Cisco IOS (originally Internetwork Operating System) is software used on most Cisco Systems routers and current Cisco network switches. (earlier Switches ran on CatOS.) IOS is a package of routing, switching, internetworking and telecommunications functions integrated into a multitasking operating system.
CLI – command Line Interface
There are different ways to configure a router but most
often, the first place we would connect to is the console port. The console
port is usually an RJ-45 (8 Pin Modular) connection.
We can also connect to a Cisco router through an auxiliary
port but for that we need a modem.
The third way to connect to a Cisco router is in-band,
through the program Telnet.
Bringing Up a Router
When we first bring up a Cisco router, it will run a power on
self-test (POST). If it passes, it will then looks for and load the Cisco IOS
from flash memory-- if an IOS file is present. After that, the IOS loads and
looks for a valid configuration--the startup-config, that’s stored by default
in non-volatile RAM, or NVRAM.
If there isn’t a configuration in NVRAM, the router will go
in to set up mode, a step by step process to help you configure the router. You
can also enter setup mode at any time from the command line by typing the
command setup from something called privilege mode.
Flash Memory- Flash memory is electronically erasable
programmable read-only memory—an EEPROM.
The Pound signs (#) are telling us that the IOS is being
decompressed into RAM. After it is decompressed into RAM, the IOS is loaded and
starts running the router.
After the interface status messages appear and we press enter
the Router > prompt will appear. This is called user exec mode (User mode).
And it’s mostly used to view statistics, but it’s also a steppingstone to
logging into privileged mode.
We can only view and change the configuration of a Cisco
router in privileged exec mode, which we can enter with the enable command.
At first we see Press “Enter” to start
Router > (User Mode)
Router > enable
Router# (Privileged Mode)
To exit from this mode we type here exit or disable or logout
Router# exit
Router>
(Ctrl+C) Exit
To configure from CLI, you can make global changes to the
router by typing configure-terminal, which puts you in global configuration
mode and changes what’s known as the running-config.
You can type config from the privileged-mode prompt then just
press enter to take the default of terminal.
Router#config t
Router (config) # (configure mode)
To make changes to an interface, we use the interface command
from global configuration mode.
Router (config) #int fa0/0
Router (config-if) #
Subinterfaces
Subinterfaces allow you to create logical interfaces within
the router. The prompt then changes to Router (config-subif) #
Router (config-if) int fa0/0.1
Router (config-subif) #
Line Commands
To configure user-mode passwords, use the line command. The
prompt then becomes
Router (config-line) #
Router # config t
Router (config) # line console 0
Router (config-line) # password Cisco
The line console 0 command is known as a major command (also
called a global command) and any command typed from the (config-line) prompt is
known as a subcommand.
Routing Protocol Configurations
To configure routing protocols such as RIP and EIGRP, use the
prompt (config-router) #.
Router # config t
Router (config) #router rip
Router (config) # version 2
Router (config-router) #
We can use the Cisco advanced editing features to help us to
configure the router. If we type in a question mark at any prompt we will be given
a list of all the commands available from that prompt.
Router #?
By typing the clock? We will get a list of the next possible
parameters and what they do.
Router# clock?
Router# clock set?
Router# clock set 10:30:10 10 28 Aug
Use the show history command to see the last 10 commands that
were entered on the router.
Router# show his
The show version command will provide basic configuration for
the system hardware as well as the software version, the names and sources of
configuration files, and the boot images.
Router# show version
To check the running config
Router# show run
To check the serial interface
Router# show serial 0/0/0
We can set the identity of the router with hostname command.
Router# config t
Router (config) #hostname Cisco
Cisco (config) #
A banner is more than just a little cool-one very good reason
for having a banner is to give any and all who dare attempt to telnet or dial
into your internetwork a little security notice.
Router (config) # banner motd @unauthorized access
prohibited@
Other type of banner
- Incoming banner,
- Login banner.
Setting Passwords
There are five passwords used to secure your Cisco routers.
Console, auxiliary, telnet, enable and enable secret.
Two passwords are used to set your enable password that’s
used to secure privileged mode. This will prompt a user for a password when the
enable command is used.
The other three are used to configure a password when user
mode is accessed either through the console port, through the aux port or via telnet.
We set the enable passwords from global configuration mode
Router (config) # enable password cisco
Sets the enable password on older, pre 10.3 systems, and
isn’t ever used if an enable secret is set.
Secret – Is the newer, encrypted password that overrides the
enable password if it’s set.
Use -tacas- this tells the router to authenticate through a
TACACS server.
Router (config) #enable secret CCNA
User mode passwords are assigned by using the line command
Router (config) #line vty 0 4
# Password ccnp
#login
Aux-sets the user-mode password for the auxiliary port. It’s
usually used for attaching a modem to the router, but it can be used as a console
as well.
Console - Sets a console user-mode password.
