Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Packet Tracer guide from the FCI 2020/2021 course at Politecnico di Milano

Packet Tracer

Privilege Hierarchy

  • User Exec Mode: basic commands and system information
    • show <?>: Obtain information
      • cdp: CDP information
      • clock: Display the system clock
      • controllers: Interface controllers status
      • frame-relay: Frame Relay information
      • history: Display the session command history
      • interfaces: Interface status and configuration
      • ip: IP information
        • route: Show routing table
        • route rip: Show routing table entries created by RIP
        • protocols: Show active IP protocols
        • rip database: Show information gathered by RIP
      • version: System hardware and software
    • ping <IP address>: Ping an IP
    • traceroute <IP address>: Show the traceroute to an IP
  • Privileged Exec Mode: detailed system information, toggle debug mode, save and restore system configuration
    • show <?>: Obtain information
      • (Every command available in User Exec Mode)
      • access-list: List access lists
      • arp: ARP table
      • running-config: Current operating configuration
      • startup-config: Contents of startup configuration
      • copy <source> <destination>: Copy configurations
    • clear mac-address-table dynamic: Erases the FDB of a switch
  • Global Configuration Mode: configure system's global settings
    • hostname: Change hostname
    • banner: Change the banner information
      • motd: Change message of the day
    • enable secret: Add a login password
    • no enable secret: Disable the login password
    • interface: Change interface configuration
    • line console: Change console line configuration
    • line vty: Change virtual terminal configuration
    • ip route <destination IP> <destination netmask> <next hop/interface>: Add a static route
    • no ip route <destination IP> <destination netmask> <next hop/interface>: Remove a static route
    • router rip: Enter RIP configuration
      • version <number>: Select RIP version
      • network <IP address>: Add a network to enable RIP on
      • debug ip rip: Enable RIP debug mode
      • no debug ip rip: Disable RIP debug mode
      • passive-interface <interface> <slot>: Renders an interface passive, which makes it so that it doesn't advertise networks
    • access-list <list number> permit <network address> <network wildcard>: Create a permitted NAT addresses list
    • ip nat inside source list <list number> interface <outside interface> overload: Translates the source IP address that goes outside and the destination IP address that goes inside
    • ip nat outside source list <list number> interface <outside interface> overload: Translates the source IP address that goes inside and the destination IP address that goes outside
    • ip nat inside source static <protocol> <IP inside> <Port inside> <IP outside> <Port outside>: Adds a static NAT configuration (port forwarding)
    • ip dhcp pool <pool name>: Creates a DHCP address pool
      • default-router <IP address>: Assigns the default router for the selected pool
      • network <network address> <network netmask>: Defines the addresses that will be assigned
    • ip dhcp excluded-address <IP address>: Excludes the IP address from a pool
  • Specific Configuration Mode: specifically configure an interface or a service on the router
    • shutdown: Disable an interface
    • no shutdown: Enable an interface
    • ip address: Select the interface's IP address and netmask
    • description: Add a description to the interface
    • password: Add a password to access a line
    • login: Force login for a line
    • ip nat inside: Mark interface as a private network interface
    • ip nat outside: Mark interface as a public network interface

Create a Port Forwarding

Note: the IPs, port numbers and interface identifiers used are generic. Use the ones that you need.

  1. Identify NAT zones

    You can do this through the ip nat inside command for private networks and through the ip nat outside command for public networks.

  2. Add an access-list as the outgoing NAT source

    To do this, the NAT that connects the private network to the public network needs to allow forwarding to the public network. This is achieved through the commands:

    access-list 1 permit
    ip nat inside source list 1 interface fastethernet 0/1 overload
  3. Create the port forwarding

    You can now create a static route in the router through the command:

    ip nat inside source static tcp 80 8888
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment