CISCO DEVICES ADMINISTRATION AND CONFIGURATION

advertisement
CISCO DEVICES ADMINISTRATION AND CONFIGURATION
The CCNA exam does not test your product-specific knowledge. So you are not expected to
know what feature cards are available for a Layer 3 series switch, but you do need to understand
the differences between a router and a switch, and you need to understand how their
configuration requirements vary.
This section introduces you to Cisco equipment. In this section you will learn how to connect to it
and make initial configurations, as well as how to connect it to other devices to build a network.
You will review the different types of network connections available, with particular emphasis on
those that are tested in the CCNA exams. You will also look at where a Cisco device stores the
various files it needs to operate, the files needed for the boot process, and the backup and
restoration of system files
For our purposes, we use a Catalyst 2960 or 3560 switch and a 1600, 1700, or 2600 series router
as example devices. Most of the commands you learn in this section also apply to more
advanced models.
Cisco devices are very costly. For exam preparation you could use simulators. Several simulators
are available choose one that best suites you. We would packet tracer for configuration.
Download Free Packet Tracer How To use packet tracer
Packet tracer is tiny software developed by Cisco System. With packet tracer you can do entire
practical of CCNA. Beside packet tracer there are lot of simulator software are available on
internet. But most of them will cost you around 150$. In this article from our free CCNA study
guide series we will guide you that how can you install packet tracer.
Packet Tracer offers a broad range of opportunities for instructors to demonstrate networking
concepts. Although Packet Tracer is not a substitute for real equipment, it allows students to
practice using a model of the Cisco Internet work Operating System (IOS) command line interface
and provides visual, drag-and-drop problem solving using virtual networking devices. This handson capability is a fundamental component of learning how to config¬ure routers and switches
from the command line. Students can see how to configure and connect networking hardware
while confirming systems design. Instructors can create their own self-evaluated activities that
present immediate feedback to students on their proficiency in completing assignments.
Download
packet
tracer
Packet Tracer
Do right click and select extract here.
Double click on setup file to invoke installation
On welcome screen press next
On license agreement screen select I accept and click next
Now select destination path where you want to install it
On select start menu screen press next
On select additional task screen click next
Press next on ready to install screen
Now packet tracer will copy necessary file on hard disk
Click on finish to complete packet tracer setup
Now we have successfully installed packet tracer. In our next articles we would use this to do
CCNA practice.
How to connect with cisco devices
In this lab scenario I will demonstrate that how can you connect with a Cisco router. To connect
physical Cisco device you need a console cable. Attach cable to com port on computer and other
end to console port of Cisco devices.
Console Port
When you first obtain a new Cisco device, it won't be configured. That is to say, it will not do any
of the customized functions you might need; it does not have any IP addresses, and it is generally
not going to do what you paid for. Routers need basic configuration to function on a network. The
console port is used for local management connections. This means that you must be able to
physically reach the console port with a cable that is typically about six feet long. The console
port looks exactly like an Ethernet port.
Once you have proper console cable follow this path
Now on computer click on stat button ==> program = = > accessories == >
communications == > hyper terminal == > location information == > cancel == > Confirm
cancel == > yes == > hyper terminal == > OK Connection Descriptions == > Vinita == > OK
== > location information == > confirm cancel == > yes == > hyper terminal == > connect to
== > OK == > Port Settings == > Do setting as Given Below and press OK.
If you still have problem in configuring hyper terminal or you do not have hyper terminal options in
accessories you can use this tiny software. With this software you can connect with any devices
that support Telnet, SSH, Rlogin, console connections. This is ready to use software. Download it
and execute it. Select Serial sub key from Session main key and rest it will do automatically.
Download Putty
How to connect with router in Boson Simulator.
If you use Boson simulator for CCNA practical then select erouter from tools menu and select
router from available list. ( Device only be available when any topology will be loaded in simulator.
Use Boson Network designer to create topology.)
How to connect with router in packet tracer.
First create a desire topology by dragging devices to workspace. Once you have created topology
configurations in packet tracer is straight forward. To Configure any device double click on it and
select CLI.
javascript:void(0);
Device A
Cable
Device B
Router's serial port
Cisco serial DCE/DTE cables
Router's serial port
Router's Ethernet port
Crossover
Router's Ethernet port
Router's Ethernet port
Straight-through
Switch port
Router's Ethernet port
Crossover
Computer NIC
Console of router/switch
Rollover
Computer COM port
Switch port
Crossover
Switch port
Computer NIC
Crossover
Computer NIC
Computer NIC
Straight-through
Switch port
Advantages of IOS internetwork operating system
Connectivity
The IOS supports a variety of data link layer technologies for the LAN and WAN environments,
including copper and fiber wiring as well as wireless.
Scalability
The IOS supports both fixed and modular chassis platforms, enabling you to purchase the
appropriate hardware for your needs, yet still allowing you to leverage the same IOS CLI to
reduce your management costs.
Reliability
To ensure that your critical resources are always reachable, Cisco has developed many products
and IOS features to provide network redundancy.
Security
With the IOS, you can strictly control access to your network and networking devices in
accordance with your internal security policies.
