Packet Tracer Help

Using the Help Files
The help files are designed to familiarize users with the Cisco Packet Tracer interface, functions, and features. Although the help files may be used as
a reference guide, the pages are meant to be read in order (especially the sections presented at the beginning). Annotated screenshots are used to aid
your understanding. Important notes or tips are presented in tip boxes like the following:
If you are a first-time user, please read the help files in order.
Introduction
Welcome to Cisco Packet Tracer.
Packet Tracer is a medium fidelity, network-capable, simulation-based learning environment for networking novices to design, configure, and
troubleshoot computer networks at a CCNA-level of complexity. Packet Tracer is an integrated simulation, visualization, collaboration, and
assessment environment. Packet Tracer supports student and instructor creation of simulations, visualizations, and animations of networking
phenomena. Like any simulation, Packet Tracer relies on a simplified model of networking devices and protocols. Real computer networks,
experienced both in-person/hands-on and remotely, remain the benchmark for understanding network behavior and developing networking skills.
Packet Tracer was created to help address the Digital Divide in networking education, where many students and teachers lack access to equipment,
bandwidth, and interactive modes of learning networking. We invite you to use the help files and tutorials to learn about the major features of the
program, which include the items in the following table.
Item
Protocols
Logical Workspace
Physical Workspace
Description
LAN: Ethernet (including CSMA/CD*), 802.11 a/b/g/n wireless*, PPPOE
Switching: VLANs, 802.1q, trunking, VTP, DTP, STP*, RSTP*, multilayer switching*, Etherchannel, LACP, PAgP,
IP CEF
TCP/IP: HTTP, HTTPS, DHCP, DHCPv6, Telnet, SSH, TFTP, DNS, TCP*, UDP, IPv4*, IPv6*, ICMP, ICMPv6,
ARP, IPv6 ND, FTP, SMTP, POP3, VOIP(H.323)
Routing: static, default, RIPv1, RIPv2, EIGRP, single-area OSPF, multi-area OSPF, BGP, inter-VLAN routing,
redistribution
Other: ACLs (standard, extended, and named), CDP, NAT (static, dynamic, inside/outside, and overload), NATv6,
Netflow
WAN: HDLC, SLARP, PPP*, and Frame Relay*
Security: IPsec, GRE, ISAKMP, NTP, AAA, RADIUS, TACACS, SNMP, SSH, SYSLOG, CBAC, Zone-based
policy firewall, IPS
QoS: Layer 2 QoS, Layer 3 Diffserv QoS, FIFO Hardware queues, Priority Queuing, Custom Queuing, Weighted
Fair Queuing, MQC, NBAR*
* indicates substantial modeling limitations imposed
Network topology creation
Devices: generic, real, and modular with customizable images
Routers, switches, hosts (Server, Desktop and Laptop), hubs, bridges, wireless access points, wireless routers,
clouds, ASA, and DSL/cable modems
Device interconnection through a variety of networking media
Multiuser remote networks
Hierarchy of device, wiring closet, building, city, and intercity views
Structured cabling: create BendPoints and GroupPoints in cables and color code cables
Ethernet cable length display and length limitation connectivity enforcement
Images for devices now customizable and scalable

Loading and scaling of user-created graphics
Wireless association management
Realtime Mode
Realtime protocol updates
Medium-fidelity Cisco IOS CLI configuration of routers and switches
Menu based configuration of DHCP, DNS, HTTP, TFTP, Syslog, AAA, and NTP servers
Simulation Mode
Packet animation
Global event list (packet sniffer)
OSI Model, Detailed PDU, and Device Table Views
User-defined multiple packet scenarios
Local Authoring and Sharing Extensive file-saving options
Multi-level Activity Wizard for authoring automatically scored practice activities and formative assessment
Challenge Mode allowing users to make device algorithm decisions on packets
Easily translated GUI
Extensive textual and graphical annotation features
External Applications (ExApps) through Inter-Process Communication (IPC)
What's New
Users of previous versions of Packet Tracer will note a variety of new features in this version of Packet Tracer.
Protocol Improvements
Packet Tracer now models these new or improved features:
Netflow
Zone-Based Policy Firewall for IPv6
AAA Accounting Commands
IPv6 CEF
IPv6 IPSEC
IPv6 over IPv4 GRE Tunnel Protection
Etherchannel Expansion (Layer 3)
IOS 15 [15.0.2-SE4(ED)] image support for 2960
OSPF - OSPFv3 Enhancements

o
OSPF distance command
"ipv6 ospf neighbor [ipv6-add]" interface subcommand
"neighbor router-id" command
"area [area] range" command
ip ospf network point-to-point (loopback interface only)
"auto-cost reference-bandwidth"
EIGRP - EIGRPv6 Enhancements

o
EIGRP distance command
"debug ip eigrp summary" commands
EIGRPv6 across FR
EIGRP authentication commands
RIP - RIPng Enhancements

o
default-information originate for RIPng
RIP distance command update
DHCP Enhancements
o
DHCP for IPv6
show and clear ip dhcp conflict
DHCP snooping commands
IPv4 Automatic Private IP Addressing (APIPA)
ipv6config /renew and /release on PC
DHCPv6 commands for IOS 15
NDv6
Show Commands
o
show ip route
show ip/ipv6 route summary
General Improvements
Converted Qt3 code to Qt4.82
Supports Windows 8 and Windows 8.1. Stopped support for Windows Vista.
Activity Wizard
o
Scripts - Text popup on topology
Scripts - Supported in instruction window
Add variable manager import / export
Explanation of answer tree nodes names
Add show variables to pools and variables page
Simulation Mode
o
Filter based on IPv4 and IPv6 traffic
Update PDU index in the PDU Window
Expanded buffer for PDUs.
New Devices
Security
ASA 5505
Uses for Packet Tracer

For Students
Welcome to the world of computer networking. Packet Tracer can be a fun, take-home, flexible piece of software to help with your CCNA studies,
allowing you to experiment with network behavior, build models, and ask "what if" questions. We hope that Packet Tracer will be useful to you
whatever your goals are in networking, be they further education, certification, employment, or personal fulfillment. We want to emphasize how
important it is for you to also gain in-person, hands-on experience with real equipment as part of preparing to join the community of networking
professionals.
For Instructors
Packet Tracer is a simulation, visualization, collaboration, and assessment tool for teaching networking. Packet Tracer allows students to construct
their own model or virtual networks, obtain access to important graphical representations of those networks, animate those networks by adding their
own data packets, ask questions about those networks, and finally annotate and save their creations. The term "packet tracing" describes an animated
movie mode where the learner can step through simulated networking events, one at a time, to investigate the microgenesis of complex networking
phenomena normally occurring at rates in the thousands and millions of events per second.
A typical instructional event might begin with an instructor posing a networking problem to the student. Students can use Packet Tracer to drag and
drop networking devices (nodes) such as routers, switches, and workstations into logical topology space (the Logical Workspace). They can then
specify the types of interconnections between these devices (links) and configure the devices they created. Once they have designed and configured a
network of nodes and links, they can then launch sample data packets into the network, either in real time, or in a user-controlled simulation mode.
The packets are displayed graphically. The student can step the packet through the network, examining the processing decisions made by networking
devices as they switch and route the packet to its destination. The networks, packet scenarios, and resulting animations can be annotated, saved, and
shared. Many important networking domain knowledge representations are available for the student to pursue various modes of inquiry. Of particular
interest to instructors may be the Activity Wizard, which allows the authoring of answer networks to which students can compare their progress. Also
of possible interest to instructors are Packet Tracer's multi-user feature, whereby different instances of Packet Tracer can be used to create a "virtual
Internet" on a real network.
Packet Tracer is based on three learning principles: learning is active, learning is social, and learning is contextual. Hence, it is meant to facilitate the
creation of engaging, collaborative, and localized instructional materials. Packet Tracer may be used in a variety of ways:
Group work
Class work, Homework, and Distance Learning
Formative assessment
Hands-on lab reinforcement
Lecture demonstrations
Modeling and visualization of networking device algorithms and networking protocols
Case studies
Multi-user cooperative and competitive activities
Competitions
Problem-solving activities in concept-building, skill-building, design, and troubleshooting
Four problem types are well-supported by Packet Tracer:
Concept-builders (model-building inquiries leading to student-created explications and animations of networking concepts)
Skill-builders (algorithmic problem solving in support of the development of networking procedural knowledge)
Design challenges (constraint-based problems with multiple correct solutions)
Troubleshooting challenges (diagnosing, isolating, and fixing the simulated network from a previously bugged network file)
Packet Tracer allows activity authoring for approximately 80% of the topics and skills required for CCNA Certification, and has relevance to CCNASecurity, CCNP, IT Essentials, and general TCP/IP courses as well. Although the program includes some sample activities, we strongly encourage
you to share activities that you create with others in the CCNA teaching and learning community. In addition, integrated into the Discovery and
Exploration courses are hundreds of already-written Packet Tracer activities.
Getting Started
The best place to get started is to review the help files. The help files contain comprehensive documentation on almost all the features in Packet
Tracer, complete with descriptive text, screenshots, and animated tutorial guides. You may start using the application and come back to the help files
when you have a question. Or you may take a look at "My First PT Lab" which will guide you step by step through some basic features of Packet
Tracer.
Interface Overview
When you open Packet Tracer, by default you will be presented with the following interface:
This initial interface contains ten components. If you are unsure of what a particular interface item does, move your mouse over the item and a help
balloon will explain the item.
1
Menu Bar
This bar provides the File, Edit, Options, View, Tools, Extensions, and Help menus. You will find basic commands
such as Open, Save, Save as Pkz, Print, and Preferences in these menus. You will also be able to access the
Activity Wizard from the Extensions menu.
2 Main Tool Bar
This bar provides shortcut icons to the File and Edit menu commands. This bar also provides buttons for Copy,
Paste, Undo, Redo, Zoom, the Drawing Palette, and the Custom Devices Dialog. On the right, you will also find
the Network Information button, which you can use to enter a description for the current network (or any text you
wish to include).
3 Common Tools Bar
This bar provides access to these commonly used workspace tools: Select, Move Layout, Place Note, Delete,
Inspect, Resize Shape, Add Simple PDU, and Add Complex PDU. See "Workspace Basics" for more information.
4 Logical/Physical
You can toggle between the Physical Workspace and the Logical Workspace with the tabs on this bar. In Logical
Workspace and
Workspace, this bar also allows you to go back to a previous level in a cluster, create a New Cluster, Move Object,
Navigation Bar
Set Tiled Background, and Viewport. In Physical Workspace, this bar allows you to navigate through physical
locations, create a New City, create a New Building, create a New Closet, Move Object, apply a Grid to the
background, Set Background, and go to the Working Closet.
5 Workspace
This area is where you will create your network, watch simulations, and view many kinds of information and
statistics.
6 Realtime/Simulation Bar You can toggle between Realtime Mode and Simulation Mode with the tabs on this bar. This bar also provides
buttons to Power Cycle Devices and Fast Forward Time as well as the Play Control buttons and the Event List
toggle button in Simulation Mode. Also, it contains a clock that displays the relative Time in Realtime Mode and
Simulation Mode.
7 Network Component Box This box is where you choose devices and connections to put into the workspace. It contains the Device-Type
Selection Box and the Device-Specific Selection Box.
8 Device-Type Selection
This box contains the type of devices and connections available in Packet Tracer. The Device-Specific Selection
Box
Box will change depending on which type of device you choose.
9 Device-Specific Selection This box is where you choose specifically which devices you want to put in your network and which connections to
Box
make.
10 User Created Packet
This window manages the packets you put in the network during simulation scenarios. See the "Simulation Mode"
Window*
section for more details.
* You can freely resize the User Created Packet Window (UCPW) by placing the
cursor near the left edge of the window (it will turn into a "resize" cursor) and then drag
the cursor left or right. You can hide the window from view by dragging the edge all the
way to the right. When the UCPW is hidden, you can bring it back by placing the cursor
on the edge (notice when the resize cursor appears) and then dragging the edge back.
Workspaces and Modes

Packet Tracer has two workspaces (Logical and Physical) and two modes (Realtime and Simulation). Upon startup, you are in the Logical Workspace
in Realtime Mode. You can build your network and see it run in real time in this configuration. You can switch to Simulation Mode to run controlled
networking scenarios. You can also switch to the Physical Workspace to arrange the physical aspects (such as the location) of your devices. Note that
you view a simulation while you are in the Physical Workspace. You should return to the Logical Workspace after you are done in the Physical
Workspace.
Setting Preferences
You can customize your Packet Tracer experience by setting your own preferences. From the Menu Bar, select Options > Preferences (or simply
press Ctrl + R) to view the program settings.
Under the Interface panel, you can toggle the Animation, Sound, and Show Link Lights settings to suit the performance of your system and your
preferences. You can also manage information clutter with the Show Device Labels, Always Show Port Labels, and Show Port Labels When
Mouse Over settings. Also, you can also toggle Show QoS Stamps on Packets shown in Simulation Mode and Enable Cable Length Effects. The
Enable Auto Cable option allows you to toggle the Automatic Connection when connecting devices. The Show Device Dialog Taskbar option
allows you to toggle the taskbar that is displayed at the bottom of the workspace which organizes currently opened device dialogs. The Logging
feature allows the program to capture all Cisco IOS commands that you enter and export them to a text file (refer to the "Configuring Devices" page
for more information). The Simulation - Buffer Full Action feature allows you to set the preferred action that Packet Tracer will perform. You can
set the action to Prompt if you want to be prompted when the Simulation buffer is full. At the prompt, you can either Clear Event List or View
Previous Events. Alternatively, you can set the action to either Auto Clear Event List to allow Packet Tracer to automatically clear the Event List
when the buffer is full or you can set the action to Auto View Previous Events to automatically view the previous events. The Enable Screen
Reader Support accessibility feature reads out all the titles and descriptions of the visible window that has the focus. Lastly, you can also change the
base language of the program by choosing from the Languages list and then pressing the Change Language button.
Under the Administrative panel, you can disable access to a particular interface such as the Interface tab and the Multiuser menu using the
Interface Locking feature. In order settings and configurations to apply globally for every user on the machine, you need to click on the Write
button to save the PT.conf file to the Packet Tracer installation folder. Optionally, you may change the User Folder to a different location which is
where your own settings, configurations, save files, and device templates are stored. Additionally, you can set a Password to prevent others from
tampering with these preferences. Note that the password is case-sensitive.
Under the Hide panel, you can choose to hide or show the Physical, Config, CLI, Desktop, GUI, HTML GUI, and HTML tabs in the device edit
dialog.
Under the Font panel, you can select different fonts and font sizes for the Dialogs, Workspace/Activity Wizard, and the General Interface Under
the Colors category, you can change the font color of the Router IOS Text, Router IOS Background, PC Console Text, and PC Console
Background.
Setting a User Profile

You can set your user profile for activity assessment and Multiuser identification. From the Menu Bar, select Options > User Profile to view the
User Profile dialog. In the User Profile dialog, you can enter your Name, E-Mail, and any Additional Info about yourself that you may want to
share.
Algorithm Settings
The Algorithms Settings dialog allows the user to make configurations that are otherwise not available in IOS. It also allows tweaking of algorithm
settings to make visualization of certain algorithm/protocol behaviors more easily viewable.
CBAC Half-Open Session Multiplier: If the number of half-open CBAC sessions multiplied by this number exceeds the configured max half-open
session count, new sessions would not be opened.
TCP Maximum Number of Connections: If the number of connections in SYN-RECEIVED state exceeds this number, any new connections would
be rejected.
TCP Maximum Number of Opened Sessions: If the number of connections exceeds this number, any new connections would be rejected.
TCP Maximum Retransmission Timeout in Milliseconds : If a TCP connection does not receive an acknowledgement to a segment it transmitted in
this number, it would retransmit the segment.
Switching Storm Control Multiplier: If the bandwidth percentage of broadcast frames used multiplied by this number exceeds the configured
threshold, the broadcast frame would be dropped.
Saving a PKZ
Packet Tracer allows you to save your topology (PKT) as well as any custom device icons and backgrounds that you applied to on the Logical
Workspace and Physical Workspace to a save file called a PKZ. A PKZ is able to retain any external files you add in a single save file, which allows
for portability and compactness from computer to computer. To create a PKZ, go to File > Save as Pkz. Enter a file name for the PKZ and click on
Save. In the Pkz Select Files dialog, you will be able to add and remove files that you want to save along with PKT. To add a file, click on the Add
button and browse to the file you want to add then click Open. To remove a file, select the file from the list then click Remove. Once you are done
adding and removing files, click OK to create the PKZ file.
Be sure to add all custom device image icons and custom backgrounds.
My First Packet Tracer Lab

Introduction
Welcome to Packet Tracer. Research has shown that users who master a few basic tasks when first starting to use Packet Tracer get much more out of
the software. This lab is designed to familiarize a user with Packet Tracer's features. This activity should take approximately 30 minutes to complete.
Use these directions to go through the lab yourself, or view the animated tutorial version of the lab.
Lab Objectives
I.
II.
III.
IV.
Viewing Help and Tutorials

Creating Your First Network
Sending Simple Test Messages in Realtime Mode
Establishing a Web Server Connection Using the PCs Web Browser
View Tutorial
View Tutorial
View Tutorial
View Tutorial
V.
VI.
VII.
VIII.
Capturing Events and Viewing Animations in Simulation Mode

Looking Inside Packets in Simulation Mode
Viewing Device Tables and Resetting the Network
Reviewing Your New Skills
View Tutorial
View Tutorial
View Tutorial
Important Terminology
1. ICMP ping: command consisting of an echo request message from one device to another, and the returning echo reply.
2. IP address: 32-bit address assigned to devices as identification in the network.
3. Ethernet: one of the most common LAN standards for hardware, communication and cabling.
4. Fast Ethernet Interface: 100 Mbps Ethernet port. In Packet Tracer, a GUI may be used to configure such interfaces.
5. OSI model: 7-layer framework for looking at network protocols and devices, consisting of the application, presentation, session, transport,
network, data link, and physical layers.
6. PDU: protocol data unit, a grouping of data appropriate to a given layer in the OSI model.
7. Packets: OSI Layer 3 protocol data units. Represented by envelopes in Packet Tracer Simulation Mode.
8. Device Tables: includes ARP, switching, and routing tables. They contain information regarding the devices and protocols in the network.
9. ARP Table: Address Resolution Protocol (ARP) table, stores pairings of IP Addresses and Ethernet MAC addresses.
10. Scenario: one topology with a set of PDUs placed in the network to be sent at specific times. Using different scenarios, experiment with
different combinations of packets using the same base topology.
I. Viewing Help and Tutorials (View Tutorial)

1. Launch Packet Tracer.
2. Open the help content by clicking Help > Contents on the Menu bar. You can also click the question mark on the Main toolbar. Another option
is the F1 shortcut key.
3. The menu will always be visible on the left side of the window while browsing through the help files. Skim through the help sections to get an
idea of the functionality of Cisco Packet Tracer.
4. The What's New section under Introduction provides an overview of features that have been added to Packet Tracer.
5. Pay close attention to the Interface Overview section under Getting Started to familiarize yourself quickly to the Packet Tracer interface.
6. Browse the Tutorials section as well.
7. Open the Interface Overview tutorial to learn the basics of the Packet Tracer graphical user interface. Note: Some browsers may prevent the
tutorial from playing. Configure your browser to allow active content to enable the viewing of the tutorial.
8. When the first caption appears, as shown below, click the Pause button in the playback controls.
9. Click the Forward button to skip to the next caption. Then click Pause again. Click the Back button to view the previous caption.
10. Continue viewing the tutorial by pressing the Play button. Parts of the tutorial can also be skipped by dragging the slider to the right. If
needed, click the Rewind button to restart the tutorial.
11. Click Exit to close the tutorial window. Close the help content as well.
Congratulations on learning more about resources that will help you get the most out of Packet Tracer.
II. Creating a First Network (View Tutorial)

1. Start creating a network by first selecting the End Devices. Add a Generic PC and a Generic Server to the workspace.
2. Under Connections, select the Copper Straight-through cable (solid black line) and connect the devices with it. The red lights on the link
indicate that the connection is not working. Now, use the Delete tool to remove the Copper Straight-through cable, and use a Copper Crossover cable (dashed line) instead. The lights should turn green at this point. If the mouse pointer is held over either devices, the link status will
be shown as Up. The network should look similar to this:
3. Click on the PC. While paying attention to the link lights, turn the power on, off, and on again. Follow the same steps for the server. The link
lights turn red when the device is off. This means that the link is down or is not working. The link lights turn green when the device is turned
back on.
4. Try all three ways to learn about the devices. First, mouse over the devices to see basic configuration information about them. Second, click
on each device with the Select tool to show the device configuration window, which provides several ways to configure the device. Third, use
the Inspect tool to view the tables the network device will build as it learns about the network around it. In this example, open the ARP table.
Since the devices have not been configured yet, the ARP tables are empty. Always remember to close the windows after viewing them or they
will clutter the workspace.
5. Open the PC configuration window and change the settings using the Config tab. Change the display name to Client and set the DNS server to
192.168.0.105. Under Interface, click FastEthernet and set the IP address as 192.168.0.110. Packet Tracer automatically calculates other
parameters. Make sure that the Port Status box is checked. For future reference, note that other Ethernet interface settings, such as bandwidth,
duplex, MAC address, and subnet mask can be modified using this window.
6. Go to the Desktop Tab and click on IP Configuration. Notice that the IP address, subnet mask and DNS server can be changed here as well.
7. Open the Server configuration window and go to the Config tab. Change the display name to Web Server. Click FastEthernet and set the IP
address as 192.168.0.105. Make sure that the Port Status is also on. Click DNS and set the domain name as www.firstlab.com. Set the IP
address as 192.168.0.105 and click Add. Finally, check to make sure that the service for DNS is on.
8. Reposition the network devices by dragging them to a new location. Add a network description by using the i button on the upper right
corner. Then add some text labels within the Logical Workspace by using the Place Note tool.
9. Load a background grid using the Set Tiled Background button.
10. Save your work using the File > Save As option and create a meaningful filename.
Congratulations on creating your first network.
III. Sending Simple Test Messages in Realtime Mode (View Tutorial)

1. Start by opening the file saved in the last section.
2. Notice that the file opens in Realtime Mode. Use the Add Simple PDU tool to send a simple one-time ping message, called an echo request, to
the server. The server responds with an echo reply because all devices have properly configured IP address settings.
3. Scroll up and down the User Created Packet Window to see the different capabilities of this ping message, including an indication that the
ping was successful.
4. Toggle the PDU List Window to see a larger display of this message. One or more of these messages can be saved as a scenario. Scenario 0 is
displayed when starting. Label this first scenario with an i note. Different scenarios allow the use of the same topology for experiments with
different groupings of user created packets.
5. Click New to create a new scenario. New scenarios will initially be blank.
6. Add two packets using the Simple PDU tool, a PDU from the PC to the Server and a different PDU from the Server to the PC. Then add an
i note describing the scenario, to complete Scenario 1. An example is shown below:
7. Several scenarios can be saved with a single network. Alternate between Scenario 0 and 1.
8. Now, remove Scenario 0 using the Delete button.
9. Scenario 1 is now visible. Go to the last column in the User Created Packet Window and double-click (delete) to remove a PDU.
10. Delete the whole scenario. Notice that the scenario list went back to the default Scenario 0.
Congratulations on being able to send and organize simple test messages in Realtime Mode.
IV. Establishing a Web Server Connection Using the PCs Web Browser (View Tutorial)
1. Open the file saved from the previous section.
2. Click on the PC to view the configuration window.
3. Select the Desktop tab, and then click Web Browser. Type in www.firstlab.com as the URL and click the Go button. The Packet Tracer
welcome page, shown below, appears, indicating that the web connection has been successfully established.
4. Clear the URL, type www and click Go. Since the address entered is not complete, a Host Name Unresolved message appears.
5. Type 192.168.0.105 as the URL entry and click on Go. Notice that the Packet Tracer welcome page appears again. This is because the Server
IP address can also be used to establish a web connection.
6. Close the window and try the same steps in Simulation Mode. In this mode, the user controls time, so the network can be viewed running at a
slower pace, allowing observation of the paths packets take and inspection of packets in detail (packet tracing!).
7. Select the PC again and go to the Web Browser in the Desktop tab. Type www.firstlab.com as the URL again and click Go. The welcome page
should not appear right away.
8. Switch to the main interface of Packet Tracer without closing the PC configuration window. Notice that a DNS packet is added to the event
list.
9. Click Auto Capture/Play or repeatedly click the Capture/Forward button until the HTTP packet appears on the PC. Go back to the PC
configuration window. The Packet Tracer welcome page is now shown.
10. Close the PC configuration window.
Congratulations on successfully establishing a web server connection.
V. Capturing Events and Viewing Animations in Simulation Mode (View Tutorial)

1. Open the previously saved file.
2. In Realtime Mode, send a simple PDU from the PC to the Server.
3. Delete the PDU by using the method learned in the previous section.
4. Switch to Simulation Mode.
5. Click Edit Filters and click All/None to uncheck all fields. Then click ICMP to only view ICMP packets in the animation.
6. Add a simple PDU from the PC to the Server. Notice that the newly created PDU is added to the User Created PDU List. This packet has been
captured as the first event in the event list and a new packet icon (envelope) appears in the workspace. The eye icon to the left of the event list
indicates that this packet is currently displayed.
7. Click the Capture/Forward button once. This simulates a network sniffing program, capturing the next event that occurs on the network. Note
that after clicking Capture/Forward, the packet in the workspace moves from one device to another (this is the ICMP echo request message
from the PC to the Server). Another event is added in the event list this reflects the change in the workspace. The first time through an
animation, the meaning of the Capture/Forward is capture; after resetting the simulation, the meaning is forward.
8. Adjust the speed of the animation by dragging the Play Speed slider to the right making it go faster. Dragging the speed slider in the opposite
direction (to the left) will slow down the animation.
9. Click the Capture/Forward button a second time. This captures the next network event (this is the echo reply from the Server to the PC, shown
as successful with a green check mark on the envelope).
10. Click Capture/Forward button again. The Server has already sent an echo reply to the PC therefore, there are no more ICMP events left to
capture.
Congratulations on successfully capturing events and viewing animations in Simulation Mode.
VI. Looking Inside Packets in Simulation Mode (View Tutorial)

1. Continuing from the last activity, click Reset Simulation. This clears the entries in the event list except for the original packet.
2. Select the packet envelope on the workspace to show the PDU Information window like the one shown in the screenshot below. This window
contains the OSI Model tab, which shows how the packet is processed at each layer of the OSI model by the current device. Close this
window, noting that this packet is indicated in the event list by the eye icon. The whole row in the event list is also highlighted. Clicking on
the color square in the Info column is equivalent to clicking directly on the packet envelope (try it!).
3. Use the Next Layer and Previous Layer buttons to see details of the packet processing at the relevant OSI layers. Note that only the Out
Layers can be viewed in the case of this original echo request message.
4. Click on the Outbound PDU Details tab. This tab shows exactly what makes up the PDU headers. It is organized into header type and the
individual fields in each header.
5. Close the PDU Information window. Click on Capture/Forward button once.
6. Click on the packet in the workspace again to open the PDU Information window. Notice that this time, information regarding both the In
Layers and Out Layers can be viewed.
7. Click on the Inbound PDU Details tab. This shows the details of the inbound echo request packet from the PC to the Server. The Outbound
PDU Details tab, shows similar information, but for the echo reply packet from the Server to the PC.
8. Click on Reset Simulation again. Now click on Auto Capture/Play. The echo request and echo reply are automatically captured. Click on the
Back Button to rewind the animation one step at a time. Now click on the Capture/Forward button to forward the packet through the
animation. Note the change in the event list and the workspace. Remember that at any time, a PDU Information Window can be opened by
clicking directly on the envelope on the workspace, or by clicking the Info column in the Event List.
9. Click on the Back Button twice to rewind the animation. Now click Auto Capture/Play and the packet animation will automatically occur.
Congratulations on being able to manipulate the Play Controls and PDU Information Window to understand more about packet processing details.
VII. Viewing Device Tables and Resetting the Network (View Tutorial)
1. Open the file saved from the previous section.
2. Open the ARP Tables for both devices by clicking them with the Inspect tool. The ARP tables always appear on the same spot. Reposition
them to make them both visible. You can also resize the tables for better viewing.
3. In Realtime Mode, send a simple PDU from the PC to the Server. Notice that the ARP tables are filled in automatically, as shown here:
4. Delete the PDU using the method covered in the previous sections. Notice that the entries in the ARP tables are NOT cleared. ARP entries for
both devices have already been learned. Deleting the user created PDUs does not reset events what has already occurred in the network.
5. Click Power Cycle Devices. ARP tables are cleared because the Power Cycle Devices button turns the devices off and back on again
therefore, losing temporary information like the ARP table entries.
6. Go to Simulation Mode. In the event list filters, make sure that ICMP and ARP are checked so that you can view ICMP and ARP packets in
the animation.
7. Create a new simple PDU from the Server to the PC.
8. Notice that since the devices were power cycled earlier, the ARP tables are empty. ARP request packets need to be issued before the ICMP
ping packets, so that the devices in the network can learn about each other. Click on Auto Capture/Play to watch the animation.
9. Click Reset Simulation. Notice that even though the event list is cleared (except for the user created PDU), the ARP tables remain full. Click
Auto Capture/Play. This time, since the ARP tables are full, there are no new ARP packets issued.
10. Click Power Cycle Devices. Doing so will empty the tables. Notice that new ARP request packets appear automatically in the event list.
Congratulations! You can now view device tables, reset a simulation, and reset the network.
VIII. Reviewing Your New Skills
Single-clicking on the Delete button removes the entire scenario including all the PDUs associated with it.
Double-clicking on (delete) in the far right column in the PDU List window deletes individual PDUs.
The Reset Simulation button clears all entries in the Event List, except for User Created PDUs, and allows the animation to restart. This,
however, does not reset the device tables.
The Power Cycle Devices button turns all of the devices in the network off and on so the tables that the devices built are lost along with
configurations and other information not saved.
Saving work periodically prevents lost configurations and state changes in the network.
Congratulations on being ready to build and analyze many different networks in Packet Tracer! Be aware that there are many other features that were
not covered in this lab. To learn more, please view the other available tutorials and review the help files. Have Fun!
Tutorials
The following tutorials demonstrate the basic functions, features, and aspects of Packet Tracer. Although you can view them at any time, they are
most effective when you have read the appropriate section or pages corresponding to each tutorial.
Tutorial
Getting Started
Interface Overview
Options
Managing Windows
Organizing Interface
Part I
Part II
Getting Started
Interface Overview
Options
Logical Workspace
Creating a Network Topology
Custom Device Templates
Clustering a Network Topology
Editing and Annotating a Network
Topology
Description
Shows how to start using the program.
Shows how to customize Packet Tracer using the Options menu.
Explains how to organize windows in the Packet Tracer Interface.
Shows how to manage multiple windows when Packet Tracer is launched locally.
Shows how to manage multiple windows when Packet Tracer is launched from a course.
Shows how to start using the program.
Shows how to customize Packet Tracer using the Options menu.
Demonstrates how to create, arrange, delete, and connect devices.
Demonstrates how to create and remove custom device templates.
Demonstrates how to create, arrange, uncluster, delete, and connect clusters.
Demonstrates how to edit and annotate a network topology.
Configuring Devices
Configuring Devices Using the Config
tab
Configuring Devices Using the Desktop
tab
Configuring Devices Using the CLI tab
Realtime and Simulation Modes
Simulation Environment
Simulation Panel
Advanced Features in Simulation Mode
PDU Information
Physical Workspace
Navigating Physical Workspace
Modifying Physical Workspace
Structured Cabling
Interaction between the Logical
Workspace and the Physical Workspace
Activity Wizard Novice
Launch and Exit Activity Wizard
Write Instructions
Answer Network
Initial Network
Test Activity and Check Activity
Set Password, Save and Distribute the
Newly Created Activity File
Activity Wizard - Scoring Model
Overview
Expressions
Demonstrates how to configure devices using the Config tab.

Demonstrates how to configure devices using the Desktop tab.
Demonstrates how to configure devices using the CLI tab.
Introduces an overview of the simulation environment.
Demonstrates in detail of every feature in the Simulation Panel including the Event List,
Play Controls, and Event List Filters.
Introduces more advanced features in Simulation Mode to users.
Explains the information displayed in a PDU and how to use Challenge mode in a PDU.
Introduces a brief description of the interface of Physical Workspace and how to navigate
Physical Workspace.
Explains how to modify Physical Workspace by creating new objects, removing existing
objects, and moving objects from one location to another location in Physical Workspace.
Demonstrates how to create realistic structured cabling in the Physical Workspace.
Demonstrates how the Logical Workspace and the Physical Workspace interact.
Demonstrates how to launch and exit Activity Wizard.

Demonstrates how to write instructions for an activity.
Reviews features related to the answer network.
Reviews features related to the initial network.
Explains how to use the Test Activity and Check Activity features to create a reliable
activity.
Demonstrates how to set a password, how to save and distribute an activity.
Gives an overview of the Scoring Model interface in the Activity Wizard.

Goes over basics of expressions.
End to End Example

Activity Wizard - Variable Manager
Introduction
Creating Pools
Creating Variables
Using Variables in the Instructions
Using Variables in Network Topology
Using Variables in Assessment Tree
Using Variables in Connectivity Tests
Using Variables in Overall Feedback
Verifying Variable Assignments
Concatenation
Isomorphs
Regular Expressions
Activity Wizard - Misc. Features
Importing and Exporting Network Files
External Instructions
Student Model Variables
LinksysWRT300N
Topologies
Local Loop Connections
Hiding ISP
Configuring Linksys Security
Alternate Linksys Configuration
Port Forwarding
Multiuser
Enabling Multiuser
Creating Multiuser Connection
Enabling Port Visibility
Beyond Two PT Instances
Shows an end to end example of an activity using scoring models.

Introduces the Variable Manager of the Activity Wizard.
Explains and demonstrates how to create a pool in the Variable Manager.
Explains and demonstrates how to create a variable in the Variable Manager.
Demonstrates how to apply variables to the Instructions.
Demonstrates how to apply variables to the Network Topology.
Demonstrates how to apply variables to the Assessment Tree.
Demonstrates how to apply variables to the Connectivity Tests section.
Demonstrates how to apply variables to the Overall Feedback section.
Demonstrates how to verify assigned variables.
Demonstrates sting concatenation with variables.
Demonstrates isomorphic activities with variables.
Demonstrates regular expressions with variables.
Goes over importing an existing file as an Answer network.
Goes over using external instructions for an activity.
Goes over changing points and components in an activity.
Demonstrates how to use a Linksys WRT300N router in a SOHO network.
Demonstrates how to create the local loop section of a SOHO network.
Demonstrates how to organize and hide an ISP network from a SOHO network.
Demonstrates how to secure a SOHO network.
Demonstrates how to use the Static IP configuration for a Linksys WRT300N router.
Demonstrates the Port Forwarding capability for the Linksys WRT300N router.
Demonstrates how to enable the Multiuser feature in Packet Tracer.
Demonstrates the creation of a connection between two remote peers.
Demonstrates the usage of the Port Visibility feature.
Demonstrates how to chain three Packet Tracer instances together.
Offline Saving
WAN Cloud Configuration
Frame Relay
DSL and Cable
Dial Up
IPC
Installing Applications
Configure Applications Window
IPC Menu
Demonstrates how to use the Offline Saving feature.

Demonstrates how to create a Frame Relay network using the WAN cloud.
Demonstrates how to create DSL and Cable on the WAN cloud.
Demonstrates how to create a Dial-Up network using the WAN cloud.
Gives an overview of preparing external applications (ExApps) to be used in Packet Tracer.
Demonstrates how to use the Configure Apps Window of the IPC feature.
Demonstrates how to use items listed under the IPC menu.
The Logical and Physical Workspaces

Packet Tracer uses two representation schemes for your network: the Logical Workspace and the Physical Workspace. The Logical Workspace allows
you to build a logical network topology, without regard to its physical scale and arrangement. The Physical Workspace allows you to arrange devices
physically in cities, buildings, and wiring closets. Distances and other physical measures will affect network performance and other characteristics if
wireless connections are used. In Packet Tracer, you first build your logical network, and then you can arrange it in the Physical Workspace. Most of
your time will be spend working in the Logical Workspace.
The Logical Workspace

The Logical Workspace is where you will spend the majority of your time building and configuring your network. In conjunction with Realtime
Mode, you can use this workspace to complete many of the labs you encounter in your CCNA coursework.
First, you will want to create devices. This is done by choosing devices from the Network Component box. Then, you can do any of the following:
Add modules to your devices to install additional interfaces. Note that you must turn off a device (by clicking its power button) before you
can add a module.
Connect your devices by choosing the appropriate cables (also found in the Network Component box).
Configure device parameters (such as the device name and IP address) through graphical dialogue boxes or the Cisco IOS (in the case of
routers and switches).
Make advanced configurations and view network information from the CLI interface on a router or switch.
Creating Devices
To place a device onto the workspace, first choose a device type from the Device-Type Selection box. Then, click on the desired device model from
the Device-Specific Selection box. Finally, click on a location in the workspace to put your device in that location. If you want to cancel your
selection, click the Cancel icon for that device. Alternatively, you can click and drag a device from the Device-Specific Selection box onto the
workspace. You can also click and drag a device directly from the Device-Type Selection box and a default device model will be chosen for you.
To quickly create many instances of the same device, press and hold the Ctrl button,
click on the device in the Device-Specific Selection box, and then release the Ctrl
button. The device is now locked and you can click on the workspace multiple times to
add multiple copies of the device. Cancel this operation by pressing the Cancel icon for
that device. To duplicate devices, you can press and hold the Ctrl button and then drag a
device on the workspace or select the devices and then use the Copy and Paste buttons.
Adding Modules
Most Packet Tracer devices have modular bays or slots into which you can insert modules. In the workspace, click on a device to bring up its
configuration window. By default, you will be in the Physical Device View sub-panel of the device. An interactive picture of the device is on the
right of the panel, and a list of compatible modules is on the left. You can resize the picture with the Zoom In, Original Size, and Zoom Out buttons.
You can also resize the entire configuration window by dragging its borders with the mouse. Alternatively, you can undock the window so that you
can move it around and freely resize it. You can browse (by clicking) through the list of modules and read their description in the information box at
the bottom. When you have found the module you want to add, simply drag it from the list into a compatible bay on the device picture. You can
remove a module by dragging it from the device back into the list.
You must turn off a device (by clicking its power button) before you can add or remove
modules, and you should turn the device back on after you are done.
Creating Custom Devices

The Device Template Manager allows you to save devices as templates and create devices from saved templates. For example, you may save a
template of a Cisco 2621XM router with an NM-2FE2W and two WIC-2T modules already installed. To create a device template, first add the device
and the appropriate modules that you want as would before. Once you have done that, click on the Custom Devices Dialog on the Main Tool Bar to
open the Device Template Manager. Click on the Select button in the Device Template Manager. The Device Template Manager will disappear.
Now click on the device that you want to make a template of. The Device Template Manager will reappear. Enter a description for the template (e.g.,
2621XM with NM-2FE2W and (2) WIC-2T). Click on the Add button. Packet Tracer will prompt you to save your device template. Browse to the
'templates' directory in the Packet Tracer installation directory, give it a file name, and save your device template file there.
To add a custom device on the Logical Workspace, click on the Custom Made Devices icon in the Device-Type Selection Box to display the custom
devices in the Device-Specific Selection Box. Here you will find all of the device templates that have been created. You can then add the custom
devices to the Logical Workspace as you would with other devices as described in the Creating Devices section above.
To remove a custom device on the Logical Workspace, click on the Custom Devices Dialog on the Main Tool Bar to open the Device Template
Manager. Under the Edit section, select the device template that you want to remove in the drop down menu and then click on the Remove button.
The device template file that was saved in the 'templates' directory will be removed as well.
Making Connections
To make a connection between two devices, first click the Connections icon from the Device-Type Selection box to bring up the list of available
connections. Then click the appropriate cable type. The mouse pointer will change into a "connection" cursor. Click on the first device and choose an
appropriate interface to which to connect. Then click on the second device and do the same. A connection cable will appear between the two devices,
along with link lights showing the link status on each end (for interfaces that have link lights). If you made a mistake by connecting to an incorrect
interface or you want to change the connection to a different interface, click on the link light near the device to unplug the connection from the
device. Click on the device again and select the desired interface to reconnect the device. For a full list of connections supported in Packet Tracer,
please read the "Connections/Links" help page.
To quickly make many connections of the same type, press and hold the Ctrl button,
click on a cable type in the Device-Specific Selection box, and release the Ctrl button.
The connection cursor is now locked and you can repeatedly make the same connection
type between devices. Cancel this operation by pressing the Cancel icon for the cable
type.
Logical Topology Editing Tools

You can use the tools in the Main Tool Bar, Logical/Physical Workspace Bar, and Common Tools Bar to edit and annotate your topology.
Tool
Use
Copy
Paste
Undo
Redo
Zoom In
Zoom Reset
Copy the selected items.

Paste the selected items.
Undo the previous action.
Redo the previous action.
Zoom in the workspace.
Reset the zoom back to default.
Zoom Out
Zoom in the workspace.
Drawing Palette
Create lines, rectangles, and ellipses.
Custom Devices Dialog Refer to the "Creating Custom Devices" section above for information.
New Cluster
Move Object
Set Tiled Background
Viewport
Refer to the "Clustering Devices" section below for information.

Refer to the "Clustering Devices" section below for information.
Refer to the "Custom Icons & BGs " section for information.
View a scaled version of the workspace.
Select
Click objects and drag them around. This is the default tool. You can also select multiple objects by holding down the
mouse button and then dragging your cursor over them. This action draws a rectangle around the objects so you can drag
all of them simultaneously. Press the Esc key on the keyboard for quick access to this tool.
Move your entire workspace around with the click-and-drag mouse action.
Write and place sticky notes anywhere on the workspace.
Delete objects from the workspace. When you select the Delete tool, the mouse cursor will change into an "X." You can
then click on any object (a device, connection, or note) that you wish to delete.
Look at tables of a device (such as ARP and MAC tables) that have been modeled in this version of Packet Tracer.
Resize shapes that are drawn with the Drawing Palette. When you select the Resize Shape tool, a red square will appear
on shapes on the workspace. Drag the red square to either increase or decrease the shape.
Refer to the "Simulation Mode" help section for information.
Refer to the "Simulation Mode" help section for information.
Move Layout
Place Note
Delete
Inspect
Resize Shape
Add Simple PDU
Add Complex PDU
Configuring Devices
To make most of the devices useful, you need to configure some basic settings (for example, an interface IP address and subnet mask). You can set
basic parameters through the GUI configuration screen of the device (click the Config tab from the configuration window). Different devices have
different settings available. Refer to each help page of the device for detailed information.
Cisco IOS: Routers and Switches
For routers and switches, you will have access to a model of the Cisco IOS with a limited set of commands. You can use the software to make
advanced configurations and view various network information in real time (if you are in Realtime Mode). Here are a few examples of the commands
available to you: ping, traceroute, show interfaces, ip access-list, and switchport access vlan. Refer to the "Configuring Devices" section of the
help files for all supported Cisco IOS commands.
Clustering Devices
Clustering devices allows you to simplify the appearance of the Logical Workspace by visually reducing a group of devices and connections into a
single image. By default, all devices are created on the Logical Workspace are located in the Root level, which is indicated on the Logical/Physical
Workspace Bar. You may reduce the amount of clutter on the workspace by clustering multiple devices together with the New Cluster feature. To
cluster a group of devices, select the devices on the workspace and then click on the New Cluster button. You can then click on the newly created
cluster to go inside its lower level (i.e., Cluster0 by default) and create sub-clusters within the main cluster as well. You may also rename the cluster
by clicking on its label to enable the label textbox. You can navigate between levels by clicking on the appropriate level on the Navigation Bar. Note
that only up to four levels of clustering hierarchy are available with the Logical Workspace (including Root level). To uncluster a group of devices,
highlight the cluster and then delete it with the Delete tool.
Once you create a cluster, you can make connections to devices in a cluster. To make a connection to devices in a cluster, you first select the
connection type and then the cluster. A menu showing the devices in the cluster appears, allowing you to select a device. When you select the device,
a menu showing the available interfaces appears. Select the interface and a connection is made if the selected connection type and interface are
compatible.
Also, when you can create a cluster, you can move objects and devices within the cluster hierarchy with the Move Object button. To do so, click on
the Move Object button and then select an object or device. This opens a menu showing the cluster hierarchy. You can then select the location to
which the object should be moved.
Managing Workspace Clutter (Docking/Undocking Sub-windows)

There may be times when you need multiple windows open on your screen (especially when you start running simulations and have to keep track of
many things at once). To minimize the visual clutter, you can arrange popup and sub-windows in various ways. Many windows can be docked to or
undocked (floated) from the workspace. You can drag floating windows (via their title bar) and dock them to the left, right, or bottom edge of the
workspace. Simply drag a window by its title bar until your cursor is near an edge and then release the mouse button. The window will dock to that
edge. To undock a window, drag the window by its docked title bar and move it out of the workspace edge to anywhere on your screen.
Some more hints regarding docking and undocking windows:
In a docked position, the title bar of a window is unnamed; the window may be at
the top or left border. Use the Close button (x) on the window as a hint to where the
title bar is.
You can double click the title bar of a window to quickly toggle between the
docked or undocked state.
If there is already another window at an edge, you can dock a second window
next to that first window.
If you do not want a window to dock anywhere as you drag it around, press and
hold the Ctrl key as you drag it.
The Logical Workspace: Customizing Icons and Backgrounds (BG)

Using Custom Icons
Icons that represent devices in Packet Tracer in both Logical and Physical mode can now be customized to an individual users taste. The images used
for Physical and Logical mode can be differently customized or the default image can be used for either Logical or Physical with the other being
customized. A customized icon must be created by an external painting type of program and saved as either a .PNG or .JPG file. The recommend size
of a custom icon is 45 x 31 pixels. If the graphic is of a different size, Packet Tracer will automatically resize the image to fit. So to maintain the best
graphic control of the icons it is best to follow the recommended size.
To change an icon for a device, click on the device, which brings up the device configuration pop-up window. On the Physical Configuration Tab
below the device image there are two buttons. One changes the icon in Logical Workspace, the other changes the icon in Physical Workspace. To
change an icon image in the Logical Workspace follow these steps:
Click on the device to be customized.
Click on the Customize Icon in Logical View button.
Select the image you want by clicking on it or use the browse button to navigate to a new directory and select the image.
Click on the OK button.
The new icon image is used in place of the default on the Logical Workspace. To change the image back to the default, follow these steps.
Click on the Customize Image in Logical View button.
Click on the Reset button.
Using Custom Cluster Icons

In addition to custom device icons, you can also use custom icons for clusters as well. To change a cluster icon, perform these steps:
Click on the cluster to be customized.
Click on the Set Tiled Background button on the Logical Workspace Bar.
Click on the Cluster Icon tab in the Select Background Image dialog.
Select the image from the list provided or click the browse button to navigate to the directory where the graphic is located.
Click on the Apply button.
The new icon image is used in place of the default on the Logical Workspace. To change the image back to the default, follow these steps.
Click on the cluster to be customized.
Click on the Cluster Icon tab in the Select Background Image dialog.
Using Custom Backgrounds (BG)

The Logical Workspace comes with a default set of backgrounds. You can also use your own background images. To use such an image, perform
these steps:
If you wish to tile the graphic, click on Display Tiled Background Image.
To return to the default background:
To save custom icons and backgrounds with either a PKT or PKA file, the creator of the
file must use the Save As Pkz selection from the File menu. This process is covered in
detail in the Interface Overview section.
The Physical Workspace

The purpose of the Physical Workspace is to give a physical dimension to your logical network topology. It gives you a sense of scale and placement
(how your network might look in a real environment).
The Physical Workspace is divided into four layers to reflect the physical scale of four environments: Intercity, City, Building, and Wiring Closet.
The intercity is the largest environment. It can contain many cities. Each city can contain many buildings. Finally, each building can contain many
wiring closets. The wiring closet provides a view that is different from the other three views. This is where you actually see the devices that were
created in the Logical Workspace; positioned in networking racks and on tables. The three other layers provide thumbnail views of their layouts as
the next level icons. This is the default arrangement in the Physical Workspace, but the devices in the wiring closet can be moved to any of the layers.
When the devices are moved to another layer, they revert to the icons used in Logical Workspace, although those can be customized (covered under
Customization) to any graphic you would like to use.
When you first enter the Physical Workspace, the default is the Intercity view (or "map").
By default, the intercity contains one city object called "Home City." You can click and drag the City icon to move it around in the intercity map. You
can also simply click on the City icon to change focus to the map of that city.
The Home City also contains one default building object called "Corporate Office." This building, like the Home City object in Intercity view, can be
moved anywhere around the city. Click on the Building icon to change focus to the interior selected building. All buildings are limited to one floor.
From the City view, you can also return to the Intercity environment by clicking on the Back button twice in the Physical Workspace Bar.
The Corporate Office contains one default wiring closet called "Main Wiring Closet." Click its icon to view its contents. You can also return to any of
the previous environments (Intercity or City) by clicking the Back button in the Physical Workspace Bar.
The "Main Wiring Closet" initially houses all the devices that were created in the Logical Workspace. It neatly arranges those devices onto racks and
tables so you can see where your devices physically are. The wiring closet view also shows the connected ports and the link light status of the devices
in the wiring closet. If the device is clicked, its configuration window pops up just as it does in Logical Workspace. Learn how to move these devices
around in the building or even the city in the "Moving Devices" section.
Wiring closets, buildings, and cities can all be renamed.
Creating New Locations

The Physical Workspace allows you to create new locations to expand your physical topology. In the Intercity environment, you can create cities with
the New City button. You can place new buildings and closets directly onto the Intercity environment with the New Building and New Closet
buttons. Similarly, you can create new buildings in the City environment and new closets in the Building environment. To keep things simple, you
should create locations according to the established hierarchy.
New cities (and buildings and closets) always initially appear on the top left corner of
the workspace. To avoid confusion, you should immediately rename and move them.
The Physical Workspace: Moving Devices

The Physical Workspace allows you to move your devices to various locations. To do this click on the Move Object button on the Physical
Workspace Bar, then click on the device to be moved. When the device is clicked, an expandable pop-up box will appear that shows a hierarchical
layout of the physical workspace. Just click on the level that you want the selected device to be moved. When you move a device to a new level, it
always initially appears in the top left corner of the workspace. In addition to moving devices with the Move Object button, you can also move
cities, buildings and wiring closets. The procedure is the same.
If you move multiple devices before moving them out of the upper left corner, they are stacked on top of each other in the same physical location.
Clicking will select the top device on the stack, dragging around the group will select all the devices and allows them all to be moved simultaneously.
A second more efficient way to quickly move multiple devices is to use the Navigation button on the Physical Workspace Bar. Clicking on the
Navigation button reveals an expanded tree view of the arrangement of all levels and devices in the Physical Workspace.
To move a device to a new location using the Navigation button, highlight the device and drag it to the new location in the tree. When that level is in
focus, the device(s) will be located in the upper left corner of that level. This is with the exception of the wiring closet view where the devices will
appear in a rack or on a table. There is no way to change the order of equipment in the rack or on the tables.
There are few restrictions on where you can move objects and devices. In general, something bigger (a city) cannot be moved inside something
smaller (a building); otherwise, all moves are possible. You can move buildings to other cities or directly onto the intercity. Wiring closets can be
placed directly onto cities or the intercity view. Devices are not confined by racks or tables and can go anywhere. However, you should maintain their
hierarchy to avoid confusion.
In this example, the default "Home City" is renamed to "San Jose," and a new city called "Irvine" is created. Inside San Jose is a building called
"Cisco," which has a wiring closet called "MDF." Similarly, Irvine has a building called "Linksys," which has a wiring closet called "IDF." Initially,
all devices are located in the MDF, including two routers named "Router0" and "Router1," which are connected via a serial link.
If, for example, you want to move Router0 into the IDF, you would first need to go into the MDF. Inside the MDF, click the Move Object button.
Click on Router0, and then go through the hierarchy to find the IDF and select Move to IDF.
If you back out to Intercity view, you will see a black line between Irvine and San Jose. The line tells you that there is a connection between the
devices of these cities. In this case, the line represents the serial connection between Router0 and Router1.
You can quickly return to the default wiring closet in any environment by pressing the
Working Closet button on the far right of the Physical Workspace Bar.
The Physical Workspace: Distance Measurements

The Physical Workspace provides the dimension of distance to Ethernet and wireless devices. This distance parameter is one of the factors that
determine if a device is able to connect or not connect to another device.
Access points can establish connections with wireless end devices that are within a certain distance range. This range is indicated by a gray mesh area
surrounding the access point. Note that this mesh area appears as a circle or an oval depending on the dimensions of the background image used. If
the background source image is square, the mesh is circular. If the background image is a rectangle, the mesh is oval, scaled by the width and height
of the source image.
In this example, three wireless-enabled PCs and two access points are created. They have all been moved from the default wiring closet and placed
directly onto the "streets" of the city (for demonstration purposes). Note the following:
PC0 is within the wireless range of Access Point0, so it associates with Access Point0.
PC1 is within the wireless range of both Access Point0 and AccessPoint1. However, because it is closer to Access Point1, it associates with
Access Point1.
PC2 is not in range of any access point, so it has no connectivity.
Ethernet connectivity is determined by a cable length of 100 meters. There is no partial connectivity for Ethernet, it is either within (has connectivity)
the length of 100 meters or outside (no connectivity) of it. By pointing at a cable in physical mode, a pop-up box will appear showing the device
interfaces connected to this cable and the segment and total length.
Packet Tracer now also has the ability to bend, group and color code cables. This feature is covered in the Cable Manipulation section.
The Physical Workspace: Customizing Icons and Backgrounds (BG)

Using Custom Icons
Icons that represent devices in Packet Tracer in both Logical and Physical mode can now be customized to an individual users taste. The images used
for Physical and Logical mode can be differently customized or the default image can be used for either Logical or Physical with the other being
customized. A customized icon must be created by an external painting type of program and saved as either a .PNG or .JPG file. The recommend size
of a custom icon is 45 x 31 pixels. If the graphic is of a different size Packet Tracer will automatically resize the image to fit. So to maintain the best
graphic control of the icons it is best to follow the recommended size. There is a way to resize icon now covered in the Logical Workspace section.
To change an icon for a device, click on the device, which brings up the device configuration pop-up window. On the Physical Configuration Tab
below the device image there are two buttons. One changes the icon in Logical Workspace, the other changes the icon in Physical Workspace. To
change an icon image in the Physical Workspace follow these steps:
Click on the Customize Icon in Physical View button.
Select the image you want by clicking on it or use the browse button to navigate to a new directory and select the image.
Click on the OK button.
The new icon image is used in place of the default on the Physical Workspace. To change the image back to the default, follow these steps.
Click on the Customize Image in Physical View button.
Using Custom Backgrounds (BG)

The Physical Workspace comes with a default set of backgrounds (for the Intercity, City, and Building environments). You can replace the
background of each environment with your own background images, just like in the Logical Workspace (see "Getting Started"). When using your
own images, pay attention to the environment for which an image is appropriate. For example, an image with the map of San Francisco is appropriate
for the City environment. To use such an image, perform these steps:
In the city where you want to apply the background, click on the Set Background button on the Physical Workspace Bar.
To return to the default graphic:
In the city where you want to reset the background, click on the Set Background button on the Physical Workspace Bar.
There is also a scaling option available in the Set Background dialog box. This option specifies the distance scale for Packet Tracer in meters per
pixel. This scale directly determines the length of cables and broadcast ranges of wireless access points in both logical and physical modes. The
defaults are set to:
Intercity = 8.98473 per pixel
City = 1.18694 per pixel
Office = 0.058072 per pixel
Wiring closet (does not have scaling)
Note that the dimensions of your background images affect the scale and appearance of certain objects.
To create a graphic for a background the recommended sizes, in pixels are:
Intercity = 2226 x 1382 pixels
City = 1685 x 1043 pixels
Office = 3444 x 2157 pixels
To save custom icons and backgrounds with either a PKT or PKA file, the creator of the
file must use the Save As Pkz selection from the File menu. This process is covered in
detail in the Interface Overview section.
The Physical Workspace: Cable Manipulation

In Physical Workspace, cables can be manipulated to provide a more realistic representation of a physical layout. Cables can be bent and grouped to
allow for organization and easier manipulation. Since cables can be grouped, they now also can be color coded to allow the user to identify specific
cables as they enter or leave the group. Individual cables can be ungrouped from cable GroupPoints as well as cable groups and BendPoints may also
be deleted from cables without deleting the cables.
Creating BendPoints in Cables

To bend a cable, click on a cable, this will show the Create BendPoint / Color Cable menu. Select Create BendPoint and a red dot appears on the
cable. Drag the red dot to a new location and the cable follows the BendPoint.
Cables actually cant be directly deleted in Physical mode, you must return to Logical
mode to delete a cable.
As many BendPoints as needed can be placed on a cable allowing a pseudo structured cabling look to the physical mode. Adding BendPoints and
moving them also changes the length of the cable. The Cable Length is expressed as the distance between to points on the cable and the Total Cable
Length is the distance between the two end devices on the cable.
Workaround: Sometimes it appears that you have accurately clicked on a cable and no
Window appears. This is due to graphics representation of the cable. All that is necessary
to do is move the device that the cable is connected to and try again or move to another
spot on the cable. Once a BendPoint is created, it can be moved along the cable to where
you want it located.
Creating GroupPoints in Cables

To create GroupPoints in cables, there must already be BendPoints located in the cables. The process to create a GroupPoint is drag one BendPoint
over the top of a second BendPoint. When this is done the Red Dots turn into a single yellow square.
If you create two GroupPoints on a cable and then click between those two GroupPoints, you can create a new GroupPoint. When a GroupPoint is
moved all of the cables in the group are moved as if they are a single cable.
Color Coding Cables

To change the color of a cable, click on the cable and then select Color Cable. When the Select Color dialog pops up, select the desired color and
then click on the OK button.
Notice that the cable is colored at both ends of the GroupPoints. Cable groups color is always black, it cant be changed. To reset a color you have
selected, follow the same process as assigning a color but click the Cancel button instead of the OK button in the Select Color dialog.
Removing GroupPoints and BendPoints

Removing a GroupPoint is actually done as an ungroup. All of the BendPoints that were dragged together to create the group are still on the cables,
they just return to the red dots and are now separate again.
To remove the GroupPoint, first click on the Delete tool in the Common Tools Bar or press the Delete key on your keyboard. The Delete tool will
now be selected. Point the cursor directly over the GroupPoint that is to be removed (the little circle in the center of the cursor should show the color
through it) and click on the GroupPoint. A menu will pop up allowing each individual cable or all cables to be removed from the group.
Selecting an individual cable shows the red dot over the yellow square but doesn't remove the square. Ungrouping all cables removes the yellow
square and returns the red dots to each individual cable.
Ungrouping also allows a user to break cables out of a group between GroupPoints as is shown here in the circled area.
To remove a BendPoint, follow the same procedure as removing a GroupPoint. In the case of a BendPoint, the red dot is simply removed from the
cable.
The Physical Workspace: Special Notes

Navigation Panel
You can click on the Navigation button from the Physical Workspace Bar to bring up the navigation panel of the entire Physical Workspace. The
navigation panel contains a physical locations tree that allows you to select a location and then jump to that particular location on the Physical
Workspace. The Navigation panel also allows you to move devices from one place to another in physical mode. This is covered in the Moving
Devices section.
Applying a Grid
You can click on the Grid button from the Physical Workspace Bar to apply a customizable grid to the Intercity, City, and Building levels. The Grid
tool allows you to set the grid spacing for each level and the ability to choose the color of the grid lines. The grid size is in meters and grid size is
affected by the by the Set Background image scaling factor.
Wiring Closet Limit

Each wiring closet can house as many as three racks, three tables, two tables and one rack, or two racks and one table. End devices are placed on
tables; all other devices are mounted on racks. If the Logical Topology contains more devices than a single wiring closet can house, another wiring
closet will automatically be created in the default building. That new wiring closet will become the default wiring closet. You will still be able to
access the original wiring closet, although you may need to move wiring closet icons around the building so they do not visually overlap.
Deleting Objects
You can use the Delete tool from the Common Tools Bar to delete cities, buildings, and wiring closets. Devices, however, cannot be deleted in the
Physical Workspace. If you delete a wiring closet from the Building environment, the devices in that closet will be extracted and placed directly onto
the building "floor." If you delete that building from the City environment, the devices will be placed onto the city "streets."
Resizing Objects
Just as in the Logical Workspace, you can use the Resize Shape tool from the Common Tools Bar to resize cities, buildings, wiring closets, devices,
and shapes created drawn with the Drawing Palette.
Operating Modes
Packet Tracer operating modes reflect the network time scheme.
In Realtime Mode, your network runs in a model of real time, within the limits of the protocol models used. The network responds to your actions
immediately as they would in a real device. For example, as soon as you make an Ethernet connection, the link lights for that connection will appear,
showing the connection state (see the "Connections/Links" page for details). Whenever you type a command in the CLI (such as ping or show), the
result or response is generated in real time and you see it as such. All network activity, particularly the flow of PDUs across the network, happens in
the Packet Tracer model of real time.
In Simulation Mode, you can "freeze" time -- you have direct control over time related to the flow of PDUs. You can see the network run step by
step, or event by event, however quickly or slowly you like. You can set up scenarios, such as sending a ping packet from one device to another.
However, nothing "runs" until you capture it (the first time through, as with a protocol sniffer) or play it (re-playing the captured events as an
animation). When you capture or play the simulation, you will see graphical representations of packets traveling from one device to another. You can
pause the simulation, or step forward or backward in time, investigating many types of information on specific PDUs and devices at specific times.
However, other aspects of the network will still run in real time. For example, if you turn off a port, its link light will respond immediately by turning
red.
Realtime Mode
In Realtime Mode, your network is always running (like a real network) whether you are working on the network or not. Your configurations are
done in real time, and the network responds in near real time. When you view network statistics, they are displayed in real time, as shown in the
Realtime toolbar. In addition to using the Cisco IOS to configure and diagnose networks, you can use the Add Simple PDU and User Created PDU
List buttons to graphically send pings.
Inspecting Devices
As the network is running, you can use the Inspect tool to view tables of the device as they are populated and updated. For example, to inspect the
ARP table of a router, choose the Inspect tool, click on the router to bring up the list of available tables, and then choose ARP Table.
In addition to the Inspect tool, you can simply mouse-over a device to view details such as the link status, IP address, and MAC address of all the
ports on a device. Note that the mouse-over feature does NOT show the state of the tables maintained by a device, like a switch, but rather a
convenient summary display of port-related information. For example, when you mouse-over a switch, you will see a list of ports and MAC
addresses: this is not the switch MAC address table (CAM table, switching table) but rather a list of the MAC addresses of the switch built-in
Ethernet interface hardware addresses.
Sending PDUs graphically

Although Simulation Mode is the preferred mode for sending PDUs graphically, you can use the Add Simple PDU and User Created PDU List
buttons to ping or send other PDUs (see the "Simulation Mode" section for details). The drawback is that you will not see PDU icons traveling slowly
through the network; the entire ping sequence happens in real time. However, you can view the result of the ping from the User Created Packet
Window.
Power Cycle Devices
The Power Cycle Devices button on the Realtime Bar allows you to power-cycle all of the devices in your network. Pressing it turns all devices off
and then turns them back on. Pressing this button will also clear all events if you are running a simulation with the network. The Power Cycle
Devices button is also available in Simulation Mode. See the "Simulation Mode" help section for more information.
If you reset the network, you will lose the current running configuration on all routers
and switches. Before you click the Power Cycle Devices button, be sure to issue the
copy running-config startup-config Cisco IOS command sequence on all routers and
switches to retain the current network configuration after the reset.
Fast Forward Time

You can converge a network quickly by clicking on the Fast Forward Time button which will advance the realtime by 30 seconds each click. A use
case would be where you have a large network of switches connected in loops and STP convergence may take a considerable amount of time. By
clicking on the button a few times, STP to converge within a couple seconds instead of up to minutes.
Simulation Mode
In Simulation Mode, you can watch your network run at a slower pace, observing the paths that packets take and inspecting them in detail.
When you switch to Simulation Mode, the Simulation Panel will appear. You can graphically create PDUs to send between devices using the Add
Simple PDU button and then pressing the Auto Capture / Play button to start the simulation scenario. The Event List window records (or
"captures") what happens as your PDU propagates through the network. You can control the speed of the simulation by using the Play Speed Slider.
Pressing the Auto Capture / Play toggle button again will pause the simulation. If you need greater control of the simulation, use Capture /
Forward button to manually run the simulation forward one step in time. You can use the Back button to revisit a previous timeframe and view the
events that occurred then.
When your instance of Packet Tracer is connected to a Multiuser remote peer, you will
not be able to switch to Simulation Mode. When you attempt to switch to Simulation
Mode, you will be prompted to save an offline copy that is to be opened in a new
instance of Packet Tracer. Clicking Yes will cause Packet Tracer to use the current offline
saving settings to create an offline save and open it in a new Packet Tracer instance
immediately. From there, you will be able to use Simulation Mode to examine packets in
detail.
You can clear and restart the scenario with the Reset Simulation button, which clears all entries in the Event List.
Note that while a simulation is playing, you may see packets that you did not create yourself. That is because some devices can generate their own
packets (such as EIGRP packets) as the network runs. You may also see a QoS Stamp on packets as well, which is described in detail in the "QoS
Stamp" section below. You can see what types of packets are being propagated in the network by looking at the Type field in the Event List. You can
choose to hide these packets from view by clicking on the Edit Filters button and unchecking the appropriate filter from the menu that appears. To
show all types of packets, simply click on the Show All button to re-enable them all. You can also create your own ACL Filter by clicking on the
Edit ACL Filters button in the Edit Filters menu. In the ACL Filters dialog, you can create a New ACL Filter, Delete an ACL Filter, and Submit
extended ACL statements to an ACL Filter.
You can also hide the Event List (and the entire Simulation Panel) with the Event List button in the Simulation Bar. You will still have access to the
Play Controls on the bar.
The Event List and Time Flow of Events

Packet Tracer simulations do not run on a linear time scale. Time is determined by the events that occur. An event can be defined as any instance of a
PDU that is generated in the network. The Event List keeps track of all such PDU instances and lists their information in various fields:
Visible: An "eye" icon in the field means that an event is happening at the current simulation time. Whatever packets that are currently visible
in the scenario animation will have this icon in the field.
Time: This field indicates the time (in seconds) at which the event occurred, relative to the last time the simulation scenario restarted. This
field is also the simulation time index.
Last Device: This field indicates the previous location of the packet.
At Device: This field indicates the current location of the packet.
Type: This field indicates the packet type (ACL Filter, ARP, BGP, CDP, DHCP, DNS, DTP, EIGRP, FTP, H.323, HTTP, HTTPS, ICMP,
ICMPv6, IPSec, ISAKMP, LACP, NTP, OSPF, PAgP, POP3, RADIUS, RIP, RTP, SCCP, SMTP, SNMP, SSH, STP, SYSLOG, TACACS, TCP,
TFTP, Telnet, UDP, and VTP).
Info: This field shows detailed information about the packet instance, broken up into each layer of the OSI model. Learn more about this field
in the "PDU info" page.
You can rearrange each of these fields in the Event List by dragging the title of a field to
the desired position.
Some events occur very frequently, happening every few milliseconds. Some events occur very infrequently, happening every minute or so. On the
workspace, network events appear to happen one after another at the same speed (set by the slider), when actually they may be separated by
milliseconds or by minutes. You can keep track of event timing by looking at the Time field in the Event List. Time only advances when there are
events to be captured. If the network has no further events, time will essentially halt (until the next event occurs). The Auto Capture Indicator will
tell you where the Event List stopped recording. You can enforce a constant delay of 1 ms between events by using the Constant Delay option. If this
option is off, various factors will contribute to the overall delay of the event: transmission delay, propagation delay, and a randomly injected process
delay.
If you filter out some type of PDUs on the Event List Filters, they will not show up on
the Event List. They are still in the network; you just do not see them. The simulation
runs more quickly because you will not see the filtered events, but all filtered PDUs still
affect the network.
Restarting a Scenario
Whenever a simulation restarts, the simulation time resets to 0.000 and the Event List is cleared. You will restart the simulation if you do any of the
following:
Click the Reset Simulation button.
Click the Power Cycle Devices button.
Switching to Realtime Mode (and switching back).
Modify the network in some way, such as deleting a device, adding a device, and changing the configuration on a device.
Enter any command in the global configuration mode of a device (in the CLI).
Switch to another scenario (see the "Managing Simulation Scenarios" section below).
Remove a PDU from the Protocol Data Units List (see the "Managing Simulation Scenarios" page).
Restarting a simulation does not erase current or scheduled PDU processes; it simply
pauses the simulation and removes the visual clutter of events currently displayed on the
Event List. The only way to remove PDU processes is from the User Created Packet
Window (discussed on the "Managing Simulation Scenarios" page).
Sending Simple PDUs (Ping)

In Packet Tracer, the Add Simple PDU button is essentially a quick, graphical way to send one-shot pings. You can send pings between devices that
have at least one interface with an IP address. To send a ping, click the Add Simple PDU button (the cursor changes to a "packet" icon), click on the
source device, and then click on the destination device. Note that pings will only work if the devices have configured ports. After you make the
request, the source device will queue an ICMP or ARP packet (or both), which will be on standby until you click the Auto Capture / Play or
Capture / Forward button. When you click one of these buttons, the packets will start moving and you can observe the ping process. You may want
to hide certain types of packets in the Event List Filters to avoid being confused by other packets in the network that you do not wish to observe.
You can keep track of all of the PDUs you created with the Add Simple PDU button in the User Created Packet Window. See the "Scenarios" page
for more information.
QoS Stamps
QoS Stamps are visual indicators that the ToS/DiffServ (ToS = Type of Service, DiffServ = Differentiated Services) field has been set in the IP
header. Usually this field is 0, but a value other than 0 will cause a color to appear. It does not indicate that it will be processed in any special way or
that anything in particular will happen to it. It is just a marker that says "this field is different."
Qos Stamps are useful in that it is one way a QoS algorithm will tag packets as they pass through the interface for processing into queues on the other
end. Setting the ToS/DiffServ field on the packet means that the router can check that value later when looking to put packets into certain priority
queues. Marking the packets at the edge means that the core routers can treat them however they need to without guessing at the intended priority
level. The reason it is referred to as a ToS/DiffServ field is that the field was originally called the TOS field which contained IP precedence bits. That
was obsolete by the DiffServ field, which uses a DSCP (Differentiated Services Code Point). This is the 6 most significant bits in that field. The other
two bits serve other purposes for congestion notifications. So, the proper name for those 6 bits is the "Differentiated Services Code Point," but they
can also be modified by precedence or things that set the Type of Service. So, all still apply.
Packet Tracer will only display QoS Stamps in Simulation Mode and when the ToS/Diffserv field has been set. This field can be set by using the
Traffic Generator utility on an end device, the ping command on an end device, extended ping on a router, or the set commands for class-maps
inside a policy-map. When using the ping command or Traffic Generator, this value sets the entire ToS field in the header. The ToS/DiffServ Color
Table, which is shown below, only goes up to 64 values because the two least significant bits are reserved and not used to show the colors. Because
of this, it is necessary to bit-shift your value two places to the left. The easiest way to do this is to multiply your given ToS value twice. So, if you
have the value 1, 1 * 2 = 2, 2 * 2 = 4. Or, for the value 5, 5 * 2 = 10, 10 * 2 = 20.
To read the ToS/DiffServ Color Table, look at the column labeled S0-D2. The values range from 0-63. When the number is 0, the color is empty (no
QoS Stamp). The other colors presented there are what will show up when the ToS field takes on that value. Remember, if you use ping or the Traffic
Generator utility, you have to multiply that number by two (e.g., to see the first ping color you need to multiply 8 * 2 = 16, 16 * 2 = 32. So, set the
value 32 into the ToS field).
TOS/DiffServ Bits
S0 S1 S2 D0
D1
D2
ECT
CE
S0-D2
Meaning
0 Default Precedence
0
0
Red
Green Blue
Color
Hex
255
255
255
0xFFFFFF
1 Local Use
40
40
40
0x282828
2 Local Use
45
45
45
0x2D2D2D
3 Local Use
50
50
50
0x323232
4 Local Use
55
55
55
0x373737
5 Local Use
60
60
60
0x3C3C3C
6 Local Use
65
65
65
0x414141
7 Local Use
70
70
70
0x464646
8 Priority Precedence
255
255
0xFF00FF
9 Local Use
75
75
75
0x4B4B4B
10 AF11 (Class 1 - Low Drop)
255
200
200
0xFFC8C8
11 Local Use
80
80
80
0x505050
12 AF12 (Class 1 - Med Drop)
255
110
110
0xFF6E6E
13 Local Use
85
85
85
0x555555
14 AF13 (Class 1 - High Drop)
255
0xFF0000
15 Local Use
90
90
90
0x5A5A5A
16 Immediate Precedence
128
255
255
0x80FFFF
17 Local Use
95
95
95
0x5F5F5F
200
255
200
0xC8FFC8
19 Local Use
100
100
100
0x646464
150
255
150
0x96FF96
21 Local Use
105
105
105
0x696969
255
0x00FF00
23 Local Use
110
110
110
0x6E6E6E
24 Flash Precedence
128
0x800000
25 Local Use
115
115
115
0x737373
190
190
255
0xBEBEFF
27 Local Use
120
120
120
0x787878
110
110
255
0x6E6EFF
29 Local Use
125
125
125
0x7D7D7D
255
0x0000FF
31 Local Use
130
130
130
0x828282
32 Flash Override Precedence
128
0x008000
33 Local Use
135
135
135
0x878787
255
255
200
0xFFFFC8
35 Local Use
140
140
140
0x8C8C8C
255
255
150
0xFFFF96
37 Local Use
145
145
145
0x919191
255
255
0xFFFF00
39 Local Use
150
150
150
0x969696
40 CRITIC/ECP Precedence
128
0x000080
41 Local Use
155
155
155
0x9B9B9B
42 Local Use
160
160
160
0xA0A0A0
43 Local Use
165
165
165
0xA5A5A5
44 Local Use
170
170
170
0xAAAAAA
45 Local Use
175
175
175
0xAFAFAF
46 Expedited Forwarding
128
128
0x800080
47 Local Use
180
180
180
0xB4B4B4
48 Internetwork Control Precedence
128
128
49 Local Use
185
185
185
0xB9B9B9
50 Local Use
185
185
185
0xB9B9B9
51 Local Use
190
190
190
0xBEBEBE
52 Local Use
195
195
195
0xC3C3C3
53 Local Use
200
200
200
0xC8C8C8
54 Local Use
205
205
205
0xCDCDCD
55 Local Use
210
210
210
0xD2D2D2
56 Network Control Precedence
128
128
0x008080
57 Local Use
215
215
215
0xD7D7D7
58 Local Use
220
220
220
0xDCDCDC
59 Local Use
225
225
225
0xE1E1E1
60 Local Use
230
230
230
0xE6E6E6
61 Local Use
235
235
235
0xEBEBEB
62 Local Use
240
240
240
0xF0F0F0
63 Local Use
245
245
245
0xF5F5F5
0x808000
To find out what type of QoS Stamp is shown in Simulation Mode, look at the second screenshot above as an example. You can see that there is a
QoS Stamp on the EIGRP packet that is at QoS_Router. Click on the EIGRP packet where the QoS Stamp appears to open the EIGRP packet's PDU
information. Next, click on the Outbound PDU Details tab to reveal the headers in the EIGRP packet (refer to the "PDU Information" page for more
details). The field that determines the QoS Stamp's type is the DSCP field. In this EIGRP packet, the DSCP value is 0xe0, which is a hexadecimal
value. This hexadecimal value needs to be converted into decimal, which is 224. However, 224 is not in S0-D2 column in the ToS/DiffServ color
table. This is because the value has been bit-shifted two places to the left. As a result, it is necessary to unshift the value in order to use the
ToS/DiffServ Color Table. To do this, take the DSCP value and divide it twice. In this example, since the value is 224, 224 / 2 = 112, 112 / 2 = 56. For
the value of 56, the S0-D2 column in the ToS/DiffServ Color Table indicates that this QoS Stamp is a Network Control Precedence type.
By default, Packet Tracer shows QoS Stamps in Simulation Mode. To prevent QoS
Stamps from appearing, go to Preferences and uncheck Show QoS Stamps on Packets.
Simulation Mode: PDU Information

During a simulation, you can click on a packet (on the topology or the corresponding event in the Event List) to bring up its information window and
view its details. The details window contains three possible tabs: OSI Model, Inbound PDU Details, and Outbound PDU Details.
The OSI Model tab shows how the packet is processed at each layer of the OSI model by the current device. The process is further separated by the
direction in which the packets are traveling, incoming versus outgoing. The incoming layers (In Layer) show how the device processes an incoming
or a buffered packet, and the outgoing layers (Out Layer) show the process a device goes through when it sends a packet to one or multiple ports.
The In Layer is meant to be read starting from bottom to top (from Layer 1 to Layer 7),
while the Out Layer is read from top to bottom (from Layer 7 to Layer 1). This is
because the physical layer is the first layer at which incoming PDUs are processed, and
it is the last layer at which outgoing PDUs are processed when they exit the device.
The Inbound PDU Details tab only applies if the PDU you clicked on is being received on the device; it will not appear if the PDU originated from
that device. The tab shows exactly what is in the headers of the PDU, broken up into header type and the individual fields in each header. For
example, a PDU may have an Ethernet II and an ARP header, so the tab will show information such as the preamble, FCS, and source and destination
addresses.
The Outbound PDU Details tab shows similar information for outgoing packets. This tab only applies if the device has a PDU to send.
Most of the time, a device will receive a PDU and then, as a result, send out a PDU. In this case, both the Inbound PDU Details and the Outbound
PDU Details tabs apply.
Challenge Mode
You can quiz yourself on the encapsulation process by entering Challenge Mode when viewing PDU information. Click the Challenge Me button to
do so. The layer details are hidden, and the information window is replaced by a question window that asks you what the device does to a PDU at a
given layer. Select from a multiple-choice list. If you answer correctly, the details for that layer are shown and the question window advances to the
next layer. You can click the Hint button if you need help.
Each Challenge Question may contain the following answers:
Encapsulate: Adds a header or a header and trailer to the PDU on this layer to create the PDU at the next lower layer.
De-encapsulate: Removes a header or a header and trailer from the PDU on this layer to create the PDU at the next higher layer.
Transfer: Moves the PDU from the inbound OSI stack to the outbound OSI stack.
Accept: Accepts and finishes processing of the PDU.
Queue: Holds the PDU for processing or sending at a later time.
Drop: Eliminates the PDU.
Transmit: Sends the signal out the physical media.
PDU Color Legend
Simulation Mode: Managing Simulation Scenarios

In Packet Tracer, you can set up and simulate complex networking situations (scenarios) through the User Created Packet Window (UCPW) found
on the lower right corner of the application. A scenario is a set of PDUs that you have placed in the network to be sent at specific times. When you
first switch to Simulation Mode, the default scenario is "Scenario 0." You can edit the name of the scenario, and you can write a description for the
scenario by clicking the Scenario Description icon next to its name. You can create and delete scenarios with the New and Delete buttons, and you
can switch between scenarios by choosing from the scenario drop-down menu. Multiple scenarios can be created for one logical topology,
corresponding to different test conditions you may want to model. Note the contrast between the UCPW (packets you create) and the event list (all
packets occurring anywhere on the network that you chose to display, whether or not they were originated by you or by protocols running on the
network devices).
The Protocol Data Units List is an important part of the UCPW that tracks all of the PDUs you created for the current scenario. You can put the
Protocol Data Units List in its own window on the workspace by pressing the Toggle PDU List Window button. Click the button again to integrate
it back into the UCPW.
Each PDU in the PDU list has the following fields:
Fire: You can double click on this field to "send" the PDU immediately in realtime mode or queue for transmission in simulation mode.
Last Status: This field indicates the last known status of the PDU (Successful, Fail, or In Progress).
Source: This field shows the name of the device from which the PDU originated.
Destination: This field shows the name of the device that the PDU is ultimately trying to reach.
Type: This field specifies the PDU protocol type.
Color: This field shows PDU color as it appears in the animation. (See the tip box below for information about changing the PDU color.)
Time: This field displays the simulation time (or timeframe) at which the PDU is scheduled to be sent.
Periodic: This field indicates whether the PDU is to be sent periodically (Y) or not (N).
Num: This field shows a numerical index for the PDU.
Edit: You can double click this button to edit the PDU properties. (See the next page, "Custom PDUs", for more details.)
Delete: You can double click this button to remove the PDU from the list. (It will no longer be part of the scenario.)
User-created PDUs are initially assigned a random color in the animation. You can
double click the colored "tile" of a PDU in the Protocol Data Units List to bring up the
Color Selector of the PDU and then change the color.
You can rearrange the placement of each of the fields in the Protocol Data Units List by
dragging the title of a field to the desired position.
Note that user-created PDUs are not "cleared" from the Protocol Data Units List when the simulation restarts (such as by pressing the Reset
Simulation button). Restarting the scenario simply clears all PDUs currently propagating in the network and resets the simulation time. The PDUs on
the Protocol Data Units List will propagate the network at their specified times when you run the scenario again. To remove a PDU you created,
select it on the Protocol Data Units List and double click its Delete button.
Simulation Mode: Complex PDUs

In addition to simple, quick pings, you can also send customized PDUs. In the Common Tools Bar, click the Add Complex PDU icon, and then
click your source device to bring up the Create Complex PDU dialogue. You can choose which port that the PDU will be sent out (or leave it at the
default). You can also change the type of the PDU by selecting from the list of applications. Depending on the application and device, the PDU may
have the following settings: Destination IP Address, Source IP Address, TTL (Time-To-Live), TOS (Type of Service), Source Port, Destination
Port, Sequence Number, and Size.
Packet Tracer supports custom PDUs with source and destination ports corresponding to
the following application layer protocols:
DNS, Finger, FTP, HTTP, HTTPS, IMAP, NetBIOS, Ping, POP3, SFTP, SMTP,
SNMP, SSH, Telnet, TFTP, Other
You can also set the timing parameters of the PDU. The PDU can be a One Shot event; it is to be sent at a time you specify (in seconds).
Alternatively, the PDU can be a Periodic event; it will be sent periodically at intervals you specify (also in seconds).
Simulation Mode: Special Notes

Editing the Network and Using the Cisco IOS in Simulation Mode
Although Realtime Mode is the preferred mode for network configuration, you can also edit the network directly in Simulation Mode. You have full
access to the Common Tools Bar and the Network Component Box. You also retain access to the Cisco IOS (or in the case of the PC, the command
prompt). When you work with the IOS in Simulation Mode, the network responds to most of your command sequences in realtime. For example,
when you issue the shutdown command on a port, that port will go down immediately. Any command that does not involve the propagation of PDUs
in the network will have a realtime response. Command sequences that do cause or affect the propagation of PDUs will require the user to click the
Auto Capture / Play or Capture / Forward button in order to see the results. For example, after you issue the ping command sequence from the
IOS on a router, the appropriate PDU animation icons will appear on the workspace (as if you had used the Add Simple PDU button), but you would
need to click the Auto Capture / Play or Capture / Forward button to watch the PDUs propagate. The IOS status messages or indicators will
synchronize with the events of the simulation and play speed, appearing to be very slow. Note that packets created by IOS commands do not appear
on the User Created PDU List.
Time Management Between Realtime and Simulation Mode

Realtime Mode and Simulation Mode share a common "master" timeline. The master timeline is transparent to the user; you cannot "see" it in
numerical form. The master timeline only moves forward; you cannot "reset" it or move backwards in time. The master timeline is always advancing
when you are in Realtime Mode (moving at the modeled speed of realtime as shown in the Realtime/Simulation Bar). When you switch to Simulation
Mode, the master timeline pauses and falls somewhat under your control. At that point, you will be running under simulation time, which can be
thought of as a "segment" of the master timeline. You can use the Auto Capture / Play or Capture / Forward buttons to move forward in simulation
time, which will cause the master timeline to advance accordingly. You can use the Back button to view a previous network state; however, time does
not actually "travel backward". The master timeline will remain at its "most-forward" state. For example, if Event A occurs, and then you use the
Back button to move back in time to create Event B, the result will not be what you would expect. When you play this scenario, Event B will take
place after Event A, even if you think you have "forced" Event B to occur first. Thus, it is impossible to interfere or pre-empt an event that already
has occurred, and you should not consider using the Back button for that purpose. If you clear the event list, the simulation time will restart at 0.000,
but the master time will continue from the last event.
When you switch back to Realtime Mode, the master timeline will continue off of the last event in Simulation Mode and move forward at realtime
speed again. If you started some event in Simulation Mode, and then switch to Realtime Mode, that event will continue and finish in realtime. For
example, if you created a ping between two devices in Simulation Mode and then you switch to Realtime Mode, that ping will proceed (even if you
have not pressed the Auto Capture / Play or Capture / Forward button back in Simulation Mode). One of the powerful features of Packet Tracer is
the ability to manipulate time and events on the model network; however, be aware that interpreting intermediate results, like viewing switching and
routing tables while network protocols are still converging, can be a complex task.
Connections / Links
Packet Tracer supports a wide range of network connections. Each cable type can only be connected to certain interface types.
Cable Type
Console
Description
Console connections can be made between PCs and routers or switches. Certain conditions must be met for the
console session from the PC to work: the speed on both sides of the connection must be the same, the data bits must
be 7 for both or 8 for both, the parity must be the same, the stop bits must be 1 or 2 (but they do not have to be the
same), and the flow control can be anything for either side.
Copper Straightthrough
Copper Cross-over
This cable type is the standard Ethernet media for connecting between devices that operate at different OSI layers
(such as hub to router, switch to PC, and router to hub). It can be connected to the following port types: 10 Mbps
Copper (Ethernet), 100 Mbps Copper (Fast Ethernet), and 1000 Mbps Copper (Gigabit Ethernet).
This cable type is the Ethernet media for connecting between devices that operate at the same OSI layer (such as
hub to hub, PC to PC, PC to printer). It can be connected to the following port types: 10 Mbps Copper (Ethernet),
100 Mbps Copper (Fast Ethernet), and 1000 Mbps Copper (Gigabit Ethernet).
Fiber media is used to make connections between fiber ports (100 Mbps or 1000 Mbps).
Fiber
Phone
Phone line connections can only be made between devices with modem ports. The standard application for modem
connections is an end device (such as a PC) dialing into a network cloud.
Coaxial
Coaxial media is used to make connections between coaxial ports such as a cable modem connected to a Packet
Tracer Cloud.
Serial DCE and

DTE
Serial connections, often used for WAN links, must be connected between serial ports. Note that you must enable
clocking on the DCE side to bring up the line protocol. The DTE clocking is optional. You can tell which end of the
connection is the DCE side by the small clock icon next to the port. If you choose the Serial DCE connection
type and then connect two devices, the first device will be the DCE side and the second device will be
automatically set to the DTE side. The reverse is true if you choose the Serial DTE connection type.
The 8-port asynchronous cable provides the high-density connector on one end and eight RJ-45 plugs on the other.
Octal
Wireless Links
You can establish wireless links between access points and end devices (PCs, servers, and printers). To establish a link, simply remove the existing
module on an end device, insert a wireless module, and turn on the device. The device will automatically try to associate itself with an access point.
Typically, this means it will associate (physically) with the nearest access point. See the Wireless Devices page under the Physical Workspace section
for more information regarding distances. However, if two or more access points are in the same closet, the distance from any access point to any end
device is essentially the same. In this case, an end device will associate with the access point that was created first. Recall that the logical topology
does not reflect physical distances, and everything that is created in the Logical Workspace is initially placed in the same wiring closet in the Physical
Workspace. The process for establishing wireless links between Linksys routers and end devices with Linksys network modules is similar, but
described elsewhere.
Link Status
When you connect two devices, you will typically see link lights on both ends of the connection. Some connections do not have link lights.
Link Light Status
Bright green
Blinking green
Red
Amber
Black
Meaning
The physical link is up. However, this is not indicative of the line protocol status on the link.
There is link activity.
The physical link is down. It is not detecting any signals.
The port is in a blocking state due to STP. This appears only on switches.
This is used by console connections only. Black color indicates the console cable is connected to the correct port.
Devices and Modules

Packet Tracer supports a wide array of modules for networking devices. To change a module in any device, you must first turn off the power for that
device. There is a power switch available on the Physical page of any device that can change modules. If the module slot is filled you must drag the
existing module out of the device and over to the modules list and then release it. If you are not in the correct place the module will return to the slot.
After removing the original module select and drag the new module from the list of modules to directly over the open slot. When the module appears
in the open slot, turn the power back on. Note, when you turn off switches or routers and then turn them back on, they will load their startup
configuration files. If you do not save the running configuration, it will be lost.
When the network contains routers or switches, develop a habit of saving their running
configurations to the startup configuration before you press their power buttons (or the
Power Cycle Devices button).
Physical Configuration and Module List

When you click on a device in the workspace, you are first presented with the Physical Device View of the selected device. You will see an
interactive photo on the main panel and a list of compatible modules on the left. You can interact with the device by pressing its power button, adding
a module by dragging it from the list into a compatible bay, or removing a module by dragging it from the bay back to the list. You can also zoom in
and out of the photo with the zoom controls. The pages in this section show all of the Packet Tracer devices and their supported modules. On these
pages, you can click on the thumbnail image of each device or module to view a larger image.
Devices and Modules: Routers

All images on this page are thumbnails on which you can click to bring up a larger
image.
Router: 1841
The Cisco 1841 Integrated Services Router provides two fixed 10/100 (100BASE-TX) Ethernet ports, two integrated High-Speed WAN Interface
Card (HWIC) slots that are compatible with WAN Interface Card (WICs) and Voice/WAN Interface Cards (VWICs), and one internal Advanced
Integration Module (AIM) slot.
Module Name
HWIC-2T
Thumbnails
Description
The HWIC-2T is a Cisco 2-Port Serial High-Speed WAN Interface Card, providing 2 serial ports.
HWIC-4ESW
The HWIC-4ESW provides four switching ports.
HWIC-8A
The HWIC-8A provides up to eight asynchronous EIA-232 connections to console ports.
HWIC-AP-AG-B
The HWIC-AP-AG-B module is a High-Speed WAN Interface Card providing integrated Access Point
functionality in the Cisco 1800 (Modular), Cisco 2800, and Cisco 3800 Integrated Services Routers. It
supports Single Band 802.11b/g or Dual Band 802.11a/b/g radios.
The WIC-1AM card features dual RJ-11 connectors, which are used for basic telephone service
connections. The WIC-1AM uses one port for connection to a standard telephone line, and the other
port can be connected to a basic analog telephone for use when the modem is idle.
The WIC-1ENET is a single-port 10 Mbps Ethernet interface card, for use with 10BASE-T Ethernet
LANs.
The WIC-1T provides a single port serial connection to remote sites or legacy serial network devices
such as Synchronous Data Link Control (SDLC) concentrators, alarm systems, and packet over
SONET (POS) devices.
connections. The WIC-2AM has two modem ports to allow multiple data communication connections.
WIC-1AM
WIC-1ENET
WIC-1T
WIC-2AM
WIC-2T
The 2-port asynchronous/synchronous serial network module provides flexible multi-protocol support,
with each port individually configurable in synchronous or asynchronous mode, offering mixed media
dial support in a single chassis. Applications for asynchronous/synchronous support include: low
speed WAN aggregation (up to 128 Kbps), dial-up modem support, Async or Sync connections to
management ports of other equipment, and transport of legacy protocols such as Bi-sync and SDLC.
The WIC cover plate provides protection for the internal electronic components. It also helps maintain
adequate cooling by normalizing airflow.
WIC-Cover
Router: 1941
The Cisco 1941 Integrated Services Router (ISR) provides 2 integrated 10/100/1000 Ethernet ports, 2 WAN Interface Card (WIC) slots and 1 Internal
Services Module slot.
Module Name
HWIC-2T
Thumbnails
Description
HWIC-4ESW
HWIC-8A
WIC-Cover
Router: 2620XM
The Cisco 2620XM Multiservice Router provides a one-network module slot platform with one fixed 10/100 (100BASE-TX) Ethernet port, two
integrated WAN Interface Card (WIC) slots, and one Advanced Integration Module (AIM) slot.
Module Name
NM-1E
NM-1E2W
NM-1FE-FX
NM-1FE-TX
NM-1FE2W
NM-2E2W
NM-2FE2W
NM-2W
NM-4A/S
Thumbnails
Description
The NM-1E features a single Ethernet port that can connect a LAN backbone which can also support
either six PRI connections to aggregate ISDN lines, or 24 synchronous/asynchronous ports.
The NM-1E2W provides a single Ethernet port with two WIC slots that can support a single Ethernet
LAN, together with two serial/ISDN backhaul lines, and still allow multiple serial or ISDN in the same
chassis.
The NM-1FE-FX Module provides one Fast-Ethernet interface for use with fiber media. Ideal for a
wide range of LAN applications, the Fast Ethernet network modules support many internetworking
features and standards. Single port network modules offer autosensing 10/100BaseTX or 100BaseFX
Ethernet.
The NM-1FE-TX Module provides one Fast-Ethernet interface for use with copper media. Ideal for a
Ethernet. The TX (copper) version supports virtual LAN (VLAN) deployment.
The NM-1FE2W Module provides one Fast-Ethernet interface for use with copper media, in addition
to two Wan Interface Card expansion slots. Ideal for a wide range of LAN applications, the Fast
Ethernet network modules support many internetworking features and standards. Single port network
modules offer autosensing 10/100BaseTX or 100BaseFX Ethernet. The TX (copper) version supports
virtual LAN (VLAN) deployment.
The NM-2E2W provides two Ethernet ports with two WIC slots that can support two Ethernet LANs,
together with two serial/ISDN backhaul lines, and still allow multiple serial or ISDN in the same
chassis.
The NM-2FE2W Module provides two Fast-Ethernet interfaces for use with copper media, in addition
Ethernet network modules support many internetworking features and standards.
The NM-2W Module provides two WAN Interface Card expansion slots. It can be used with a broad
range of interface cards, supporting a diverse array of physical media and network protocols.
with each port individually configurable in synchronous or asynchronous mode, offering mixed-media
dial support in a single chassis. Applications for Asynchronous/Synchronous support include: Low
NM-4E
NM-8A/S
NM-8AM
NM-Cover
WIC-1AM
WIC-1T
WIC-2AM
WIC-2T
WIC-Cover
Router: 2621XM
The NM-4E features four Ethernet ports for multifunction solutions that require higher-density
Ethernet than the mixed-media network modules.
The NM-8AM Integrated V.92 analog modem network module provides cost-effective analog
telephone service connectivity for lower-density remote-access service (RAS), dial-out and fax-out
modem access, asynchronous dial-on-demand routing (DDR) plus dial backup, and remote router
management. Both the 8-port and 16-port versions use RJ-11 jacks to connect the integrated modems
to basic analog telephone lines on the public switched telephone network (PSTN) or private telephony
systems.
The NM cover plate provides protection for the internal electronic components. It also helps maintain
dial support in a single chassis. Applications for asynchronous/synchronous support include: low speed
WAN aggregation (up to 128 Kbps), dial-up modem support, Async or Sync connections to
The Cisco 2621XM Multiservice Router provides a one-network module slot platform with two fixed 10/100 (100BASE-TX) Ethernet ports, two
integrated WAN Interface Card (WIC) slots, and one Advanced Integration Module (AIM) slot.
The 2621XM supports the same modules that the 2620XM supports.
Router: 2811
The Cisco 2811 Integrated Services Router provides one Enhanced Network-Module slot with two fixed 10/100 (100BASE-TX) Ethernet ports, four
integrated High-Speed WAN Interface Card (HWIC) slots that are compatible with WAN Interface Card (WICs), Voice Interface Cards (VICs) and
Voice/WAN Interface Cards (VWICs), and dual Advanced Integration Module (AIM) slots.
Module Name
NM-1E
NM-1E2W
NM-1FE-FX
NM-1FE-TX
NM-1FE2W
Thumbnails
Description
The NM-1E features a single Ethernet port that can connect a LAN backbone which can also support
either six PRI connections to aggregate ISDN lines, or 24 synchronous/asynchronous ports.
The NM-1E2W provides a single Ethernet port with two WIC slots that can support a single Ethernet
LAN, together with two serial/ISDN backhaul lines, and still allow multiple serial or ISDN in the
same chassis.
The NM-1FE-FX Module provides one Fast-Ethernet interface for use with fiber media. Ideal for a
Ethernet.
The NM-1FE-TX Module provides one Fast-Ethernet interface for use with copper media. Ideal for a
Ethernet. The TX (copper) version supports virtual LAN (VLAN) deployment.
The NM-1FE2W Module provides one Fast-Ethernet interface for use with copper media, in addition
Ethernet network modules support many internetworking features and standards. Single port network
modules offer autosensing 10/100BaseTX or 100BaseFX Ethernet. The TX (copper) version supports
NM-ESW-161
virtual LAN (VLAN) deployment.

The NM-2E2W provides two Ethernet ports with two WIC slots that can support two Ethernet LANs,
together with two serial/ISDN backhaul lines, and still allow multiple serial or ISDN in the same
chassis.
The NM-2FE2W Module provides two Fast-Ethernet interfaces for use with copper media, in addition
Ethernet network modules support many internetworking features and standards.
The NM-2W Module provides two WAN Interface Card expansion slots. It can be used with a broad
range of interface cards, supporting a diverse array of physical media and network protocols.
The NM-4E features four Ethernet ports for multifunction solutions that require higher-density
Ethernet than the mixed-media network modules.
The NM-8AM Integrated V.92 analog modem network module provides cost-effective analog
telephone service connectivity for lower-density remote-access service (RAS), dial-out and fax-out
modem access, asynchronous dial-on-demand routing (DDR) plus dial backup, and remote router
management. Both the 8-port and 16-port versions use RJ-11 jacks to connect the integrated modems
to basic analog telephone lines on the public switched telephone network (PSTN) or private telephony
systems.
The NM cover plate provides protection for the internal electronic components. It also helps maintain
The NM-ESW-161 provides 16 switching ports.
HWIC-2T
HWIC-4ESW
NM-2E2W
NM-2FE2W
NM-2W
NM-4A/S
NM-4E
NM-8A/S
NM-8AM
NM-Cover
HWIC-8A
HWIC-AP-AG-B
The HWIC-AP-AG-B module is a High-Speed WAN Interface Card providing integrated Access Point
functionality in the Cisco 1800 (Modular), Cisco 2800, and Cisco 3800 Integrated Services Routers. It
supports Single Band 802.11b/g or Dual Band 802.11a/b/g radios.
The WIC-1ENET is a single-port 10 Mbps Ethernet interface card, for use with 10BASE-T Ethernet
LANs.
dial support in a single chassis. Applications for asynchronous/synchronous support include: low
WIC-1AM
WIC-1ENET
WIC-1T
WIC-2AM
WIC-2T
WIC-Cover
Router: 2901
The Cisco 2901 Integrated Services Router (ISR) provides 2 integrated 10/100/1000 Ethernet ports, 4 enhanced high-speed WAN interface card
(WIC) slots, 2 onboard digital signal processor (DSP) slots and 1 onboard Internal Service Module for application services.
Module Name
Thumbnails
Description
HWIC-2T
HWIC-4ESW
HWIC-8A
WIC-Cover
Router: 2911
The Cisco 2901 Integrated Services Router (ISR) provides 2 integrated 10/100/1000 Ethernet ports, 4 enhanced high-speed WAN interface card
(WIC) slots, 2 onboard digital signal processor (DSP) slots and 1 onboard Internal Service Module for application services.
Module Name
HWIC-2T
Thumbnails
Description
HWIC-4ESW
HWIC-8A
WIC-Cover
Router: Router-PT
The Router-PT generic router provides ten slots, one console port, and one auxiliary port.
Module Name
PT-ROUTER-NM-1AM
PT-ROUTER-NM-1CE
PT-ROUTER-NM-1CFE
PT-ROUTER-NM-1CGE
PT-ROUTER-NM-1FFE
PT-ROUTER-NM-1FGE
Thumbnail
Description
The PT-ROUTER-NM-1AM card features dual RJ-11 connectors, which are used for basic
telephone service connections. The WIC-1AM uses one port for connection to a standard
telephone line, and the other port can be connected to a basic analog telephone for use when
the modem is idle.
The PT-ROUTER-NM-1CE features a single Ethernet port that can connect a LAN backbone
which can also support either six PRI connections to aggregate ISDN lines, or 24
synchronous/asynchronous ports.
The PT-ROUTER-NM-1CFE Module provides one Fast-Ethernet interface for use with
copper media. Ideal for a wide range of LAN applications, the Fast Ethernet network modules
support many internetworking features and standards. Single port network modules offer
autosensing 10/100BaseTX or 100BaseFX Ethernet. The TX (copper) version supports virtual
LAN (VLAN) deployment.
The single-port Cisco Gigabit Ethernet Network Module (part number PT-ROUTER-NM1CGE) provides Gigabit Ethernet copper connectivity for access routers. The module is
supported by the Cisco 2691, Cisco 3660, Cisco 3725, and Cisco 3745 series routers. This
network module has one gigabit interface converter (GBIC) slot to carry any standard copper
or optical Cisco GBIC.
The PT-ROUTER-NM-1FFE Module provides one Fast-Ethernet interface for use with fiber
media. Ideal for a wide range of LAN applications, the Fast Ethernet network modules
support many internetworking features and standards. Single port network modules offer
autosensing 10/100BaseTX or 100BaseFX Ethernet.
The single-port Cisco Gigabit Ethernet Network Module (part number PT-ROUTER-NM1FGE) provides Gigabit Ethernet copper connectivity for access routers. The module is
PT-ROUTER-NM-1S
The PT-ROUTER-NM-1S provides a single port serial connection to remote sites or legacy
serial network devices such as Synchronous Data Link Control (SDLC) concentrators, alarm
systems, and packet over SONET (POS) devices.
PT-ROUTER-NM-1SS
The 2-port asynchronous/synchronous serial network module provides flexible multi-protocol

support, with each port individually configurable in synchronous or asynchronous mode,
offering mixed media dial support in a single chassis. Applications for
asynchronous/synchronous support include: low speed WAN aggregation (up to 128 Kbps),
dial-up modem support, Async or Sync connections to management ports of other equipment,
and transport of legacy protocols such as Bi-sync and SDLC.
Devices and Modules: Switches

image.
Switch: 2950-24
The Cisco Catalyst 2950-24 is a member of the Cisco Catalyst 2950 series switch family. It is a standalone, fixed-configuration, managed 10/100
switch providing user connectivity for small- to mid-sized networks.
It does not support add-in modules.
Switch: 2950T-24
The Cisco Catalyst 2950T-24 is a member of the Catalyst 2950 Series Intelligent Ethernet Switch family. It is a fixed-configuration, standalone
switch that provides wire-speed Fast Ethernet and Gigabit Ethernet connectivity for mid-sized networks.
Switch: 2960-24TT
The Cisco Catalyst 2960-24TT is a member of the Catalyst 2960 Series Intelligent Ethernet Switch family. It is a fixed-configuration, standalone
Switch: Switch-PT
The Switch-PT generic switch provides ten slots, one console port, and one auxiliary port.
PT-SWITCH-NM-1CE
The PT-SWITCH-NM-1CE features a single Ethernet port that can connect a LAN backbone
PT-SWITCH-NM-1CFE
PT-SWITCH-NM-1CGE
PT-SWITCH-NM-1FFE
PT-SWITCH-NM-1FGE
The PT-SWITCH-NM-1CFE Module provides one Fast-Ethernet interface for use with copper
media. Ideal for a wide range of LAN applications, the Fast Ethernet network modules support
many internetworking features and standards. Single port network modules offer autosensing
10/100BaseTX or 100BaseFX Ethernet. The TX (copper) version supports virtual LAN
(VLAN) deployment.
The single-port Cisco Gigabit Ethernet Network Module (part number PT-SWITCH-NM1CGE) provides Gigabit Ethernet copper connectivity for access routers. The module is
The PT-SWITCH-NM-1FFE Module provides one Fast-Ethernet interface for use with fiber
10/100BaseTX or 100BaseFX Ethernet.
The single-port Cisco Gigabit Ethernet Network Module (part number PT-SWITCH-NM1FGE) provides Gigabit Ethernet optical connectivity for access routers. The module is
Switch: 3560-24PS
The Cisco Catalyst 3560-24PS is a member of the Catalyst 3560 Series Intelligent Ethernet Switch family. It is a fixed-configuration, standalone
Bridge-PT
This bridge provides two slots.

The bridge supports the same modules that the Switch-PT supports.
Devices and Modules: End Devices

All images on this page are thumbnails in which you can click to bring up a larger
image.
PC-PT
The PC-PT provides a console port and one slot.

Module Name
Linksys-WMP300N
PC-HOST-NM-1AM
PC-HOST-NM-1CE
PC-HOST-NM-1CFE
PC-HOST-NM-1CGE
PC-HOST-NM-1FFE
Thumbnail
Description
The Linksys-WMP300N module provides one 2.4GHz wireless interface suitable for
connection to wireless networks. The module supports protocols that use Ethernet for LAN
access.
The PT-HOST-NM-1AM card features dual RJ-11 connectors, which are used for basic
telephone service connection. The WIC-1AM uses one port for connection to a standard
the modem is idle.
The PT-HOST-NM-1CE features a single Ethernet port that can connect a LAN backbone
The PT-HOST-NM-1CFE Module provides 1 Fast-Ethernet interface for use with copper
(VLAN) deployment.
The single-port Cisco Gigabit Ethernet Network Module (part number PT-HOST-NM-1CGE)
provides Gigabit Ethernet copper connectivity for access routers. The module is supported by
the Cisco 2691, Cisco 3660, Cisco 3725, and Cisco 3745 series routers. This network module
has one gigabit interface converter (GBIC) slot to carry any standard copper or optical Cisco
GBIC.
The PT-HOST-NM-1FFE Module provides 1 Fast-Ethernet interface for use with fiber media.
Ideal for a wide range of LAN applications, the Fast Ethernet network modules support many
internetworking features and standards. Single port network modules offer autosensing

The single-port Cisco Gigabit Ethernet Network Module (part number PT-HOST-NM-1FGE)
provides Gigabit Ethernet optical connectivity for access routers. The module is supported by
GBIC.
The PT-HOST-NM-1W module provides one 2.4GHz wireless interface suitable for connection
to wireless networks. The module supports protocols that use Ethernet for LAN access.
PC-HOST-NM-1FGE
PC-HOST-NM-1W
PC-HOST-NM-1W-A
PC-HEADPHONE
The PT-HOST-NM-1W-A module provides one 5GHz wireless interface suitable for
connection to wireless 802.11a networks. The module supports protocols that use Ethernet for
LAN access.
The headphone allows the user to listen to music and sounds from the computer.
PC-MICROPHONE
The microphone allows the computer to record sound.
PC-CAMERA
The camera allows the computer to capture images and movies.
PC-USB-HARD-DRIVE
The USB hard drive adds extra external storage to the computer.
Laptop-PT
The Laptop-PT provides a console port and one slot.

Module Name
Linksys-WMP300N
Thumbnail
Description
The Linksys-WPC300N module provides one 2.4GHz wireless interface suitable for
access.
PC-LAPTOP-NM-1AM
PC-HEADPHONE
The PT-LAPTOP-NM-1AM card features dual RJ-11 connectors, which are used for basic
the modem is idle.
The PT-LAPTOP-NM-1CE features a single Ethernet port that can connect a LAN backbone
The PT-LAPTOP-NM-1CFE Module provides one Fast-Ethernet interface for use with copper
(VLAN) deployment.
The single-port Cisco Gigabit Ethernet Network Module (part number PT-LAPTOP-NM1CGE) provides Gigabit Ethernet copper connectivity for access routers. The module is
The PT-LAPTOP-NM-1FFE Module provides one Fast-Ethernet interface for use with fiber
The single-port Cisco Gigabit Ethernet Network Module (part number PT-LAPTOP-NM1FGE) provides Gigabit Ethernet optical connectivity for access routers. The module is
The PT-LAPTOP-NM-1W module provides one 2.4GHz wireless interface suitable for
access.
The PT-LAPTOP-NM-1W-A module provides one 5GHz wireless interface suitable for
connection to wireless 802.11a networks. The module supports protocols that use Ethernet for
LAN access.
The headphone allows the user to listen to music and sounds from the computer.
PC-MICROPHONE
The microphone allows the computer to record sound.
PC-LAPTOP-NM-1CE
PC-LAPTOP-NM-1CFE
PC-LAPTOP-NM-1CGE
PC-LAPTOP-NM-1FFE
PC-LAPTOP-NM-1FGE
PC-LAPTOP-NM-1W
PC-LAPTOP-NM-1W-A
PC-CAMERA
The camera allows the computer to capture images and movies.
PC-USB-HARD-DRIVE
The USB hard drive adds extra external storage to the computer.
Server-PT
The Server-PT provides two slots.

The Server-PT supports the same modules as the PC-PT except for the PC-HOST-NM-1AM module.
Printer-PT
The Printer-PT provides one slot.

The Printer-PT supports the same modules as the PC-PT except for the PC-HOST-NM-1AM module.
7960
The 7960 IP Phone only provides a port for the power adapter.
Module Name
IP_PHONE_POWER_ADAPTER
Home-VoIP-PT
The Home-VoIP-PT does not support modules.
Analog-Phone-PT
The Analog-Phone-PT does not support modules.
TV-PT
Thumbnail
Description
The Cisco VoIP power adapter.
The TV-PT does not support modules.
TabletPC-PT
The TabletPC-PT does not support modules. However, it has a built-in Wireless interface.
PDA-PT
The PDA-PT does not support modules. However, it has a built-in Wireless interface.
WirelessEndDevice-PT
The WirelessEndDevice-PT does not support modules. However, it has a built-in Wireless interface.
WiredDevice-PT
The WiredDevice-PT does not support modules. However, it has a built-in FastEthernet interface.
Devices and Modules: Other Devices

image.
Hub-PT
The Hub-PT provides ten slots.

Module Name
PT-REPEATER-NM-1CE
PT-REPEATER-NM-1CFE
PT-REPEATER-NM-1CGE
PT-REPEATER-NM-1FFE
PT-REPEATER-NM-1FGE
Thumbnail
Description
The PT-REPEATER-NM-1CE features a single Ethernet port that can connect a LAN
backbone which can also support either six PRI connections to aggregate ISDN lines, or 24
The PT-REPEATER-NM-1CFE Module provides one Fast-Ethernet interface for use with
copper media. Ideal for a wide range of LAN applications, the Fast Ethernet network
modules support many internetworking features and standards. Single port network
modules offer autosensing 10/100BaseTX or 100BaseFX Ethernet. The TX (copper)
version supports virtual LAN (VLAN) deployment.
The PT-REPEATER-NM-1CFE Module provides one Fast-Ethernet interface for use with
copper media. Ideal for a wide range of LAN applications, the Fast Ethernet network
modules offer autosensing 10/100BaseTX or 100BaseFX Ethernet. The TX (copper)
version supports virtual LAN (VLAN) deployment.
The PT-REPEATER-NM-1FFE Module provides one Fast-Ethernet interface for use with
fiber media. Ideal for a wide range of LAN applications, the Fast Ethernet network
modules offer autosensing 10/100BaseTX or 100BaseFX Ethernet.
The single-port Cisco Gigabit Ethernet Network Module (part number PT-REPEATERNM-1FGE) provides Gigabit Ethernet optical connectivity for access routers. The module
is supported by the Cisco 2691, Cisco 3660, Cisco 3725, and Cisco 3745 series routers.
This network module has one gigabit interface converter (GBIC) slot to carry any standard
copper or optical Cisco GBIC.
Repeater-PT
The Repeater-PT provides two slots.

The Repeater-PT supports the same modules that the Hub-PT supports.
CoAxialSplitter-PT
The CoAxialSplitter-PT does not support modules.
AccessPoint-PT
The AccessPoint-PT has a built-in antenna and provides one slot.

The AccessPoint-PT supports the same modules that the Hub-PT supports.
AccessPoint-PT-A
The AccessPoint-PT-A has a built-in antenna and provides one slot.

The AccessPoint-PT-A supports the same modules that the Hub-PT supports.
AccessPoint-PT-N
The AccessPoint-PT-N has a built-in antenna and provides one slot.

The AccessPoint-PT-N supports the same modules that the Hub-PT supports.
Linksys-WRT300N
The Linksys-WRT300N wireless router has a built-in antenna and provides four fixed 10/100 (100BASE-TX) Ethernet ports and one fixed Internet
port (also 100BASE-TX, typically for connection to cable and DSL modems).
The Linksys-WRT300N wireless router does not support modules.
Cloud-PT
Although a cloud is not a single device, Packet Tracer gives you access to a representation of a cloud. It provides ten slots, a console port, and an
auxiliary port.
Device Name
PT-CLOUD-NM-1AM
PT-CLOUD-NM-1CE
PT-CLOUD-NM-1CFE
Thumbnail
Description
The PT-CLOUD-NM-1AM card features dual RJ-11 connectors, which are used for basic
telephone line, and the other port can be connected to a basic analog telephone for use when the
modem is idle.
The PT-CLOUD-NM-1CE features a single Ethernet port that can connect a LAN backbone
The PT-CLOUD-NM-1CFE Module provides one Fast-Ethernet interface for use with copper
(VLAN) deployment.
The single-port Cisco Gigabit Ethernet Network Module (part number PT-CLOUD-NM-1CGE)
provides Gigabit Ethernet copper connectivity for access routers. The module is supported by
GBIC.
The PT-CLOUD-NM-1CX card features a single coaxial connector, which is used for a cable
modem service connection.
The PT-CLOUD-NM-1FFE Module provides one Fast-Ethernet interface for use with fiber
The single-port Cisco Gigabit Ethernet Network Module (part number PT-CLOUD-NM-1FGE)
provides Gigabit Ethernet optical connectivity for access routers. The module is supported by
GBIC.
The PT-CLOUD-NM-1S provides a single port serial connection to remote sites or legacy serial
network devices such as Synchronous Data Link Control (SDLC) concentrators, alarm systems,
and packet over SONET (POS) devices.
PT-CLOUD-NM-1CGE
PT-CLOUD-NM-1CX
PT-CLOUD-NM-1FFE
PT-CLOUD-NM-1FGE
PT-CLOUD-NM-1S
DSL-Modem-PT
The DSL-Modem-PT provides one slot.

Device Name
PT-MODEM-NM-1CE
Thumbnail
Description
The PT-MODEM-NM-1CE features a single Ethernet port that can connect a LAN backbone
PT-MODEM-NM-1CFE
PT-MODEM-NM-1CGE
The PT-MODEM-NM-1CFE Module provides one Fast-Ethernet interface for use with copper
(VLAN) deployment.
The single-port Cisco Gigabit Ethernet Network Module (part number PT-MODEM-NM1CGE) provides Gigabit Ethernet copper connectivity for access routers. The module is
Cable-Modem-PT
The Cable-Modem-PT provides one slot.

The Cable-Modem-PT supports the same modules that the DSL-Modem-PT supports.
ASA 5505
The ASA 5505 is from Cisco's line of network security devices.

It is a fixed-configuration that provides Ethernet connectivity. It has one available slot but it is currently not supported in this version of Packet
Tracer.
Configuring Devices
As with real networks, the networks you make in Packet Tracer must be properly configured before they "work." For simple devices, this may just
mean entering some fields (such as an IP address and subnet mask) or selecting options in a graphical configuration panel (accessed by the Config
tab). Routers and switches, on the other hand, are advanced devices that can be configured with much more sophistication. Some of their settings can
be configured in the Config tab, but most advanced configurations will need to be done through the Cisco IOS. This section explains the Config tab
for all devices. You will also find the complete listing of supported IOS commands for routers and switches in this section.
Booting Sequence and IOS Image Loading in Routers and Switches

When a router or switch boots up, the booting sequence is displayed in the CLI tab of the Edit device dialog. The startup file is loaded if it is present,
and the IOS image stored in Flash memory will be loaded into RAM for execution. While the model IOS image is loading, you cannot access the
Config tab or enter any commands in the CLI tab. If there is no valid image stored in Flash memory or the image file instructed to load is not valid,
the device will boot into ROM Monitor Mode. ROM Monitor Mode can also be entered using the break sequence (i.e., press Ctrl + Break or Ctrl +
C) for the device in the first 60 seconds when it boots. Packet Tracer uses 10 seconds to give you faster access to the device. ROM Monitor Mode is a
minimalist environment where you can manipulate files in the NVRAM and Flash memory, download IOS images via TFTP, and choose how the
device is to be booted.
When the booting sequence and the IOS image loading has been completed, the logout mode is loaded so that you can press ENTER to start.
Logging IOS Commands

If you enabled the IOS logging feature (found in Options > Preferences), you can keep track of all IOS commands you entered in a work session.
Click the View button to bring up the IOS Command Log window.
The IOS Command Log window will keep track of all the IOS commands you entered in any given work session. You need to manually click the
Update button to see your commands. You can export the log into a text file with the Export button (found in the Preferences window). The log
clears any time you start a new workspace or open a file.
Configuring Routers
The Config tab offers four general levels of configuration: global, routing, switching (Cisco 1841 and Cisco 2811 only), and interface. To perform a
global configuration, click the GLOBAL button to expand the Settings button (if it has not already been expanded). To configure routing, click the
ROUTING button, and then choose Static or RIP. To configure switching, click the SWITCHING button to expand the VLAN Database button. To
configure an interface, click the INTERFACE button to expand the list of interfaces, and then choose the interface. Note that the Config tab
provides an alternative to the Cisco IOS CLI only for some simple, common features; to access the full set of router commands that have been
modeled you must use the Cisco IOS CLI.
Throughout your configurations in the Config tab, the lower window will display the equivalent Cisco IOS commands for all your actions.
Global Settings
In global settings, you can change the display name of the router as it appears on the workspace and the hostname as it appears in the Cisco IOS. You
can also manipulate the router configurations files in these various ways:
Erase the NVRAM (where the startup configuration is stored).
Save the current running configuration to the NVRAM.
Export the startup and running configuration to an external text file.
Load an existing configuration file (in .txt format) into the startup configuration.
Merge the current running configuration with another configuration file.
Algorithm Settings
In the Algorithm Settings, you can override the global Algorithm Settings by removing the checkmark Global Settings and then set your own
values for the Half-Open Session Multiplier, Maximum Number of Connections, Maximum Number of Opened Sessions, and Maximum
Retransmission Timeout in Milliseconds. For the Cisco 1841 and Cisco 2811, you can also set the Storm Control Multiplier.
Routing Configuration
You can make static routes on the router by choosing the Static sub-panel. Each static route you add requires a network address, subnet mask, and
next hop address.
You can enable RIP version 1 on specified networks by choosing the RIP sub-panel. Enter an IP address into the Network field and click the Add
button. The RIP-enabled network is added to the Network Address list. You can disable RIP on a network by clicking the Remove button to remove
it from the list.
VLAN Database Configuration (Cisco 1841 and Cisco 2811 only)

The Cisco 1841 and 2811 routers support VLAN configuration. You can manage the VLANs on the router from the VLAN Database sub-panel. You
can add VLANs by entering a name and a VLAN number and pressing the Add button. You can see all existing VLAN entries in the list below the
button. You can remove a VLAN by selecting it in the list and then pressing the Remove button.
Interface Configuration
A router can support a wide range of interfaces including serial, modem, copper Ethernet, and fiber Ethernet. Each interface type may have different
configuration options, but in general, you can set the Port Status (on or off), IP Address, Subnet Mask, and Tx Ring Limit. For Ethernet interfaces,
you can also set the MAC Address, Bandwidth, and Duplex setting. For serial interfaces, you can set the Clock Rate setting.
Routers: IOS
Packet Tracer uses a simplified model of the Cisco IOS. Click on the CLI tab in the router configuration window to access the Cisco IOS command
line interface for the router. Use the Copy and Paste buttons to copy and paste text to and from the command line. This page lists the Cisco IOS
command tree for Packet Tracer routers. For Cisco 1841 and 2811 routers with switching capabilities, refer to the "Switch IOS" page for additional
commands. The tree contains only Cisco IOS command chains that are supported in Packet Tracer.
User Mode
<1-99>
connect [ WORD ]
disable
disconnect <1-16>
enable [ <0-15> | view [ WORD ] ]
exit
logout
ping [ ip | ipv6 ] WORD
resume [ <1-16> | WORD ]
show
o
arp
cdp
entry
* [ protocol | version ]
WORD [ protocol | version ]

interface
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Serial <0-9>/<0-24>
neighbors [ detail ]
class-map [ WORD ]
clock
controllers
Ethernet <0-9>/<0-24>
FastEthernet <0-9>/<0-24>
GigabitEthernet <0-9>/<0-24>
Serial <0-9>/<0-24>
Serial <0-9> <0-24> <0-4294967295>
Serial <0-9> <0-24> <0-4294967295> <16-1022>
crypto key mypubkey rsa
dot11 interface
flash:
frame-relay
lmi
map
pvc
<16-1022>
interface Serial <0-9>/<0-24> [ <16-1022> ]
interface Serial <0-9> <0-24> <0-4294967295>
interface Serial <0-9> <0-24> <0-4294967295> <16-1022>
history
hosts
interfaces
Dot11Radio <0-9>/<0-24>
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ switchPort ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ switchPort ]
GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ switchPort ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
Serial <0-9> <0-24> <0-4294967295>
Tunnel <0-2147483647>
Virtual-Access <1-2>
Virtual-Template <1-200>
Vlan <1-1005>
switchport
trunk
ip
arp
bgp [ neighbors | summary ]
dhcp binding
eigrp
interfaces [ <1-65535> ]
neighbors [ <1-65535> ]
topology
[ <1-65535> ]
[ A.B.C.D A.B.C.D ]
[ A.B.C.D ][ A.B.C.D ]
all-links
traffic [ <1-65535> ]
interface
Dot11Radio <0-9>/<0-24>/<0-24>
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
Tunnel <0-2147483647>
Vlan <1-1005>
brief
nbar port-map
nat translations
ospf
<1-65535>
<0-4294967295>
database
interface
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
neighbor
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ][ detail ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ][ detail ]
GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ][ detail ]
Loopback <0-2147483647>[ detail ]
Serial <0-9>/<0-24>[ detail ]
detail
virtual-links
A.B.C.D
database
interface
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
neighbor
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ][ detail ]
detail
virtual-links
border-routers
database
interface
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
neighbor
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ][ detail ]
detail
virtual-links
border-routers
database
interface
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
neighbor
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ][ detail ]
detail
virtual-links
protocols
rip database
route [ WORD | bgp | connected | eigrp | ospf <1-65535> | rip | static ]
ssh
ipv6
access-list [ WORD ]
eigrp
interfaces <1-65535>
neighbors <1-65535>
topology
<1-65535>
X:X:X:X::X/<0-128>
X:X:X:X::X/<0-128>
all-links
traffic <1-65535>
general-prefix
interface
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>]
Loopback <0-2147483647>
Serial <0-9>/<0-24>[.][<0-4294967295>]
Tunnel <0-2147483647>
brief
neighbors
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Loopback <0-2147483647>
Serial <0-9>/<0-24>[.][<0-4294967295>]
Vlan <1-1005>
ospf
<1-65535>
<0-4294967295>
database
interface
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Loopback <0-2147483647>
Serial <0-9>/<0-24>[.][<0-4294967295>]
neighbor
Ethernet <0-9>/<0-24>[.][<0-4294967295>][detail]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>][detail]
GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>][detail]
Loopback <0-2147483647> [detail]
Serial <0-9>/<0-24>[.][<0-4294967295>][detail]
detail
A.B.C.D
database
interface
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Loopback <0-2147483647>
Serial <0-9>/<0-24>[.][<0-4294967295>]
neighbor
Ethernet <0-9>/<0-24>[.][<0-4294967295>][detail]
Loopback <0-2147483647>[detail]
Serial <0-9>/<0-24>[.][<0-4294967295>][detail]
detail
border-routers
database
interface
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Loopback <0-2147483647>
Serial <0-9>/<0-24>[.][<0-4294967295>]
neighbor
Ethernet <0-9>/<0-24>[.][<0-4294967295>][detail]
Serial <0-9>/<0-24>[.][<0-4294967295>][detail]
detail
border-routers
database
interface
Ethernet<0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Loopback <0-2147483647>
Serial <0-9>/<0-24>[.][<0-4294967295>]
neighbor
Ethernet <0-9>/<0-24>[.][<0-4294967295>][detail]
Serial <0-9>/<0-24>[.][<0-4294967295>][detail]
detail
protocols
rip database
route ospf
policy-map [ WORD | interface [ Ethernet <0-9> <0-24> <0-4294967295> | FastEthernet <0-9> <0-24> <0-4294967295> |
GigabitEthernet <0-9> <0-24> <0-4294967295> | Serial <0-9> <0-24> | Serial <0-9> <0-24> <0-4294967295> ]
privilege
protocols
queue
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Serial <0-9>/<0-24>[.][<0-4294967295>]
queueing
sessions
ssh
tcp [brief]
terminal
users
version
vlan-switch [ brief | id <1-1005> | name WORD ]
vtp
counters
status
ssh
o
-l WORD [ WORD | -v 1 WORD]
-v 1 -l WORD WORD
-v 2 -l WORD WORD
telnet [ WORD ][<0-65535>]
terminal history size <0-256>
traceroute WORD
Enable Mode
<1-99>
auto secure
clear
o
aaa local user user lockout [ all | username WORD ]
access-list counters [ <1-199> | <1300-2699> | WORD ]
arp-cache
cdp table
frame-relay [inarp | counter]
ip
bgp *
nat translation *
ospf process
route [ * | A.B.C.D | A.B.C.D A.B.C.D ]
ipv6
dhcp binding
nat translation *
neighbors
line tty <2-90>
mac-address-table [ dynamic ]
vtp counters
clock set hh:mm:ss [ <1-31> MONTH <1993-2035> | MONTH <1-31> <1993-2035> ]
configure [ terminal ]
connect [ WORD ]
copy
flash:
ftp:
running-config
startup-config
tftp:
ftp:
flash:
running-config
startup-config
running-config
flash:
ftp
startup-config
tftp:
startup-config
flash:
ftp
running-config
tftp:
tftp:
flash:
running-config
startup-config
debug
o
aaa authenticateion
crypto [ isakmp | ipsec ]
custom-queue
eigrp
fsm
packets
ephone register
frame-relay lmi
ip
icmp
inspect
detailed
events
function-trace
object-creation
object-deletion
protocol [ http | icmp | tcp | udp ]
timers
nat
ospf
adj
events
packet
rip [ events ]
routing
ipv6
inspect
detailed
events
function-trace
icmp
object-creation
object-deletion
tcp
timers
udp
ospf
adj
events
ntp packets
ppp [ authenticateion | negotiation | packet ]
delete
o
WORD
flash:
dir [ WORD | flash: | nvram: ]
disable
disconnect <1-16>
erase startup-config
exit
logout
mkdir [ WORD | flash: ]
more file
no
debug
all
aaa authenticateion
custom-queue
eigrp
fsm
packets
ephone register
frame-relay lmi
ip
icmp
inspect
detailed
events
function-trace
object-creation
object-deletion
timers
nat
ospf
adj
events
packet
rip [ events ]
routing
ipv6
inspect
detailed
events
function-trace
icmp
object-creation
object-deletion
tcp
timers
udp
ospf
adj
events
ntp packets
ping [ WORD ]
o
[ Protocol ] [ Target IP address ] [ Repeat count ] [ Datagram size ] [ Timeout in seconds ] [ Extended commands ] [ Sweep
range of sizes ]
reload
rmdir [ WORD | flash: ]
setup
show
aaa
local user lockout
sessions
user [ <1-4294967295> | all ]
access-lists [ <1-999> | WORD ]
arp
cdp
entry

interfaces
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Serial <0-9>/<0-24>
class-map [ WORD ]
clock
controllers
Ethernet <0-9>/<0-24>
Serial <0-9>/<0-24>
Serial <0-9> <0-24> <0-4294967295>

crypto
isakmp [ policy | sa ]
ipsec [ sa | transform-set ]
map
debugging
dhcp lease
dot11 interface
ephone [attempted-registrations]
file systems
flash:
frame-relay
lmi
map
pvc
<16-1022>
history
hosts
interfaces
dot11Radio <0-9>/<0-24>/<0-24>
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ switchPort ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ switchPort ]
GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ switchPort ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
Serial <0-9> <0-24> <0-4294967295>
Tunnel <0-2147483647>
Vlan <1-1005>
switchport
trunk
ip
arp
dhcp binding
eigrp
neighbors [ <1-65535> ]
topology [ <1-65535> ] [ A.B.C.D A.B.C.D ]
all-links
traffic [ <1-65535> ]
inspect
all
config
interfaces
name WORD
sessions [ detail ]
statistics
interface
dot11Radio <0-9>/<0-24>/<0-24>
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
Serial <0-9> <0-24> <0-4294967295>
Tunnel <0-2147483647>
Vlan <1-1005>
brief
ips
all
configuration
signatures
count
sigid WORD subid WORD
nat [translations | statistics]
nbar port-map
ospf
<1-65535>
<0-4294967295>
database
interface
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
neighbor [ detail ]
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ][ detail ]

virtual-links
A.B.C.D
database
interface
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
neighbor [ detail ]
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ][ detail ]
Serial <0-9>/<0-24> [ detail ]

virtual-links
border-routers
database
interface
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
neighbor [ detail ]
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ][ detail ]

virtual-links
border-routers
database
interface
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
neighbor [ detail ]
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ][ detail ]

virtual-links
protocols
rip database
ssh
ipv6
dhcp [ binding | interface | pool ]
eigrp
neighbors <1-65535>
topology
<1-65535>
X:X:X:X::X/<0-128>
X:X:X:X::X/<0-128>
all-links
traffic <1-65535>
general-prefix
inspect
all
config
interfaces
name [ WORD ]
sessions [ detail ]
interface
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Serial <0-9>/<0-24>[.][<0-4294967295>]
Tunnel <0-2147483647>
brief
nat
statistics
translations
neighbors
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Serial <0-9>/<0-24>[.][<0-4294967295>]
ospf
<1-65535>
<0-4294967295>
database
interface
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Loopback <0-2147483647>
Serial <0-9>/<0-24>[.][<0-4294967295>]
neighbor
Ethernet <0-9>/<0-24>[.][<0-4294967295>][detail]
detail
A.B.C.D
database
interface
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
GigabitEthernet<0-9>/<0-24>[.][<0-4294967295>]
Loopback <0-2147483647>
Serial <0-9>/<0-24>[.][<0-4294967295>]
neighbor
Ethernet <0-9>/<0-24>[.][<0-4294967295>][detail]
Serial <0-9>/<0-24>[.][<0-4294967295>][detail]
detail
border-routers
database
interface
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Loopback <0-2147483647>
Serial <0-9>/<0-24>[.][<0-4294967295>]
neighbor
Ethernet <0-9>/<0-24>[.][<0-4294967295>][detail]
Serial <0-9>/<0-24>[.][<0-4294967295>][detail]
detail
protocols
rip database
route [ ospf ]
line
logging
login [ failures ]
mac-address-table [ static ]
ntp status
parser view
policy-map
WORD
interface
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Serial <0-9>/<0-24>
Serial <0-9> <0-24> <0-4294967295>

type inspect zone-pair sessions
privilege
processes
protocols
queue
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Serial <0-9>/<0-24>
Serial <0-9> <0-24> <0-4294967295>
queueing
running-config
secure [ bootset ]
sessions
snmp
spanning-tree
active
detail
interface
FastEthernet <0-9>/<0-24>[portfast]
Gigabit <0-9>/<0-24>[portfast]
Port-channel <1-6>
Vlan <1-4094>[portfast]
summary totals
vlan <1-1005>
ssh
standby
FastEthernet <0-2>/<0-1>[brief]
brief
startup-config
storm-control broadcast
tcp [ brief ]
tech-support
terminal
users
version
vtp
counters
status
ssh
o
-v 1 -l WORD WORD
-v 2 -l WORD WORD
telnet [ WORD ]
traceroute [ WORD ]
o
[ Protocol ] [ Target IP address ] [ Source address ] [ Numeric display ] [ Timeout in seconds ] [ Probe count ] [ Minimum
Time to Live ] [ Maximum Time to Live ]
undebug
all
aaa authenticateion
custom-queue
eigrp
fsm
packets
ip
icmp
inspect
detailed
events
function-trace
object-creation
object-deletion
timers
nat
ospf
adj
events
packet
rip [ events ]
routing
vlan database
write [ erase | memory | terminal ]
Global Mode
aaa
o
authenticateion
enable default
enable
group [ radius | tacacs+ ]
local
none
login [ WORD | default ]
enable
local
enable
none [ group | local ]

ppp [ WORD | default ]
enable
local [ enable | group [ radius | tacacs+ ] | none ]
none [ group [ radius | tacacs+ ] | local ]
authorization
[ exec | network ] [ WORD | default ]
if-authenticateed
local [ group [ radius | tacacs+ ] | if-authenticateed | none ]
none [ group [ radius | tacacs+ ] | if-authenticateed | none ]

new-model
access-list (named ACL is under the "ip access-list" branch in Global Mode)
<1-99>
[ deny | permit ] [ A.B.C.D | any | host A.B.C.D ]
[ deny | permit ] [ A.B.C.D A.B.C.D ]
remark LINE
<100-199>
[ deny | permit ][ ahp | eigrp | esp | gre | ospf ][ A.B.C.D A.B.C.D | any | host A.B.C.D ][ A.B.C.D A.B.C.D | any | host
A.B.C.D ]
[ deny | permit ] [ icmp ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ]
<0-256>
echo
echo-reply
host-unreachable
net-unreachable
port-unreachable
protocol-unreachable
ttl-exceeded
unreachable
[ deny | permit ] [ ip ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ]
dscp [ <0-63> | af11 |af12 |af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | cs1 | cs2 | cs3 | cs4 |
cs5 |cs6 | cs7 | default | ef ]
precedence [ <0-7> | critical | flash | flash=override | immediate | internet | network | priority | routine ]
[ deny | permit ] [ tcp | udp ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | eq <0-65535> | host
A.B.C.D | gt <0-65535> | lt <0-65535> | neq <0-65535> | range <0-65535> <0-65535> ] [ eq <0-65535> | gt <0-65535> | lt <065535> | neq <0-65535> | range <0-65535> <0-65535> ]
remark LINE
banner
o
motd LINE
login LINE
boot system [ flash ] WORD
cdp run
class-map [ type inspect ] [ match-all | match-any ] WORD
clock timezone WORD <-23 - 23> [ <0-59> ]
config-register WORD
crypto
o
dynamic-map WORD <1-65535> [ ipsec-isakmp ]
ipsec
security-association lifetime seconds <120-86400>
transform-set WORD [ ah-md5-hmac | ah-sha-hmac ]
esp-3des [ esp-md5-hmac | esp-sha-hmac ]
esp-aes [ 128 | 192 | 256 ] [ esp-md5-hmac | esp-sha-hmac ]
esp-des [ esp-md5-hmac | esp-sha-hmac ]
esp-md5-hmac
esp-sha-hmac
isakmp
client configuration group WORD
enable
key WORD address A.B.C.D [ A.B.C.D ]
policy <1-10000>
key [ generate | zeroize ] rsa
map WORD
<1-65535> [ ipsec-isakmp ] [dynamic WORD ]
client [ authenticateion list WORD | configuration address respond ]
isakmp authorization list WORD
do LINE
enable
password
7 WORD
LINE
level <1-15>
7 WORD
LINE
secret
[ 0 | 5 ] LINE
level <1-15>
[ 0 | 5 ] LINE
end
exit
hostname WORD
interface
o
Dot11Radio <0-9>/<0-24>/<0-24>
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24> [ multipoint | point-to-point ]
Tunnel <0-2147483647>
Vlan <1-1005>
range
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Loopback <0-2147483647>
Vlan <1-1005>
ip
access-list
extended
<100-199>
WORD
standard
<1-99>
WORD
default-network A.B.C.D
dhcp
excluded-address A.B.C.D [ A.B.C.D ]
pool WORD
domain-lookup
domain-name WORD
host WORD [ <0-65535> | A.B.C.D ] [ A.B.C.D ] [ A.B.C.D ]
helper-address A.B.C.D
inspect
alert-off
audit-trail
dns-timeout <1-2147483>
max-incomplete [ high | low ] <1-2147483647>
name WORD [ http | icmp | tcp | telnet | udp ]
alert [ off | on ]
audit-trail [ off | on ]
timeout <5-43200>
one-minute [ high | low ] <1-2147483647>
tcp [ finwait-time | idle-time | synwait-time ] <1-2147483>
udp idle-time <1-2147483>

ips
config location [ WORD [ retries <1-5>] ]
fail closed
name WORD [ list [ <1-199> | WORD ] ]
notify log
signature-category
signature-definition
local pool WORD A.B.C.D A.B.C.D
name-server [A.B.C.D] [X:X:X:X::X]
nat
inside source
list [ <1-199> | WORD ] interface [ Ethernet | FastEthernet | GigabitEthernet | Serial ] <0-9>/<0-24>[ . ][ <04294967295> ] [ overload ]
list [ <1-199> | WORD ] pool WORD [ overload ]
static
A.B.C.D A.B.C.D
tcp A.B.C.D <1-65535> A.B.C.D <1-65535>
udp A.B.C.D <1-65535> A.B.C.D <1-65535>

outside source
list [ <1-199> | WORD ] pool WORD
static
A.B.C.D A.B.C.D
tcp A.B.C.D <1-65535> A.B.C.D <1-65535>
udp A.B.C.D <1-65535> A.B.C.D <1-65535>

pool WORD A.B.C.D A.B.C.D netmask A.B.C.D
route A.B.C.D A.B.C.D
A.B.C.D [ <1-255> ]
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ <1-255> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ <1-255> ]
GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ <1-255> ]
Loopback <0-2147483647> [ <1-255> ]
Serial <0-9>/<0-24> [ <1-255> ]
Vlan <1-1005> [ <1-255> ]

ssh
authenticateion retries <0-5>
time-out <1-120>
version <1-2>
ipv6
o
access-list WORD
dhcp pool WORD
general-prefix WORD X:X:X:X::X/<0-128>
host WORD
<0-65535> X:X:X:X::X [ X:X:X:X::X ] [ X:X:X:X::X ]
X:X:X:X::X [ X:X:X:X::X ] [ X:X:X:X::X ]

inspect
alert-off
audit-trail
name WORD [ icmp | tcp | udp ]
alert [ off | on ]
timeout <5-43200>
tcp
finwait-time <1-2147483>
idle-time <1-2147483>
synwait-time <1-2147483>
local pool WORD X:X:X:X::X/<0-128><0-128>
nat
prefix X:X:X:X::X/<0-128>
v4v6
pool WORD X:X:X:X::X X:X:X:X::X prefix-length <1-128>
source A.B.C.D X:X:X:X::X
source list WORD [pool] WORD

v6v4
pool WORD A.B.C.D A.B.C.D prefix-length
source X:X:X:X::X A.B.C.D
source list WORD [ pool WORD | interface ] [ overload ]

neighbor X:X:X:::X
Ethernet <0-9>/<0-24>[.][<0-4294967295>] H.H.H
FastEthernet <0-9>/<0-24>[.][<0-4294967295>] H.H.H
GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] H.H.H
Loopback <0-2147483647> H.H.H
Serial <0-9>/<0-24> H.H.H
Vlan <1-1005> H.H.H

route X:X:X:X::X/<0-128>
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ <1-254> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ <1-254> ]
Loopback <0-2147483647> [ <1-254> ]
Serial <0-9>/<0-24> [ <1-254> ]
Vlan <1-1005> [ <1-254> ]
X:X:X:X::X [ <1-254> ]
router
eigrp <1-65535>
ospf <1-65535>
rip WORD
unicast-routing
line
o
<2-499> [<3-499>]
aux <0-0>
console <0-0>
tty <2-90> [<2-90>]
vty <0-15> [<0-15>]
x/y/z
logging
o
A.B.C.D
buffered <4096-2147483647>
console
host A.B.C.D
on
trap [ debugging ]
userinfo
login
o
block-for <1-65535> attempts <1-65535> within <1-65535>
on-failure [ log | trap ]
on-success [ log | trap ]
mac-address-table static H.H.H interface

o
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] vlan <1-1005>
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] vlan <1-1005>
GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] vlan <1-1005>
no
aaa
authenticateion
enable default
enable
local
none
authorization
[ exec | network ] [ WORD | default ]
if-authenticateed
local
none
new-model
access-list [ <1-99> | <100-199> ]
banner [login | motd]
boot system [ flash ] WORD
cdp run
clock timezone
config-register
crypto
ipsec
transform-set WORD
isakmp
client configuration group WORD
key WORD address A.B.C.D [ A.B.C.D ]
policy <1-10000>
map WORD
<1-65535> [ ipsec-isakmp ] [dynamic WORD ]
client [ authenticateion list WORD | configuration address respond ]
isakmp authorization list WORD
dot11 ssid LINE
enable
password
7 WORD
level <1-15>
secret
level <1-15>
hostname
interface
Dot11Radio <0-9>/<0-24>/<0-24>
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
Tunnel <0-2147483647>
Vlan <1-1005>
ip
access-list
extended [ <100-199> | WORD ]
standard [ <1-99> | WORD ]
dhcp
pool WORD
domain-lookup
domain-name
host WORD [ <0-65535> ] [ A.B.C.D ] [ A.B.C.D ] [ A.B.C.D ]
inspect
alert-off
audit-trail

ips
config location [ WORD [ retries <1-5>] ]
fail closed
name WORD [ list [ <1-199> | WORD ] ]
notify log
signature-category
name-server
nat
inside source
list [ <1-199> | WORD ]
static
A.B.C.D A.B.C.D
tcp A.B.C.D <1-65535> A.B.C.D <1-65535>
udp A.B.C.D <1-65535> A.B.C.D <1-65535>

outside source
static
A.B.C.D A.B.C.D
tcp A.B.C.D <1-65535> A.B.C.D <1-65535>
udp A.B.C.D <1-65535> A.B.C.D <1-65535>

pool WORD
<1-255>
A.B.C.D [ <1-255> ]
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ <1-255> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ <1-255> ]
Loopback <0-2147483647> [ <1-255> ]
Null <0-0> <1-255>
Serial <0-9>/<0-24> [ <1-255> ]
Vlan <1-1005> [ <1-255> ]

ssh version
authenticateion-retries
time-out
version [ 1 | 2 ]
ipv6
access-list WORD
dhcp pool WORD
general-prefix WORD X:X:X:X::X/<0-128>
host WORD
inspect
alert-off
audit-trail
max-incomplete [ low | high ]
one-minute [ high | low ]
tcp [ finwait-time | idle-time | synwait-time ]
udp idle-time
nat
v4v6
pool WORD X:X:X:X::X X:X:X:X::X
source list WORD [pool] WORD

v6v4
pool WORD A.B.C.D A.B.C.D

source list WORD
pool WORD [ overload ]
interface
Ethernet <0-9>/<0-24>[.][<0-4294967295>] [ overload ]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>] [ overload ]
GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] [ overload ]
Serial <0-9>/<0-24> [ overload ]

neighbor X:X:X:X::X
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
Vlan <1-1005>
<1-254>
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ <1-254> ]
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] [ <1-254> ]
Loopback <0-2147483647> [ <1-254> ]
Serial <0-9>/<0-24> [ <1-254> ]
X:X:X:X::X [ <1-254> ]
router
eigrp <1-65535>
ospf <1-65535>
rip WORD
unicast-routing
logging
A.B.C.D
buffered
console
host A.B.C.D
on
trap [ debugging ]
userinfo
login
block-for
on-succes [ log | trap ]

mac-address-table static H.H.H int
Ethernet <0-9>/<0-24>[ . ][ <0-4294967295> ] vlan <1-1005>
FastEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] vlan <1-1005>
GigabitEthernet <0-9>/<0-24>[ . ][ <0-4294967295> ] vlan <1-1005>

ntp
authenticatee
authenticateion-key <1-4294967295>
server A.B.C.D
trusted-key <1-4294967295>
update-calendar
parser view WORD
policy-map [ type inspect ] WORD
priority-list <1-16>
default
protocol
ip [ high | low | medium | normal ] [ list <1-199> | tcp <0-65535> | udp <0-65535> ]
ipv6 [ high | low | medium | normal ]

queue-limit
privilege [ configure | exec | interface | line | router ] [ all ] [ level <0-15> ] LINE
queue-list <1-16>
default
protocol
ip <0-16>
list [ <1-199> | <1300-2699> ]
tcp <0-65535>
udp <0-65535>
ipv6 <0-16>
queue <0-16>
byte-count <1-16777215> [ limit <0-32767> ]
limit <0-32767> [ byte-count <1-16777215> ]

radius-server
host [ A.B.C.D ] [ auth-port <0-65535> ] [ key LINE ]
key LINE
router
bgp <1-65535>
eigrp <1-65535>
ospf <1-65535>
rip
secure
boot-config
boot-image
security passwords min-length <0-16>
service
nagle
password-encryption
timestamps [ debug | log ] datetime msec
snmp-server [ community WORD [ ro | rw ] ]
spanning-tree
mode
portfast default
vlan <1-1005> [ priority | root ]

tacacs-server
host A.B.C.D
key LINE
single-connection key LINE

key LINE
username WORD
vpdn enable
vpdn-group WORD
zone security WORD
zone-pair security WORD source [ WORD | self ] destination [ WORD | self ]
ntp
o
authenticatee
authenticateion-key <1-4294967295> md5 WORD [ <0-4294967295> ]
server A.B.C.D [ key <0-4294967295> ]
trusted-key <1-4294967295>
update-calendar
parser view WORD
o
default [ high | low | medium | normal ]
protocol

queue-limit <0-32767> <0-32767> <0-32767> <0-32767>
privilege [ configure | exec | interface | line | router ] [ all ] [ level <0-15> | reset ] LINE
queue-list <1-16>
o
default <0-16>
protocol
ip <0-16>
list [ <1-199> | <1300-2699> ]
tcp <0-65535>
udp <0-65535>
ipv6 <0-16>
queue <0-16>
byte-count <1-16777215> [ limit <0-32767> ]
limit <0-32767> [ byte-count <1-16777215> ]
radius-server
o
host A.B.C.D [ auth-port <0-65535> ] [ key LINE ]
key LINE
router
o
bgp <1-65535>
eigrp <1-65535>
ospf <1-65535>
rip
secure [ boot-config | boot-image ]
service
o
nagle
password-encryption
timestamps [ debug | log ] datetime msec
snmp-server community WORD [ ro | rw ]
spanning-tree vlan <1-1005>

o
priority <0-61440>
root [ primary | secondary ]
tacacs-server
host A.B.C.D
key LINE

key LINE
username WORD [ privilege <0-15> ]

o
password
0 LINE
7 WORD
LINE
secret
0 LINE
5 WORD
LINE
vpdn enable
vpdn-group WORD
zone security WORD
Standard Access List Configuration Mode
<1-2147483647>
deny
A.B.C.D [ A.B.C.D ]
any
host A.B.C.D
permit
A.B.C.D [ A.B.C.D ]
any
host A.B.C.D
default
deny
A.B.C.D [ A.B.C.D ]
any
host A.B.C.D
permit
A.B.C.D [ A.B.C.D ]
any
host A.B.C.D
deny
A.B.C.D [ A.B.C.D ]
any
host A.B.C.D
exit
no
deny
A.B.C.D [ A.B.C.D ]
any
host A.B.C.D
permit
A.B.C.D [ A.B.C.D ]
any
host A.B.C.D
permit
A.B.C.D [ A.B.C.D ]
any
host A.B.C.D
remark LINE
Extended Access List Configuration Mode
<1-2147483647>
deny
[ icmp | ip ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ]
[ tcp | udp ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | eq<0-65535> | host A.B.C.D | gt<065535> | lt <0-65535> | neq<0-65535> | range<0-65535><0-65535> ]
permit
default
[ deny | permit ] [ icmp | ip ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ]
o
o
deny
o
o
[ tcp | udp ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | eq <0-65535> | host A.B.C.D | gt <0-65535>
| lt <0-65535> | neq <0-65535> | range <0-65535> <0-65535> ] [ eq <0-65535> | gt <0-65535> | lt <0-65535> | neq <0-65535> |
range <0-65535> <0-65535> ]
exit
no
o
permit
o
o
range <0-65535> <0-65535> ]
remark LINE
Ethernet / FastEthernet / GigabitEthernet Interface Mode
arp timeout <0-2147483>
bandwidth <1-10000000>
cdp enable
crypto map WORD
custom-queue-list <1-16>
delay <1-16777215>
description LINE
duplex [ auto | full | half ]
exit
fair-queue [ <16-4096> ] [ <16-4096> ] [ <0-1000> ]
hold-queue <0-4096> out
ip
o
access-group [ <1-199> | WORD ] [ in | out ]
address
A.B.C.D A.B.C.D
dhcp
hello-interval eigrp <1-65535> <1-65535>
inspect WORD [ in | out ]
ips WORD [ in | out ]
mtu <68-1500>
nat [ inside | outside ]
ospf
authenticateion [ message-digest | null ]
authenticateion-key [ <0-7> ] WORD
cost <1-65535>
dead-interval <1-65535>
hello-interval <1-65535>
message-digest-key <1-255> md5 LINE
priority <0-255>
proxy-arp
split-horizon
summary-address eigrp <1-65535> A.B.C.D A.B.C.D [ <1-255> ]
virtual-reassembly
ipv6
address
WORD X:X:X:X::X/<0-128>
X:X:X:X::X link-local
X:X:X:X::X/<0-128> [ anycast | eui-64 ]
autoconfig
dhcp
client pd WORD
server WORD
eigrp<1-65535>
enable
hello-interval eigrp<1-65535><1-65535>
mtu<1280-1500>
nat
prefix X:X:X:X::X/<0-128> [ v4-mapped ] [ WORD ]
nd
other-config-flag
ra suppress
ospf
<1-65535> area area-id [ instance instance-id ]
cost <1-65535>
priority <0-255>
rip WORD
default-information originate
enable
summary-address eigrp <1-65535> X:X:X:X::X/<0-128> [ <1-255> ]
traffic-filter WORD [ in | out ]
mac-address H.H.H
mtu <64-1600>
no
o
arp timeout
bandwidth
cdp enable
crypto map [ WORD ]
delay
description
duplex
fair-queue [ <16-4096> ] [ <16-4096> ] [ <0-1000> ]
hold-queue [ <0-4096> ] out
ip
address [ dhcp ]
hello-interval eigrp <1-65535>
mtu <68-1500>
ospf
authenticateion
authenticateion-key
cost
dead-interval
hello-interval
message-digest-key <1-255>
priority
proxy-arp
split-horizon
virtual-reassembly
ipv6
address
autoconfig
WORD
dhcp
client pd WORD
server WORD
eigrp <1-65535>
enable
mtu <1280-1500>
nat
prefix X:X:X:X::X/<0-128> [ v4-mapped ] [ WORD ]
nd
ospf
cost <1-65535>
network
priority <0-255>
rip WORD
enable
traffic-filter [ in | out ] WORD
mac-address
mtu
pppoe enable
priority-group
service-policy [ input | output ] WORD
shutdown
speed
tx-ring-limit
zone-member security WORD
pppoe enable
priority-group <1-16>
shutdown
speed [ 10 | 100 | 1000 | auto ] (10/100 options are only available for FastEthernet and GigabitEthernet interfaces and 10/100/1000 options are only
available for GigabitEthernet interfaces respectively)
tx-ring-limit <1-32767>
Ethernet / FastEthernet / GigabitEthernet Sub-Interface Mode
arp timeoute <0-2147483>
delay <1-16777215>
description LINE
encapsulation dot1q <1-1005> [ native ]
exit
ip
o
address
A.B.C.D A.B.C.D
dhcp
mtu <68-1500>
ospf
authenticateion [ <0-7> ] WORD
cost <1-65535>
priority <0-255>
proxy-arp
split-horizon
ipv6
address
WORD X:X:X:X::X/<0-128>
autoconfig
dhcp
client pd WORD
server WORD
eigrp <1-65535>
enable
mtu <1280-1500>
nat prefix X:X:X:X::X/<0-128> [ v4-mapped WORD ]
nd [ other-config-flag | ra suppress ]
ospf
<1-65535> area [ [ <0-4294967295> | A.B.C.D ] instance <0-255> ]
cost <1-65535>
network [ broadcast | point-to-point ]
priority <0-255>
rip WORD [ default-information originate | enable ]
summary-address eigrp <1-65535> X:X:X:X::X/<0-128> <1-255>
mtu <64-1600>
no
arp timeout
bandwidth
delay
description
encapsulation dot1Q
ip
address [ dhcp ]
mtu
ospf
authenticateion
authenticateion-key
cost
dead-interval
hello-interval
priority
proxy-arp
split-horizon

