Step 1
|
enable
|
Enables privileged EXEC mode.
|
Step 2
|
configure terminal
Device# configure terminal
|
Enters global configuration mode.
|
Step 3
|
class-map type inspect match-any
class-map-name
Device(config)# class-map type inspect match-any in2out-class
|
Creates an inspect type class map and enters QoS class-map configuration mode.
|
Step 4
|
match protocol
protocol-name
Device(config-cmap)# match protocol ftp
|
Configures a match criteria for a class map on the basis of the named protocol.
|
Step 5
|
exit
Device(config-cmap)# exit
|
Exits QoS class-map configuration mode and enters global configuration mode.
|
Step 6
|
policy-map type inspect
policy-map-name
Device(config)# policy-map type inspect in-to-out
|
Creates an inspect type policy map and enters QoS policy-map configuration mode.
|
Step 7
|
class type inspect
class-map-name
Device(config-pmap)# class type inspect in2out-class
|
Specifies the class on which an action is performed and enters QoS policy-map class configuration mode.
|
Step 8
|
inspect
Device(config-pmap-c)# inspect
|
Enables stateful packet inspection.
|
Step 9
|
exit
Device(config-pmap-c)# exit
|
Exits QoS policy-map class configuration mode and enters QoS policy-map configuration mode.
|
Step 10
|
class class-default
Device(config-pmap)# class class-default
|
Applies the policy map settings to the predefined default class and enters QoS policy-map class configuration mode.
|
Step 11
|
exit
Device(config-pmap-c)# exit
|
Exits QoS policy-map class configuration mode and enters QoS policy-map configuration mode.
|
Step 12
|
exit
Device(config-pmap)# exit
|
Exits QoS policy-map configuration mode and enters global configuration mode.
|
Step 13
|
zone security
zone-name
Device(config)# zone security inside
|
Creates a security zone to which interfaces can be assigned and enters security zone configuration mode.
-
Your configuration must have two security zones to create a zone pair: a source and a destination zone.
-
In a zone pair, you can use the default zone as either the source or the destination zone.
|
Step 14
|
exit
Device(config-sec-zone)# exit
|
Exits security zone configuration mode and enters global configuration mode.
|
Step 15
|
zone-pair security
zone-pair
source
source-zone
destination
destination-zone
Device(config)# zone-pair security in2out source inside destination outside
|
Creates a pair of security zones and enters security zone-pair configuration mode.
|
Step 16
|
service-policy type inspect
policy-map-name
Device(config-sec-zone-pair)# service-policy type inspect in-to-out
|
Attaches a firewall policy map to the destination zone pair.
|
Step 17
|
exit
Device(config-sec-zone-pair)# exit
|
Exits security zone-pair configuration mode and enters global configuration mode.
|
Step 18
|
interface
type number
Device(config)# interface gigabitethernet 0/0/1
|
Configures an interface and enters interface configuration mode.
|
Step 19
|
no ip address
Device(config-if)# no ip address
|
Removes an IP address or disables IP processing.
|
Step 20
|
ip virtual-reassembly
Device(config-if)# ip virtual-reassembly
|
Enables virtual fragmentation reassembly (VFR) on an interface.
|
Step 21
|
zone-member security
zone-name
Device(config-if)# zone-member security inside
|
Assigns an interface to a specified security zone.
-
When you make an interface a member of a security zone, all traffic into and out of that interface (except traffic bound for
the device or initiated by the device) is dropped by default. To let traffic through the interface, you must make the zone
part of a zone pair to which you apply a policy. If the policy permits traffic, traffic can flow through that interface.
|
Step 22
|
negotiation auto
Device(config-if)# negotiation auto
|
Enables the autonegotiation protocol to configure the speed, duplex, and automatic flow control of the Gigabit Ethernet interface.
|
Step 23
|
ipv6 address
ipv6-address/prefix-length
Device(config-if)# ipv6 address 2001:DB8:1::1/96
|
Configures an IPv6 address based on an IPv6 general prefix and enables IPv6 processing on an interface.
|
Step 24
|
cdp enable
Device(config-if)# cdp enable
|
Enables Cisco Discovery Protocol on an interface.
|
Step 25
|
exit
|
Exits interface configuration mode and enters global configuration mode.
|
Step 26
|
ipv6 route
ipv6-prefix/prefix-length interface-type interface-number
Device(config)# ipv6 route 2001::/96 gigabitethernet 0/0/1
|
Establishes static IPv6 routes.
|
Step 27
|
ipv6 neighbor
ipv6-address interface-type interface-number hardware-address
Device(config)# ipv6 neighbor 2001:DB8:1::1 gigabitethernet 0/0/1 0000.29f1.4841
|
Configures a static entry in the IPv6 neighbor discovery cache.
|
Step 28
|
end
|
Exits global configuration mode and enters privileged EXEC mode.
|