Naming Conventions for IOS Images
c1841-advipservicesk9-mz.124-6.T7.bin ( this name is used to expalation)
 c1841
The c1841 refers to the name of the platform on which the image will run. This is
important because different router models have different processors, and an image
compiled for one processor or router model will typically not run on a different model.
 advipservicesk9
The advipservicesk9 refers to the features included in this IOS version, commonly
referred to as the feature set. In this example, the IOS is the advanced IP services
and the k9 refers to the inclusion of encryption support.
 mz or z
The mz or z means that the image is compressed and must be uncompressed before
loading/running. If you see l (the letter l, not the number 1) here, this indicates where the
IOS image is run from. The l indicates a relocatable image and that the image can be run
from RAM. Remember that some images can run directly from flash, depending on the
router model.
 124-6.T7
The 124-6.T7 indicates the software version number of the IOS. In this instance, the
version is 12.4(6)T7. Images names with T indicate new features, and without the T the
mainline (only bug fixes are made to it).
 .bin

The .bin at the end indicates that this is a binary image.
An IOS filename is broken down into four parts:
 Platform
 Feature set
 Run location and compression
 Version
Memory Locations
Code
Location
F
Image runs in flash
M
Image runs in Random Access Memory (RAM)
R
Image runs in Read Only Memory (ROM)
L
Image will be relocated at runtime
Compression Identifiers
Code
Compression
Z
Image is Zip compressed
X
Image is Mzip compressed
W
Image is Stac compressed
Connections
Cisco's
networking
products
support
two
types
of
external
connections:
ports (referred to as lines) and interfaces.
Out-of-band management (which you do by console ports) does not affect the bandwidth flowing
through your network, while in-band management(which is doen by interface) does
Console Port
Almost every Cisco product has a console port. This port is used to establish an out of- band
connection in order to access the CLI to manage your Cisco device. Most console connections to
Cisco devices require an RJ-45 rollover cable and an RJ-45-to-DB9 terminal adapter.
The rollover cable pins are reversed on the two sides.
Com port setting
Speed
9600 bps
Data bits
8
Stop bits
1
Parity & Flow Control
None
Cabling Devices
A straight-through cable is used for DTE-to-DCE connections.
 A hub to a router, PC, or file server
 A switch to a router, PC, or file server
Crossover cables should by used when you connect a DTE to another DTE or a DCE to
another DCE.
 A hub to another hub
 A switch to another switch
 A hub to a switch
 A PC, router, or file server to another PC, router, or file server
Cisco ios router switch nomenclature classification detail
Interface of Router
Console
The console port is used for local management connections. This means that you must be able to
physically reach the console port with a cable. The console port looks exactly like an Ethernet
port. It uses the same connector , but it has different wiring and is often identified with a light blue
label "CONSOLE."
Aux Port
The AUX port is really just another console port that is intended for use with a modem, so you
can remotely connect and administer the device by phoning it. However using aux port for
configuration create some security issues, so make sure that you get advice on addressing those
before setting this up.
Ethernet Port
An Ethernet port (which might be a FastEthernet or even a GigabitEthernet port, depending on
your router model) is intended to connect to the LAN. Some routers have more than one Ethernet
or FastEthernet port; it really depends on what you need and of course what you purchase. The
Ethernet port usually connects to the LAN switch with a straight-through cable.
Serial Port
A Cisco serial port is a proprietary design, a 60-pin D-sub. This connector can be configured for
almost any kind of serial communication. You need a cable that has the Cisco connector on one
end and the appropriate type of connector for the service you want to connect to on the other.
Other Connections
Your router may have some other port like T1 controller for wan services. Or you could have bri
and pri port. But none of these ports are tested in CCNA exam so you need to concern about
these ports.
Switch Interface Nomenclature
The Catalyst 2950 and 2960 switches support only fixed interfaces, while some of Cisco's higher
end switches, such as the 6500s, support modular slots with interface cards.
The nomenclature of an interface is type slot_#/port_#.
The type of interface is the media type, such as ethernet, fastethernet, or gigabit.
Following this is the slot number. For all fixed interfaces on a Cisco switch, the slot number is
always 0.
The port number is the number of the port in the specified slot.
Unlike Cisco router ports, switch port numbers start at 1 and work their way up. For instance, on a
2960, the very first port is fastethernet 0/1, the second port is fastethernet 0/2, and so on. Some
2960 switches support Gigabit Ethernet interfaces, so the nomenclature for the interface would
look like this:
gigabitethernet 0/1.
Router Interface Nomenclature
When referring to fixed interfaces, the interface numbers always begin with 0 (not 1, like the
switches) and work their way up within a particular interface type.
For routers that have only fixed interfaces, the interface nomenclature is type port_#.
For example, if a router has two fixed Ethernet interfaces and two fixed serial interfaces, they
would be called ethernet 0and ethernet 1 and serial 0 and serial 1. The port numbers begin at 0
within each interface type. Through use of an interface type and a number, each of the interfaces
can be uniquely identified.
However, if a router has modular slots, where you can insert interface cards into these slots, the
interface nomenclature is like the Catalyst switches:
type slot_#/ port_#. Each slot has a unique slot number beginning with 0, and within each slot,
the ports begin at 0 and work their way up.
For example, if you had a modular router with two slots, the first slot would be 0 and the
second 1. If the first slot had four Ethernet interfaces, the interface numbers would be 0– 3 and if
ond slot had two Ethernet interfaces, the interface numbers would be 0 and 1.
Example of a four-port serial module in the third slot of a 3640 router: serial 2/0, serial 2/1, serial
2/2, and serial 2/3.
Some examples of routers with modular interfaces: 2600, 3600, 3700, 7000, 7200, and 7500.