ipv6
address
WORD X:X:X:X::X/<0-128>
autoconfig
dhcp
client pd WORD
server WORD
eigrp <1-65535>
enable
mtu
ospf
<1-65535> area [ <0-4294967295> | A.B.C.D ] [ instance <0-255> ]
cost
dead-interval
hello-interval
network
priority
traffic-filter [ WORD [ in | out ] | [ in | out ] ]
mtu
shutdown
standby
<0-4095>
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Serial <0-9>/<0-24>[.][<0-4294967295>]
ip A.B.C.D
ipv6
preempt
priority
track
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Serial <0-9>/<0-24>[.][<0-4294967295>]
preempt
priority
track
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Serial <0-9>/<0-24>[.][<0-4294967295>]
shutdown
standby
<0-4095>
ip A.B.C.D
ipv6 autoconfig
preempt
priority <0-255>
track
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Serial <0-9>/<0-24>[.][<0-4294967295>]
ip A.B.C.D
ipv6 autoconfig
preempt
priority <0-255>
timers <1-254>
track
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Serial <0-9>/<0-24>[.][<0-4294967295>]
Serial Interface Mode
cdp enable
clock rate <1200-4000000>
crypto map WORD
delay <1-16777215>
description LINE
encapsulation
o
hdlc
ppp
frame-relay [ ietf ]
exit
fair-queue [ <1-4096> ] [ <16-4096> ] [ <0-1000> ]
frame-relay
o
interface-dlci <16-1007>
lmi-type [ ansi | cisco | q933a ]
map
ip A.B.C.D <16-1007>
broadcast [ cisco | ietf ]
cisco [ broadcast ]
ietf [ broadcast ]
ipv6 X:X:X:X::X <16-1007>
cisco [ broadcast ]
ietf [ broadcast ]
ip
o
address A.B.C.D A.B.C.D
mtu <68-1500>
ospf
cost <1-65535>
priority <0-255>
split-horizon
virtual-reassembly
ipv6
address
WORD X:X:X:X::X/<0-128>
autoconfig
dhcp
client pd WORD
server WORD
eigrp <1-65535>
enable
mtu <1280-1500>
ospf
cost <1-65535>
priority <0-255>
keepalive <0-30>
mtu <64-17940>
no
o
cdp enable
clock rate
crypto map [ WORD ]
delay
description
encapsulation
fair-queue [ <1-4096> ] [ <16-4096> ] [ <0-1000> ]
frame-relay
map [ ip A.B.C.D | ipv6 X:X:X:X::X ]
ip
address [ dhcp ]
mtu <68-1500>
ospf
authenticateion
authenticateion-key
cost
dead-interval
hello-interval
network
priority
split-horizon
virtual-reassembly
ipv6
address
WORD X:X:X:X::X/<0-128>
dhcp
client pd WORD
server WORD
eigrp <1-65535>
enable
mtu
nat [ prefix X:X:X:X::X/<0-128> ] [ v4-mapped WORD ]
ospf
cost
dead-interval
hello-interval
network
priority
traffic-filter [ WORD ] [ in | out ]
keepalive
mtu
ppp
authenticateion
pap sent-username
shutdown
speed
tx-ring-limit
ppp
o
authenticateion chap [ pap ]
authenticateion pap [ chap ]
pap sent-username WORD password [ 0 LINE | LINE ]
shutdown
Tunnel Interface Mode
exit
ip address A.B.C.D A.B.C.D
ipv6
address
WORD X:X:X:X::X/<0-128>
autoconfig
eigrp <1-65535>
enable
enable
nd ra suppress
ospf
<1-65535> area [ 0-4294967295 | A.B.C.D ] [ instance <0-255> ]
cost <1-65535>
priority <0-255>
no
o
ip address [ A.B.C.D A.B.C.D ]
ipv6
address
WORD X:X:X:X::X/<0-128>
autoconfig
eigrp <1-65535>
enable
nd ra suppress
ospf
<1-65535> area [ <0-4294967295> | A.B.C.D ] [ instance <0-255>
cost
dead-interval
hello-interval
network
priority
shutdown
tunnel [ destination | mode | source ]
shutdown
tunnel
o
destination A.B.C.D
mode [ gre ip | ipv6ip isatap ]
source
Ethernet <0-9>/<0-24>[.][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[.][ <0-4294967295> ]
GigabitEthernet <0-9>/<0-24>[.][ <0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
VLAN Interface Mode
delay <1-16777215>
description LINE
exit
ip
o
address
A.B.C.D A.B.C.D
dhcp
ospf
cost <1-65535>
priority <0-255>
proxy-arp
split-horizon
ipv6
address
WORD X:X:X:X::X/<0-128>
autoconfig
dhcp
client pd WORD
server WORD
eigrp <1-65535>
enable
mtu <1280-1500>
nat prefix [ X:X:X:X::X/<0-128> ] [ v4-mapped WORD ]
ospf
cost <1-65535>
priority <0-255>
no
o
arp timeout
bandwidth
delay
description
ip
address [ dhcp ]
ospf
authenticateion
authenticateion-key
cost
dead-interval
hello-interval
priority
proxy-arp
split-horizon
ipv6
address
WORD X:X:X:X::X/<0-128>
autoconfig
dhcp
client pd WORD
server WORD
eigrp <1-65535>
enable
mtu <1280-1500>
ospf
cost
dead-interval
hello-interval
network
priority
shutdown
standby
<0-4095>
FastEthernet <0-9>/<0-24>[.][ <0-4294967295> ]
Serial <0-9>/<0-24>[.][ <0-4294967295> ]
ip A.B.C.D
ipv6
preempt
priority
track
FastEthernet <0-9>/<0-24>[.][ <0-4294967295> ]
Serial <0-9>/<0-24>[.][ <0-4294967295> ]
preempt
priority
track
FastEthernet <0-9>/<0-24>[.][ <0-4294967295> ]
Serial <0-9>/<0-24>[.][ <0-4294967295> ]
shutdown
standby
<0-4095>
ip A.B.C.D
ipv6 autoconfig
preempt
priority <0-255>
track
FastEthernet <0-9>/<0-24>[.][ <0-4294967295> ]
Serial <0-9>/<0-24>[.][ <0-4294967295> ]
ip A.B.C.D
ipv6 autoconfig
preempt
priority <0-255>
timers <1-254>
track
FastEthernet <0-9>/<0-24>[.][ <0-4294967295> ]
Serial <0-9>/<0-24>[.][ <0-4294967295> ]
VLAN Configuration Mode
exit
no
vlan <1-1005>
vtp
client
password
transparent
v2-mode
vlan <1-1005> [ name ] [ WORD ]
vtp
o
client
domain WORD
password WORD
server
transparent
v2-mode
Line Configuration Mode
access-class [ <1-199> | <1300-2699> | WORD ] [ in | out ]
databits [ 5 | 6 | 7 | 8 ]
default [ databits | flowcontrol | history size | parity | speed | stopbits ]
exit
exec-timeout <0-35791> [ <0-2147483> ]
flowcontrol [ NONE | hardware | software ]
history size <0-256>
ipv6 access-class WORD [ in | out ]
logging synchronous
login
o
authenticateion [ WORD | default ]
local
motd-banner
no
o
[ access-class [ <1-199> | <1300-2699> | WORD ] [ in | out ] | databits | flowcontrol | history size | login | motd-banner |
parity | password | session-limit | speed | stopbits ]
databits
exec-timeout
flowcontrol
history size
logging synchronous
motd-banner
parity
password
privilege level
session-limit
speed
stopbits
transport output
parity [ even | mark | none | odd | space ]
password [ 7 WORD | LINE ]
privilege level <0-15>
session-limit <0-4294967295>
speed <0-4294967295>
stopbits [ 1 | 1.5 | 2 ]
transport output [ all | none | ssh | telnet ]
Class-Map Configuration Mode
description LINE
exit
match
access-group
<1-2699>
name WORD
any
class-map WORD
cos <0-7>
destination-address mac H.H.H
input-interface
Ethernet <0-9>/<0-24>[.][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[.][ <0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
ip
dscp [ <0-63> | af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | cs1 | cs2 | cs3 | cs4 | cs5 | cs6
| cs7 | default | ef ]
precedence [ <0-7> | critical | flash | flash-override | immediate | internet | network | priority | routine ]
not
access-group
<1-2699>
name WORD
class-map WORD
cos <0-7>
input-interface
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
ip
dscp [ <0-63> | af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | cs1 | cs2 | cs3 | cs4 |
cs5 | cs6 | cs7 | default | ef ]
protocol [ arp | bgp | cdp | dhcp | dns | eigrp | ftp | gre | h323 | http | icmp | ip | ipsec | ipv6 | ntp | ospf | pop3 | rip | rtp |
skinny | smtp | snmp | ssh | syslog | tcp | telnet | tftp | udp ]
qos-group <0-1023>
protocol
arp
bgp
cdp
dhcp
dns
eigrp
ftp
gre
h323
http [ host WORD | mime WORD | url WORD ]
icmp
ip
ipsec
ipv6
ntp
ospf
pop3
rip
rtp
skinny
smtp
snmp
ssh
syslog
tcp
telnet
tftp
udp
qos-group <0-1023>
no
o
description [ LINE ]
match
access-group
<1-2699>
name WORD
any
class-map WORD
cos <0-7>
input-interface
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
ip
not
access-group
<1-2699>
name WORD
class-map WORD
cos <0-7>
input-interface
Ethernet <0-9>/<0-24>[.][<0-4294967295>
FastEthernet <0-9>/<0-24>[.][<0-4294967295>
GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>
Loopback <0-2147483647>
Serial <0-9>/<0-24>
ip
dscp [ <0-63> | af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | cs1 | cs2 | cs3
| cs4 | cs5 | cs6 | cs7 | default | ef ]
protocol
arp
bgp
cdp
dhcp
dns
eigrp
ftp
gre
h323
icmp
ip
ipsec
ipv6
ntp
ospf
pop3
rip
rtp
skinny
smtp
snmp
ssh
syslog
tcp
telnet
tftp
udp
qos-group <0-1023>
qos-group <0-1023>
Zone Security Configuration Mode
exit
Zone-Pair Security Configuration Mode
exit
no
service-policy type inspect WORD
Crypto Map Configuration Mode
description LINE
exit
match address [ <100-199> | WORD ]
no
o
description LINE
match address
set
peer A.B.C.D
pfs [ group1 | group2 | group5 ]
security-association lifetime seconds
transform-set
set
o
peer A.B.C.D
pfs [ group1 | group2 | group5 ]
transform-set WORD [ WORD ] [ WORD ] [ WORD ] [ WORD ] [ WORD ]
ISAKMP Configuration Mode
authenticateion pre-share
encryption [ 3des | aes [ 128 | 192 | 256 ] | des ]
exit
group [ 1 | 2 | 5 ]
hash [ md5 | sha ]
lifetime <60-86400>
no
o
authenticateion pre-share
encryption [ 3des | aes [ 128 | 192 | 256 ] | des ]
group [ 1 | 2 | 5 ]
hash [ md5 | sha ]
lifetime <60-86400>
IPS Signature Category Configuration Mode
category [ all | ios_ips basic ]
exit
no
category [ all | ios_ips basic ]
IPS Signature Category Action Configuration Mode
exit
no
o
retired [ false | true ]

IPS Signature Definition Configuration Mode
exit
retired <1-65535> [ <0-65535> ]
IPS Signature Definition Sig Configuration Mode
engine
exit
status
IPS Signature Definition Sig Engine Configuration Mode
event-action [ deny-packet-inline | produce-alert ]
exit
no
event-action [ deny-packet-inline | produce-alert ]
IPS Signature Definition Sig Status Configuration Mode
enabled [ false | true ]
exit
no
o
enabled [ false | true ]
Parser View Configuration Mode
commands [ configure | exec | interface | line | router ] include [ all ] LINE
default
o
secret
exit
no
o
secret
secret [ 0 | 5 ] LINE
Router Bgp Mode
bgp
o
log-neighbor-changes
redistribute-internal
router-id A.B.C.D
exit
neighbor
o
A.B.C.D next-hop-self
A.B.C.D remote-as <1-65535>
network
A.B.C.D mask A.B.C.D
no
bgp
router-id A.B.C.D
neighbor
network [ A.B.C.D mask A.B.C.D ]
redistribute
connected
eigrp <1-65535>
ospf <1-65535>
match
external
internal
nssa-external
static
synchronization
timers bgp <0-65535> <0-65535>
redistribute
o
connected
eigrp <1-65535>
ospf <1-65535>
match
external
internal
nssa-external
static
synchronization
timers <0-65535> <0-65535>
Router EIGRP Mode
auto-summary
distance eigrp <1-255> <1-255>
exit
metric weights <0-8> <0-256> <0-256> <0-256> <0-256>
network A.B.C.D [ A.B.C.D ]
no
o
auto-summary
distance eigrp
metric weights
redistribute
bgp <1-65535> [ metric <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ]
connected [ metric <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ]
eigrp <1-65535> [ metric <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ]
metric [ <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ]
rip [ metric <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ]
static [ metric <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ]

passive-interface
ospf <1-65535> [ match { external [ 1 | 2 ] internal | nssa-external } ] [ metric <1-4294967295> ] [ <0-4294967295>

<0-255> <1-255> <1-65535> ]
Ethernet <0-9>/<0-24>[.][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[.][ <0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
Vlan <1-1005>
default
variance
passive-interface
o
Ethernet <0-9>/<0-24>[.][ <0-4294967295> ]
FastEthernet <0-9>/<0-24>[.][ <0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
default
redistribute
o
bgp <1-65535> [ metric <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ]
eigrp <1-65535> [ metric <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ]
metric [ <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ]
ospf <1-65535> [ match { external [ 1 | 2 ] internal | nssa-external } ] [ metric <1-4294967295> ] [ <0-4294967295> <0-255>
<1-255> <1-65535> ]
rip [ metric <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ]
static [ metric <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ]

variance <1-128>
IPv6 Router EIGRP Mode
exit
metric weights <0-8> <0-255> <0-255> <0-255> <0-255>
no
metric weights <0-8> <0-255> <0-255> <0-255> <0-255>
redistribute
bgp <1-65535> [ metric <1-4294967295> [ <0-4294967295> <0-255> <1-255> <1-65535> ] ]
connected [ metric <1-4294967295> [ <0-4294967295> <0-255> <1-255> <1-65535> ] ]
eigrp <1-65535> [ metric <1-4294967295> [ <0-4294967295> <0-255> <1-255> <1-65535> ] ]
ospf <1-65535> [ match { external [ 1 | 2 ] | internal | nssa-external } ] [ metric bandwidth delay reliability effective
BW MTU ]
rip WORD [ metric <1-4294967295> [ <0-4294967295> <0-255> <1-255> <1-65535> ] ]
static [ metric <1-4294967295> [ <0-4294967295> <0-255> <1-255> <1-65535> ] ]
redistribute
o
bgp <1-65535> [ metric <1-4294967295> [ <0-4294967295> <0-255> <1-255> <1-65535> ] ]
connected [ metric <1-4294967295> [ <0-4294967295> <0-255> <1-255> <1-65535> ] ]
eigrp <1-65535> [ metric <1-4294967295> [ <0-4294967295> <0-255> <1-255> <1-65535> ] ]
ospf <1-65535> [ match { external [ 1 | 2 ] | internal | nssa-external } ] [ metric bandwidth delay reliability effective BW MTU
]
rip WORD [ metric <1-4294967295> [ <0-4294967295> <0-255> <1-255> <1-65535> ] ]
static [ metric <1-4294967295> [ <0-4294967295> <0-255> <1-255> <1-65535> ] ]

router-id A.B.C.D
metric weights <0-8> <0-255> <0-255> <0-255> <0-255>
shutdown
Router OSPF Mode
area
[ <0-4294967295> | A.B.C.D ]
authenticate message-digest
default-cost <0-16777215>
nssa no-summary
stub no-summary
virtual-link A.B.C.D
distance <1-255>
exit
log-adjacency-changes [ detail ]
network A.B.C.D A.B.C.D area [ <0-4294967295> | A.B.C.D ]
no
o
area
[ <0-4294967295> | A.B.C.D ]
authenticate message-digest
nssa no-summary
stub no-summary
distance <1-255>
redistribute
bgp <1-65535> [ metric <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ]
eigrp <1-65535> [ metric <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ]
metric [ <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ]
ospf <1-65535> [ match { external [ 1 | 2 ] internal | nssa-external } ] [ metric <1-4294967295> ] [ <0-4294967295>

<0-255> <1-255> <1-65535> ]
rip [ metric <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ]
passive-interface
static [ metric <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ]
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
Vlan <1-1005<
default
router-id
passive-interface
o
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
Vlan <1-1005<
default
redistribute
bgp <1-65535> [ metric <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ]
eigrp <1-65535> [ metric <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ]
metric [ <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ]
ospf <1-65535> [ match { external [ 1 | 2 ] internal | nssa-external } ] [ metric <1-4294967295> ] [ <0-4294967295> <0-255>
<1-255> <1-65535> ]
rip [ metric <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ]
static [ metric <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ]
router-id A.B.C.D
IPv6 Router Ospf Mode
area area-id
o
nssa [ no-summary ]
stub [ no-summary ]
distance <1-254>
exit
no
area area-id
nssa [ no-summary ]
stub [ no-summary ]
distance <1-254>
passive-interface
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
default
redistribute
bgp <1-65535> [ metric <0-16777214> | subnets | tag <0-4294967295> ]
connected [ metric <0-16777214> | subnets | tag <0-4294967295> ]
eigrp [ metric <0-16777214> | subnets | tag <0-4294967295> ]
metric <0-16777214>
ospf <1-65535> [ match { external [ 1 | 2 ] | internal | nssa-external } ] [ metric <0-16777214> | subnets | tag <04294967295> ]
rip WORD [ metric <0-16777214> | subnets | tag <0-4294967295> ]
static [ metric <0-16777214> | subnets | tag <0-4294967295> ]

router-id
passive-interface
o
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
default
redistribute
eigrp [ metric <0-16777214> | subnets | tag <0-4294967295> ]
metric <0-16777214>
ospf <1-65535> [ match { external [ 1 | 2 ] | internal | nssa-external } ] [ metric <0-16777214> | subnets | tag <0-4294967295>
]
rip WORD [ metric <0-16777214> | subnets | tag <0-4294967295> ]
router-id A.B.C.D
Router RIP Mode
auto-summary
distance <1-255>
exit
network A.B.C.D
no
o
auto-summary
default-information
distance <1-255>
network A.B.C.D
passive-interface
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
Vlan <1-1005>
default
redistribute
connected [ metric [ <0-16> | transparent ] ]
eigrp <1-65535> [ metric [ <0-16> | transparent ] ]
metric [ <0-16> | transparent ]
ospf <1-65535> [ match { external [ 1 | 2 ] | internal | nssa-external } ] [ metric default-metric ]
rip [ metric [ <0-16> | transparent ] ]
static [ metric [ <0-16> | transparent ] ]
timers basic
versions <1-2>
passive-interface
o
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
Vlan <1-1005>
default
redistribute
o
timers basic <0-4294967295> <1-4294967295> <0-4294967295> <1-4294967295>
version <1-2>
IPv6 Router RIP Mode
distance <1-254>
exit
no
o
distance
redistribute
connected [ metric [ <1-16> | transparent ]
eigrp <1-65535> [ metric [ <1-16> | transparent ]
ospf <1-65535> [ match { external [ 1 | 2 ] | internal | nssa-external } ] [ metric [ <1-16> | transparent ]
rip WORD [ metric [ <1-16> | transparent ]
static [ metric [ <1-16> | transparent ]
redistribute
o
connected [ metric [ <1-16> | transparent ]
eigrp <1-65535> [ metric [ <1-16> | transparent ]
ospf <1-65535> [ match { external [ 1 | 2 ] | internal | nssa-external } ] [ metric [ <1-16> | transparent ]
rip WORD [ metric [ <1-16> | transparent ]
static [ metric [ <1-16> | transparent ]
DHCP Pool Configuration Mode
default-router A.B.C.D
dns-server A.B.C.D
exit
network A.B.C.D A.B.C.D
no dns-server
option <0-254> ip A.B.C.D
IPv6 DHCP Pool Configuration Mode
dns-server X:X:X:X::X
domain-name WORD
exit
no
o
domain-name WORD
prefix-delegation
X:X:X:X::X/<0-128> WORD [ lifetime ] <60-4294967295> <60-4294967295>
pool WORD [ lifetime ] <60-4294967295> <60-4294967295>
prefix-delegation
o
Rommon Mode
boot
confreg config-register-number
dir flash:
help
reset
set
tftpdnld
unset variable
variable=value
Routers: IOS 15
Packet Tracer uses a simplified model of the Cisco IOS. Click on the CLI tab in the router configuration window to access the Cisco IOS command
line interface for the router. Use the Copy and Paste buttons to copy and paste text to and from the command line. This page lists the Cisco IOS
command tree for Packet Tracer routers. For Cisco 1841 and 2811 routers with switching capabilities, refer to the "Switch IOS" page for additional
commands. The tree contains only Cisco IOS command chains that are supported in Packet Tracer.
User Mode
<1-99>
connect [ WORD ]
disable
disconnect <1-16>
exit
logout
ping [ ip | ipv6 ] WORD
show
o
arp
cdp
entry

interface
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Serial <0-9>/<0-24>[.][<0-4294967295>]
neighbors [ details ]
class-map [ WORD ]
clock
controllers
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Serial <0-9>/<0-24>
Serial <0-9>/<0-24>[.][<0-4294967295>]
dot11 interface
flash:
frame-relay
lmi
map
pvc
<16-1022>
interface
serial <0-9>/<0-24>[.][<0-4294967295>]
history
hosts
interfaces
Dot11Radio <0-24>/<0-24>/<0-24>
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
Serial <0-9>/<0-24>[.][<0-4294967295>]
Tunnel <0-2147483647>
Vlan <1-1005>
switchport
trunk
ip
arp
bgp
neighbors
summary
dhcp binding
eigrp
interface <1-65535>
neighbors <1-65535>
topology
<1-65535>
A.B.C.D [ A.B.C.D ]
A.B.C.D [ A.B.C.D ]
all-links
traffic <1-65535>
interface
Dot11Radio <0-9>/<0-24>/<0-24>
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Loopback <0-2147483647>
Serial <0-9>/<0-24>[.][<0-4294967295>]
Tunnel <0-2147483647>
Vlan <1-1005>
brief
nbar port-map
ospf
<1-65535>
<0-4294967295>
database
interface
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Loopback <0-2147483647>
Serial <0-9>/<0-24>[.][<0-4294967295>]
neighbor
Ethernet <0-9>/<0-24>[.][<0-4294967295>] [ detail ]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>] [ detail ]
GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] [ detail ]
Loopback <0-2147483647> [ detail ]
Serial <0-9>/<0-24>[.][<0-4294967295>] [ detail ]
detail
virtual-links
A.B.C.D
database
interface
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Loopback <0-2147483647>
Serial <0-9>/<0-24>[.][<0-4294967295>]
neighbor
Ethernet <0-9>/<0-24>[.][<0-4294967295>] [ detail ]
Serial <0-9>/<0-24>[.][<0-4294967295>] [ detail ]
detail
virtual-links
border-routers
database
interface
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Loopback <0-2147483647>
Serial <0-9>/<0-24>[.][<0-4294967295>]
neighbor
Ethernet <0-9>/<0-24>[.][<0-4294967295>] [ detail ]
Serial <0-9>/<0-24>[.][<0-4294967295>] [ detail ]
detail
virtual-links
border-routers
database
interface
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Loopback <0-2147483647>
Serial <0-9>/<0-24>[.][<0-4294967295>]
neighbor
Ethernet <0-9>/<0-24>[.][<0-4294967295>] [ detail ]
Serial <0-9>/<0-24>[.][<0-4294967295>] [ detail ]
detail
virtual-links
protocols
rip database
ssh
ipv6
access-list WORD
eigrp
neighbors <1-65535>
topology
<1-65535> [ X:X:X:X::X/<0-128>
X:X:X:X::X/<0-128>
all-links
traffic <1-65535>
general-prefix
interface
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Loopback <0-2147483647>
Serial <0-9>/<0-24>[.][<0-4294967295>]
Tunnel <0-2147483647>
brief
nat [ statistics | translations ]
neighbors
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Loopback <0-2147483647>
Serial <0-9>/<0-24>[.][<0-4294967295>]
Vlan <1-1005>
ospf
<1-65535>
<0-4294967295>
database
interface
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Loopback <0-2147483647>
Serial <0-9>/<0-24>[.][<0-4294967295>]
neighbor
Ethernet <0-9>/<0-24>[.][<0-4294967295>] [ detail ]
Serial <0-9>/<0-24>[.][<0-4294967295>] [ detail ]
detail
A.B.C.D
database
interface
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Loopback <0-2147483647>
Serial <0-9>/<0-24>[.][<0-4294967295>]
neighbor
Ethernet <0-9>/<0-24>[.][<0-4294967295>] [ detail ]
Serial <0-9>/<0-24>[.][<0-4294967295>] [ detail ]
detail
border-routers
database
interface
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Loopback <0-2147483647>
Serial <0-9>/<0-24>[.][<0-4294967295>]
neighbor
Ethernet <0-9>/<0-24>[.][<0-4294967295>] [ detail ]
Serial <0-9>/<0-24>[.][<0-4294967295>] [ detail ]
detail
border-routers
database
interface
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Loopback <0-2147483647>
Serial <0-9>/<0-24>[.][<0-4294967295>]
neighbors
Ethernet <0-9>/<0-24>[.][<0-4294967295>] [ detail ]
Serial <0-9>/<0-24>[.][<0-4294967295>] [ detail ]
detail
border-routers
database
interface
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Loopback <0-2147483647>
Serial <0-9>/<0-24>[.][<0-4294967295>]
neighbors
Ethernet <0-9>/<0-24>[.][<0-4294967295>] [ detail ]
Serial <0-9>/<0-24>[.][<0-4294967295>] [ detail ]
detail
protocols
rip database
route ospf
policy-map
o
WORD
interface
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Serial <0-9>/<0-24>[.][<0-4294967295>]
privilege
protocols
queue
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Serial <0-9>/<0-24>[.][<0-4294967295>]
queueing
sessions
ssh
tcp [ brief ]
terminal
users
version
vlan-switch
brief
id <1-1005>
name WORD
vtp [ counters | status ]
ssh
o
-v 1 -l WORD WORD
-v 2 -l WORD WORD
terminal WORD <0-65535>
traceroute
o
Enable Mode
<1-99>
auto secure
clear
o
aaa local user lockout [ all | username WORD ]
arp-cache
cdp table
frame-relay [ inarp | counter ]
ip
bgp *
nat translation *
ospf process
route [ * | A.B.C.D | A.B.C.D A.B.C.D ]
ipv6
dhcp binding
nat translation *
neighbors
line tty <2-90>
mac-address-table [ dynamic ]
vtp counters
connect [ WORD ]
copy
flash:
ftp:
running-config
startup-config
tftp:
ftp:
flash:
running-config
startup-config
running-config
flash:
ftp
startup-config
tftp:
startup-config
flash:
ftp
running-config
tftp:
tftp:
flash:
running-config
startup-config
debug
o
aaa authenticateion
custom-queue
eigrp
fsm
packets
frame-relay lmi
ip
icmp
nat
ospf [ adj | events ]
packet
rip [ events ]
routing
ipv6
inspect
detailed
events
function-trace
icmp
object-creation
object-deletion
tcp
timers
udp
ntp packets
delete
o
WORD
flash:
dir [ WORD | flash: | nvram: ]
disable
disconnect <1-16>
exit
logout
mkdir [ WORD | flash: ]
more flash:<filename>
no
debug
all
aaa authenticateion
custom-queue
eigrp [ fsm | packets ]
ephone register
frame-relay lmi
ip
icmp
inspect
detailed
events
function-trace
object-creation
object-deletion
timers
nat
packet
rip [ events ]
routing
ipv6
inspect
detailed
events
function-trace
icmp
object-creation
object-deletion
tcp
timers
udp
ntp packets
ping [ WORD | ip | ipv6 ]

o
range of sizes ]
reload
rmdir [ WORD | flash:<filename> ]
send [ * | <0-300> ]
setup
show
aaa
local user lockout
sessions
user [ <1-4294967295> | all ]
access-list [ <1-199> | WORD ]
arp
cdp
entry

interfaces
Ethernet <0-9>/<0-24>[.][<0-4294967295> ]
FastEthernet <0-9>/<0-24>[.][<0-4294967295> ]
GigabitEthernet <0-9>/<0-24>[.][<0-4294967295> ]
Serial <0-9>/<0-24>
class-map [ WORD ]
clock
controllers
Ethernet <0-9>/<0-24>[.][<0-4294967295> ]
FastEthernet <0-9>/<0-24>[.][<0-4294967295> ]
Serial <0-9>/<0-24>
Serial <0-9>/<0-24>[.][<0-4294967295>]
debuggin
dhcp lease
dot11 interface
file system
frame-relay
lmi
map
pvc
<16-1022>
interface Serial <0-9>/<0-24>[<16-1022>]
history
hosts
interface
Dot11Radio <0-9>/<0-24>/<0-24>
Ethernet <0-9>/<0-24>[.][<0-4294967295> ]
FastEthernet <0-9>/<0-24>[.][<0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
Serial <0-9>/<0-24>/<0-4294967295>
Tunnel <0-2147483647>
Vlan <1-1005>
switchport
trunk
ip
arp
dhcp binding
eigrp
neighbors [ <1-65535> ]
topology [ <1-65535> ] [ A.B.C.D A.B.C.D ]
traffic [ <1-65535> ]
interface
Dot11Radio <0-9>/<0-24>/<0-24>
Ethernet <0-9>/<0-24>[.][<0-4294967295> ]
FastEthernet <0-9>/<0-24>[.][<0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
Serial <0-9>/<0-24>/[.][<0-4294967295>
Tunnel <0-2147483647>
Vlan <1-1005>
brief
nat [ translations | statistics ]
nbar port-map
ospf
<1-65535>
<0-4294967295>
database
interface
Ethernet <0-9>/<0-24>[.][<0-4294967295> ]
FastEthernet <0-9>/<0-24>[.][<0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
neighbor
Ethernet <0-9>/<0-24>[.][<0-4294967295> ] [ detail ]
FastEthernet <0-9>/<0-24>[.][<0-4294967295> ] [ detail ]
GigabitEthernet <0-9>/<0-24>[.][<0-4294967295> ] [ detail ]
detail
virtual-links
A.B.C.D
database
interface
Ethernet <0-9>/<0-24>[.][<0-4294967295> ]
FastEthernet <0-9>/<0-24>[.][<0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
neighbor
Ethernet <0-9>/<0-24>[.][<0-4294967295> ] [ detail ]

virtual-links
border-routers
database
interface
Ethernet <0-9>/<0-24>[.][<0-4294967295> ]
FastEthernet <0-9>/<0-24>[.][<0-4294967295> ]
Loopback <0-9>/<0-24>
neighbor
Ethernet <0-9>/<0-24>[.][<0-4294967295> ] [ detail ]

virtual-links
border-routers
database
interface
Ethernet <0-9>/<0-24>[.][<0-4294967295> ]
FastEthernet <0-9>/<0-24>[.][<0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
neighbor
Ethernet <0-9>/<0-24>[.][<0-4294967295> ] [ detail ]
virtual-links
protocols
rip database
ssh
ipv6
dhcp [ binding | interface | pool ]
eigrp
interface <1-65535>
neighbors <1-65535>
topology
<1-65535> [ X:X:X:X::X/<0-128>
X:X:X:X::X/<0-128>
all-links
traffic <1-65535>
general-prefix
inspect
all
config
interfaces
name [ WORD ]
sessions [ detail ]
interface
Ethernet <0-9>/<0-24>[.][<0-4294967295> ]
FastEthernet <0-9>/<0-24>[.][<0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
brief
nat [ statistics | translations ]
neighbors
Ethernet <0-9>/<0-24>[.][<0-4294967295> ]
FastEthernet <0-9>/<0-24>[.][<0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
ospf
<1-65535>
<0-4294967295>
database
interface
Ethernet <0-9>/<0-24>[.][<0-4294967295> ]
FastEthernet <0-9>/<0-24>[.][<0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
neighbor
Ethernet <0-9>/<0-24>[.][<0-4294967295> ] [ detail ]
detail
A.B.C.D
database
interface
Ethernet <0-9>/<0-24>[.][<0-4294967295> ] [ detail ]

neighbor
Ethernet <0-9>/<0-24>[.][<0-4294967295> ] [ detail ]
detail
border-routers
database
interface
Ethernet <0-9>/<0-24>[.][<0-4294967295> ]
FastEthernet <0-9>/<0-24>[.][<0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
neighbors
Ethernet <0-9>/<0-24>[.][<0-4294967295> ] [ detail ]
detail
border-routers
database
interface
Ethernet <0-9>/<0-24>[.][<0-4294967295> ] [ detail ]

neighbors
Ethernet <0-9>/<0-24>[.][<0-4294967295> ] [ detail ]
protocols
rip database
route [ ospf ]
licsense [ all | detail | feature | udi ]
line
logging
login [ failures ]
mac-address-table [ static ]
ntp status
parse view
policy-map
WORD
interface
Ethernet <0-9>/<0-24>[.][<0-4294967295> ]
FastEthernet <0-9>/<0-24>[.][<0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
Serial <0-9>/<0-24>[.][<0-4294967295>]
type inspect zone-pair sessions
privileges
processes
protocols
queue
Ethernet <0-9>/<0-24>[.][<0-4294967295> ]
FastEthernet <0-9>/<0-24>[.][<0-4294967295> ]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
Serial <0-9>/<0-24>[.][<0-4294967295>]
queueing
running-config
secure [ bootset ]
sessions
snmp
spanning-tree
active
detail
interface
FastEthernet <0-9>/<0-24>[.][<0-4294967295> ]
Port-channel <1-6>
Vlan <1-4094> [ portfast ]
summary totals
vlan <1-1005>
ssh
standby
FastEthernet <0-2>/<0-1> [ brief ]
brief
startup-config
tcp [ brief ]
tech-support
terminal
users
users
version
ssh
o
-v 1 -l WORD WORD
-v 2 -l WORD WORD
telnet [ WORD ] [ <0-65535> ]
traceroute [ WORD | ip | ipv6 ]

o
undebug
all
aaa authenticateion
custom-queue
eigrp [ fsm | packets ]
frame-relay lmi
ip
icmp
inspect
detailed
events
function-trace
object-creation
object-deletion
timers
nat
packet
rip [ events ]
routing
ntp packets
vlan database
Global Mode
aaa
authenticateion
enable default
enable
local
none
login [ WORD | default ]
enable
local
enable
none [ group | local ]
none

ppp [ WORD | default ]
enable
none [ group [ radius | tacacs+ ] | local ]

authorization [ exec | network ] [ WORD | default ]
if-authenticateed
local [ group [ radius | tacacs+ ] | if-authenticateed | none ]
none [ group [ radius | tacacs+ ] | if-authenticateed | local ]

new-model
access-list (named ACL is under the "ip access-list" branch in Global Mode)
<1-99>
remark LINE
<100-199>
[ deny | permit ] [ ahp | eigrp | esp | gre | ospf ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any |
host A.B.C.D ]
[ deny | permit ] icmp [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ]
<0-256>
echo
echo-reply
host-unreachable
net-unreachable
port-unreachable
protocol-unreachable
ttl-exceeded
unreachable
[ deny | permit ] ip [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ]
remark LINE
banner
o
motd LINE
login LINE
boot system [ WORD | flash WORD ]
cdp run
clock timezone WORD <-23-23> [ <0-59> ]
config-register WORD
crypto
o
key [ generate | zeroize ] rsa
do LINE
enable
o
password
7 WORD
LINE
level <1-15>
7 WORD
LINE
secret
[ 0 | 5 ] LINE
level <1-15>
[ 0 | 5 ] LINE
end
exit
hostname WORD
interface
o
Dot11Radio <0-9>/<0-24>/<0-24>
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Loopback <0-2147483647>
Tunnel <0-2147483647>
Vlan <1-1005>
range
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Loopback <0-2147483647>
Vlan <1-1005>
ip
access-list

dhcp
pool WORD
domain-lookup
domain-name WORD
forward-protocol udp [ <0-65535> | bootpc | bootps | domain | netbios-dgm | netbios-ns | tacacs | tftp | time ]
ftp
passive
password [ <0-7> | LINE ]
username WORD
host WORD [ <0-65535> | A.B.C.D ] [ A.B.C.D ] [ A.B.C.D ]
name-server [ A.B.C.D ] [ X:X:X:X::X ]
nat
inside source
list [ <1-199> | WORD ] interface [ Ethernet | FastEthernet | GigabitEthernet | Serial ] <0-9>/<0-24>[.][<04294967295>]

list [ <1-199> | WORD ] pool WORD [ overload ]
static
A.B.C.D A.B.C.D
tcp A.B.C.D <1-65535> A.B.C.D <1-65535>
udp A.B.C.D <1-65535> A.B.C.D <1-65535>

outside source
static
A.B.C.D A.B.C.D
tcp A.B.C.D <1-65535> A.B.C.D <1-65535>
udp A.B.C.D <1-65535> A.B.C.D <1-65535>

pool WORD A.B.C.D A.B.C.D netmask A.B.C.D
A.B.C.D [<1-255>]
Ethernet <0-9>/<0-24>[.][<0-4294967295>] [<1-255>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>] [<1-255>]
GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] [<1-255>]
Loopback <0-214483647> [<1-255>]
Serial <0-9>/<0-24>[.][<1-255>]
Vlan <1-1005> [<1-255>]

ssh
authenticateion-retries <0-5>
time-out <1-120>
version <1-2>
tcp [ mss <68-1000> | window-size <0-107374823> ]
ipv6
o
access-list WORD
dhcp pool WORD
general-prefix WORD
X:X:X:X::X/<1-128>
host WORD
<0-65535> [ X:X:X:X::X ] [ X:X:X:X::X ] [ X:X:X:X::X ]
[ X:X:X:X::X ] [ X:X:X:X::X ] [ X:X:X:X::X ]

inspect
alert-off
audit-trail
alert [ off | on ]
timeout <5-43200>
tcp
finwait-time <1-2147483>
idle-time <1-2147483>
synwait-time <1-2147483>
nat
v4v6
pool WORD X:X:X:X::X X:X:X:X::X prefix-length <1-128>
source list WORD [ pool ] WORD
v6v4
pool WORD A.B.C.D A.B.C.D prefix-length
source list WORD
pool WORD [ overload ]
interface
Ethernet <0-9>/<0-24>[.][<0-4294967295>] [ overload ]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>] [ overload ]
GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] [ overload ]
Serial <0-9>/<0-24> [ overload ]
neighbor X:X:X:X::X
Ethernet <0-9>/<0-24>[.][<0-4294967295>] H.H.H
FastEthernet <0-9>/<0-24>[.][<0-4294967295>] H.H.H
GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] H.H.H
Loopback <0-2147483647> H.H.H
Serial <0-9>/<0-24> H.H.H
Vlan <1-1005> H.H.H

Ethernet <0-9>/<0-24>[.][<0-4294967295>] [ <1-254> ]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>] [ <1-254> ]
GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] [ <1-254> ]
Loopback <0-2147483647> [ <1-254> ]
Serial <0-9>/<0-24> [ <1-254> ]
Vlan <1-1005> [ <1-254> ]
X:X:X:X::X [ <1-254> ]
unicast-routing
license boot module c2900 technology-package [ securityk9 disable | uck9 disable ]
line
o
<2-499> [ <3-499> ]
aux <0-0>
console <0-0>
tty <2-90> [ <2-90> ]
vty <0-15> [ <0-15> ]
x/y/z
logging
o
A.B.C.D
buffered <4096-2147483647>
console
host A.B.C.D
on
trap [ debugging ]
userinfo
login
o
block-for <1-65535> attempt <1-65535> within <1-65535>

o
Ethernet <0-9>/<0-24>[.][<0-4294967295>] vlan <1-1005>
FastEthernet <0-9>/<0-24>[.][<0-4294967295>] vlan <1-1005>
GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] vlan <1-1005>
no
aaa
authenticateion [ enable default ]
authorization [ exec | network ] [ WORD | default ]
new-model
access-list [ <1-99> | <100-199> ]
banner [ login | motd ]
boot system [ WORD | flash WORD ]
cdp run
clock timezone
config-register
Dot11 ssid LINE
enable
password [ 7 WORD | level <1-15> ]
secret [ level <1-15> ]
hostname
interface
Dot11Radio <0-9>/<0-24>/<0-24>
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
Tunnel <0-2147483647>
Vlan <1-1005>
ip
access-list
dhcp
pool WORD
domain [ lookup | name ]
domain-lookup
domain-name
forward-protocol [ <0-65535> | bootpc | domain | netbios-dgm | netbios-ns | tacacs | tftp ]
ftp [ passive | password | username ]
host WORD [ <0-65535> ] [ A.B.C.D ] [ A.B.C.D ] [ A.B.C.D ]
inspect
alert-off
audit-trail
local pool WORD
name-server
nat
inside source
list [ <1-199> | WORD ]
static
A.B.C.D A.B.C.D
tcp A.B.C.D <1-65535> A.B.C.D <1-65535>
udp A.B.C.D <1-65535> A.B.C.D <1-65535>

outside source
list [ <1-199> | WORD ]
static
A.B.C.D A.B.C.D
tcp A.B.C.D <1-65535> A.B.C.D <1-65535>
udp A.B.C.D <1-65535> A.B.C.D <1-65535>

<1-255>
A.B.C.D [ <1-255> ]
Ethernet <0-9>/<0-24>[.][<0-4294967295>] [ <1-255> ]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>] [ <1-255> ]
Loopback <0-2147483647> [ <1-255> ]
Null <0-0> <1-255>
Serial <0-9>/<0-24> [ <1-255> ]
Vlan <1-1005> [ <1-255> ]

ssh
authenticateion-retries
time-out
version [ 1 | 2 ]
tcp [ mss | window-size ]
ipv6
access-list WORD
dhcp pool WORD
general-prefix WORD [ X:X:X:X::X/<0-128> ]
host WORD
inspect
alert-off
audit-trail
max-incomplete [ high | low ]
one-minute [ high | low ]
tcp [ finwait-time | idle-time | synwait-time ]
udp idle-time
nat
v4v6
pool WORD
source list WORD [ pool ] WORD

v6v4
pool WORD
source list WORD pool WORD [ overload ]
neighbor X:X:X:X::X
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
Vlan <1-1005>
<1-254>
Ethernet <0-9>/<0-24>[.][<0-4294967295>] [ <1-254> ]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>] [ <1-254> ]
Loopback <0-2147483647> [ <1-254> ]
Serial <0-9>/<0-24> [ <1-254> ]
X:X:X:X::X [ <1-254> ]
router
eigrp <1-65535>
ospf <1-65535>
rip WORD
unicast-routing
license boot module c2900 technology-package [ security disable | uck9 disable ]
logging
A.B.C.D
buffered
console
host A.B.C.D
on
trap [ debugging ]
userinfo
login
block-for

Ethernet <0-9>/<0-24>[.][<0-4294967295>] vlan <1-1005>
FastEthernet <0-9>/<0-24>[.][<0-4294967295>] vlan <1-1005>
GigabitEthernet <0-9>/<0-24>[.][<0-4294967295>] vlan <1-1005>
ntp
authenticatee
authenticateion-key <1-4294967295>
server A.B.C.D
trusted-key <1-4294967295>
update-calendar
parser view WORD
default
protocol

queue-limit
privilege [ configure | exec | interface | line | router ] [ all ] [ level <0-15> ] LINE
queue-list <1-16>
default
protocol
ip <0-16>
list [ <1-199> | <1300-2699> ]
tcp <0-65535>
udp <0-65535>
ipv6 <0-16>
queue <0-16>
byte-count <1-16777215> [ limit <0-32767> ]
limit <0-32767> [ byte-count <1-16777215> ]

radius-server
host A.B.C.D
auth-port <0-65535> [ key LINE ]
key LINE
key LINE
router
bgp <1-65535>
eigrp <1-65535>
ospf <1-65535>
rip
service
nagle
password-encryption
timestamps [ debug | log ] [ datetime | msec ]
snmp-server [ community WORD [ ro | rw ] ]
spanning-tree
mode
portfast default
vlan <1-1005> [ priority | root ]

tacacs-server
host A.B.C.D
key LINE

key LINE
username WORD
vpdn enable
vpdn-group WORD
zone security WORD
ntp
o
authenticateion
server A.B.C.D [ key <0-4294967295> ]
trusted-key <1-4294967295>
update-calendar
parser view WORD
default [ high | low | medium | normal ]
protocol

queue-limit <0-32767> <0-32767> <0-32767> <0-32767>
privilege [ configure | exec | interface | line | router ] [ all ] [ level <0-15> | reset ] LINE
queue-list <1-16>
o
default <0-16>
protocol
ip <0-16>
list [ <1-199> | <1300-2699> ]
tcp <0-65535>
udp <0-65535>
ipv6 <0-16>
queue <0-16>
byte-count <1-16777215> [ limit <0-32767> ]
limit <0-32767> [ byte-count <1-16777215> ]
radius-server
host A.B.C.D
auth-port <0-65535> [ key LINE ]
key LINE
key LINE
router
o
bgp <1-65535>
eigrp <1-65535>
ospf <1-65535>
rip
security password min-length <0-16>
service
nagle
password-encryption
timestamps [ debug | log ] [ datetime | msec ]

spanning-tree
o
mode [ pvst | rapid-pvst ]
portfast default
vlan <1-1005>
priority <0-61440>
root [ primary | secondary ]
tacacs-server
host A.B.C.D
key LINE

key LINE
username WORD [ privilege <0-15> ]

o
password [ 0 LINE | 7 WORD | LINE ]
secret [ 0 LINE | 5 WORD | LINE ]
vpdn enable
vpdn-group WORD
zone security WORD
Standard Access List Configuration Mode
<1-2147483647>
deny
A.B.C.D [ A.B.C.D ]
any
host A.B.C.D
permit
A.B.C.D [ A.B.C.D ]
any
host A.B.C.D
default
deny
A.B.C.D [ A.B.C.D ]
any
host A.B.C.D
permit
A.B.C.D [ A.B.C.D ]
any
host A.B.C.D
deny
A.B.C.D [ A.B.C.D ]
any
host A.B.C.D
exit
no
deny
A.B.C.D [ A.B.C.D ]
any
host A.B.C.D
permit
A.B.C.D [ A.B.C.D ]
any
host A.B.C.D
permit
A.B.C.D [ A.B.C.D ]
any
host A.B.C.D
remark LINE
Extended Access List Configuration Mode
<1-2147483647>
deny
permit
default
o
o
A.B.C.D | gt <0-65535> | lt <0-65535> | neq <0-65535> | range <0-65535> <0-65535> ] [ eq <0-65535> | gt <0-65535> | lt <0-
65535> | neq <0-65535> | range <0-65535> <0-65535> ]
deny
o
o
range <0-65535> <0-65535> ]
exit
no
o
o
permit
o
o
range <0-65535> <0-65535> ]
remark LINE
cdp enable
crypto map WORD
delay <1-16777215>
description LINE
exit
fair-queue [ <1-4096> ] [ <16-4096> ] [ <0-1000> ]
ip
o
address [ A.B.C.D A.B.C.D | dhcp ]
mtu <68-1500>
ospf
cost <1-65535>
priority <0-255>
proxy-arp
split-horizon
ipv6
address
WORD X:X:X:X::X/<0-128>
autoconfig
dhcp
client pd WORD
server WORD
eigrp <1-65535>
enable
mtu <1280-1500>
nat [ prefix X:X:X:X::X/<0-128> [ v4-mapped ] [ WORD ] ]
nd [ other-config-flag | na suppress ]
ospf
cost <1-65535>
priority <0-255>
rip WORD
enable
mac-address H.H.H
mtu <64-1600>
no
o
arp timeout
bandwidth
cdp enable
crypto map [ WORD ]
delay
description
duplex
fair-queue [ <1-4096> ] [ <16-4096> ] [ <0-1000> ]
ip
address [ dhcp ]
helper-address
mtu <68-1500>
ospf
authenticateion
authenticateion-key
cost
dead-interval
hello-interval
priority
proxy-arp
split-horizon

ipv6
address
WORD X:X:X:X::X/<0-128>
autoconfig
dhcp
client pd WORD
server WORD
eigrp <1-65535>
enable
mtu <1280-1500>
nat [ prefix X:X:X:X::X/<0-128> [ v4-mapped ] [ WORD ] ]
nd
ospf
cost <1-65535>
network
priority <0-255>
traffic-filter [ in | out ] WORD
mac-address
mtu
pppoe enable
priority-group
shutdown
speed
standby
<0-4095>
FastEthernet <0-9>/<0-24>[.][<0-4294967295> ]
Serial <0-9>/<0-24>[.][<0-4294967295>]
ip A.B.C.D
ipv6
preempt
priority
track
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Serial <0-9>/<0-24>[.][<0-4294967295>]
preempt
priority
track
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Serial <0-9>/<0-24>[.][<0-4294967295>]
tx-ring-limit
pppoe enable
shutdown
speed [ 10 | 100 | 1000 | auto ] (10/100 options are only available for FastEthernet and GigabitEthernet interfaces and 10/100/1000
options are only available for GigabitEthernet interfaces respectively)
standby
<0-4095>
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Serial <0-9>/<0-24>[.][<0-4294967295>]
ip A.B.C.D
ipv6
preempt
priority
track
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Serial <0-9>/<0-24>[.][<0-4294967295>]
preempt
priority
track
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Serial <0-9>/<0-24>[.][<0-4294967295>]
Ethernet / FastEthernet / GigabitEthernet Sub-Interface Mode
delay <1-16777215>
description LINE
encapsulation dot1q <1-1005> [ native ]
exit
ip
o
mtu <68-1500>
ospf
cost <1-65535>
priority <0-255>
proxy-arp
split-horizon

ipv6
address
WORD X:X:X:X::X/<0-128>
autoconfig
dhcp
client pd WORD
server WORD
eigrp <1-65535>
enable
mtu <1280-1500>
ospf
<1-65535> area [ [ <0-4294967295> | A.B.C.D ] instance <0-255> ]
cost <1-65535>
mtu <64-1600>
no
o
arp timeout
bandwidth
delay
description
encapsulation dot1q
ip
address [ dhcp ]
mtu
ospf
authenticateion
authenticateion-key
cost
dead-interval
hello-interval
priority
proxy-arp
split-horizon

ipv6
address
WORD X:X:X:X::X/<0-128>
autoconfig
dhcp
client pd WORD
server WORD
eigrp <1-65535>
enable
mtu
ospf
cost
dead-interval
hello-interval
network
priority
traffic-filter [ WORD [ in | out ] | [ in | out ] ]
mtu
shutdown
standby <0-4095> ipv6
shutdown
standby
o
<0-4095> ipv6 autoconfig
ipv6 autoconfig
Serial Interface Mode
cdp enable
clock rate <1200-4000000> (only certain clock rates that are listed are valid)
crypto map WORD
delay <1-16777215>
description LINE
encapsulation
o
hdlc
ppp
frame-relay [ ietf ]
exit
fair-queue [ <1-4096> ] [ <16-4096> ] [ <0-1000> ]
frame-relay
o
lmi-type [ ansi | ciso | q933a ]
map
ip A.B.C.D <16-1007>
cisco [ broadcast ]
ietf [ broadcast ]
ipv6 X:X:X:X::X <16-1007>
cisco [ broadcast ]
ietf [ broadcast ]
ip
o
address A.B.C.D A.B.C.D
mtu <68-1500>
ospf
cost <1-65535>
priority <0-255>
split-horizon
virtual-reassembly
ipv6
address
WORD X:X:X:X::X/<0-128>
autoconfig
dhcp
client pd WORD
server WORD
eigrp <1-65535>
enable
mtu <1280-1500>
ospf
cost <1-65535>
priority <0-255>
keepalive <0-30>
mtu <64-17940>
no
o
cdp enable
clock rate
crypto map [ WORD ]
delay
description
ecnapsulation
fair-queue [ <1-4096> ] [ <16-4096> ] [ <0-1000> ]
frame-relay
map [ ip A.B.C.D | ipv6 X:X:X:X::X ]

ip
address [ dhcp ]
mtu <68-1500>
ospf
authenticateion
authenticateion-key
cost
dead-interval
hello-interval
network
priority
split-horizon
virtual-reassembly
ipv6
address
WORD X:X:X:X::X/<0-128>
X:X:X:X::X/<0-128>
autoconfig
dhcp
client pd WORD
server WORD
eigrp <1-65535>
enable
mtu
nat [ prefix X:X:X:X::X/<0-128> ] [ v4-mapped WORD ]
ospf
cost
dead-interval
hello-interval
network
priority
keepalive
mtu
ppp [ authenticateion | pap sent-username ]
shutdown
tx-ring-limit
ppp
o
authenticateion chap [ pap ]
authenticateion pap [ chap ]
pap sent-username WORD password [ 0 LINE | LINE ]
shutdown
Tunnel Interface Mode
exit
ip address A.B.C.D A.B.C.D
ipv6
address
WORD X:X:X:X::X/<0-128>
autoconfig
eigrp <1-65535>
enable
nd ra suppress
ospf
cost <1-65535>
priority <0-255>
no
o
ip address [ A.B.C.D A.B.C.D ]
ipv6
address
WORD X:X:X:X::X/<0-128>
autoconfig
eigrp <1-65535>
enable
nd ra suppress
ospf
cost
dead-interval
hello-interval
network
priority
shutdown
tunnel [ destination | mode | source ]
shutdown
tunnel
o
destination A.B.C.D
mode [ gre ip | ipv6ip isatap ]
source
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
VLAN Interface Mode
delay <1-16777215>
description LINE
exit
ip
o
address [ A.B.C.D A.B.C.D ] [ dhcp ]
ospf
cost <1-65535>
priority <0-255>
proxy-arp
split-horizon
ipv6
address
WORD X:X:X:X::X/<0-128>
autoconfig
dhcp
client pd WORD
server WORD
eigrp <1-65535>
enable
mtu <1280-1500>
ospf
cost <1-65535>
priority <0-255>
no
o
arp timeout
bandwidth
delay
description
ip
address [ dhcp ]
ospf
authenticateion
authenticateion-key
cost
dead-interval
hello-interval
priority
proxy-arp
split-horizon

ipv6
address
WORD X:X:X:X::X/<0-128>
autoconfig
dhcp
client pd WORD
server WORD
eigrp <1-65535>
enable
mtu
ospf
cost
dead-interval
hello-interval
network
priority
shutdown
standby
<0-4095>
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Serial <0-9>/<0-24>[.][<0-4294967295]
ip A.B.C.D
ipv6
preempt
priority
track
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Serial <0-9>/<0-24>[.][<0-4294967295>]
preempt
priority
track
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Serial <0-9>/<0-24>[.][<0-4294967295>]
shutdown
standby
o
<0-4095>
ip A.B.C.D
ipv6 autoconfig
preempt
priority <0-255>
track
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Serial <0-9>/<0-24>[.][<0-4294967295>]
ip A.B.C.D
ipv6 autoconfig
preempt
priority <0-255>
timers <1-254>
track
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Serial <0-9>/<0-24>[.][<0-4294967295>]
exit
no
o
vlan <1-1005> [ name ]
vtp
client
password
transparent
v2-mode
vlan <1-1005> [ name ] [ WORD ]
vtp
o
client
domain WORD
password WORD
server
transparent
v2-mode
description LINE
exit
match
access-group
<1-2699>
name WORD
any
class-map WORD
cos <0-7>
input-interface
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
ip
not
access-group
<1-2699>
name WORD
class-map WORD
cos <0-7>
input-interface
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
ip
qos-group <0-1023>
protocol
arp
bgp
cdp
dhcp
dns
eigrp
ftp
gre
h323
icmp
ip
ipsec
ipv6
ntp
ospf
pop3
rip
rtp
skinny
smtp
snmp
ssh
syslog
tcp
telnet
tftp
udp
qos-group <0-1023>
no
o
match
access-group
<1-2699>
name WORD
any
class-map WORD
cos <0-7>
input-interface
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
ip
not
access-group
<1-2699>
name WORD
class-map WORD
cos <0-7>
input-interface
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
ip
dscp [ <0-63> | af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | cs1 | cs2 | cs3
| cs4 | cs5 | cs6 | cs7 | default | ef ]
protocol
arp
bgp
cdp
dhcp
dns
eigrp
ftp
gre
h323
icmp
ip
ipsec
ipv6
ntp
ospf
pop3
rip
rtp
skinny
smtp
snmp
ssh
syslog
tcp
telnet
tftp
udp
qos-group <0-1023>

qos-group <0-1023>
Zone Security Configuration Mode
exit
Zone-Pair Security Configuration Mode
exit
no
Dynamic Crypto Map Configuration Mode
exit
no
o
reverse-route
set transform-set
reverse-route
set transform-set WORD
Parser View Configuration Mode
default
o
secret
exit
no
o
secret
Router BGP Mode
bgp
o
router-id A.B.C.D
exit
neighbor
o
network
no
bgp
router-id A.B.C.D
neighbor

network

redistribute
connected
eigrp <1-65535>
ospf <1-65535>
match
external
internal
nssa-external
static
synchronization
timers bgp <0-65535>
redistribute
o
connected
eigrp <1-65535>
ospf <1-65535>
match
external
internal
nssa-external
static
synchronization
timers bgp <0-65535> <0-65535>
Router EIGRP Mode
auto-summary
distance eigrp <1-255> <1-255>
exit
metric weights <0-8> <0-256> <0-256> <0-256> <0-256> <0-256>
no
o
auto-summary
distance eigrp
metric weights
redistribute
bgp <1-65535> [ metric ] [ <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ]
connected [ metric <1-4294967295> <0-4294967295> <0-255> <1-255> <1-65535> ]
eigrp <1-65535> [ metric <1-4294967295> <0-4294967295> <0-255> <1-255> <1-65535> ]
metric [ <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ]
rip [ metric <1-4294967295> <0-4294967295> <0-255> <1-255> <1-65535> ]
static [ metric <1-4294967295> <0-4294967295> <0-255> <1-255> <1-65535> ]

passive-interface
BW MTU ]
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
Vlan <1-1005>
default
variance
passive-interface
o
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
Vlan <1-1005>
default
redistribute
o
bgp <1-65535> [ metric ] [ <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ]
connected [ metric <1-4294967295> <0-4294967295> <0-255> <1-255> <1-65535> ]
eigrp <1-65535> [ metric <1-4294967295> <0-4294967295> <0-255> <1-255> <1-65535> ]
metric [ <1-4294967295> ] [ <0-4294967295> <0-255> <1-255> <1-65535> ]
ospf <1-65535> [ match { external [ 1 | 2 ] | internal | nssa-external } ] [ metric bandwidth delay reliability effective BW
MTU ]
rip [ metric <1-4294967295> <0-4294967295> <0-255> <1-255> <1-65535> ]
static [ metric <1-4294967295> <0-4294967295> <0-255> <1-255> <1-65535> ]
variance <1-128>
IPv6 Router EIGRP Mode
exit
metric weights <0-8> <0-255> <0-255> <0-255> <0-255> <0-255>
no
o
metric weights <0-8> <0-255> <0-255> <0-255> <0-255> <0-255>
redistribute
bgp <1-65535> [ metric <1-4294967295> [ <0-4294967295> <0-255> <1-255> <1-65535> ] ]
connected [ metric [ <1-4294967295> <0-4294967295> <0-255> <1-255> <1-65535> ] ]
eigrp <1-65535> [ metric <1-4294967295> [ <0-4294967295> <0-255> <1-255> <1-65535> ] ]
rip WORD [ metric <1-4294967295> [ <0-4294967295> <0-255> <1-255> <1-65535> ] ]
static
router-id
shutdown
redistribute
o
bgp <1-65535> [ metric <1-4294967295> [ <0-4294967295> <0-255> <1-255> <1-65535> ] ]
connected [ metric [ <1-4294967295> <0-4294967295> <0-255> <1-255> <1-65535> ] ]
eigrp <1-65535> [ metric <1-4294967295> [ <0-4294967295> <0-255> <1-255> <1-65535> ] ]
BW MTU ]
ospf <1-65535> [ match { external [ 1 | 2 ] | internal | nssa-external } ] [ metric bandwidth delay reliability effective BW
MTU ]
rip WORD [ metric <1-4294967295> [ <0-4294967295> <0-255> <1-255> <1-65535> ] ]
static
router-id A.B.C.D
shutdown
Router OSPF Mode
area
[ <0-4294967295> | A.B.C.D ]
authenticateion message-digest
nssa no-summary
stub no-summary
distance <1-255>
exit
no
area
[ <0-4294967295> | A.B.C.D ]
authenticateion message-digest
nssa no-summary
stub no-summary
distance <1-255>
redistribute
bgp <1-65535> [ metric <0-16777214 | subnets | tag <0-4294967295> ]
eigrp <1-65535> [ metric <0-16777214> | subnets | tag <0-4294967295> ]
metric <0-16777214>
ospf <1-65535> [ match { external [ 1 | 2 ] | internal | nssa-external } ] [ metric <0-16777214> | subnets | tag <04294967295> ]
rip [ metric <0-16777214> | subnets | tag <0-4294967295> ]
static [ metric <0-16777214> | subnets | tag <-0-4294967295> ]

passive-interface
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
Vlan <1-1005>
default
router-id
passive-interface
o
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
Vlan <1-1005>
default
redistribute
bgp <1-65535> [ metric <0-16777214 | subnets | tag <0-4294967295> ]
metric <0-16777214>
ospf <1-65535> [ match { external [ 1 | 2 ] | internal | nssa-external } ] [ metric <0-16777214> | subnets | tag <0-4294967295>
]
rip [ metric <0-16777214> | subnets | tag <0-4294967295> ]
static [ metric <0-16777214> | subnets | tag <-0-4294967295> ]
router-id A.B.C.D
IPv6 Router OSPF Mode
area <1-65535>
o
nssa [ no-summary ]
stub [ no-summary ]
distance <1-254>
exit
no
area <1-65535>
nssa [ no-summary ]
stub [ no-summary ]
distance <1-254>
passive-interface
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
default
redistribute
metric <0-16777214>
ospf <1-65535> [ match { external [ 1 | 2 ] | internal | nssa-external } ] [ metric <0-16777214> | subnets | tag <04294967295 ]
rip WORD [ metric <0-16777214> | subnets | tag <0-4294967295>

router-id
passive-interface
o
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
default
redistribute
o
metric <0-16777214>
ospf <1-65535> [ match { external [ 1 | 2 ] | internal | nssa-external } ] [ metric <0-16777214> | subnets | tag <0-4294967295 ]
rip WORD [ metric <0-16777214> | subnets | tag <0-4294967295>
router-id A.B.C.D
Router RIP Mode
auto-summary
distance <1-255>
exit
network A.B.C.D
no
o
auto-summary
default-information
distance <1-255>
network A.B.C.D
passive-interface
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
Vlan <1-1005>
default
redistribute
timers basic
version <1-2>
passive-interface
o
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Loopback <0-2147483647>
Serial <0-9>/<0-24>
Vlan <1-1005>
default
redistribute
o
timers basic <0-4294967295> <1-4294967295> <0-4294967295> <1-4294967295>
version <1-2>
IPv6 Router RIP Mode
distance <1-254>
exit
no
o
distance
redistribute
ospf <1-65535> [ match { external [ 1 | 2 ] | internal | nssa-external } ] [ metric [ <1-16> | transparent ] ]
rip WORD [ metric [ <1-16> | transparent ] ]
redistribute
o
ospf <1-65535> [ match { external [ 1 | 2 ] | internal | nssa-external } ] [ metric [ <1-16> | transparent ] ]
rip WORD [ metric [ <1-16> | transparent ] ]
DHCP Pool Configuration Mode
default-router A.B.C.D
dns-server A.B.C.D
exit
network A.B.C.D A.B.C.D
no dns-server
option <0-254> ip A.B.C.D
IPv6 DHCP Pool Configuration Mode
domain-name WORD
exit
no
o
domain-name WORD
prefix-delegation
prefix-delegation
o
databits [ 5 | 6 | 7 | 8 ]
exit
exec-timeout <0-35791> [ <0-2147483> ]
logging synchronous
login
o
local
motd-banner
no
o
[ access-class [ <1-199> | <1300-2699> | WORD ] [ in | out ]
databits
exec-timeout
flowcontrol
history size
logging synchronous
login
local
motd-banner
parity
password
privilege level
session-limit
speed
stopbits
transport output
password [ 7 WORD | LINE ]
privilege level <0-15>
session-limit <0-4294967295>
speed <0-4294967295>
stopbits [ 1 | 1.5 | 2 ]
transport output [ all | none | ssh | telnet ]
Policy-Map Configuration Mode
class [ type inspect ] [ WORD | class-default ]
exit
no
o
class [ type inspect ] [ WORD | class-default ]
Policy-Map Class Configuration Mode
bandwidth [ <8-2000000> | percent <1-100> | remaining percent <1-100> ]
exit
no
o
bandwidth
priority
queue-limit
random-detect
dscp-based
prec-based
precedence <0-7>
service-policy WORD
set
ip
shape average
priority [ <8-2000000> | percent <1-100> ] [ <32-2000000> ]
queue-limit <1-4096>
random-detect
o
dscp [ <0-63> | af11 | af12 | af13 | af21 | af22 | af23 | af31 | af32 | af33 | af41 | af42 | af43 | cs1 | cs2 | cs3 | cs4 | cs5 | cs6 | cs7 |
default | ef ] <1-4096> <1-4096> [ <1-65535> ]
dscp-based
prec-based
precedence <0-7> <1-4096> <1-4096> [ <1-65535> ]
service-policy WORD
set
ip
shape average <8000-154400000>
Rommon Mode
boot
confreg config-register-number
dir flash:
help
reset
set
tftpdnld
unset variable
variable=value
Configuring Switches
The Config tab for the switch offers three general levels of configuration: global, switching, and interface. The global level offers the same settings
as a router. The routing level also offers the same configuration parameters as a router. The switching level, however, is where you can manage the
VLAN database of the switch. The interface level configurations also offer access to the VLAN settings of the switch. Note that the Config tab
provides an alternative to the Cisco IOS CLI only for some simple, common features; to access the full set of switch commands that have been
modeled you must use the Cisco IOS CLI.
Throughout your configurations in the Config tab, the lower window will display the equivalent Cisco IOS commands for all your actions.
Global Settings
In global settings, you can change the switch display name as it appears on the workspace and the hostname as it appears in the Cisco IOS. You can
also manipulate the switch configuration files in these various ways:
Erase the NVRAM (where the startup configuration is stored).
Save the current running configuration to the NVRAM.
Export the startup and running configuration to an external text file.
Load an existing configuration file (in .txt format) into the startup configuration.
Merge the current running configuration with another configuration file.
Algorithm Settings
In the Algorithm Settings, you can override the global Algorithm Settings by removing the checkmark Global Settings and then set your own
values for the Maximum Number of Connections, Maximum Number of Opened Sessions, and Storm Control Multiplier. For the Cisco
Catalyst 3560-24PS, you can also set the Half-Open Session Multiplier.
Routing Configuration (Cisco Catalyst 3560-24PS only)

The Cisco Catalyst 3560-24PS multilayer switch supports IP routing. You can make static routes on the router by choosing the Static sub-panel. Each
static route you add requires a network address, subnet mask, and next hop address.
You can enable RIP version 1 on specified networks by choosing the RIP sub-panel. Enter an IP address into the Network field and click the Add
button. The RIP-enabled network is added to the Network Address list. You can disable RIP on a network by clicking the Remove button to remove
it from the list.
VLAN Database Configuration

You can manage the VLANs of the switch from the VLAN Database sub-panel. You can add VLANs by entering a name and a VLAN number and
pressing the Add button. You can see all existing VLAN entries in the list below the button. You can remove a VLAN by selecting it in the list and
then pressing the Remove button. To associate a particular interface with a VLAN, go to the configuration panel of that interface.
Switches have only Ethernet-type interfaces. For each interface, you can set the Port Status (on or off), Bandwidth, Duplex setting, VLAN Switch
Mode, and Tx Ring Limit. By default, an interface is a VLAN access port assigned to VLAN 1. You can use the drop-down menu on the right side
of the screen to reassign the port to another existing VLAN. You can also change an interface into a VLAN trunk port, and then use the drop-down
menu on the right to select the VLANs you want that trunk to handle.
In Packet Tracer, the switch allows all VLANs (1 to 1005) on a trunk port by default,
even if the VLAN does not actually exist on the switch. In the drop-down menu, you can
see the current VLANs and block (uncheck) them from the trunk. However, you cannot
block VLANs that do not exist. This does not affect the functionality of the switch. It is
simply a way to display VLANs (or a range of VLANs) that the trunk supports.
Switches: IOS
Packet Tracer uses a simplified model of the Cisco IOS. Click on the CLI tab in the switch configuration window to access the Cisco IOS command
line interface for the switch. Use the Copy and Paste buttons to copy and paste text to and from the command line. This page lists the Cisco IOS
command tree for Packet Tracer switches. For the Cisco Catalyst 3560-PS switch with Layer 3 capabilities, refer to the "Router IOS" page for
additional commands. The tree contains only Cisco IOS command chains that are supported in Packet Tracer.
User Mode
<1-99>
connect WORD
disconnect <1-16>
enable <0-15>
exit
logout
ping WORD
show
o
arp
cdp
entry

interface
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
clock
etherchannel
load-balance
port-channel
summary
flash:
history
interface
Ethernet <0-9>/<0-24> [ switchport ]
FastEthernet <0-9>/<0-24> [ switchport ]
GigabitEthernet <0-9>/<0-24> [ switchport ]
Vlan <1-1005>
etherchannel
switchport
trunk
ip interface
Vlan <1-1005>
brief
ipv6 interface Vlan <1-1005>
mac address-table
dynamic
interfaces
Ethernet <0-9>/<0-24>
Port-channel <1-64>
static
mls [ qos ] [ interface ] [ FastEthernet <0-9>/<0-24> ]
privilege
sessions
ssh
tcp [ brief ]
terminal
users
version
vlan
brief
id <1-1005>
name [ WORD ]
telnet [ WORD ]
terminal history size [ <0-256> ]
traceroute WORD
Enable Mode
<1-99>
clear
o
arp-cache
cdp table
mac address-table
port-security [ all | configured | dynamic | sticky ]
vtp counters
configure terminal
connect [ WORD ]
copy
flash
ftp:
running-config
startup-config
tftp:
ftp:
flash:
running-config
startup-config
running-config
startup-config
tftp:
flash:
ftp:
startup-config
running-config
tftp:
flash:
ftp:
debug
o
ip icmp
sw-vlan
packets
vtp events
delete [ WORD | flash: ]
dir [ flash: ]
disable
disconnect <1-16>
enable [ <0-15> ]
exit
logout
more flash: WORD
no debug
o
all
ip icmp
sw-vlan
packets
vtp events
ping [ WORD ]
o
range of sizes ]
reload
setup
show
o
arp
boot
cdp
entry

interfaces
Ethernet <0-9>/<0-24>[.][<0-4294967295>]
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
clock
dhcp lease
dtp
etherchannel [ load-balance | port-channel | summary ]
flash:
history
hosts
interfaces
Ethernet <0-9>/<0-24>[ switchport ]
FastEthernet <0-9>/<0-24>[ switchport ]
GigabitEthernet <0-9>/<0-24>[ switchport ]
Vlan <1-1005>
etherchannel
switchport
trunk
ip
arp
dhcp binding
interface
vlan <1-1005>
brief
ssh
ipv6 interface Vlan <1-1005>
logging
mac address-table
static
dynamic
interfaces
Ethernet <0-9>/<0-24>
Port-channel <1-64>
mls qos interface [ FastEthernet <0-9>/<0-24> ]
port-security
address
interface
Ethernet <0-9>/<0-24>
privilege
processes
running-config
sessions
snmp
spanning-tree
active
detail
inconsistentports
interface
FastEthernet <0-9>/<0-24> [ portfast ]
GigabitEthernet <0-9>/<0-24> [ portfast ]
Port-channel <1-6>
Vlan <1-4094> [ portfast ]
summary [ totals ]
vlan WORD
ssh
startup-config
tcp [ brief ]
tech-support
terminal
users
version
vlan [ brief | id <1-1005> | name WORD ]
vtp
counters
password
status
ssh
o
-l WORD [ WORD | -v [ 1 WORD | 2 WORD ] ]
-v [ 1 | 2 ] -l WORD WORD
telnet [ WORD ]
traceroute [ WORD ]
o
[ Protocol ] [ Target IP address ] [ Source address ] [ Numeric display ] [ Timeout in seconds ] [ Probe count ]
[ Minimum Time to Live ] [ Maximum Time to Live ]
undebug
all
ip icmp
sw-vlan
packets
vtp events
vlan database
Global Mode
access-list
<1-99>
<100-199>
[ deny | permit ] [ ahp | eigrp | esp | gre | icmp | ip | ospf ] [ A.B.C.D A.B.C.D | any | host A.B.C.D ] [ A.B.C.D A.B.C.D
| any | host A.B.C.D ]
A.B.C.D | gt <0-65535> | lt <0-65535> | neq <0-65535> | range <0-65535> <0-65535> ] [ eq <0-65535> | gt <0-65535> | lt <065535> | neq <0-65535< | range <0-65535> <0-65535> ]
remark LINE
banner motd LINE
boot system flash WORD
cdp run
clock timezone WORD <-23-23> [ <0-59> ]
do LINE exec command
enable
password
7 WORD
LINE
level set exec level password

end
exit
hostname WORD
interface
o
Ethernet <0-9>/<0-24>
Port-channel <1-6>
Vlan <1-1005>
range
Ethernet <0-9>/<0-24>
Vlan <1-1005>
ip
access-list
default-gateway A.B.C.D
dhcp
excluded-address [ A.B.C.D A.B.C.D ]
pool WORD
domain [ lookup | name WORD ]
domain-lookup
domain-name WORD
ftp
passive
password [ <0-7> | LINE ]
username WORD
host WORD A.B.C.D [ A.B.C.D ] [ A.B.C.D ]
name-server A.B.C.D
ssh
authentication-retries <0-5>
time-out <1-120>
version <1-2>
line
o
<0-16> [ <1-16> ]
console <0-0>
vty <0-15> [ <1-15> ]
logging
o
A.B.C.D
buffered <4096-2147483647>
console
host A.B.C.D
on
trap debugging
mac-address-table static H.H.H vlan <1-1005> interface

o
Ethernet <0-9>/<0-24>
no
o
access-list [ <1-99> | <100-199> ]
banner motd
boot system
cdp run
clock timezone
enable
password [ 7 WORD | level <1-15> ]
secret [ level <1-15> ]
hostname
interface
Port-channel <1-6>
Vlan <1-1005>
ip
access-list
default-gateway
domain [ lookup | name ]
domain-lookup
domain-name
ftp
passive
password
username
host WORD [ A.B.C.D ] [ A.B.C.D ] [ A.B.C.D ]
name-server
ssh
authentication-retries <0-5>
time-out <1-120>
version <1-2>
logging
A.B.C.D
buffered
console
host A.B.C.D
on
trap debugging
mac address-table static H.H.H vlan <1-1005> interface
Ethernet <0-9>/<0-24>
mls qos
port-channel load balance
privilege
configure
LINE
all
LINE
level <0-15>
level <0-15>
exec
LINE
all
LINE
level <0-15>
level <0-15>
interface
LINE
all
LINE
level <0-15>
level <0-15>
line
LINE
all
LINE
level <0-15>
level <0-15>
line
LINE
all
LINE
level <0-15>
level <0-15>
router
LINE
all
LINE
level <0-15>
level <0-15>
service
password-encryption
time stamps
debug [ datetime ] [ msec ]
log [ datetime ] [ msec ]
spanning-tree vlan WORD [ priority | root [ primary | secondary ] ]
username
vlan <1-1005>
vtp [ mode | password | version <1-2> ]
port-channel load-balance [ dst-ip | dst-mac | src-dst-ip | src-dst-mac | src-ip | src-mack ]
privilege
configure
LINE
all
LINE
level <0-15>
level <0-15>
exec
LINE
all
LINE
level <0-15>
level <0-15>
interface
LINE
all
LINE
level <0-15>
level <0-15>
line
LINE
all
LINE
level <0-15>
level <0-15>
router
LINE
all
LINE
level <0-15>
level <0-15>
service
o
password-encryption
timestamps [ debug | log ] [ datetime ] [ msec ]
spanning-tree
o
mode [ pvst | rapid-pvst ]
portfast default
vlan WORD [ priority <0-61440> | root [ primary | secondary ] ]
username WORD
o
password [ 0 | 7 ] LINE
privilege <0-15>
password [ 0 | 7 ] LINE
secret [ 0 LINE | 5 WORD | LINE ]

secret
vlan <1-1005>
vtp
domain WORD
mode
client
server
transparent
password WORD
version <1-2>
cdp enable
channel-group <1-6> mode [ active | auto | desirable | on | passive ]
channel-protocol [ lacp | bagp ]
description LINE
exit
mac-address H.H.H
mdix auto
mls qos
cos <0-7>
trust [ cos | device cisco-phone | dscp ]
no
o
cdp enable
channel-group
channel-protocol
description
duplex
mac-address
mdix auto
mls qos
cos <0-7>
trust [ cos | device cisco-phone | dscp ]
shutdown
spanning-tree
bpduguard
guard
link-type
portfast
vlan WORD port-priority
speed
storm-control broadcast level
switchport
access vlan
mode
native vlan
nonegotiate
port-security
mac-address
H.H.H
sticky [ H.H.H ]
maximum
violation
priority extend
trunk [ allowed | native ] vlan
voice vlan
tx-ring-limit
shutdown
spanning-tree
bpduguard [ disable | enable ]
guard root
link-type [ point-to-point | shared ]
portfast [ disable | trunk ]
vlan WORD port-priority <0-240>
speed [ 10 | 100 | 1000 | auto ] (10/100 options are only available for FastEthernet and GigabitEthernet interfaces and 10/100/1000
options are only available for GigabitEthernet interfaces respectively)
storm-control broadcast level <0.0-100.0>
switchport
o
access vlan <1-1005>
mode
access
dynamic [ auto | desirable ]
trunk
native vlan <1-1005>
nonegotiate
port-security
mac-address
H.H.H
sticky [ H.H.H ]
maximum <1-132>
violation [ protect | restrict | shutdown ]
priority extend cos <0-7>
trunk
allowed vlan
WORD
add <1-1005>
all
except <1-1005>
none
remove <1-1005>
native vlan <1-1005>
voice vlan <1-1005>
VLAN Interface Mode
description LINE
exit
ip
o
no
o
arp timeout
description
ip
address [ dhcp ]
shutdown
standby
<0-4095>
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Serial Ethernet <0-9>/<0-24>[.][<0-4294967295>]
ip A.B.C.D
ipv6 autoconfig
preempt
priority
preempt
priority
track
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Serial Ethernet <0-9>/<0-24>[.][<0-4294967295>]
shutdown
standby
<0-4095>
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Serial Ethernet <0-9>/<0-24>[.][<0-4294967295>]
ip A.B.C.D
ipv6 autoconfig
preempt
priority
preempt
priority
track
FastEthernet <0-9>/<0-24>[.][<0-4294967295>]
Serial Ethernet <0-9>/<0-24>[.][<0-4294967295>]
exit
name WORD The ascii name for the VLAN
no
name Ascii name of the VLAN
databits [ 5 | 6 | 7 | 8 ]
exec-timeout <0-35791> Timeout in minutes
exit
ipv6 access-class Filter connections based on an IPv6 access list
logging synchronous Synchronized message output
login [ local ]
motd-banner
no [ access-class [ <1-199> | <1300-2699> | WORD ] [ in | out ] | databits | flowcontrol | history size | ipv6 | login | motd-banner |
parity | password | speed | stopbits ]
password
o
7 WORD
LINE
privilege level Assign default privilege level for line
speed <0-4294967295>
stopbits [ 1 | 1.5 | 2 ]
transport output Define which protocols to use for outgoing connections
Rommon Mode
boot
dir flash:
flash_init
help
reset
set
unset variable
variable=value
Configuring ASA
The Config tab for the ASA offers four general levels of configuration: global, clientless vpn, switching, and interface. The global level, switching
and interface levels offer the same settings as a switch. Note that the Config tab provides an alternative to the CLI only for some simple, common
features; to access the full set of ASA commands that have been modeled you must use the CLI tab.
Throughout your configurations in the Config tab, the lower window will display the equivalent CLI commands for all your actions.
Global Settings, Algorithm Settings, VLAN Database, Interface

For these sections of the Config tab, please refer to the Switches page as they function similarly with the ASA config tab
Clientless VPN
Clientless SSL VPN (WebVPN) allows for limited but valuable secure access to the network from any location. A remote client needs only an SSLenabled web browser to access http- or https-enabled web servers.
The Bookmark Manager is modeled after ASDM (Adaptive Security Device Manager). A bookmark is similar to a web browser bookmark which
contains a name/title and an URL.
The User Manager provides a GUI interface allowing bookmarks to be assigned to valid users. The users are created using ASA CLI command
username. When a user accesses the ASA via a browser, the ASA prompts for the username and password. After the authentication, if the user was
assigned a bookmark, the bookmark will be show to the user allowing access to the corresponding URL.
ASA
Packet Tracer uses a simplified model of the Cisco Adaptive Security Appliance Software. Click on the CLI tab in the ASA configuration window to
access the Cisco command line interface. Use the Copy and Paste buttons to copy and paste text to and from the command line. This page lists the
command tree for Packet Tracer ASA. The tree contains only command chains that are supported in Packet Tracer.
User Mode
enable [ <0-15> ]
exit
logout
ping [ ip | ipv6 | WORD ]
quit
show
version
traceroute [ ip | WORD ]
Enable Mode
copy
disk0:
running-config
startup-config
tftp:
flash:
running-config
startup-config
tftp:
running-config
disk0:
flash:
startup-config
tftp:
startup-config
disk0:
flash:
running-config
tftp:
tftp:
disk0:
flash:
running-config
startup-config
dir
exit
logout
ping [ ip | ipv6 | WORD ]

tcp [ ip | ipv6 | WORD ]
reload
show
o
access-list
activation-key
arp
clock
crypto
isakmp [ sa ]
ipsec [ sa ]
map

dhcpd
binding all
state
disk0:
file system
flash:
interface
inside
outside
Ethernet <0>/<0-7>
Vlan [<1-4090>]
ip brief
ip address
ipv6
access-list
interface brief
neighbor
route
nat
ntp status
route
running-config
ssh
startup-config
switch vlan
version
vlan
xlate
traceroute [ ip | WORD ]
write [ erase | memory ]
Global Mode
aaa
authentication
ssh
console LOCAL
telnet
console LOCAL
access-group [ WORD ]
in [ interface ] [inside | outside ]
out [ interface ] [inside | outside ]
[ deny | permit ]
[ A.B.C.D A.B.C.D | any | host A.B.C.D | icmp A.B.C.D ]
[ icmp | icmp6 | object-group WORD | tcp | udp ]

[A.B.C.D A.B.C.D A.B.C.D | any A.B.C.D A.B.C.D | host A.B.C.D A.B.C.D | object WORD A.B.C.D A.B.C.D
[ echo | echo-reply | unreachable ]
extended
[ deny | permit ]

[A.B.C.D A.B.C.D A.B.C.D | any A.B.C.D A.B.C.D | host A.B.C.D A.B.C.D | object WORD A.B.C.D
A.B.C.D ]
class-map WORD
clock set hh:mm:ss [ MONTH | Day of Month] [ Day of Month | MONTH ] [ Year ]
configure terminal
crypto
ikev1
policy [ 1-65535 ]
enable [ inside | outside ]

ipsec
ikev1 transform-set WORD
[ esp-3des | esp-aes | esp-aes-192 | esp-aes-256 | esp-des | esp-md5-hmac | esp-sha-hmac] [ esp-md5-hmac |

esp-sha-hmac ]
key generate rsa modulus [ 1024 | 2048 | 512 | 768 ]
map WORD
interface [ inside | outside ]
<1-65535>
match address WORD
set
ikev1 transform-set [ WORD ]
peer [ A.B.C.D | X:X:X:X::X ] [ A.B.C.D | X:X:X:X::X ] [ A.B.C.D | X:X:X:X::X ]
dhcpd
o
address [ WORD ] [ inside | outside ]
auto-config [ inside | outside ]
dns [ Hostname | A.B.C.D ] interface [ inside | outside ]
domain [ WORD ] interface [ inside | outside ]
lease <300-1048575> [ inside | outside ]
domain-name [ WORD ]
enable password [ WORD ] [ encrypted | level <1-15> encrypted ]
end
exit
group-policy [ WORD ] [ attributes | internal ]
hostname WORD
http
o
[ WORD ] [ A.B.C.D ] [ inside | outside ]
enable
X:X:X:X::X/<0-128> [ inside | outside ]
interface
o
Ethernet <0>/<0-7>
Vlan <1-4090>
ipv6
access-list WORD
[ deny | permit ]
A.B.C.D ]
route [ inside | outside ] [ Hostname | X:X:X:X::X ] [ <1-255> ]
name [ A.B.C.D | X:X:X:X::X ] [ WORD ]
names
no
aaa
authentication
ssh
console LOCAL
telnet
console LOCAL
access-group [ WORD ]
in [ interface ] [inside | outside ]
out [ interface ] [inside | outside ]

[ deny | permit ]

A.B.C.D ]
extended
[ deny | permit ]

[A.B.C.D A.B.C.D A.B.C.D | any A.B.C.D A.B.C.D | host A.B.C.D A.B.C.D | object WORD
A.B.C.D A.B.C.D ]
class-map WORD
clock set hh:mm:ss [ MONTH | Day of Month] [ Day of Month | MONTH ] [ Year ]
configure terminal
crypto
ikev1
policy [ 1-65535 ]

ipsec
ikev1 transform-set WORD
[ esp-3des | esp-aes | esp-aes-192 | esp-aes-256 | esp-des | esp-md5-hmac | esp-sha-hmac] [ esp-md5hmac | esp-sha-hmac ]

key generate rsa modulus [ 1024 | 2048 | 512 | 768 ]
map WORD
interface [ inside | outside ]
<1-65535>
match address WORD
set
ikev1 transform-set [ WORD ]
peer [ A.B.C.D | X:X:X:X::X ] [ A.B.C.D | X:X:X:X::X ] [ A.B.C.D | X:X:X:X::X ]
dhcpd
address [ WORD ] [ inside | outside ]
auto-config [ inside | outside ]
dns [ Hostname | A.B.C.D ] interface [ inside | outside ]
domain [ WORD ] interface [ inside | outside ]
lease <300-1048575> [ inside | outside ]
domain-name [ WORD ]
end
exit
group-policy [ WORD ] [ attributes | internal ]
hostname WORD
http
[ WORD ] [ A.B.C.D ] [ inside | outside ]
enable

interface
Ethernet <0>/<0-7>
Vlan <1-4090>
ipv6
access-list WORD
[ deny | permit ]
[A.B.C.D A.B.C.D A.B.C.D | any A.B.C.D A.B.C.D | host A.B.C.D A.B.C.D | object WORD
A.B.C.D A.B.C.D ]
route [ inside | outside ] [ Hostname | X:X:X:X::X ] [ <1-255> ]
name [ A.B.C.D | X:X:X:X::X ] [ WORD ]
names
ntp
authenticate
server A.B.C.D [ key <0-4294967295> ]
trusted-key <1-4294967295>
object network [ WORD ]
object-group service [ WORD ]
tcp
tcp-udp
udp
passwd [ WORD ] encrypted
policy-map
WORD
type inspect dns WORD
route [ inside | outside ] [ Hostname | A.B.C.D ] [ Hostname | A.B.C.D ] [ Hostname | A.B.C.D ] [<1-255>]
service-policy [ WORD ] [ global | interface inside | interface outside ]
setup
ssh
WORD A.B.C.D [ inside | outside ]
timeout <1-1440>
telnet
timeout <1-1440>
tunnel-group [ WORD ]
general-attributes
ipsec-attributes
type [ ipsec-121 | remote-access ]
username [ WORD ] [ attributes | password WORD encrypted ]
webvpn
ntp
o
authenticate
server A.B.C.D [ key <0-4294967295> ]
trusted-key <1-4294967295>
object network [ WORD ]
object-group service [ WORD ]

o
tcp
tcp-udp
udp
passwd [ WORD ] encrypted
policy-map
o
WORD
type inspect dns WORD
route [ inside | outside ] [ Hostname | A.B.C.D ] [ Hostname | A.B.C.D ] [ Hostname | A.B.C.D ] [<1-255>]
service-policy [ WORD ] [ global | interface inside | interface outside ]
setup
ssh
o
timeout <1-1440>
telnet
o
timeout <1-1440>
tunnel-group [ WORD ]
o
general-attributes
ipsec-attributes
type [ ipsec-121 | remote-access ]
username [ WORD ] [ attributes | password WORD encrypted ]
webvpn
Ethernet Interface Mode
exit
ip
address
A.B.C.D A.B.C.D
dhcp
nameif [ WORD ]
security-level <0-100>
shutdown
switchport access vlan <1-4090>
VLAN Interface Mode
exit
forward
ip
address
A.B.C.D A.B.C.D
dhcp
ipv6
access-list [ WORD ] [ deny | permit ]
[A.B.C.D A.B.C.D | any A.B.C.D | host A.B.C.D | object WORD A.B.C.D ]
route
nameif [ WORD ]
security-level <0-100>
shutdown
exit
match
o
any
default-inspection-traffic
Group-policy Configuration Mode
exit
webvpn
vpn-tunnel-protocol ssl-clientless
Object Configuration Mode
host [ A.B.C.D | X:X:X:X::X ]
nat ( Open parenthesis for (<internal_if_name>,<external_if_name>) pair
subnet [ A.B.C.D A.B.C.D | X:X:X:X::X<0-128>]
Object-group Configuration Mode
port-object
o
eq [ domain | www | <0-65535> ]
range [ <0-65535> ] [ <0-65535> ]
Webvpn Configuration Mode
exit
Rommon Mode
address addr
boot args
clear
confreg value
dev
file name
gateway addr
help
history
interface name
reboot
reload
repeat arg
reset
server addr
set
show cmd
tftpdnld
unset varname
Configuring Linksys WRT300N

The Config tab offers two general levels of configuration: global and interface. To configure at the global level, click the GLOBAL button to expand
the Settings button (if it has not already been expanded). To configure an interface, click the INTERFACE button to expand the list of interfaces,
and then choose the interface.
Global Settings
In the global settings, you can change the Display Name of the Linksys WRT300N.
Algorithm Settings
In the Algorithm Settings, you can override the global Algorithm Settings by unchecking Global Settings and then set your own values for the
Half-Open Session Multiplier, Maximum Number of Connections, and Maximum Number of Opened Sessions.
Internet Interface Configuration

In the Internet settings, you can set the Internet port to automatically obtain IP configurations with DHCP, manually set IP configurations with the
Static setting, or configure PPPoE authentication.
LAN Interface Configuration

In the LAN settings, you can set the IP Address and Subnet Mask of the LAN interface.
Wireless Interface Configuration

In the Wireless settings, you can set the SSID, Channel, and Authentication. You may set the authentication to WEP, WPA-PSK, WPA2-PSK,
WPA, or WPA2. For WEP, you need to set the Key to a 10-digit hexadecimal value. For WPA-PSK and WPA2-PSK, the PassPhrase needs to be 863 ASCII characters long and the Encryption Type can be set to AES or TKIP. For WPA and WPA2, you need to enter the IP Address and Shared
Secret of the RADIUS server and then select AES or TKIP for the encryption type.
Linksys WRT300N: GUI

The GUI tab offers the same configurations and settings as the Config tab with some additional features for access restrictions, port forwarding,
DMZ access, administration, as well as router and network status. Make sure you click on the Save Settings button at the bottom to apply the new
settings to the Linksys WRT300N before going to any other tab.
Setup Configuration
In the Setup tab under the Basic Setup sub-tab, you can set the Internet Connection Type to either automatically obtain IP configurations with
Automatic Configuration - DHCP, manually set IP configurations with Static IP , or PPPoE. You can also set the LAN IP configurations and
DHCP server settings under the Network Setup section.
Wireless Configuration
On the Wireless tab under the Basic Wireless Settings sub-tab, the only settings you can change are the Network Name (SSID) and the Standard
Channel.
Under the Wireless Security sub-tab, you can set the Security Mode to Disabled, WEP, WPA Personal, WPA Enterprise, WPA2 Personal, or
WPA2 Enterprise. Depending on the security mode that you select, you will need to enter a WEP key, passphrase and encryption type for
WPA/WPA2 Personal, or the RADIUS server IP address, shared secret, and encryption type for WPA/WPA2 Enterprise.
Under the Wireless MAC Filter sub-tab, you can setup a wireless MAC address filter list to permit or prevent wireless clients from accessing the
wireless network. To setup the wireless MAC filter, set the wireless MAC filter to Enabled and then select whether you want the MAC filter to
prevent the listed clients from accessing the wireless network or to permit only the listed clients from being able to access the wireless network.
Afterwards, begin entering the MAC addresses of the clients that you want to include in the MAC filter and then click the Save Settings button.
Security Configuration
On the Security tab, there are no additional viewable sub-tabs and there are no parameters that you can edit.
Access Restrictions Configuration

On the Access Restrictions tab under the Internet Access Policy sub-tab, you can apply various access restrictions policies on the connected hosts.
To add a policy to the router, first select a policy you would like to edit from the Access Policy drop-down menu and then Enter a Policy Name for
the policy. Then, set the Status to Enabled. Next, click on the Edit List button and enter the host IP addresses you would like to apply the policy on
in the List of PCs dialog that shows up. After editing the list, click on Save Settings and Close inside the dialog. Back in the Linksys GUI, select
Deny to restrict all applications or select Allow for specific application access restriction. If you select Allow, you can choose up to three
applications to block. To block an application, select the application from the Applications list and click on the >> button to add it to the Blocked
List. To unblock an application, select the application from the Blocked List and click on the << button. If you want to remove a policy, select the
policy from the Access Policy drop-down menu and click Delete This Entry.
Applications & Gaming Configuration

In the Applications & Gaming tab under the Single Port Forwarding sub-tab, you can forward packets destined to specific ports to an IP Address.
To forward a port, select the appropriate application under the Application Name drop-down menu, enter the IP Address under the To IP Address
column to which you want the packets to be forwarded, and then click on the box under the Enabled column. To forward a custom port, enter an
application name and then enter the appropriate Externet Port, Internet Port, and Protocol. The Externet Port is the port to which the Linksys
router will listen from the WAN side. The Internet Port is the port on your local server to which the Linksys router will forward packets.
Under the DMZ sub-tab, you can set a specific host to have DMZ access. To do so, click on Enabled to enable the DMZ feature and then enter the IP
address of the host you want to have DMZ access.
Administration Management
In the Administration tab under the Management sub-tab, you can change the default password to access the router through the Linksys Web
Configuration using the Web Browser and toggle Remote Management. In addition to this, if you are logged in using the Linksys Web
Configuration, you can Backup and Restore Configurations.
Under the Factory Defaults sub-tab, the only available feature is Restore Factory Defaults. This will reset the configuration back to default
settings.
Under the Firmware Upgrade sub-tab, you can upgrade the firmware of the Linksys WRT300N. To upgrade the firmware, click on Browse, select a
valid firmware image from the dialog that shows up, and then click OK. Once you have selected a firmware, click on the Start to Upgrade button to
upgrade the firmware.
Status
On the Status tab under the Router sub-tab, you can view Router Information and Internet Connection configurations. You can Release and
Renew the IP address of the Internet port.
Under the Local Network sub-tab, you can view the Local Network and DHCP Server configuration. You can view the DHCP Client Table as
well.
Under the Wireless Network sub-tab, you can view the various wireless configurations on the router.
Configuring PCs, Laptops, Tablet PCs, and PDAs

You can configure the global settings and interface settings on the PC, laptop, tablet PC, and PDA end devices with the Config tab. Additionally, the
Desktop tab provides tools to configure IP settings, configure dial-up settings, use a terminal window, open a host command line interface, open a
web browser, configure Linksys wireless settings, establish a VPN connection, generate PDUs, and issue SNMP requests.
Global Settings
In the global settings, you can change the Display Name of the end device. You may set the end device to either automatically obtain IPv4 or IPv6
configurations with DHCP or manually set the Gateway and DNS Server with Static. For IPv6, Auto Config will automatically configure the
Gateway and DNS Server IP addresses.
Algorithm Settings
In the Algorithm Settings, you can override the global Algorithm Settings by removing the checkmark from Global Settings and then setting your
own values for the Maximum Number of Connections, Maximum Number of Opened Sessions, and Maximum Retransmission Timeout in
Milliseconds.
PCs and laptops support Ethernet (copper or fiber), modem, and wireless interfaces. On the tablet PC and PDA, only the wireless interface is
supported. In general, you can set the interface Port Status, Bandwidth, Duplex, MAC Address, SSID, IP Address, Subnet Mask, Link Local
Address, and IPv6 Address. These options vary slightly for each interface type.
IP Configuration Utility
On the Desktop tab, click the IP Configuration icon to bring up the configuration utility. If the end device is connected to a DHCP configured router
or server, you can use DHCP to automatically obtain the IP configuration by clicking on the DHCP button. Otherwise, you may use the Static button
to manually set the IP configuration.
Modem Dial-up Utility

On the Desktop tab, click the Dial-up icon to bring up the Dial-up utility. Before you can access the dial-up utility, the end device must have the
modem interface installed. As a result, only the PC and laptop devices are supported. You can establish a modem connection by connecting a PC or
laptop to a cloud that is connected to a router. The cloud acts like a phone company between the PC or laptop and the router. Several conditions must
be met before the connection can be successful:
The router has a modem, and you have established user name authentication on the router (using the Cisco IOS global configuration mode
command username WORD password LINE).
The modem ports on the cloud have valid phone numbers.
You entered the correct user name, password, and number to dial on the modem utility of the PC or laptop.
If all the requirements are met, click the Dial button to make the call. The status line (as well as link lights) will tell you if the connection is
successful. Note that you still must configure all relevant IP settings manually if you want to ping between the router and the PC or laptop. Use the
Disconnect button to terminate the connection at any time.
Terminal Utility
If the end device is connected to a router or a switch by a console connection (using the RS 232 port on the PC), use the Terminal application to gain
access to the Command Line Interface (CLI) of the device. In the Desktop tab, click the Terminal icon to bring up this utility. Choose the appropriate
port configuration parameters for the console session, and then click on the OK button. The Terminal window appears with the CLI of the device.
Command Prompt Utility
On the Desktop tab, click the Command Prompt button to bring up the command line utility. At the prompt, you can issue the following commands:
arp
delete
dir
ftp
help
ipconfig
ipv6config
netstat
nslookup
ping
snmpget
snmpgetbulk
snmpset
ssh
telnet
tracert
Web Browser Utility

On the Desktop tab, click the Web Browser button to bring up the web browser. The web browser allows you to access a web server or the Linksys
Web Configuration interface. If the end device is directly or indirectly connected to a server with HTTP service enabled, you can type in the IP
address of the server to access the website on the server. If the end device is connected to a properly configured DNS server, covered in another help
topic, you can type in the domain name of the server. If the end device is connected to a Linksys WRT300N wireless router, you can type in the IP
address of the Linksys WRT300N wireless router to access the Linksys Web Configuration. A prompt will appear asking for user name and password.
The default is admin for both user name and password.
PC Wireless Utility
On the Desktop tab, click the PC Wireless button to bring up the wireless client software. Note that the Linksys-WMP300N wireless hardware
module is required for access so only PCs and laptops are supported. In the Linksys wireless client software, you can check Link Information to
view wireless network status and statistics, Connect to any available Linksys wireless networks within range, and add/edit/delete Profiles to connect
to wireless routers not broadcasting their SSID.
VPN Utility
On the Desktop tab, click the VPN button to bring up the VPN client utility that allows you to create a VPN connection to a VPN server. To create a
VPN connection, enter the GroupName, Group Key, Host IP (Server IP), Username, Password, and then click on the Connect button. To
disconnect the VPN connection, click on the Disconnect button.
Traffic Generator Utility

The Traffic Generator utility is similar in functionality to the Add Simple PDU and Add Complex PDU tool in the Common Tools Bar, but with
some key differences. First of all, when you load a save file, packets are not sent automatically by a Traffic Generator. The Traffic Generator utility
must be open to generate traffic, although it can be minimized. Another key difference is that the Traffic Generator is unable to send multiple PDUs
simultaneously.
Visually, the Traffic Generator is similar to the Add Complex PDU dialog with some exceptions. Instead of a One Shot parameter, the Traffic
Generator has a Single Shot option. There is no field to enter a time value to send the PDU as the PDU will be sent the moment you click on the
Send button. With the Periodic option, when you click on the Send button, the Send button will become a Stop button and the dialog will become
gray. The Traffic Generator will then send a PDU at the interval that you entered. If you want to stop sending PDUs, click on the Stop button or close
the utility.
PDUs generated by the Traffic Generator are not added to the User Created PDU
Window. As such, if you want to see if the PDUs failed or were successful, you will need
to view the PDU's status in Simulation Mode.
MIB Browser Utility
On the Desktop tab, click the MIB Browser button to issue SNMP requests. This allows you to retrieve router and switch data or make changes to
the devices. To set up the MIB Browser for SNMP requests, click on the Advanced button and set the Address, Port, Read Community, and Write
Community that is configured on the router or switch. Then, select the desired SNMP Version and click the OK button. The next step is to browse
through the SNMP MIB tree and select the desired object instance (OID) for the router or switch. If you want to retrieve data, set Operations to
either Get or Get Bulk and then click on the Go button. The data for the OID will be shown in the Result Table. If you want to change a writable
OID, select Set in the Operations menu to reveal the SNMP Set dialog. In the SNMP Set dialog, select the appropriate Data Type for the OID, enter
a Value, and then click the OK button. Finally, click on the Go button in the main MIB Browser dialog to set the OID value.
Cisco IP Communicator Utility

On the Desktop tab, click the Cisco IP Communicator button to place or answer a call. To place a phone call, enter the number of the recipient
phone using the keypad and then click the Dial button. Alternatively, you may click the NewCall button or Speakerphone button first and then enter
the recipient's number. If you accidently enter an incorrect number, you may click the Cancel button to clear. Once the call has been placed, a
message will indicate that the phone is ringing on the recipient's phone. To answer a call with the Cisco IP Communicator, click the Answer button.
Once the recipient has answered the call, the status message will indicate that the Cisco IP Communicator is connected and a green light will show.
While the call is still active, click on the Do, Re, or Mi buttons to send the respective sounds to the recipient. A message stating that the sound is
playing will be displayed in case sound is disabled. To end the call, click the EndCall button. For the best possible experience while making calls, be
sure that Sound is enabled in Preferences.
If you want configure the Cisco IP Communicator to use a different TFTP server from the default TFTP server, follow these steps. On the upper
right-hand corner of the Cisco IP Communicator GUI, there are four buttons above the words "Cisco IP Phone." Click on the first button from the left
to open a context menu and then select Preferences. Select the option Use these TFTP Servers: and then enter the IP address of the TFTP server that
you wish to use.
Email Utility
On the Desktop tab, click the Email button to bring up the email client. On the first launch of the email client, you will need to configure the
parameters Your Name, Email Address, Incoming Mail Server, Outgoing Mail Server, User Name, and Password in order to send and receive
email. Once the email client has been configured, you may Compose, Receive, view, and Delete emails. If you need to change configuration, click
on the Configure Mail button to open the email configuration dialog.
PPPoE Dialer Utility

On the Desktop tab, click the PPPoE Dialer button to bring up the PPPoE Dialer utility. This utility allows you to establish a point-to-point
connection to a PPPoE server. To establish a PPPoE connection, enter the User Name and Password and then click on the Connect button. To
disconnect the PPPoE connection, click on the Disconnect button.
Text Editor Utility

On the Desktop tab, click the Text Editor icon to bring up the text editor. You can create New text files, Open existing text files, and Save text files
through the File menu in the text editor. There are no formatting choices available in the text editor.
Configuring Servers
The Config tab offers three general levels of configuration: global, services, and interface. To configure at the global level, click the GLOBAL
button to expand the Settings button (if it has not already been expanded). To configure services, click the SERVICES button to expand the list of
services, and then choose the service. To configure an interface, click the INTERFACE button to expand the interface, and then choose the interface.
Additionally, the Desktop tab provides tools to configure IP settings, open a host command line interface, and generate PDUs.
Global Settings
In the global settings, you can change the Display Name of the server. You may set the server to either automatically obtain IPv4 or IPv6
configurations by selecting the DHCP button or manually set the Gateway and DNS Server using the Static button. For IPv6, Auto Config will
automatically configure the Gateway and DNS Server IP addresses and Static allows the data to be manually supplied.
Algorithm Settings
In the Algorithm Settings, you can override the global Algorithm Settings by removing the checkmark from Global Settings and then setting your
own values for the Maximum Number of Connections, Maximum Number of Opened Sessions, and Maximum Retransmission Timeout in
Milliseconds.
HTTP Service Configuration

In the HTTP service configuration, you can edit the included HTML pages such as index.html, helloworld.html, and image.html using the
following supported HTML tags:
address
big
blockquote
body
br
center
cite
code
dd
dfn
div
dl
dt
em
font
h1
h2
h3
h4
h5
h6
head
hr
html
img
kbd
meta
li
nobr
ol
pre
qt
samp
small
span
strong
sub
sup
table
tbody
td
tfoot
th
thead
title
tr
tt
ul
var
Additionally, you can also add or remove HTML files from the server. When a PC accesses an HTML page on the server using the Web Browser, the
HTML page will load in the Web Browser.
DHCP Service Configuration

In the DHCP service configuration, you can set up a DHCP server with many different IP address pools. To add a DHCP pool, enter the Pool Name,
Default Gateway, DNS Server address, Starting IP address to lease, Subnet Mask, and the Maximum number of Users, then click Add. If you
want to make changes to an existing DHCP pool, select the pool from the list and edit the fields you want to make changes to, and then click Save. If
you want to remove a DHCP IP address pool from the server, select the pool from the list and click Remove.
The default DHCP pool serverPool cannot be modified or edited.
TFTP Service Configuration

In the TFTP service configuration, there are no parameters to set. The TFTP service contains a selection of IOS images that can be used to flash
routers and switches. If you want to remove an IOS image from the server, select the IOS image from the list and click Remove.
DNS Service Configuration

In the DNS service configuration, you can set up a DNS server to translate domain names with different types of resource records, which are basic
data elements in the Domain Name System. Packet Tracer currently supports four different types of resource records: Address (A), Canonical Name
(CNAME), SOA (Start of Authority), and NS (Name Server). An Address (A) record is the most common type of resource record where its core
functionality is to map a hostname to an IPv4 address. A CNAME record is used to specify that a domain name is an alias of another, canonical
domain name. An SOA record is used to specify authoritative information about a DNS zone, including the primary name server, the email of the
domain administrator, and several timers relating to refreshing the zone. An NS record is used to delegate a DNS zone to use a given authoritative
name server.
To add a resource record, enter the Name of the resource record, select a Type of resource record, and then enter all required fields pertaining to the
resource record such as Address for A Record, Host Name for CNAME, or Server Name for NS Record and then click Add. To modify an existing
resource record, select the resource record from the list, edit the fields you want to change, and then click Save when you are done. If you want to
remove a resource record, just select the resource record from the list and click Remove.
When you click on the DNS Cache button, you can view all of the queries cached by the DNS server. The cached queries will be retained on the
DNS server for a period of time (TTL) set on the record stored on the SOA DNS server.
SYSLOG Service Configuration

In the SYSLOG service configuration, there are no parameters to set. The SYSLOG service logs messages from routers and switches in the network.
For each entry, the Time, HostName, and the actual Message are logged in the server.
AAA Service Configuration

In the AAA service configuration, you can set up the server to be a RADIUS or TACACS server. To add a RADIUS or TACACS server, enter the
Client Name, Client IP, Secret key, select either Radius or Tacacs as the Type of AAA server, and then click on the + button. To remove a AAA
server, select the AAA server entry in the list and click on the - button. In addition to configuring the AAA server, you also need to add authorized
users. To add authorized users, enter the UserName and Password for the user and click on the + button. If you want to remove a user, select the user
from the list and click on the - button.
NTP Service Configuration

In the NTP service configuration, you can set up the server to be an NTP server so that the date and time on the configured routers and switches are
synchronized. By default, the date and time on the server is synchronized with your local machine. If you wish, you can manually set the time and
date by selecting the date on the calendar display and incrementing or decrementing the time display. You can also set up Authentication by clicking
on Enable and then entering a Key and Password.
Email Service Configuration

In the Email service configuration, you can set up the server to use the SMTP and/or POP3 protocol(s). To configure an email server, first enter a
Domain Name and then click the Set button. Next, enter a User name and Password then click the Add button to create an email account. To
change a password on an email account, select the desired email account from the list and click Change Password button. A dialog will appear
allowing you to enter the new password. To delete an email account, select the desired email account from the list and click the Delete button.
FTP Service Configuration

In the FTP service configuration, you can add and remove FTP accounts, modify FTP account permissions, and remove files from the FTP service.
To add an FTP account, enter a UserName and Password. Then, select which permissions you would like the user to have such as Write, Read,
Delete, Rename, and List. Finally, click the Add button to create the FTP account. To remove an FTP account, select the desired FTP account from
the list and click on the Delete button. If you want to remove files from the FTP service, select the desired file from the file list and click on the
Remove button.
Servers can support two interfaces. You can choose from Ethernet (copper or fiber), modem, or wireless interfaces. In general, you can set the Port
Status, Bandwidth, Duplex, MAC Address, IP Address, Subnet Mask, Link Local Address, and IPv6 Address. These options vary slightly for
each interface type.
IP Configuration Utility
On the Desktop tab, click the IP Configuration icon to bring up the configuration utility. If the end device is connected to a DHCP configured router
or server, you can use DHCP to automatically obtain the IP configuration by clicking on the DHCP button. Otherwise, you may use the Static button
to manually set the IP configuration.
Command Prompt Utility

On the Desktop tab, click the Command Prompt button to bring up the command line utility. At the command prompt, you can issue the following
commands:
arp
delete
dir
ftp
help
ipconfig
ipv6config
netstat
nslookup
ping
snmpget
snmpgetbulk
snmpset
ssh
telnet
tracert
Traffic Generator Utility

The Traffic Generator utility is similar in functionality to the Add Simple PDU and Add Complex PDU tool in the Common Tools Bar, but with
some key differences. The Traffic Generator utility is explained in detail in Configuring PCs, Laptops, Tablet PCs, and PDAs.
Text Editor Utility

On the Desktop tab, click the Text Editor icon to bring up the text editor. You can create New text files, Open existing text files, and Save text files
through the File menu in the text editor. There are no formatting choices available in the text editor.
Web Browser Utility

On the Desktop tab, click the Web Browser button to bring up the web browser. The web browser allows you to access a web server or the Linksys
Web Configuration interface. If the end device is directly or indirectly connected to a server with HTTP service enabled, you can type in the IP
address of the server to access the website on the server. If the end device is connected to a properly configured DNS server, covered in another help
topic, you can type in the domain name of the server. If the end device is connected to a Linksys WRT300N wireless router, you can type in the IP
address of the Linksys WRT300N wireless router to access the Linksys Web Configuration. A prompt will appear asking for user name and password.
The default is admin for both user name and password.
PPPoE Dialer Utility

On the Desktop tab, click the PPPoE Dialer button to bring up the PPPoE Dialer utility. This utility allows you to establish a point-to-point
connection to a PPPoE server. To establish a PPPoE connection, enter the User Name and Password and then click on the Connect button. To
disconnect the PPPoE connection, click on the Disconnect button.
VPN Utility
On the Desktop tab, click the VPN button to bring up the VPN client utility that allows you to create a VPN connection to a VPN server. To create a
VPN connection, enter the GroupName, Group Key, Host IP (Server IP), Username, Password, and then click on the Connect button. To
disconnect the VPN connection, click on the Disconnect button.
Configuring Clouds
The Config tab offers three general levels of configuration: global, connections, and interface. To configure at the global level, click the GLOBAL
button to expand the Settings button (if it has not already been expanded). To configure connections, click the CONNECTIONS button to expand
the list of connections, and then choose the connection. To configure an interface, click the INTERFACE button to expand the list of interfaces, and
then choose the interface.
Global Settings
The only global setting available for a cloud is its display name.
TV Settings
The TV Settings sub-panel allows you to manage TV images that would be displayed on a connected TV end device. To add a TV image, click the
Browse button and select an image. It is recommended that you use .PNG graphics. Afterwards, click the Add button to add the image to the list of
TV images. To remove a TV image, select the TV image from the list and click the Remove button.
Connection Settings
You can use the Frame Relay sub-panel to establish Frame Relay connections between sub-links on the ports of the cloud. Configure DLCIs on the
serial interfaces first, explained in a later section. Then, from the left Port drop down menu, choose a port and in the Sublink drop down menu, one
of its sub-links. Then from the right Port drop down menu, choose another port and one of its sub-links. Click the Add button to make a connection
between those two sub-links. The connection will now appear on the list. You can remove a connection from the list with the Remove button.
You can also use the DSL or Cable sub-panel to establish connections between modem ports (for DSL) or coaxial ports (for Cable) on the cloud to
the Ethernet ports on the cloud. To establish a DSL connection, choose the appropriate modem port on the left-side drop down menu and on the rightside drop down menu choose an Ethernet port, which has its Provider Network set to DSL. Click the Add button to make the connection. You can
remove a connection from the list with the Remove button. To establish a Cable connection, choose the appropriate coaxial port on the left-side drop
down menu and on the right-side choose an Ethernet port which has its Provider Network set to Cable.
Clouds can support four interface types: modem, Ethernet, coaxial, and serial. For a modem port, you can set a Phone Number, which another
device with a modem port can dial. For an Ethernet port, you can set the Provider Network to either DSL or Cable. For a coaxial port, there are no
settings to configure. For a serial port, you can toggle its Port Status, choose an LMI (ANSI, Cisco, or Q933a), and assign DLCIs to the interface.
To add a DLCI, enter an identifying number and a name for it, and then click the Add button to add it to the list. You can remove a DLCI from the
port with the Remove button.
Configuring Other Devices

The configuration options for all other devices are relatively simple. In general, you can change their display names in their global settings sub-panel
and make changes to basic settings on each interface.
Bridges
A bridge is basically a simplified two-port switch. It does not have VLAN or trunking functions. The available settings for its two Ethernet ports are
Port Status, Bandwidth, and Duplex.
Repeaters
A repeater is a simple two-port device that regenerates the signal it receives on one port and forwards it out the other port. Its port settings cannot be
modified.
Hubs
A hub is a multiport repeater that regenerates the signal it receives on one port and forwards it out all other ports except the incoming port. Its port
settings cannot be modified.
Coaxial Splitter
A coaxial splitter is a simple three-port device that splits the signal so that multiple devices can connect to the same coaxial line.
Access Points
An access point is modeled as a repeater with one wireless port and one Ethernet port. In the settings for the wireless port, you can toggle the Port
Status, set the SSID, Channel, and Authentication. You may set the authentication to WEP, WPA-PSK, or WPA2-PSK. For WEP, you need to set
the Key to a 10-digit hexadecimal value. For WPA-PSK and WPA2-PSK, the PassPhrase needs to be 8-63 ASCII characters long and the
Encryption Type can be set to AES or TKIP. The available settings for an access point's Ethernet port are Port Status, Bandwidth, and Duplex.
Printers
The printer has the same configuration options as a PC excluding Algorithm Settings and desktop utilities.
7960
The 7960 IP Phone does not have any configurable options. In the GUI tab, you can place a call, answer a call, and send Do, Re, and Mi notes to the
recipient phone. To place a call enter the recipient's line number first using the keypad and then click on the handset to dial out. Alternatively, you
can pickup the handset first and then dial the number to place a call. To answer a phone call on the analog phone, click on the handset when the
phone is ringing. While the line is connected, you can send Do, Re, or Mi to the recipient by pressing the respective buttons. In order to hear the
sounds, be sure Sound is enabled in Preferences. To end a call, click on the handset.
Home VoIP
The Home VoIP only has Server Address configuration.
Analog Phone
The Analog Phone does not have any configurable options. In the GUI tab, you can place a call, answer a call, and send Do, Re, and Mi to the
recipient phone just like on the 7960 IP Phone.
TV
The TV can only be turned on or off.
Wireless End Device

The wireless end device has the same configuration options as a wireless PC excluding the Desktop tab utilities. However, the Wireless End Device
has a GUI tab which includes an IP Config and Traffic Generator utility that works equivalently to the PC's Desktop variant. The Wireless End
Device also has an HTML tab that allows you to manually edit the GUI tab using HTML and it also allows you to optionally lock the HTML with a
password.
Wired End Device

The wired end device features the same configuration options as the wireless end device except that it has a FastEthernet interface.
DSL Modem
The DSL modem does not have any configuration options.
Cable Modem
The cable modem does not have any configuration options.
Keyboard Shortcuts
Many actions in Packet Tracer are keyboard-accessible for your convenience. In addition to key combinations, the following keys deserve extra
attention:
Alt: Press this key to activate the Menu Bar options. Press Alt plus the underlined letter in the in the menu bar to open the menu. Then press
the underlined letter in the command name that you want. In fact, whenever you see an underlined letter in any option or dialogue, you can press
that key to select it.
Ctrl: Use this key to quickly create multiple devices and connections. Press and hold the Ctrl key, choose a specific device or a connection
type, and then release the key. You can now quickly place multiple instances of that device on the workspace or make multiple connections of
that type between devices. Alternatively, you can press and hold the Ctrl key and drag a device on the workspace to duplicate the device. The
Ctrl key can also be used to prevent windows from docking (press and hold the key as you drag a window).
Shift: Use this key with the mouse to select multiple objects. Press and hold the Shift key, click and drag the cursor to draw a selection
rectangle around the objects you want to select, and then release the key. Alternatively, you can hold Shift, click on all the devices you want to
select, and then release the key. You can move the selected objects as one unit. You can also delete them with the Del key.
Esc: This key is a shortcut to the Select tool in the Common Tools Bar. It also serves as a "cancel" key. It closes certain pop-up windows or
cancels/stops the current action (e.g., continuously placing devices or continuously making connections).
Shortcut
Ctrl + N
Ctrl + O
Ctrl + Shift + T
Ctrl + S
Ctrl + Shift + S
Ctrl + Alt + Z
Ctrl + P
Alt + F4
Action
Start a New network.
Open an existing network.
Open Samples.
Save the current network.
Save the current network to a different name and/or directory (Save As).
Save As Pkz.
Print the current network.
Exit Packet Tracer.
Ctrl + C
Ctrl + V

Ctrl + Z
Ctrl + Shift + Z

Ctrl + R
Ctrl + Shift + U
Ctrl + Shift + M
View Preferences.
Open the User Profile dialog.
Open the Algorithm Settings dialog.
Ctrl + I
Ctrl + T
Ctrl + U
Ctrl + Shift + A
Ctrl + Shift + R
Ctrl + Shift + B
Zoom In to the workspace.

Reset the zoom of the workspace.
Zoom Out of the workspace.
Open/Close Main Toolbar.
Open/Close Right Toolbar.
Open/Close Bottom Toolbar
Ctrl + D
Open the drawing Palette.
Ctrl + W
Ctrl + Alt + L
Ctrl + Alt + P
Ctrl + Alt + Y
Ctrl + Alt + G
Ctrl + Shift + C
Ctrl + Shift + Q
Ctrl + Shift + J
Ctrl + Shift + K
Run the Activity Wizard.

For Multiuser Extensions, do Listen.
For Multiuser Extensions, do Port Visibility.
For Multiuser Extensions, do Options.
For Multiuser Extensions, do Save Offline Copy As.
For IPC, do Config Apps.
For IPC, do Show Active Apps.
For IPC, do Options.
For IPC, do Log.
Shift + L
Shift + P
Shift + R
Shift + S
Switch to Logical Workspace.

Switch to Physical Workspace.
Switch to Realtime Mode.
Switch to Simulation Mode.
Shift + U
Shift + M
Shift + I
Shift + V
For Logical Workspace, click New Cluster button.

For Logical Workspace, click Move Object button.
For Logical Workspace, click Set Tiled Background button.
For Logical Workspace, click Viewport button.
Shift + N
Shift + C
Shift + B
Shift + W
Shift + G
Shift + H
For Physical Workspace, open Navigation Panel.

For Physical Workspace, create New City.
For Physical Workspace, create New Building.
For Physical Workspace, create New Closet.
For Physical Workspace, show Grid.
For Physical Workspace, open Working Closet.
Alt+S
Alt+D

Click the Fast Forward Time button.
Alt + B
Alt + I
In Simulation mode, click Back button.

In Simulation mode, click Show Event List button.
Ctrl + Alt + R
Ctrl + Alt + S
Ctrl + Alt + U
Ctrl + Alt + W
Ctrl + Alt + O
Ctrl + Alt + V
Ctrl + Alt + N
Ctrl + Alt + T
Ctrl + Alt + M
Ctrl + Alt + i
Show Router devices in the Device Specific Box.

Show Switch devices in the Device Specific Box.
Show Hub devices in the Device Specific Box.
Show Wireless devices in the Device Specific Box.
Show Connection types in the Device Specific Box.
Show End Devices in the Device Specific Box.
Show WAN Emulation devices in the Device Specific Box.
Show Custom Made Devices in the Device Specific Box.
Show Multiuser Connection in the Device Specific Box.
Add the ith device in the Device Specific Box to the Workspace.
Space
Enter
Ctrl + Up Arrow
Ctrl + Down Arrow
Ctrl + Right Arrow
Ctrl + Left Arrow
Select device.
Show Device Dialog for selected device.
Move selected devices upwards.
Move selected devices downwards.
Move selected devices to the right.
Move selected devices to the left.
Ctrl + Shift + I
Ctrl + Shift + N
Ctrl + Shift + D
Ctrl + Shift + O
Open Scenario Description.

New Scenario.
Delete Scenario.
Toggle PDU List Window.
Ctrl + Insert
Shift + Insert
Copy text in CLI console/Cmd Prompt.

Paste text in CLI console/Cmd Prompt.
Esc
M
N
Delete
I
Alt+R
P
C
Choose the Select tool.

Choose the Move Layout tool.
Choose the Place Note tool.
Choose the Delete tool. If you have selected multiple objects, pressing Delete will delete them.
Choose the Inspect tool.
Choose the Resize tool.
Click the Add Simple PDU button.
Click the Add Complex PDU button.
Ctrl + N
Ctrl + O
Ctrl + S
New Text Editor File (Valid in PC Desktop and Server Desktop)

Open an existing Text Editor File (Valid in PC Desktop and Server Desktop)
Save the current Text Editor File (Valid in PC Desktop and Server Desktop)
Keyboard Shortcuts
Many actions in Packet Tracer are keyboard-accessible for your convenience. In addition to key combinations, the following keys deserve extra
attention:
Alt: Press this key to activate the Menu Bar options. Press Alt plus the underlined letter in the in the menu bar to open the menu. Then press
the underlined letter in the command name that you want. In fact, whenever you see an underlined letter in any option or dialogue, you can press
that key to select it.
Ctrl: Use this key to quickly create multiple devices and connections. Press and hold the Ctrl key, choose a specific device or a connection
type, and then release the key. You can now quickly place multiple instances of that device on the workspace or make multiple connections of
that type between devices. Alternatively, you can press and hold the Ctrl key and drag a device on the workspace to duplicate the device. The
Ctrl key can also be used to prevent windows from docking (press and hold the key as you drag a window).
Shift: Use this key with the mouse to select multiple objects. Press and hold the Shift key, click and drag the cursor to draw a selection
rectangle around the objects you want to select, and then release the key. Alternatively, you can hold Shift, click on all the devices you want to
select, and then release the key. You can move the selected objects as one unit. You can also delete them with the Del key.
Esc: This key is a shortcut to the Select tool in the Common Tools Bar. It also serves as a "cancel" key. It closes certain pop-up windows or
cancels/stops the current action (e.g., continuously placing devices or continuously making connections).
Shortcut
Ctrl + N
Ctrl + O
Ctrl + Shift + T
Ctrl + S
Ctrl + Shift + S
Ctrl + Alt + Z
Ctrl + P
Alt + F4
Action
Start a New network.
Open an existing network.
Open Samples.
Save the current network.
Save the current network to a different name and/or directory (Save As).
Save As Pkz.
Print the current network.
Exit Packet Tracer.
Ctrl + C
Ctrl + V
Ctrl + Z
Ctrl + Shift + Z

Ctrl + R
Ctrl + Shift + U
Ctrl + Shift + M
View Preferences.
Open the User Profile dialog.
Open the Algorithm Settings dialog.
Ctrl + I
Zoom In to the workspace.
Ctrl + T
Ctrl + U
Ctrl + Shift + A
Ctrl + Shift + R
Ctrl + Shift + B
Reset the zoom of the workspace.

Zoom Out of the workspace.
Open/Close Main Toolbar.
Open/Close Right Toolbar.
Open/Close Bottom Toolbar
Ctrl + D
Open the drawing Palette.
Ctrl + W
Ctrl + Alt + L
Ctrl + Alt + P
Ctrl + Alt + Y
Ctrl + Alt + G
Ctrl + Shift + C
Ctrl + Shift + Q
Ctrl + Shift + J
Ctrl + Shift + K
Run the Activity Wizard.

For Multiuser Extensions, do Listen.
For Multiuser Extensions, do Port Visibility.
For Multiuser Extensions, do Options.
For Multiuser Extensions, do Save Offline Copy As.
For IPC, do Config Apps.
For IPC, do Show Active Apps.
For IPC, do Options.
For IPC, do Log.
Shift + L
Shift + P
Shift + R
Shift + S
Switch to Logical Workspace.

Switch to Physical Workspace.
Switch to Realtime Mode.
Switch to Simulation Mode.
Shift + U
Shift + M
Shift + I
Shift + V
For Logical Workspace, click New Cluster button.

For Logical Workspace, click Move Object button.
For Logical Workspace, click Set Tiled Background button.
For Logical Workspace, click Viewport button.
Shift + N
Shift + C
For Physical Workspace, open Navigation Panel.

For Physical Workspace, create New City.
Shift + B
Shift + W
Shift + G
Shift + H
For Physical Workspace, create New Building.

For Physical Workspace, create New Closet.
For Physical Workspace, show Grid.
For Physical Workspace, open Working Closet.
Alt+S
Alt+D

Click the Fast Forward Time button.
Alt + B
Alt + I
In Simulation mode, click Back button.

In Simulation mode, click Show Event List button.
Ctrl + Alt + R
Ctrl + Alt + S
Ctrl + Alt + U
Ctrl + Alt + W
Ctrl + Alt + O
Ctrl + Alt + V
Ctrl + Alt + N
Ctrl + Alt + T
Ctrl + Alt + M
Ctrl + Alt + i
Show Router devices in the Device Specific Box.

Show Switch devices in the Device Specific Box.
Show Hub devices in the Device Specific Box.
Show Wireless devices in the Device Specific Box.
Show Connection types in the Device Specific Box.
Show End Devices in the Device Specific Box.
Show WAN Emulation devices in the Device Specific Box.
Show Custom Made Devices in the Device Specific Box.
Show Multiuser Connection in the Device Specific Box.
Add the ith device in the Device Specific Box to the Workspace.
Space
Enter
Ctrl + Up Arrow
Ctrl + Down Arrow
Ctrl + Right Arrow
Ctrl + Left Arrow
Select device.
Show Device Dialog for selected device.
Move selected devices upwards.
Move selected devices downwards.
Move selected devices to the right.
Move selected devices to the left.
Ctrl + Shift + I
Open Scenario Description.
Ctrl + Shift + N
Ctrl + Shift + D
Ctrl + Shift + O
New Scenario.
Delete Scenario.
Toggle PDU List Window.
Ctrl + Insert
Shift + Insert
Copy text in CLI console/Cmd Prompt.

Paste text in CLI console/Cmd Prompt.
Esc
M
N
Delete
I
Alt+R
P
C
Choose the Select tool.

Choose the Move Layout tool.
Choose the Place Note tool.
Choose the Delete tool. If you have selected multiple objects, pressing Delete will delete them.
Choose the Inspect tool.
Choose the Resize tool.
Click the Add Simple PDU button.
Click the Add Complex PDU button.
Ctrl + N
Ctrl + O
Ctrl + S
New Text Editor File (Valid in PC Desktop and Server Desktop)

Open an existing Text Editor File (Valid in PC Desktop and Server Desktop)
Save the current Text Editor File (Valid in PC Desktop and Server Desktop)
Time Constants
Packet Tracer uses the following time constants:
RIP/RIPv6 default update
RIP/RIPv6 default timeout
RIP/RIPv6 default flush timeout
RIP/RIPv6 default hold-down
30 secs
3 mins
4 mins
3 mins
MAC table entry timeout
5 mins
ARP request timer

ARP table entry timeout
2 secs
4 hrs
CDP update timer

CDP neighbor hold-down timer
1 min
3 mins
DHCP client timeout
5 secs
CSMA/CD waiting time to resend
random
LMI timeout
LMI signaling
Inverse ARP
15 secs
5 secs
30 secs
HDLC keepalive
HDLC timeout
5 secs
15 secs
NAT/NAT-PT entries timeout

NAT/NAT-PT entry encapsulated in a UDP
NAT/NAT-PT entry encapsulated in a TCP
NAT/NAT-PT entry encapsulated in a ICMP
Depends on the encapsulation protocol

5 mins
24 hrs
1 min
CHAP timeout
CHAP re-authenticate timeout
5 secs
10 secs
DIALING no answer timeout

DIALING no dial tone timeout
5 secs
2 secs
PPP keepalive interval

Timeout
5 secs
15 secs
EIGRP/EIGRPv6 Hello time interval period

EIGRP/EIGRPv6 Hold time interval period
5 secs
15 secs
ICMP
1 ms
STP Max Age
20 secs
STP Hello
STP Forward Delay
STP Topology Change Notify Timer
STP Topology Change Timer
2 secs
15 secs
2 secs
35 secs
RSTP Migration Delay Timer
3 secs
OSPF/OSPFv3 SPF Hold Time

OSPF/OSPFv3 LS Refresh Time
OSPF/OSPFv3 SPF Delay Timer
OSPF/OSPFv3 LSA Retransmission Time
OSPF/OSPFv3 minimum LSA Arrival Time
OSPF/OSPFv3 Delayed Acknowledgment Timer
OSPF/OSPFv3 Dead Interval
OSPF/OSPFv3 Hello
OSPF/OSPFv3 Wait Interval
10 secs
30 mins
5 secs
5 secs
1 sec
2.5 secs
40 secs
10 secs
40 secs
TCP Connection Timeout

TCP Initial Retransmission Timeout
TCP Min Retransmission Timeout
TCP Max Retransmission Timeout
TCP Inactivity Timeout
TCP Close Timeout
60 secs
300 msec
50 msec
1000 msec (1 sec)
1 hour
10 secs
DNS Request Timeout
3 secs
DHCP Timeout
DHCP Discovery Timeout
5 secs
55 secs
DTP Hello
30 secs
DTP Timeout
5 mins
Password Timeout
30 secs
ND Neighbor Request Timer

ND Neighbor Stale Timer
ND Neighbor Timeout Timer
ND Router Solicitation Interval
ND Router Advertisement Interval
2 secs
30 secs
4 hrs
4 secs
<= 16 secs
DHCPv6 Solicitation Timeout

DHCPv6 Request Timeout
1 sec
1 sec
LACP Initial Advertise Interval

LACP Advertise Interval
LACP Peer Timeout
1 sec
30 secs
90 secs
PAgP Initial Advertise Interval

PAgP Advertise Interval
PAgP Peer Timeout
1 sec
30 secs
90 secs
NTP Update Time
5 min
IKE Peer Default Timer

IPSec Peer default timer
86400 sec
3600 sec
CBAC/Zone Based TcpSyn Wait time

CBAC/Zone Based TcpFin wait time
CBAC/Zone Based Tcp Idle time
CBAC/Zone Based Udp Idle time
30 sec
5 sec
3600 sec
30 sec
CBAC/Zone Based Dns Timeout

CBAC/Zone Based Icmp Timeout
5 sec
10 sec
Outside Nat Udp time out value

Outside Nat Tcp time out value
Outside Nat Icmp time out value
Outside Nat Standard time out value
300 sec
86400 sec (24hr)
60 sec
86400sec (24 hr)
SNMP Request Timeout
10 sec
Voip Rtp keepAlive time

Voip Rtp keepAlive wait time
Voip Sccp keepAlive timer
Voip Sccp retry timer
15 sec
90 sec
30 sec
10 sec
PPPoE reset keepAlive time

PPPoE authentication failed timer
PPPoE keep alive timer
PPPoE linksys connect timer
PPPoE linksys timeout timer
30 sec
10 sec
10 sec
30 sec
30 sec
BGP hold down timer

BGP connect retry timer
BGP keep alive timer
180 sec
60 sec
60 sec
Modeling in Packet Tracer

Packet Tracer simulates the behavior of real networks and devices using models. As with all simulations, the program is inherently limited by
modeling decisions. The following pages describe how protocols, features, and functions are modeled in Packet Tracer. Refer to these models if you
find discrepancies between real-world situations and Packet Tracer simulations. Packets captured from real networks remain the benchmark for
understanding networking protocols and devices. You are encouraged to compare and contrast the behavior of the protocol and device models used in
Packet Tracer with such captured packet data from real networks.
Layer 1 Models
How hubs process frames
When a hub receives a frame (flowchart here):
If two or more ports receive frames at the same time, a collision occurs and the hub forwards a jam signal to all ports.
If one port receives a frame, the hub forwards the frame to all ports except the receiving port.
How repeaters process frames

When a repeater receives a frame:
The repeater forwards the frame to the other port.
How Wireless is modeled

Packet Tracer models only certain aspects of the wireless protocols.
Wireless A, B, G, and N are supported.
Infrastructure wireless mode is supported. Ad-hoc is not supported.
Authentication methods are none and WEP. WEP requires a 10 digit hex key. The authentication method and configuration must match on
both the wireless client and wireless server in order for them to be associated.
An antenna's coverage area is set to a specific area and cannot be changed. The signal strength based on distance is not calculated modeling
real physics.
Layer 2 Models
How switches process incoming frames
When a switch receives a frame (flowchart here):
It compares the receiving port's type (trunk or access) to the frame's format.
It drops the frame if (any):
The port is an access port while the frame has a Dot1q encapsulation format.
The port is a trunk port and the frame is not a Dot1q frame.
Otherwise, continue to process the frame.
It drops the frame if the receiving port is a blocking port and the frame is not an STP frame.
It determines which VLAN the frame is destined.

If the receiving port is a trunk (and so the frame is a Dot1q frame):
It gets the frame's destination VLAN number from the VLAN tag in the Dot1q header.
It checks if the switch itself has that particular VLAN configured.

If that VLAN is configured, it refers to that VLAN's MAC table:
If the frame's source MAC address is in the MAC table, it resets the entry's timer.
If not, it creates a new MAC entry in the table and starts a timer for it. When the timer expires (5 min), it
removes the entry.
If that VLAN is not configured, the switch broadcasts the frame to all trunk ports (except the receiving port) that allow
that VLAN number.
If the receiving port is an access VLAN (the frame is destined for that VLAN), it continues to process it. It sends it to a higher process
if (any):
The frame is an STP frame.
The frame's destination MAC address is a CDP multicast address.
The frame's destination MAC address is a broadcast MAC address.
The frame's destination MAC address matches the active VLAN interface's MAC address.
How switches send frames

When a switch wants to send a frame (flowchart here):
If the frame came from a higher-level process:

It checks if the outgoing port is up.
If outgoing port is up, send the frame out.
If outgoing port is not up:
It tries to find the active VLAN interface that is up, and then sends it out that interface.
If it cannot find such an interface, it finds the first VLAN that is allowed in the trunk that is configured on the switch.
If it can find such an interface, it encapsulates the frame with a Dot1q header with that VLAN number tag and
sends it out to the trunk.
If no such trunk is configured, it drops the frame.
If the frame came from a same-level process:
If the outgoing port is not up (not configured), it drops the frame. Otherwise, it continues the process
It checks if the frame's destination MAC address is a unicast. If so:

o
If the outgoing port is the same as the incoming port, it drops the frame.
If the outgoing port is not the incoming port:

If the outgoing port is a trunk port:
If the frame is a Dot1q frame:
If the trunk port allows the tag in the frame, it sends the frame.
If the trunk port does not allow the frame's tag, it drops the frame.
If the frame is not a Dot1q frame:
If the trunk port allows the VLAN that the frame is destined for:
The switch encapsulates the Ethernet frame with a Dot1q header and sends it out the trunk port.
If the trunk port does not allow the VLAN that the frame is destined for, it drops the frame.
If the outgoing port is an access port:
If the frame is a Dot1q frame:
If the frame's tag is the same as the port's VLAN, it de-encapsulates the frame (to an Ethernet frame) and sends
it out.
If the frame's destination tag is different from the port's VLAN number, it drops the frame.
If the frame is a regular Ethernet frame:
If the receiving port's VLAN is the same as the outgoing port's VLAN, it forwards the frame.
If not, it drops the frame.
If the frame's destination MAC address is a multicast address:

For each and every port (trunk and access):
It checks if the destination VLAN is allowed in that port. If so, it sends the frame out that port with the appropriate format (see
the unicast frame sending logic).
If the destination VLAN is not allowed, or if the port is the same as the receiving port, the switch will not forward the frame
out that port.
How CSMA/CD is modeled

Packet Tracer models only certain aspects of the CSMA/CD process.
Packet Tracer does not implement the process where each station continuously senses the channel.
The program assumes that if a jam signal is not received, the medium is available for transmission.
The program does not fragment a CPDU. Therefore, the Ethernet process only has to remember the previous PDU in the case of
retransmission due to collision.
The program does not implement the propagation time t from one end of a medium to the other. This forces all frames to take 2t to send.
The program implements the binary exponential back-off algorithm (IEEE 802.3):
o
In the first collision, each station chooses either the 0 or the 1 slot time.
In the event of a second collision, each station picks from four possible slot times: 0, 1, 2, 3.
In the event of a third collision, each station randomly chooses a slot time from 0 to (2^3 - 1), or 0 to 7.
In the event of further collisions (from the 4th to the 15th collision), each station randomly chooses a slot time from 0 to (2^i - 1),
where i is the number of collisions.
The frame is discarded after the 16th retry
How switches utilize Spanning Tree Protocol (STP)
The STP is a technology that allows switches and bridges to communicate with each other to prevent loops in the network.
When a switch/bridge is added to a network, it sends out Bridge Protocol Data Units (BPDU) announcing itself as root.
If the switch/bridge has the lowest ID, it becomes the root.
The root marks its ports as designated ports.
Non-root switches/bridges mark the port closest to the root as root port. Every non-root switch/bridge will select one root port.
Each segment of the network will elect one designated port:
If the port has the lowest root ID, it becomes the designated port.
If the port has the lowest path cost to the root, it becomes the designated port.
If the port has the lowest send ID, it becomes the designated port.
If the port has the lowest port ID, it becomes the designated port.
Ports not marked as root or designated are marked as blocked. Additionally, in RSTP mode, if a port on a switch is connected to the switch
itself, it is marked as a backup port, otherwise it is marked as an alternate port.
The root bridge in the STP will periodically send BPDUs out while non root bridges will forward these frames when it is received.
In the RSTP, all bridges periodically send BPDUs out with their current information.
When a switch receives a STP frame (flowchart here):
If STP is disabled on that port, it drops the frame.
If the switch is running the RSTP, it starts the migration delay timer.
If the migration delay has expired, change the port to run in the STP mode.
STP checks the frame type.

If the frame type is configuration BPDU:
If the frame does not contain superior information, the switch drops the frame. The information is superior if it contains lower
root ID, lower root path cost, lower bridge ID, or lower port ID.
Records the superior information and selects new root bridge and designated port if necessary. If the device was the root, sends
a TCN BPDU through the root port.
If the BPDU is received on the root port, forward the frame out through designated ports.
If the frame type is Topology Change Notification (TCN) BPDU:
If the frame is received on a non-designated port, the switch drops the frame.
If the device is the root, the switch sets topology change flag to true in the BPDU.
If the device is not the root, the switch forward the frame out through root port.
When a switch receives a RSTP frame (flowchart here):
If the switch is running the STP, it drops the frame.
If the frame is an agreement frame, set the port to forwarding state and make it designated.
If the frame contains superior information:

o
If the port has root guard enabled, block this port and mark it as inconsistent.
Otherwise:
If the frame is from myself, block this port and mark it as a backup port.
Otherwise make the received port the new root port and block all other non edge ports.
Send out a reply with the same information as the received BPDU but with the agreement flag set.
If the frame contains inferior information:

o
If the information is from our root port, check for a better root port.
Otherwise:
If my root path cost is lower than the received root path cost, set my port to be designated forwarding.
If my root path costs are the same:
If my bridge ID is lower than the received bridge ID, set my port to be designated forwarding.
If my bridge ID is the same as the received bridge ID:
If my port ID is lower than the received port ID, set my port to be designated forwarding.
If my port ID is higher than the received port ID, set my port to be backup blocking.
Otherwise set my port to be alternate blocking.
How port security works

When switch receives a frame (flowchart here):
If port security is on and the receiving port is not in dynamic mode port security processes the frame.
o
It sets the last source MAC address and VLAN on the port from the received frame information.
If any Mac entry exists with the same source MAC address:
If the interface of the MAC entry is the same as the receiving interface and same VLAN as the receiving interface, the frame
passes port security.
Otherwise
If the MAC entry is a dynamic entry then removes the dynamic entry and:
If the maximum allowed secure MAC addresses is reached it drops the frame and goes to the violation mode.
If the maximum allowed secure MAC addresses is not reached the frame passes the port security process.
If the MAC entry is a static entry then it applies the violation mode because another port in the same VLAN has the
same static MAC address.
If MAC entry with the same source MAC does not exist:
If the maximum allowed secure MAC addresses is reached, drops the frame
Otherwise frame passes the port security process.
If the frame passes the security process and the sticky MAC address is on, on the received interface, the MAC entry gets added to the MAC table as a
static entry.
A switch port can be configured with secure MAC addresses even if the port's line protocol is down.
When the port's line protocol changes from down to up, if there is a list of secure MAC addresses for the port waiting to be added to the MAC table,
the port security checks the MAC entries with the same VLAN address as the current port.
If there is the same MAC address on the current port which is an sticky MAC, port security deletes the secure MAC from the list and does not
add it to the MAC table.
If the MAC address does not exist in the MAC table, then it adds a MAC entry for that secure MAC to the MAC table.
How DTP decides on the mode of the port

DTP has the responsibility of setting switch port's modes.
Each switch port sends a DTP frame out about its administration mode and operation mode on a regular basis
If the port is configured with dynamic administrative mode and nonegotiate is not on.
When the switch port on the other side of the link receives the DTP update it (flowchart here):
If there is a VTP domain name mismatch it drops the frame
If the port is configured to be in access or trunk administrative mode it drops the frame.
If the port is dynamic and is not in the nonegotiate state it processes the frame.
o
If the same MAC entry (with the same source MAC address as the received frame) exists on the receiving port then restart the timer
for that entry.
DTP process updates the port's operational mode based on the received DTP port status.
Otherwise it adds a new MAC entry to the MAC table and sets a timer for it.
DTP process updates the port's operational mode based on the received DTP port status.
To update the port operational mode DTP (flowchart here):
If the number of neighbors on that port which are sending DTP frames is more than one or is equal to zero
Change the operational mode of the receiving port to static access.
If the number of neighbors is equal to 1

If local port's administrative mode is dynamic auto
If local port's administrative mode is dynamic desirable
If remote neighbor's port is in the administrative mode of desirable or trunk set the operation mode of local port to trunk.
Otherwise, set operation mode to static access.
If remote neighbor's port is in administrative mode of desirable or trunk or auto set the operation mode of local port to trunk.
Otherwise, set operation mode to static access.
If the local port's administrative mode is access then drop the frame and do not process any DTP frames.
How switches processing incoming VTP frames
When a switch receives a VTP frame (flowchart here):
If the switch is in VTP Transparent mode:

Forwards VTP frame to all other trunk ports
If the VTP frame is an Advertisement Request frame:

o
If the domain name on the VTP frame does not match the switch's, then drop the frame and stop.
Send out a Summary Advertisement frame.
Send out a Subset Advertisement frame.
If the VTP frame is a Summary Advertisement frame:

o
If the switch's domain name is set and the one in the VTP frame is different, then drop the frame and stop.
If the switch's domain name is not set, then set the domain name to be the one in the VTP frame, and recalculate MD5.
If the MD5 in the VTP frame does not match the on the switch, then drop the frame and stop.
If the version is different, then take the one in the VTP frame.
If the config revision in the VTP frame is smaller than the one on the switch:
Send out a Summary Advertisement frame
If the config revision in the VTP frame is larger than the one on the switch:
If the followers field is 0:
Send out an Advertisement Request frame

Wait for the Subset Advertisement frames
If the config revision in the VTP frame is the same as the one on the switch:
Drop the frame
If the VTP frame is a Subset Advertisement frame:

o
If the domain name on the VTP frame does not match the switch's, then drop the frame and stop.
If not expecting a Subset Advertisement, then drop the frame and stop.
If the config revision in the VTP frame is different than the expecting one, then drop the frame and stop.
If the sequence number in the VTP frame is different than the expecting one, then drop the frame and stop.
Add the subset to the reply
If the VTP frame is the last expecting subset:
Update the VLAN database with the received subsets
Send out a Summary Advertisement frame
Send out a Subset Advertisement frame
When do switches send out VTP frames

When do switches send out Advertisement Requests:
When the switch detects a VTP configuration change and it is in VTP Client mode
When receiving a Summary Advertisement but there is no subset following it
When do switches send out Summary Advertisements:
When a trunk port comes up and the switch is already advertising VTP
Every 5 minutes
When receiving a Summary Advertisement with its config revision smaller than the switch's
When do switches send out Subset Advertisements:

When a trunk port comes up and the switch is not already advertising VTP
When a local VLAN change is detected and the switch is in VTP Server mode
When the switch detects a VTP configuration change and it is in VTP Server mode
After updating VLAN database on the receiving of Subset Advertisements
When receiving a Advertisement Request How HDLC Works
HDLC is the default data link protocol for serial interfaces.
Sends keepalives periodically to the other end of the link.
When it receives a keepalive, it brings up the line protocol.
If it does not receive a keepalive from the other end for a certain period of time, it brings down the line protocol.
If the interface is configured to not use keepalives, it would bring up the line protocol even if it does not receives keepalives from the other
end.
How Etherchannel Works

When a multilayer switch receives a packet (flowchart here):
Check if the port is active in etherchannel
If the frame is LACP/PAgP

If the partnerDevice in the etherchannel portData matches the partnerDevice in the received frame
Negotiation is successful and the port is changed either to trunk or access mode
If the port is not active in the etherchannel

o
Send the packer to the next highest layer for further processing
When a multilayer switch sends a packet:
A load balance method is selected depending on what user selects.
If no method is selected, uses source Mac address as the load balance method.
The frame is then sent to the lower layer for further processing.
How Multilayer Switching Works
The new 3560 switch in Packet Tracer is a multilayer switch.
It has switching as well as routing capabilities.
It supports IPv4 and IPv6 routing protocols such as RIP, EIGRP, and OSPF.
Each physical interface can be independently configured to be switched or routed ports. Switched ports are layer 2 ports that allow only layer
2 configurations and functionalities. Routed ports allow layer 3 functionalities just like a port on a router. They are switched ports by default.
How HDLC Works
HDLC is the default data link protocol for serial interfaces.
Sends keepalives periodically to the other end of the link.
When it receives a keepalive, it brings up the line protocol.
If it does not receive a keepalive from the other end for a certain period of time, it brings down the line protocol.
If the interface is configured to not use keepalives, it would bring up the line protocol even if it does not receives keepalives from the other
end.
How PPP Works
PPP is a data link protocol for serial interfaces as well as modem connections.
PPP requires authentication before a connection is made. The authentication types available in Packet Tracer are none, PAP, and CHAP.
Each side of the connection can use different authentication methods, but the other end must support them.
The authentication type set on one side is the authentication type required on the other side.
Setting authentication to none means allow the other side to authenticate without any username or password checking.
Both PAP and CHAP use a username and password to authenticate the other side. CHAP provides a stronger encryption and authentication
method.
How PPPoE Works

The Point-to-Point Protocol over Ethernet (PPPoE) is a network protocol for encapsulating Point-to-Point Protocol (PPP) frames inside Ethernet
frames. By using PPPoE, users can virtually "dial" from one machine to another over an Ethernet network, establish a point to point connection
between them and then transport data packets over the connection. (flowchart here):
PPPoE is a client-server model.
PPPoE has two distinct stages.

Discovery stage:
There are four steps to the Discovery stage. When it completes, both peers know the PPPoE SESSION_ID and the peer's
Ethernet address, which together define the PPPoE session uniquely.
PPP Session stage
Server assigns an IP address from the configured pool to the client.
Based on the configuration on server side it may need to authenticate the client through:
AAA server authentication
Locally saved username/password database.
No authentication needed.
Client uses the assigned IP address

When PPPoE client sending a packet out:
Encapsulates all the outgoing packets in the following packets:
When Client receives a PPPoE packet:
PPP frame, PPPoE frame adding the session id to the id field of PPPoE header, and Ethernet frame (destination MAC
address of server)
If the session ID matches one of the client's that the server has negotiated with, it de-encapsulates the packet and send it to PPP
for future processing.
Server uses the session ID to distinguish between different clients:

When server receives a PPPoE frame, it checks the received PPPoE session ID and if session ID is known:
It removes PPPoE header and sends it to PPP for further processing
Otherwise it drops the packet

When server sends a packet:
If packet is destined for a particular client that a session has been negotiated with:
It encapsulates the packet in PPP and PPPoE frames with the particular session ID and sends it to the client
Otherwise, it drops the packet.
How Frame Relay Works
Frame Relay provides connection-oriented data link layer communication. This means that a defined communication exists between each pair
of devices and that these connections are associated with a connection identifier. This service is implemented by using a Frame Relay virtual
circuit, which is a logical connection created between two data terminal equipment (DTE) devices across a Frame Relay packet-switched
network. Virtual circuits provide a bidirectional communication path from one DTE device to another and are uniquely identified by a data-link
connection identifier (DLCI). A number of virtual circuits can be multiplexed into a single physical circuit for transmission across the network.
This capability often can reduce the equipment and network complexity required to connect multiple DTE devices.
A Frame Relay PVC is a logical link whose endpoints and class of service are defined by network management. A PVC consists of the
originating Frame Relay network element address, originating data-link control identifier, terminating Frame Relay network element address, and
termination data-link control identifier. "Originating" refers to the access interface from which the PVC is initiated. "Terminating" refers to the
access interface at which the PVC stops. Many data network customers require a PVC between two points. DTE that needs continuous
communication uses PVCs.
LMI virtual circuit status messages provide communication and synchronization between Frame Relay DTE and DCE devices. These
messages are used to periodically report on the status of PVCs, which prevents data from being sent into black holes (that is, over PVCs that no
longer exist).
Frame Relay Inverse ARP can be used as a method of building dynamic routes in Frame Relay networks running IP. Inverse ARP allows the
communication server to discover the protocol address of a device associated with the virtual circuit. Inverse ARP is used instead of the framerelay map command which allows you to define the mappings between a specific protocol and address and a specific DLCI. Inverse ARP is not
needed for a point-to-point interface because there is only a single destination and discovery is not required.
Frame Relay subinterfaces provide a mechanism for supporting partially meshed Frame Relay networks. Most protocols assume transitivity
on a logical network; that is, if station A can talk to station B, and station B can talk to station C, then station A should be able to talk to station C
directly. Transitivity is true on LANs, but not on Frame Relay networks unless A is directly connected to C.
Configuring Frame Relay subinterfaces ensures that a single physical interface is treated as multiple virtual interfaces, which allows you to
overcome split horizon rules. Packets received on one virtual interface can be forwarded to another virtual interface, even if they are configured
on the same physical interface. Subinterfaces address the limitations of Frame Relay networks by providing a way to subdivide a partially
meshed Frame Relay network into a number of smaller, fully meshed (or point-to-point) subnetworks. Each subnetwork is assigned its own
network number and appears to the protocols as if it is reachable through a separate interface.
When a Frame Relay Cloud receives a frame, it looks up the connection created by the user. If a connection is found, the Cloud forwards the
frame out the port specified in the connection. If the connection is not found, the frame is dropped. When a router receives a frame, it looks up
the DLCI specified in the frame. If the DLCI is mapped to an interface, the frame is passed to that interface. If the DCLI is mapped to an
interface, the frame is dropped by the router.
How Cable/DSL Works
DSL
o
A digital subscriber line (DSL) connection is a high-speed connection that uses the same wires as a regular telephone line. DSL
services are dedicated point-to-point network access over twisted-pair copper wire on the local loop between a network service provider's
central office and the customer site.
DSL circuits connect DSL modems to a digital subscriber line access multiplexer (DSLAM) creating three data channels: a high-speed
downstream channel, a low-speed upstream channel, and a basic telephone service channel. The DSLAM (the cloud) provides one of the
main differences between DSL and cable modems. Because cable-modem users generally share a network loop that runs through a
neighborhood, adding users means lowering performance in many instances. ADSL provides a dedicated connection from each user to the
DSLAM. Therefore, users won't see a performance decrease as new users are added.
A DSL Modem can be used to connect to a modem port defined in the Cloud using telephone wire. Another device (such as a PC or a
router) is connected to Ethernet port on the DSL Modem. The DSL Modem acts like a bridge forwarding traffic from one port to the other
port.
Cable
o
In a cable TV system, signals from the various channels are each given a 6-MHz slice of the cable's available bandwidth. When a
cable company offers internet access over the cable, data can use the same cables because the cable modem system puts downstream data
into a 6-MHz channel. Thus Internet downstream data takes up the same amount of cable space as any single channel of programming.
Upstream data uses 2-MHz channel.
Just like DSL, high-speed cable requires a modem at the customer end and a cable modem termination system (CMTS) at the provider
end. CMTS (the Cloud) functions like DSLAM in a DSL environment. The CMTS takes the traffic coming in from a group of customers on a
single channel and routes it to an Internet service provider for connection to the Internet. A CMTS enables many connections to the Internet
through a single 6-MHz channel. A single channel is capable of up to 40 Megabits per second of total throughput.
Unlike DSL, data channels to CMTS are shared. If these channels are saturated with user traffic, the theoretical bandwidth may not be
achieved. However, this particular performance issue can be resolved by the cable company by adding a new channel and splitting the user
base. Another difference between DSL and cable is that the downstream information flows to all connected users. It is up to the individual
network connection to decide whether a particular block of data is intended for it or not. On the upstream side, information is sent from the
user to the CMTS directly without other users seeing it.
A Cable Modem can be used to connect to a coax port defined in the Cloud using coaxial wire. Another device (such as a PC or a
router) is connected to an Ethernet port on the Cable Modem. The Cable Modem acts like a bridge forwarding traffic from one port to the
other port.
ISP
The Cloud under WAN Emulation is used to model an ISP.
Multiple Ethernet ports can be added to the Cloud emulating ISP networks.
Multiple modem ports can be added to the Cloud emulating a DSLAM.
Multiple coax ports can be added to the Cloud emulating a CMTS.
Multiple modem ports can be mapped to a single Ethernet port that is defined to use DSL as the provider network.
Multiple coax ports can be mapped to a single Ethernet port that is defined to use Cable as the provider network.
For DSL connections, traffic received on a modem port will be forwarded to the corresponding Ethernet port. Traffic received on an
Ethernet DSL port will be forwarded to the correct DSL modem.
For Cable connections, traffic received on a coax port will be forwarded to the corresponding Ethernet port. Traffic received on an
Ethernet Cable port will be forwarded to all coax ports connected to that Ethernet port.
Layer 3 Routing Models - RIPv1 RIPv2 EIGRP OSPF

How a router starts the RIP process
The router generates a RIP request packet to be sent out all ports. The packet will successfully exit a port if the port is (all):
Functional (the port exists, and the line protocol is up).
RIP-enabled.
Not RIP-passive.
RIP versions
The router deals with RIP packets differently depending on what version of RIP it is running.
If it is running RIPv1, it can:

o
Send and receive RIPv1 packets.
Send broadcasts.
If it is running RIPv2, it can:

o
Send and receive RIPv2 packets.
Send multicasts.
If the RIP version is not set, it can

o
Send RIPv1 packets.
Receive RIPv1 and RIPv2 packets.
Send broadcasts.
How a router sends RIP updates

There are two types of RIP updates: regular and triggered.
The router sends regular updates every 30 seconds. The update contains all of the information in the routing table.
The router sends triggered updates only when a route has changed or an interface changes state (up or down).
How a router processes incoming RIP packets

When a router receives a RIP packet (flowchart here):
It drops the packet if (any):

o
The incoming port does not have a valid IP address or is not RIP-enabled.
The source IP address is not from a directly connected network.
The packet came from the router itself.
The packet's RIP version does not match the router's RIP version.
If the packet is a request packet:

Check the port to see if it is a passive interface.
If it is, drop the packet.
If it is not a passive interface, process the packet:

Create a RIP response packet, which contains information about a route or the entire routing table (depending on the
request).
Send the RIP response out the same port.
If the packet is a response packet, process it:

o
Look through each RIP route portion of the packet (the portion from address family identifier, or AFI, to the metric). A RIP packet can
contain up to 25 RIP route portions.
Ignore any portions where (any):
The metric is greater than infinity.
The AFI is not the IP family.
It is a broadcast, Class D, or Class E address.
Set the next hop to the incoming port's address.
For new routes, ignore the route portion if the metric is now 16.
For existing routes, the metric is set to 16.
If the packet contains information about a network that does not exist in the RIP database, it is added to the database.
If a network already has an entry in the RIP database, update it with the latest information.
Send out new and updated routes on the next triggered update.
How a router processes incoming EIGRP packets

When a router receives an EIGRP packet (flowchart here):
It checks to see if the EIGRP process for the autonomous system that is specified in the packet is enabled.
o
If it is not enabled, then the router drops the packet.
Otherwise, it sends the packet to that EIGRP process.
When an EIGRP process receives an EIGRP packet:
It makes the following checks and drops the packet if (any):

o
The receiving interface does not have EIGRP enabled.
The packet does not come from the same subnet as the receiving interface.
The receiving interface is passive.
It checks if the packet is a Hello packet.

o
If so, then it processes the Hello packet (skip to next section).
Otherwise, it checks if the packet came from an existing neighbor.
If not, then it drops the packet.
If the packet did come from an existing neighbor:

It checks if the packet is an Acknowledgment packet.
If so, then it removes the acknowledged packet from the neighbor's output queue.
Otherwise, it checks the sequence number on the packet and the neighbor's last heard sequence number.
If the sequence number on the packet is larger than the last heard, then update the last heard.
If the sequence numbers are the same or the one on the packet is smaller than the last heard, then it drops
the packet.
It checks if the packet piggybacks an Acknowledgment.
If so, it removes the acknowledged packet from the neighbor's output queue.
It checks if there are any packets in the neighbor's output queue.
If there are not, then it sends an Acknowledgment packet back to the neighbor.
It checks if the packet is an Update packet. If so, then it processes the Update packet.
It checks if the packet is a Query packet. If so, then it processes the Query packet.
It checks if the packet is a Reply packet. If so, then it processes the Reply packet.
When an EIGRP process processes a Hello packet:
It checks if the Hello packet has matching K values as the EIGRP process.
o
If not, then it removes the neighbor from the router's neighbor table.
It checks if the neighbor already exists in the neighbor table.
If so, then it updates the last-heard time and hold timer.
If not, it adds the new neighbor to the neighbor table, and sends a full update of its topology table to the new neighbor.
When an EIGRP process processes an Update packet:
It goes through all routes in the Update packet and updates the topology table.
When an EIGRP process processes a Query packet:
It updates the topology table with the route in the query.
It checks if updating the topology table does not cause the process to query other neighbors.
If it does not, then reply the best route to the queried neighbor.
When an EIGRP process processes a Reply packet:

o
The replied route does not exist.
The network is not in ACTIVE state.
The neighbor who replied was not queried.
It checks if the replied route is better than the best heard in the reply table.
o
If so, then it replaces the best heard in the reply table with the replied route.
It checks if the replied route is the last expected reply.
If it is, then processes the last Reply packet to a query.
When an EIGRP process processes a last Reply packet to a query:
It replies to all queried neighbors with the best-heard route from the reply table.
It sets the network to PASSIVE state.
It updates the topology table with the best route.
When an EIGRP process updates the topology table with a route:
Checks if the network is in ACTIVE state.

If so, it ignores the update.
It gets the old best route and old best metric to the network.
It adds the route to the topology table.
It gets the new best route and new best metric to the network.
It checks if the new best route is unreachable or there is no feasible successor.

If either is true, then it queries neighbors about the route.
If there is no neighbor to query, then it removes the network from topology and routing table.
If the new best route is feasible, then it adds all successors for the network to the routing table.
Update neighbors.
How a router processes incoming OSPF packets

When a router receives an OSPF packet (flowchart here):
It checks to see if an OSPF process is enabled on the port that received the packet.
o
If it is not enabled, then the router drops the packet.
Otherwise, it sends the packet to that OSPF process.
When an OSPF process receives an OSPF packet (flowchart here):

o
The receiving interface does not have OSPF enabled.
The packet does not come from the same subnet as the receiving interface.
The receiving interface is passive.
The packet is for (backup) designated router and the router is not.
The receiving interface does not have the same area id as indicated in the packet.
The authentication failed for the packet.
It checks if the packet is a Hello packet.

o
If so, then it processes the Hello packet (skip to next section).
Otherwise, it checks if the packet came from an existing neighbor.
If not, then it drops the packet.
If the packet did come from an existing neighbor:
It checks if the packet is a Database Description packet (DDP). If so, then it processes the DDP.
It checks if the packet is a Link State Request (LSR) packet. If so, then it processes the LSR.
It checks if the packet is a Link State Update (LSU) packet. If so, then it processes the LSU.
It checks if the packet is a Link State Acknowledgment (LSAck) packet. If so, then it processes the LSAck.
When an OSPF process processes a Hello packet (flowchart here):
It checks if the Hello packet has matching hello & dead timer values as the OSPF process.
If not, then it prints out a warning message and drops the packet.
It checks if the neighbor already exists in the neighbor table.

o
If so, then it resets the dead timer.
If not, it adds the new neighbor to the neighbor table and sets the neighbor state to 2-WAY.
The adjacency is established with the neighbor if:
The underlying network is point-to-point.

The underlying network is broadcast and the router itself is designated router, backup designated router, the
neighboring router is designated router, or the neighboring router is backup designated router.
It checks if backup designated router is present.

o
If not, then it performs designated router election after wait timer expires.
When an OSPF process processes a Database Description packet (flowchart here):
If the state is start, the master/slave relationship is formed based on router ID. The neighbor state is updated to exchange.
During the exchange state, the OSPF process goes through all the link state advertisement (LSA) headers stored in the packet. If the router
does not have the LSA described in the header, it stores the header in the queue.
If there are no more DDPs, the neighbor state transitions to loading. The headers stored in the queue are used to generate LSRs.
When an OSPF process processes a Link State Request (LSR) packet (flowchart here):
It looks up its Link State Database and puts the information in the Link State Update (LSU) packet and sends to the adjacent neighbor.
After all the corresponding LSUs are received for the LSRs, the neighbor state transitions to full.
When an OSPF process processes a Link State Update (LSU) packet (flowchart here):
It validates the LSA's checksum. If the checksum is invalid, discard the LSA.
It checks the LSA's type. If the type is unknown, discard the LSA.
It checks the LSA's age. If the age is equal to maximum allowed value and there is currently no instance of the LSA in the router's database,
and none of router's neighbors are in states exchange or loading states, then the router sends an acknowledge.
If the LSA is not in the database or is newer, add to the database.
If the LSA is the same instance as the database copy, and the LSU is not used as an implied acknowledgment, send a LSAck to the neighbor.
If the database copy is more recent, discard the LSA without acknowledging it.
When an OSPF process processes a Link State Acknowledgment packet (flowchart here):
It checks neighbor's state. If the neighbor is in a lesser state than exchange, discards the packet.
It checks if the acknowledgment is for an instance of a LSA stored in the retransmission list for the neighbor. If yes, the OSPF process
removes the LSU from the retransmission list.
When an OSPF process updates the routing table with a route (flowchart here):
All routers in the same autonomous system belonging to the same area should have identical database.
After a LSA has been added to the database, the OSPF process starts a timer. The router performs shortest path first (SPF) calculation after the
timer expires. The SPF algorithm uses LSAs stored in the database to generate OSPF routes. The routes are added to the routing table.
How routes are Redistributed using Redistribution feature.
Redistribution commands can be configured in the router mode of the routers for all types of the routing protocols including EIGRP,
EIGRPv6, OSPF, OSPFv3, RIP, and RIPv6.
Once a redistribution command is configured.

Router checks for that specific type of the route in its routing table
If any exists that matches the redistribution command it will add the route to the destination protocols database or topology
table and sends out an update to its neighbors for that route.
If there is not any matching route in the routing table, it checks back the routing table for the newly receiving routes. If any
matches the command it will add it to the destination protocols database and sends out an update for that route to its neighbors.
If route which matches the redistribution commands protocol gets deleted from the routing table the router sends out an update
to its neighbor and announces that specific routes status as down.
Once a redistribution command is removed from the router

o
The router marks the metric of the matching routes as unreachable and sends an update to its neighbor about that route.
Once an interface comes up or a network commands gets added to any routing protocols.
Router checks whether a redistribution command is configured. If there is any configured it will send an update out of that interface.
How CEF works
Cisco Express Forwarding uses a cache table for fast forwarding.

The CEF cache table contains entries matching destination networks to next hop IP address, next hop layer 2 information, and outgoing
interface.
The CEF cache table is built from lookups in the routing table and IP address to layer 2 information.
When packets are needed to be sent out, whether receiving from an interface or sending from the local device, it looks up the destination
network in the CEF cache table first.
If it is found, it uses that information to encapsulate and modify the frame and sends it out.
If it is not found, it uses process routing, which is same as looking up routing table and passing to lower layer for layer 2 encapsulation. It also
records the information in the cache table when the layer 2 information is complete.
IPv6 Routing and Routing Protocols
Routing in IPv6 works the same way as in IPv4 with "ip classless" enabled, which is always enabled in Packet Tracer.
Display of routing table in IPv6 does not group networks together as in different classes in IPv4.
RIPv6 works the same way as RIPv2.
Multiple instances of RIP can be run at the same time on the same device.
EIGRPv6 and OSPFv3 work the same way as in IPv4 except the router-id's are still using IPv4 addresses. They can be either automatically
chosen from the assigned IPv4 addresses on the device or manually configured for the routing protocol instance.
How a router processes incoming BGP packets

When a BGP peer receives an open packet (flowchart here):
If versions are different

o
Send BGP error open version notice back
Stop neighbor peering
Start Connect retry timer
If neighbor's AS is not the same as this router's configured neighbor AS:

o
Send BGP error open Bad AS notice back
If neighbor's speaker ID is the same as this router's speaker ID:

o
Send BGP error open Bad ID notice back
If neighbor's holdtime is less than 3:

o
Send BGP error open Bad Holdtime notice back
Negotiate holdtimes, using the smaller of the neighbor's and this router's hold time.
Change state to OPEN CONFIRM
Send keepalive to neighbor
When a BGP peer receives a notification packet (flowchart here):
If error code is Cease

o
Send Cease back

If error code is hold time expire
Close TCP connection
Start connect retry timer
When a BGP peer receives an update packet: (flowchart here):
If Update packet contains withdrawn routes

Set withdrawn route in neighbor's incoming routing information base table to be unfeasible
If Update packet contains route updates

If new route:
If existing route exists:
Add route to the neighbor's incoming routing information base table
Update routing information
Run decision process to pick best routes to the main routing information base and install routes to the routing table
When a BGP peer receives a keepalive packet: (flowchart here):
Increment keepalive count
Refresh hold down timer
Run decision process to pick best routes to the main routing information base and install routes to the routing table
BGP Decision Process: (flowchart here):
Check all network statements

If network is not installed in the main BGP routing information base table
If network is reachable
If another route is already installed, make the other route unfeasible
If route is not already installed, add route to routing table if not there
Check all neighbor's incoming routing information base table

o
Verify route is loop free (AS Path does not go through local AS)
If synchronization is enabled, verify the route's next hop is reachable through an IGP
If the route is the best route available, add route to routing table if not there
Send routing update for redistributed routes
Remove all unfeasible routes from the main routing information base and send withdraws if necessary
Send out route updates for all new routes installed
Remove all unfeasible routes from the main routing table
Layer 3 IP Models
How IP and IPv6 are modeled
Packet Tracer models only certain aspects of IP.
IP version 4 is modeled.
IP addresses are 32 bits long, and displayed using the dot-decimal notation, where each octet or byte of the IP address is displayed in decimal
number and separated by a dot.
All class A, B, and C addresses (1.0.0.0 to 224.255.255.255) except loopback addresses (127.0.0.0 to 127.255.255.255) can be assigned to
ports.
All IP packet fields are displayed in the PDU details. However, only the following four fields are used: Destination IP Address, Source IP
Address, TTL, and Protocol.
The Protocol field in the IP packet identifies the layer 4 PDU. When a device sends an IP packet, it places the value corresponding to the layer
4 process or service in the Protocol field. When a device receives an IP packet, it dispatches the layer 4 PDU to a process or service
corresponding to the value of the Protocol field.
Packet Tracer also models IPv6.
IP addresses are 128 bits long, and displayed as eight groups of four hexadecimal digits separated by colons.
There are no classes of addresses in IPv6. Each address assignment has an address and a prefix in the format with / followed by the prefix
length of the network.
All IPv6 packet fields are displayed in the PDU details. However, only the following four fields are in used: Destination IPv6 Address,
Source IPv6 Address, Hop Limit, and Next Header.
The Next Header field in the IPv6 packet identifies the layer 4 PDU or the next option in the IPv6 header. When a device sends an IPv6
packet, it places the value corresponding to the layer 4 process or service in the Next Header field. When a device receives an IPv6 packet, it
dispatches the layer 4 PDU or the IPv6 header to a process or service corresponding to the value of the Next Header field.
How devices process incoming ICMP packets

When a device receives an ICMP packet:
It checks the ICMP message contained in the packet.

If the packet contains the message "TTL Exceeded" or "Echo Reply:"
It checks to see if it has recently sent an ICMP message with the same identification as the received ICMP message.
If so, it sends out the ICMP.
How devices process incoming ICMPv6 packets
ICMPv6 works similar to ICMP for Echo, Echo Reply, Hop Limit Expire (TTL Expire), Unreachable messages. For Neighbor Discovery (ND)
messages, ICMPv6 process sends them to the ND process. Refer to ND process for more details.
How ND for IPv6 processes incoming packets

When an ND process for IPv6 receives a packet (flowchart here):
If the packet is a Neighbor Solicitation, the process executes the following actions:
o
It will drop the packet if it doesnt contain a Link Layer option.
If the destination IPv6 address doesnt match with the receiving interfaces IPv6 address:
If matched,
If there is an entry already exists in the ARP table, the entry will be updated with the information in the packet.
If the host device is not a switch, the process will update the ARP table with information from the packet (source IPv6 address,
source MAC address).
Then ND process creates an ARP Reply packet that contains its MAC address and sends to the source device.
If the packet is a Neighbor Advertisement, the process executes the following actions:
It will drop the packet if it meets any of the following conditions:
It does not contain a Link Layer option.
It has not sent an ARP request but received an ARP reply

Otherwise, it will do the following actions:
The devices ARP process will updates the ARP table with the received information.
If there are buffers contained in the received packet, the ARP process takes out these buffers and resends them.
It the packet is a Router Solicitation, the process executes the following actions:
o
It will drop the packet if the message is a not valid Router Solicitation. A valid Router Solicitation message must meet the following
conditions:
The IP Hop Limit field has a value of 255.
ICMP code is 0.
ICMP length is 8 or more octets.
All included options have a length that is greater than zero.
If the IP source address is the unspecified address, there is no source link-layer address option in the message.
If the packet is a valid Router Solicitation, it will create a Router Advertisement and multicast it to the all-nodes group.
If the packet is a Router Advertisement, the process executes the following actions:
It cancels any existing router solicitation timer scheduled on the receiving interface.
o
o
It retrieves information from the Router Advertisement such as source IPv6 address, prefix and prefix length, and with the receiving
interfaces local link address, it creates an IPv6 address.
If the Router Advertisements prefix option is on-link, the ND process sets the newly created IPv6 address to the receiving
interface.
If the Router Advertisements prefix option is off-link, the ND process removes the IPv6 address from the receiving interface.
How IP Does Fragmenting

Before sending out a packet, IP follows the process below (flowchart here):
It checks if the total length (TTL) of the packet is greater than the MTU of the out-going interface. Note that setting of the mtu command will
override the ip mtu command.
If yes, it checks if the packet has the DF flag on.
If yes, it drops the packet.
It checks if TTL is less than or equal to the value configured via the command ip mtu.
o
If yes, it sends the packet.
It no,
It obtains the payload of the packet.
It does fragmenting on the payload.
It sends out fragments.
How IP Processes Reassembling

When IP receives an incoming packet (flowchart here):
It checks if this packet is intended for this device.

o
If yes, the packet is sent to the reassembling function.
If no, it forwards to the routing or host process for more processing.
Reassembling functionality:
It checks if the DF flag is on, and the fragment offset (FO) is 0.
If yes, it forwards to the routing or host process for more processing.
It checks if the buffer ID exists. The buffer ID is a combination of the source and destination address, and the protocol and
identification fields of the IP header.
If yes, it loads the reassembling resource for this buffer ID.
If no, it creates a new reassembling resource for this buffer ID.
It updates necessary information for the reassembling resource with this fragment.
It checks if it is the last fragment:

If yes, it starts reassembling all received fragments.
If successful, it sends the IP packet to the routing or host process for more processing.
If not successful due to missing fragments, it drops all fragments and releases the reassembling resource.
If no, it starts or restarts the reassembling timeout timer for this buffer ID.
How IPv6 Does Source Fragmenting

Before sending out a packet at the source, IPv6 follows the process below (flowchart here):
It checks if the total length (TTL) of the packet is greater than the MTU of the out-going interface. Note that setting of the mtu command will
override the ipv6 mtu command.
o
If no, it sends out the packet.
If yes, it checks if TTL is less than or equal to the value configured via the command ipv6 mtu.
If yes, it sends the packet.
If no,
It obtains the payload of the packet.
It does fragmenting on the payload.
It sends out fragments; each has the IPv6 Fragment Extension Header.
How IPv6 Does Path MTU Discovery at Middle Routers

Before sending out a packet at the middle router, IPv6 follows the process below (flowchart here):
It checks if the total length (TTL) of the packet is greater than the MTU of the out-going interface.
If yes, it triggers the Path MTU (PMTU) process to send out an ICMPv6 Packet-Too-Big message to the source.
How IPv6 Processes Reassembling

When IPv6 receives an incoming packet (flowchart here):
It checks if this packet is intended for this device.

o
If yes, the packet is sent to the reassembling function.
If no, it forwards to the routing or host process for more processing.
Reassembling functionality:
It checks the IPv6 fragment extension header if the M flag is off, and the fragment offset (FO) is 0.
If yes, it forwards to the routingv6 or hostv6 process for more processing.
It checks if the buffer ID exists. The buffer ID is a combination of the source and destination address, and the protocol and
identification fields of the IP header.
If yes, it loads the reassembling resource for this buffer ID.
If no, it creates a new reassembling resource for this buffer ID.
It updates necessary information for the reassembling resource with this fragment.
It checks if it is the last fragment:
If yes, it starts reassembling all received fragments.
If successful, it sends the IP packet to the routing or host process for more processing.
If not successful due to missing fragments, it drops all fragments and releases the reassembling resource.
If no, it starts or restarts the reassembling timeout timer for this buffer ID.
How CBAC works

When a packet is send out of a router port (flowchart here):
If the received port has an ACL configured and its an extended ACL:
It checks if the packet is part of an existing session:
If the lookup finds a matching entry in the session table :
It updates the session state table.
It sends to the lower process.

Or else if the packet is just a pass through packet after been checked by the received port:
It sends to the lower process.
Else
It looks for a matching acl statement:
If the packet is DENIED by the ACL, it DROPs the packet.
Else
It does the inspection and checks if an inspection rule is present or not:
If inspection rule is NOT present, it sends the packet to the lower process without inspection.
Else:
It creates a session entry and update the state table.
It sends out of the interface to the lower process.
If acl is NOT present:

It does the inspection and checks if an inspection rule is present or not:
If inspection rule is NOT present, it sends the packet to the lower process without inspection.
Else
It sends out of the interface to the lower process.
When a router receives a packet (flowchart here):
If the received port has an ACL configured and it is an extended ACL:

It checks if the packet is part of an existing session:
If the lookup finds a matching entry in the session table:
It updates the session state table.
It sends to the higher process.

If no matching session found:
It looks for an ACL matching statement:
if a matching statement found, it permits the packet and sends to the higher process.
if the packet is denied, it drops the packet.
If no acl present, it sends the packet to the higher process.
How Zone based Firewall (ZFW) works

When a packet goes out of a zone based firewall router port (flowchart here):
If ACL NOT present or ACL permits packet:

ZFW checks if the received port and port to send are both zone members.
If both the ports are members of any zone, ZFW finds a match for the current zone-pair (recv port - send port zone pair).
If a match FOUND, it gets the policy map for this zone-pair and go through the classmap list.
If a matching class map statement FOUND:
If the policy-classmap action is to "drop" or no action set (default action is to drop), it creates a session
and updates the state table and drops the packet.
Else it creates a session and updates the state table. Then it passes the packet to the lower layer.
If matching zone-pair NOT found, it drops the packet.
Else if either one of the ports is not part of any zone member, it drops the packet.
Or else if both the ports are not part of any zone member ( ie., router is not configured fully for Zone based firewall), it passes
the packet to the lower layer.
Else if ACL drops the packet, ZFW drops the packet.
When a packet is received on a zone based firewall router port (flowchart here):
The packet is checked for a matching entry in the session table to see if it is part of an existing session:
o
If a matching entry FOUND, it updates the state table entries and passes it to the higher layer/process.
If NO matching entry found in the session table, it checks if the packet is intended for THIS router:
If so, it looks for a matching self-zone/zone-self pair.
If a matching zone-pair FOUND:
It passes the packet to the higher layer.

If a matching zone-pair is NOT found, it passes the packet to the higher layer.
How IPS Signature Scan Works

ICMP (2004:0) signature is the only ips signature that is currently supported in PT. The signature is made a built-in signature. The ips config location
and category needs to be configured and the ips rule needs to be applied to the interface in order to enable IPS on a router (flowchart here):
If IPS enabled, the device checks if ACL is present.

o
If ACL NOT present or acl PERMITS the packet, The device scans through the signature list to see if the signature is unretired and
enabled.
If UNRETIRED and ENABLED:
If the signature matches, it does all the actions defined for this signature:
If action has to deny the packet along with others, it denies the packet.
Else it passes the packet to higher/lower layer.
If ACL DENIES the packet, the device denies the packet and returns from IPS.
If IPS is not enabled, the device returns from IPS, does ACL match, and proceeds.
How Outside NAT Works

When a packet is sent out of the router port (flowchart here):
If the received port was NOT inside nat port, or the sending port is NOT an outside nat port, or the packet header is invalid:
It passes the packet to the lower layer - NO translation done.
Else
It lookups the NAT table for a matching dynamic entry for the local addresses.
If match FOUND,
It starts the timer.
It does the packet translation.
It passes the packet to the lower layer.

If match NOT found
It looks up the table for static matching entry for both source and destination.
If match FOUND for SOURCE and DESTINATION, or if match FOUND for SOURCE only, or match
FOUND for destination only
It creates a dynamic entry in the nat table.
It passes the packet to the lower layer.

Else if NO match found,
It passes the packet to the lower layer - NO translation done.
When a packet is received by a router port (flowchart here):
If NAT is NOT configured on the received port or the received packet header is invalid
It passes the packet to the higher layer - no translation done.
If received port is a nat inside port

If NOT inside port, check is received port is an outside NAT port.

o
If NOT outside port, it passes packet to the higher layer.
Else if the received port is an OUTSIDE nat port:

It looks up the nat table for a matching dynamic entry for the global addresses:
If match FOUND:
It starts timer.
Packet is translated from global to local - Nat translation done.

If NOT found:
Looks up the static matching entry for both source and destination addresses:
If match FOUND for SOURCE and DESTINATION:
It creates a new dynamic entry and add to the nat table.
It passes the translated packet to the higher layer.

Else if match FOUND only for SOURCE
It checks whether the next hoping router port is an inside NAT port.
If NOT:
It passes the packet to the higher layer - No translation done.
If the next hop port is INSIDE nat port:
It creates a new dynamic entry and add the nat table.

Else if match FOUND only for DESTINATION:
It creates a new dynamic entry and add to the nat table.
It passes the translated packet to the higher layer.
How QoS Works

When a packet is going out of a router interface (flowchart here):
It classifies the packet based on shaping configured.
If shaping configured:
It checks if shaping is full:
If no, it puts the packet in shape queue. Then it starts the timer and checks if software queue is full.
If no, it puts in software queue.
Else if not configured:

It checks if the software queue is empty or not.
If NOT EMPTY, it calculates using the Weighted Random Early Detection (WRED) whether the packet can be dropped or not.
A packet is dropped if the average queue size is greater that maximum threshold or average queue size is between minimum and
maximum threshold and the packet count meets the threshold mark. If WRED calculates to DROP the packet:
Else, it checks if the software queue is full or not:
If FULL, it drops the packet.
Else, it puts the packet in the software queue.

If EMPTY:
It checks if hardware queue is full or not:
If FULL, it puts in software queue.
If NOT,
It puts the packet the in hardware queue.
If the hardware queue has packet,
It sends the packet out of the interface
Retrieves packets from the software queue
places it in the hardware queue.
How Devices Handle GRE Packets

When a device sending a GRE packet (flowchart here):
If a packet getting out of the device is having the same source IP address as one of the tunnel interfaces that is configured on the device:
o
It encapsulates it in GRE header.
IP layer encapsulates the GRE header in another IP header with source and destination address of associated tunnel interface.
When a device receiving a GRE packet (flowchart here):
After Ethernet and IP header are removed from the received data:
If the receiving packet has GRE header:
GRE header is removed and hand it in to the associated tunnel interface.
Tunnel interfaces pass it up to the IP layer for the further processing.
How Routers Handle ESP/AH Segments

When a router sending an ESP/AH segment (flowchart here):
If the packet is getting out of the device is not encrypted, and it is interested traffic, and if the outgoing port is configured with the crypto map:
o
ISAKMP negotiation for security SAs:
If Successful:
It gets the SA for the interested flow and encapsulates the packet in the ESP packet:
If SAs has been negotiated for AH, the router encapsulates ESP in AH segment and sends it to the lower layers
to process.
Otherwise, it sends the ESP segment to the lower layers to process.
Otherwise, it drops the packet.
When a router receiving an ESP/AH segment (flowchart here):
If the packet receiving on the port is ESP/AH packet.

o
If the port is not configured with a crypto map command, it drops the packet.
Otherwise
If the ESP/AH packet has matching ESP/AH SA numbers:
If packet is encapsulated in AH, AH authenticates the packet and removes the AH header and pass the packet to ESP.
ESP decrypts the packet and removes the ESP header. Also it passes the decrypted packet to the next layer of data for
further processing.
Otherwise, it increments the error counter for the specific flow that matches the packet and drops the packet
Layer 4 Models
How devices process UDP segments
This procedure explains how a device sends and receives UDP segments.
When the device receives a segment:

o
It de-encapsulates it and examines the UDP header for port information.
It then maps the local port information and sends the payload up to a higher layer (the application layer) for processing.
If it cannot find the upper process based on the port information, it drops the segment.
When the device wants to send a segment:

o
It encapsulates the payload with a UDP header.
It sends the segment to the lower layer for processing.
How TCP Connection handles outgoing data

When TCP Connection is ready to send data in the out buffer: (flowchart here):
It checks if the TCP connection State is Established:

o
If no, it drops the data.
If yes,
It adds the new data onto the out buffer.
It checks if the Nagle service is turned on:

If yes, it checks if the size of the out buffer is greater than the MSS:
If yes, it starts the initial data sending step.
If no, it checks if there is any unacknowledged data:
If no, it starts the initial data sending step.
If yes, it continues to wait for more incoming data.

If no, it starts the initial data sending step.
The initial data sending step:
TCP checks if there are any segments to be retransmitted:
If yes, it stops and waits.
If no, it checks if the usable window is smaller than the MSS, and there is more data in the out buffer than usable window size:
If no, it starts the new segment sending step.
The new segment sending step:

It checks if there are any segments to be retransmitted:
If no, it goes through the following steps:

It updates and checks the unacknowledged data buffer for any segments needed to be retransmitted and transmits those
first.
Otherwise, it prepares the data in the out buffer into TCP segments, and it will eventually send all segments out.
How TCP Connection handles incoming TCP segments

When TCP connection receives a TCP segment (flowchart here):
It updates the Receive-Window variable from the TCP header.
If the connection is not in the LISTEN state:

o
It resets the inactivity timer.
If the sequence number is equal to the ReceiveNext variable:
The TCP segment is expected.
Proceeds to the next step.
Else
If the sequence number in the received TCP header is less than the Receive-Next variable.
If connection is not ESTABLISHED, the segment is a duplicate.
If the header is not a RST.
Clears the ACK timer.
Resets the received ACK counter.
Sends an ACK out.

Else
This is an unexpected segment.
If the header is a RST, processes RESET.

Drops this segment.
If the connection is in the LISTEN state:

o
If this is a SYN segment, the server port accepts the connection.
Else the server port sends back a RST and drops the segment.
If the connection is in the SYN_SENT state:

If the TCP header is a SYN or ACK:
Clears the timer for retransmitting control data.
Calculates the Receive-MSS and Send-MSS variables from the advertised MSS in the TCP header.
Updates the local IP.
Updates the Receive-Next with the ACK number in the TCP header.
Sets the connection's state to ESTABLISHED.

If the TCP header is a FIN:
The TCP connection is refused.
Processes FIN.
If the TCP header is a RST:
The TCP connection was refused.
Processes RESET.
If the connection is in the SYN_RECEIVED state:

If the header is a SYN or RST
The connection was reset.
Processes RESET.
If the TCP header is FIN
If the TCP header is an ACK
Processes FIN.
Clears the timer for retransmitting control data
Sets the connection's state to ESTABLISHED.
If the connection is in the ESTABLISHED state:
The connection was reset.
Processes RESET.
If the header is a FIN:
The TCP connection was disconnected.
Increments the Receive-Next variable.
Processes FIN.
If it is an ACK:
Processes ACK.
Clears the timer for retransmitting data.

If the header is an ACK and it's not a RST:
Checks if it is a duplicate segment.
If it's not duplicate and not an empty ACK:
Increments the Receive-Next variable with the size of the received data segment.
Processes ACK.
If it's duplicate and not an empty ACK:
Drops the duplicate segment.
Clears the timer for sending ACK.
Sends an ACK.
Else
If it is not an empty ACK:
Processes the data.
If the connection is ESTABLISHED:
If acked some packets, and nothing is being retransmitted, and there is buffer data,
Sends buffer data.
If it is not an empty ACK:
If the connection is in the FIN_WAIT_1 state:

Processes RESET.
If the TCP header is a FIN:
Sets the connection's state to CLOSING.
Sends an ACK.
If the TCP header is an ACK:
Checks if an ACK needs to be sent out.
Sets the connection's state to FIN_WAIT_2.
If the connection is in the FIN_WAIT_2 state:
If the TCP header is a FIN
Processes RESET.
Sets the connection's state to TIMED_WAIT.
If the connection is in the LAST_ACK state:

If the TCP header is an ACK or FIN:
Processes RESET.
Processes ACK.
Sets the connection's state to CLOSED.
If the connection is in the CLOSING state:

If the TCP header is an ACK
Processes RESET.
Sets the connection's state to TIMED_WAIT.
If the connection is in the CLOSED state:

o
Layer 5 Models
How Routers Handle ISAKMP Segments
When a router sends an ISAKMP segment (flowchart here):
If a packet is getting out of the device is not encrypted, and it is an interesting traffic, and also if the outgoing port is configured with a crypto
map command:
ISAKMP initiates the negotiation for the first peer. It starts from the lowest crypto map sequence number and tries to negotiate with all peers
in the list until the first success.
If an IKE peer with the same IP is not configured, the initiator starts phase I negotiation.
The initiator device sends out the first packet of negotiation by encapsulating all the ISAKMP policies that have been
configured with.
The responder device sends out the second message of negotiation by
If match found, it encapsulates the matched policy.
Otherwise, sends a packet to tell the peer to discontinue the negotiation.

The initiator device sends out the third message:
If no match, it deletes the IKE peer.
Otherwise, it sends the third message which includes the nonce numbers and the key for the peer to calculate DH
values.
The responder device sends out the fourth message:
Sends out its nonce numbers and the key to the peer
The initiator device sends the fifth message:
Encrypts the identity of the receiver with the DH key and sends it to the peer.
The responder sends the sixth message:
Encrypts the identity of the sender with DH key and sends it to the peer.
Otherwise phase II:

o
The initiator device encrypts the SA payload with the DH key calculated in the phase I, encapsulates it in an ISAKMP and sends it to
the peer.
The responder device sends the second message of phase II:
If the match policy with sender found, it sends the encrypted matching policy to the peer.
Otherwise, it sends a notification to the peer, drops the packet, and deletes the IKE peer.
The initiator device:
If the receiving device has sent back a matching policy, the initiator sends an ACK to the receiving device and successfully
finishes phase II.
Otherwise, it deletes the IKE peer.
When a router receives an ISAKMP segment:
If the port, that is receiving the ISAKMP packet, is not configured with crypto map:
o
It drop the packets and stops.

If the port, that has received the ISAKMP packet, is configured with crypto map:
It checks if an IKE peer exists with the source IP of the receiving packet.
IKE phase I negotiation is already done, and it starts negotiating for IKE phase II.
If an IKE peer does not exist with the same source IP of the receiving packet:
o
The Initiator adds the peer to the IKE peer list and starts negotiating IKE phase I with the new peer.
If the packet is the first IKE packet, the responder device processes the security associates payload to find a matching policy.
If a key exists, that has been associated with the peer IP, and a matching policy found.
It will continue with the negotiation by sending the accepting policy to the peer.
Otherwise, it sends a packet and rejects the policy. It also deletes the associated IKE peer.
If the packet is the second packet of ISAKMP main mode, the initiator processes the payload:
If the payload is a notification, it processes the payload and deletes the IKE peer because there was not an existing policy or
key.
If the payload is a security associate payload which means that the peer has found a match with that policy the device:
Encapsulates a nonce (g,p) payload and its key payload in an ISAKMP packet and sends it back to the peer.
Calculates the public key (TA = g power a mod p). "a" is the private key for this peer.
If the receiving packet is the third packet of the main mode negotiation, the responder processes the nonce and key payload.
Get the nonce (g,p)
Calculate its public key (TB = g power b mod p). "b" is the private key for this peer.
The receiving device also encapsulates a nonce (g,p) payload and its key in an ISAKMP packet and sends it back to the
peer.
Calculates the DH shared secret K = TA power b mod p.
If the packet is the fourth packet of the main mode negotiation that is receiving initiator processes the private key and nonce
payload:
Calculates the DH shared secret key K = TB power a mod p.
Encrypts the peer IP with K and sends it to the peer

If the packet is the fifth packet of the main mode negotiation responder:
Gets the payload and identifies the identity of the peer by decrypting the encrypted msg.
Encrypts the peer IP with K and sends it to the peer.
Marks the IKE peer for phase II negotiation.

If the packet is the sixth packet of the main mode negotiation initiator:
Gets the payload and identifies the identity of the peer by decrypting the encrypted message.
Marks the IKE peer for phase II negotiation.
Initiator also starts phase II by encrypting (with the key) the existing SAs and sends it to the peer.
IKE peer exists and marks with the phase II negotiation.
If the received packet is the first packet of the quick mode negotiation the responder processes it and sends the second
message:
It gets the ISAKMP data and decrypts it with the key that has been calculated in phase I.
Goes through all the security associates that the peer has sent.
If it finds a match
Generates outbound SAs.
Encrypts and sends the accepting SA to the peer.
If no matching SA found,
Sends a packet and denies continuing the negotiation.

If the packet has received is the second message of the quick mode, the initiator processes it and sends the third message:
It gets the ISAKMP data and decrypts it with they key that has been calculated in phase I.
If SA has been accepted by the peer:
Gets the accepted security associate that the peer has accepted.
Generates outbound SAs.
Creates IPsec peer.
Encrypts and sends an ACK to the peer.

If SA has not been accepted by the peer:
Creates an IPsec peer.
Discontinues the negotiation.
If the received packet is the third message of the quick mode, the responder gets the ACK and creates SAs and IPSec peers. IT
marks the peer with phase II completed.
How PCs Handle ISAKMP Segments

If PC, which is an easy VPN client, has a request to connect to an easy VPN server (flowchart here):
PC sends ISAKMP policies that it has been configured with plus nonce, a key, and identification payload.
Server sends a reply back after getting the first packet and checking for AAA values.
o
If the AAA authorization is not configured, it drops the packet.
Otherwise, it continues with the IKE phase I negotiation:
Either finds a matching policy
Server sends the accepting policy back plus ID, nonce, and key payload back to the client.
The IKE peer on the server enters XAUTH mode

Otherwise
It does not find a matching policy, it drops the packet.
If the group name and group key, that the client has sent the request to, do not match or do not exist, it drops the packet.
If the server has sent back its ID, Key and nonce with the matching policy.
o
PC sends back an ACK.
This ACK packet is encrypted with the DH shared key that has been calculated with nonce, and key of the received packet from the
server.
IKE peer on the PC enters XAUTH negotiation phase.
Otherwise, it drops the packet and removes the PKE peer.
Server sends its first XAUTH packet to the client:

o
o
If server is configured with AAA authentication for the client it sends a prompt to the client and requests the client's
username/password.
Otherwise server authenticates the user and continues with the next message.
The client sends username/password when it receives the prompt from the server.
The server receives the username/password. It consults with either AAA server or its local configuration (based on the configuration):
o
If match found:
Authenticates the client
Gets an IP from the IP pool and sends it to the client.

Otherwise, it denies the client to access the server and sends a notification back to the client.
The client receives the packet:

o
o
If it is a notification, the client stops the negotiation.

Otherwise, the client gets the IP, assigns the IP to its tunnel interface, and sends the last message of XAUTH mode, which is an ACK
to the server.
Server gets the ACK and:
Creates a new route in its routing table to the tunnel IP address of the new client.
Creates an interesting traffic for the client.
Marks the IKE peer with XAUTH mode complete .
Sends a packet to the client to notify the PC to start the phase II.
Client receives the notification from the server and sends first phase II packet to the server. (for phase II please refer to router's phase II)
If PC which is an easy VPN client has a request to disconnect from an easy VPN server (flowchart here):
The client sends an informational packet to the server and requests to disconnect.
The server receives the request to disconnect from the client:

o
Removes the static route to the client.
Releases the borrowed IP to the pool.
Removes the interesting traffic and its associated SA for the client from its interested traffic table.
Sends an informational packet back to the client.

The client receives the informational packet that sever has been disconnected:
Removes the tunnel interface and disconnects.
Layer 7 Models
How DHCP clients work
DHCP client sends a DHCP-DISCOVER packet (flowchart here):
When a DHCP client device receives a packet:

o
The packet is not a valid DHCP packet.
The packet's destination MAC address does not match its own MAC address.
It checks the packet's DHCP type (its DHCP message).

o
If the packet is a DHCP-OFFER packet, it uses the information in the packet (including client IP address, offered IP address, server IP
address, and gateway address) to construct a DHCP-REQUEST packet and sends it back to the server.
If the packet is a DHCP-ACK packet, it gets the IP address, subnet mask, and the gateway IP address from the packet and sets its IP
address configuration accordingly.
If the packet is not a DHCP-OFFER or a DHCP-ACK packet, it will drop the packet.
When a DHCP client device does not receive a packet:
It starts to assign an auto-configuration ip address in the 169.254.0.0/16 address block.
It sends out ARP Gratuitous to detect duplicate ip address.

o
If it gets an arp reply, it starts to assign the next available ip address from the 169.254.0.0/16 address block and sends out another ARP
Gratuitous.
If it does not get an arp reply, it assigns the ip address to the port and continue sending out DHCP-DISCOVER packet.
How DHCP servers process incoming packets

When a DHCP server device receives a packet (flowchart here):
It drops the packet if:

The packet is not a valid DHCP packet.

If the packet is a DHCP-DISCOVER packet:
If the client already has a lease:
Send a DHCP-OFFER packet with the associated IP to the client.
If the client does not already have a lease:
If there is an available IP address:
Send a DHCP-OFFER packet with the available IP address to the client.

Otherwise, drop the packet and stop.
If the packet is a DHCP-REQUEST packet:
If the requested IP address is available:
Send a DHCP-ACK packet with the available IP address to the client.
Bind the client to the IP address.

If the packet is a DHCP-RELEASE packet:
If the client is bound to the IP address:
Unbind the IP address and the client.

If the packet is a DHCP-OFFER or a DHCP-ACK packet, drop the packet.
How DHCP for IPv6 clients process incoming packets

When a DHCP for IPv6 client device receives a packet (flowchart here):

o
The packet is a Solicit message.
The packet is an Advertise message that meets any of the following conditions:
The message does not include a Server Identifier option.
The message does not include a Client Identifier option.
The content of the Client Identifier option does not match the clients DUID.
The transaction-id field does not match the value the client used in its Solicit message.
The packet is a Request message.
The packet is a Reply message that meets any of the following conditions:
The transaction-id field does not match the value used in the original message.

If the packet is an Advertise message, it will do the following actions:
It terminates retransmission of its Solicit message.
It sends a Request message to the DHCP server that the Advertise message was sent from.
If the packet is a Reply message, it gets the prefix and prefix length from the message and combines with its received interfaces local
link address to create an IPv6 address and subnet mask. It also retrieves the gateway IPv6 address from the packet. Then the client sets its
IPv6 address configuration accordingly.
How DHCP for IPv6 servers process incoming packets

When a DHCP for IPv6 server device receives a packet (flowchart here):
It drops the packet if:

The packet is a Solicit message that meets any of the following conditions:

The packet is an Advertise message.
The packet is a Request message that meets any of the following conditions:
The message does not include a Server Identifier option
The content of the Server Identifier option does not match the servers DUID.

The packet is a Reply message.

o
If the packet is a Solicit message, it uses the information in the packet and its server configuration to construct an Advertise message
and sends it back to the client.
If the packet is a Request message, it uses the information in the packet and its prefix pool configuration to construct a Reply message
and sends it back to the client.
How FTP client processes work
File Transfer Protocol (FTP) is a standard network protocol used to exchange and manipulate files over a TCP/IP-based network, such as the
Internet. FTP is built on a client-server architecture and utilizes separate control and data connections between the client and server applications.
FTP uses user-based password authentication and is used for transferring configuration files between Cisco Switches and Routers and also
available as a command in PC device.
When a FTP client receives a packet (flowchart here):
If the packet is not a valid FTP response packet, it drops the packet.
Otherwise, it writes the received information stored in the packet onto the screen.
o
Informs the application that uses FTP whether the response is successful or not.
It then checks to see if any further FTP commands are expected to be sent and sends them out.
How FTP server processes work
The FTP server listens on the TCP port 21 for control connections and awaits FTP commands from the client. FTP can be run in active mode
or passive mode, which control how the data connection is opened.
In active mode the client sends the server the IP address port number that the client will use for the data connection, and the server opens the
connection. Passive mode was devised for use where the client is behind a firewall and unable to accept incoming TCP connections. The server
sends the client an IP address and port number and the client opens the connection to the server. By default passive mode is supported in this
version of PT.
The FTP server is available in Server device and is enabled by default. It can be configured via FTP configuration page for customizing FTP
server behavior.
When a FTP server receives a packet (flowchart here):
If the user is not valid or fails authentication, then it informs the FTP client and terminates the control connection.
If the packet is not a valid FTP packet, it drops the packet.
Otherwise, it checks the packet and:

o
If the FTP command is not supported by the server, an error message is sent back to the client.
If the FTP command is supported by the server, the action is performed and result of the operation is sent back to the client.
The list of supported FTP commands are:
USER
PASS
TYPE
PASV
RETR
STOR
RNFR
RNTO
DELE
QUIT
How TELNET client processes work
TELetype NETwork is a network protocol that utilizes TCP/IP protocol stack to establish a client/server connection. The user starts a
TELNET client process on a PC or a Cisco device using telnet command with server IP address. The TELNET server usually listens on TCP port
23 and awaits client connection requests. A TELNET packet is generated from the client process when a key is pressed.
When a TELNET client receives a packet (flowchart here):
If the packet is not a valid TELNET packet, it drops the packet.
Otherwise, it writes the received information stored in the packet onto the screen.
How TELNET server processes work
TELetype NETwork is a network protocol that utilizes TCP/IP protocol stack to establish a client/server connection. The user starts a
TELNET client process on a PC or a Cisco device using telnet command with server IP address. The TELNET server is started automatically on
a Cisco router or switch. The server listens on TCP port 23 awaiting client connection requests.
When a TELNET server receives a packet (flowchart here):
If the packet is not a valid TELNET packet, it drops the packet.

o
If the information received is part of a command, it sends an echo back to the client.
If the server is able to determine the command entered by the client, it sends the result back to the client.
If the server does not understand the information received, it sends an error message back to the client.
How SSH client processes work
SSH client utilizes TCP/IP protocol stack to establish a client/server connection.

Before a SSH connection could be established between client and server, both need to have an RSA key pairs generated, if the keys are not
generated connection will be refused by the other side.
In order for the Cisco device to generate RSA keys it needs to be configured with hostname and IP domain name.
The user starts a SSH client process on a PC or a router using ssh l (-l is for login) command with the associated clients user name which
is already configured on the SSH server, and IP address of the SSH server. The SSH server, usually listens on TCP port 22, awaits client
connection requests. A SSH packet is generated from the client process when a key is pressed.
When a SSH client receives a packet:
If the packet is not a valid SSH packet, it drops the packet.
Otherwise, it writes the received the information stored in the packet onto the screen.
How SSH server processes work
SSH is a network protocol that utilizes TCP/IP protocol stack and RSA key pairs to establish a secure client/server connection. The user starts
a SSH client process on a PC or a Cisco device using ssh l command with clients associated user name and also the servers IP address. The
SSH server is started automatically on a Cisco router. The server listens on TCP port 22 awaiting client connection requests.
When a SSH server receives a packet:
If the packet is not a valid SSH packet it drops the packet.
If both client and server are not configured with RSA keys the connection will be refused by SSH server.

If the username received in the connection request packet is configured on the server it will prompt the client for the password
Client will be prompted for the correct password up to 3 times. If the password that the client provides is not valid for the third
time it will be disconnected by the server.
If the information received is part of a command, it sends an echo back to the client.
If the server is able to determine the command entered by the client, it sends the result back to the client.
If the server does not understand the information received, it sends an error message back to the client.
How HTTP works (HTTPS works the same as HTTP)

When a client needs to find a webpage from a server:
If the address is empty or starts with anything else other than http protocol, it drops the request since it is not supported in Packet Tracer.
If the address is an IP address or starts with http:// the HTTP client processes it.
The HTTP client first finds the server IP through the server name by parsing the address in the address bar and:
If server name is not found, it tries to resolve the domain name through a DNS query.
If server name is found, it gets the IP address.
The HTTP client constructs a request HTTP segment and connects the server through TCP sockets and starts a timer for its request.
When an HTTP client receives a packet (flowchart here):
If the HTTP message has the HTTP OK code, it fetches the page from the message and displays the message.
Otherwise, the HTTP page displays an error page.
When HTTP server receives a request (flowchart here):
If the HTTP service is enabled, and a TCP connection with the HTTP client is established:
If the HTTP request is an HTTP GET:
If the username and password in the HTTP request are not correct:
The server sends back an unauthorized error message to the client.

If the Request is for an html page:
If the requested page exists on the server, the server creates a response packet and sends back an HTTP reply to the client.
If the requesting page does not exist on the server, the server sends back an error message to the client.
If the Request is for an image:
If the requested image exists on the server, the server creates a response packet and sends back an HTTP reply to the client.
If the requesting page does not exist on the server, the server sends back an error message to the client.
If the HTTP request is an HTTP Post:

o
If the post request is successful, the sever sends an HTTP success reply to the client.
If the post request fails, the server sends an HTTP error reply to the client.
Other message codes are not supported in this version of PT, and the server drops the packet.
How SMTP works

When a client needs to send a mail:
If there is no outgoing mail server configured, it drops the request.
If outgoing mail server name is not found it tries to resolve the domain name through a DNS query.
If outgoing mail server name is found it gets the IP address.
The SMTP client constructs a request SMTP segment and connects the server through TCP sockets and starts a timer for its request.
When an SMTP client receives a packet (flowchart here):
If the SMTP message has the SMTP success codes it indicate that mail has been sent successfully
Else the error message from server is passed to mail browser to display appropriate error message.
When SMTP server receives a request (flowchart here):
If the SMTP service is enabled, and a TCP connection with the SMTP client is established:
If the SMTP request is not for this server:
If sender of mail does not exist on this server:
Send a error message to client
Send user does not exist error message to client

If receiver of mail does not exist on remote server:
Send user does not exist error mail to sender of mail.
If mail belong to this server:
If receiver of mail exist at this server:
Add mail to users account
Else
If sender of this mail has user account on this server:
Add a delivery failure mail to this users account
If Sender of this mail does not have user account on this server:
Send a delivery failure mail to sender of mail
Else ( Mail does not belong to this server)
If the request is forward request and sender does not have user account on this server:
Send a error mail to sender of a mail
Forward mail to receiver's server
How POP3 works

When a client needs to receive a mail:
If there is no incoming mail server configured, it drops the request .
If incoming mail server name is not found it tries to resolve the domain name through a DNS query.
If incoming mail server name is found it gets the IP address The POP3 client constructs a request POP3 segment and connects the server
through TCP sockets and starts a timer for its request.
When an POP3 client receives a packet (flowchart here):
If the Pop3 message has the Pop3 success codes it indicate that mail has been received successfully and mail/mails are displayed in mail
browser
Else the error message from server is passed to mail browser to display appropriate error message.
When POP3 server receives a request (flowchart here):
If the SMTP service is enabled, and a TCP connection with the SMTP client is established:
o
Verify the user
If User Exist:
Fetch the mail/mails from mail server and send to client
Else:
Send user does not exist error message to client
How TFTP servers process incoming packets

When a TFTP server receives a packet (flowchart here):
If the packet is a READ request:

If the file with the requested name exists on the TFTP server:
Start a write session with the client.

If the file with the requested name does not exist on the TFTP server:
Send back a TFTP ERROR packet to the client.
If the packet is a WRITE request:

Start a read session with the client.
If the packet is anything else:

Drop the packet and stop.
How TFTP servers and clients process incoming packets during a session
When a TFTP server or client receives a packet during a session (flowchart here):
If the packet is a READ or WRITE request:

If the packet is a DATA packet:

If the session is a WRITE session or the block number on the packet is not the expecting one:
Save the data on the packet.
Send back an ACK packet.
Increment the block number.
If this is the last packet:
Write data to file.
Stop the TFTP session.
If the packet is an ACK packet:
If the session is a READ session or the block number on the packet is not the expecting one:
If this is not the last packet:
Increment the block number.
Send the next block of data in a DATA packet.

If this is the last packet:
If the packet is an ERROR packet:

o
How an SNMP Manager processes a command from the User

When an SNMP Manager processes a command (flowchart here):
If it is a GET-Request command:
o
The SNMP Manager creates an SNMP GET-Request packet and sends to the destination agent.
If it is a GET-BULK-Request command:
The SNMP Manager checks against the selected SNMP version and only sends out an SNMP GET-BULK-Request packet if the
SNMP version is of version 2 or above.
If it is a SET-Request command:
The SNMP Manager creates an SNMP-SET-Request packet and sends to the destination agent.
How an SNMP Manager processes incoming packets

When an SNMP Manager receives an incoming packet (flowchart here):
It checks if the packet has a correct SNMP header. If it's correct, it goes to the next step. Otherwise, it drops the packet.
It checks if the timeout from the last sent request to this destination has expired. If it's not expired, it goes to the next step. Otherwise, it drops
the packet.
It checks if the SNMP header contains a correct SNMP PDU. If it's correct, it goes to the next step. Otherwise, it drops the packet.
It checks if the SNMP PDU is of the SNMP-GET-Response type. If it's correct, it goes to the next step. Otherwise, it drops the packet.
It checks for the error status of the PDU:

o
If there is an error, it will signal the MIB browser to display the error string. Or the error string can be displayed via the command line.
If there is no error:
It processes the PDU Variable Bindings in the SNMP PDU.
It signals the MIB browser to display the result. Or the result can be displayed via the command line.
How an SNMP Agent processes incoming requests

When an SNMP Agent receives an incoming packet (flowchart here):
It checks if the packet has a correct SNMP header. If it's correct, it goes to the next step. Otherwise, it drops the packet.
It checks if it has configured the same community string as in the received SNMP header. If it has the community string configured, it goes to
the next step. Otherwise, it drops the packet.
It checks if the SNMP header contains a correct SNMP PDU.
From the PDU Variable Binding section in the SNMP PDU, the agent obtains the OID and checks if it has the MIB for this OID.
Based on the type of the request:

o
If it is an SNMP GET-Request, the SNMP Agent obtains the value configured for this OID and sends back an SNMP-GET-Response
packet.
If it is an SNMP GET-BULK-Request, the SNMP Agent obtains the values of all the child OIDs and sends back an SNMP-GETResponse packet.
If it is an SNMP SET-Request, the SNMP Agent checks the type of the value, and if it is correct, it configures the new value to the
device and sends back an SNMP-Get-Response method.
How a Syslog Client works

When a client needs to send a log message to the syslog server (flowchart here):
If logging is disabled, the syslog client does nothing.
If logging is enabled:
o
If the client has syslog servers (1 - N) configured, it constructs a syslog packet and sends the packet to the configured servers (1- N)
over UDP.
Otherwise, the syslog client does nothing.
How a Syslog Server works

When Syslog server receives a packet (flowchart here):
If the Syslog server is enabled:

If the received packet is a valid syslog packet:
Information from packet is extracted and stored in syslog table.

If the received packet is not a valid syslog packet, server drops the packet.
How NTP works

When a client needs to update its time from a server:
If the NTP server address is configured, the NTP client creates and sends a time update request to the NTP server over UPD.
When an NTP server receives a request (flowchart here):
If the received packet is a valid NTP request:

The server updates the NTP request packet with current time and other relevant information and sends it back to client over UDP.
Otherwise, the server drops the packet.
When an NTP client receives a packet (flowchart here):
If the received packet is not a valid packet, the packet is dropped.
If authentication is not enabled at the NTP server, and the NTP client or authentication is not enabled at the client but enabled at the server:
Time is fetched from the packet, and device time is updated with this time.
Else If the authentication is enabled at the client but not enabled at the server:
Server authorization is not there, hence the packet is dropped.
Else (authentication is enabled at the NTP server as well as at the NTP client)
If key & password are not same for both the client and server:
It drops the packet, and clock is unsynchronized.

Else If trusted key is not same for client and server:
It drops the packet, and clock is unsynchronized.

Else If key is a valid key:
Time is fetched from the packet, and device time is updated with this time to make clock synchronized.
How a DNS Client resolves a name to an IP Address

When a domain name resolution process starts, a DNSClient gets the DNS Resolver. The DNS Resolver:
Creates DNS query packet.
Generates a random query id and set it in the packet.
Sets type= A Record.
Sends the DNS query message to the DNS server over UDP.
The response will be received in the DNS Resolver.
How a DNS Resolver handles receiving messages

When a DNS Resolver receives a message (flowchart here):
If the packet received is a valid DNS Response packet , it continues else drops the packet.
It checks if the Query Id matches with the pending requests Query Id:
If yes, it continues.
If not, it drops the packet.
If this DNS Resolver belongs to a DNS Server (which means, this DNS Resolver is used by a DNS Server for sending secondary queries to
servers pointed by the NS records.)
It deletes the corresponding query from the waiting-query-vector.
It checks for the condition if the response code = 0 (which means failure) OR if the number of answer Resource Records =0,
If yes, it adds the query into the failed queries list.
Else, it adds the answer records to the Cache.
The DNS Resolver gets the DNS server to which it belongs to and calls the step - SearchDnsRecursively. (This step: gets the name to
translate and searches the local Database and Cache. If required, it searches other Name Servers as pointed by the NS records. Then it returns
the answers in a result vector.)
If the step SearchDnsRecursively returns failure:
The DNS Resolver creates a DNS Error response packet with,
Response Code=3,
Number of Answers=0,
Then, it sends to the waiting client, through the UDP Process.
Otherwise it continues execution.
If the step SearchDnsRecursivelys result Vector size > 0 (which means, the address resolution is success)
The DNS Resolver creates a DNS Response packet.
Sets response code=0.
Adds all the answer records.
Sets the number of answer records field.
Sends to the waiting client, through the UDP Process.
If this Resolver DOES NOT belong to a DNS Server (which means it is functioning as part of a DNS Client)
If number of answers in the response = 0, the resolver sends an event "name resolution failure" through a callback.
Else if,
The resolved IP is present in the answers, the resolver extracts the IP Addresses.
The resolver sends an event "domain name resolution success" and sends the IP Addresses through a callback.
Else, the resolver sends an event, "name resolution failure" through a callback.
How a DNS server works

When a DNS server receives a message (flowchart here):
If the Service is disabled the server drops the message.
If the Message is an invalid or a non-DNS message ignore it.
Otherwise,
o
o
The server extracts the DNS query.

The server calls the step - SearchDnsRecursively. (This step: gets the name to translate and searches the local Database and Cache. If
required, it searches other Name Servers as pointed by the NS records. Then it returns the answers in a result vector.)
If the step SearchDnsRecursively returns Failure
The DNS Server creates a DNS search failure Message.
It sets Response Code=3,
It sets Number of Answer records= 0,
It sends back to the client.

If the step SearchDnsRecursivelys result Vector size > 0
The DNS Server creates a DNS reply Message.
It Adds all the answer records. (Which contains the resolved IP Addresses)
It checks if the answer record is from the local database and if an SOA record is present in the Database:
If yes, it sets the TTL = minimum TTL Value.
Otherwise, it sets the TTL=default value.

The server then sends the reply to the client.
How the step - SearchDNSRecursively works

(flowchart here):
If the DNS query is in waiting-query-vector,

It returns success and result vector with size=0.
Otherwise
It continues.
It adds the DNS-query to the waiting-query-vector.
It searches the Database and the Cache for the queried name. Find all the matching Resource Records (RRs).
If a matching A-record is found.

It returns success (true) and the result vector, with all matching RRs.
Otherwise
Performs the step - CnameSearchRecursively. (This step tries to resolve the name searching for CNAME records recursively.)
If a matching A-record is found.

It returns success (true) and the result vector, with all matching RRs .
Otherwise
It performs the step - NSSearchRecursively - (This step searches for NS records, and if required sends query to servers pointed by NS
records )
If the step NSSearchRecursively returns false, (i.e., failed to find a related name server).
It gets the next level domain name ie; parent of the name (unless it reduces to null string) and repeats the same process recursively
SearchDnsRecursively
Otherwise
It returns success (true) and result vector of size zero.
How the step - NSSearchRecursively works

(flowchart here):
If the DNS query is in waiting-query-vector,

It returns failure ( false)
Otherwise
It continues.
Adds the DNS-query to the waiting-query-vector.
Searches the Database (DB) and Cache for the queried name. Finds all matching NS - Resource Records (RRs).
If NO matching NS-record is found.
Reduce the name to next level domain name Ie; parent of the domain name and
Perform the step - NSSearchRecursively.
If matching NS-record is found,

It adds the NS record to Answer Records Vector
Iterates through the matching NS records and searches for one which is not in the failed-queries list.
Perform the step - SearchDnsRecursively for the name pointed by the NS Record. (this is for finding out the IP address pointed by the NS
record. This step gets the name-to-translate from NS record. Searches the local Database and Cache and if required searches other Name Servers
as pointed by NS records.)
If the step SearchDnsRecursively returns failure or the result vector size=0,
Returns failure (false) and exits
Otherwise,
If IP is resolved , Get the DNSClient from the owner device. From the DNS client, it sends a new DNS query to the resolved IP (of name
server) with the original query.
it returns success/true
How the step - CNAMESearchRecursively works

(flowchart here):
It searches in the given vector of RRs, for CNAME resource records (RR) matching with the given name.
Lets the result be stored in resultVect.
If No records found in resultVect,

Returns failure (false)
Returns zero size vector as result.
Otherwise
Gets the first record from resultVect and extract the cname.
Lets name-to-translate=cname
Performs the step - SearchDnsRecursively for the name-to-translate. (SearchDnsRecursively: It searches the local Database and Cache, and
if required, it searches other Name Servers as pointed by NS records for the name-to-translate).
If the step SearchDnsRecursively returns failure,

It repeats SearchDnsRecursively for next matching CNAME record in the resultVect until no matching records are left in the resultVect.
If SearchDnsRecursively result Vector size = 0

Returns failure (false).
Returns zero size vector as result.
Iterates through the result vector search for A-record matching the initial query name.
If matching RR found,
Returns success (true).
Returns matching RRs in a vector as the result.
Otherwise,
Returns failure (false).
Returns zero size vector as result
How Radius Clients process incoming packets

When a Radius client receives a packet (flowchart here):
It checks if the received Packet is NOT a valid Radius Packet.

o
If yes, it drops the packet
Otherwise, if the received packet is NOT A response for a pending authentication request.
Otherwise, it extracts the Authentication result.
It checks if the result is Access Accept,

o
If yes, it sends the event authentication success to the user module through call back.
Otherwise
If the result is Access Reject, it sends event-authentication failure to the user module through call back.
Otherwise, it sends the event authentication Error to the user module through call back.
How Radius servers process incoming packets

When a Radius Server receives a packet (flowchart here):
It checks if the radius service is disabled.

o
Otherwise, if the received packet is NOT a valid Radius Packet.
Otherwise, it continues.
The Radius server verifies Client IP-client key matching and client type matching.
o
If any of the above NOT matching, it drops the packet.
Otherwise:
The Radius server extracts UserName and Password.
Authenticates.
Checks if the authentication is success.
If yes, it creates Access Accept packet and sends back to the client.
Otherwise, it creates Access Reject packet and sends back to the client.
How Tacacs Clients process incoming packets

When a Tacacs Client receives a packet (flowchart here):
It checks if the Tacacs service is disabled:

o
Otherwise
If the received packet is NOT a valid Tacacs Packet, it drops the packet.
Otherwise, it continues.
It checks if the TCP connection is NOT in the ESTABLISHED state:

o
Otherwise
If the packet is NOT a proper reply for a pending request, it drops the packet.
Otherwise, it extracts the Tacacs packet type:
If the packet is - user name prompt:
If yes, it sends the event user name prompt to the client module through the call back.
If no, it checks if the packet is - Password prompt

It sends the event password prompt to the client module through the call back.
If the packet is Authentication Result
If it is authentication Success, it sends the event Authentication Success to the client module through the call
back.
Otherwise, it sends the event Authentication Failure to the client module through the call back.
How Tacacs servers process incoming packets

When a Tacacs Server receives a packet (flowchart here):
It checks if the Tacacs service is disabled

o
Otherwise
If the received packet is NOT a valid Tacacs Packet, it drops the packet.
Otherwise
If Client IP-client key not matching or client type does not match:
The Tacacs server creates an Authentication Reject Packet and sends back to the Client.
If the packet contains - request for user name prompt
It gets the UserName Prompt.
It creates the Reply packet and sends back to the client.
If the packet contains - request for Password prompt
It gets Password Prompt .
It creates the reply packet and sends back to the client.
If the packet contains - user name, it stores the UserName.
If the packet contains - password, it authenticates the username and password:
If Authentication Success, it creates Authentication Accept Packet and sends back to the Client.
Otherwise, it creates Authentication Reject Packet and sends back to the Client.
How VoIP registration works

When IP phone connected to a configured CME is powered on (flowchart here):
Initiates a dhcp request

IP phone receives an ip address. Check if tftp is enabled by default or manually entered. If tftp is not configured
Ip phone will not register. It will retry in 10 seconds.
Else if tftp is configured
Start connecting to server/CME. If connection is not successful,
Will retry in 10 seconds.
Else
Send registration request to server
Server checks if the MAC is permitted. If NOT permitted,
Server throws a phone rejected log message
Phone will retry in 10 seconds

Else
Check if CME has a line number available for this phone. If NOT,
Registration is failed. Close connection
Will retry in 10 seconds

Else
Returns line number and registration ACK to the client/phone.
Registration successful.
How local call works in VoIP

When IP phone lifts handset and start dialing number, :
Router receives the number
Checks in the local directory to find the number. If NOT found,

Send back Unknown number to the client/phone.
Else if called number is in another call,

Send back busy to the client/caller.
Else
o
Send Sccp Ringermessage to the destination phone.
Destination phone starts ringing.
Also send Ringout to the caller phone.
When destination phone picks up handset,
Create an RTP port.
Sends openReceiveChannelAck to the CME with the udp port.
Caller phone creates udp port and sends openReceiveChannelAck to the CME with this udp port.
Both phones now start media transmission.
How remote call works in VoIP

When IP phone lifts handset and start dialing number, (flowchart here):
Router receives the number.
Sccp session is updated with callstate and incoming/outgoing number
If dial-peer finds target router for the number,

o
Create an RTP port.
Send H.323 setup message with RTP port to the target router.
Target router looks up local directory for the dialed number. If NOT found,
Send back unknown number to the client/phone.

Else if target phone is in another call,
Send back a busy to the source phone.
Do a release complete of the connection
Else
Create RTP port. Send Ringin to the client/phone.
Send back H.323 callProceeding to the source router/CME with the RTP port created.
Creates a call information with caller/callee number.
Call is answered by lifting handset.
Sends a connect H.323 message to the source router.
Target phone create another udp port and sends openReceiveChannelAck to the CME with the udp port.
Source router send openReceiveChannel SCCP message to the caller phone.
Caller phone creates udp port and sends openReceiveChannelAck to the CME with this udp port.
Both phones now start media transmission.
Else if doesnt find target router

o
Send back unknown number to the client/phone.
Other Models
How routers process incoming packets (NAT process)
When a router receives a packet:
It checks if the receiving port is a NAT outside port.

If so:
It checks to determine whether the packet is UDP, TCP or ICMP to get the packet's source and destination port.
It refers to the NAT table (using the global addresses) for the necessary translation.
If it finds a match for the packet (a translation exists):
It replaces the inside address and port with the local version.
It translates the destination IP address and port
If the receiving port is not a NAT outside port, or if it is a NAT outside port but the requested IP address is not in the NAT table:
The router checks to see if there is a route to the destination IP.
There is no route.
It finds a route, but the outgoing port of that route entry is the same as the receiving port.
If there is a route, it sends a reply with the receiving port's MAC address.
How routers process outgoing packets (NAT process)

When a router wants to send a packet out a port:
It checks if the outgoing port is a NAT inside port.

If so:
It looks up its NAT table for the necessary translations.
It captures the packet's source and destination ports and sets a timer for the packet (depending on the packet's encapsulation
type).
For a TCP packet the timer is 24 hours.
For a UDP packet the timer is 5 minutes.
For an ICMP packet the timer is 1 minute.

It looks up the NAT table
There is no route.
How routers process incoming packets in the NATv6 process

When a router receives a packet (flowchart here):
It checks if the packet is received from v4 lower process or v6 lower process.
If so:
Check if the prefix address is valid.
If the destination is in the valid network:

o
It checks to determine whether the packet is UDP, TCP or ICMPv6/ICMPv4 to get the packet's source and destination port.
It refers to the NAT table (using the inside global addresses) for the necessary translation.
If it finds a match for the packet (a translation exists):
It replaces the inside global address and port with the local version.
Then it translates the destination IP address and port.
If a valid NAT entry is found in the table, form a new IP header IPv6 or IPv4 depending on which higher process the packet
has to be sent.
If the requested IP address is not in the NAT table:

o
The packet is sent to the corresponding higher process from where it was received.
There is no route.
How routers process outgoing packets in the NATv6 process

When a router wants to send a packet out a port (flowchart here):
It checks if the packet is send from v4 higher process or v6 higher process.
If packet is from higher process of v4 stack:

o
Send it to the lower process of v4 stack.

If packet is from higher process of v6 stack:
Send it to the lower process of v6 stack.
How devices use ARP to send IP packets

When a device sends an IP packet (flowchart here):
If the destination IP is a broadcast, it sets the packet's destination MAC address to the broadcast MAC address and sends the packet out.
If the destination IP is a multicast, it sets the packet's destination MAC address to the multicast MAC address and sends the packet out.
If the destination IP is a unicast, it looks up the ARP table to see if the destination IP matches an entry's IP address in the ARP table.
If a match exists, it:
Sets the packet's destination MAC address to the entry's MAC address.
Sends out the IP packet.

If a match does not exist, it:
Drops the IP packet.
Sends an ARP request out.
Adds that request to the list of ARP requests.
Sets and starts the timer for it as it waits for an ARP reply.
How devices send ARP requests

When a device wants to send an ARP request (flowchart here):
It will NOT send the request if (any):
The sending port is down.
The sending port does not have a valid IP address.
A request for the same IP address is already sent.
If none of the above is true, it proceeds with the ARP request. It:
o
Constructs an ARP request for the IP address in question.
Sets the destination MAC address to the broadcast address.
Adds the request to the list of existing requests.
Sets and starts a timer for this request.
Sends the request.
Waits for an ARP reply.
Drops the request from the list if time expires.
How devices process incoming ARP packets

When a device receives an ARP packet (flowchart here):

o
The receiving port is not up.
The device is a switch and an active VLAN interface is not up.
The packet's source IP is not in the same subnet as the receiving port's subnet.
If the above is not true, it proceeds to process the packet:
It checks to see if the packet is an ARP request or an ARP reply.
If the packet is an ARP request, it checks to see if the packet's destination IP matches the receiving port's IP address.
If they match, the device sends a reply with the receiving port's MAC address.
If they do not match:
If the device is not a router, it drops the packet.
If the device is a router, refer to "How routers process ARP requests."

