on a switch without changing the encapsulation to dot1q first, the command is not rejected like on a real switch with a message saying "An interface whose trunk encapsulation is 'Auto' can not be configured to 'trunk' mode."

Packet Tracer only supports dot1q trunking encapsulation. "auto" automatically detects ISL and dot1q.

28 "show ipv6 eigrp interfaces" seems to have incorrect or static output.

This is a modeling limitation of Packet Tracer. The values in the "show ipv6 eigrp interfaces" output are hard coded.

29 Class-maps with inspect type appear to have a different subset of match sub-commands compared to real routers.

This is a modeling limitation of Packet Tracer.

30 When I configure manual EIGRP summarization, sometimes the classful mask is shown in the

This is a modeling limitation of Packet Tracer. It is recommended to just ignore the output.

routing table for a route.

31 No warning is shown when exiting the interface range mode without typing exit.

This is a modeling limitation of Packet Tracer.

32 Is the command "tunnel source [ip address]" supported?

No. This is a modeling limitation of Packet Tracer.

33 Does the command "ip mtu [value]" have a dynamic range?

No. This is a modeling limitation of Packet Tracer.

34 When I do "show vtp counter", the values for VTP pruning statistics seems to be incorrect?

VTP pruning is not supported in Packet Tracer.

35 Why can I not modify the serverPool DHCP pool on the server device?

In older versions of Packet Tracer, the server pool is automatically created. The server device only required enabling DHCP. It is still there for backwards compatibility. This is not a bug, but rather the implementation of the server which contains the server pool.

36 When I copy a "show running-config" output from Packet Tracer and paste the output into CLI, not all commands are accepted.

This is expected behavior as not all commands are supported in Packet Tracer in the "show running-config" output.

37 When I issue the command, "more flash:c2960-lanbase-mz.122-25.FX.bin", the output is different each time.

This is a modeling limitation of Packet Tracer. Packet Tracer does not store the IOS images as actual files. In the current implementation of Packet Tracer, the command outputs random data.

38 When I delete the IOS image from a router or switch and then save and reopen the file, the device boots up when it should not.

This is no longer an issue in Packet Tracer.

39 If I issue "debug ip packets" then "logging trap debug" on a router, it seems that one or the other is not issued at all.

If these two commands are applied to a router, Packet Tracer would send packets continuously and will crash eventually. Real routers behave similarly and will lock the user from entering anything as the console will be overloaded with debug messages. As a result, in Packet Tracer, only one or the other can be applied to the router to prevent such issues from arising.

40 The output in "show policy-map type inspect zone-pair sessions" seems to differ compared to real routers in regards to the type of protocol detected in the established sessions.

On a real router, the IOS image used in Packet Tracer does not display the protocol. However, the protocol was added for CCNA requirements.

41 The "show clock" output is always Mon Mar 1 1993 by default.

In the past, Cisco shipped devices with Mon Mar 1 1993 by default. However, in recent times, newer devices are shipping with the current time. Packet Tracer's implementation uses the old method of displaying the "show clock" command by default.

42 When I enter the command "no ip ips signature-category", it brings the router prompt to the IPS

This is no longer an issue in Packet Tracer.

category configuration mode.

43 Access-lists do not have ESP, AH, or ISAKMP port options available. As a result, site-to-site VPNs can be created, but are not functional if CBAC or ACLs applied.

This is a modeling limitation of Packet Tracer.

44 Static routes should be able to specify an outbound interface and next hop address.

This is a modeling limitation of Packet Tracer.

45 A carriage return is missing after removing a subinterface from a router.

This is a modeling limitation of Packet Tracer.

46 There is no error message when two connected switches have different EtherChannel modes.

This is a modeling limitation of Packet Tracer.

47 When I try to issue an SNMP request using a port other than 161, SNMP request times out.

The routers and switches also need to change to that port. However, Packet Tracer does not have the command to change the SNMP port on routers and switches. This is a modeling limitation of Packet Tracer.