The exception to this is the 1600 and 1700 routers; even though they are modular, you don’t
configure any slot number when specifying a particular interface
Cisco ios mode User privilege Global configuration

CLI Access Modes



Each Cisco device on CLI interface supports three access modes
User EXEC
Provides basic access to the IOS with limited command availability (basically simple monitoring
and troubleshooting commands)
Privilege EXEC
Provides high-level management access to the IOS, including all commands available at User
EXEC mode
Configuration
Allows configuration changes to be made to the device
User EXEC Mode
Your initial access to the CLI is via the User EXEC mode, which has only a limited number of
IOS commands you can execute. Depending on the Cisco device’s configuration, you might be
prompted for a password to access this mode.
This mode is typically used for basic troubleshooting of networking problems. You can tell that
you are in User EXEC mode by examining the prompt on the left side of the screen:
Router>
If you see a > character at the end of the information, you know that you are in User EXEC mode.
The information preceding the > is the name of the Cisco device.
For instance, the default name of all Cisco routers is Router, whereas the 2960 switch’s User
EXEC prompt looks like this: Switch>. These device names can be changed with the hostname
command.
Privilege EXEC Mode
Once you have gained access to User EXEC mode, you can use the enable command to access
Privilege EXEC mode:
Router> enable
Router#
Once you enter the enable command, if a Privilege EXEC password has been configured on the
Cisco device, you will be prompted for it. Upon successfully authenticating, you will be
in Privilege EXEC mode. You can tell that you are in this mode by examining the CLI prompt. In
the preceding code example, notice that the > changed to a #.
When you are in Privilege EXEC mode, you have access to all of the User EXEC commands as
well as many more advanced management and troubleshooting commands. These commands
include extended ping and trace abilities, managing configuration files and IOS images, and
detailed troubleshooting using debug commands. About the only thing that you can’t do from this
mode is change the configuration of the Cisco device—this can be done only from Configuration
mode. If you wish to return to User EXEC mode from Privilege EXEC mode, use
the exit command:
Router# exit
Router>
Again, by examining the prompt, you can tell that you are now in User EXEC mode.
Configuration Modes of Cisco IOS Software





From privileged EXEC mode, you can enter global configuration mode using the
configure terminal command.
From global configuration mode, you can access specific configuration modes, which include, but
are not limited to, the following:
Interface:
Supports commands that configure operations on a per-interface basis
Subinterface:
Supports commands that configure multiple virtual interfaces on a single physical interface
Controller:
Supports commands that configure controllers (for example, E1 and T1 controllers)
Line:
Supports commands that configure the operation of a terminal line (for example, the console or
the vty ports)
Router:
Supports commands that configure an IP routing protocol
If you enter the exit command, the router backs out one level, eventually logging out. In general,
you enter the exit command from one of the specific configuration modes to return to global
configuration mode. Press Ctrl+Z or enter end to leave configuration mode completely and return
to the privileged EXEC mode.
Commands
that
affect
the
entire
device
are
called global commands.
The hostname and enable password commands are examples of global commands.
Commands that point to or indicate a process or interface that will be configured are called major
commands. When entered, major commands cause the CLI to enter a specific configuration
mode.
Major commands have no effect unless you immediately enter a subcommand that supplies the
configuration entry. For example, the major command interface serial 0 has no effect unless you
follow it with a subcommand that tells what is to be done to that interface.
Router Modes
Router>
User mode
Router#
Privileged mode (also known as EXEC-level mode)
Router(config)#
Global configuration mode
Router(config-if)#
Interface mode
Router(config-subif)#
Subinterface mode
Router(config-line)#
Line mode
Router(config-router)#
Router configuration mode
Cisco devices hardware component and booting process

ROM
ROM contains the necessary firmware to boot up your router and typically has the following four
components:
 POST (power-on self-test) Performs tests on the router's hardware components.
 Bootstrap program Brings the router up and determines how the IOS image and
configuration files will be found and loaded.
 ROM Monitor (ROMMON mode) A mini–operating system that allows you to perform lowlevel testing and troubleshooting, the password recovery procedure,
 Mini-IOS A stripped-down version of the IOS that contains only IP code. This should be used
in emergency situations where the IOS image in flash can't be found and you want to boot up
your router and load in another IOS image. This stripped-down IOS is referred to as
RXBOOT mode.
RAM
RAM is like the memory in your PC. On a router, it (in most cases) contains the running IOS
image; the active configuration file; any tables (including routing, ARP, CDP neighbor, and other
tables); and internal buffers for temporarily storing information, such as interface input and output
buffers. The IOS is responsible for managing memory. When you turn off your router, everything
in RAM is erased.
Flash
Flash is a form of nonvolatile memory in that when you turn the router off, the information stored
in flash is not lost. Routers store their IOS image in flash, but other information can also be stored
here. Note that some lower-end Cisco routers actually run the IOS directly from flash (not RAM).
Flash is slower than RAM, a fact that can create performance issues.
NVRAM
NVRAM is like flash in that its contents are not erased when you turn off your router. It is slightly
different, though, in that it uses a battery to maintain the information when the Cisco device is
turned off. Routers use NVRAM to store their configuration files. In newer versions of the IOS,
you can store more than one configuration file here.
Router Boot up Process
A router typically goes through five steps when booting up:
 The router loads and runs POST (located in ROM), testing its hardware components,
including memory and interfaces.
 The bootstrap program is loaded and executed.
