CISCO DEVICES ADMINISTRATION AND CONFIGURATION The CCNA exam does not test your product-specific knowledge. So you are not expected to know what feature cards are available for a Layer 3 series switch, but you do need to understand the differences between a router and a switch, and you need to understand how their configuration requirements vary. This section introduces you to Cisco equipment. In this section you will learn how to connect to it and make initial configurations, as well as how to connect it to other devices to build a network. You will review the different types of network connections available, with particular emphasis on those that are tested in the CCNA exams. You will also look at where a Cisco device stores the various files it needs to operate, the files needed for the boot process, and the backup and restoration of system files For our purposes, we use a Catalyst 2960 or 3560 switch and a 1600, 1700, or 2600 series router as example devices. Most of the commands you learn in this section also apply to more advanced models. Cisco devices are very costly. For exam preparation you could use simulators. Several simulators are available choose one that best suites you. We would packet tracer for configuration. Download Free Packet Tracer How To use packet tracer Packet tracer is tiny software developed by Cisco System. With packet tracer you can do entire practical of CCNA. Beside packet tracer there are lot of simulator software are available on internet. But most of them will cost you around 150$. In this article from our free CCNA study guide series we will guide you that how can you install packet tracer. Packet Tracer offers a broad range of opportunities for instructors to demonstrate networking concepts. Although Packet Tracer is not a substitute for real equipment, it allows students to practice using a model of the Cisco Internet work Operating System (IOS) command line interface and provides visual, drag-and-drop problem solving using virtual networking devices. This handson capability is a fundamental component of learning how to config¬ure routers and switches from the command line. Students can see how to configure and connect networking hardware while confirming systems design. Instructors can create their own self-evaluated activities that present immediate feedback to students on their proficiency in completing assignments. Download packet tracer Packet Tracer Do right click and select extract here. Double click on setup file to invoke installation On welcome screen press next On license agreement screen select I accept and click next Now select destination path where you want to install it On select start menu screen press next On select additional task screen click next Press next on ready to install screen Now packet tracer will copy necessary file on hard disk Click on finish to complete packet tracer setup Now we have successfully installed packet tracer. In our next articles we would use this to do CCNA practice. How to connect with cisco devices In this lab scenario I will demonstrate that how can you connect with a Cisco router. To connect physical Cisco device you need a console cable. Attach cable to com port on computer and other end to console port of Cisco devices. Console Port When you first obtain a new Cisco device, it won't be configured. That is to say, it will not do any of the customized functions you might need; it does not have any IP addresses, and it is generally not going to do what you paid for. Routers need basic configuration to function on a network. The console port is used for local management connections. This means that you must be able to physically reach the console port with a cable that is typically about six feet long. The console port looks exactly like an Ethernet port. Once you have proper console cable follow this path Now on computer click on stat button ==> program = = > accessories == > communications == > hyper terminal == > location information == > cancel == > Confirm cancel == > yes == > hyper terminal == > OK Connection Descriptions == > Vinita == > OK == > location information == > confirm cancel == > yes == > hyper terminal == > connect to == > OK == > Port Settings == > Do setting as Given Below and press OK. If you still have problem in configuring hyper terminal or you do not have hyper terminal options in accessories you can use this tiny software. With this software you can connect with any devices that support Telnet, SSH, Rlogin, console connections. This is ready to use software. Download it and execute it. Select Serial sub key from Session main key and rest it will do automatically. Download Putty How to connect with router in Boson Simulator. If you use Boson simulator for CCNA practical then select erouter from tools menu and select router from available list. ( Device only be available when any topology will be loaded in simulator. Use Boson Network designer to create topology.) How to connect with router in packet tracer. First create a desire topology by dragging devices to workspace. Once you have created topology configurations in packet tracer is straight forward. To Configure any device double click on it and select CLI. javascript:void(0); Device A Cable Device B Router's serial port Cisco serial DCE/DTE cables Router's serial port Router's Ethernet port Crossover Router's Ethernet port Router's Ethernet port Straight-through Switch port Router's Ethernet port Crossover Computer NIC Console of router/switch Rollover Computer COM port Switch port Crossover Switch port Computer NIC Crossover Computer NIC Computer NIC Straight-through Switch port Advantages of IOS internetwork operating system Connectivity The IOS supports a variety of data link layer technologies for the LAN and WAN environments, including copper and fiber wiring as well as wireless. Scalability The IOS supports both fixed and modular chassis platforms, enabling you to purchase the appropriate hardware for your needs, yet still allowing you to leverage the same IOS CLI to reduce your management costs. Reliability To ensure that your critical resources are always reachable, Cisco has developed many products and IOS features to provide network redundancy. Security With the IOS, you can strictly control access to your network and networking devices in accordance with your internal security policies. Naming Conventions for IOS Images c1841-advipservicesk9-mz.124-6.T7.bin ( this name is used to expalation) c1841 The c1841 refers to the name of the platform on which the image will run. This is important because different router models have different processors, and an image compiled for one processor or router model will typically not run on a different model. advipservicesk9 The advipservicesk9 refers to the features included in this IOS version, commonly referred to as the feature set. In this example, the IOS is the advanced IP services and the k9 refers to the inclusion of encryption support. mz or z The mz or z means that the image is compressed and must be uncompressed before loading/running. If you see l (the letter l, not the number 1) here, this indicates where the IOS image is run from. The l indicates a relocatable image and that the image can be run from RAM. Remember that some images can run directly from flash, depending on the router model. 124-6.T7 The 124-6.T7 indicates the software version number of the IOS. In this instance, the version is 12.4(6)T7. Images names with T indicate new features, and without the T the mainline (only bug fixes are made to it). .bin The .bin at the end indicates that this is a binary image. An IOS filename is broken down into four parts: Platform Feature set Run location and compression Version Memory Locations Code Location F Image runs in flash M Image runs in Random Access Memory (RAM) R Image runs in Read Only Memory (ROM) L Image will be relocated at runtime Compression Identifiers Code Compression Z Image is Zip compressed X Image is Mzip compressed W Image is Stac compressed Connections Cisco's networking products support two types of external connections: ports (referred to as lines) and interfaces. Out-of-band management (which you do by console ports) does not affect the bandwidth flowing through your network, while in-band management(which is doen by interface) does Console Port Almost every Cisco product has a console port. This port is used to establish an out of- band connection in order to access the CLI to manage your Cisco device. Most console connections to Cisco devices require an RJ-45 rollover cable and an RJ-45-to-DB9 terminal adapter. The rollover cable pins are reversed on the two sides. Com port setting Speed 9600 bps Data bits 8 Stop bits 1 Parity & Flow Control None Cabling Devices A straight-through cable is used for DTE-to-DCE connections. A hub to a router, PC, or file server A switch to a router, PC, or file server Crossover cables should by used when you connect a DTE to another DTE or a DCE to another DCE. A hub to another hub A switch to another switch A hub to a switch A PC, router, or file server to another PC, router, or file server Cisco ios router switch nomenclature classification detail Interface of Router Console The console port is used for local management connections. This means that you must be able to physically reach the console port with a cable. The console port looks exactly like an Ethernet port. It uses the same connector , but it has different wiring and is often identified with a light blue label "CONSOLE." Aux Port The AUX port is really just another console port that is intended for use with a modem, so you can remotely connect and administer the device by phoning it. However using aux port for configuration create some security issues, so make sure that you get advice on addressing those before setting this up. Ethernet Port An Ethernet port (which might be a FastEthernet or even a GigabitEthernet port, depending on your router model) is intended to connect to the LAN. Some routers have more than one Ethernet or FastEthernet port; it really depends on what you need and of course what you purchase. The Ethernet port usually connects to the LAN switch with a straight-through cable. Serial Port A Cisco serial port is a proprietary design, a 60-pin D-sub. This connector can be configured for almost any kind of serial communication. You need a cable that has the Cisco connector on one end and the appropriate type of connector for the service you want to connect to on the other. Other Connections Your router may have some other port like T1 controller for wan services. Or you could have bri and pri port. But none of these ports are tested in CCNA exam so you need to concern about these ports. Switch Interface Nomenclature The Catalyst 2950 and 2960 switches support only fixed interfaces, while some of Cisco's higher end switches, such as the 6500s, support modular slots with interface cards. The nomenclature of an interface is type slot_#/port_#. The type of interface is the media type, such as ethernet, fastethernet, or gigabit. Following this is the slot number. For all fixed interfaces on a Cisco switch, the slot number is always 0. The port number is the number of the port in the specified slot. Unlike Cisco router ports, switch port numbers start at 1 and work their way up. For instance, on a 2960, the very first port is fastethernet 0/1, the second port is fastethernet 0/2, and so on. Some 2960 switches support Gigabit Ethernet interfaces, so the nomenclature for the interface would look like this: gigabitethernet 0/1. Router Interface Nomenclature When referring to fixed interfaces, the interface numbers always begin with 0 (not 1, like the switches) and work their way up within a particular interface type. For routers that have only fixed interfaces, the interface nomenclature is type port_#. For example, if a router has two fixed Ethernet interfaces and two fixed serial interfaces, they would be called ethernet 0and ethernet 1 and serial 0 and serial 1. The port numbers begin at 0 within each interface type. Through use of an interface type and a number, each of the interfaces can be uniquely identified. However, if a router has modular slots, where you can insert interface cards into these slots, the interface nomenclature is like the Catalyst switches: type slot_#/ port_#. Each slot has a unique slot number beginning with 0, and within each slot, the ports begin at 0 and work their way up. For example, if you had a modular router with two slots, the first slot would be 0 and the second 1. If the first slot had four Ethernet interfaces, the interface numbers would be 0– 3 and if ond slot had two Ethernet interfaces, the interface numbers would be 0 and 1. Example of a four-port serial module in the third slot of a 3640 router: serial 2/0, serial 2/1, serial 2/2, and serial 2/3. Some examples of routers with modular interfaces: 2600, 3600, 3700, 7000, 7200, and 7500. The exception to this is the 1600 and 1700 routers; even though they are modular, you don’t configure any slot number when specifying a particular interface Cisco ios mode User privilege Global configuration CLI Access Modes Each Cisco device on CLI interface supports three access modes User EXEC Provides basic access to the IOS with limited command availability (basically simple monitoring and troubleshooting commands) Privilege EXEC Provides high-level management access to the IOS, including all commands available at User EXEC mode Configuration Allows configuration changes to be made to the device User EXEC Mode Your initial access to the CLI is via the User EXEC mode, which has only a limited number of IOS commands you can execute. Depending on the Cisco device’s configuration, you might be prompted for a password to access this mode. This mode is typically used for basic troubleshooting of networking problems. You can tell that you are in User EXEC mode by examining the prompt on the left side of the screen: Router> If you see a > character at the end of the information, you know that you are in User EXEC mode. The information preceding the > is the name of the Cisco device. For instance, the default name of all Cisco routers is Router, whereas the 2960 switch’s User EXEC prompt looks like this: Switch>. These device names can be changed with the hostname command. Privilege EXEC Mode Once you have gained access to User EXEC mode, you can use the enable command to access Privilege EXEC mode: Router> enable Router# Once you enter the enable command, if a Privilege EXEC password has been configured on the Cisco device, you will be prompted for it. Upon successfully authenticating, you will be in Privilege EXEC mode. You can tell that you are in this mode by examining the CLI prompt. In the preceding code example, notice that the > changed to a #. When you are in Privilege EXEC mode, you have access to all of the User EXEC commands as well as many more advanced management and troubleshooting commands. These commands include extended ping and trace abilities, managing configuration files and IOS images, and detailed troubleshooting using debug commands. About the only thing that you can’t do from this mode is change the configuration of the Cisco device—this can be done only from Configuration mode. If you wish to return to User EXEC mode from Privilege EXEC mode, use the exit command: Router# exit Router> Again, by examining the prompt, you can tell that you are now in User EXEC mode. Configuration Modes of Cisco IOS Software From privileged EXEC mode, you can enter global configuration mode using the configure terminal command. From global configuration mode, you can access specific configuration modes, which include, but are not limited to, the following: Interface: Supports commands that configure operations on a per-interface basis Subinterface: Supports commands that configure multiple virtual interfaces on a single physical interface Controller: Supports commands that configure controllers (for example, E1 and T1 controllers) Line: Supports commands that configure the operation of a terminal line (for example, the console or the vty ports) Router: Supports commands that configure an IP routing protocol If you enter the exit command, the router backs out one level, eventually logging out. In general, you enter the exit command from one of the specific configuration modes to return to global configuration mode. Press Ctrl+Z or enter end to leave configuration mode completely and return to the privileged EXEC mode. Commands that affect the entire device are called global commands. The hostname and enable password commands are examples of global commands. Commands that point to or indicate a process or interface that will be configured are called major commands. When entered, major commands cause the CLI to enter a specific configuration mode. Major commands have no effect unless you immediately enter a subcommand that supplies the configuration entry. For example, the major command interface serial 0 has no effect unless you follow it with a subcommand that tells what is to be done to that interface. Router Modes Router> User mode Router# Privileged mode (also known as EXEC-level mode) Router(config)# Global configuration mode Router(config-if)# Interface mode Router(config-subif)# Subinterface mode Router(config-line)# Line mode Router(config-router)# Router configuration mode Cisco devices hardware component and booting process ROM ROM contains the necessary firmware to boot up your router and typically has the following four components: POST (power-on self-test) Performs tests on the router's hardware components. Bootstrap program Brings the router up and determines how the IOS image and configuration files will be found and loaded. ROM Monitor (ROMMON mode) A mini–operating system that allows you to perform lowlevel testing and troubleshooting, the password recovery procedure, Mini-IOS A stripped-down version of the IOS that contains only IP code. This should be used in emergency situations where the IOS image in flash can't be found and you want to boot up your router and load in another IOS image. This stripped-down IOS is referred to as RXBOOT mode. RAM RAM is like the memory in your PC. On a router, it (in most cases) contains the running IOS image; the active configuration file; any tables (including routing, ARP, CDP neighbor, and other tables); and internal buffers for temporarily storing information, such as interface input and output buffers. The IOS is responsible for managing memory. When you turn off your router, everything in RAM is erased. Flash Flash is a form of nonvolatile memory in that when you turn the router off, the information stored in flash is not lost. Routers store their IOS image in flash, but other information can also be stored here. Note that some lower-end Cisco routers actually run the IOS directly from flash (not RAM). Flash is slower than RAM, a fact that can create performance issues. NVRAM NVRAM is like flash in that its contents are not erased when you turn off your router. It is slightly different, though, in that it uses a battery to maintain the information when the Cisco device is turned off. Routers use NVRAM to store their configuration files. In newer versions of the IOS, you can store more than one configuration file here. Router Boot up Process A router typically goes through five steps when booting up: The router loads and runs POST (located in ROM), testing its hardware components, including memory and interfaces. The bootstrap program is loaded and executed. The bootstrap program finds and loads an IOS image: Possible locations: - flash, a TFTP server, or the Mini-IOS in ROM. Once the IOS is loaded, the IOS attempts to find and load a configuration file, stored in NVRAM After the configuration is loaded, you are presented with the CLI interface. you are placed into is User EXEC mode. Setup Mode Cisco devices include a feature called Setup mode to help you make a basic initial configuration. Setup mode will run only if there is no configuration file in NVRAM—either because the router is brand-new, or because it has been erased. Setup mode will ask you a series of questions and apply the configuration to the device based on your answers. You can abort Setup mode by typing CTRL+C or by saying "no" either when asked if you want to enter the initial configuration dialog or when asked if you want to save the configuration at the end of the question. Configuration register The configuration register is a special register in the router that determines many of its boot up and running options, including how the router finds the IOS image and its configuration file. The configuration register is a four-character hexadecimal value that can be changed to manipulate how the router behaves at bootup. The default value is 0x2102. The characters "0x" indicate that the characters that follow are in hexadecimal. This makes it clear whether the value is "two thousand one hundred and two" or, as in this case, "two one zero two.hexadecimal". The fourth character in the configuration register is known as the boot field. Changing the value for this character will have the following effects: 0x2100 = Always boot to ROMMON. 0x2101 = Always boot to RXBOOT. 0x2102 through 0x210F = Load the first valid IOS in flash; values of 2 through F for the fourth character specify other IOS image files in flash. The third character in the configuration register can modify how the router loads the configuration file. The setting of 0x2142 causes the router to ignore the startup-config file in NVRAM (which is where the password is stored) and proceed without a configuration—as if the router were brand new or had its configuration erased. How to reset Router password The Password Recovery process is simple and takes less than five minutes depending on how fast your router boots Connect to the console port, start your terminal application, and power cycle the router. When you see the boot process beginning, hit the Break sequence. (This is usually Ctrl+Page Break, but it might differ for different terminal applications.) Doing this interrupts the boot process and drops the router into ROMMON. At the ROMMON prompt, enter the command confreg 0x2142 to set the configuration register to 0x2142. Restart the router by power cycling it or by issuing the command reset. When the router reloads, the configuration register setting of 0x2142 instructs the router to ignore the startup-config file in NVRAM. You will be asked if you want to go through Setup mode because the router thinks it has no startup-configuration file. Exit from Setup mode. Press Return and enable command enable to go into privileged EXEC command mode. No password is required because the startup config file was not loaded. Load the configuration manually by entering copy startup-config running-config. Go into the Global Configuration mode using the command configure terminal and change the password with the command enable password password or enable secret password. Save the new password by entering copy running-config startup-config. Go to the global config prompt, and change the configuration register back to the default setting with the commandconfig-register 0x2102. Exit back to the privileged exec prompt. Reboot the router using the reload command. You will be asked to save your changes; you can do so if you have made additional configuration changes. Reset password on 1841 System Bootstrap, Version 12.3(8r)T8, RELEASE SOFTWARE (fc1) Cisco 1841 (revision 5.0) with 114688K/16384K bytes of memory. Self decompressing the image : ################ monitor: command "boot" aborted due to user interrupt rommon 1 > confreg 0x2142 rommon 2 > reset System Bootstrap, Version 12.3(8r)T8, RELEASE SOFTWARE (fc1) Cisco 1841 (revision 5.0) with 114688K/16384K bytes of memory. Self decompressing the image : ############################################################### [OK] Cisco IOS Software, 1841 Software (C1841-ADVIPSERVICESK9-M), Version 12.4(15)T1, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2007 by Cisco Systems, Inc. Compiled Wed 18-Jul-07 04:52 by pt_team Image text-base: 0x60080608, data-base: 0x6270CD50 Cisco 1841 (revision 5.0) with 114688K/16384K bytes of memory. Processor board ID FTX0947Z18E M860 processor: part number 0, mask 49 2 FastEthernet/IEEE 802.3 interface(s) 191K bytes of NVRAM. 31360K bytes of ATA CompactFlash (Read/Write) Cisco IOS Software, 1841 Software (C1841-ADVIPSERVICESK9-M), Version 12.4(15)T1, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2007 by Cisco Systems, Inc. Compiled Wed 18-Jul-07 04:52 by pt_team --- System Configuration Dialog --Continue with configuration dialog? [yes/no]: no Press RETURN to get started! Router>enable Router#copy startup-config running-config Destination filename [running-config]? 428 bytes copied in 0.416 secs (1028 bytes/sec) Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#enable password vinita Router(config)#enable secret vinita Router(config)#config-register 0x2102 Router(config)#exit Router#copy running-config startup-config Destination filename [startup-config]? Building configuration... [OK] Router#reload Proceed with reload? [confirm] CDP Cisco Discovery Protocol example and guide Cisco Discovery Protocol (CDP) is a proprietary protocol designed by Cisco to help administrators collect information about both locally attached and remote devices. By using CDP, you can gather hardware and protocol information about neighbor devices, which is useful info for troubleshooting the network. CDP messages are generated every 60 seconds as multicast messages on each of its active interfaces. The information shared in a CDP packet about a Cisco device includes the following: Name of the device configured with the hostname command IOS software version Hardware capabilities, such as routing, switching, and/or bridging Hardware platform, such as 2600, 2950, or 1900 The layer-3 address(es) of the device The interface the CDP update was generated on CDP allows devices to share basic configuration information without even configuring any protocol specific information and is enabled by default on all interfaces. CDP is a Datalink Protocol occurring at Layer 2 of the OSI model. CDP is not routable and can only go over to directly connected devices. CDP is enabled, by default, on all Cisco devices. CDP updates are generated as multicasts every 60 seconds with a hold-down period of 180 seconds for a missing neighbor. The no cdp run command globally disables CDP, while the no cdp enable command disables CDP on an interface. Use show cdp neighbors to list out your directly connected Cisco neighboring devices. Adding the detail parameter will display the layer-3 addressing configured on the neighbor. How could CDP help you? Sanjay has just been hired as a senior network consultant at a large bank in Jaipur, Rajasthan. He is expected to be able to take care of any problem that comes up. No problem at all here—he only has to worry about people possibly not getting the right money transaction if the network goes down. Sanjay starts his job happily. Soon, of course, the network has some problems. He asks one of the junior administrators for a network map so he can troubleshoot the network. This person tells him that the old senior administrator (who just got fired) had them with him and now no one can find them. Cashiers are calling every couple of minutes because they can’t get the necessary information they need to take care of their customers. What should he do? CDP to the rescue! Thank God this bank has all Cisco routers and switches and that CDP is enabled by default on all Cisco devices. Also, luckily, the dissatisfied administrator who just got fired didn't turn off CDP on any devices before he left. All Sanjay has to do now is to use the show cdp neighbor detail command to find all the information he needs about each device to help draw out the bank network . Cisco Discovery Protocols Configuration commands