48 AAA authorization commands are supported, but the functionality does not work.

AAA authorization commands are available on routers as commands only but without any functionality. This is a modeling limitation of Packet Tracer.

49 When I enter "config t" in global configuration mode, Packet Tracer returns "%Invalid hex value."

Packet Tracer is trying to issue the "config-register" command in global configuration mode. However, Packet Tracer's command parser implementation of the hex part is using WORD. This is a modeling limitation of Packet Tracer.

50 When I try to enter interface configuration mode for a non-existent interface, Packet Tracer returns a different error from a real router.

This is a modeling limitation of Packet Tracer.

51 The number of matched packets under the protocol match statement is greater than the number of matched packets for the class-map in the "show policy-map" command.

This is no longer an issue in Packet Tracer.

52 The QoS bandwidth setting does not appear to have an effect on drop rates.

The drop rates are not accurate numbers.

53 The labs in the curriculum expects more options for the "debug ip rip" command, but Packet Tracer only supports the events option.

This is a modeling limitation of Packet Tracer. We may support more options for the debug ip rip commands in a future version of Packet Tracer.

54 When I have a PC on a VPN connection, it seems that DNS packets are sending to the VPN server first and the DNS packets are not encapsulated in Simulation Mode.

This is no longer an issue in Packet Tracer.

55 An RS232 port is displayed in the physical device view of the IP Phone, but the RS232 port is not one of the available ports in the Logical Workspace.

The RS232 port displayed in the physical device view is for aesthetic purposes only.

56 Why doesn't Packet Tracer show all of the packets involved in a typical SMTP/POP transaction?

Packet Tracer is not simulating SMTP and POP to standards. It just sends a generic request one way and a reply back.

57 On a 3560 multilayer switch's interface, when its trunk encapsulation is set to "auto", it cannot be configured to "trunk" mode. The command "switchport mode trunk" is rejected. Why?

This is new corrected behavior. 3560 multilayer switches require "switchport trunk encapsulation dot1q" first before setting the interfaces to trunk mode. This new behavior may affect existing files.

Switch(config-if)#switchport trunk encapsulation dot1qSwitch(config-if)#switchport mode trunk

58 When I create a Telnet packet while another TCP connection exists, the Telnet packet that I created gets dropped.

This is the new correct TCP behavior. If the source port is already used for another connection, it will not start the TCP connection and the packet will drop.

59 When I view a TCP packet's PDU details in Simulation Mode after initiating an HTTP request, the HTTP client sets the connection state to SYN_SENT.

This is the new correct behavior. The HTTP client is making a connection and sets the new TCP connection to SYN_SENT.

60 How come phones don't register with auto-reg-ephone enabled and auto assign configured in CME?

This is a modeling limitation in Packet Tracer. Phones will register only if there is a line number available. The line number is configured using the ephone-dn command. This is unlike in real devices where phones will register without having a line number for it.

61 When I open a PC's device dialog with DHCP enabled, it keeps sending a DHCP packet.

The PC automatically sends a DHCP discover packet when opening the PC device dialog if it does not have an IP address yet.

62 Why does VoIP still work even though switchport voice vlan 1 is not configured?

On real devices, the phones go down after invoking the "no switchport voice vlan" commands, but will come up after 20 seconds, and gets registered again and will be able to make calls again. The down and then up behavior in Packet Tracer is a modeling limitation. But, after 20 seconds or so, the phones can make calls again.

63 When a call is made to a Cisco IP Communicator that is closed, is the Cisco IP Communicator supposed to open in ringing mode or connected mode?

When you close the Cisco IP Communicator, it actually minimizes and does not close completely. On real a Cisco IP Communicator, if it is ringing while minimized, opening Cisco IP Communicator will answer automatically. This is correct behavior.

64 How come PPPoE clients do not get connected in multi-server environments?

This is a modeling limitation. The workaround is to either configure all of the servers with the correct configuration so that the clients get connected to the first one it hears from or

remove all but one server that has proper configuration.