 The bootstrap program finds and loads an IOS image: Possible locations: - flash, a TFTP
server, or the Mini-IOS in ROM.


Once the IOS is loaded, the IOS attempts to find and load a configuration file, stored in
NVRAM
After the configuration is loaded, you are presented with the CLI interface. you are placed into
is User EXEC mode.
Setup Mode
Cisco devices include a feature called Setup mode to help you make a basic initial configuration.
Setup mode will run only if there is no configuration file in NVRAM—either because the router is
brand-new, or because it has been erased. Setup mode will ask you a series of questions and
apply the configuration to the device based on your answers. You can abort Setup mode by
typing CTRL+C or by saying "no" either when asked if you want to enter the initial configuration
dialog or when asked if you want to save the configuration at the end of the question.
Configuration register
The configuration register is a special register in the router that determines many of its boot up
and running options, including how the router finds the IOS image and its configuration file. The
configuration register is a four-character hexadecimal value that can be changed to manipulate
how
the
router
behaves
at
bootup.
The
default
value
is
0x2102.
The characters "0x" indicate that the characters that follow are in hexadecimal. This makes it
clear whether the value is "two thousand one hundred and two" or, as in this case, "two one zero
two.hexadecimal".
The fourth character in the configuration register is known as the boot field. Changing the value
for this character will have the following effects:
 0x2100 = Always boot to ROMMON.
 0x2101 = Always boot to RXBOOT.
 0x2102 through 0x210F = Load the first valid IOS in flash; values of 2 through F for the fourth
character specify other IOS image files in flash.
The third character in the configuration register can modify how the router loads the configuration
file. The setting of 0x2142 causes the router to ignore the startup-config file in NVRAM (which is
where the password is stored) and proceed without a configuration—as if the router were brand
new or had its configuration erased.
How to reset Router password
The Password Recovery process is simple and takes less than five minutes depending on how
fast your router boots
 Connect to the console port, start your terminal application, and power cycle the router. When
you see the boot process beginning, hit the Break sequence. (This is usually Ctrl+Page
Break, but it might differ for different terminal applications.) Doing this interrupts the boot
process and drops the router into ROMMON.
 At the ROMMON prompt, enter the command confreg 0x2142 to set the configuration
register to 0x2142.
 Restart the router by power cycling it or by issuing the command reset.
 When the router reloads, the configuration register setting of 0x2142 instructs the router to
ignore the startup-config file in NVRAM. You will be asked if you want to go through Setup
mode because the router thinks it has no startup-configuration file. Exit from Setup mode.
 Press Return and enable command enable to go into privileged EXEC command mode. No
password is required because the startup config file was not loaded.
 Load the configuration manually by entering copy startup-config running-config.




Go into the Global Configuration mode using the command configure terminal and change
the password with the command enable password password or enable secret password.
Save the new password by entering copy running-config startup-config.
Go to the global config prompt, and change the configuration register back to the default
setting with the commandconfig-register 0x2102. Exit back to the privileged exec prompt.
Reboot the router using the reload command. You will be asked to save your changes; you
can do so if you have made additional configuration changes.
Reset password on 1841
System Bootstrap, Version 12.3(8r)T8, RELEASE SOFTWARE (fc1)
Cisco 1841 (revision 5.0) with 114688K/16384K bytes of memory.
Self decompressing the image :
################
monitor: command "boot" aborted due to user interrupt
rommon 1 > confreg 0x2142
rommon 2 > reset
System Bootstrap, Version 12.3(8r)T8, RELEASE SOFTWARE (fc1)
Cisco 1841 (revision 5.0) with 114688K/16384K bytes of memory.
Self decompressing the image :
############################################################### [OK]
Cisco IOS Software, 1841 Software (C1841-ADVIPSERVICESK9-M),
Version 12.4(15)T1, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Wed 18-Jul-07 04:52 by pt_team
Image text-base: 0x60080608, data-base: 0x6270CD50
Cisco 1841 (revision 5.0) with 114688K/16384K bytes of memory.
Processor board ID FTX0947Z18E
M860 processor: part number 0, mask 49
2 FastEthernet/IEEE 802.3 interface(s)
191K bytes of NVRAM.
31360K bytes of ATA CompactFlash (Read/Write)
Cisco IOS Software, 1841 Software (C1841-ADVIPSERVICESK9-M),
Version 12.4(15)T1, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Wed 18-Jul-07 04:52 by pt_team
--- System Configuration Dialog --Continue with configuration dialog? [yes/no]: no
Press RETURN to get started!
Router>enable
Router#copy startup-config running-config
Destination filename [running-config]?
428 bytes copied in 0.416 secs (1028 bytes/sec)
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#enable password vinita
Router(config)#enable secret vinita
Router(config)#config-register 0x2102
Router(config)#exit
Router#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
Router#reload
Proceed with reload? [confirm]
CDP Cisco Discovery Protocol example and guide
Cisco Discovery Protocol (CDP) is a proprietary protocol designed by Cisco to help
administrators collect information about both locally attached and remote devices. By using CDP,
you can gather hardware and protocol information about neighbor devices, which is useful info for
troubleshooting the network.
CDP messages are generated every 60 seconds as multicast messages on each of its active
interfaces.
The information shared in a CDP packet about a Cisco device includes the following:
 Name of the device configured with the hostname command
 IOS software version
 Hardware capabilities, such as routing, switching, and/or bridging
 Hardware platform, such as 2600, 2950, or 1900
 The layer-3 address(es) of the device
 The interface the CDP update was generated on
CDP allows devices to share basic configuration information without even configuring any
protocol specific information and is enabled by default on all interfaces.