Vty sets a telnet password on the router. If this password isn’t
set then telnet can’t be used by default.
To configure the auxiliary password go in to global
configuration mode and type line aux? You can see here that you only get a
choice of 0-0.
Router#config tRouter (config) #line aux 0Router (config-line) #password ccnpRouter (config-line) #loginRouter #sh run
Through this command we see all password but if we want to
change or encrypt all passwords format then we run this command
Router (config) #service password encryption
For turn off this command
Router (config) #no service password encryption
Descriptions – Setting the descriptions on an interface is
helpful to the administrator and like the hostname only locally significant.
Router (config-if) #description sales LAN
Router Interfaces
Interfaces configuration is one of the most important router configurations,
because without interfaces a router is pretty much a completely useless object.
Plus interfaces configurations must be totally precise to enable communication with
other devices. Some of the configurations used to configure an interface are
network layer addresses, media type, bandwidth and other administrator command.
Configure an IP address on an interface
Router (config) #int e0
Router (config-if) #Ip add 192.168.10.10 255.255.255.0
Router (config-if) #no shut
We configure a DCE serial interface with the clock rate
command.
Router (config) #int s0/0
Router (config-if) #clock rate 64000
Router (config-if) #bandwidth 64
We can manually save the file from DRAM to NVRAM by using the
copy run command
We can delete the startup config file by using the erase
startup config command
Router # erase startup-config
To restart the router via command
Router# reload
Save? (yes/no) n
Ping – Ping is packet Internet Groper, a programme that uses
ICMP Echo requests and replies. Ping sends a packet to a remote host, and if that
host responds, means that the host is alive.
Trace route – Uses ICMP with IP time to live (TTL) time outs
to track the path a packet takes through an internetwork, in contrast to Ping,
which just finds the host and responds. And Trace route can also be used with multiple
protocols.
Verifying with the show interface Command
Router#show int fa0/0
Router#show int s0/0
Another important configuration to notice is the keepalive,
which is 10 seconds by default, each router sends a keepalive message to its neighbor
every 10 seconds, and if both routers aren’t configured for the same keepalive
time, it won’t work.
We can clear the counters on the interface by typing the
command clear counters.
Router#clear counters s0/0
MTU – Maximum Transmission Unit (1500 bytes by default)
Using the “show ip int” brief command.
This command provides a quick overview of the routers
interfaces including the logical address and status.
Router#show ip int brief
Show Protocols command
The show protocols command is a really helpful command you’d
use in order to see the quick status of layers 1 and 2 of each interface as
well as the ip address used.
Using the show Controllers Command
The show controllers command displays information about the
physical interfaces itself. It will also give you the type of serial cable
plugged in to a serial port. Usually this will only be a DTE cable that plugs
in to a type of Data Service Unit (DSU).
Router#show controllers serial 0/0
Router#show controllers serial 0/1
Notice that serial 0/0 has a DTE cable, whereas the serial
0/1 connection has a DCE cable. Serial 0/1 would have to provide clocking with
the clock rate command. Serial 0/0 would get its clocking from the DSU.
Understand the sequence of what happens when you power on a router
When you first bring up a cisco router it will run a power on
self-test (post), and if that passes, it will then look for and load the Cisco
IOS from flash memory, if a file is present the IOS then proceeds to load and
looks for a valid configuration in NV RAM called the Startup-config. If no file
is present in NV RAM, the router will go into setup mode.
Set up mode is automatically started if a router boots and no
startup – config is in NV RAM. We can also bring up set up mode by typing setup
from the privileged mode.
Understand the difference between user mode and privileged
mode. User mode provides a command line interface with very few available commands
by default. User mode does not allow the configuration to be viewed or changed.
Privileged mode allows a user to both view and change the configuration of a
router. You can enter privileged mode by typing the command enable.
Remember what the command show version Provides
The show version command will provide basic configuration for
the system hardware as well as the software version, the names and sources of
configuration files, the config-register setting and the boot images.
Remember the diff between the enable password and enable
secret password
Both of these passwords are used to gain access into
privileged mode. However, the enable secret is newer and is always encrypted by
default. Also, if you set the enable password and then set the enable secret,
only the enable secret will be used.
If we type show int serial 0 and see that is down, line
protocol is down, this will be considered a physical layer problem. If you see
it as up, line protocol is down, then you have a data link layer problem.
Using the Pipe
This Pipe (|) allows s to wade through all the configurations
or other long outputs and get straight to our goods fast.
Router#show run | begin interface
Router#show Ip route | include 192.168.1.1
For SSH Login
Router#host cisco
Cisco#conf t
Cisco (config) #Ip domain name cisco.com
#username R1 password cisco123
#crypto key generate rsa general-keys modulus 1024
#ssh version 2
#line vty 0 4
#transport input ssh telnet
#login local
----
No comments:
Post a Comment