65 How come the routers in Packet Tracer do not show ppp negotiation debug messages after I turn on debug?

Packet Tracer does not support printing debug messages of all PPP negotiation packets.

The "debug ppp *" command is only supported on serial interfaces.

66 I have "debug ppp authentication" enabled on a PPPoE server. When a PPPoE client is getting connected to the PPPoE server, it does not show any debug messages on the server.

This is a modeling limitation. The "debug ppp authentication" command is only supported on serial interfaces.

67 Why are log messages for IP phone registrations different than real devices?

This is a modeling limitation. Packet Tracer does not simulate all the SCCP messages for registrations like in real devices.

68 I created an access-list that denies FTP data transfers on port 20, but data transfers are still successful.

This is a modeling limitation. The FTP operation currently supported in Packet Tracer is passive mode. In passive mode of operation, the FTP server opens a random data port and sends it to the client in order for it to connect to it and start the data transfer. The data ports the FTP server listens are greater than port 1023 and not port 20. Port 20 will be relevant when active mode of FTP operation is supported in Packet Tracer.

69 When I delete a wireless client from the workspace, the Linksys router's DHCP client table doesn't refresh when I click on the refresh button.

This is correct behavior because the Linksys router did not receive a DHCP release from the client to release the lease.

70 The MAC address column in the Linksys router's DHCP Client Table is labeled as 00:00:00:00:00:00.

This is a modeling limitation.

71 The Expires Times field in the DHCP Client Table is always empty.

This is a modeling limitation. This version of Packet Tracer does not support client expire time.

72 What's the purpose of the TFTP Server field in the DHCP service on the server device?

The TFTP server field in the DHCP server is there for assigning IP addresses with the TFTP option, so that the DHCP server and the CME router can be two different devices.

73 Why do PCs sometimes get default gateway from DHCP, but sometimes not?

DHCP is on by default on server devices (for backwards compatibility). That means if there is another device (router or another server) in the same LAN serving DHCP, sometimes the router replies faster and sometimes the server replies faster. Since the server device does not have the default gateway configured in the DHCP pool by default, so sometimes PCs do not get gateway.

74 When I use the "no redistribute connected metric 1000000" command, it removes the entire "redistribute" command.

This is a modeling limitation. In Packet Tracer, "no redistribute" with any arguments will remove the whole command. If you want the command "redistribute" command back, you need to enter the command again.

75 Shaping stats are not shown all for nested policy Nested policy maps show shaping stats (packet/byte counts) and shaping flag (yes/no) for

maps. outer policy map, but not for inner policy map.

76 When I configure a destination-pattern of "10.." with two dots for one dial-peer and a destination-pattern "10." with only a single dot for a second dial-peer, only numbers such as "1022" can be dialed.

This is a modeling limitation. In Packet Tracer, the only destination-pattern ".." is supported.

77 Why does Packet Tracer slow down for long periods when running BGP?

BGP is a complex protocol, and when there are many BGP routes, the CPU can be overloaded due to network traffic calculations. Reduce the amount of BGP routes or routers to lower the CPU usage. In a Multiuser environment with many BGP routes, use a single Packet Tracer instance with a single BGP router per instance.

78 Why does the command show ip bgp give a different output than what I see on a real router?

The BGP table is populated based upon received data and in the order received. Each time BGP is started, the time to establish an adjacency differs slightly and therefore adjacencies can happen in a different order. As a result, the table is populated in a different order and the information contained will be different because the known topology of the network at the time of information exchange is different.

79 RIPv2 poison and poison-reverse do not work. This is a modeling limitation. This version of Packet Tracer does not support RIPv2 poison and poison-reverse.

80 Why do some wireless devices not get connected to the access point?

If the network or the same physical location has more than 25 wireless devices, it is hitting our simulation modeling limitation and PT is not able to connect any more wireless devices simultaneously. The workaround is to either move some devices to other locations or manually make the association in the device dialog.