CDP is a Datalink Protocol occurring at Layer 2 of the OSI model.
CDP is not routable and can only go over to directly connected devices.
CDP is enabled, by default, on all Cisco devices. CDP updates are generated as multicasts every
60 seconds with a hold-down period of 180 seconds for a missing neighbor. The no cdp run
command globally disables CDP, while the no cdp enable command disables CDP on an
interface. Use show cdp neighbors to list out your directly connected Cisco neighboring devices.
Adding the detail parameter will display the layer-3 addressing configured on the neighbor.
How could CDP help you?
Sanjay has just been hired as a senior network consultant at a large bank in Jaipur, Rajasthan.
He is expected to be able to take care of any problem that comes up. No problem at all here—he
only has to worry about people possibly not getting the right money transaction if the network
goes down. Sanjay starts his job happily.
Soon, of course, the network has some problems. He asks one of the junior administrators for a
network map so he can troubleshoot the network. This person tells him that the old senior
administrator (who just got fired) had them with him and now no one can find them. Cashiers are
calling every couple of minutes because they can’t get the necessary information they need to
take care of their customers. What should he do?
CDP to the rescue! Thank God this bank has all Cisco routers and switches and that CDP is
enabled by default on all Cisco devices. Also, luckily, the dissatisfied administrator who just got
fired didn't turn off CDP on any devices before he left. All Sanjay has to do now is to use
the show cdp neighbor detail command to find all the information he needs about each device
to help draw out the bank network .
Cisco Discovery Protocols Configuration commands
Router#show cdp
Displays global CDP information (such as timers)
Router#show cdp neighbors
Displays information about neighbors
Router#show cdp neighbors detail
Displays more detail about the neighbor device
Router#show cdp entry word
Displays information about the device named word
Router#show cdp entry *
Displays information about all devices
Router#show cdp interface
Displays information about interfaces that have CDP running
Router#show cdp interface x
Displays information about specific interface x running CDP
Router#show cdp traffic
Displays traffic information—packets in/out/version
Router(config)#cdp holdtime x
Changes the length of time to keep CDP packets
Router(config)#cdp timer x
Changes how often CDP updates are sent
Router(config)#cdp run
Enables CDP globally (on by default)
Router(config)#no cdp run
Turns off CDP globally
Router(config-if)#cdp enable
Enables CDP on a specific interface
Router(config-if)#cdp enable
Enables CDP on a specific interface
Router(config-if)#no cdp enable
Turns off CDP on a specific interface
Router#clear cdp counters
Resets traffic counters to 0
Router#clear cdp table
Deletes the CDP table
Router#debug cdp adjacency
Monitors CDP neighbor information
Router#debug cdp events
Monitors all CDP events
Router#debug cdp ip
Monitors CDP events specifically for IP
Router#debug cdp packets
Monitors CDP packet-related information
How to get help in router command prompt
Cisco IOS Software uses several command-line input help facilities, among these contextsensitive help is the most powerful feature of cisco ios.
Context-Sensitive Help
One of the more powerful features of the IOS is context-sensitive help. Context sensitive help is
supported at all modes within the IOS, including User EXEC, Privilege EXEC, and Configuration
modes. You can use this feature in a variety of ways. If you are not sure what command you need
to execute, at the prompt, type either help or ?. The Cisco device then displays a list of
commands that can be executed at the level in which you are currently located, along with a brief
description
of
each
command.
Here is an example from a router’s CLI at User EXEC mode:
Router>?
Exec commands:
<1-99>
Session number to resume
connect
Open a terminal connection
disconnect Disconnect an existing network connection
enable
Turn on privileged commands
exit
Exit from the EXEC
ipv6
ipv6
logout
Exit from the EXEC
ping
Send echo messages
resume
Resume an active network connection
show
Show running system information
ssh
Open a secure shell client connection
telnet
Open a telnet connection
terminal
Set terminal line parameters
traceroute Trace route to destination
Router>
If you see -- More -- at the bottom of the screen, this indicates that more help information is
available
than
can
fit
on
the
current
screen.
On
a
Cisco
device,
if you press the SPACEBAR, the IOS pages down to the next screen of help information;
if you press the ENTER key, help scrolls down one line at a time Any other keystroke breaks out
of the help text.
For more detailed help, you can follow a command or parameter with a space and a ?. This
causes the CLI to list the available options or parameters that are included for the command. For
instance, you could type copy followed by a space and a ? to see all of the parameters available
for the copy command:
Router#copy ?
running-config Copy from current system configuration
startup-config Copy from startup configuration
tftp:
Copy from tftp: file system
Router#copy
In this example, you can see at least the first parameter necessary after the copy command.
Please note that additional parameters may appear after the first one, depending on the next
parameter that you enter.
If you’re not sure how to spell a command, you can enter the first few characters and immediately
follow these characters with a ?. Typing e?, for instance, lists all the commands that begin with e
at the current mode:
Router# e?
enable erase exit
Router# e
This example shows that three commands begin with the letter e in Privilege EXEC mode.
Console Error Messages
error messages: Identifies problems with any Cisco IOS commands that are incorrectly entered
so that you can alter or correct them.
Error:-% Invalid input detected at '^' marker.