If the packet is an ARP reply, the device checks if it submitted a request for the IP address found in the reply.
It drops the packet if there is no such request in the list.
If the packet is in the ARP request list:
The device now removes the request from the list.
If the ARP table does not contain an entry with the IP and MAC addresses found in the packet, it will make a new entry
with those addresses.
If the ARP table already contains an entry with the IP and MAC addresses found in the packet, it just resets that entries'
timer. That entry will be removed from the table when its timer expires.
How routers process ARP requests

When a router receives an ARP packet (continuing from "How devices process incoming ARP packets"):
It checks the NAT status on the receiving port.

If the receiving port is a NAT outside port, the router checks the NAT table for the packet's destination IP.
If the requested IP address is in the NAT table, the router sends a reply with the receiving port's MAC address.
There is no route.
How an ACL works

ACL for IPv4 and IPv6 works the same way except the input of different versions of IP addresses.
When a router receives a packet on an interface:
ACL checks for inbound ACL and if inbound ACL is configured on the interface:
o
If the inbound ACL is empty, it permits the packet.
If the inbound ACL contains statements:

If the packet matches the criteria of any of the statements and:
If the statement permits the packet, it passes the ACL process.
If the statement denies the packet it drops the packet.

If there is no match in the list ACL drops the packet by default.
When a router sends a packet on an interface:
ACL checks for outbound ACL and if outbound ACL is configured on the interface:
If the packet is generated locally, it permits the packet.
If the outbound ACL is empty, it permits the packet.
If the outbound ACL contains statements:

If the packet matches the criteria of any of the statements and:
If the statement permits the packet, the packet passes the ACL process.
If the statement denies the packet, it drops the packet.

If there is no match in the list, the ACL drops the packet by default.
Activity Wizard
The Activity Wizard is an assessment tool that allows you to create highly specific networking scenarios for other users. You can simply create
activities with instructions, an initial network, and an answer network. User can also create more dynamic activities with the Variable Manager and
design them using Evidence Centered Design methodologies using the Scoring Model.
This tool is particularly useful for instructors creating activities for students to complete. When students start an activity, they are presented with an
initial network and a set of instructions. Students follow the instructions to complete the activity, and then they can check their finished network with
the instructor's answer network. Instructors have full control over all aspects of the activity. The typical sequence for creating an activity is as
follows:
1. Create the answer network and set the assessment items, connectivity tests, and overall feedback.
2. Create the initial network, which will be the students' starting point. Typically, this network is similar to the finished answer network but with
specific features missing, devices with missing configurations and/or devices with misconfigured features. Alternatively, a blank initial
network may also be used.
3. Optionally, put constraints on the students' ability to use certain features during the activity.
4. Optionally, set up the Variable Manager to add dynamism to the activity.
5. Optionally, use the Scoring Model and Scripting engine in place of the assessment tree to create complex scoring rules for the grading of
activities.
6. Write a clear set of instructions for the activity.
7. Password-protect the activity to prevent unauthorized changes to activity parameters.
8. Save the activity.
Before opening the Activity Wizard, be sure to save your work on the workspace. Packet Tracer will clear the workspace when closing the Activity
Wizard.
You can access the Activity Wizard from the Extension menu. When you do so, you have the option to use the existing workspace as the answer
network.
A welcome screen that explains the basic steps to create an activity (similar to this page) will appear. You can then click on any of the pages in the
Activity Menu (on the left) to edit the various aspects of the activity.
After going through the various panels to create the activity, select Save from the Activity Menu to save the activity. Packet Tracer activity are saved
in the .pka file format.
Choose Exit from the Activity Menu to exit the Activity Wizard. Note that the workspace will be cleared after you exit, so remember to save your
files.
Instructions
The student instructions for the activity are entered in the Instructions panel. When students open the activity file, the instructions will appear in a
separate window that remains visible. The instructions should explain clearly the objectives for the activity. If tight restrictions are set for the activity,
you should also mention the intended methods to accomplish the objectives so as not to confuse students with locked out functions. You can use the
following supported HTML tags to format the instructions:
address
big
blockquote
body
br
center
cite
code
dd
dfn
div
dl
dt
em
font
h1
h2
h3
h4
h5
h6
head
hr
html
img
kbd
meta
li
nobr
ol
pre
qt
samp
small
span
strong
sub
sup
table
tbody
td
tfoot
th
thead
title
tr
tt
ul
var
However, note that if you do decide to use HTML tags, you must manually format every aspect of the text, including line breaks and paragraph tags.
Alternatively, you are able to import instructions from *.htm files using Import Page or Import All. Likewise, you can also export the instructions to
*.htm files by using Export Page or Export All. Use the Preview as HTML button to see how the text would look with HTML formatting applied.
If you do not use any HTML tags in the instructions, the text you type into the panel is exactly what students see. Additionally, you may separate the
instructions into multiple pages to reduce clutter or to divide contents within the activity.
The instructions in the screenshot tells the student to configure PPP. Depending on the assessment parameters, you may also need to specify such
details as exactly which port to connect to which device, the name of each device, and so on.
Answer Network
In the Answer Network panel, you construct the answer network, and mark the elements of the network on which you want to assess the students.
Click on the Show Answer Network button to view the workspace for the answer network. If you chose to convert the existing workspace to the
answer network when you first entered the Activity Wizard, that network will already be in place, and you may further edit it here. If you did not do
the conversion, you will have a blank workspace from which to work. Another option is to import an existing .pkt file and use it as the answer
network using the Import File to Answer Network button. After you have completed the answer network, you can export it (saving it as another .pkt
file) using the Export Answer Network to File button. Note: any changes to an imported .pkt file will be lost upon exiting the Activity Wizard
unless you export the answer network to file.
Setting the Assessment Items
An assessment item is a feature in the student configuration that must match the configuration of that feature in the answer network. Choose the
assessment options by checking items in the expandable tree. You can check specific features or entire categories. For example, you can check just
the IP address of a port of a particular router, or click on the Ports category to check all settings of all ports on the router. A regular check indicates a
specific feature or an entire category is assessed. A gray checkbox indicates that only some of the features in the category are assessed. In general, it
is better to check specific features rather than checking entire categories. Take care to uncheck irrelevant items that are not being tested. Carefully
setting up the assessment tree avoids frustrating students who essentially complete an activity but whose work had a few insignificant differences
with the answer network. With this system, the student solution may be different from the instructor answer network, but it still can be correct as long
as the assessed features match.
For convenience, you can show only certain components in the tree by using the View Filter. For example, entering the keyword "Ip" will hide
assessment items that are not under the "Ip" component. Also, checking Show Checked Only will only show assessment items that are checked. By
Expand/Collapse All button the Assessment Items tree gets expanded or collapsed. You can also Add Shape Test as assessment items.
Additionally, you can manually set the amount of points a particular assessment item is worth and categorize which component(s) the assessment
item belongs to. Also, you can set per-assessment item feedbacks, which provide hints to students if their assessed item is incorrect. The perassessment item feedback is displayed in the Assessment Items tab in the Check Results for incorrect assessment items only.
Connectivity Tests
Connectivity Testing is another method of assessment. Unlike the assessment items, which look up the student's network configuration and compare
it to the answer network configuration, connectivity testing is based on Realtime PDUs that are sent when the user clicks Check Results.
Connectivity Testing allows the activity to be graded based on network functionality and performance rather than matching of static configuration
parameters. The types of connectivity testing supported are the types of User Created PDUs contained in the first scenario of the answer network. For
each PDU, you may set the Test Condition to Do Not Test, Successful, or Fail.
Overall Feedback
The Overall Feedback allows you to set custom feedback messages for completed and incomplete activities. The Completed Feedback message is
shown when the activity is 100% complete. Otherwise, the Incomplete Feedback message is shown. There is also support for a subset of HTML
tags, as with the Instructions.
Settings
In the Settings tab, you may time the activity (keeping track of the elapsed time as students work on the activity with the Time Elapsed option) or
set a time limit (with the Countdown option).
You may also set Feedback Settings which will assess the user network against the assessment tree every few seconds. Enabling Dynamic
percentage feedback will assess the user network against the assessment tree every few seconds. Connectivity tests will not be assessed. Note that
large activities may degrade system performance. You have these options for dynamic feedback: No Dynamic Feedback, Show Score, Show Item
Count Percentage, Show Item Count and Show Score Percentage.
To prevent students from changing their user profile during an activity, you may enable User Profile Locking. If an attempt to change the user
profile is made while an activity is running, a dialog will appear warning that the activity will reset if the user information is changed. Optionally, you
may set the amount of time (in ms) to forward the answer network using the Answer Network Convergence option. A typical use case of Answer
Network Convergence is when you check the activity results after loading an activity, the results may show that the activity is incomplete as the
answer network has not converged in time. By setting an arbitrary time to forward the answer network, this issue would be resolved.
Initial Network
In the Initial Network panel, you set the network from which the user will start the activity. One option for setting up the initial network is to simply
copy from the answer network and edit parts of it. Do this by pressing the Copy from Answer Network button. Another option is to import a file
using the Import File to Init Network button and to edit that file. After creating the initial network, you can export it using the Export Init
Network to File button.
Using the Locking Tree

The tree in this mode is used to lock out functions to which you do not wish the student to have access. For example, you can prevent the student
from switching to the Physical Workspace (under the Interface branch). The restrictions can be much more specific, such as preventing changes to
the interface type on a specific port on a specific device (under the Topology > Existing Devices branch). Be careful about what functions you lock
because certain restrictions may prevent the student from finishing the activity.
The first screenshot above shows some appropriate items that should be locked for our simple example. This configuration takes away the student's
ability to use Simulation Mode features. Without Simulation Mode, the student has to use the command prompt on a PC to send pings and
troubleshoot.
Initial Network Setup

By default, an activity will use the values defined in the Initial Network. The tree in the Initial Network Setup tab allows you to define alternative
initial values for some items. For example, a server may have the default gateway set to 192.168.1.1 in the Initial Network. However, as shown in the
screenshot below, by selecting the Default Gateway item for the server in the Initial Network Setup tree and then changing the value to 192.168.4.1,
the server would have the default gateway set to 192.168.4.1 instead of 192.168.1.1.
Object Locations
You can create some sets of location for devices on answer network. For this purpose create a set of logical workspace object locations. Then click on
Append Current Locations to create a location set. You can create multiple location sets and append them to this list.
To overwrite, load or delete that location set, input a number into the Edit Set text field. Enter a value in the Index Variable text field to use a
variable to determine the device location set to choose from when an activity starts or rests. If you leave the field blank, a random one will be
selected when the activity starts.
Password
The Password panel allows you to set a password for the Activity Wizard features of the activity file. If no password is set, anyone who opens the
activity file can access the Activity Wizard and edit its parameters. The password system protects the author's exclusive ability to modify an activity.
Note that the password is case sensitive.
Testing/Checking the Activity (Previewing)
When you choose the Test Activity tab from the Activity Menu, you can do a trial run of the activity you created from the beginning of the activity.
This allows you as the author to see the activity from a student's point of view (see Running Activities). Meanwhile, the Check Activity tab will
allow you to test the activity without restarting from the beginning. This will give you a chance return to the Activity Wizard and fine tune the
activity before you finally save it. Return to the Activity Wizard at any time by clicking the icon on the lower left corner of the workspace.
Running Activity Files
You start an activity by opening a saved activity (.pka) file. You will first see the Instructions window telling you how to complete the activity. You
can reposition or minimize this window to the Windows taskbar as you work on the activity. The Instructions window will also provide you a
Dynamic Percentage Feedback next to the word Completion on how far you are in the activity, which is updated every 3 seconds. Optionally, the
activity may display a timer, which is either the amount of time that has elapsed since the start of the activity or the amount of time left to complete
the activity. The Instructions window also contains several buttons: Top, Check Results, Reset Activity and < >. Turning on the Top option will
cause the Instruction window to stay on top at all times. Use the Check Results button to see your progress in completing the activity. Use the Reset
Activity button to return to the activity's initial settings and start over. Use the < > buttons to go forward or back a page in multiple-paged
instructions.
As a user (not the author of the activity), you can use the File > Save (or Save As )
command to save your current progress in the activity and finish the activity later from
where you left off. It is preferable to save it as a new file so you do not overwrite the
original activity file. When you re-open the file later on, you can still use the Reset
Activity button to restart from the initial network.
Overall Feedback
The Completed Feedback message is shown when the activity is 100% complete. Otherwise, the Incomplete Feedback message is shown.
Assessment Items
The screenshot below displays the results for the Assessment Items. For each Assessment Item, a message will display if it is Correct or Incorrect,
which depends on the answer network. An activity is fully completed when there are green checks on all components. A white check indicates that a
category is only partially complete. A red x indicates that an assessment item is missing or incorrect. The number of points the assessment item is
worth and the component(s) the assessment item belongs to are also shown as well. In this particular screenshot, it shows that the activity was nearly
completed, with only a few items incorrect. Also, per-assessment item feedback messages may be shown for incorrect items.
Connectivity Tests
The screenshot below shows the Connectivity Test results which are compared to the connectivity test conditions of the answer network.
Variable Manager
The Variable Manager provides the ability for an activity author to add dynamic capabilities into an activity. These capabilities allow an author to
create activities that change each time they are loaded or reset. This capability is enabled by creating pools of values and then creating variables
which use the pool values to enable dynamic capabilities. The variables allow you to change many aspects of an activity, including but not limited
too, Device names, IP addressing, Routing statements, DHCP and DNS records.
There are four types of variables that can be created in the Variable Manager and they are Seeds, Number, Strings and IP Addresses. With the
exception of the Seeds, the variables are created using a combination of a resource pool and an associated variable. Each type tab has a place to enter
both the pool and the variable information. The seeds tab, due to the simplicity of the type combine both parts into one operation.
You can set variables to select values in one of 4 ways. From drop-down menu if you select Random then the value will be selected randomly from
any values in the pool. By selecting Element Position the value will be an integer that selects the same position from the pool each time. Seed refers
to a position defined by a Seed variable in the Seed tab. This is a method for allowing the same position to be used in multiple variable selections.
Entire Range is a variable used in the Activity Wizard answer network to accept any input as correct as long as it is contained in the associated
pool. The typical sequence for creating a variable is:
1. Fill in the variable Name
2. Select the associated Pool Name (the pool must be already created to show in the dropdown list)
3. Specify the Variable Type (dropdown: Random, Element Position, Seed, Entire Range)
4. Specify the Value (if Element Position is selected a number within the range of values is specified, if seed is selected a seed name is entered
for the value)
An important setting to notice is the Show Variable Manager Interface at the bottom of the screen. By checking this checkbox you can set or assign
variables in the Instructions text, Assessment Items, and Initial Items. You can add all of the variables created by clicking on the Arrow (<--) next
to the variable name. In the Instructions panel, place the cursor where you want the variable to be placed at and then click on the Insert "<--" button
in the Variable Manager Interface. In the Assessment Items and Initial Items, only the items marked with a green dot can be assigned a variable.
To remove an assignment of the variable, select the appropriate variable and hit Delete on the keyboard.
Seeds
Seed values should be thought of as Index values for selecting other data variables, while not required. Make sure the pool range in greater or equal
to the Seed range of values. Valid Seed range is from 0 to 2,147,483,647. A seed should be a positive value, although negative values are legal,
otherwise using them as indexes in other variable pools and variables can cause unpredictable results.
To add Seeds you should fill in the required fields like Name, Minimum (usually "0") and Maximum Values by clicking on each cell of table and
typing in. The maximum value should match the total number of pool entries that the seed is used to select. If left blank, both values are set to zero
(0), so the first value in any pool is always selected.
Inserting the Test Value is optional and will specify the value to be used for the seed. This overrides random selection and is only used during Test
Activity mode. If a value is specified in the Test Value cell, it is used during any subsequent testing or running of the activity, until the value in the
cell is deleted or changed. To test all combinations simply increment the value in the Test Value cell until you have reached the value specified in the
Maximum cell.
For Edit entire rows just like Adding new Seed you can double-click in the cell and change the value and to Remove click anywhere in the row to be
deleted and press the Delete key. So to delete a value in the Variable Manager tables you must select and highlight the value, then delete. Do not just
click in the cell of the value you want to delete, because if you press delete after just selecting the cell and not the actual value, you will delete the
entire row in the table.
Seed values can be placed anywhere in Packet Tracer that a variable is accepted, in the Initial Network, the Answer Network, the Instructions, as
well as Device names and Notes on the workspace. The format for using a seed is the same as for any variable, using two braces to open and close
with the seed name in between the braces like this [[Index1]]. This is the same format that is used when Seeds are used in other pools or variables
setup. The value that is selected from the seed range will be displayed or used in other variable selections.
Number
Number Values enable the ability to add dynamic numbers into a PT scenario. These are often used like the graphic shows, creating a range of
numbers that can be concatenated and used as IP addresses. An example of how that would be done would be to use the four variables created like
this [[Oct1]]. [[Oct2]]. [[Oct3]]. [[Oct4]].
Numeric variables may be used in String and IP address pools using the [[Variable]] format after they have been created on the Number page.
Number Pools:
To Add Number Pools: fill in the required Name, Minimum and Maximum Values. You can edit entire rows of Number Pools by double-click on
the cell and change the value and for removing click anywhere in the row to be deleted and press the Delete key. Valid numbers range is positive and
negative integer. But remember to not use negative numbers as selection or index variables. Both of these values are required or the entry will not
remain in the table. Seed variables can also be substituted for integers by using this format: [[variablename]].
To Edit a Pool: just click in the cell and type a new value or new name.
To Remove a Pool value: Highlight the contents of any cell in the row and press the "Delete" Key, it you just click on the cell and delete the entire
row will be deleted and any associated number variables will be deleted also.
To Remove a Pool (an entire row in the table): click on a cell in the row and press delete. The entire row will be deleted and any number variables
using this Pool Name will be deleted also.
Number Variables:
After the number Pool has been created a variable can be created to use with the pool by entering a Variable Name, selecting a Pool Name from the
dropdown list, and then specifying a Value Type from its dropdown list. The four choices are:
Random: Select any value from the pool choices Element Position: Will select the Pool value as the specified position for the variable Seed: Will
select the Pool value specified by the resolved Seed variable value Entire Range: Used in the Answer Network, any value entered into the AW
Answer Tree that is included in the Pool will be considered correct.
If Element Position or Seed is specified, the associated integer value or Seed name must be entered in the Value cell. In the graphic above the Oct1
variable would resolve to a value of between 198 to 210 inclusive, based on the table and variable values. You can double-click in the cell and change
the value or reselect the dropdowns values. Clicking anywhere in the row and press the Delete key will cause the cell be deleted.
Strings
String Pools can be used to create different names for devices in the Packet Tracer activity, or again like Seeds and Numbers anywhere a variable
can be used. Text variables can also be used in the instructions area to change the scenario text. Since Packet Tracer initially converts every to strings,
text strings can also be used for IP addresses like the IP octet pool shows.
String variables may be used in IP Address Pools, using the [[Variable]] format.
String Pool:
To Add a Pool: Fill in the required Name and Text Field. The Text field can contain text, numbers, Seeds and Number Variable data, separated by
semi-colons. Seed and Number variables can be substituted for text data using [[variablename]].
To Edit a Pool: Select and highlight the text to be change and type over it.
To Remove a Pool value: Select and highlight the text, then press the "Delete" Key,
To Remove a Pool (an entire row in the table): click on a cell in the row and press delete. The entire row will be deleted and any number variables
using this Pool Name will be deleted also.
String Variables:
You can also add String Variables by filling in the required Name, Pool Name and Value type field. If Value Type is Element Position, an integer
value or Number Variable is specified in the value field. In case of Value Type is Seed, a Seed variable name is used in the Value field. See also
Number Variables.
IP Addresses
IP address pools allow for dynamic addressing schemes in Packet Tracer, they also allow for dynamic configurations in the initial network including
DNS and DHCP records. They also allow for multiple correct answers, for example in addressing schemes, when used in the answer network.
IP Address Pool:
To Add a pool: Fill in the required Name, Network Address, and Mask Values. The First and Last IP Address fields will automatically filled in
based on the Network and Mask fields, although they can be manually changed to the specific range of addresses needed. Seed, Number, and String
variables can be substituted for address data using [[variablename]].
To Edit a Pool: Double-Click in the cell and change the value. The First and Last IP Address fields can be edited to specify a smaller range of
addresses that is set by default.
To Remove: Click anywhere in the row to be deleted and press the Delete key
IP Address Variables:
To Add IP Address Variable fill in the required Name, Pool Name and Value type fields. If Value Type is Element Position, an integer value or
Numeric Variable is specified in the value field. If Value Type is Seed, a Seed variable name is used in the Value field. Editing and removing any
rows is just like IP Address Pool. See also Number variables.
Using Regular Expressions

An alternative to using the conventional variables in the Variable Manager is to use regular expressions to check dynamic assessment items like
default gateway or IP addresses. Instead of assigning a variable in the assessment items tree to an assessment item as described in the previous
section, you may insert a regular expression. The syntax to use a regular expression in Activity Wizard is {{RegEx:expression}}. For example, the
following is a valid regular expression to check if an IP address is in the 192.168.1.0 network:
{{RegEx:\b(192?)\.(168?)\.(1?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b}}
You would then insert the regular expression in replacement of a variable in assessment items tree by selecting the assessment item (e.g. IP Address)
and clicking once more on the current value of the assessment item (e.g. 0.0.0.0) such that field would becomes editable. Once the field is editable,
you can type in the regular expression and pressing Enter after you are done.
For more help with regular expressions, visit the Qt QRegExp documentation here:
http://qt-project.org/doc/qt-4.8/qregexp.html
Scoring Model/Scripting
The Scoring Model is an Evidence Centered Design process by which to assess work products through the application of scoring rules and textual
feedback. The Scoring Model is used to create complex rules for the grading of activities. When using the new Scoring Model, it is possible to
display customized feedback for every work product in the assessment tree (both positive and negative feedback) as well as overall and partial
feedback. It is not even necessary to link the feedback text to a work product if the purpose is to provide a simple message to the user.
The Scripting engine is a component of Packet Tracer that was designed to allow greater flexibility in creating scoring rules for Packet Tracer
activities that use the new Scoring Model. The Scripting engine is what allows this complex scoring model to exist. Each item created in the Scoring
Model exists as an object in the Scripting engine so that it can be accessed by any expression/scoring rule that the user creates.
An example of where the Scoring Model and Scripting engine would be beneficial is when an instructor wants to display a message to the user
indicating that the IP addressing is mostly correct, but not completely correct and not totally incorrect. This may happen when there are several
devices on the stage and one or two of the three are correctly addressed, but the third is not. Using the new Scoring Model, it is possible to provide
this sort of feedback based on the combination of multiple work products. The major benefit here is the ease of customization in complex scoring
scenarios, as well as a model that more closely aligns with the Evidence Centered Design process.
Scoring Model Interface

The Scoring Model tab allows you to define individual Work Product Features along with corresponding Scoring Rules. For each section, there
are buttons to Add, Remove, Edit, and Move the work product features and scoring rules. Refer to the "Example" & "Terms" sections below for
further explanation and terminology.
Scripting Interface
Packet Tracer comes bundled with four important scripts written in JavaScript. EventManager.js stores custom event handlers for Core Events.
ProficiencyModel.js stores and evaluates the Scoring Model. ScoringModel.js holds the data classes for the Scoring Model. Main.js is the main
function called from the core, where subsequent communication from the core is processed via Events. By default, Main.js supports the Scoring
Model by adding events for saving, loading, evaluating, and reporting for the Proficiency Model.
In the Scripting tab, you can add, remove, edit, rename, import, and export scripts including the four core scripts described above. Optionally, you
can click on the debug button to reveal a debug window, which can assist you in scripting.
In most use cases, you will not need to edit the four core scripts. However, should you have any reason to edit these scripts, each script is fully
editable and removable per activity file. If you edited or removed any of the four core scripts and you want to restore them, go to Info tab and select
PT 5.2 Activity from the template list to bring back the scripts to their original configurations.
In the screenshot below, an XML file called PROFICIENCY_MODEL is also in the list. Refer to the "Example" & "Terms" sections below for
further explanation and terminology.
Scripts defined in Activity Wizard are per activity file and not per instance of Packet
Tracer. Included scripts can be extended or removed per activity file.
Example
An instructor wants to test that students know how to properly power on three devices in a network. However, the instructor wants to provide positive
feedback if all devices are turned on, and a single negative feedback if at least one of the devices is not powered. This particular style of feedback
doesnt fit the standard Packet Tracer model of scoring and feedback so it is necessary to use the Scoring Model.
The instructor starts by placing three devices on the stage, Router0, Router1, and Router2. The Activity Wizard is then started and the existing
network is to be used as the answer network.
In the Answer Network page, the instructor will select the Scoring Model tab instead of using the Assessment Tree tab. Here, the instructor will need
to make a work product feature for each item that is to be retrieved from the users network. Since the activity is to test the power status of three
devices, three work product features will be needed. For simplicity, the items created will be named r0power, r1power, and r2power.
To create one of these work product features, the instructor clicks the + button under the Work Product Features section. In the dialog that pops up,
the name "r0power" is entered into the Name field. The Description is optional and left blank. For the expression, the instructor must use the help in
the nodes box at the bottom to find the proper path to the network setting that is to be checked. By default, the search starts in the "Network" and
moves into devices from there. Clicking after the string "Network:", the instructor then types any character to see the updated available nodes.
Noticing that Router0 is available, the phrase is completed to form "Network:Router0:". Once the final colon is entered, the list of options inside
Router0 is shown. Since, the purpose is to test the power, the final phrase is "Network:Router0:Power". The instructor would then create a work
product feature for each of Router1 and Router2 as well.
Now that the work product features are created, the instructor needs to compose the tests for each of the work product features. This is done using the
Scoring Rules section beneath that. According to Evidenced Centered Designed process, each work product feature must be assessed by applying a
scoring rule to it, which creates a Primary Observable. Previously, the work product features just defined the items we were interested in. Primary
observables take those interesting pieces of information and test them against some rule or expression. In this case, the instructor needs to determine
if the devices are powered, which is to say that our work product features have the value '1'. To make naming simple, the primary observables are to
be called r0poweron, r1poweron, and r2poweron.
To do this, the instructor clicks the + button under the Scoring Rules section, and selects Primary Observable from the Type drop-down list. In the
Name field, "r0poweron" is entered. The Description again is optional so is not entered. Next is the expression. This is a JavaScript string that will
be used to test the value of the work product feature. The template contains a portion for the condition, a true value, and a false value. The
evaluation of this expression is directly assigned to the value of the primary observable created. For this instance, the instructor wants to assign the
value 1 if the test is true and the value 0 if the test is false (it could also be assigned text strings, other numbers, scores, or other valid script
commands as well). The condition part of the expression is to test to see that our work product feature r0power has the value '1'. Erasing the
condition part of the template, it is replaced with "r0power == '1'". This directly compares the work product feature r0power against the string value
of '1'. Since the instructor wants to assign the number 1 when true, and 0 when false, each of those portions is replaced with 1 and 0 respectively. This
produces the final expression of "( r0power == 1 ) ? 1 : 0;". This JavaScript command will assign the value 1 to r0poweron when the work product
feature r0power is equal to '1', and the value 0 for everything else. The instructor then repeats the process for the other two primary observables.
Next, the instructor needs to create an indicator for all three devices. This particular type of observable is called a Compound Observable since it
will be combining multiple primary observables in some manner into a single value. This value could be a score, or just another indicator of
correctness. To keep things simple, the instructor has decided to create it as an indicator which will take on the value 1 if all three devices are turned
on and 0 if at least one of the devices is off. The observable will be named "allpower".
To create this observable, the instructor again clicks the + button underneath Scoring Rules, but this time selects Compound Observable in the Type
drop-down list. In the Name field, "allpower" is entered and the Description is left blank. Like the primary observable, the same template applies to
compound observables. Here, the instructor needs to test that all three primary observables have the value 1 and assign the compound the value 1 if
they do, or 0 if they do not. One way the instructor can do this is to add up the values of all three primary observables and determine if the value is 3.
If it is, then all devices are powered on. If it is less than 3, at least one device is unpowered. The expression the instructor enters is the following
"( r0poweron + r1poweron + r2poweron == 3 ) ? 1 : 0;".
Lastly, the instructor wants to display some feedback. Since Packet Tracer has only one text to display feedback in it is necessary to place the entire
string into the unique Reporting Variable called OVERALL_REPORT. If all devices are powered on, the feedback should be "You have powered
all devices." If at least one device is unpowered the feedback should read "X devices are unpowered. Please fix the error and try again." The value X
should be the number of devices that are incorrectly powered.
Again, the instructor clicks the + under the Scoring Rules section and creates a Reporting Variable this time. In the Name field, the special name
"OVERALL_REPORT" is used. The expression this time is a little more complicated since the observable allpower does not contain the number of
devices, but a correctness indicator. It is possible to create another compound observable to show this, but the instructor decides to do the calculations
right in the expression to save time. The resulting expression is:
( allpower == 1 ) ? "You have powered all devices." : (3 ( r0poweron + r1poweron + r2poweron)) + " devices are unpowered. Please fix the
error and try again.";
This particular expression checks the value allpower. If it is true then it display the first string, otherwise it composes an alternate string that contains
the value 3 the number of correct devices (the number of incorrect devices).
When the instructor checks the Scripting tab, the instructor will notice that a new XML file called DATA: PROFICIENCY_MODEL has been
automatically generated which includes all of the work product features and scoring rules that were created as seen in the screenshot in the
"Scripting" section above.
Before the instructor can test the activity, the initial network is configured by copying it from the answer network and turning off the power to all
three devices. Instructions are entered to tell the student what to do, and then the activity is tested.
When the instructor tests the activity without turning any devices on it displayed "3 devices are unpowered. Please fix the error and try again."
However, if two devices are powered on, the feedback is "1 devices are unpowered. Please fix the error and try again." And lastly, when all three
devices are powered on, the feedback is "You have powered all devices."
Terms
Expression - A sequence of JavaScript commands that results in a value that can be assigned to an observable.
Work Product Feature - A particular element of interest in the Packet Tracer network. For example, the IP address assigned to Router0s
FastEthernet0/0 port.
Primary Observable - The result of the application of a scoring rule or expression against a work product feature. Usually there is one primary
observable for each work product feature, and typically the value is true or false. As an example, if the IP address on Router0s FastEthernet0/0 port
is equal to 10.0.0.1, then award 2 points.
Compound Observable - An application of aggregation rules to multiple Primary Observables. The values stored in a compound observable can be
any legal JavaScript value but typically are numerical scores or correctness indicators. As an example, add the points from IP addressing and routing
together.
Reporting Observable - Typically a string value named that represents some portion of feedback. For example: If the score is greater the 70, display
"Passed".
Assessment Items
What are Assessment Items?
The assessment items are found in the Assessment Items tab of the Answer Network section in the Activity Wizard.
Most configurations in the answer network have corresponding assessment items. To assess certain items, place a check mark next to the item. The
default behavior is to compare the student network configuration to what is defined in the answer network configuration. For more advanced
activities, the assessment items can be replaced with a variable. In this case, the student network configuration is compared with the value defined in
the variable.
How to Add Variables to the Items

Variables can only replace existing configured values. All leaf items can be replaced with a variable. A solid green dot indicates that a node has been
replaced by a variable.
There are two options for replacing a configured value with a variable:
Option 1: Use the Variable Manager interface, click on <-Option 2: Single click on the assessment item. A text field will pop up; replace the text with a variable.
Assessment Items and Values:

Assessment item values are loosely-typed; in fact, they are all of type String. However, some values follow this generic template:
Boolean: Less than or equal to 0 is false. Greater than or equal to 1 is true.
Numbers: A decimal (base 10) number.
IP Addresses: Must follow this format: 192.168.1.1; all digits between 0 and 255.
MAC Addresses: Must follow this format: ABCD.ABCD.ABCD; all digits must be hexadecimal.
Strings: Any regular string. A few string types require adherence to a specific format. This format is specified in the assessment item tree of the
Activity Wizard.
Definition of Assessment Items and Values

These are the available nodes in Packet Tracer. The nodes follow a tree structure, where the leaf nodes are the nodes that can be graded. "<User
Defined>" nodes take the name of a user configured value. For example, if a user configures a VLAN Name: "Engineering", the value "Engineering"
will show in the runtime Assessment Tree but in this table, it will show as "<User Defined>."
AaaProcess | AclProcess | AclV6Process | AcsServerProcess | BgpProcess | Category | Cbac | CbacProcess | CbacProtocol | CdpProcess | ClassMapManager | ClientGroup |
CMEProcess | CryptoMapSeq | CryptoMapSet | CustomQueueInfo | CustomQueueManager | DialPeer | DhcpPool | DhcpServerProcess | DhcpV6ClientProcess |
DhcpV6LocalPrefixPool | DhcpV6Pool | DhcpV6ServerMainProcess | DhcpV6ServerProcess | DnsClient | DnsServerProcess | DynamicCryptoMap | EasyVpnServer |
EigrpMainProcess | EigrpProcess | EigrpV6MainProcess | EigrpV6Process | EmailClient | EmailServer | EmailUser | Ephone | EphoneDirectory | FileManager |
FtpServerProcess | GreProcess | HttpServer | HttpsServer | IcmpSignature | IkePolicy | IpsecPeer | IpsecProcess | IpsProcess | ISATAP | NatProcess | NatV6Process | NdProcess
| NtpClientProcess | NtpServerProcess | OspfMainProcess | OspfProcess | OspfV3MainProcess | OspfV3Process | ParserView | ParserViewManager | PolicyMapManager |
PolicyMapQosClass | PolicyMapZfwClass | PortKeepAliveProcess | PortSecurity | PppoeServer | PriorityQueueManager | PrivilegeManager | QueueProtocol |

RadiusClientProcess | RadiusServerProcess | RipProcess | RipV6MainProcess | RipV6Process | RoutingProcess | RoutingProcessV6 | Settings | Security | Signature |
SnmpAgent | Signature | SshServerProcess | StpMainProcess | SyslogClient | SyslogServer | TacacsClientProcess | TcpProcess | TelephonyService | TerminalLine | TftpServer
TransformSet | TunnelInterface | VirtualTemplateInterface | VirtualTemplateManager | VpdnGroup | VpnIpPool | VtpProcess | WirelessClientProcess | WirelessCommon |
WirelessServerManager | WirelessServerPortData | WirelessServerProcess | ZfwProcess | ZonePair |
AccessPoint | AnalogPhone | Asa | Bridge | CableModem | CiscoDevice | Cloud | CloudPotsPort | CloudSerialPort | Console | Device | DslModem | EtherChannel |
EtherChannelManager | FRSubInterface | HomeVoip | HostPort | Hub | IPPhone | Laptop | MultiLayerSwitch | MURemoteNetwork | Network | Pc | Pda | Printer | Port
RoutedSwitchPort | Router | RouterPort | Server | Switch | SwitchPort | TabletPC | TerminalLineDevice | TV | WiredEndDevice | WirelessRouter |
AaaProcess - up
Name
Node Type
AAA
Head
New-model
Leaf
Authentication
Head
Authen Command <User Defined>

Authorization
Authorize Command <User Defined>
Leaf
Variable Type
Number
String
Head
Leaf
String
Name
Node Type
Variable Type
ACS
Head
AcsServerProcess - up
ACS Enabled
Leaf
Network Configuration
Head
Client <User Defined>
Boolean
Head
Client IP
Leaf
IP Address
Client
Leaf
String
Secret String
Leaf
String
Server Type
User Setup
Leaf
Number
Head
User <User Defined>
Head
User Description
Leaf
String
User Name
Leaf
String
User Password
Leaf
String
Name
Node Type
Variable Type
RADIUS Client
Head
RadiusClientProcess - up
RADIUS Server Hosts
Head
<User Defined>
Leaf
Number
RADIUS server key
Leaf
String
Name
Node Type
Variable Type
RADIUS Server
Head
RadiusServerProcess - up
Port
Leaf
Number
Name
Node Type
Variable Type
TACACS Client
Head
TacacsClientProcess - up
TACACS Server Hosts

<User Defined>
Head
Leaf
String
TACACS server key
Leaf
String
Name
Node Type
Variable Type
ACL
Head
AclProcess - up
<User Defined>
Leaf
String
Name
Node Type
Variable Type
ACLV6
Head
AclV6Process - up
<User Defined>
Leaf
String
Name
Node Type
Variable Type
Inspect name <User Defined>
Head
Cbac - up
Name
Leaf
Protocols
Head
<CbacProtocol>
String
Head
CbacProcess - up
Name
Node Type
Firewall
Head
IP Inspect Names
<Cbac>
Head
Head
Variable Type
Global Alert
Leaf
Number
Global Audit Trail
Leaf
Number
DNS Timeout
Leaf
Number
FIN-WAIT Time
Leaf
Number
SYN-WAIT Time
Leaf
Number
UDP Idle Time
Leaf
Number
TCP Idle Time
Leaf
Number
MAX Incomplete High
Leaf
Number
MAX Incomplete Low
Leaf
Number
One Minute High
Leaf
Number
One Minute Low
Leaf
Number
Name
Node Type
Variable Type
Protocol <User Defined>
Head
CbacProtocol - up
Protocol name
Leaf
String
Alert
Leaf
Number
Audit trail
Leaf
Number
Timeout
Leaf
Number
Name
Node Type
Variable Type
CDP
Head
CdpProcess - up
CDP Enabled
Leaf
Boolean
DhcpPool - up
Name
Node Type
Pool <User Defined>
Head
Variable Type
IPs
Leaf
String
Name
Leaf
String
DNS Server
Leaf
String
Default Gateway
Leaf
String
Start IP address
Leaf
String
Subnet mask
Leaf
String
Max Users
Leaf
Number
TFTP Server
Leaf
IP Address
Name
Node Type
Variable Type
DHCP
Head
DhcpServerProcess - up
DHCP Enable
Leaf
Pools
Head
<DhcpPool>
Boolean
Head
Excluded Addresses
Head
<User Defined>
Leaf
String
Name
Node Type
Variable Type
DHCPV6 Client
Head
DhcpV6ClientProcess - up
DHCPV6 Client PD Name
Leaf
String
DhcpV6LocalPrefixPool - up
Name
Node Type
Local Pool Name <User Defined>
Head
<User Defined>
Variable Type
Head
Local Pool Name
Leaf
String
Prefix
Leaf
String
Prefix Length
Leaf
Number
Sub Prefix Length
Leaf
Number
DhcpV6Pool - up
Name
Node Type
Pool Name <User Defined>
Head
Variable Type
<User Defined>
Head
Pool Name
Leaf
String
DNS
Leaf
String
Domain Name
Leaf
String
Prefix Delegations
Head
Prefix Delegations <User Defined>
Head
Prefix Delegations
Leaf
String
DUID
Leaf
MAC Address
Static Preferred Lifetime
Leaf
Number
Static Valid Lifetime
Leaf
Number
Prefix Delegation Pool

Name <User Defined>
Head
Head
Name
Leaf
String
Dynamic Preferred Lifetime
Leaf
Number
Dynamic Valid Lifetime
Leaf
Number
DhcpV6ServerMainProcess - up
Name
Node Type
DHCPv6
Head
DHCPv6 Pools
<DhcpV6Pool>
Local Pools
<DhcpV6LocalPrefixPool>
Variable Type
Head
Head
Head
Head
DhcpV6ServerProcess - up
Name
Node Type
DHCPv6 Server
Head
DHCPv6 Server Pool Name
Variable Type
Leaf
String
Name
Node Type
Variable Type
DNS
Head
DnsClient - up
IP Domain Lookup
Leaf
Boolean
IP Domain Name
Leaf
String
IP Name Server
Leaf
IP Address
IPv6 Name Server
Leaf
IP Address
IP Host Header
Host <User Defined>
IPv6 Host Header
Host <User Defined>
Head
Leaf
String
Head
Leaf
String
Name
Node Type
Variable Type
DNS Server
Head
DnsServerProcess - up
DNS Enable
Leaf
Resource Records
Head
Record <User Defined>
Head
A Records
Head
Address
Leaf
NS Records
Head
Server name
SOA Records
SOA Record <User Defined>
Boolean
Leaf
IP Address
String
Head
Head
Primary Server Name
Leaf
String
Mailbox
Leaf
String
Min TTL
Leaf
Number
Refresh Time
Leaf
Number
Retry Time
Leaf
Number
Expire Time
Leaf
Number
CNAME Records
Hostname
Head
Leaf
String
ClientGroup - up
Name
Node Type
Group <User Defined>
Head
Variable Type
Name
Leaf
String
Key
Leaf
String
Pool name
Leaf
String
Netmask
Leaf
String
Name
Node Type
Variable Type
Map <User Defined>
Head
DynamicCryptoMap - up
Name
Leaf
String
Sequence number
Leaf
String
Crypto IpSec Transform Sets
Head
<TransformSet>
Reverse-route
Head
Leaf
Number
Name
Node Type
Variable Type
Easy VPN Server
Head
IP Local Pools
Head
EasyVpnServer - up
<VpnIpPool>
Client Configuration Groups
Head
Head
<ClientGroup>
Head
VpnIpPool - up
Name
Node Type
Pool <User Defined>
Head
Variable Type
Name
Leaf
String
Start IP
Leaf
String
End IP
Leaf
String
Name
Node Type
Variable Type
Files
Head
FileManager - up
<User Defined Directory>

<User Defined File>
Head
Leaf
String
Name
Node Type
Variable Type
FTP Server
Head
FtpServerProcess - up
FTP Enable
Leaf
User Accounts
Head
Account <User Defined>
Boolean
Head
User Name
Leaf
String
User Password
Leaf
String
User Permission
Leaf
String
Server Files
<User Defined>
Head
Leaf
String
Name
Node Type
Variable Type
GRE
Head
GreProcess - up
Interface Tunnels
<TunnelInterface>
Head
Head
TunnelInterface - up
Name
Node Type
Tunnel <User Defined>
Head
Variable Type
Port number
Leaf
String
Source
Leaf
String
Destination
Leaf
String
Name
Node Type
Variable Type
HTTP Server
Head
HttpServer - up
HTTP Enable
Leaf
Server Files
Head
<User Defined>
HttpsServer - up
Leaf
Boolean
String
Name
Node Type
HTTPS Server
Head
HTTPS Enable
Variable Type
Leaf
Boolean
Name
Node Type
Variable Type
Category <User Defined>
Head
Category - up
NAME
Leaf
String
Retired
Leaf
Number
Name
Node Type
Variable Type
Signature
Head
Enabled
Leaf
Number
Retired
Leaf
Number
Name
Node Type
Variable Type
<Signature>
Head
Signature - up
IcmpSignature - up
Icmp Signature ID
Leaf
Number
Icmp Sub ID
Leaf
Number
Node Type
Variable Type
IpsProcess - up
Name
IPS
Head
Config Location Retries
Leaf
Number
Config Location
Leaf
String
Ips List
Head
IPS Name <User Defined>
Head
IPS Name
Leaf
String
Ips List
Leaf
String
Signature Categories
<Category>
Head
Head
<IcmpSignature>
Head
Notify Log
Leaf
Number
Name
Node Type
Variable Type
Signature
Head
Enabled
Leaf
Number
Retired
Leaf
Number
Name
Node Type
Variable Type
Email Client
Head
Signature - up
EmailClient - up
<EmailUser>
EmailServer - up
Head
Name
Node Type
Email Server
Head
Variable Type
SMTP Service Enabled
Leaf
Boolean
POP3 Service Enabled
Leaf
Boolean
Domain Name
Leaf
String
Users
Head
User <User Defined>
Head
User Name
Leaf
String
User Password
Leaf
String
Name
Node Type
Variable Type
Email User
Head
EmailUser - up
Name
Leaf
String
Email
Leaf
String
Incoming Mail Server
Leaf
String
Outgoing Mail Server
Leaf
String
User Name
Leaf
String
User Password
Leaf
String
Name
Node Type
Variable Type
NAT
Head
NatProcess - up
Pools
Pool Name <User Defined>
Head
Leaf
String
Inside Source List

NAT Source Setting <User Defined>
Outside Source List
Inside Source Static
Outside Source Static
Head
Leaf
String
Head
Leaf
String
Head
Leaf
String
Head
Leaf
String
Name
Node Type
Variable Type
NATV6
Head
Pools
Head
NatV6Process - up
<User Defined V6V4>
Leaf
String
<User Defined V4V6>
Leaf
String
Prefix
Head
Prefix IP
Leaf
IP Address
Prefix Mask
Leaf
IP Address
Inside Source List
Head
<User Defined V4V6>
Leaf
String
<User Defined V6V4>
Leaf
String
Inside Source Static

Name
NdProcess - up
Head
Leaf
String
Name
Node Type
NDV6
Head
General Prefixes
General Prefix <User Defined>
Neighbors
Neighbor <User Defined>
Variable Type
Head
Leaf
String
Head
Head
IPv6 Address
Leaf
IP Address
Mac Address
Leaf
MAC Address
NtpClientProcess - up
Name
Node Type
NTP Client
Head
Variable Type
NTP Authenticate
Leaf
Number
Update Calendar
Leaf
Number
Authentication Keys
Head
Key <User Defined>
Head
Name
Leaf
String
Password
Leaf
String
Trusted Keys
Head
Key
NTP Server Information
Leaf
Number
Head
Address
Leaf
IP Address
Key
Leaf
String
NtpServerProcess - up
Name
Node Type
Variable Type
NTP Server
Head
Service
Leaf
Boolean
Authentication
Leaf
Number
Key
Leaf
Number
Password
Leaf
String
Name
Node Type
Variable Type
PPPOE Server
Head
PppoeServer - up
<VirtualTemplateManager>
Leaf
Boolean
Name
Node Type
Variable Type
Virtual Template
Head
VirtualTemplateManager - up
Interfaces
<VirtualTemplateInterface>
Head
Head
VPDN Enable
Leaf
VPDN Groups
Head
<VpdnGroup>
Boolean
Head
VirtualTemplateInterface - up
Name
Node Type
Virtual Template Interface
Head
Variable Type
IP Unnumbered Enabled
Leaf
String
Default IP Address Pool
Leaf
String
PPP CHAP Hostname
Leaf
String
PPP CHAP Password
Leaf
String
PPP Authentication
Leaf
Number
Name
Node Type
Variable Type
VPDN Group
Head
VpdnGroup - up
Group Name
Leaf
String
Dial-in
Leaf
Boolean
Virtual Template
Leaf
Number
Protocol PPPOE
Leaf
Boolean
Name
Node Type
Variable Type
Class Maps
Head
ClassMapManager - up
Class Map List

<User Defined>
Head
Head
Map Type
Leaf
Statements
Head
<User Defined>
CustomQueueInfo - up
Leaf
Number
String
Name
Node Type
Custom Queue Info <User Defined>
Head
Protocol List
<QueueProtocol>
Variable Type
Head
Head
Queues Infos
Head
Queue Info
Leaf
String
Default Queue
Leaf
String
Name
Node Type
Variable Type
Custom Queues
Head
CustomQueueManager - up
Custom Queue Info List
Head
<CustomQueueInfo>
Head
PolicyMapManager - up
Name
Node Type
Policy Maps
Head
Policy Map List

Policy Map <User Defined>
Variable Type
Head
Head
Policy Map Name
Leaf
String
Policy Map Type
Leaf
Number
<PolicyMapQosClass | PolicyMapZfwClass>
Head
PolicyMapQosClass - up
Name
Node Type
QoS Class <User Defined>
Head
Variable Type
Map Name
Leaf
String
Bandwidth
Leaf
Number
Queue Limit
Leaf
Number
Priority
Leaf
Number
Service Policy
Leaf
String
Name
Node Type
Variable Type
Priority Queue
Head
Priority List
Head
PriorityQueueManager - up
<User Defined>
Head
Protocol
Leaf
Queue Limit
Head
String
High
Leaf
String
Medium
Leaf
String
Normal
Leaf
String
Low
Leaf
String
Default
Leaf
String
Name
Node Type
Variable Type
Queue Protocol
Head
QueueProtocol - up
IP
Leaf
Number
IPv6
Leaf
Number
Keyword
Leaf
Number
Key Value
Leaf
Number
Queue Index
Leaf
Number
Name
Node Type
Variable Type
BGP
Head
BgpProcess - up
Autonomous System
Leaf
Number
Router ID
Leaf
IP Address
Log Neighbor Changes
Leaf
Boolean
Redistribute-internal
Leaf
Boolean
Networks
Head
Route <User Defined>
Leaf
String
Leaf
Boolean
Leaf
IP Address
Autonomous System
Leaf
Number
Next-Hop-Self
Leaf
Boolean
Neighbors
<User Defined>
Timers
Head
Keepalive
Leaf
Number
Holdtime
Leaf
Number
Synchronization
Leaf
Boolean
Redistribution
Head
<User Defined>
Leaf
String
EigrpMainProcess - up
Name
Node Type
EIGRP
Head
<EigrpProcess>
Variable Type
Head
EigrpProcess - up
Name
Node Type
Autonomous System <User Defined>
Head
Auto Summary
Leaf
Networks
Head

Passive Interface
Leaf
Variable Type
Number
IP Address
Head
Default
Leaf
Number
<User Defined>
Leaf
String
Metrics
Leaf
String
Variance
Leaf
Number
Redistribution
Head
<User Defined>
Leaf
String
Name
Node Type
Variable Type
OSPF
Head
OspfMainProcess - up
<OspfProcess>
Head
OspfProcess - up
Name
Node Type
Process ID <User Defined>
Head
Area Authentication
Area <User Defined>
Area
Variable Type
Head
Leaf
Number
Head
Area <User Defined>
Leaf
Number
Area Status
Leaf
String
Default Cost
Leaf
Number
Virtual Link
Head
<User Defined>
Leaf
String
Default Information
Leaf
Number
Log Adjacency Changes
Leaf
String
Passive Interface
Head
Default
Leaf
Number
<User Defined>
Leaf
String
Networks
Redistribution
<User Defined>
Head
Head
Head
Leaf
String
Leaf
String
Name
Node Type
Variable Type
RIP
Head
Router ID
RipProcess - up
Version
Leaf
Number
Auto Summary
Leaf
Number
Default Information Originate
Leaf
Boolean
Redistribution
Head
<User Defined>
Leaf
String
Timers
Leaf
String
Networks
Head

Passive Interface
Leaf
String
Head
Default
Leaf
Number
<User Defined>
Leaf
String
Name
Node Type
Variable Type
Routes
Head
RoutingProcess - up
(deprecated) Static Routes
Head
Leaf
Static Routes
String
Head
Leaf
String
Default Networks
Head
<User Defined>
Leaf
IP Address
IP Routing
Leaf
Boolean
Forward Protocols
Head
<User Defined>
Leaf
String
EigrpV6MainProcess - up
Name
Node Type
EIGRPV6
Head
<EigrpV6Process>
Variable Type
Head
EigrpV6Process - up
Name
Node Type
EIGRPv6 <User Defined>
Head
Variable Type
Metrics
Leaf
String
Shutdown
Leaf
Number
Router ID
Leaf
IP Address
Redistribution
Head
<User Defined>
Leaf
String
Name
Node Type
Variable Type
OSPFV6
Head
OspfV3MainProcess - up
<OspfV3Process>
Head
OspfV3Process - up
Name
Node Type
OSPFv6 <User Defined>
Head
Area
Area <User Defined>
Head
Head
Variable Type
Area Status
Leaf
String
Default Cost
Leaf
Number
Virtual Link
Head
<User Defined>
Leaf
String
Log Adjacency Changes
Leaf
Number
Passive Interface
Head
Default
Leaf
Number
<User Defined>
Leaf
String
Shutdown
Leaf
Number
Redistribution
Head
<User Defined>
Leaf
String
Name
Node Type
Variable Type
RIPV6
Head
RipV6MainProcess - up
<RipV6Process>
Head
RipV6Process - up
Name
Node Type
RIPv6 <User Defined>
Head
Distance
Leaf
Redistribution
Head
<User Defined>
ShutDown
Variable Type
Number
Leaf
String
Leaf
Number
RoutingProcessV6 - up
Name
Node Type
Routesv6
Head
IPv6 Unicast Routing
Leaf
(deprecated) Static Routes
Head
<User Defined>
Static Routes
Leaf
Variable Type
Number
String
Head
<User Defined>
Leaf
String
Default Networks
Head
<User Defined>
Leaf
IP Address
Name
Node Type
Variable Type
Security
Head
Security - up
Crypto Key Set
Leaf
String
Boot Config
Leaf
String
Boot Image
Leaf
String
Modulus Bits
Leaf
Number
Name
Node Type
Variable Type
SNMP
Head
SnmpAgent - up
SNMP Communities
Community <User Defined>
Head
Leaf
Number
SshServerProcess - up
Name
Node Type
SSH Server
Head
Variable Type
SSH Version
Leaf
Number
SSH Authentication-retries
Leaf
Number
SSH Timeout
Leaf
Number
Name
Node Type
Variable Type
STP
Head
StpMainProcess - up
VLANs
<User Defined>
Head
Head
VLAN Number
Leaf
Number
Priority
Leaf
Number
RSTP
Leaf
Number
PortFast Default
Leaf
Number
PortSecurity - up
Name
Node Type
Port Security
Head
Enabled
Leaf
Static MACs
Head
<User Defined>
Variable Type
Boolean
Leaf
MAC Address
Port Security Violation
Leaf
Number
Max Static MACs
Leaf
Number
Sticky Enabled
Leaf
Sticky MACs
Head
<User Defined>
Leaf
Boolean
MAC Address
SyslogClient - up
Name
Node Type
SYSLOG Client
Head
Server Addresses
Address
Variable Type
Head
Leaf
String
Name
Node Type
Variable Type
SYSLOG Server
Head
SyslogServer - up
Service
Leaf
Boolean
Name
Node Type
Variable Type
TCP
Head
TcpProcess - up
Service Nagle
Leaf
Boolean
TCP MSS
Leaf
Number
Name
Node Type
Variable Type
TFTP
Head
TftpServer - up
TFTP Enable
Leaf
ServerFiles
Head
<User Defined>
Boolean
Leaf
String
Name
Node Type
Variable Type
Call Manager Express
Head
CMEProcess - up
Dial Peers
<DialPeer>
Head
Head
<TelephonyService>
Head
EPhones
Head
<Ephone>
EPhone Directories
<EphoneDirectory>
Head
Head
Head
DialPeer - up
Name
Node Type
Dial Peer <User Defined>
Head
Variable Type
Tag Number
Leaf
Number
Destination Pattern
Leaf
Number
Session Target
Leaf
IP Address
Ephone - up
Name
Node Type
Variable Type
EPhone <User Defined>
Head
Number
Leaf
Number
MAC Address
Leaf
MAC Address
Buttons
Head
Button <User Defined>
Head
Button
Leaf
<EphoneDirectory>
Head
Number
EphoneDirectory - up
Name
Node Type
EPhone Directory <User Defined>
Head
Variable Type
Directory Number
Leaf
Number
Directory Line Number
Leaf
String
Name
Node Type
Variable Type
Telephony Service
Head
TelephonyService - up
Auto Assign Commands

Auto Assign <User Defined>
Head
Leaf
String
Max Directory Number
Leaf
Number
Max EPhone Number
Leaf
Number
Source IP
Leaf
IP Address
Source Port
Leaf
Number
CryptoMapSeq - up
Name
Node Type
Sequence
Head
Number
Leaf
Peers
Head
Variable Type
String
<IpsecPeer>
Head
Match address
Leaf
String
Name
Node Type
Variable Type
Set
Head
CryptoMapSet - up
Name
Leaf
String
Respond
Leaf
String
Sequence List
Head
<CryptoMapSeq>
Ports
Port
Head
Head
Leaf
Number
Name
Node Type
Variable Type
Policy <User Defined>
Head
IkePolicy - up
Number <User Defined>
Leaf
Number
Authentication type
Leaf
String
Hash algorithm
Leaf
String
Encryption
Leaf
String
Group
Leaf
Number
Lifetime
Leaf
Number
Name
Node Type
Variable Type
Peer
Head
IpsecPeer - up
Address
Leaf
String
Name
Node Type
Variable Type
IKE
Head
IpsecProcess - up
Crypto ISAKMP Policy

<IkePolicy>
Crypto ISAKMP Key Address Pairs
<User Defined>
Crypto IpSec Transform Sets
<TransformSet>
Crypto Map Sets
<CryptoMapSet>
Crypto Dynamic Maps
<DynamicCryptoMap>
Head
Head
Head
Leaf
String
Head
Head
Head
Head
Head
Head
ISAKMP Enable
Leaf
Number
Security Association
Leaf
Number
TransformSet - up
Name
Node Type
Set
Head
Variable Type
Name
Leaf
String
AH Transform
Leaf
Number
ESP Authentication Transform
Leaf
Number
ESP Encryption Transform
Leaf
Number
Name
Node Type
Variable Type
ISATAP Client
Head
ISATAP - up
ISATAP Client Enabled
Leaf
Boolean
ISATAP Router
Leaf
String
Name
Node Type
Variable Type
VTP
Head
VtpProcess - up
Domain Name
Leaf
String
VTP Mode
Leaf
Number
VTP Password
Leaf
String
VTP Version
Leaf
Number
Node Type
Variable Type
WirelessClientProcess - up
Name
<WirelessCommon>
Security Mode
Head
Head
User Id
Leaf
String
Password
Leaf
String
Name
Node Type
Variable Type
Wireless
Head
SSID
Leaf
Security Mode
Head
Authen Type
Leaf
Number
WEP Key
Leaf
String
PassPhrase
Leaf
String
Encryption Type
Leaf
Number
Name
Node Type
Variable Type
Dot11 Configuration
Head
WirelessCommon - up
String
WirelessServerManager - up
SSID Configurations
SSID <User Defined>
Head
Leaf
String
SSID name
Leaf
String
Authentication
Leaf
String
WPA key management
Leaf
Number
EAP method
Leaf
String
EAP list name
Leaf
String
Wpa-psk
Head
Key entered as
Leaf
String
Unencrypted
Leaf
Number
Key
Leaf
Number
Dot11Radio Configurations
<WirelessServerPortData>
Head
Head
WirelessServerPortData - up
Name
Node Type
Dot11Radio
Head
Variable Type
Bridge Group
Leaf
Number
Station Role
Leaf
Boolean
Speed
Leaf
String
Encryption
Head
Key
Leaf
String
Size
Leaf
String
Type
Leaf
String
Hex String
Leaf
String
Mode WEP
Leaf
String
Mode Cipher
Leaf
String
Leaf
String
SSID
WirelessServerProcess - up
Name
Node Type
<WirelessCommon>
Head
Variable Type
Security Mode
Head
RADIUS Server IP
Leaf
String
RADIUS Shared Secret
Leaf
String
SSID BroadCast
Leaf
Number
Mac Filter Mode
Head
Mode
Leaf
Boolean
Access Restriction
Leaf
Number
Mac Address List
Head
Mac Address
Leaf
MAC Address
PolicyMapZfwClass - up
Name
Node Type
Inspect Class <User Defined>
Head
Variable Type
Class Map
Leaf
String
Action
Leaf
Number
Name
Node Type
Variable Type
Zone Based Firewall
Head
ZfwProcess - up
Zone Names
<User Defined>
Zone Pairs
<ZonePair>
Head
Leaf
Head
Head
String
ZonePair - up
Name
Node Type
Zone Pair <User Defined>
Head
Variable Type
Name
Leaf
String
Source Zone
Leaf
String
Destination Zone
Leaf
String
Service Policy
Leaf
String
Name
Node Type
Variable Type
Algorithm Settings
Head
Settings - up
CBAC
Half-Open Session Multiplier
TCP
Head
Leaf
Number
Head
Maximum Number of Connections
Leaf
Number
Maximum Number of Open Sessions
Leaf
Number
Switching
Storm Control Multipler
Head
Leaf
Number
Name
Node Type
Variable Type
Command Privilege
Head
PrivilegeManager - up
Commands
Command
Head
Leaf
String
ParserView - up
Name
Node Type
View
Head
Variable Type
View name
Leaf
String
Secret
Leaf
String
Commands
Head
Command
Leaf
String
Name
Node Type
Variable Type
Parser View
Head
ParserViewManager - up
Views
<ParserView>
Head
Head
TerminalLine - up
Name
Node Type
RS232 | Console Line |

VTY Line <User Defined> |
Head
Variable Type
Speed
Leaf
Number
Data Bits
Leaf
Number
Parity
Leaf
Number
Stop Bits
Leaf
String
Flow Control
Leaf
Number
Transport Input
Leaf
Number
Transport Output
Leaf
Number
History Size
Leaf
Number
MOTD Banner
Leaf
Number
Login
Leaf
Number
Password
Leaf
String
AAA Method List Name
Leaf
String
Session Limit
Leaf
Number
Access Class In
Leaf
String
Access Class Out
Leaf
String
Exec-timeout
Leaf
Number
Logging Synch
Leaf
Number
Privilege Level
Leaf
Number
IPv6 Access-class In
Leaf
String
IPv6 Access-class Out
Leaf
String
Name
Node Type
Variable Type
<Device>
Head
AccessPoint - up
<WirelessServerProcess>
Head
AnalogPhone - up
Name
Node Type
<Device>
Head
Bridge - up
Variable Type
Name
Node Type
<Device>
Head
Variable Type
CableModem - up
Name
Node Type
<Device>
Head
Variable Type
CiscoDevice - up
Name
Node Type
Variable Type
<AaaProcess>
Head
Banner login
Leaf
String
Banner motd
Leaf
String
Boot System
Head
<User Defined>
Leaf
String
<CdpProcess>
Head
Clock Timezone
Leaf
String
Config-Register
Leaf
Number
<Console>
Head
<DnsClient>
Head
Enable Password
Leaf
Flash Files
Head
<User Defined>
String
Leaf
String
FTP Passive
Leaf
Number
FTP Password
Leaf
String
FTP Username
Leaf
String
Host Name
Leaf
String
IP Domain Name
Leaf
String
Login Options
Head
Login On Success
Leaf
Number
Login On Failure
Leaf
Number
Blocking
Head
Enabled
Leaf
Boolean
Duration
Leaf
Number
Attempts
Leaf
Number
Period
Leaf
Number
<NtpClientProcess>
Head
<RadiusClientProcess>
Head
<Settings>
Head
<Security>
Head
Security Password Min-Length
Leaf
Number
Service Password Encryption
Leaf
Number
<SshServerProcess>
Head
Startup Config
Leaf
Static MAC
Head
<User Defined>
Leaf
<SyslogClient>
Head
<TacacsClientProcess>
Head
<TerminalLine>
Head
User Names
Head
User Name
Leaf
Number
String
String
VTY Lines
<TerminalLine>
Head
Head
Cloud - up
Name
Node Type
<Device>
Head
Frame Relay Connections
Variable Type
Head
<User Defined>
Leaf
String
DSL Connections
Head
<User Defined>
Leaf
Cable Connections
Head
<User Defined>
Leaf
String
Name
Node Type
Variable Type
<User Defined>
Head
String
Device - up
Custom Model Name
Leaf
Custom Variables
Head
<User Defined>
Leaf
String
Device Model
Leaf
String
Device Type
Leaf
Number
In Logical Shape
Leaf
String
In Physical Shape
Leaf
String
Ports
Head
<Port>
Head
String
Power
Leaf
Number
Leaf
String
Name
Node Type
Variable Type
<Device>
Head
Authorization
DslModem - up
HomeVoip - up
Name
Node Type
<Device>
Head
SCCP Server Address
Variable Type
Leaf
IP Address
Name
Node Type
Variable Type
<Device>
Leaf
Number
Name
Node Type
Variable Type
<Device>
Leaf
Number
Name
Node Type
Variable Type
<Pc>
Head
Hub - up
IPPhone - up
Laptop - up
MultiLayerSwitch - up
Name
Node Type
<Router>
Head
Variable Type
<EtherChannelManager>
Head
MLS QoS Enabled
Leaf
Number
Name
Node Type
Variable Type
<TerminalLineDevice>
Head
Pc - up
Accessories
Head
Camera Connected
Leaf
Boolean
Headphone Connected
Leaf
Boolean
Microphone Connected
Leaf
Boolean
USB Hard Drive Connected
Leaf
Boolean
Default Gateway
Leaf
IP Address
Default Gateway IPv6
Leaf
IP Address
DNS Server
Leaf
IP Address
DNS Server IPv6
Leaf
IP Address
<EmailClient>
Head
Files
Head
C Directory
Head
sampleFile.txt
Leaf
String
<User Defined>
Leaf
String
Desktop
sampleFile.txt
Head
Leaf
String
<User Defined>
Leaf
<Settings>
Head
<TerminalLine>
Head
<WirelessClientProcess>
Head
String
Pda - up
Name
Node Type
<Pc>
Head
Variable Type
Printer - up
Name
Node Type
<Pc>
Head
Variable Type
Router - up
Name
Node Type
<CiscoDevice>
Head
<AclProcess>
Head
<AclV6Process>
Head
<CbacProcess>
Head
<ClassMapManager>
Head
<CMEProcess>
Head
<CustomQueueManager>
Head
<BgpProcess>
Head
<CbacProcess>
Head
Variable Type
<DhcpServerProcess>
Head
<DhcpV6ServerMainProcess>
Head
DHCP Relay Agent
Head
Enabled
Leaf
Relay Information Trust All
Leaf
<EasyVpnServer>
Head
<EigrpMainProcess>
Head
<EigrpV6MainProcess>
Head
<GreProcess>
Head
<IpsecProcess>
Head
<IpsProcess>
Head
<NatProcess>
Head
<NatV6Process>
Head
<NdProcess>
Head
<OspfMainProcess>
Head
<OspfV3MainProcess>
Head
<ParserViewManager>
Head
<PolicyMapManager>
Head
<PriorityQueueManager>
Head
<PrivilegeManager>
Head
<RipProcess>
Head
<RipV6Process>
Head
<RoutingProcess>
Head
<RoutingProcessV6>
Head
<SnmpAgent>
Head
Boolean
<SshServerProcess>
Head
<Security>
Head
<StpMainProcess>
Head
<TcpProcess>
Head
VLANS
Head
<User Defined>
Head
VLAN Name
Leaf
<VirtualTemplateManager>
Head
<VtpProcess>
Head
<WirelessServerManager>
Head
<ZfwProcess>
Head
String
Server - up
Name
Node Type
<Pc>
Head
<AcsServerProcess>
Head
<DhcpServerProcess>
Head
<DnsServerProcess>
Head
<EmailServer>
Head
<FtpServerProcess>
Head
<HttpServer>
Head
<HttpsServer>
Head
<NtpServerProcess>
Head
<RadiusServerProcess>
Head
<SyslogServer>
Head
Variable Type
<TftpServer>
Head
<EmailServer>
Head
Switch - up
Name
Node Type
<CiscoDevice>
Head
Default Gateway
Leaf
DHCP Relay Agent
Head
Enabled
Leaf
Relay Information Trust All
Leaf
DHCP Snooping
Leaf
MAC Address Verified
Leaf
Option 82 Inserted
Leaf
Option 82 Trusted
Leaf
VLANs
Head
DHCP Snooping Binding DB Agent
Leaf
Head
Flash
Leaf
Write Delay
Leaf
Ports
Switch Port
IP Address
Boolean
Head
Enabled
VLAN <num>
Variable Type
Head
Head
DHCP Snooping Limit Rate
Leaf
DHCP Snooping Trust
Leaf
<EtherChannelManager>
Head
Boolean
Number
<SnmpAgent>
Head
<StpMainProcess>
Head
VLANS
Head
<User Defined>
Leaf
String
VLAN Name
Leaf
String
<VtpProcess>
Head
ASA - up
Name
Node Type
<CiscoDevice>
Head
Default Gateway
Leaf
Clientless Settings
Head
Bookmarks
Head
Bookmark
Leaf
Title
Leaf
Users
Head
User
Leaf
Bookmark
Leaf
Group Policy
Leaf
Profile Name
Leaf
Username
Leaf
DHCP Server (inside)
Variable Type
IP Address
Head
Enabled
Leaf
DHCPD Auto_config
Leaf
DHCP Server (outside)
Head
Boolean
Enabled
Leaf
DHCPD Auto_config
Leaf
VLANs
Head
VLAN <num>
Ports
Switch Port
Leaf
Boolean
Number
Head
Head
<StpMainProcess>
Head
VLANS
Head
<User Defined>
Leaf
String
VLAN Name
Leaf
String
<VtpProcess>
Head
TabletPC - up
Name
Node Type
<Pc>
Head
Variable Type
TerminalLineDevice - up
Name
Node Type
<Device>
Head
Enable Secret
Leaf
Logging
Head
Variable Type
String
Service timestamp debug
Leaf
Number
Service timestamp log
Leaf
Number
Logging console
Leaf
Number
Logging buffered
Leaf
Number
Logging On
Leaf
Number
Leaf
Number
Name
Node Type
Variable Type
<Device>
Head
Trap Debug
TV - up
WiredEndDevice - up
Name
Node Type
<Pc>
Head
Variable Type
WirelessRouter - up
Name
Node Type
<Device>
Head
Variable Type
Default Gateway
Leaf
<DhcpServerProcess>
Head
DNS Server IP
Leaf
IP Address
Internet Connection
Leaf
Number
Password
Leaf
String
Remote Management
Leaf
Boolean
Single Port Forwarding
Head
<User Defined>
<WirelessServerProcess>
Leaf
Head
IP Address
String
Console - up
Name
Node Type
<Port>
Head
Variable Type
CloudPotsPort - up
Name
Node Type
<Port>
Head
Phone Number
Variable Type
Leaf
String
Name
Node Type
Variable Type
<Port>
Head
CloudSerialPort - up
Frame Relay
Head
LMI Type
Leaf
Sublinks
Head
<User Defined>
Number
Leaf
String
Name
Node Type
Variable Type
<RouterPort>
Head
FRSubInterface - up
Type (Point-to-Point/ MultiPoint)
Leaf
DLCI
Head
DLCI <User Defined>
Leaf
Number
Number
HostPort - up
Name
Node Type
<Port>
Head
Variable Type
ARP Timeout
Leaf
Number
Auto Config
Leaf
Number
DHCP client enable
Leaf
Boolean
Enabled
Leaf
Boolean
Pool Name
Leaf
String
IP Address
Leaf
IP Address
ip mtu
Leaf
Number
Ipv6 Address
Head
IPv6 Enable
Leaf
<DhcpV6ClientProcess>
<User Defined>
Number
Head
IP Address
Leaf
IP Address
Prefix
Leaf
String
Type
Leaf
String
ipv6 mtu
Leaf
Number
Link Local
Leaf
IP Address
mtu
Leaf
Number
Subnet Mask
Leaf
IP Address
Port - up
Name
Node Type
<User Defined>
Head
Variable Type
Bandwidth Auto Negotiate
Leaf
Number
Clock Rate
Leaf
Number
Description
Leaf
String
Duplex Auto Negotiate
Leaf
String
MAC Address
Leaf
MAC Address
Port Type
Leaf
Number
<PortKeepAliveProcess>
Head
Power
Leaf
Number
Tx Ring Limit
Leaf
Number
(Wireless) Link to <User Defined>
Head
Connects to <User Defined>
Leaf
String
DCE Port Name
Leaf
String
Type
Leaf
Number
PortKeepAliveProcess - up
Name
Node Type
Port Keepalive
Head
Keepalive interval
Variable Type
Leaf
Number
Name
Node Type
Variable Type
<SwitchPort | RouterPort>
Head
RoutedSwitchPort - up
SwitchPort
Leaf
Number
EtherChannel - up
Name
Node Type
<RoutedSwitchPort>
Head
Channel group
Variable Type
Head
Channel mode
Leaf
Number
Channel protocol
Leaf
Number
Name
Node Type
Variable Type
EtherChannel
Head
EtherChannelManager - up
Load Balance Method
Leaf
Number
RouterPort - up
Name
Node Type
<HostPort>
Head
802.1Q
Head
Variable Type
VLAN ID
Leaf
Number
Native VLAN
Leaf
Number
Access-group In
Leaf
String
Access-group Out
Leaf
String
CDP Enabled
Leaf
Number
Crypto Map
Leaf
String
Bandwidth Info
Leaf
Number
Delay
Leaf
Number
<Dhcpv6ServerProcess>
Head
Pool Name
EIGRP Hello Interval
EIGRP Summary Addresses
<User Defined>
EIGRPv6
EIGRPv6 <User Defined> Enabled
EIGRPV6 Hello Interval
Eigrpv6 Summary Addresses
<User Defined>
Leaf
String
Head
Leaf
Number
Head
Head
Leaf
String
Head
Leaf
Boolean
Head
Leaf
Number
Head
Head
Leaf
String
Encapsulation
Leaf
String
Frame Relay
Head
Encapsulation Type
Leaf
Number
LMI Type
Leaf
Number
IP Maps
Head
<User Defined>
Helper Addresses
Helper Address <User Defined>
Leaf
String
Head
Leaf
IP Address
Hold Queue
Leaf
Number
Ip Inspect In
Leaf
String
Ip Inspect Out
Leaf
String
Ips In
Leaf
String
Ips Out
Leaf
String
IPv6 NAT
Leaf
Number
IPv6 NAT Prefix
Leaf
String
IPv6 Traffic Filter In
Leaf
String
IPv6 Traffic Filter Out
Leaf
String
Keepalive
Leaf
Boolean
NAT Mode
Leaf
Number
OSPF Authentication
Leaf
Number
OSPF Authentication Key
Leaf
String
OSPF Cost
Leaf
Number
OSPF Dead Interval
Leaf
Number
OSPF Hello Interval
Leaf
Number
OSPF Message Digest Key
Head
Key ID <User Defined>
Leaf
Number
Ospf Network Type
Leaf
Number
OSPF Priority
Leaf
Number
OSPFv3
Head
OSPFv3 Process ID
Leaf
Number
OSPFv3 Area ID
Leaf
String
OSPFv3 Instance ID
Leaf
Number
OSPFv3 Priority
Leaf
Number
OSPFv3 Dead Interval
Leaf
Number
OSPFv3 Hello Interval
Leaf
Number
OSPFv3 cost
Leaf
Number
PPP
Head
Authentication
Leaf
Number
PPPOE Enabled
Leaf
Number
Priority Group | Custom Queue List | Fair Queue
Leaf
Number | Number | String
RIP Split Horizon
Leaf
Boolean
RIPv6
Head
RIPv6 <User Defined> Enabled
Leaf
Boolean
Route cef
Leaf
Boolean
Service Policy Input
Leaf
String
Service Policy Output
Leaf
String
Virtual Reassembly
Leaf
Number
Zone Member
Leaf
String
SwitchPort - up
Name
Node Type
<Port>
Head
Variable Type
Access VLAN
Leaf
Number
Bpduguard
Leaf
Number
CDP Enabled
Leaf
Number
Dynamic Mode
Leaf
Number
Native VLAN
Leaf
Number
Nonegotiate
Leaf
Boolean
Port Mode
Leaf
Number
PortFast
Leaf
Number
<PortSecurity>
Head
Root guard
Leaf
Number
Storm Control
Leaf
Trunk VLANs
Head
<User Defined>
String
Leaf
String
Leaf
Number
Name
Node Type
Variable Type
Network
Head
Voice Vlan
Network - up
<Device>
Head
<MURemoteNetwork>
Head
MURemoteNetwork - up
Name
Node Type
Variable Type
<Device>
Leaf
Number
Peer Address
Leaf
String
Peer Network Name
Leaf
String
Password
Leaf
String
Connected
Leaf
Boolean
Multiuser
Multiuser communication allows multiple point-to-point (peer) connections between multiple instances of Packet Tracer. By allowing communication
between Packet Tracer instances, a new door has been opened to a fun, interactive, social, collaborative, and competitive learning environment.
Instructors will now be able to create a variety of activities for students to learn in groups that will facilitate greater social interaction between
students. Students will benefit from this environment by working together to solve problems and share ideas. Both students and teachers should take
full advantage that Multiuser will offer in their learning environment.
Technical Information
Communicates between instances using PTMP.
PTMP is TCP based.
By default, uses TCP port 38000, is customizable, and each new instances on the same PC will use the next available port.
On by default.
UPnP will attempt to establish port forwarding to facilitate home networks.
All network communication allowed between instances.
Console cable also allowed.
Transparent to the simulated network.
Default password: cisco
Wireless is not supported over Multiuser.
Dialogs
Multiuser is on by default, users who wish to turn this feature off may do so in the Extensions > Multiuser > Listen menu. The server settings can
be configured from this dialog. The default password is "cisco", it is highly recommended to change this password. To configure the port number,
click Stop Listening and then change it and click Listen again.
Existing Remote Networks refers to multiuser connection clouds that already exist on your desktop. The options allow the user to Always Accept a
remote connection request with no prompt, which is very handy in gaming and central connection scenarios. The second option will Always Deny
connections, refusing any connectivity to existing multiuser clouds on the desktop. The third option Prompts the user on the receiving side of the
connection to manually accept or deny the connection.
New Remote Networks supports the same three options as the previous option. The key difference is that the multiuser clouds don't yet exist on the
receiving user's workspace. If the option is set to Always Accept a new multiuser cloud is created on the workspace and connection to the initiating
copy of Packet Tracer is established. If the option is set to Always Deny nothing happens as the connection is refused. If the option is set to Prompt
the user on the receiving side of the connection to manually accept or deny the connection, if accepted a new multiuser cloud is created on that users
workspace.
The Extensions > Multiuser > Options dialog can be used to configure other settings. Allow Remote Saving controls whether this network can be
saved from a remote network using offline saving. Depth for Remote Saving configures how far deep into the remote user sessions will be saved.
For example, if the users are connected as such:
A <-> B
B <-> C
C <-> D
D <-> E
E <-> F
F <-> A
If A is configured with a depth of 2 and attempts to offline save, A will receive a copy of B, C, E, and F's networks, but not D's. Always Start
Listening When Application Starts controls whether Multiuser will be on or off during startup. Allow Peers to see connected devices and port
names controls whether the remote user will see the device name and port name when they create a cable connection to your networks. Forward
remote PTMP broadcast messages works in conjunction with Packet Tracer External Applications (ExApps). Its function is to allow the ExApp to
communicate with all connected copies of Packer Tracer. This option has no effect on the Packet Tracer program by itself.
Port Visibility
The Port Visibility dialog allows you to control what ports on which devices in your network will automatically show up as an available port on
connected remote peer's networks. The remote peer can connect to these ports without requiring your end to create the link.
Connection States
Multiuser has four different connection states. The Multiuser cloud is in the Disconnected state when there is no remote network connection to a
remote peer. The Multiuser cloud goes into the Connecting state when a request is sent to a remote peer to make a remote network connection. When
two remote peers make a remote network connection, the Multiuser cloud goes into the Connected state. The Error state indicates there is a remote
network connection error with the remote peer. For example, if the remote peer's connection suddenly lost network connectivity, then the Error state
would appear.
User Guide
To create a Multiuser connection to another user, click on the Multiuser Connection in the Device-Type Selection Box. Then select the Remote
Network cloud and create it on the workspace. This cloud will represent one entry point to another user. Multiple multiuser entry-points to the same
user are allowed. Click on the cloud to open the Multiuser Connection dialog.
To create an outgoing connection, choose the Outgoing option for Connection Type. In the Peer Address field, enter the remote user's IP address. In
the peer port number, enter the port their instance of Packet Tracer is listening on. Peer Network Name is optional. The option allows this outgoing
connection to connect to a specific incoming cloud the remote peer has set up. For example, if the remote peer created an Incoming connection cloud
named Routers, then you can enter Routers in this field and it will connect to the Routers cloud in the remote peer's network. Leaving this field blank
will create a new cloud in the remote peer's network. The new cloud will have the same name as the cloud that initiated the connection unless that
name already exists, and then the name will be incremented to the next available name+number. The password field is the password set in the
Listen dialog from the remote peer's Packet Tracer instance. When the fields are set properly, click on the Connect button.
When an incoming connection happens, you will be prompted (by default, but can be changed under Extensions > Multiuser > Listen) to accept this
connection. When the incoming connection has been accepted, a Multiuser session has started. Each peer will have a cloud for connecting a cable to
the remote user. This cloud can be thought of as a universal patch panel. Both users must establish a connection to this cloud to create a link between
two remote devices.
To create a link between devices, it is very similar to a normal connection, except the other user must also make the connection. Start by selecting a
connection type in the Device-Specific Selection Box, and create the link to your device on one end, and select the cloud on the other end. As with
clusters, automatic connections are not allowed with Multiuser clouds. When you click on the cloud, a popup list similar to the list of ports in a
device will appear. The first option will be Create New Link, and subsequent items will be available ports. Create New Link will connect your cable
to the cloud as one side of a cable run. If ports are available, it means the other user has cables connected to their end of the cloud and you may
connect to these ports. Connecting to one of these available ports will establish a fully connected cable between remote devices.
Although the cloud has so far been described as like a patch panel, it is not the same as a
real patch panel. For example, both sides of the remote links must use the same cable
type to work. A straight-through cable connected to a crossover cable will not result in a
crossover cable, similarly with a rollover cable as well. If user A's side of a serial cable
is a DCE, then on user B's side, the cloud end should be the DCE. With the Port
Visibility turned on for a port, if the remote peer connects to one of your Port Visibility
enabled ports, you will not need to create your end of the cable. It will automatically be
created for you. If the remote user deletes that link, it will delete your end of that link
also. However, if you delete your end of the link, the remote user's end will not be
automatically deleted.
Offline Saving
There are now two options for saving networks. The normal Save in the Menu Bar and Main Tool Bar will create a save file with only your network
and any remote peer connections will be saved as a remote peer connection. Offline Saving will save your network and remote peer networks as a
cluster into a single large network. Offline Saving is controlled by the Depth for Remote Saving that you set and the permission the remote user set.
Opening up a normal save file with a remote peer connection will cause Packet Tracer to attempt to reconnect these remote peer connections.
Opening up an offline saved network will be a regular network with clusters for remote peer networks. Offline Saving is useful to examine others'
networks or to use Simulation Mode.
When your instance of Packet Tracer is connected to a remote peer, you will not be able
to switch to Simulation Mode. When you attempt to switch to Simulation Mode, you
will be prompted to save an offline copy that is to be opened in a new instance of Packet
Tracer. Clicking Yes will cause Packet Tracer to use the current offline saving settings to
create an offline save and open it in a new Packet Tracer instance immediately. From
there, you will be able to use Simulation Mode to examine packets in detail.
IPC (Inter-Process Communication)

