Step 1 |
enable
Example:
|
Enables privileged EXEC mode.
|
Step 2 |
configure terminal
Example:
Device# configure terminal
|
Enters global configuration mode.
|
Step 3 |
class-map type inspect match-any
class-map-name
Example:
Device(config)# class-map type inspect match-any in2out-class
|
Creates an inspect type class map and enters QoS class-map configuration mode.
|
Step 4 |
match protocol
protocol-name
Example:
Device(config-cmap)# match protocol ftp
|
Configures a match criteria for a class map on the basis of the named protocol.
|
Step 5 |
exit
Example:
Device(config-cmap)# exit
|
Exits QoS class-map configuration mode and enters global configuration mode.
|
Step 6 |
policy-map type inspect
policy-map-name
Example:
Device(config)# policy-map type inspect in-to-out
|
Creates an inspect type policy map and enters QoS policy-map configuration mode.
|
Step 7 |
class type inspect
class-map-name
Example:
Device(config-pmap)# class type inspect in2out-class
|
Specifies the class on which an action is performed and enters QoS policy-map class configuration mode.
|
Step 8 |
inspect
Example:
Device(config-pmap-c)# inspect
|
Enables stateful packet inspection.
|
Step 9 |
exit
Example:
Device(config-pmap-c)# exit
|
Exits QoS policy-map class configuration mode and enters QoS policy-map configuration mode.
|
Step 10 |
class class-default
Example:
Device(config-pmap)# class class-default
|
Applies the policy map settings to the predefined default class and enters QoS policy-map class configuration mode.
|
Step 11 |
exit
Example:
Device(config-pmap-c)# exit
|
Exits QoS policy-map class configuration mode and enters QoS policy-map configuration mode.
|
Step 12 |
exit
Example:
Device(config-pmap)# exit
|
Exits QoS policy-map configuration mode and enters global configuration mode.
|
Step 13 |
zone security
zone-name
Example:
Device(config)# zone security inside
|
Creates a security zone to which interfaces can be assigned and enters security zone configuration mode.
-
Your configuration must have two security zones to create a zone pair: a source and a destination zone.
In a zone pair, you can use the default zone as either the source or the destination zone.
|
Step 14 |
exit
Example:
Device(config-sec-zone)# exit
|
Exits security zone configuration mode and enters global configuration mode.
|
Step 15 |
zone-pair security
zone-pair
source
source-zone
destination
destination-zone
Example:
Device(config)# zone-pair security in2out source inside destination outside
|
Creates a pair of security zones and enters security zone-pair configuration mode.
|
Step 16 |
service-policy type inspect
policy-map-name
Example:
Device(config-sec-zone-pair)# service-policy type inspect in-to-out
|
Attaches a firewall policy map to the destination zone pair.
|
Step 17 |
exit
Example:
Device(config-sec-zone-pair)# exit
|
Exits security zone-pair configuration mode and enters global configuration mode.
|
Step 18 |
interface
type number
Example:
Device(config)# interface gigabitethernet 0/0/1
|
Configures an interface and enters interface configuration mode.
|
Step 19 |
no ip address
Example:
Device(config-if)# no ip address
|
Removes an IP address or disables IP processing.
|
Step 20 |
ip virtual-reassembly
Example:
Device(config-if)# ip virtual-reassembly
|
Enables virtual fragmentation reassembly (VFR) on an interface.
|
Step 21 |
zone-member security
zone-name
Example:
Device(config-if)# zone-member security inside
|
Assigns an interface to a specified security zone.
-
When you make an interface a member of a security zone, all traffic into and out of that interface (except traffic bound for the device or initiated by the device) is dropped by default. To let traffic through the interface, you must make the zone part of a zone pair to which you apply a policy. If the policy permits traffic, traffic can flow through that interface.
|
Step 22 |
negotiation auto
Example:
Device(config-if)# negotiation auto
|
Enables the autonegotiation protocol to configure the speed, duplex, and automatic flow control of the Gigabit Ethernet interface.
|
Step 23 |
ipv6 address
ipv6-address/prefix-length
Example:
Device(config-if)# ipv6 address 2001:DB8:1::1/96
|
Configures an IPv6 address based on an IPv6 general prefix and enables IPv6 processing on an interface.
|
Step 24 |
cdp enable
Example:
Device(config-if)# cdp enable
|
Enables Cisco Discovery Protocol on an interface.
|
Step 25 |
exit
Example:
|
Exits interface configuration mode and enters global configuration mode.
|
Step 26 |
ipv6 route
ipv6-prefix/prefix-length interface-type interface-number
Example:
Device(config)# ipv6 route 2001::/96 gigabitethernet 0/0/1
|
Establishes static IPv6 routes.
|
Step 27 |
ipv6 neighbor
ipv6-address interface-type interface-number hardware-address
Example:
Device(config)# ipv6 neighbor 2001:DB8:1::1 gigabitethernet 0/0/1 0000.29f1.4841
|
Configures a static entry in the IPv6 neighbor discovery cache.
|
Step 28 |
end
Example:
|
Exits global configuration mode and enters privileged EXEC mode.
|