Errors certainly creep up when you enter commands. Whenever you mistype a command, the
IOS tells you that it has encountered a problem with the previously executed command. For
instance, this message indicates a CLI input error:
Router#copy running-config stertup-config
^
% Invalid input detected at '^' marker.
Router#
As you can see in this example that we have typed stert on the place of startup.
You should examine the line between the command that you typed in and the error message.
Somewhere in this line, you'll see a ^ character. This is used by the IOS to indicate that an error
exists in the command line at that spot.
Error:-% Incomplete command.
This error indicates that you have not entered all the necessary parameters for the command.
The syntax of the command is correct, but more parameters are necessary.
Router#copy running-config % Incomplete command.
Router#copy running-config ? startup-config Copy to startup
configuration tftp: Copy to current system configuration
Router#copy running-config startup-config Destination filename
[startup-config]? Building configuration... [OK]
Router#
In this case, you can use the context-sensitive help feature to help you figure out what parameter
or parameters you forgot.
Error:-% Ambiguous command: "show i"
You will see this error message if you do not type in enough characters to make a command or
parameter unique.
Router#show i
% Ambiguous command: "show i"
Router#show i?
interfaces ip ipv6
Router#show i
In this example, apparently, more than one parameter for the show command begins with the
letter i. As shown above you can use context-sensitive help to figure out what parameter to use.
% Unknown command or computer name, or unable to find computer address
If you enter a command that the IOS does not understand, you'll see this error message. If you
see this, use the context-sensitive help to figure out the correct command to enter.
Administration of cisco devices backup of IOS
In this article I will demonstrate that how can you perform basic administrative task on Cisco
devices.
Back Up and Restore IOS
You can use TFTP, FTP, or RCP to transfer an IOS image to or from a server. Only tftp server is
covered in CCNA exam so we will cover it. TFTP is the trivial file transfer protocol. Unlike FTP,
there are no means of authenticating with a username or password or navigating directories.
To back up your IOS, you will use the copy command from within privileged EXEC mode. The
syntax of this command iscopy <from> <to>. Thus, if you want to copy an IOS from your IOS to
a TFTP server, the syntax would be copy tftp flash. After executing this command, you will be
prompted with a number of questions asking for such things as the IOS filename and IP address
of the TFTP server.
To restore or upgrade your IOS from a TFTP server to a router, the syntax would be copy tftp
flash.
Remember the following troubleshooting steps if you are having difficulties using TFTP:
 Verify that the TFTP server is running.
 Verify cable configurations. You should use a crossover cable between a router and a server
or, if you have a switch, use a straight-through cable from the router to the switch and from
the switch to the server.
 Verify that your router is on the same subnet as your TFTP server.
 If you are using a Linux TFTP server, make sure that you first use the touch command to
create a zero-byte file with the name of the IOS image; otherwise, the file will not copy to the
TFTP server.
Being a Cisco Associate you should be able to take back and restore of networks critical
resources. Cisco devices use Tftp server for this purpose. In real life you should keep daily back
up of Cisco IOS and running configuration. In lab we can do the same practical on packet tracker.
Step by Step Guide to Back up and Restore of Network Devices
Download
this
topology
and
load
it
in
packet
tracer
Download topology
As you can see in diagram we have a TFTP server connected with router from cross cable. A pc
is connected with router from console cable. IP address on Server is 10.0.0.2 and 10.0.0.1 on
routers fast Ethernet port 0/0 is already configured.
Now your task is to take the back of running configuration on tftp server. So we can
retrieve it in any situations.
Double click on pc0 click on Desktop tab select terminal click on terminal configuration ( Do not
change default setting). Click on ok This will emulate Router on screen
Now Follow these steps
R1>enable
R1#copy running-config tftp:
Address or name of remote host []? 10.0.0.2
Destination filename [R1-confg]?
.!!
[OK - 359 bytes]
359 bytes copied in 3.078 secs (0 bytes/sec)
R1#
Now we have taken the backup of running configuration. To verify it click on Server and
select config tab and click onTFTP and scroll down. At the end of window you can see the
backup files.
As you can see in image we have successfully taken the backup. Now open again terminal in
PC0 and remove the startup configuration. And reload the router.
R1>enable
R1#erase startup-config
Erasing the nvram filesystem will remove all configuration files!
Continue? [confirm]
[OK]
Erase of nvram: complete
%SYS-7-NV_BLOCK_INIT: Initialized the geometry of nvram
R1#reload
Proceed with reload? [confirm]
Now router will restart and as we have already discussed in our pervious article Booting process
of Cisco devices, that router load its running configuration from NARAM. And we have deleted the
contain for NAVRAM (Startup-configuration) so it will launch default startup program. Write No
and press enter.
Now you will see default router prompt. We have to do some basic setting before connecting the
TFTP Server.
Router>enable
Router#configure terminal
Router(config)#interface fastethernet 0/0
Router(config-if)#ip address 10.0.0.1 255.0.0.0
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#exit
Router#
we have done the essential configuration to connect the tftp server. Now restore the configuration
back to router
Router#copy tftp running-config
Address or name of remote host []? 10.0.0.2
Source filename []? R1-confg
Destination filename [running-config]?
Loading R1-confg from 10.0.0.2: !
[OK - 359 bytes]
359 bytes copied in 0.032 secs (11218 bytes/sec)
R1#
At this point the configuration is in RAM so you will lost it on reboot so copy it in NVRAM.