The IPC (Inter-Process Communication) feature controls an external programming extension for Packet Tracer that enables external applications
(ExApps) to be added to Packet Tracer to extend its functionality. ExApps are being created by Cisco and other interested groups for use in the
Academy Program. An example ExApp use case might include a program that can automate the task of remotely sending and receiving activity
assessments between students and instructors. Because of the control that the IPC provides in relation to the ExApps, it greatly expands the
capabilities that Packet Tracer can provide without having to wait for the actual Packet Tracer core program to be enhanced.
Configure Apps
The Configure Apps dialog allows you to Add, Remove, and Launch ExApps from the Apps List. To add an ExApp, click on the Add button and
then open the ExApp's App Meta File (*.pta). The default directory to store ExApps is in the extensions directory in the Packet Tracer directory. To
remove an ExApp, select the ExApp from the Apps List and then click on the Remove button. To manually launch an ExApp, select the ExApp from
the Apps List and then click on the Launch button.
In the Description tab, you can view various information about the ExApp such as its description, version number, the ExApp author's name, the
ExApp author's contact info, and the path of the ExApp's executable.
In the Settings tab, you can change how the ExApp launches. You can set it to On Startup, On Demand, or Disabled. If the setting is set to On
Startup, when a Packet Tracer instance launches, the ExApp will launch as well. If the setting is set to On Demand, Packet Tracer will launch the
ExApp when a file indicates to load it or another ExApp launches it. Otherwise, if the startup option is set to Disabled, Packet Tracer will not accept
connections from this ExApp and the ExApp will need to be launched manually.
In the Security tab, you can view the ExApp's Security Privileges which are determined by the ExApp itself and cannot be changed manually.
Show Active Apps

In the Show Active Apps dialog, you can view a list of active ExApps and disconnect them from Packet Tracer. To disconnect an active ExApp,
select the 32 hexadecimal UUID (Universally Unique Identifier) enclosed in the curly brackets associated with the active ExApp then click on
Disconnect. For example, in the screenshot below, the UUID for the UPnP ExApp is da7df6ee-4709-4380-ba25-4e27cc374ae4.
Options
In the Options dialog, you can change the Listen Port Number of the Packet Tracer instance. By default, IPC uses TCP port 39000. You may
change the Listen Port Number to any available port. Also, each new instance of Packet Tracer on the same machine will use the next available port.
You may also toggle the Allow Remote Applications option which allows remote ExApps to connect and communicate with the Packet Tracer
instance on the local machine. You may also toggle Listening by either clicking on the Stop Listening or Start Listening buttons. To prevent the IPC
from listening when Packet Tracer launches, uncheck the Always Listen On Start option.
Log
The Log dialog allows you to view debug messages output from active ExApps. To clear the log, click on the Clear button.
Script Modules
Script Modules are independent entities that add new functionality to Packet Tracer similar to External Applications (ExApps). But unlike ExApps,
Script Modules run within PT rather than as external processes, and therefore, provide better integration with PT. Also unlike ExApps, Script
Modules are developed directly in PT with no external development environment needed. While the basic components of Script Modules are not new
-- PT already has had a script engine, web views, and IPC in various internal components for some time, Script Modules simply unite them and
provide a generic way to extend PT functionality.
Packet Tracer Architecture
Illustrated above is an architectural view of PT's run-time components showing that Script Modules are running inside the PT process. Script
Modules communicate with the PT core the same way that ExApps communicate with PT, using Inter-Process Communication (IPC) calls. The IPC
framework in PT has been extended to allow direct object manipulation, using objects in calls, event callbacks, and delegates. Script Modules and
ExApps can also talk to each other using the PT messaging mechanism between ExApps.
Script Module Architecture

Each Script Module can be described using the Model-View-Controller architectural pattern.
Model - PT engine and GUI accessed via IPC, Script Module data store, and save data in each pka/pkt file
View - custom interfaces in web views, written in html, css, images, js
Controller - scripts in script engine, written in ECMAScript (JavaScript)
Each Script Module has its own sandbox, and cannot access or change the sandbox of other Script Modules.
Types of Script Modules

There are two places where Script Modules can exist, and so they are named appropriately.
PT Script Modules are encrypted .pts files. They are like ExApps, added to PT by the user (or auto-detected during PT launch), and they
persist as long as PT is running. They can be started or stopped manually, started on PT launch, or on demand.
The File Script Module is contained inside each pka/pkt file. When the pka/pkt file opens, the Script Module starts; when the file closes, the
Script Module stops. The File Script Module is backwards compatible with activity files before 5.3.3 -- scripts in these pka files are loaded into
the File Script Module.
The following table is a summary of differences between the two types of Script Modules:
PT Script Module
Location
File Script Module

One per pka/pkt file
Per PT install
PT can have multiple PT Script Modules
Manage
Add/remove in Extensions->Scripting->Configure Open the pka/pkt file, and go to Extensions->Scripting->Edit File Script
PT Script Modules...
Module...
Start
On PT start
On file open
On demand
Cannot disable
Disabled
Stop
On PT close
On file close
Manual
start/stop
Yes
Yes
Security
privileges
When the user adds a PT Script Module, it

When the file opens, PT prompts the user to allow the File Script Module
shows in the dialog
to run
If a user does not feel safe with the
requested privileges, the Script Module can be
removed
If denied, the pka/pkt file may still open but not function correctly or may
be prevented from opening. The File Script Module developer decides which
action
Script Modules - Scripting Interface
The Scripting Interface is the Script Module development environment inside PT. This is extended from the Scripting page in the Activity Wizard. If
editing a File Script Module, open the pka/pkt file in PT, and go to Extensions->Scripting->Edit File Script Module to bring it up. If editing a PT
Script Module, go to Extensions->Scripting->Configure PT Script Module, add it to PT, and click the Edit button. If creating a new Script Module,
go to Extensions->Scripting->New PT Script Module.
The Scripting Interface is divided into 6 parts, and the Script Module developer would generally use them in the following order.
Info Tab
The first screen after entering the Scripting Interface gives some basic information about Script Modules and the general steps to create a Script
Module. It also provides actions associated with each step. The first step is to select a Script Module template. The templates will include Script
Modules that PT ships with, such as the PC software/services interface, chat, and visualization modules, as well as others. This can help developers
get a jump-start on a new Script Module, or it can be used to undo their changes if they make too many mistakes. This replaces the Defaults button in
the Activity Wizard Scripting page.
General Tab
The General tab is used to fill out information about the Script Module. The Info fields at the top of the page are for identifying and describing the
Script Module. The ID should be unique, and is used for saving, messaging, as well as many other important functions in PT. Because Cisco or PT
cannot guarantee the uniqueness of IDs, we recommend using the hierarchical naming pattern, for example: com.yourcompany.scriptModule1. The
password fields are used to lock the Script Module so other people cannot see or edit the Script Module. If the file saved is an activity file, the
activity password is used instead.
Startup
The Startup configuration section defines how the Script Module will start up.
If this is a PT Script Module:
On Startup: when PT starts, the Script Module will start.
On Demand: starts in the following cases:
a file opens and it has save data for this Script Module
a web view is loading one of the custom interfaces in this Script Module
a message from another Script Module or ExApp is destined to this Script Module
Disabled: the Script Module will not be started under any cases.
A File Script Module will always start when the file opens.
Security Privileges
The security privileges indicate which IPC calls this Script Module can make. Calls to unselected privileges will be denied. A developer should select
only the privileges required for this Script Module to run. Selecting more than the required privileges may lead users to think this Script Module is
doing more than described and it could be seen as a malicious Script Module.
After adding a Script Module, the user can look at the security privileges required, and may remove the Script Module if s/he feels unsafe about the
requested privileges.
When a pka/pkt file containing a File Script Module is loaded, the user will be prompted to allow it to run. If the user does not allow the script to run,
one of the following actions will take place as defined by the developer:
Continue loading the file - this may lead to a nonfunctional file because none of the IPC calls are allowed now; this may be desirable if the
developer still wants the file contents like the network to be accessed by the user.
Stop loading the file - this will make sure the file loaded will have access to the requested privileges; this is useful for example, a time
expiration for a pka/pkt file.
Script Engine Tab

This tab is used to add, remove, edit, rename, import, and export script engine files. Script engine files are scripts written in ECMAScript (Javascript)
language. The text editor allows editing the selected file in the Scripting Interface. Or if the developer chooses, s/he can edit the files in an external
editor using the #include preprocessor directive. The #include directive loads external files inline into the script engine files. Each script file can
include multiple external files. However, the included external files cannot include a reference to another external file. The Script Module only
resolves the first level of included external files to prevent file inclusion loops. When saving or exporting a Script Module with the #include directive,
it will prompt the developer to resolve and expand them inline. This should be done before distributing the pts file so only the pts file needs to be
distributed. But for the developing version, it should not resolve them so the developer can continue to use external editors to edit external files.
#include"chat.js"
The Script Engine tab also has some feature buttons to make debugging a Script Module easier. These feature buttons are:
Run File - runs (evaluates) the currently editing file in the script engine; this makes it easier to load new values and behavior into the script
engine without having to stop and start the Script Module; but be careful with this action because the script engine can now be in an unstable
state.
Start/Stop - starts and stops the Script Module
Debug - brings up the Debug Dialog for this Script Module
Custom Interfaces Tab

This tab is used to add, remove, edit, rename, import, and export custom interface files. Custom interfaces are coded in html, css, images, and js. The
js files are included in html files, and they are different from the js files in the script engine. Imported images can be displayed in the text editor. If the
developer chooses, s/he can edit the files in an external editor using the #include preprocessor directive. See previous section.
Data Store Tab

This tab is used to add, remove, edit, rename, import, and export data store files. The data store has a list of data files represented in json, xml, csv, or
any plain text format. They can be treated as files or as a hash table. Data can be added when developing the Script Module and it can also be added,
removed, and edited dynamically during run time by the Script Module. See Data Store section later on this page.
Debug Dialog
Script Modules can be debugged (primitively) in PT. Debugging is launched using the Debug button in the Info, Script Engine, Custom Interface, or
Data Store tab. Each Script Module has its own debug dialog that accesses only the Script Module. Statements can be entered into the input field, and
they will be evaluated in the script engine. The dprint() function is available in the Script Engine, as well as in web views to print out a debug
message in the Debug Dialog.
Script Modules - Script Engine

Each Script Module has one instance of a Qt Script Engine. A Script Module can contain multiple script files written in ECMAScript language
(JavaScript). When the Script Module starts, all script files are executed (evaluated) in the Script Engine in the same order as listed in the Scripting
Interface. As long as the Script Module is running, the Script Engine is running. Script Module logics should be coded in these files.
When the Script Module starts, it will call the main() function defined in the Script Engine. Setup code for this Script Module should be placed in
this function, such as adding menu items, registering for events, launching extra web views, locking GUI, etc.
When the Script Module stops, it will call the cleanUp() function defined in the Script Engine. Clean-up code should be placed here, such as
removing menu items, unregistering for events, closing any web view created by this Script Module, unlocking GUI locked by this Script Module,
etc.
Changes made to the Script Engine after it has started DO NOT take effect until it has been stopped and started again. The Run File button in the
Scripting Interface can be used to make changes to the Script Engine during run-time as described in a previous section.
The Script Engine has access to the IPC and to custom interfaces in web views as described in later sections.
IPC Access
A main part of the Packet Tracer model is the PT engine and GUI. They can be accessed via IPC calls the same way ExApps can access them.
Although they are not considered IPC calls since Script Modules are in the same process as PT, we will still use the term IPC to refer to the API that
PT exposes. Each Script Module has a set of security privileges that it requests before it can make any IPC calls to PT.
The complete IPC API reference is located at the Packet Tracer Community. They are declared in .pki files. Each file contains the declaration of an
interface, data, or PDU. An interface is a class that associates to a PT core object that the Script Module can manipulate (make calls and receive
events). Data is a data structure that is returned to the Script Module. Once returned, the data does not associate to any object in PT core. A PDU is a
special type of data that describes a frame, packet, or other PDU types that PT simulates.
IPC calls can be made from the Script Engine or in web views. The main IPC object is ipc, which is the same as the IPCFrameWork in C++ IPC
Framework, or the IPC interface in CMainParser.pki.
Direct IPC calls
Now with better integration, we can do:
varip=ipc.network().getDevice(deviceName).getPort(portName).getIpAddress();
Object Manipulation
We can also assign objects to variables, IPC calls return objects, and pass objects as arguments into IPC calls:
var device = ipc.network().getDevice(deviceName);

var port = device.getPort("FastEthernet0/0");
port.setPower(true);
port.setIpSubnetMask(ip1, mask1);
...
var otherPort = port.getLink().getOtherPortConnectedTo(port);
otherPort.setPower(true);
otherPort.setIpSubnetMask(ip2, mask2);
Events
Events use the same process as in ExApps. If the Script Module wants to be notified when an event in PT core happens, register to it first. But with
Script Module, events are handled easier and more directly:
// register an event to callback a method of an object
port.registerEvent("ipChanged", obj, obj.callbackFunc);
// register an event to callback a global function
port.registerEvent("powerChanged", null, globalFunc);
The callback function should always have the same function prototype:
callbackFunc = function(src, args) { ... }
The src argument is always an object that has three members: className, objectUuid, and eventName. They describe the source of the event. The
args argument is an object, but depending on the event, it would have different members. The members are the variable names in the pki event
definition.
For example, the IpChanged event for HostPort.pki
event: ipChanged(ip newIp, ip newMask, ip oldIp, ip oldMask) - PrivGetNetwork;
In the Script Module callback function:

Argument and members
Values
src.className
"HostPort"
src.objectUuid
port's object UUID
src.eventName
"ipChanged"
args.newIp
port's new IP
args.newMask
port's new subnet mask
args.oldIp
port's old IP
args.oldMask
port's old subnet mask
Delegates
A new type of communication is also added to the IPC just for Script Modules -- delegates. When there is functionality that PT wants Script Modules
to implement or supply, it will send that request to its delegates. Delegates are like events, except they return values back to the one sending it. They
are added in pki files:
delegate#one: bool processData(QString data, ip srcIp, int srcPort) - PrivChangeNetwork;
delegate#all: string getCustomInfo(Device device) - PrivMiscGui;
The delegate#one means the delegating source expects only one delegate and it will only execute and take the return value of the first delegate
registered to it. The delegate#all means the delegating source will execute and take the return values of all delegates registered to it. The delegating
source will define how the returned value of all delegates will be used in the delegate definition in pki file.
In Script Modules, registering for them is similar to registering for events. However, the callback functions need to return the same type as what the
delegate definition expects.
var process = ....;
process.registerDelegate("processData", this, this.callbackFunc);
var quickDeviceInfo = ....;
quickDeviceInfo.registerDelegate("getCustomInfo", null, globalFunc);
With delegates, we are able to extend PT functionality in the core, such as adding new protocols, reacting to GUI events, and suppressing default
behavior (future feature).
Event and Delegate Limitations

There is one limitation to the events and delegates -- the registering and callback functions must be in the script engine, they cannot be in web views.
This is intended as web views are not as persistent as the script engine, and it breaks the MVC design pattern.
Messages
Script Modules and ExApps can send messages to other Script Modules and other ExApps. These IPC calls use the Script Module or ExApp ID as
the destination.
// send message to Script Module or ExApps with specified ID
ipc.ipcManager().sendMessageTo("com.yourcompany.stpTree", "message");
// send message to Script Module or ExApp with specified ID and instance ID
ipc.ipcManager().sendMessageToInstance("{12345678-....}", "message");
// send message to all Script Modules and ExApps
ipc.ipcManager().sendMessageToAll("message");
Script Modules cannot run multiple instances like ExApps do, and so the sendMessageToInstance() call is not intended for Script Modules.
In order to receive messages, the Script Module needs to register to the messageReceived event.
ipc.ipcManager().thisInstance().registerEvent("messageReceived", null, onMessage);
onMessage = function(src, args)
{
doSomething(args.msg);
}
Script Modules - Web Views

Web Views
Web views are using the QtWebKit functionality to render HTML5. Script Modules use web views to create custom interfaces in PT. It can include
html, css, images, and js files. See Custom Interface tab in Scripting Interface in a previous section.
Each Script Module has a Web View Manager, which allows multiple web views. Each web view is owned by only one Script Module; no two Script
Modules can own a web view at the same time. Web views can access IPC calls the same way as in the Script Engine, with the exception that events
and delegates are not supported in web views.
Script Engine and Web View Communication

The Script Engine has access to the Script Module's webViewManager and can use it to create new web views that open up as separate windows or
use the built-in web views in PT.
In Script Engine
// create a new web view with width and height and assign it to a variable
var newWebView = webViewManager.createWebView("window title", "http://www.cisco.com", 600, 400);
newWebView.show();
...
// change url
newWebView.setUrl("http://cisco.netacad.net");
Other calls to manipulate the web view are also available, such as change title, size, window flags and modality.
The Script Engine can also ask a web view to evaluate a JavaScript statement.
In Script Engine
newWebView.evaluateJavaScript("alert('hello')");
This method is the main way for the Script Engine to talk to web views -- ask the web view to evaluate JavaScript statements to show some interface
changes. An evaluateJavaScriptAsync() function should be used for calls that initiate from a different thread than the main GUI's and the evaluate
statements may change the GUI. For example, when a process receives a packet, and it needs to change a web view, it should use the
evaluateJavaScriptAsync() function.
Web views can also communicate with the Script Engine, using the $se() built-in function.
In Script Engine
function doSomething(argInt, argStr, argBool)
{ ... }
In Custom Interface
<html>
...
<script>
function onClick()
{
// call doSomething function in Script Engine with 3 arguments
$se("doSomething", 1, "some string", true);
}
</script>
...
</html>
Each web view has a webView variable that is the IPC object of itself. It can use it to change its own properties.
In Custom Interface
<html>
...
<script>
function onClick()
{
webView.setUrl("http://www.cisco.com");
}
</script>
...
</html>
There might be cases when the custom interface asks the Script Engine to do a task, and upon completing the task or on event, the Script Engine calls
back a function in the custom interface. Because there can be multiple web views owned by the Script Module, we need a way to identify the
different web views. Each web view has a web view ID that it can pass to the Script Engine along with the name of a function call. The Script Engine
can use this ID to look up and call the function in that web view.
In Custom Interface
<html>
...
<script>
$se("doSomething", webView.getWebViewId(), "callbackFunc");
...
function callbackFunc(argInt, argStr)
{ ... }
</script>
...
</html>
In Script Engine
function doSomething(webViewId, callbackFunc)
{
...
var webView = webViewManager.getWebView(webViewId);
$wvca(webView, callbackFunc, 123, "hello");
}
There are function shortcuts for web view's evaluateJavaScript() and evaluateJavaScriptAsync(). They are $wvc() and $wvca() respectively. Their
first argument is the web view object.
Custom Interface URL Scheme
To point a web view to a custom interface in Script Modules, use this scheme: scriptModuleID:customInterfaceID. There are two predefined Script
Module IDs:
this-sm - points to a custom interface in this Script Module; this-sm:Interface0.htm
file-sm - points to a custom interface in the File Script Module; file-sm:Interface0.htm
It can also point to a custom interface in a different Script Module by using the other Script Module's ID: net.netacad.cisco.PcChat:chat.htm.
In Script Engine
webView.setUrl("this-sm:Interface0.htm");
...
webView.setUrl("net.netacad.cisco.PcChat:chat.htm");
This also works from links inside the web views.

In Custom Interface
<a href="this-sm:Interface0.htm">htm in this Script Module</a>
<a href="file-sm:Interface0.htm">htm in the File Script Module</a>
<a href="net.netacad.cisco.PcChat:chat.htm">htm in another Script Module</a>
If the target link is in the same Script Module, the ID can be omitted.
In Custom Interface
<a href="Interface0.htm">htm in this Script Module</a>
After pointing a web view to load a custom interface in another Script Module, this Script Module no longer owns the web view, and will not have
access to the web view any more. This is to enforce the sandbox for each Script Module and to prevent hijacking of web views after the page goes to
a different Script Module.
Images, css, and js files should be imported to the Script Module's Custom Interface using the Import button. Once resources are imported, the
custom interface can load them using standard HTML tags. External resources may not be resolved if an absolute path is not supplied.
In Custom Interface
<html>
...
<link type="text/css" href="jquery-ui-1.8.7.custom.css" rel="stylesheet" />
<script type="text/javascript" src="jquery-1.4.4.min.js"></script>
<script type="text/javascript" src="jquery-ui-1.8.7.custom.min.js"></script>
...
</html>
PT Built-In Web Views

There are two built-in web views in PT at the current time, the activity file instructions window and the device dialog.
Activity File Instructions Window
The activity file instructions window always renders the instructions set for the activity file. So the user can use the same instructions tab in Activity
Wizard to edit this. The File Script Module is the owner of this web view.
Device Dialog
Each device dialog has a new tab with a web view that has direct access to the device. It has a device variable built-in that is the device's IPC object.
So, within this web view, the custom interface can do the following.
In Custom Interface
<html>
...
<script>
device.getPort("FastEthernet").setIpSubnetMask("1.1.1.1", "255.0.0.0");
</script>
...
</html>
The default custom interface to render in each device's dialog can only be selected using the PT GUI. However, once a Script Module has ownership
of the device dialog's web view, it can use setUrl() in the Script Module code to change the custom interface. The PT GUI allows changing the device
dialog custom interface for this file only or for the PT globally. Go to Extensions->Scripting->Config File Custom Interface for this file, and
Extensions->Scripting->Config Global Custom Interface or go to Custom Interfaces tab in Options->Preferences for the PT globally.
PT is packaged with a PcSoftware Script Module for the PC device dialog's Software/Services tab similar to the one in Cisco Aspire Game. It also
comes with a separate Script Module for a new feature, PcChat, to be added to the main page of the PcSoftware Script Module. Because Script
Modules work in a sandbox and cannot see or change anything about another Script Module, we send messages from PcChat to PcSoftware to
register itself when it starts.
In PcChat Script Module
function main()
{
ipc.ipcManager().sendMessageTo("net.netacad.cisco.PcSoftware",
"ADD_SOFTWARE,Chat,net.netacad.cisco.PcChat:chat.htm");
}
Software in Script Modules developed by others can do the same and add themselves to the PC's Software/Services automatically.
Script Modules - Data Store

The data store is the other part of the model in the Script Module. The data store has a list of data files, in json, xml, csv, or any plain text format.
They can be treated as files or as a hash table. Data can be added when developing the Script Module. It can also be added, removed, and edited
dynamically during run time by the Script Module. They are saved in the PT options file for persistence because the user may not have write access
to the pts file, and a way is needed to save the dynamic data. The data is also saved when a Script Module is edited and saved. Use the $putData(),
$getData(), and $removeData() built-in functions.
$putData("helloData", "hello world");
var data = $getData("helloData");
$removeData("helloData");
Save Data in pka/pkt files

Dynamic data can also be added to pka/pkt files the same way as ExApps do. Register for the onSave event and in the callback function, put the save
data.
ipc.ipcManager().registerEvent("onSave", null, onSaveCallback);
...
onSaveCallback = function(src, args)
{
ipc.ipcManager().putSaveData(args.saveId, data);
}
When the pka/pkt file opens, PT will send the data to the Script Module if it has registered to the onOpen event.
ipc.ipcManager().registerEvent("onOpen", null, onOpenCallback);
...
onOpenCallback= function(src, args)
{
doSomething(args.openData);
}
When the pka/pkt file opens, before sending the data to the Script Module, PT also checks if the Script Module has started. If not, it will start the
Script Module if it is not set to disabled.
Script Modules - Data Store

The data store is the other part of the model in the Script Module. The data store has a list of data files, in json, xml, csv, or any plain text format.
They can be treated as files or as a hash table. Data can be added when developing the Script Module. It can also be added, removed, and edited
dynamically during run time by the Script Module. They are saved in the PT options file for persistence because the user may not have write access
to the pts file, and a way is needed to save the dynamic data. The data is also saved when a Script Module is edited and saved. Use the $putData(),
$getData(), and $removeData() built-in functions.
$putData("helloData", "hello world");
var data = $getData("helloData");
$removeData("helloData");
Save Data in pka/pkt files

Dynamic data can also be added to pka/pkt files the same way as ExApps do. Register for the onSave event and in the callback function, put the save
data.
ipc.ipcManager().registerEvent("onSave", null, onSaveCallback);
...
onSaveCallback = function(src, args)
{
ipc.ipcManager().putSaveData(args.saveId, data);
}
When the pka/pkt file opens, PT will send the data to the Script Module if it has registered to the onOpen event.
ipc.ipcManager().registerEvent("onOpen", null, onOpenCallback);
...
onOpenCallback= function(src, args)
{
doSomething(args.openData);
}
When the pka/pkt file opens, before sending the data to the Script Module, PT also checks if the Script Module has started. If not, it will start the
Script Module if it is not set to disabled.
Script Modules - Custom UDP Processes

With Script Modules, instructors and students can now develop and add new protocols to PT. They are called custom processes and for now, PT only
supports custom processes on top of UDP.
Create
The process can be created and started as follow:
// create the custom process on the device
var process = device.getProcess('UdpProcess').createCustomUdpProcess();
// start the process listening on a specified UDP port
process.start(1234);
Send Data
It can send data, but only supports a text payload right now.
// send data to IP and UDP port
process.sendData("text data", "1.1.1.1", 1234, null, null);
The last argument in sendData() is the outgoing port. If null, the lower processes, such as routing process on routers, would decide the outgoing port.
Or it can be supplied:
// send data to IP and UDP port and FastEthernet port
var outPort = device.getPort("FastEthernet");
process.sendData("some data", "1.1.1.1", 1234, null, outPort);
The second to last argument in sendData() is the frame instance. It is used in Simulation Mode to show the PDU color and details, such as what
decisions are made on the PDU. There is currently no representation of the PDU format in PDU Details.
// create a frame instance with color and destination
var frameInstance = process.createFrameInstance(0xff0000, "1.1.1.1");
// add a decision node so it shows in PDU Info
if (frameInstance != null)
frameInstance.addDecision("CHAT_SEND", "The chat process sends a message.", false, 7);
process.sendData(data, dstIp, dstPort, frameInstance, null);

// finalize the frame instance so it shows up in Simulation Mode
process.finalizeFrameInstance(frameInstance);
Receive Data
When the custom UDP process receives a packet, it would use the delegate mechanism to have a Script Module do custom processing with the
packet. First, the Script Module needs to register for the delegate, and then in the delegate function, process the data.
// register for the processData delegate
process.registerDelegate("processData", null, processData);
processData = function(src, args)
{
doSomething(args.data, args.srcIp, args.srcPort);
}
Script Modules - Tips
The dprint() function is per Script Module. Check the Debug Dialog of the correct Script Module for these outputs.
Changes made to the Script Engine after it has started DO NOT take effect until it has been stopped and started again.
A web view can only be owned by one Script Module at a time. When a Script Module points a web view to a custom interface in another
Script Module, it transfer the web view's ownership to the other Script Module, and will no longer have access to it.
Local resources for custom interface such as images, css, and js files should be imported into the Custom Interface tab. External resources
may not be resolved if an absolute path is not supplied.
Editing a Script Module does not save it to disk until you click on Save in the Scripting Interface for PT Script Modules, or File Save for File
Script Modules.
Script Modules need to clean up when stopping by placing clean-up code in the cleanUp() function. Menu items added, web views created,
GUI locked, and anything else done at or after the Script Module started should be cleaned up.
Data store files of all Script Modules are saved in PT options. They are not saved to the pts file unless the user edits the Script Module and
saves it to pts file.
Events and delegates are not supported in web views.

JavaScript statements to web views that may change the GUI, such as alert popups, layouts, HTML element changes should use
evaluateJavaScriptAsync(). Using evaluateJavaScript() may crash PT.
After creating a new web view, show() needs to be called in order to show the web view.
To check a connectivity test PDU, use AssessmentModel.getLastConnectivityTestResultsAt(index).
To check a PDU from the user's working network, use AssessmentModel.getPDUStatus("Scenario Name", index). If the user's PDU is a
periodic PDU, you must stop it first, otherwise the status will always be "In Progress". To stop it, use
AssessmentModel.stopPeriodicPDU("Scenario name", index).
JavaScript's setTimeout(), setInterval(), clearTimeout(), and clearInterval() are supported in both the Script Engine and web views.
Use AssessmentModel for activity file related calls. See API for reference.
setExclusive() in CIpcManager.pki affects both ExApps and Script Modules. Once an ExApp or Script Module makes this call, all other
ExApps and Script Modules will be disconnected.
Sample Files, File Compatibility, and Design Patterns

There are over 300 Packet Tracer .pka files that exist embedded in the Discovery and Exploration courses. They are also packaged for instructor
convenience in the Tools section for a given course in Academy Connection. Included with this version of Packet Tracer are two ways to open files:
Open and Open Samples. The Open selection will access a local directory that you choose upon installation and can change through the Options >
Preferences > Administrative tab. The Open Samples choice will access a directory within the Packet Tracer installation directory, and includes
sample activities of some of the new protocols in this version of Packet Tracer.
There are also three ways to save files. The Save selection will access the directory you specified (in a Windows environment, in "My Documents"
typically. The Save As selection allows you to choose different directories at the time of the save. Finally, Save As Pkz creates a zip-like collection
of .pka files and associated graphics, templates, and other files to allow a more customized experience in an activity file. In the following sections,
we suggest four design patterns approaches or problem templates for authoring your own .pka files: concept builders, skill builders, design
challenges, and troubleshooting. We encourage you to modify existing .pka files, share your own files, or write them from scratch using the extensive
new Activity Wizard features, following one of the four main design patterns, described in more depth below.
Concept Builders
Concept builders are model-building inquiries and investigations leading to student-created explanations and animations of networking concepts,
especially device algorithms and networking protocols. One intended use for Packet Tracer is for students to construct their own model or virtual
networks, obtain access to important graphical representations of those networks, animate those networks by adding their own data packets, ask
questions about those networks, and finally annotate and save their creations. The term "packet tracing" describes an animated movie mode where the
learner can step through simulated networking events, one at a time, to investigate the microgenesis of complex networking phenomena normally
occurring at rates of thousands and millions of events per second.
For example, a simple concept builder prompt might be "Illustrate the forwarding behavior of hubs" or "Demonstrate the filtering, forwarding,
flooding, learning, and aging behavior of switches." Other prompts might include: "Build a PT network that compares and contrasts the behavior of
hubs and switches," "How does switch behavior differ from router behavior?," and "Build a model demonstrating the behavior of ARP, ping, trace,
CDP, RIP, or EIGRP." More complex modeling might be prompted by "Model a network that you use at home or at work," "Illustrate the behavior of
ping with empty ARP tables on a LAN and across a WAN," "Demonstrate the building of RIP and EIGRP routing tables," or "Create a routing loop
with static routes and show how the TTL field of an IP packet launched into this loop is decremented."
Many users may want to model networks they encounter at home or at work. Though this is often limited by the current device and protocol feature
set of Packet Tracer, reasonably sophisticated models can be built. Model-building may be an effective way to learn many networking concepts, and
often leads to more questions and research projects. Concept building problems are probably best written as blank or partially completed .pkt files.
Given the open-ended inquiry nature of modeling, it is somewhat difficult to author an appropriate .pka file. Some instructors may want to give
students a pre-existing topology via a .pkt file and focus students on different packet scenarios; other instructors may want to focus students on
modeling a sequence of networks, from scratch, such as PC to PC, PC to hub, and PC to switch, and then on to more complex combinations of
switches, routers, and clouds. Some instructors have students present their Packet Tracer models to the class.
Skill Builders
Skill builders support algorithmic problem solving in support of the development of networking procedural knowledge. For example, simple skill
building problems can include having students complete hands-on practical labs in Packet Tracer before working on real equipment (as a pre-lab, or
what some call a lab entry ticket); after having worked on real equipment (as a post-lab review); or just for practice (similar to an e-lab, but without
as much structure). Within the limits of Packet Tracer modeling and supported command set, and often with some minor modifications required, IOS
configurations may be exported (as text files) for input into real switches and routers. Such configuration files may also be imported back into Packet
Tracer. Hence students might create and test their lab configurations before attending class, hopefully getting more out of their often limited time on
real equipment.
Skill builders can be as complex as Packet Tracer versions of hands-on skills exams. Skill builders may be authored as simple .pkt files with either
integrated or printed instructions (handouts). Skill builders may be also be authored as .pka files with the configurable components specified in the
grading tree. The use of the .pka activity timer is particularly relevant for skill building activities. For example, friendly competitions can be held to
see how well students have mastered configuration tasks.
Design Challenges
Design challenges are constraint-based problems with multiple correct solutions. They may range from very simple (devise a classful addressing
scheme for a network consisting of 2 PCs and 2 routers), to intermediate (devise a VLSM addressing scheme for a school with various classroom and
administrative subnet needs), to complex (doing large parts of semester case studies in Packet Tracer). Some instructors have students use Packet
Tracer to verify the functionality of IP addressing schemes they have designed. Design challenges are probably best done as blank or partiallycompleted .pkt files: given the open-ended nature of many design problems it may be difficult to author a graded .pka activity because the current
version of the activity wizard, despite the variable manager, still has limited provisions for determining equivalence between the multiple correct
answers that often occur in design problems.
The physical mode of Packet Tracer (with its Inter-City, City, Office, and Wiring Closet views), ability to load background images, and a variety of
other annotation features (such as "i" boxes for network and scenario descriptions, customizable device names, place note tool, translatable GUI) may
also be relevant for contextualizing case-study type design problems. Some instructors have students create designs in Packet Tracer and defend them
in classroom design reviews before allowing students to implement them on real equipment.
Troubleshooting
Troubleshooting activities include diagnosing, isolating, and fixing the simulated network from a previously bugged network file. Troubleshooting
problems may range from simple (Ethernet speed and duplex mismatches, IP addresses on the wrong subnet, incorrect choices of cables, or missing
clock settings on serial interfaces) to complex (improper VLSM schemes, incorrect routing updates, multiple interacting network faults). Both .pkt
network files and .pka activity files may be effectively authored for troubleshooting-type problems. Precisely controlled troubleshooting situations
may be authored as .pka files with the configurable components specified in the answer network (grading tree) of the Activity Wizard. For example,
even very complex networks with thousands of potential configurable components can have a single bug introduced, and a .pka activity authored
which requires the student to diagnose, isolate, and fix that one bug to complete the activity. The use of the .pka-file activity timer is particularly
relevant for troubleshooting activities; for example, friendly competitions to see how efficiently students can repair a network.
Packet Tracer Translation Process

Packet Tracer supports semi-automated translation to all Unicode-supported languages. The first part of this guide explains the translation process for
the main application. The second part explains the process for translating the help files. A short FAQ guide is provided at the end of each part to
answer questions regarding the processes.
Overview
The translation process involves the translation of three separate parts of the program, each one with a small dependency on the translation of the
Main Application. The most important translation is the main application as described in Part 1. This will translate the interface of the program. The
help file screenshots depend on the translation of the main application in order to display the graphics in the translated language. The save files
reference the language files to use upon opening the program so that the program will display in the native language of the save file if available.
To standardize the language files, the naming convention for language filenames should follow ISO 639-2. Packet Tracer uses the Alpha-3 code for
representation of names of languages. A list of language names to code is defined here: ISO-639-2_values_8bits-utf-8.csv. An example of an
appropriate name is: "English_eng".
Translation Best Practices

Please consider the following best practices when translating:
Agree on terminology that will be used BEFORE starting translation
Ensure terminology is consistent throughout the GUI
Have a subject matter expert, other than the translator, review the translation when it is complete
Allow for text expansion, words may need to be translated differently to accommodate limited space
Formatting should be the same as English version
Where possible, try to utilize a tool that enables the use of translation memory.
Part 1: Translating the Main Application

Required Tools
Cisco Packet Tracer
Qt Linguist
File to be translated (*.ts file)
Setup:
You can translate to another language or change/continue translations on a previously translated language file. If you are translating to a new
language, copy "template.ts" to "<new language name>.ts". Be sure that the <new language name> follows the ISO 639-2 standard defined in the
overview section above.
Instructions:
1. Open Qt Linguist.
2. Go to File-->Open and choose the "<language name>.ts" file to translate.
3. Select an unfinished context on the left navigation bar.
4. Enter the text in the Translation text field and mark finish by pressing Ctrl + Enter. (See additional important notes below.)
5. Release the language file [File-->Release As], from fromat type menue select All files (*) and save it as "<language name>.ptl" in the
"\languages" folder. Remember to save this project (the .ts file) by [File-->Save As] as well as releasing it. The help files will reference this
project file.
6. Open Packet Tracer. In the Options-->Preferences, Interface tab, select the recently translated language and restart Packet Tracer.
7. Packet Tracer is now translated.
Some Important Notes:
1. Variables: %1, %2, %3, %n, and [[SOME_VAR_NAME]]. Do NOT translate those variable names. However, moving the variables as makes
sense is fine.
2. Accelerators: The character "&" defines an accelerator key. An example of an accelerator is &File, pressing Alt-F on the keyboard is
equivalent to clicking on the file menu. When you are translating to another language, an accelerator key can be placed on any character, but
be sure to not use the same character twice.
3. Rich text: HTML tags may be used to manipulate the text shown on screen. Rich text is useful for certain language fonts that are too small or
too large.
FAQ:
Q1. Where do I find the "template.ts" file?
A1. It is located in the "languages" folder of the installation path for the application. Example: "C:\Program Files\Packet Tracer 5.2.1\languages"
Q2. Do I need to translate the whole file before I can see the results?
A2. To see the results at any point in the installation, just release the file and place it in the languages folder. Then select the language in the
Preferences window of Packet Tracer.
Q3. I have some network files (.pkt) and some activity files (.pka) that need to be translated. How do I go about translating those?
A3. To translate the content in the saved files (e.g., device names, information boxes, or activity instructions), you must open those files and edit
them in Packet Tracer.
Part 2: Translating the Help Files

Required Tools
Fully translated Cisco Packet Tracer
A text editor (for example, Notepad++); however, it is recommended that you use an HTML editor (for example, Adobe Dreamweaver)
GIMP to take and edit screenshots.
Adobe Captivate for translating tutorials
Translating HTML Text Content:

Working in the duplicate folder (e.g., "\help\japanese_jpn"), open each .htm file in a text editor or HTML editor (recommended). Translate the text
content in each file and save when finished.
Note that the HTML source code uses the style sheet definitions found in the "styleMenu.css" and "styleNormal.css" files.
Recapturing Screenshots:
1. Start Cisco Packet Tracer.
2. If Packet Tracer is not already using the desired language, go to Options->Preferences and change to the desired language. Also disable screen
reader support if not already done so. Restart Packet Tracer.
3. Click on the desired window to capture (e.g., the Activity Wizard Answer Network page).
4. Hold down the Alt key on the keyboard and press Print Screen on the keyboard.
5. Open an image manipulator program and create a new blank document.
6. Go to Edit > Paste to paste the screen capture into the new blank document.
7. Add any additional edits to the screenshot.
8. Go to File > Save As and browse to the images directory (e.g., "\help\japanese_jpn\images\").
9. Save the image using the same name as the original screenshot and in the JPEG format (e.g., "activityWizard_answerNetwork_1.jpg").
Part 3a: Translating the Tutorials

Required Tools
Cisco Packet Tracer
Adobe Captivate 2 or greater
Setup
Important: Make sure screen reader support is disabled while capturing the tutorials.
In the "\help\language" folder, replace all of the tutorials in the tutorials folder with the newly captured localized tutorials. More information about
using Adobe Captivate can be found in the help files for Captivate.
Translation Process
1. Start Cisco Packet Tracer.
2. If Packet Tracer is not already using the desired language, go to Options->Preferences and change to the desired language. Also disable screen
reader support if not already done so. Restart Packet Tracer.
3. Start a new Project in Captivate and capture using the Demonstration mode.
4. Select the Packet Tracer window to be captured.
5. Click the record button. You may follow the default installed English tutorials step by step or create your own if desired. It is advisable to
have another computer running the original tutorials if you wish to follow the originals.
6. After the tutorial is done, press the End key or whichever key was set to end the capture.
7. Save the project. Publish the project to the "help\language\tutorials\" folder using the same name as the original file.
The tutorial should now be translated. Repeat the process for the remaining tutorials.
Part 3b: Translating the Tutorials (Captions Only)

Required Tools
Cisco Packet Tracer
Adobe Captivate 2 or greater
A good word document editor, such as Microsoft Word.
Setup
Obtain the tutorial source from the Academy Connection forums.
Translating Captions
1. Open Adobe Captivate.
2. Go to File-->Open and choose the " .cp" file in the duplicate folder (i.e. "\help\japanese_jpn\tutorials") to translate.
3. Once "<tutorial title>.cp" file has been loaded, go to File-->Import/Export and choose Export movie captions.
4. Save the captions (you may be asked to overwrite the file, if so, accept).
5. Leave Captivate and the "<tutorial title>.cp" file open.
6. Open Microsoft Word or an equivalent word document editor.
7. Go to File-->Open and open the "<tutorial title>.doc" file that was exported in step 3.
8. Under the Original Text Caption Data and Updated Text Caption Data, translate the text content under those categories (both of them
should have the same text).
9. Once finished, save the word document and follow the instructions from the Compiling the Tutorial section below to implement the translated
captions.
Compiling the Tutorial
1. With Captivate and "<tutorial title>.cp" still open from step 5 of the Translating Captions section above, go to File-->Import/Export and
choose Import movie captions.
2. Open the translated word document containing the caption from the Translating Captions section above.
3. Once the translated captions has been imported successfully, go to File-->Publish.
4. Browse to the duplicate folder (i.e. "\help\japanese_jpn\tutorials") if the directory is not pointed there.
5. Click on Publish (you may be asked to overwrite the tutorial, if so, accept).
The tutorial should now be translated. Repeat the process for the remaining tutorials.
Frequently Asked Questions (FAQ)/Troubleshooting Guide

General Issues
1. My computer frequently crashes when I use Packet Tracer.
2. The program screen is cluttered with too many windows! I can't see the workspace.
3. What Cisco IOS version do the routers and switches support?
4. Can I learn the necessary information for CCNA certification just by using Packet Tracer?
5. Does Packet Tracer support all of the features found in Cisco devices?
6. When I make an entry into a text field (such as an IP address), how do I know it goes into effect? Is there an "Apply" button?
7. Can I create unlimited devices?
8. I cannot access the tutorial files.
9. May I distribute Packet Tracer to my students?
10. Why is Packet Tracer running so slowly?
11. Some text in the program is cut off or is not correctly displayed.
12. I have a saved topology from older version of Packet Tracer. Can I open it with this version of Packet Tracer?
13. What is the password to edit the included activities with Activity Wizard?
14. When I try to launch Packet Tracer in Ubuntu 6.10, the terminal gives a Fatal Arithmetic error.
15. I have a saved topology from this version of Packet Tracer. Can I open it with an older version of Packet Tracer?
16. How do I convert PKA files to a PKT file?
17. If I save my file in the default Packet Tracer saves directory in Windows Vista, the save file is found in another directory. However, if I choose
another directory, this issue does not occur.
18. When I try to launch Packet Tracer in Wine, Packet Tracer crashes.
19. On Ubuntu, if I try to create a custom device template, an error message pops up stating "Unable to write to file."
20. How can I save the PKA that I have opened in Activity Wizard to a different file (i.e. Save As)?
21. Is it possible to drag and drop a save file from my operating system inside Packet Tracer to load up the save file?
22. How come the Recent Files list is empty?
23. How do you create an activity PKZ file?
24. How do you modify a PKZ activity file?
25. When creating PKZ files, do I need to ensure all of the background images are in the same folder as the PKA/PKT file?
26. My display resolution is 1024 x 768 or lower. When I go to Simulation Mode and click on the Auto Capture / Play button, events are not
displayed in the Event List.
27. Why doesn't Packet Tracer display fonts properly in Linux?
28. Why does Packet Tracer stop abruptly when right clicking on the Windows taskbar and then selecting "Close Group"?
29. I can't seem to write options to the Packet Tracer installed folder using the function in Preferences.
30. How do I save images added to the cloud for the TV correctly?
31. What's the transparent bar at the bottom edge of the workspace and is there a way to get rid of it?
32. Packet Tracer looks bad in Ubuntu (fonts, layouts, buttons, etc.).
33. Ctrl+Break doesn't work on Linux.
34. All router config windows are closed without warning when closing the Preferences window.
35. Why can't I connect to another Packet Tracer instance using multiuser?
36. Why do upnp.exe and PTUpdater.exe not quit after I submit my online PT exam?
37. When I use the Save Offline Copy feature for Multiuser, sometimes the remote networks in the offline copy will not go up (i.e. link lights stays
red).
38. I do not see the arp, bandwidth, delay, and other commands for the 2960 Switch, as well as some other switches. Why are they missing?
39. I do not see the Hop Limit field in the PDU information window.
40. Why are the IPv6 Src/Dest address fields not taking up four rows each?
41. Why can you only use Courier and Courier New for the CLI text?
42. Why can't I close the LAN Multiuser Agent and WAN Multiuser Agent windows?
43. Why do parts of some PKA instructions get replaced by strange characters after it has been saved and reopened?
Specific Issues
1. In the Physical Workspace, the wiring closet does not display all of the devices I have created in the Logical Workspace.
2. If I turn off the ARP filter in the Event List Filters, does that mean devices won't build ARP tables?
3. Does Packet Tracer use the Spanning Tree Protocol?
4. How does loop-breaking process work in Packet Tracer? Why don't I have the option of viewing packets associated with the loop-breaking
process?
5. When I reset the network in Simulation Mode, why do some switch ports show amber link lights and stay that color?
6. Why does the command clockrate not work?
7. I created a ping packet in Simulation Mode and ran it. Why do I still see packets/frames (like CDP) running on the network after the ping process
is completed?
8. When I issue an extended ping, the parameters I am asked to fill in do not match an extended ping on a real device.
9. Why can't I access sub-interfaces on serial ports?
10. Why can't I test port connectivity with a command such as ping 192.168.1.5:80?
11. Does Packet Tracer support VTP?
12. I can't seem to add a secondary address to a port.
13. How does the Auto settings for bandwidth and duplex work on a port?
14. At the end of a simulation (after the last event), I viewed a device table (such as ARP or MAC) and saw that it was blank. Why is this?
15. Sometimes the CLI screen seems to display text incorrectly. For example, when activating an interface, the router prompt appears at the end of
the sys log message instead of a new line.
16. When I make the interface a trunk port in a interface sub-panel for the switch (under Config), the VLAN range is set to 1 to 1005 even though the
switch does not have that many VLANs set up?
17. When I turn off a router that has its link lights up and then turn it back on, why do the links remain down?
18. When I choose a tool from the Common Tools Bar (such as the Inspect tool), how can I cancel that tool or deselect it?
19. What's the difference between the Reset Simulation button and the Power Cycle Devices button?
20. When I use the Add Simple PDU tool to ping a router, the destination IP address is the Ethernet interface rather than the serial interface. What
determines the default destination interface for a ping?
21. When I have a static route and RIP configured on a router, why is it that the static route with an administrative distance of 1 is preferred over RIP
routes with an administrative distance of 120?
22. When I configure static NAT on a router and perform a ping, why does the router eventually lose the NAT translations after several successful
pings?
23. When I enter an EIGRP network command, such as network 192.168.1.0 255.255.255.0, the result should be network 0.0.0.0 255.255.255.0
instead. However, on a real router, the result is actually network 192.168.1.0.
24. When I try to do an extended ping in the CLI with a source IP address that doesn't belong to the device, it gives me an invalid source error
message.
25. In Simulation Mode, when I only have a single Event List Filter enabled, such as UDP, and then click on Capture / Forward, I get the message,
"The maximum number of events has been reached..." This is counter-intuitive since no events are shown in the Event List at all.
26. When a router doesn't have a next hop MAC address, it sends an ARP request and will drop the ICMP packet as well. Is this normal behavior?
27. When I save a configuration to the router NVRAM (wr mem or copy run start), the router does not save the configuration when Packet Tracer is
shut down. This only occurs if you save the topology.
28. When you use the same network/subnet on two different devices, the Cisco IOS CLI reports an error saying that the IP address conflicts with
another interface.
29. Which cable do I use to connect an Access Point to other networking devices?
30. What is the difference between the activity file (.pka) that I author and the activity file that I give to others?
31. Is it possible to import or open Packet Tracer activity files from a previous version?
32. What is the correct version for EIGRP? I have seen only two versions, v0 and v1. However, in the PDU Information Window, the version
reported is version 2.
33. In Simulation Mode, why do some devices/ports sometimes buffer frames and say the ports are sending other frames when there are no frames
shown in the Event List?
34. When creating multiple connections between the same two devices (e.g. trunking), the cables connected earlier may be hidden by the new ones.
How do I know how many cables are connected?

35. Using the Activity Wizard, how do I lock out the GUI configuration for routers and switches to force the users to use only the CLI?
36. What happens to the IP address of a device when I duplicate the device?
37. What is the limit for the number of wireless hosts and access points in the same coverage area?
38. When I create a template of a device with additional IOS images besides the default IOS image, only the default IOS image of the device appears
in the custom device.
39. Is Realtime mode exactly in sync with real world time?
40. Why, when I enable logging and configure devices in the CLI and then save the file, does the save file not save the log?
41. When I send a PDU over devices with multiple links between them, with one of the links shutdown, why does the PDU traverse the shutdown
link instead of the active link in Simulation Mode?
42. Why do I get two different average round trip times for the exact same pings in Realtime Mode and Simulation Mode?
43. When I issue the "clear ip route *" command in CLI, it doesn't clear the routing tables.
44. Why can't enable secret passwords be assessed reliably in activities?
45. I can add a WEP key that is out of the hex range for the Linksys router when I shouldn't be able to.
46. In the Event List filter window, why does unchecking HTTP filter have no effect when TCP is checked?
47. Why does the Inspect tool have no effect on the Linksys router?
48. When I telnet into another device, the config tab does not work.
49. Why do static routes with admin distances of 255 show up on the routing table?
50. Packet Tracer crashes when I have many instances of Packet Tracer opened.
51. How can configurations from Packet Tracer and real devices be used in activities to check enable secret and other passwords with service
password-encryption on?
52. Why are values in Config tab not changed when I have already changed them in console?
53. Why do HTTP packets still show up when I have the HTTP filter unchecked?
54. Why does Packet Tracer generate the same encryption string when the same password is entered more than once?
55. How do I add a graphic image of a topology in the activity instructions?
56. Why am I able to add and remove content from the activity instructions window when it should be read-only?
57. When I enter "show interface s0/0/0" in the CLI, the IOS output says "show interface s0/0/0" is an ambiguous command.
58. How come I cannot use Variable Manager for scoring with VLAN interface IDs (SVIs)?
59. Is there a way to speed up convergence of the network when I open a file? Sometimes my activity is graded incorrectly since the answer network
hasn't converged.
60. I cannot make a Multiuser connection between Windows and Linux machines.
61. I can still access the Config tab of a router or switch even if there is an enable secret password in the running configuration.
62. Is there a way to distinguish between outgoing and incoming Multiuser remote network clouds? Also, when I have an incoming Multiuser
connection, Packet Tracer creates a Multiuser remote network cloud if the name is incorrect.
63. When I try to set a variable value to Elemental Position in Variable Manager, the value sets itself to zero and cannot be changed to any other
position.
64. When I try to copy text from the CLI tab using "Ctrl + C", the output has unorganized text that can be dragged around.
65. How come I am able to enter negative point values for Assessment Items in activities?
66. Can a wireless PC associate to an access point that is from a Multiuser remote network?
67. When I try to create a loop on a switch by connecting a straight-through or cross-over cable to different ports on the same switch, I get a
connection error stating that "The cable cannot be connected to that port?"
68. How come when I have multiple wireless profiles in a wireless PC and then delete the wireless router that the wireless PC is currently associated
to, the wireless PC does not automatically associate to the other wireless routers that has a profile?
69. In Physical Workspace, sometimes the geoicons do not work correctly. For example, I am able to move the geoicons beyond the "border." Also,
the geoicon labels are sometimes detached from the geoicon itself after navigating between locations.
70. How come the output for various commands in Packet Tracer, such as "show ipv6 nat translations," is different from a real router?
71. When I click on Save Settings in the Applications & Gaming section in the Linksys GUI, the last item in focus does not save.
72. How come when I create a complex PDU, the Outgoing Port drop-down list does not contain any ports?
73. The Variable Manager Interface in the Activity Wizard Answer Network panel is too narrow.
74. When I have a router with 2 LANs (e.g. 192.168.1.1 and 192.168.2.1), a PC with an IP address in the 192.168.1.0 network can be pinged by a PC
in the 192.168.2.0 network even if the PC in the 192.168.1.0 network has the incorrect default gateway (e.g. 192.168.2.1).
75. When I copy and paste the entire "show running-config" output in Global Config Mode, some commands return "% Invalid input detected at '^'
marker."
76. When I undo a deleted device/link that was connected to a Multiuser remote network, Packet Tracer crashes.
77. When I delete a link to a Multiuser remote network, the link isn't removed from the Multiuser remote network.
78. Packet Tracer appears to be able to ping a default gateway that does not exist.
79. When I am configuring Frame-Relay, the "show running-config" shows that the encapsulation is IETF, but the "show frame-relay lmi" command
shows that it is Cisco.
80. The Linksys router icon looks too similar to the Cisco 1841 ISR icon.
81. When I create a new file, a registered IPC device creation event such as deviceAdded in the previous topology disappears.
82. Does Packet Tracer support SHA1 encryption?
83. The source IP address field does not appear in the Add Complex PDU dialog.
84. Where does the server device look for images to load pages with image tags from?
85. When routers exchange routes to the same route, their routes become possibly down after a while.
86. Where are the RADIUS and TACACS server configurations for the server device?
87. Why am I not able to move or control cables connected to Multiuser remote network clouds in Physical Workspace?
88. How do I navigate to a previous cluster level or Physical Workspace level?
89. When I close a device dialog while in Simulation Mode, the simulation resets.
90. Where is the Viewport feature located in Physical Workspace?
91. When I issue the command "show crypto map", the output differs from what I see on a real router.
92. When I do "show cdp neighbors" after loading a save file, not all neighbors are in the output, but the neighbors show up after a while.
93. If I move a device with a BendPoint or GroupPoint in Physical Workspace, the BendPoint or GroupPoint disappears.
94. Packet Tracer generated a configuration file on my computer's local user directory.
95. The Ethernet interface configuration dialogs in the GUI looks different from other types of interfaces.
96. When I try to issue CTRL + Shift + 6 + X on the keyboard to terminate a telnet session on a PC device, nothing happens.
97. The number of packets encapsulated and deencapsulated shown in the "show crypto ipsec sa" are not equal.
98. Sometimes when I view PDU details of STP packets, the PDU details would say SSTP Multicast Address instead of STP Multicast Address.
99. The MIB Browser does not have a horizontal scrollbar for the MIB tree so it is hard to navigate and view the tree.
100. Why do wireless end devices sometimes form random associations?

101. When I add a DNS resource record with the name in upper-case letters, Packet Tracer adds the name in lower-case instead.
102. Cables in Physical Workspace aren't redrawn correctly while resizing objects.
103. When I close the Preferences dialog, any other dialog that I have opened closes also.
104. When I click on the link lights on a cable, the connection detaches from the nearest connected device and I am able to make a connection with
the same cable again.
105. Switches are not able to detect a new route when an old route is down.
106. I was trying to create a device after clicking on the Place Note tool. The mouse cursor stayed as the Place Note cursor icon, instead of the Select
tool cursor icon. Why is it like that?
107. Frame-relay map statement is not accepted under interface mode. When I run the command to add a map it says "%Address already in map". I
get this message even after I delete the entry and try to add it again.
108. In the Activity Wizard, when I click on the close button on the Instructions window, the window gets minimized.
109. In a router or switch's CLI, sometimes when I type a password, "circles" or "asterisks" fail to appear while entering characters for the password.
110. Why are end devices with the Linksys WMP300N module able to connect to a Linksys router that operates in BG-Mixed mode?
111. Which types of wireless networks do the Tablet PC and PDA support?
112. I changed the time and date on an NTP server on a server end device. After closing the server device dialog, and reopening it, the time and date
reverted back to the previous settings.
113. When I try to ping a host that is connected to a Linksys router's LAN port, the ping fails.
114. Pressing Ctrl+A on the keyboard does not select all text in certain areas of the GUI.
115. Even though there is no power cord attached to an IP Phone, it still appears to be on.
116. When I hover over an end device that is supposed to be configured with a line number, the line number only shows when I open the Cisco IP
Communicator.
117. When I enter the command "mac-address H:H:H" in ephone configuration mode, I receive an invalid input error message in the CLI.
118. When I press the "Do" "Re" or "Mi" notes in the GUI of the phones, I don't hear anything.
119. I connected a cloud's Ethernet6 port to a router. When the cloud receives a DHCP packet, it does not send out to the Ethernet6 port. Why?
120. Why does Packet Tracer always do PAT when there is no overload command?
121. When I use the Copy from Answer Network function in the Initial Network panel of Activity Wizard, the variables from the Answer Network
do not get copied over.
122. When I try to copy and paste a Multiuser cloud, nothing happens.
123. When I try to create a multiuser connection while in Activity Wizard, an error message appears stating that "Cannot make multiuser connection
to this instance of Packet Tracer."
124. After I invoked the command "ssid test" from interface Dot11Radio0/3/0 on a router, there still seems to be some kind of wireless signal
detected on a wireless PC. Is this correct behavior?
125. When I switch from Realtime Mode to Simulation Mode, the time seems to shift forward.
126. When I press CTRL+C or CTRL+Shift+6 to terminate a traceroute, it doesn't work.
127. When I try to telnet to a switch from itself, the connection attempt times out.
128. Packet Tracer's CPU and memory usage increases when I have a network with many switches connected in loops.
129. When I leave the WEP key field blank on a wireless device and click on a button in the Config tab, the button remains depressed after I get the
WEP key cannot be empty error popup.
130. Why do the routing tables display the CIDR subnet mask such as /30 on routers connected by serial connections?
131. Why is the CPU usage from Packet Tracer so high sometimes?
132. Why do 1841 Routers not support voice commands anymore?
133. Why in Simulation Mode, CDP packets are shown even though they are not selected in the Event List Filters?
134. Why are the routing tables different when I reopen a file that involves route redistribution?
135. Why does the PC Web Browser not detect IPv6 addresses like aaaa:2::2 as a valid address?
136. When I tried to move a device inside a cluster in maximum zoom out mode, the move object popup is not aligned with the device.
137. When I changed the MAC address of the Fast Ethernet port on a PC, the IPv6 link local address doesn't change accordingly.
138. Why does PT print out "UUUUU" instead of "NNNNN" if a ping's source IP is beyond scope (source IP is a link local address and the
destination IP is beyond its LAN)?
139. When I copy a device inside a cluster, I cannot paste the device into a different cluster?
140. When I issue the command "show interface" on a router, the output shows that the line protocol is up even though it is the DTE interface and the
DCE interface has not been issued the clock rate command.
141. There is CLI for the frame relay cloud. The only option is to configure using the GUI.
142. When I author a PKA with variables in assessment items and then try to test my activity, certain assessment items such as the default gateway or
DNS server IP addresses are marked incorrect, even if the values are equal to the answer network.
143. After creating a complex network, clicking "reset simulation" does not clear ARP tables or DNS caches. Is this a bug?
144. In the activity wizard circling tool, how come some shapes do not grade correctly?
145. Can I add two wireless modules to an end device?
146. When I pasted in my commands to a router, the case is not preserved. For example, I pasted in "hostname R1" and PT changed it to "hostname
r1".
147. If I setup a network with two LANs, can one PC from one network ping another PC from the other network?
148. I cannot find "show device dialogue taskbar" in preferences anymore. Has it been removed?
149. Why can't I find any routing configuration on the 3560-24PS switch when I open my file in PacketTracer6.0?
150. When I setup a server with two NICs, and I setup a PPPoE dialer, the connection fails. Why is that?
151. When I mouse over Octal cables, it doesn't show much information. Why is that?
152. Why does PT crash when I test activity or load an activity with 0 sets of object locations?
153. Why are IPv6 Neighbor Discovery Protocol (NDP) packets are labeled as NDP instead of ICMPv6?
154. For IPv6 addressing, why don't we get a partial credit if we enter the prefix length correctly but with a wrong IPv6 address?
155. What should I expect to see on Netflow Collector GUI when it receives a flow that matches one of the flows that it has in the cache?
156. Why does the alert saying "Cannot write to file" sometimes appears when I save my scripts?
157. Why does the device show a default hostname in Packet Tracer 6.1 and not in previous versions?
158. Why does "standby version 2" always show up in the running configuration when HSRP is configured eventhough the command was not
entered?
159. Why does Packet Tracer fail to elect the correct root for (R)STP causing loops in the topology when a hub is in between two switches?
Protocol Modeling Issues
1. For EIGRP, why are new adjacencies being formed after the "no auto" command--this does not happen on real routers?
2. Why does the "no keepalive" command give me an error in some situations?
3. On real devices, the link lights would still come up if there is a duplex mismatch between both sides of the Ethernet connection. Why does Packet
Tracer not model this behavior?
4. On real switches, if there is a native VLAN mismatch on both sides of the same trunk, CDP and STP would print out error messages. Why does
Packet Tracer not model that?
5. I cannot disable STP on switching devices.
6. On a real device, I can ping the loopback address 127.0.0.1, what about in Packet Tracer?
7. On a real router, I can configure an interface with a valid IP address and subnet mask even though it is a supernet (e.g., 172.24.11.1 255.254.0.0),
but in Packet Tracer it says that the subnet mask is a "Bad mask."
8. I cannot configure an IP address on a modem interface module on the router, but there is a configuration interface in the Config tab.
9. If there is a DHCP request with two or more DHCP servers, and then a DHCP request fails due to a possible collision when the DHCP servers try
to respond simultaneously, there should be lots of traffic but there are no further events after the collision.
10. Why doesn't STP block the ports if the native VLAN mismatches?
11. On a real router, the timer is reset for OSPF and EIGRP routes after a "clear ip route *" command, but not in Packet Tracer.
12. Why does the Linksys remote management override HTTP port forwarding?
13. The show ip ospf neighbor command shows a priority of 1. Actual 1841 shows priority of 0.
14. Static routes with 255 admin distance should not be added to routing table.
15. Why do wireless ports always buffer the frames before sending?
16. Why are LMI statistics not updated when the link state changes?
17. Why can I only ping one VLAN interface on the switch when there are more than one with the status and line protocol up?
18. Why does OSPF not work over physical serial interface using frame relay?
19. In Simulation Mode, routing tables are updated before the packet arrives in the simulation.
20. On a router with multiple switching modules, there should be individual MAC tables for each switching module. However, "show mac-address
table" shows only one MAC table.
21. Why is the command "ip ospf network" not available in the loopback interface mode?
22. The round trip times for pings in Multiuser networks are very long.
23. When I issue the command "debug ppp negotiate" before enabling PPP encapsulation, debug messages do not show.
24. On a real switch, when I create a VLAN and then assign a name to the VLAN, VTP revision number increases by 1. In Packet Tracer, the VTP
revision number increases by 2.
25. The EtherChannel group does not come back up after an error disable.
26. Configuring shape in a nested policy map gives an error message.
27. When I enter "switchport mode trunk" on a switch without changing the encapsulation to dot1q first, the command is not rejected like on a real
switch with a message saying "An interface whose trunk encapsulation is 'Auto' can not be configured to 'trunk' mode."
28. "show ipv6 eigrp interfaces" seems to have incorrect or static output.
29. Class-maps with inspect type appear to have a different subset of match sub-commands compared to real routers.
30. When I configure manual EIGRP summarization, sometimes the classful mask is shown in the routing table for a route.
31. No warning is shown when exiting the interface range mode without typing exit.
32. Is the command "tunnel source [ip address]" supported?
33. Does the command "ip mtu [value]" have a dynamic range?
34. When I do "show vtp counter", the values for VTP pruning statistics seems to be incorrect?
35. Why can I not modify the serverPool DHCP pool on the server device?
36. When I copy a "show running-config" output from Packet Tracer and paste the output into CLI, not all commands are accepted.
37. When I issue the command, "more flash:c2960-lanbase-mz.122-25.FX.bin", the output is different each time.
38. When I delete the IOS image from a router or switch and then save and reopen the file, the device boots up when it should not.
39. If I issue "debug ip packets" then "logging trap debug" on a router, it seems that one or the other is not issued at all.
40. The output in "show policy-map type inspect zone-pair sessions" seems to differ compared to real routers in regards to the type of protocol
detected in the established sessions.
41. The "show clock" output is always Mon Mar 1 1993 by default.
42. When I enter the command "no ip ips signature-category", it brings the router prompt to the IPS category configuration mode.
43. Access-lists do not have ESP, AH, or ISAKMP port options available. As a result, site-to-site VPNs can be created, but are not functional if
CBAC or ACLs applied.
44. Static routes should be able to specify an outbound interface and next hop address.
45. A carriage return is missing after removing a subinterface from a router.
46. There is no error message when two connected switches have different EtherChannel modes.
47. When I try to issue an SNMP request using a port other than 161, SNMP request times out.
48. AAA authorization commands are supported, but the functionality does not work.
49. When I enter "config t" in global configuration mode, Packet Tracer returns "%Invalid hex value."
50. When I try to enter interface configuration mode for a non-existent interface, Packet Tracer returns a different error from a real router.
51. The number of matched packets under the protocol match statement is greater than the number of matched packets for the class-map in the "show
policy-map" command.
52. The QoS bandwidth setting does not appear to have an effect on drop rates.
53. The labs in the curriculum expects more options for the "debug ip rip" command, but Packet Tracer only supports the events option.
54. When I have a PC on a VPN connection, it seems that DNS packets are sending to the VPN server first and the DNS packets are not encapsulated
in Simulation Mode.
55. An RS232 port is displayed in the physical device view of the IP Phone, but the RS232 port is not one of the available ports in the Logical
Workspace.
56. Why doesn't Packet Tracer show all of the packets involved in a typical SMTP/POP transaction?
57. On a 3560 multilayer switch's interface, when its trunk encapsulation is set to "auto", it cannot be configured to "trunk" mode. The command
"switchport mode trunk" is rejected. Why?
58. When I create a Telnet packet while another TCP connection exists, the Telnet packet that I created gets dropped.
59. When I view a TCP packet's PDU details in Simulation Mode after initiating an HTTP request, the HTTP client sets the connection state to
SYN_SENT.
60. How come phones don't register with auto-reg-ephone enabled and auto assign configured in CME?
61. When I open a PC's device dialog with DHCP enabled, it keeps sending a DHCP packet.
62. Why does VoIP still work even though switchport voice vlan 1 is not configured?
63. When a call is made to a Cisco IP Communicator that is closed, is the Cisco IP Communicator supposed to open in ringing mode or connected
mode?
64. How come PPPoE clients do not get connected in multi-server environments?
65. How come the routers in Packet Tracer do not show ppp negotiation debug messages after I turn on debug?
66. I have "debug ppp authentication" enabled on a PPPoE server. When a PPPoE client is getting connected to the PPPoE server, it does not show
any debug messages on the server.
67. Why are log messages for IP phone registrations different than real devices?
68. I created an access-list that denies FTP data transfers on port 20, but data transfers are still successful.
69. When I delete a wireless client from the workspace, the Linksys router's DHCP client table doesn't refresh when I click on the refresh button.
70. The MAC address column in the Linksys router's DHCP Client Table is labeled as 00:00:00:00:00:00.
71. The Expires Times field in the DHCP Client Table is always empty.
72. What's the purpose of the TFTP Server field in the DHCP service on the server device?
73. Why do PCs sometimes get default gateway from DHCP, but sometimes not?
74. When I use the "no redistribute connected metric 1000000" command, it removes the entire "redistribute" command.
75. Shaping stats are not shown all for nested policy maps.
76. When I configure a destination-pattern of "10.." with two dots for one dial-peer and a destination-pattern "10." with only a single dot for a second
dial-peer, only numbers such as "1022" can be dialed.
77. Why does Packet Tracer slow down for long periods when running BGP?
78. Why does the command show ip bgp give a different output than what I see on a real router?
79. RIPv2 poison and poison-reverse do not work.
80. Why do some wireless devices not get connected to the access point?
81. Duplicate IPv6 addresses are not detected.
82. Why does an IPv6 device not be able to ping another anycast address when the old anycast address device is disconnected?
83. The network mask of the route does not get updated after applying "ipv6 ospf network broadcast" or "ipv6 ospf network point-to-point" in the
interface.
84. The command "show ipv6 ospf neighbor detail" shows some missing output such as the Option detail and link local address.
85. It appears that loading IOS IPS signature package is not required when configuring IPS.
86. When I enter the command "show ipv6 dhcp pool" on a DHCP server, the value for active clients value is 0.
87. There was no application layer information in the PDU details when simulating SSH traffic. Layers 1, 2, 3 and 4 are reflected in the PDU details,
but the application layer traffic isn't reflected.
88. When I enter the command "show ipv6 dhcp interface", the value for when the renewal will be sent is always 0d0h.
89. There is no support for the command "ip default-router" on the Cisco Catalyst 3560-24PS multilayer switch.
90. When I shutdown an interface on a router configured on a RIP network, the routing table shows that the network is possibly down and the RIP
timers are started. However, on real routers, the network is immediately withdrawn from the routing table and the RIP timers are not started.
91. Can't I enter the command "no router ospf " within the command mode for "router ospf "?
92. When entering acl statements without specifying the sequence number, why does the "show access-list" command show the acl statements in a
different order from the order shown on Cisco router?
93. Why can't key chains be entered consecutively without exiting to normal config mode first?
94. Why doesn't the show running-config output show async interfaces when HWIC-8A modules are used?
95. In Simulation mode, why are there scenarios where a packet is still able to cross a link that is connected to a port that has been recently
shutdown?
General Issues
Question/Problem
My computer frequently crashes when I use
Packet Tracer.
Answer/Solution
You need to update your video card drivers, especially if your computer has an ATI video
card. If you are using an IBM laptop issued by Cisco, you can use Windows Update or this
link to lenovo support. If you are using a computer built by another company please check
their web site for updates or if you know you have an ATI video card, go to
http://ati.amd.com/products/index.html to find an updated driver.
The program screen is cluttered with too many

windows! I can't see the workspace.
What Cisco IOS version do the routers and

switches support?
You can undock sub-windows by double-clicking on the title bar and move them away
from the workspace area. You can also prevent sub-windows from docking by holding
down Ctrl while moving them.
Packet Tracer uses simplified models Cisco IOS, using real Cisco IOS images as
references. The Cisco 1841 router supports Cisco IOS version 12.3(14)T7, 12.4(12), and
12.4(15)T1. The Cisco 1941 router supports Cisco IOS version 15.1(4)M4. The Cisco 2600
series routers support Cisco IOS version 12.2(28), 12.4(8), and 12.4(15)T1. The Cisco 2811
router supports Cisco IOS version 12.3(14)T7, 12.4(8), and 12.4(15)T1. The Router-PT
router supports Cisco IOS version 12.2(28). The Cisco 2901 router supports Cisco IOS
version 15.1(4)M5. The Cisco 2911 router supports Cisco IOS version 15.1(4)M5.
The Cisco Catalyst 2950 series switches supports Cisco IOS version 12.1(22)EA4 and
12.1(22)EA8. The Cisco Catalyst 2960-24TT switch supports Cisco IOS version
12.2(25)FX and 12.2(25)SEE1. The Switch-PT switch supports Cisco IOS Version
12.1(22)EA4. The Cisco Catalyst 3560-24PS switch supports Cisco IOS version
12.2(37)SE1.
4
Can I learn the necessary information for CCNA No. Packet Tracer is a tool to supplement the CCNA curriculum. Students can learn basic to
certification just by using Packet Tracer?
intermediate router and switch configuration and see how packets are processed by
networking devices as they traverse the network.
Does Packet Tracer support all of the features
No. The program supports a small subset of the features from Cisco devices. Please see the
found in Cisco devices?
"Router IOS" or "Switch IOS" help pages. Packet Tracer uses simplified models of
networking protocols and Cisco IOS; you should always compare your results to those
obtained from real equipment.
When I make an entry into a text field (such as an Text field inputs are updated and applied as soon as they lose focus (e.g., when you click
IP address), how do I know it goes into effect? Is somewhere else on the screen). There are no "Apply" buttons.
there an "Apply" button?
7
8
Can I create unlimited devices?