81 Duplicate IPv6 addresses are not detected. This is a modeling limitation. Packet Tracer does not currently support Duplicate Address Detection (DAD) for IPv6.

82 Why does an IPv6 device not be able to ping another anycast address when the old anycast address device is disconnected?

Packet Tracer does not currently implement staling of neighbor devices. Use "clear ipv6 neighbors" to remove the old neighbor and ping again.

83 The network mask of the route does not get updated after applying "ipv6 ospf network broadcast" or "ipv6 ospf network point-to-point" in the interface.

This is a modeling limitation. The workaround is to save the file and reopen it.

84 The command "show ipv6 ospf neighbor detail" shows some missing output such as the Option detail and link local address.

This is a modeling limitation.

85 It appears that loading IOS IPS signature package is not required when configuring IPS.

This is a modeling limitation.

86 When I enter the command "show ipv6 dhcp pool" on a DHCP server, the value for active clients value is 0.

This is a modeling limitation.

87 There was no application layer information in the PDU details when simulating SSH traffic. Layers 1, 2, 3 and 4 are reflected in the PDU details, but the application layer traffic isn't reflected.

This is a modeling limitation.

88 When I enter the command "show ipv6 dhcp interface", the value for when the renewal will be sent is always 0d0h.

This is a modeling limitation.

89 There is no support for the command "ip default-router" on the Cisco Catalyst 3560-24PS multilayer switch.

This is a modeling limitation. The workaround is to change the multilayer switch to a layer 3 switch by entering "ip routing" and configuring a static default route.

90 When I shutdown an interface on a router configured on a RIP network, the routing table shows that the network is possibly down and the RIP timers are started. However, on real routers, the network is immediately withdrawn from the routing table and the RIP timers are not started.

This is a bug that will be fixed in a future version of Packet Tracer.

91 Can't I enter the command "no router ospf " within the command mode for "router ospf "?

No, due to model limitation, that command is not available.

92 When entering acl statements without specifying the sequence number, why does the "show access-list" command show the acl statements in a different order from the order shown on Cisco router?

This is a modeling limitation.

93 Why can't key chains be entered consecutively without exiting to normal config mode first?

This is a modeling limitation.

94 Why doesn't the show running-config output show async interfaces when HWIC-8A modules are used?

This is a modeling limitation. HWIC-8A was added for console servers which do not require async interface support.

95 In Simulation mode, why are there scenarios where a packet is still able to cross a link that is connected to a port that has been recently shutdown?

This is a modeling limitation. The code can't be set to clear out the event list after a port has been shutdown because it might cause the network to miss routing packets that were already sent out. So, depending on when the port was shutdown, packets may still be able to cross the link because there are instances that the event for that certain PDU has already been added to the eventlist before the port was shutdown.

System Requirements

Minimum 

CPU: Intel Pentium 4, 2.53 GHz or equivalent OS: Microsoft Windows XP, Microsoft Windows 7, Microsoft Windows 8, Microsoft Windows 8.1 or Ubuntu 12.04 LTS RAM: 512 MB Free Storage: 280 MB of free disk space (No tutorials) Display resolution: 800 x 600 Adobe Flash Player Language fonts supporting Unicode encoding (if viewing in languages other than English) Latest video card drivers and operating system updates

Recommended 

CPU: Intel Pentium 4, 3.0 GHz or better RAM: 1 GB or more Storage: 315 MB of free disk space Display resolution: 1024 x 768 Sound card and speakers Internet connectivity (if using the Multiuser feature)

Packet Tracer does not limit the amount of memory that is used to create and configure devices. So if a user, or more importantly an author, creates complex PKA and PKT files using large networks with complex protocols running may require up to 1 gigabyte or more of memory to run effectively. If you are creating activities for PT, please be careful of creating issues like STP loops as they might greatly increase memory requirements. By creating files like this, you may cause Packet Tracer to operate unreliably or even crash.