R1#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]
R1#
Step by step guide on How to update IOS
Being a CCNA certified associate you should also be capable to update the IOS of Cisco devices.
This process include the serious risk of getting defective of device. So don’t do it on live device
until you became perfect on simulator.
Download this topology and load it in packet tracer
Download topology
IP and other setting is already configured on Server and Router. We have new IOS stored on
TFTP Server. Double click on pc0 click on Desktop tab select terminal click on terminal
configuration ( Do not change default setting). This will emulate Router on screen.
First step toward the updating of IOS is to check the available space in flash
wR1>enable
R1#sh flash
System flash directory:
File Length
Name/status
1
33591768 c1841-advipservicesk9-mz.124-15.T1.bin
[33591768 bytes used, 30424616 available, 64016384 total]
63488K bytes of processor board System flash (Read/Write)
R1#
As you can see in output we have 30424616 bytes free available. We can download new IOS in
flash from TFTP Server. To load new IOS
R1#copy tftp flash
Address or name of remote host []? 10.0.0.2
Source filename []? c1841-ipbasek9-mz.124-12.bin
Destination filename [c1841-ipbasek9-mz.124-12.bin]?
.
Loading c1841-ipbasek9-mz.124-12.bin from 10.0.0.2: !!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 16599160 bytes]
16599160 bytes copied in 5.989 secs (620180 bytes/sec)
As you can see in output we have downloaded new IOS now we can remove old IOS
R1#delete flash:c1841-advipservicesk9-mz.124-15.T1.bin
Delete filename [c1841-advipservicesk9-mz.124-15.T1.bin]?
Delete flash:/c1841-advipservicesk9-mz.124-15.T1.bin? [confirm]
R1#show flash
System flash directory:
File Length
Name/status
2
16599160 c1841-ipbasek9-mz.124-12.bin
[16599160 bytes used, 47417224 available, 64016384 total]
63488K bytes of processor board System flash (Read/Write)
R1#
Now restart the router to take effect of new IOS
R1#reload
Proceed with reload? [confirm]
%SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload
Command.
System Bootstrap, Version 12.3(8r)T8, RELEASE SOFTWARE (fc1)
Cisco 1841 (revision 5.0) with 114688K/16384K bytes of memory.
Self decompressing the image :
################################################################# [OK]
Restricted Rights Legend
Cisco IOS Software, 1841 Software (C1841-IPBASEK9-M), Version 12.4(12),
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Mon 15-May-06 14:54 by pt_team
Image text-base: 0x600790EC, data-base: 0x61480000
Cisco IOS Software, 1841 Software (C1841-IPBASEK9-M), Version 12.4(12),
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Mon 15-May-06 14:54 by pt_team
--- System Configuration Dialog --Continue with configuration dialog? [yes/no]: no
Press RETURN to get started!
Router>
As you can see in output router is booted from new IOS. As new IOS is loaded so all previous
configuration will also be removed load it again from TFTP Server and save it to NVRAM.
Other Useful administrative commands
no ip domain-lookup
Router(config)#no ip domain-lookup
Ever type in a command incorrectly and are left having to wait for a minute or two as the router
tries to translate your command to a domain server of 255.255.255.255? The router is set by
default to try to resolve any word that is not a command to a Domain Name System (DNS) server
at address 255.255.255.255. If you are not going to set up DNS, turn off this feature to save you
time as you type, especially if you are not good in typing.
logging synchronous
Router(config)#line console 0 Router(config-line)#logging synchronous
Router(config-line)#exit Router(config)#
Some time it happens that you are typing a command and an informational line appears in the
middle of what you were typing? Lose your place? Do not know where you are in the command,
so you just press R and start all over? The logging synchronous command tells the router that if
any informational items get displayed on the screen, your prompt and command line should be
moved to a new line, so as not to confuse you. The informational line does not get inserted into
the middle of the command you are trying to type. If you were to continue typing, the command
would execute properly, even though it looks wrong on the screen.
exec-timeout
Router(config)#line console 0 Router(config-line)#exec-timeout 0 0
Router(config-line)#
The command exec-timeout 0 0 is great for a lab environment because the console never logs
out. This is considered to be bad security and is dangerous in the real world. The default for the
exec-timeout command is 10 minutes and zero (0) seconds (exec-timeout 10 0).
erase startup-config
Router#erase startup-config
Some time you want to reconfigure the router. Or want to sell the old one. In such a scenario you
would like to erase the start up configuration. The running configuration is still in dynamic
memory. Reload the router to clear the running configuration.
do Command
Router(config)#do show running-config
The do command is useful when you want to execute EXEC commands, such as show, clear, or
debug, while remaining in global configuration mode or in any configuration submode. You cannot
use the do command to execute the configure terminal command because it is the configure
terminal command that changes the mode to global configuration mode
Summary of Useful commands for administrations
Router(config)#boot system flash
imagename
Loads the Cisco IOS Software with image-name
Router(config)#boot system tftp imagename 172.16.10.3
Loads the Cisco IOS Software with image-name from a TFTP
server
Router(config)#boot system rom
Loads the Cisco IOS Software from ROM.
Router(config)#exit
exit from global configurations
Router#copy running-config startupconfig
Saves the running configuration to NVRAM. The router will execute
commands in their order on the next reload.
Router#copy running-config startupconfig
Saves the running configuration from DRAM to NVRAM (locally).
Router#copy running-config tftp
Copies the running configuration to the remote TFTP server
Address or name of remote host[ ]?