I cannot access the tutorial files.
May I distribute Packet Tracer to my students?
10 Why is Packet Tracer running so slowly?
11 Some text in the program is cut off or is not

correctly displayed.
12 I have a saved topology from older version of
Packet Tracer. Can I open it with this version of
Packet Tracer?
13 What is the password to edit the included
activities with Activity Wizard?
14 When I try to launch Packet Tracer in Ubuntu
6.10, the terminal gives a Fatal Arithmetic error.
15 I have a saved topology from this version of
Packet Tracer. Can I open it with an older version
of Packet Tracer?
16 How do I convert PKA files to a PKT file?
No. The number of devices is limited by the amount of free memory on your computer.
Pop-up blockers can stop the tutorial files from running. Make sure you have these disabled
when trying to view the tutorials.
Yes. Please distribute Packet Tracer to currently enrolled Cisco Networking Academy
Program students. If the distribution method is through a website, ensure that the website is
password protected. Refer to the "Copyrights" page for more information.
Does your system meet the minimum requirements? The minimum requirements, listed in
the help documentation, allow for the basic use of Packet Tracer in creating small- to
medium-size networks. It is recommended that you use a faster machine with more
memory to create large networks. You can turn off the Sound and Animation options to
increase performance.
Packet Tracer by default requires that your system supports the Verdana font to display text
correctly. Alternatively, you may change the fonts for dialogs, workspace/Activity Wizard,
and the general interface in Preferences under the Font tab.
Most simple topologies will load from previous versions of Packet Tracer, however, Packet
Tracer only offers limited backward-compatibility and not all files are guaranteed to open.
Instructors may obtain the password from the Packet Tracer forums on the Academy
Connection website.
Ubuntu 6.10 is not supported.
No. Forward compatibility of save files is not fully supported. An "Invalid File" message
may appear if you have a save file from this version Packet Tracer and then try to open it in
an older version Packet Tracer.
There are actually multiple "PKT" files inside an activity file.
To "convert" from a PKA to a PKT file:
1. Open the PKA
2. Go to Activity Wizard.
If you are interested in the Answer Network, go to the Answer Network section and click
on "Export Answer Network to File" and save it as a PKT.
If you are interested in the Initial Network, go to the Initial Network section and click on
"Export Initial Network to File" and save it as a PKT.
17 If I save my file in the default Packet Tracer
This appears to be how Windows Vista handles saving items in the Program Files directory.
18
19
20
21
22
23
saves directory in Windows Vista, the save file is

found in another directory. However, if I choose
another directory, this issue does not occur.
When I try to launch Packet Tracer in Wine,
Packet Tracer crashes.
On Ubuntu, if I try to create a custom device
template, an error message pops up stating
"Unable to write to file."
How can I save the PKA that I have opened in
Activity Wizard to a different file (i.e. Save As)?
Is it possible to drag and drop a save file from my
operating system inside Packet Tracer to load up
the save file?
How come the Recent Files list is empty?
How do you create an activity PKZ file?
24 How do you modify a PKZ activity file?

25 When creating PKZ files, do I need to ensure all
of the background images are in the same folder
as the PKA/PKT file?
26 My display resolution is 1024 x 768 or lower.
When I go to Simulation Mode and click on the
Auto Capture / Play button, events are not
displayed in the Event List.
27 Why doesn't Packet Tracer display fonts properly
in Linux?
You can change the User Folder in Preferences to a folder that you have write permission
to.
Wine is not supported. Please use the Linux version of Packet Tracer instead.
If Packet Tracer is installed as root, then you need to run as root in order to write to
templates folder in the Packet Tracer directory. You can change the User Folder in
Preferences to a folder that you have write permission to.
While in Activity Wizard, go to File -> Save As in the main Packet Tracer window and then
save the PKA to a different file.
Currently, drag and dropping files into Packet Tracer is not supported.
Make sure that your User Folder in Preferences is set to the user folder on your computer.
First create your PKA file as a normal PKA. Make sure all of your images and other files
that go along with the PKA is set in the initial network as necessary (and answer network
for completeness). Then, in the Activity Wizard, go to Test Activity and do a File -> Save
as PKZ. Include any extra files as necessary. This will save your PKA as a PKZ file with an
activity.
Open the PKZ file and go to Activity Wizard. Modify the activity as desired. Then go to
Test Activity and do File -> Save as PKZ.
Yes. While creating the PKZ, add the PKT or PKA and any images from the same directory
as the images' path added in the PKT or PKA relative to the PKT or PKA file path.
Increasing the display resolution to 1280 x 1024 or higher will make the GUI appear
properly.
Packet Tracer uses fonts such as Verdana, Times New Roman, etc. which may not be
installed on Linux distributions by default. All Linux distributions that do not have these
fonts installed need to install them first.
28 Why does Packet Tracer stop abruptly when right This is a Qt framework issue. When closing the group, all opened windows get a
clicking on the Windows taskbar and then
simultaneous kill signal, and the current version of Qt (v4.4.3) does not call the
selecting "Close Group"?
destructors/closeEvent() of the open windows. Therefore, widgets that depend on other
widgets to close first do not wait and Packet Tracer stops abruptly. A better solution is
29 I can't seem to write options to the Packet Tracer

installed folder using the function in Preferences.
30 How do I save images added to the cloud for the
TV correctly?
31 What's the transparent bar at the bottom edge of
the workspace and is there a way to get rid of it?
32 Packet Tracer looks bad in Ubuntu (fonts,
layouts, buttons, etc.).
33 Ctrl+Break doesn't work on Linux.

34 All router config windows are closed without
warning when closing the Preferences window.
35 Why can't I connect to another Packet Tracer
instance using multiuser?
expected in future Qt versions.

Launch Packet Tracer as an administrator in order to write to a system folder where Packet
Tracer is installed.
The save file must be saved as a PKZ. While creating the PKZ, add the PKT and TV
images from the same directory as the TV images' path added in the PKT relative to the
PKT file path.
The bar is the Device Dialog Taskbar which makes device dialogs that are currently opened
more accessible. To remove the Device Dialog Taskbar, go to Preferences and uncheck
"Show Device Dialog Taskbar" under the Miscellaneous tab.
Packet Tracer for Linux is built against the Qt 4.4.3 Commercial edition. As a result, for
systems without these libraries custom built on their system, we have included the libraries
as part of Packet Tracer to ensure Packet Tracer runs on their system. However, since the
libraries are not built against your particular system, the layouts, fonts, and general
interface may not match your system and therefore look bad. You can install your own Qt
libraries and link against them for Packet Tracer, however it is unsupported as the versions
may not match exactly and therefore bugs may be introduced.
Qt issue on Linux -- it doesn't capture the Ctrl+Break keys. A workaround is to use Ctrl+C
on Linux.
This is the intended behavior.
Please check the other Packet Tracer instance's IP address, port, and password. Packet
Tracer does not currently show an error message or indicator for incorrect password. Please
retype the password to make sure. This will be fixed in the next version.
36 Why do upnp.exe and PTUpdater.exe not quit
This is an interaction issue between the PT exam, PT, and some Windows platforms. We
after I submit my online PT exam?
have only experienced it on some Windows Vista machines. You can manually end these
two processes in Task Manager.
37 When I use the Save Offline Copy feature for
When you save an offline copy, your local network and each remote network has its own
Multiuser, sometimes the remote networks in the Home City in Physical Workspace. If you have the option Enable Cable Length Effects
offline copy will not go up (i.e. link lights stays enabled in preferences, the connections may stay down if the connected cities in Physical
red).
Workspace are far apart. A workaround to this issue is to go into Physical Workspace and
move the connected cities closer together or disable the option Enable Cable Length Effects
in preferences.
38 I do not see the arp, bandwidth, delay, and other The ports on the model themselves have these limitations.
commands for the 2960 Switch, as well as some
other switches. Why are they missing?
39 I do not see the Hop Limit field in the PDU

information window.
40 Why are the IPv6 Src/Dest address fields not
taking up four rows each?
41 Why can you only use Courier and Courier New
for the CLI text?
42 Why can't I close the LAN Multiuser Agent and
WAN Multiuser Agent windows?
43 Why do parts of some PKA instructions get

replaced by strange characters after it has been
saved and reopened?
The Hop Limit field has been renamed HL in Packet Tracer so that the value can be
displayed without scrolling.
Src/Dest IPv6 address fields are 128 bits but in PDU Packet Tracer shows them occupying
only one row because it is enough to hold the IPv6 address in text format.
Only fixed size fonts are supported for CLI text now.
This is intentional. The LAN Multiuser Agent and WAN Multiuser Agent script modules
require frequent updates (keepalives) between the Multiuser server and clients in order to
operate. To close the windows, you will need to stop the script module(s). To do so, go to
Extensions menu > Scripting > Configure PT Script Modules then select LAN Multiuser
Agent or WAN Multiuser Agent and click on the Stop button.
For instructions that use HTML, entity codes must be used for some characters.
Specific Issues
1
Question/Problem
In the Physical Workspace, the wiring closet does
not display all of the devices I have created in the
Logical Workspace.
Answer/Solution
A wiring closet can have a maximum of three tables or racks. When closets become full,
additional ones will be created automatically to accommodate more devices. When multiple
closets are created they are one on top of the other, so you must move the first one to see
the second and the third, etc.
If I turn off the ARP filter in the Event List
No. The filters are for display purposes only and do not affect the actual function of the
Filters, does that mean devices won't build ARP network. The packets are in the network but are not visible. Note that while users new to
tables?
networking may not want to display ARP packets, many behaviors involving Ethernet
(such as the first ping across a router being dropped while ARP is occurring) are not fully
explainable without reference to ARP.
Does Packet Tracer use the Spanning Tree
Yes. Packet Tracer models Per Vlan Spanning Tree Protocol to break possible switching
Protocol?
loops. When first loading files with switches, or routers with switchports, the Spanning
Tree Protocol will go through the different states on the ports before putting them in
forwarding state, indicated by an amber light. If this causes an annoying delaying, toggling
between Realtime and Simulation mode 3 or 4 times will decrease the delay caused by the
transition of states.
How does loop-breaking process work in Packet Layer 2 loop-breaking is done in STP. You can view these packets in Simulation Mode.
Tracer? Why don't I have the option of viewing Layer 1 loop-breaking is still done in a Packet Tracer proprietary protocol and converges
packets associated with the loop-breaking
immediately.
6
7
process?
When I reset the network in Simulation Mode,
why do some switch ports show amber link lights
and stay that color?
Why does the command clockrate not work?
I created a ping packet in Simulation Mode and
ran it. Why do I still see packets/frames (like
CDP) running on the network after the ping
process is completed?
The amber link light indicates that the switch port is not in STP forwarding state. STP takes
over 30 seconds to put a port into forwarding state if there are no loops. A port may be put
in blocking mode and stay in amber color if the port is in a loop.
The term "clockrate" is not a documented Cisco IOS command. Use clock rate instead.
Routers and switches send out CDP frames every 60 seconds regardless of what packets
you created yourself. If you do not want to see the CDP events, uncheck the CDP filter in
the Event List Filters. You can also disable CDP on the Cisco devices by using the Cisco
IOS CLI. There are other protocols that periodically send out packets/frames without any
configurations, including STP and DTP.
Some parameters, such as the following, are not supported:
When I issue an extended ping, the parameters I

am asked to fill in do not match an extended ping
Sweep range of sizes [n]:
on a real device.
Why can't I access sub-interfaces on serial ports? Packet Tracer supports serial sub-interfaces for frame relay encapsulation only. HDLC and
PPP serial sub-interfaces are not supported in this version. In order to create a serial subinterface, the physical interface must be configure to use frame relay encapsulation first.
Then, in creating a serial sub-interface, the type (point-to-point or multipoint) must be
defined.
Why can't I test port connectivity with a
Packet Tracer does not support this specific ping feature.
command such as ping 192.168.1.5:80?
Does Packet Tracer support VTP?
Packet Tracer supports several commands relating to VTP domain, mode, password, and
version.
I can't seem to add a secondary address to a port. Packet Tracer does not support the ip address secondary command.
How does the Auto settings for bandwidth and
The Auto setting enables auto-negotiation on the port of the device. When two ports are
duplex work on a port?
connected and both have auto-negotiation on, the best connection settings will be
determined automatically and the link will be functional. The link will also be functional if
one port has auto-negotiation on and the other is set at Half Duplex. However, if the other
port is set at Full Duplex, the link will not be functional.
At the end of a simulation (after the last event), I Did you press the Capture / Forward button after the last event occurred? The ARP table
viewed a device table (such as ARP or MAC) and clears after the end of the animation because after the last packet, the only timers left are
saw that it was blank. Why is this?
ARP entry timeout timers. Because the Capture / Forward button advances in time to the
next event (but there are no more future packets), the ARP entry timeout timer will expire.
Thus, the ARP table becomes empty. This is similarly true for MAC tables.
Sometimes the CLI screen seems to display text There is a no line break after the interface status messages because that is how it is
incorrectly. For example, when activating an
displayed on real devices. However, note that the Packet Tracer status messages are
10
11
12
13
14
15
interface, the router prompt appears at the end of

the sys log message instead of a new line.
16 When I make the interface a trunk port in a
interface sub-panel for the switch (under Config),
the VLAN range is set to 1 to 1005 even though
the switch does not have that many VLANs set
up?
17
18
19
20
displayed immediately after the event occurs. Real devices may have a delay of about 1
second.
In Packet Tracer as well as on real equipment, the switch allows all VLANs (1 to 1005) on
a trunk port by default, even if the VLAN does not actually exist on the switch. From the
drop-down menu, you can view the VLANs that do exist and block (uncheck) them from
the trunk. However, you cannot block VLANs that do not exist. This action does not affect
the switch functionality. It is simply a way to display VLANs (or a range of VLANs) that
the trunk supports.
When I turn off a router that has its link lights up By default, router ports are in a "shutdown" state unless the no shutdown command has
and then turn it back on, why do the links remain been issued. When a router is turned off and then on, it reads the startup-config file for
down?
configuration information. If the router contains no saved startup configuration that
included the no shutdown command on a port, that port will not come up automatically.
When I choose a tool from the Common Tools
Press the Esc key or click on another tool in the Common Tools Bar.
Bar (such as the Inspect tool), how can I cancel
that tool or deselect it?
What's the difference between the Reset
The Power Cycle Devices button does everything the Reset Simulation button does in
Simulation button and the Power Cycle Devices addition to power-cycling devices that are powered on. Reset Simulation impacts the
button?
display and animation of already captured packets but not change the actual state of the
networking devices.
When I use the Add Simple PDU tool to ping a The Add Simple PDU tool is a quick way to create PDUs. The source device does not
router, the destination IP address is the Ethernet specify a source interface. It uses the outgoing interface as the source interface. The
interface rather than the serial interface. What
destination IP address is chosen to be the first interface with a set IP address on the
determines the default destination interface for a destination device. The order of the interfaces is the same order as displayed in the show
ping?
running-config and show interfaces commands.
To specify the destination address manually, use either the CLI or the Add Complex PDU
tool. Both of these allow for configuration of the outgoing interface and destination IP
address of the source device.
21 When I have a static route and RIP configured on

a router, why is it that the static route with an
administrative distance of 1 is preferred over RIP
routes with an administrative distance of 120?
Packet Tracer is modeled from real routers, in which a static route with a smaller
administrative distance is preferred over RIP routes. Instead of using the default
administrative distance of 1 for the static routes, you can try using an administrative
distance larger than 120 so that RIP routes would be installed in the routing table when they
are available and static routes would be installed if RIP routes are not there.
22 When I configure static NAT on a router and
The ICMP NAT entries timeout in 1 minute. So, if 1 minute has passed either in Realtime
perform a ping, why does the router eventually
or Simulation Mode, the NAT entries generated by ICMP packets would be removed from
lose the NAT translations after several successful the NAT table.
pings?
23 When I enter an EIGRP network command, such
as network 192.168.1.0 255.255.255.0, the result
should be network 0.0.0.0 255.255.255.0 instead.
However, on a real router, the result is actually
network 192.168.1.0.
24
25
26
27
28
The network command for EIGRP should accept a wildcard mask for the second argument,
as stated in the help command network 192.168.1.0 ?. So, the command network
192.168.1.0 0.0.0.255 means the network 192.168.1.0/8. However, this command is
inconsistent with the help command in which network 192.168.1.0 255.255.255.0 also
means the network 192.168.1.0/8. Packet Tracer implements the command like a real
router.
When I try to do an extended ping in the CLI
This is how extended ping works. You can only specify an IP address on the device as the
with a source IP address that doesn't belong to the source address. Otherwise, it gives an error.
device, it gives me an invalid source error
message.
In Simulation Mode, when I only have a single
The Event List Filters are not connected to how events are captured. Even if nothing is
Event List Filter enabled, such as UDP, and then checked to display, Packet Tracer still captures everything. So, after capturing 500 events,
click on Capture / Forward, I get the message, Packet Tracer will show that message. However, the last part of the message says that the
"The maximum number of events has been
user can adjust the Event List Filters to see previous events.
reached..." This is counter-intuitive since no
events are shown in the Event List at all.
When a router doesn't have a next hop MAC
Yes. When a router does not have the next hop MAC address, it will send an ARP request,
address, it sends an ARP request and will drop the but will also drop the packet. It does not buffer the packet and wait for the ARP reply to
ICMP packet as well. Is this normal behavior?
come back because that could cause considerable performance decreases if there are a lot
of pending ARP entries.
When I save a configuration to the router
Yes. Saving the configuration to NVRAM only saves to the current file. You have to save
NVRAM (wr mem or copy run start), the router the topology as a .pkt file to preserve your work between different Packet Tracer sessions.
does not save the configuration when Packet
Tracer is shut down. This only occurs if you save
the topology.
When you use the same network/subnet on two This is no longer an issue in Packet Tracer. You will see the following similar error
different devices, the Cisco IOS CLI reports an messages if those two devices were connected already, and if you were trying to assign the
error saying that the IP address conflicts with
same IP address:
another interface.
%DUAL-5-NBRCHANGE: IP-EIGRP 1: Neighbor 10.1.0.1 (FastEthernet0/0) is down:
interface down %IP-4-DUPADDR: Duplicate address 10.1.0.1 on FastEthernet0/0, sourced
by 0090.0CEC.5C01 %IP-4-DUPADDR: Duplicate address 10.1.0.1 on FastEthernet0/0,
sourced by 0090.0CEC.5C01
29 Which cable do I use to connect an Access Point Access points connect to hubs and switches with a straight-through cable. Meanwhile, a
to other networking devices?
crossover cable is needed to connect an access point to routers and end devices.
30 What is the difference between the activity file The activity file created with Activity Wizard contains both the authoring information and
(.pka) that I author and the activity file that I give the activity itself. If you do not want others to view or change the contents of your activity,
to others?
you may password protect the activity in Activity Wizard.
Just like a regular Packet Tracer network file (.pkt), the progress of activity files can be
saved at any time. To have a fresh activity for redistribution, be sure to reset the activity in
the instructions box, then save the activity.
31 Is it possible to import or open Packet Tracer
activity files from a previous version?
32
33
34
35
36
37
38
The short answer is "No." However, Packet Tracer can import old Packet Tracer network
files (.pkt), with some limitations. You may export the answer and initial networks from an
older version of Packet Tracer, then import then into Packet Tracer using Activity Wizard.
It is best to re-author activities in the latest version of Packet Tracer, though existing work
from previous versions can be imported and adjusted.
What is the correct version for EIGRP? I have
The version field in the EIGRP packet indicates the EIGRP version of the sender. There is
seen only two versions, v0 and v1. However, in only one version of EIGRP. However, from the packet captures from routers, the version
the PDU Information Window, the version
number is always 2. This is a constant. Packet Tracer is modeling as it would be captured
reported is version 2.
from a real network.
In Simulation Mode, why do some devices/ports There are some types of frames that Packet Tracer does not display to the user, such as
sometimes buffer frames and say the ports are
keepalives on the serial links. When these frames are being sent, the device will buffer the
sending other frames when there are no frames
other frames that are waiting.
shown in the Event List?
When creating multiple connections between the Packet Tracer will display several distinct cables in parallel. However, there is a limit. A
same two devices (e.g. trunking), the cables
workaround is to use another device, such as a repeater for Ethernet connections, to
connected earlier may be hidden by the new ones. emphasize the visual distinction of a particular link.
How do I know how many cables are connected?
Using the Activity Wizard, how do I lock out the Attach a console cable from the PC to the switch or router. In the Initial Network section of
GUI configuration for routers and switches to
the Activity Wizard, lock "Configuration" for the switch or the router. Now, users must
force the users to use only the CLI?
console into the switch or router from the terminal of the PC to configure them.
What happens to the IP address of a device when When you duplicate a device with an IP address assigned to any of its interfaces, the IP
I duplicate the device?
addressing will be cleared on the duplicate device.
What is the limit for the number of wireless hosts The limit is 10 wireless hosts with 3 access points in the same coverage area. Beyond that
and access points in the same coverage area?
limit, wireless connections become unpredictable. This is similar to real equipment except
Packet Tracer has a lower limit.
When I create a template of a device with
The template devices store the hardware information only, including the device model and
additional IOS images besides the default IOS
what modules are installed on them. The workaround to this issue is to copy and paste the
image, only the default IOS image of the device device. The duplicated device will have the same IOS images as the original device.
appears in the custom device.
39 Is Realtime mode exactly in sync with real world No. Realtime mode in Packet Tracer runs at a different rate than real world time. It may run
time?
slower as more devices and protocols are added to the network. The speed of the computer
running Packet Tracer also affects the Realtime mode.
40 Why, when I enable logging and configure
The command log is not saved with the save file and is session based. Alternatively, you
devices in the CLI and then save the file, does the may export the log under the Interface tab in Preferences.
save file not save the log?
41 When I send a PDU over devices with multiple This is a result of an animation error. The PDU takes the center path between the two
links between them, with one of the links
devices instead of the center path between the two endpoints of the links. A possible
shutdown, why does the PDU traverse the
workaround is to use hubs or repeaters to connect some of the links.
shutdown link instead of the active link in
Simulation Mode?
42 Why do I get two different average round trip
In Realtime Mode, time is always running regardless of the events occurring in the
times for the exact same pings in Realtime Mode network. In Simulation Mode, time is event driven, under your control. The time in
and Simulation Mode?
Realtime Mode may be affect by the speed of the computer Packet Tracer is running on and
the number of devices and protocols running in Packet Tracer. For more information, please
view the "Time Management Between Realtime and Simulation Mode" section in the
Simulation Mode: Special Notes page.
43 When I issue the "clear ip route *" command in The "clear ip route *" command just clears the routing table. For some protocols like
CLI, it doesn't clear the routing tables.
EIGRP and OSPF, the routes are added back to the routing table immediately if there are no
changes. For RIP, the routes are added back when receiving the next updates from its
neighbors. However, in Realtime mode, it may happen before "show ip route" is issued
again. You can see its effects easier in Simulation Mode.
44 Why can't enable secret passwords be assessed
This is no longer an issue in Packet Tracer.
reliably in activities?
45 I can add a WEP key that is out of the hex range This is no longer an issue in Packet Tracer.
for the Linksys router when I shouldn't be able to.
46 In the Event List filter window, why does
HTTP packets are also TCP packets, so they are not filtered out.
unchecking HTTP filter have no effect when TCP
is checked?
47 Why does the Inspect tool have no effect on the This is no longer an issue in Packet Tracer.
Linksys router?
48 When I telnet into another device, the config tab This is no longer an issue in Packet Tracer.
does not work.
49 Why do static routes with admin distances of 255 This is no longer an issue in Packet Tracer.
show up on the routing table?
50 Packet Tracer crashes when I have many

instances of Packet Tracer opened.
51
52
53
54
55
We recommend using one instance of Packet Tracer at a time. Although Packet Tracer does
not impose a limitation on how many instances may be running at the same time, system
resources (RAM, disk swap, or GDI objects) may affect the actual number of simultaneous
instances.
How can configurations from Packet Tracer and Packet Tracer generates password encryptions only once, with only one seed. If the same
real devices be used in activities to check enable password is entered more than once, Packet Tracer only generates one encryption string. In
secret and other passwords with service
order for passwords generated from outside of Packet Tracer to work in activity checking,
password-encryption on?
you must re-enter the passwords again after importing.
Why are values in Config tab not changed when I Packet Tracer does not keep opened dialogs in sync when changes are made from a
have already changed them in console?
different dialog. To see the updated values, please close the opened dialog and open it
again.
Why do HTTP packets still show up when I have If the HTTP filter is unchecked, but the TCP filter is checked, HTTP packets would still
the HTTP filter unchecked?
show up, because HTTP packets are TCP packets. This is the same behavior for other
packets that are encapsulated within TCP or UDP. If you want control over the types of
packets you want to see, use ACL Filters.
Why does Packet Tracer generate the same
On real devices, each time a password is entered, the seed changes, and it would generate a
encryption string when the same password is
different encryption string. Even if the same password is entered twice, the encryption
entered more than once?
string would be different. In order for activity checking to work, we must always generate
the same encryption string so that the user's password and the Answer Network password
generate the same encryption string.
How do I add a graphic image of a topology in
Use
tags to add images in the activity instructions.
the activity instructions?
56 Why am I able to add and remove content from

the activity instructions window when it should
be read-only?
57 When I enter "show interface s0/0/0" in the CLI,
the IOS output says "show interface s0/0/0" is an
ambiguous command.
58 How come I cannot use Variable Manager for
scoring with VLAN interface IDs (SVIs)?
59 Is there a way to speed up convergence of the
network when I open a file? Sometimes my
activity is graded incorrectly since the answer
network hasn't converged.
60 I cannot make a Multiuser connection between
You have to lock Edit Instructions in the Locking Items tree to make the instructions
content read-only.
Variables cannot be used to check for nodes that depend on names, such as device names,
port names, dhcp pool names, etc.
You can speed up convergence of the network by switching to Simulation Mode and then
switching back to Realtime mode. Do this as many times as required (depends on the
network). If you are creating an activity, you can forward the Answer Network
Convergence in the Activity Wizard as well.
Make sure to disable all firewalls on both the Windows and Linux machines (procedure
Windows and Linux machines.

61
62
63
64
65
66
67
68
69
will vary depending on the firewall). If the machines are behind NAT (e.g. a SOHO router),
be sure to forward the appropriate ports (i.e. 38000 by default) as well.
I can still access the Config tab of a router or
You can use Activity Wizard to lock Use Config Tab or you can hide the Config tab in
switch even if there is an enable secret password Preferences if needed.
in the running configuration.
Is there a way to distinguish between outgoing
You can mouse over a Multiuser remote network cloud to show who the other side is
and incoming Multiuser remote network clouds? connected to. Also, changing the Multiuser remote network cloud's name does not reflect
Also, when I have an incoming Multiuser
on the other side.
connection, Packet Tracer creates a Multiuser
remote network cloud if the name is incorrect.
When I try to set a variable value to Elemental
When you set a value for a variable, you must press Enter on the keyboard to change the
Position in Variable Manager, the value sets itself value.
to zero and cannot be changed to any other
position.
When I try to copy text from the CLI tab using
There is no way to prevent this in the interface as of now. A workaround is to use the Copy
"Ctrl + C", the output has unorganized text that button in the CLI tab.
can be dragged around.
How come I am able to enter negative point
Negative point values in Assessment Items has several useful benefits. For example, if you
values for Assessment Items in activities?
ask a student to configure a network using RIP and they use static routes to trick the
connectivity tests, you can give them negative points for configuring static routes instead of
RIP. Also, negative point values varies the point system which allows different types of
game related activities.
Can a wireless PC associate to an access point
No. Wireless requires the devices to be within physical range of each other. Multiuser
that is from a Multiuser remote network?
remote networks are in different physical spaces.
When I try to create a loop on a switch by
A workaround is to use a hub or repeater to create a loop between the two ports on the same
connecting a straight-through or cross-over cable switch.
to different ports on the same switch, I get a
connection error stating that "The cable cannot be
connected to that port?"
How come when I have multiple wireless profiles In Packet Tracer, there is no way to choose multiple wireless profiles in the Config tab.
in a wireless PC and then delete the wireless
router that the wireless PC is currently associated
to, the wireless PC does not automatically
associate to the other wireless routers that has a
profile?
In Physical Workspace, sometimes the geoicons This is no longer an issue in Packet Tracer.
70
71
72
73
74
75
76
77
78
do not work correctly. For example, I am able to

move the geoicons beyond the "border." Also, the
geoicon labels are sometimes detached from the
geoicon itself after navigating between locations.
How come the output for various commands in
Packet Tracer, such as "show ipv6 nat
translations," is different from a real router?
When I click on Save Settings in the Applications
& Gaming section in the Linksys GUI, the last
item in focus does not save.
How come when I create a complex PDU, the
Outgoing Port drop-down list does not contain
any ports?
The Variable Manager Interface in the Activity
Wizard Answer Network panel is too narrow.
When I have a router with 2 LANs (e.g.
192.168.1.1 and 192.168.2.1), a PC with an IP
address in the 192.168.1.0 network can be pinged
by a PC in the 192.168.2.0 network even if the
PC in the 192.168.1.0 network has the incorrect
default gateway (e.g. 192.168.2.1).
When I copy and paste the entire "show runningconfig" output in Global Config Mode, some
commands return "% Invalid input detected at '^'
marker."
When I undo a deleted device/link that was
connected to a Multiuser remote network, Packet
Tracer crashes.
When I delete a link to a Multiuser remote
network, the link isn't removed from the
Multiuser remote network.
Packet Tracer appears to be able to ping a default
gateway that does not exist.
79 When I am configuring Frame-Relay, the "show
This is due to differing versions of IOS images. Please see General Issue #3 for a list of
IOS images that Packet Tracer supports.
The workaround is to click on another item to change the focus before clicking on Save
Settings.
To select an Outgoing Port, the source device interface needs to be configured properly
with an IP address.
This is how it works on a real router.
Some commands are not supported, but shows in the "show running-config" output.
This is no longer an issue in Packet Tracer. However, undo still does not undo deletion of
Multiuser remote network clouds. So, if deleting Multiuser remote network clouds with
other devices, undo will only bring back other devices.
This is correct behavior. PCs will send packets to a gateway that is not in the same network
as itself. And Cisco routers reply to ARP requests if the requested IP has a route in its
routing table.
The output in the "show running-config" is encapsulation type, which is IETF and the
running-config" shows that the encapsulation is

IETF, but the "show frame-relay lmi" command
shows that it is Cisco.
80 The Linksys router icon looks too similar to the
Cisco 1841 ISR icon.
81 When I create a new file, a registered IPC device
creation event such as deviceAdded in the
previous topology disappears.
82 Does Packet Tracer support SHA1 encryption?
83
84
85
86
87
88
89
90
91
output in the "show frame-relay lmi" is the LMI type. Since the LMI type is Cisco, it is not
displayed in the "show running-config".
You can change the icon to any other icon you wish by using the Customize Image in
Logical/Physical View feature in the device dialog.
The deviceAdded event is registered to the workspace object. Packet Tracer creates a new
workspace for each new/opened file. So, the ExApp needs to re-register the events
previously registered to the old workspace in the old file.
Yes. If you issue "crypto ipsec transform-set mycrypto ?", you will see that all of the subcommands that contains*-sha-* in them supports SHA1.
The source IP address field does not appear in the This feature is used to manually change the source ip address of packets sent and is mainly
Add Complex PDU dialog.
used for games and activities to fake source ip. We removed it from routers and switches
because Cisco devices (should) check for that when sending packets out.
Where does the server device look for images to The server looks for images with the same name in the same folder as the pkt/pka file, or if
load pages with image tags from?
the file is not saved/opened, it looks inside the Packet Tracer /bin folder.
When routers exchange routes to the same route, This is correct behavior and real routers do the same thing. For example, if a 10.0.0.0/8
their routes become possibly down after a while. route is from Router1 and it sends it to Router2 and Router2 has the same route. Then
Router2 advertises it to Router1 before Router1 sends the same route to Router2. Also, say
for instance Router1 has 10.10.10.0/24 also. It will accept the 10.0.0.0/8 route and put it
into routing table. But, once Router2 receives the same route from Router1, it will stop
sending the route to Router1. And the route in Router1 will eventually timeout.
Where are the RADIUS and TACACS server
The configurations are located in the AAA panel in the Config tab.
configurations for the server device?
Why am I not able to move or control cables
Since the remote networks are not in our physical world, Multiuser remote network clouds
connected to Multiuser remote network clouds in are located at some outside point. Also, cable length does not have an effect on these
Physical Workspace?
connections.
How do I navigate to a previous cluster level or To navigate to a previous level, click on the Back button on the Logical/Physical
Physical Workspace level?
Workspace Bar until you get to the desired level.
When I close a device dialog while in Simulation This is normal behavior. Actions that may cause the simulation to reset are deleting
Mode, the simulation resets.
devices, deleting connections, closing dialogs, and toggling power on ports.
Where is the Viewport feature located in Physical To open the Viewport in Physical Workspace, go to View > Show Viewport on the Menu
Workspace?
Bar.
When I issue the command "show crypto map", There is a possibility that the IOS version you are using on the real router is different from
the output differs from what I see on a real router. the IOS version currently used in Packet Tracer, which could be the cause of the
discrepancies.
92 When I do "show cdp neighbors" after loading a

save file, not all neighbors are in the output, but
the neighbors show up after a while.
93 If I move a device with a BendPoint or
GroupPoint in Physical Workspace, the
BendPoint or GroupPoint disappears.
94 Packet Tracer generated a configuration file on
my computer's local user directory.
95 The Ethernet interface configuration dialogs in
the GUI looks different from other types of
interfaces.
96 When I try to issue CTRL + Shift + 6 + X on the
keyboard to terminate a telnet session on a PC
device, nothing happens.
97 The number of packets encapsulated and
deencapsulated shown in the "show crypto ipsec
sa" are not equal.
98
99
100
101
102
CDP sends every 60 seconds and so after 60 seconds it shows up. The first CDP packet
probably got dropped or was sent before the link went up so the first one did not get sent. It
is also possible that the first CDP packet is sent, but the network may not have converged.
BendPoints and GroupPoints are not kept when moving a device. This is intentional
behavior to have consistency.
This is by design and is intentional. The only to have Packet Tracer writable cross-platform
and work the same way, the user folder needs to be utilized as Windows Vista and Linux
has stricter write permissions on installation directories.
This is a Packet Tracer implementation issue and no workaround exists at the moment.
This is intentional as the PC's telnet cannot suspend.
The number of packets that a router encapsulates and encrypts does not necessarily have to
be equal to the number of packets that it deencapsulates and decrypts. Depends on the
protocols in has configured, packets get lost on their way to destination those numbers are
different too.
Sometimes when I view PDU details of STP
PVST+ uses two STP packets, one is addressed to the IEEE STP multicast MAC address
packets, the PDU details would say SSTP
and the other is to the SSTP (Shared Spanning Tree Protocol) multicast MAC address. The
Multicast Address instead of STP Multicast
two are different addresses, both are for STP. The SSTP is for PVST+ Cisco devices and
Address.
the regular STP is for connecting Cisco devices to non-PVST+ switches. Both are needed
in Packet Tracer to have native VLANs working properly.
The MIB Browser does not have a horizontal
This is a known limitation in the current version of the UI framework that Packet Tracer
scrollbar for the MIB tree so it is hard to navigate utilizes. This will be fixed in a subsequent version of Packet Tracer.
and view the tree.
Why do wireless end devices sometimes form
This can be due to the effect of interference of access points within range. As a result, the
random associations?
access points that wireless end devices connect to are not deterministic. That is, it is
somewhat random.
When I add a DNS resource record with the name All functionality works the same since DNS is case insensitive.
in upper-case letters, Packet Tracer adds the name
in lower-case instead.
Cables in Physical Workspace aren't redrawn
correctly while resizing objects.
103 When I close the Preferences dialog, any other

dialog that I have opened closes also.
104 When I click on the link lights on a cable, the
connection detaches from the nearest connected
device and I am able to make a connection with
the same cable again.
105 Switches are not able to detect a new route when
an old route is down.
106 I was trying to create a device after clicking on
the Place Note tool. The mouse cursor stayed as
the Place Note cursor icon, instead of the Select
tool cursor icon. Why is it like that?
107 Frame-relay map statement is not accepted under
interface mode. When I run the command to add
a map it says "%Address already in map". I get
this message even after I delete the entry and try
to add it again.
This is the intended behavior. The user may be changing fonts or hiding tabs. The dialogs
need to close to take effect on these changes in Preferences.
This is the intended behavior. The purpose is to allow users to unplug cables and replug
them.
108 In the Activity Wizard, when I click on the close

button on the Instructions window, the window
gets minimized.
109 In a router or switch's CLI, sometimes when I
type a password, "circles" or "asterisks" fail to
appear while entering characters for the
password.
110 Why are end devices with the Linksys
WMP300N module able to connect to a Linksys
router that operates in BG-Mixed mode?
The close button cannot close the Instructions window because this is a limitation reported
by Qt.
MAC entries time out after 5 minutes of no activity. Fast forward the time to 5 minutes and
send again. It should be successful.
This is an expected behavior. The mouse cursor icon will not change by clicking on any
component in the network component box.
Frame-relay maps are dynamically populated by Inverse ARP. Inverse ARP sends mappings
every 30 seconds or so. You can do "show frame-relay map" and if a mapping says
"dynamic", then it is from Inverse ARP.
Cisco routers have Inverse Address Resolution Protocol (IARP) turned on by default. This
means that the router will go out and create the mapping for you. If the remote router does
not support IARP, or you want to control broadcast traffic over the PVC, you must
statically set the DLCI/IP mappings and turn off IARP. IARP will be supported later.
This is an expected behavior and is a security feature. The "circles" or "asterisks" will NOT
be echoed for password field. The reason for this is that it limits a perpetrator from
knowing the length of the password.
End devices with the Linksys WPC300N module supports B, G, and N wireless networks.
If the access point or router is configured for BG or B only or G only, then the Linksys
WPC300N will reduce its speed to B or G. However if you have a B or G module on the
end device, and the access point or router is set to N only, then it would not connect.
The Tablet PC and PDA only support B and G wireless networks.
111 Which types of wireless networks do the Tablet

PC and PDA support?
112 I changed the time and date on an NTP server on After changing the year or month, you have to click on a date to set the date.
a server end device. After closing the server
113
114
115
116
117
118
119
120
121
122
123
124
device dialog, and reopening it, the time and date

reverted back to the previous settings.
When I try to ping a host that is connected to a
Linksys router's LAN port, the ping fails.
Pressing Ctrl+A on the keyboard does not select
all text in certain areas of the GUI.
Even though there is no power cord attached to
an IP Phone, it still appears to be on.
When I hover over an end device that is supposed
to be configured with a line number, the line
number only shows when I open the Cisco IP
Communicator.
When I enter the command "mac-address H:H:H"
in ephone configuration mode, I receive an
invalid input error message in the CLI.
When I press the "Do" "Re" or "Mi" notes in the
GUI of the phones, I don't hear anything.
I connected a cloud's Ethernet6 port to a router.
When the cloud receives a DHCP packet, it does
not send out to the Ethernet6 port. Why?
Why does Packet Tracer always do PAT when
there is no overload command?
When I use the Copy from Answer Network
function in the Initial Network panel of Activity
Wizard, the variables from the Answer Network
do not get copied over.
When I try to copy and paste a Multiuser cloud,
nothing happens.
When I try to create a multiuser connection while
in Activity Wizard, an error message appears
stating that "Cannot make multiuser connection
to this instance of Packet Tracer."
After I invoked the command "ssid test" from
interface Dot11Radio0/3/0 on a router, there still
seems to be some kind of wireless signal detected
This is the correct behavior on real Linksys router, but Packet Tracer modeled it incorrectly
in previous versions. A Linksys router will drop all pings into it from the Internet port.
This is a Qt framework related issue.
By default, 3560 multilayer switches have power over Ethernet. If an IP Phone is connected
to a 3560 multilayer switch, then it would be powered on.
This is the correct behavior. In the real Cisco IP Communicator application, the line
number is only set when the Cisco IP Communicator application is opened.
The correct MAC address format is H.H.H, not H:H:H. Thus, the correct command input
would be "mac-address H.H.H".
Be sure that Sound is enabled in Preferences.
You need to add a DSL connection between the modem port and Ethernet port on the cloud.
The "ip nat inside source" command automatically puts "overload" if an interface is
specified. This is correct behavior.
The answer network and initial network trees are different. As a result, they cannot be
copied from one to another.
Copy and paste of remote networks is not supported.

Creating Multiuser connections while in Activity Wizard is not supported.
Only when you invoke "not dott11 ssid test" in the Global Configuration Mode, then it will
remove the SSID configuration and bring the interface that has the same SSID down. If you
only remove "no ssid test" in Interface Configuration Mode, it would reset the SSID at the
on a wireless PC. Is this correct behavior?

125 When I switch from Realtime Mode to
Simulation Mode, the time seems to shift
forward.
126 When I press CTRL+C or CTRL+Shift+6 to
terminate a traceroute, it doesn't work.
127 When I try to telnet to a switch from itself, the
connection attempt times out.
128
129
130
131
132
133
134
135
interface to empty string "". So the wireless client detects a network with "" as the SSID.
When switching from Realtime to Simulation mode or when Reset Simulation, time
forwards about 10 seconds or if there are many events, it will forward less time.
This is expected behavior. The telnet client intercepts the Ctrl+C or CTRL+Shift+6 and
does not send it over to the telnet server.
A newly created switch in Packet Tracer or a real switch without any interfaces connected
will exhibit this behavior. The reason being that VLAN1 is the default management VLAN
interface for a switch. Since a switch is a Layer 2 device, it does not have an IP interface.
Thus, the necessity for a Layer 3 interface in the form of VLAN1 interface was introduced.
VLAN1 interface's protocol will go up if at least one FastEthernet interface is also up.
Then, will only telnet and other services of VLAN1 will become active.
Packet Tracer's CPU and memory usage increases Packet Tracer allows STP to have loops and Packet Tracer simulates the behavior of
when I have a network with many switches
"infinitely" forwarding frames inside a loop. The same frame does stop forwarding after a
connected in loops.
while, but if there are branches in the loops, the frames will exponentially duplicate and
will increase CPU and memory usage. Because of this, misconfigurations in networks can
cause Packet Tracer to slow down.
When I leave the WEP key field blank on a
This is a graphical glitch when wireless input fields are involved and it cannot be fixed.
wireless device and click on a button in the
Config tab, the button remains depressed after I
get the WEP key cannot be empty error popup.
Why do the routing tables display the CIDR
The routers learn the /32 routes from serial PPP links.
subnet mask such as /30 on routers connected by
serial connections?
Why is the CPU usage from Packet Tracer so
If there are many workspace notes, including device labels, and port labels, the CPU usage
high sometimes?
can be high due to the nature of the Qt library.
Why do 1841 Routers not support voice
It was a bug that we added voice commands in 5.3.0 on 1841s. We removed them in 5.3.1.
commands anymore?
Why in Simulation Mode, CDP packets are
In Simulation Mode, if frames are collided, PT will show the frames even though the frame
shown even though they are not selected in the
protocol is not selected in the event list filters.
Event List Filters?
Why are the routing tables different when I
This is a bug. It will be fixed in the next version of Packet Tracer.
reopen a file that involves route redistribution?
Why does the PC Web Browser not detect IPv6 This is correct behavior. The correct way to enter an IPv6 address in the browser is to
addresses like aaaa:2::2 as a valid address?
enclose the address in square brackets. The right format is http://[aaaa:2::2] or http://
136
137
138
139
140
141
142
143
144
[aaaa:2::2]:80.
When I tried to move a device inside a cluster in This is a bug. It will be fixed in the next version.
maximum zoom out mode, the move object
popup is not aligned with the device.
When I changed the MAC address of the Fast
To see the new link local address, click on the FastEthernet button after making the change
Ethernet port on a PC, the IPv6 link local address in MAC address.
doesn't change accordingly.
Why does PT print out "UUUUU" instead of
This is a bug. We will fix it in the next version.
"NNNNN" if a ping's source IP is beyond scope
(source IP is a link local address and the
destination IP is beyond its LAN)?
When I copy a device inside a cluster, I cannot
This is a bug. The workaround is manually move the copy from inside the cluster to outside
paste the device into a different cluster?
outside the cluster.
When I issue the command "show interface" on a This is the correct behavior. The DCE interface auto includes the clock rate command,
router, the output shows that the line protocol is defaulting to 2000000. Also, if you attempt to issue the clock rate command on the DTE
up even though it is the DTE interface and the
interface, the output will show "This command applies only to DCE interfaces".
DCE interface has not been issued the clock rate
command.
There is CLI for the frame relay cloud. The only This is the intended behavior.
option is to configure using the GUI.
When I author a PKA with variables in
For runtime states, like DHCP assigned addresses and configurations, use variables to
assessment items and then try to test my activity, grade the assessment items. For the default gateway or IP address, use regular expression or
certain assessment items such as the default
static values.
gateway or DNS server IP addresses are marked
incorrect, even if the values are equal to the
answer network.
After creating a complex network, clicking "reset No, "reset simulation" does not clear tables. "Reset Simulation" clears out any packet on
simulation" does not clear ARP tables or DNS
the event list. Resetting visible tables does not reset router tables. "Power Cycle Devices"
caches. Is this a bug?
would reset all tables.
In the activity wizard circling tool, how come
This is usually a configuration error on the shape. A common issue happens when a user
some shapes do not grade correctly?
creates two shape tests intended to be different, but one shape test is wholly a subset of
another shape test. e.g., shape test 0 only includes router1, and shape test 1 includes
router1, router2, and router3. In this situation, the evaluation can fail to accurately grade
the intended circle. When a user circles router1 with shape A, and router1 2 and 3 with
shape B, the system may end up choosing shape B for shape test 0 (with only router1), and
once a shape has been used, it is not used again for another shape. That leaves shape B for
145
146
147
148
149
150
151
152
153
154
the answer to shape test 1 (router 1 2 and 3). So in this scenario, shape test 1 will only
receive 1 of 3 correct, and shape test 0 receives 1 of 1 correct. To mitigate such a scenario,
be sure that two different shape tests can be differentiated from one another either with
inclusion or exclusion points that are in one shape test but not the other. In short, make sure
one shape test is not wholly a subset of another shape test.
Can I add two wireless modules to an end device? No, Packet Tracer currently does not support two wireless interfaces per end devices at the
moment.
When I pasted in my commands to a router, the Do not copy commands from a word document or PDF directly into the router. Instead,
case is not preserved. For example, I pasted in
copy the commands into a notepad file first. This will remove all hidden formatting. Then
"hostname R1" and PT changed it to "hostname copy the commands in the notepad file and paste into the router.
r1".
If I setup a network with two LANs, can one PC When you have a router with two LANs, a PC with an IP address in the first network can
from one network ping another PC from the other be pinged by a PC in the second network, despite the PC in the first network having an
network?
incorrect default gateway.).
I cannot find "show device dialogue taskbar" in The option "show device dialogue taskbar" has been moved to the miscellaneous tab.
preferences anymore. Has it been removed?
Why can't I find any routing configuration on the There was a bug in PacketTracer releases before 6.0 which allows the configuration of
3560-24PS switch when I open my file in
routing protocols (Rip, eigrp, ospf...) on the switch even though "ip routing" is not
PacketTracer6.0?
configured. With this fix, files created before 6.0 that contain switches will lose the entire
routing protocol configuration on the switches if "ip routing" wasn't there.
When I setup a server with two NICs, and I setup For Packet Tracer purposes, servers with two NICs are designed for dual-homed
a PPPoE dialer, the connection fails. Why is that? configurations. PPPoE would be out of scope.
When I mouse over Octal cables, it doesn't show Octal cables are for terminal server behavior, so it is not necessary to have interface async
much information. Why is that?
for octal cables. Instead, mouse over octal cables shows the line number instead.
Why does PT crash when I test activity or load an This can be worked around by making sure there is at least one object location set. If you
activity with 0 sets of object locations.
created an object location set and deleted it afterwards, you should add at least one set in
the list. If no object location sets were ever created, you do not need to add a set.
Why are IPv6 Neighbor Discovery Protocol
Neighbor Discovery Protocol (NDP) defines five ICMPv6 packet types, however in Packet
(NDP) packets are labeled as NDP instead of
Tracer, we differentiate the ICMPv6 messages for NDP in Simulation Mode for event
ICMPv6?
filtering convenience. When you view the PDU details of a packet that is labeled as NDP in
Simulation Mode, the PDU details will still identify the packets as an ICMPv6 neighbor
message.
For IPv6 addressing, why don't we get a partial The current development, if IPv6 address is wrong, but the prefix-length is right, you get
credit if we enter the prefix length correctly but no credit. If IPv6 address is right, but the prefix-length is wrong, you get a partial credit.
with a wrong IPv6 address?
155 What should I expect to see on Netflow Collector Netflow Collector displays the top 10 flows with the most count on the pie chart.
GUI when it receives a flow that matches one of Additional information about each flow is displayed on the window next to it. When
the flows that it has in the cache?
Netflow Collect receives a flow that matches 1 of the flows in the cache, it'll increment the
count of that flow without updating the existing flow with the new flow. Therefore, users
will see the pie chart get updated but the flow information will remain the same.
156 Why does the alert saying "Cannot write to file" The alert message comes up when there are permission problems. Try saving to a different
sometimes appears when I save my scripts?
file/location.
157 Why does the device show a default hostname in Cisco devices does not allow hostnames with spaces. If an old Packet Tracer file contains
Packet Tracer 6.1 and not in previous versions? spaces in the hostnames, Packet Tracer 6.1 will display the default hostname.
158 Why does "standby version 2" always show up in Version 2 supports IPv6. Since we want Packet Tracer to support IPv6, version 2 is
the running configuration when HSRP is
automatically added to the configuration.
configured eventhough the command was not
entered?
159 Why does Packet Tracer fail to elect the correct In topologies containing hubs, the hubs are causing collisions preventing RSTP frames
root for (R)STP causing loops in the topology
reaching devices which prevents the ability to detect the loop.
when a hub is in between two switches?
Protocol Modeling Issues

1
2
3
Question/Problem
For EIGRP, why are new adjacencies being
formed after the "no auto" command--this does
not happen on real routers?
Why does the "no keepalive" command give me

an error in some situations?
On real devices, the link lights would still come
up if there is a duplex mismatch between both
sides of the Ethernet connection. Why does
Packet Tracer not model this behavior?
On real switches, if there is a native VLAN
mismatch on both sides of the same trunk, CDP
and STP would print out error messages. Why
Answer/Solution
To accurately implement the "no auto" command, when it is issued, the router needs to
calculate which directly connected and learned routes are advertised to which neighbors as
summary routes. The router needs to tell those neighbors those routes are down now and
advertise the new non-summarized routes. The Packet Tracer model simply resets the
neighbor adjacencies and consequently removes all previous routes and has to relearn them.
This process does not simulate the real process of convergence but shares the same results
after the convergence.
Packet Tracer only supports "no keepalive" on serial links.
On real devices, the link lights would come up in the case of duplex mismatch, but the error
rate on the ports would go up because of mismatch. However, Packet Tracer does not
model the statistics on the ports, and there is no other way to show that having mismatch
duplex is a problem. So, Packet Tracer makes the link not come up to indicate the problem.
In Packet Tracer, CDP prints out an error message, but STP does not.
does Packet Tracer not model that?

I cannot disable STP on switching devices.
This is a modeling decision in Packet Tracer since disabling STP may cause loops that can
generate broadcast storms in the network. This can severely impact the performance of
Packet Tracer.
6 On a real device, I can ping the loopback address Packet Tracer now supports pinging loopback addresses on PCs, but not on routers and
127.0.0.1, what about in Packet Tracer?
switches.
7 On a real router, I can configure an interface with This is no longer an issue in Packet Tracer.
a valid IP address and subnet mask even though it
is a supernet (e.g., 172.24.11.1 255.254.0.0), but
in Packet Tracer it says that the subnet mask is a
"Bad mask."
8 I cannot configure an IP address on a modem
Packet Tracer has a simplified model of modem interfaces and does not model all modem
interface module on the router, but there is a
operations accurately.
configuration interface in the Config tab.
9 If there is a DHCP request with two or more
Packet Tracer has a simplified model of layer 1 collisions. Once a frame is sent out on an
DHCP servers, and then a DHCP request fails due interface, and if a collision happens before the frame reaches the destination, the source
to a possible collision when the DHCP servers try device would not retransmit.
to respond simultaneously, there should be lots of
traffic but there are no further events after the
collision.
10 Why doesn't STP block the ports if the native
STP in this version of Packet Tracer does not implement this feature. However, CDP
VLAN mismatches?
detects the error and prints out an error message. This modeling limitation is fixed in
Packet Tracer.
11 On a real router, the timer is reset for OSPF and This is a modeling limitation of Packet Tracer.
EIGRP routes after a "clear ip route *" command,
but not in Packet Tracer.
12 Why does the Linksys remote management
The problem is that the Linksys router uses port 80 for remote management. On a real
override HTTP port forwarding?
Linksys router, it uses port 80 on the LAN side and port 8080 on the Internet port. The
current implementation of Packet Tracer determines whether or not to allow remote
management by using an ACL on the Internet port that blocks all traffic to port 80.
The workaround is to enable remote management on the Linksys router. This allows traffic
to port 80 into the device. NAT then translates to the IP address on the destination device
and then sends it out to the destination device.
13 The show ip ospf neighbor command shows a
The OSPF priority depends on the IOS version. On version 12.2, it shows 1. On version
priority of 1. Actual 1841 shows priority of 0.

14
15
16
17
18
19
20
21
22
23
24
25
12.3 and later, it shows 0 even if the priority is manually changed to 100. This may be a
bug in the IOS and would not be modeled in this version of Packet Tracer.
Static routes with 255 admin distance should not This is no longer an issue in Packet Tracer.
be added to routing table.
Why do wireless ports always buffer the frames This is because the wireless port is doing CSMA/CA and sends a Request To Send (RTS)
before sending?
before sending any data frame. It then has to receive a Clear To Send (CTS) from the
destination device before sending the data frame. Packet Tracer is not showing the wireless
management frames, so it would show the data frames being buffered without seeing any
other frames.
Why are LMI statistics not updated when the link This is no longer an issue in Packet Tracer.
state changes?
Why can I only ping one VLAN interface on the This is no longer an issue in Packet Tracer.
switch when there are more than one with the
status and line protocol up?
Why does OSPF not work over physical serial
OSPF over NBMA networks is not currently supported in this version. This includes
interface using frame relay?
physical serial interfaces and multipoint sub-interfaces. However, it works on point-topoint sub-interfaces.
In Simulation Mode, routing tables are updated This is a modeling limitation of Packet Tracer.
before the packet arrives in the simulation.
On a router with multiple switching modules,
This is a modeling limitation of Packet Tracer.
there should be individual MAC tables for each
switching module. However, "show mac-address
table" shows only one MAC table.
Why is the command "ip ospf network" not
This command is only available on Serial interfaces to allow OSPF to work over Frame
available in the loopback interface mode?
Relay.
The round trip times for pings in Multiuser
This is a modeling limitation of Packet Tracer. The delay can also be caused by the
networks are very long.
propagation of real TCP packets.
When I issue the command "debug ppp
negotiate" before enabling PPP encapsulation,
debug messages do not show.
On a real switch, when I create a VLAN and then This is a modeling limitation of Packet Tracer.
assign a name to the VLAN, VTP revision
number increases by 1. In Packet Tracer, the VTP
revision number increases by 2.
The EtherChannel group does not come back up This is a bug in Packet Tracer and was discovered late in the testing process. It will be fixed
26
27
28
29
30
31
32
33
34
35
after an error disable.

Configuring shape in a nested policy map gives
an error message.
When I enter "switchport mode trunk" on a
switch without changing the encapsulation to
dot1q first, the command is not rejected like on a
real switch with a message saying "An interface
whose trunk encapsulation is 'Auto' can not be
configured to 'trunk' mode."
"show ipv6 eigrp interfaces" seems to have
incorrect or static output.
Class-maps with inspect type appear to have a
different subset of match sub-commands
compared to real routers.
When I configure manual EIGRP summarization,
sometimes the classful mask is shown in the
routing table for a route.
No warning is shown when exiting the interface
range mode without typing exit.
Is the command "tunnel source [ip address]"
supported?
Does the command "ip mtu [value]" have a
dynamic range?
When I do "show vtp counter", the values for
VTP pruning statistics seems to be incorrect?
Why can I not modify the serverPool DHCP pool
on the server device?
in a future version of Packet Tracer.

Packet Tracer only supports dot1q trunking encapsulation. "auto" automatically detects ISL
and dot1q.
This is a modeling limitation of Packet Tracer. The values in the "show ipv6 eigrp
interfaces" output are hard coded.
This is a modeling limitation of Packet Tracer. It is recommended to just ignore the output.

No. This is a modeling limitation of Packet Tracer.
No. This is a modeling limitation of Packet Tracer.
VTP pruning is not supported in Packet Tracer.
In older versions of Packet Tracer, the server pool is automatically created. The server
device only required enabling DHCP. It is still there for backwards compatibility. This is
not a bug, but rather the implementation of the server which contains the server pool.
36 When I copy a "show running-config" output
This is expected behavior as not all commands are supported in Packet Tracer in the "show
from Packet Tracer and paste the output into CLI, running-config" output.
not all commands are accepted.
37 When I issue the command, "more flash:c2960- This is a modeling limitation of Packet Tracer. Packet Tracer does not store the IOS images
lanbase-mz.122-25.FX.bin", the output is
as actual files. In the current implementation of Packet Tracer, the command outputs
different each time.
random data.
38 When I delete the IOS image from a router or
switch and then save and reopen the file, the

device boots up when it should not.
39 If I issue "debug ip packets" then "logging trap
If these two commands are applied to a router, Packet Tracer would send packets
debug" on a router, it seems that one or the other continuously and will crash eventually. Real routers behave similarly and will lock the user
is not issued at all.
from entering anything as the console will be overloaded with debug messages. As a result,
in Packet Tracer, only one or the other can be applied to the router to prevent such issues
from arising.
40 The output in "show policy-map type inspect
On a real router, the IOS image used in Packet Tracer does not display the protocol.
zone-pair sessions" seems to differ compared to However, the protocol was added for CCNA requirements.
real routers in regards to the type of protocol
detected in the established sessions.
41 The "show clock" output is always Mon Mar 1
In the past, Cisco shipped devices with Mon Mar 1 1993 by default. However, in recent
1993 by default.
times, newer devices are shipping with the current time. Packet Tracer's implementation
uses the old method of displaying the "show clock" command by default.
42 When I enter the command "no ip ips signature- This is no longer an issue in Packet Tracer.
category", it brings the router prompt to the IPS
category configuration mode.
43 Access-lists do not have ESP, AH, or ISAKMP
port options available. As a result, site-to-site
VPNs can be created, but are not functional if
CBAC or ACLs applied.
44 Static routes should be able to specify an
outbound interface and next hop address.
45 A carriage return is missing after removing a
subinterface from a router.
46 There is no error message when two connected
switches have different EtherChannel modes.
47 When I try to issue an SNMP request using a port The routers and switches also need to change to that port. However, Packet Tracer does not
other than 161, SNMP request times out.
have the command to change the SNMP port on routers and switches. This is a modeling
limitation of Packet Tracer.
48 AAA authorization commands are supported, but AAA authorization commands are available on routers as commands only but without any
the functionality does not work.
functionality. This is a modeling limitation of Packet Tracer.
49 When I enter "config t" in global configuration
Packet Tracer is trying to issue the "config-register" command in global configuration
mode, Packet Tracer returns "%Invalid hex
mode. However, Packet Tracer's command parser implementation of the hex part is using
value."
WORD. This is a modeling limitation of Packet Tracer.
50 When I try to enter interface configuration mode

for a non-existent interface, Packet Tracer returns
a different error from a real router.
51 The number of matched packets under the
protocol match statement is greater than the
number of matched packets for the class-map in
the "show policy-map" command.
52 The QoS bandwidth setting does not appear to
have an effect on drop rates.
53 The labs in the curriculum expects more options
for the "debug ip rip" command, but Packet
Tracer only supports the events option.
54 When I have a PC on a VPN connection, it seems
that DNS packets are sending to the VPN server
first and the DNS packets are not encapsulated in
Simulation Mode.
55 An RS232 port is displayed in the physical device
view of the IP Phone, but the RS232 port is not
one of the available ports in the Logical
Workspace.
56 Why doesn't Packet Tracer show all of the
packets involved in a typical SMTP/POP
transaction?
57 On a 3560 multilayer switch's interface, when its
trunk encapsulation is set to "auto", it cannot be
configured to "trunk" mode. The command
"switchport mode trunk" is rejected. Why?
58 When I create a Telnet packet while another TCP

connection exists, the Telnet packet that I created
gets dropped.
59 When I view a TCP packet's PDU details in
Simulation Mode after initiating an HTTP
request, the HTTP client sets the connection state
This is the new correct TCP behavior. If the source port is already used for another
connection, it will not start the TCP connection and the packet will drop.
The drop rates are not accurate numbers.

This is a modeling limitation of Packet Tracer. We may support more options for the debug
ip rip commands in a future version of Packet Tracer.
The RS232 port displayed in the physical device view is for aesthetic purposes only.
Packet Tracer is not simulating SMTP and POP to standards. It just sends a generic request
one way and a reply back.
This is new corrected behavior. 3560 multilayer switches require "switchport trunk
encapsulation dot1q" first before setting the interfaces to trunk mode. This new behavior
may affect existing files.
Switch(config-if)#switchport trunk encapsulation dot1q
Switch(config-if)#switchport mode trunk
This is the new correct behavior. The HTTP client is making a connection and sets the new
TCP connection to SYN_SENT.
to SYN_SENT.
60 How come phones don't register with auto-regephone enabled and auto assign configured in
CME?
61 When I open a PC's device dialog with DHCP
enabled, it keeps sending a DHCP packet.
62 Why does VoIP still work even though switchport
voice vlan 1 is not configured?
This is a modeling limitation in Packet Tracer. Phones will register only if there is a line
number available. The line number is configured using the ephone-dn command. This is
unlike in real devices where phones will register without having a line number for it.
The PC automatically sends a DHCP discover packet when opening the PC device dialog if
it does not have an IP address yet.
On real devices, the phones go down after invoking the "no switchport voice vlan"
commands, but will come up after 20 seconds, and gets registered again and will be able to
make calls again. The down and then up behavior in Packet Tracer is a modeling limitation.
But, after 20 seconds or so, the phones can make calls again.
63 When a call is made to a Cisco IP Communicator When you close the Cisco IP Communicator, it actually minimizes and does not close
that is closed, is the Cisco IP Communicator
completely. On real a Cisco IP Communicator, if it is ringing while minimized, opening
supposed to open in ringing mode or connected Cisco IP Communicator will answer automatically. This is correct behavior.
mode?
64 How come PPPoE clients do not get connected in This is a modeling limitation. The workaround is to either configure all of the servers with
multi-server environments?
the correct configuration so that the clients get connected to the first one it hears from or
remove all but one server that has proper configuration.
65 How come the routers in Packet Tracer do not
Packet Tracer does not support printing debug messages of all PPP negotiation packets.
show ppp negotiation debug messages after I turn
The "debug ppp *" command is only supported on serial interfaces.
on debug?
66 I have "debug ppp authentication" enabled on a
PPPoE server. When a PPPoE client is getting
connected to the PPPoE server, it does not show
any debug messages on the server.
67 Why are log messages for IP phone registrations
different than real devices?
68 I created an access-list that denies FTP data
transfers on port 20, but data transfers are still
successful.
69 When I delete a wireless client from the

workspace, the Linksys router's DHCP client
table doesn't refresh when I click on the refresh
button.
This is a modeling limitation. The "debug ppp authentication" command is only supported
on serial interfaces.
This is a modeling limitation. Packet Tracer does not simulate all the SCCP messages for
registrations like in real devices.
This is a modeling limitation. The FTP operation currently supported in Packet Tracer is
passive mode. In passive mode of operation, the FTP server opens a random data port and
sends it to the client in order for it to connect to it and start the data transfer. The data ports
the FTP server listens are greater than port 1023 and not port 20. Port 20 will be relevant
when active mode of FTP operation is supported in Packet Tracer.
This is correct behavior because the Linksys router did not receive a DHCP release from
the client to release the lease.
70 The MAC address column in the Linksys router's

DHCP Client Table is labeled as
00:00:00:00:00:00.
71 The Expires Times field in the DHCP Client
Table is always empty.
72 What's the purpose of the TFTP Server field in
the DHCP service on the server device?
73 Why do PCs sometimes get default gateway from
DHCP, but sometimes not?
74
75
76
77
78
79
80
This is a modeling limitation.
This is a modeling limitation. This version of Packet Tracer does not support client expire
time.
The TFTP server field in the DHCP server is there for assigning IP addresses with the
TFTP option, so that the DHCP server and the CME router can be two different devices.
DHCP is on by default on server devices (for backwards compatibility). That means if there
is another device (router or another server) in the same LAN serving DHCP, sometimes the
router replies faster and sometimes the server replies faster. Since the server device does
not have the default gateway configured in the DHCP pool by default, so sometimes PCs
do not get gateway.
When I use the "no redistribute connected metric This is a modeling limitation. In Packet Tracer, "no redistribute" with any arguments will
1000000" command, it removes the entire
remove the whole command. If you want the command "redistribute" command back, you
"redistribute" command.
need to enter the command again.
Shaping stats are not shown all for nested policy Nested policy maps show shaping stats (packet/byte counts) and shaping flag (yes/no) for
maps.
outer policy map, but not for inner policy map.
When I configure a destination-pattern of "10.." This is a modeling limitation. In Packet Tracer, the only destination-pattern ".." is
with two dots for one dial-peer and a destination- supported.
pattern "10." with only a single dot for a second
dial-peer, only numbers such as "1022" can be
dialed.
Why does Packet Tracer slow down for long
BGP is a complex protocol, and when there are many BGP routes, the CPU can be
periods when running BGP?
overloaded due to network traffic calculations. Reduce the amount of BGP routes or routers
to lower the CPU usage. In a Multiuser environment with many BGP routes, use a single
Packet Tracer instance with a single BGP router per instance.
Why does the command show ip bgp give a
The BGP table is populated based upon received data and in the order received. Each time
different output than what I see on a real router? BGP is started, the time to establish an adjacency differs slightly and therefore adjacencies
can happen in a different order. As a result, the table is populated in a different order and
the information contained will be different because the known topology of the network at
the time of information exchange is different.
RIPv2 poison and poison-reverse do not work.
This is a modeling limitation. This version of Packet Tracer does not support RIPv2 poison
and poison-reverse.
Why do some wireless devices not get connected If the network or the same physical location has more than 25 wireless devices, it is hitting
to the access point?
our simulation modeling limitation and PT is not able to connect any more wireless devices
81 Duplicate IPv6 addresses are not detected.

82 Why does an IPv6 device not be able to ping
another anycast address when the old anycast
address device is disconnected?
83 The network mask of the route does not get
updated after applying "ipv6 ospf network
broadcast" or "ipv6 ospf network point-to-point"
in the interface.
84 The command "show ipv6 ospf neighbor detail"
shows some missing output such as the Option
detail and link local address.
85 It appears that loading IOS IPS signature package
is not required when configuring IPS.
86 When I enter the command "show ipv6 dhcp
pool" on a DHCP server, the value for active
clients value is 0.
87 There was no application layer information in the
PDU details when simulating SSH traffic. Layers
1, 2, 3 and 4 are reflected in the PDU details, but
the application layer traffic isn't reflected.
88 When I enter the command "show ipv6 dhcp
interface", the value for when the renewal will be
sent is always 0d0h.
89 There is no support for the command "ip defaultrouter" on the Cisco Catalyst 3560-24PS
multilayer switch.
90 When I shutdown an interface on a router
configured on a RIP network, the routing table
shows that the network is possibly down and the
RIP timers are started. However, on real routers,
the network is immediately withdrawn from the
routing table and the RIP timers are not started.
simultaneously. The workaround is to either move some devices to other locations or

manually make the association in the device dialog.
This is a modeling limitation. Packet Tracer does not currently support Duplicate Address
Detection (DAD) for IPv6.
Packet Tracer does not currently implement staling of neighbor devices. Use "clear ipv6
neighbors" to remove the old neighbor and ping again.
This is a modeling limitation. The workaround is to save the file and reopen it.

This is a modeling limitation. The workaround is to change the multilayer switch to a layer
3 switch by entering "ip routing" and configuring a static default route.
This is a bug that will be fixed in a future version of Packet Tracer.
91 Can't I enter the command "no router ospf "

within the command mode for "router ospf "?
92 When entering acl statements without specifying
the sequence number, why does the "show
access-list" command show the acl statements in
a different order from the order shown on Cisco
router?
93 Why can't key chains be entered consecutively
without exiting to normal config mode first?
94 Why doesn't the show running-config output
show async interfaces when HWIC-8A modules
are used?
95 In Simulation mode, why are there scenarios
where a packet is still able to cross a link that is
connected to a port that has been recently
shutdown?
No, due to model limitation, that command is not available.


This is a modeling limitation. HWIC-8A was added for console servers which do not
require async interface support.
This is a modeling limitation. The code can't be set to clear out the event list after a port has
been shutdown because it might cause the network to miss routing packets that were
already sent out. So, depending on when the port was shutdown, packets may still be able
to cross the link because there are instances that the event for that certain PDU has already
been added to the eventlist before the port was shutdown.
System Requirements
Minimum
CPU: Intel Pentium 4, 2.53 GHz or equivalent
OS: Microsoft Windows XP, Microsoft Windows 7, Microsoft Windows 8, Microsoft Windows 8.1 or Ubuntu 12.04 LTS
RAM: 512 MB Free
Storage: 280 MB of free disk space (No tutorials)
Display resolution: 800 x 600
Adobe Flash Player
Language fonts supporting Unicode encoding (if viewing in languages other than English)
Latest video card drivers and operating system updates
Recommended
CPU: Intel Pentium 4, 3.0 GHz or better
RAM: 1 GB or more
Storage: 315 MB of free disk space
Display resolution: 1024 x 768
Sound card and speakers
Internet connectivity (if using the Multiuser feature)
Packet Tracer does not limit the amount of memory that is used to create and configure
devices. So if a user, or more importantly an author, creates complex PKA and PKT files
using large networks with complex protocols running may require up to 1 gigabyte or
more of memory to run effectively. If you are creating activities for PT, please be careful
of creating issues like STP loops as they might greatly increase memory requirements.
By creating files like this, you may cause Packet Tracer to operate unreliably or even
crash.

Packet Tracer Help

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Packet Tracer Help

Transféré par

Droits d'auteur :

Formats disponibles

Using the Help Files

Images for devices now customizable and scalable

Zone-Based Policy Firewall for IPv6

AAA Accounting Commands

IPv6 over IPv4 GRE Tunnel Protection

Etherchannel Expansion (Layer 3)

IOS 15 [15.0.2-SE4(ED)] image support for 2960

OSPF - OSPFv3 Enhancements

OSPF distance command

"ipv6 ospf neighbor [ipv6-add]" interface subcommand

"neighbor router-id" command

"area [area] range" command

ip ospf network point-to-point (loopback interface only)

EIGRP - EIGRPv6 Enhancements

EIGRP distance command

"debug ip eigrp summary" commands

EIGRP authentication commands

RIP - RIPng Enhancements

default-information originate for RIPng

RIP distance command update

DHCP for IPv6

show and clear ip dhcp conflict

DHCP snooping commands

IPv4 Automatic Private IP Addressing (APIPA)

ipv6config /renew and /release on PC

DHCPv6 commands for IOS 15

show ip/ipv6 route summary

Converted Qt3 code to Qt4.82

Scripts - Text popup on topology

Scripts - Supported in instruction window

Add variable manager import / export

Explanation of answer tree nodes names

Add show variables to pools and variables page

Filter based on IPv4 and IPv6 traffic

Update PDU index in the PDU Window

Expanded buffer for PDUs.

Uses for Packet Tracer

Class work, Homework, and Distance Learning

Hands-on lab reinforcement

Modeling and visualization of networking device algorithms and networking protocols

Multi-user cooperative and competitive activities

Problem-solving activities in concept-building, skill-building, design, and troubleshooting

Four problem types are well-supported by Packet Tracer:

Design challenges (constraint-based problems with multiple correct solutions)

Workspaces and Modes

Setting a User Profile

My First Packet Tracer Lab

Viewing Help and Tutorials

Capturing Events and Viewing Animations in Simulation Mode

I. Viewing Help and Tutorials (View Tutorial)

II. Creating a First Network (View Tutorial)

III. Sending Simple Test Messages in Realtime Mode (View Tutorial)

Congratulations on successfully establishing a web server connection.

V. Capturing Events and Viewing Animations in Simulation Mode (View Tutorial)

Congratulations on successfully capturing events and viewing animations in Simulation Mode.

VI. Looking Inside Packets in Simulation Mode (View Tutorial)

VIII. Reviewing Your New Skills

Demonstrates how to configure devices using the Config tab.

Demonstrates how to launch and exit Activity Wizard.

Gives an overview of the Scoring Model interface in the Activity Wizard.

End to End Example

Shows an end to end example of an activity using scoring models.

Demonstrates how to use the Offline Saving feature.

The Logical and Physical Workspaces