192.168.1.20
The IP address of the TFTP server. Press Enter key
Destination Filename [Router-confg]?
The name to use for the file saved on the TFTP server Press Enter
key
!!!!!!!!!!!!!!!
Each bang symbol (!) = 1 datagram of data.
624 bytes copied in 7.05 secs
Router#
File has been transferred successfully
Router#copy tftp running-config
Copies the configuration file from the TFTP server to DRAM.
Address or name of remote host[ ]?
192.168.119.20
The IP address of the TFTP server.
Source filename [ ]?Router-confg
Enter the name of the file you want to retrieve
Destination filename [running-config]?
Press Enter key
Router#
File has been transferred successfully.
Router#copy flash tftp
Backup of flash to tftp
Router#copy tftp flash
Restore flash from tftp server
How to configure SDM Security Device Manager
SDM is a web-based application, implemented with Java that manages the basic administration
and security features on a Cisco router. SDM is installed in the router’s flash memory and is
remotely accessed from an administrator’s desktop using a web browser with Java and Secure
Sockets Layer (SSL) (HTTPS). Originally, Cisco developed SDM for small office/home office
(SOHO) networks, where the administrator performing the configuration is probably not familiar
with Cisco's CLI.
SDM was designed by Cisco to allow you to perform basic administration functions and to
manage the security features of your router. SDM cannot perform all functions that can be
performed from the CLI, such as the configuration of complex QoS policies or the Border
Gateway Protocol (BGP) routing protocol, to name a couple. Nor are all interface types supported
within SDM, such as ISDN and dialup. However, for the features and interface types not
supported, you can still configure these from the CLI of the router.Likewise, most troubleshooting
tasks are still done from the CLI with show and debug commands.
PC Requirements
 Operating System Xp, Vista, Server 2000, ( not Advance server), Server2003
 Internet browser Internet Explorer higher then 5.6, Mozilla firefox
 Java installed. Minimally you'll need version 1.4.2(08) of Sun's Java Runtime Environment
(JRE).
 Minimum screen resolution of 1024x768.
 (a resolution lower than this will not allow you to view the entire Java-based screen).
 On your router, you'll minimally need IOS version 12.2 for SDM to function; and depending
 on the version of SDM, you will need between 5MB and 8MB of available flash on your
router.
The default user account and passwords in the sdmconfig-xxxx.cfg file included with SDM are
sdm and sdm—don't use these! Change them before copying and pasting the configuration from
the sdmconfig file into the router. Everyone knows these passwords, and these are the first
passwords an attacker will guess to break into the router.
SDM Security Device Manager File Descriptions
Filename
Description
common.tar
Support file for SDM
securedesktop-ios-xxxxk9.pkg
Cisco Secure Desktop (CSD) client software for the SSL VPN client, where xxxx
sslclient-win-xxxx.pkg
represents the version number of CSD
SSL VPN Client (SVC) tunneling software, where xxxx represents the version of
SVC
es.tar
Application file for SDM
home.shtml
Support HTML file for SDM
home.tar
sdmconfig-xxxx.cfg
Support file for SDM
Default router configuration with commands necessary to access SDM, where
xxxx represents the model number of the router
wlanui.tar
Wireless application setup program for a radio module installed in the router
sdm.tar
SDM application file
xxxx.sdf
IPS signature files (some common names are attack-drop.sdf, 128MB.sdf,
256MB.sdf, and sdmips.sdf)
Necessary Router Configuration
Step 1 Enable the HTTP and HTTPS servers on your router by entering the following commands
in global configuration mode:
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# ip http server
Router(config)# ip http secure-server
Router(config)# ip http authentication local
Router(config)# ip http timeout-policy idle 600 life 86400 requests
10000
Step 2 Create a user account defined with privilege level 15 (enable privileges). Enter the
following command in global configuration mode, replacing username and password with the
strings that you want to use:
Router(config)# username username privilege 15 secret 0 password
For example, if you chose the username admin and the password vinita, you would enter the
following:
Router(config)# username admin privilege 15 secret 0 vinita
You will use this username and password to log in to Cisco SDM.
Step 3 Configure SSH and Telnet for local login and privilege level 15. Use the following
commands:
Router(config)# line vty 0 4
Router(config-line)# privilege level 15
Router(config-line)# login local
Router(config-line)# transport input telnet ssh
Router(config-line)# exit
Step 4 Assign ip address to Fast Ethernet port. This will be used to access this router
Router(config)#interface fastethernet 0/0
Router(config-if)#ip address 192.168.1.1 255.255.255.0
Router(config-if)#no shutdown
Accessing SDM
Cisco SDM is stored in the router flash memory. It is invoked by executing an HTML file in the
router archive, which then loads the signed Cisco SDM Java file. To launch Cisco SDM, complete
the following steps:
Step 1 From your browser, enter the following URL:
https://<router IP address>
In our example it would be
https://192.168.1.1
The https:// designation specifies that SSL protocol be used for a secure connection. The http://
designation can be used if SSL is not available.
Step 2 The Cisco SDM home page will appear in the browser window. The username and
password dialog box will appear. The type and shape of the dialog box will depend on the type of
browser that you are using. Enter the username and password for the privileged (privilege level
15) account on your router. The Cisco SDM Java applet will begin loading to your PC's web
browser.
Step 3 Cisco SDM is a signed Java applet. This can cause your browser to display a security
warning. Accept the certificate. Cisco SDM displays the Launch page.
Download