Router#show cdp Displays global CDP information (such as timers) Router#show cdp neighbors Displays information about neighbors Router#show cdp neighbors detail Displays more detail about the neighbor device Router#show cdp entry word Displays information about the device named word Router#show cdp entry * Displays information about all devices Router#show cdp interface Displays information about interfaces that have CDP running Router#show cdp interface x Displays information about specific interface x running CDP Router#show cdp traffic Displays traffic information—packets in/out/version Router(config)#cdp holdtime x Changes the length of time to keep CDP packets Router(config)#cdp timer x Changes how often CDP updates are sent Router(config)#cdp run Enables CDP globally (on by default) Router(config)#no cdp run Turns off CDP globally Router(config-if)#cdp enable Enables CDP on a specific interface Router(config-if)#cdp enable Enables CDP on a specific interface Router(config-if)#no cdp enable Turns off CDP on a specific interface Router#clear cdp counters Resets traffic counters to 0 Router#clear cdp table Deletes the CDP table Router#debug cdp adjacency Monitors CDP neighbor information Router#debug cdp events Monitors all CDP events Router#debug cdp ip Monitors CDP events specifically for IP Router#debug cdp packets Monitors CDP packet-related information How to get help in router command prompt Cisco IOS Software uses several command-line input help facilities, among these contextsensitive help is the most powerful feature of cisco ios. Context-Sensitive Help One of the more powerful features of the IOS is context-sensitive help. Context sensitive help is supported at all modes within the IOS, including User EXEC, Privilege EXEC, and Configuration modes. You can use this feature in a variety of ways. If you are not sure what command you need to execute, at the prompt, type either help or ?. The Cisco device then displays a list of commands that can be executed at the level in which you are currently located, along with a brief description of each command. Here is an example from a router’s CLI at User EXEC mode: Router>? Exec commands: <1-99> Session number to resume connect Open a terminal connection disconnect Disconnect an existing network connection enable Turn on privileged commands exit Exit from the EXEC ipv6 ipv6 logout Exit from the EXEC ping Send echo messages resume Resume an active network connection show Show running system information ssh Open a secure shell client connection telnet Open a telnet connection terminal Set terminal line parameters traceroute Trace route to destination Router> If you see -- More -- at the bottom of the screen, this indicates that more help information is available than can fit on the current screen. On a Cisco device, if you press the SPACEBAR, the IOS pages down to the next screen of help information; if you press the ENTER key, help scrolls down one line at a time Any other keystroke breaks out of the help text. For more detailed help, you can follow a command or parameter with a space and a ?. This causes the CLI to list the available options or parameters that are included for the command. For instance, you could type copy followed by a space and a ? to see all of the parameters available for the copy command: Router#copy ? running-config Copy from current system configuration startup-config Copy from startup configuration tftp: Copy from tftp: file system Router#copy In this example, you can see at least the first parameter necessary after the copy command. Please note that additional parameters may appear after the first one, depending on the next parameter that you enter. If you’re not sure how to spell a command, you can enter the first few characters and immediately follow these characters with a ?. Typing e?, for instance, lists all the commands that begin with e at the current mode: Router# e? enable erase exit Router# e This example shows that three commands begin with the letter e in Privilege EXEC mode. Console Error Messages error messages: Identifies problems with any Cisco IOS commands that are incorrectly entered so that you can alter or correct them. Error:-% Invalid input detected at '^' marker. Errors certainly creep up when you enter commands. Whenever you mistype a command, the IOS tells you that it has encountered a problem with the previously executed command. For instance, this message indicates a CLI input error: Router#copy running-config stertup-config ^ % Invalid input detected at '^' marker. Router# As you can see in this example that we have typed stert on the place of startup. You should examine the line between the command that you typed in and the error message. Somewhere in this line, you'll see a ^ character. This is used by the IOS to indicate that an error exists in the command line at that spot. Error:-% Incomplete command. This error indicates that you have not entered all the necessary parameters for the command. The syntax of the command is correct, but more parameters are necessary. Router#copy running-config % Incomplete command. Router#copy running-config ? startup-config Copy to startup configuration tftp: Copy to current system configuration Router#copy running-config startup-config Destination filename [startup-config]? Building configuration... [OK] Router# In this case, you can use the context-sensitive help feature to help you figure out what parameter or parameters you forgot. Error:-% Ambiguous command: "show i" You will see this error message if you do not type in enough characters to make a command or parameter unique. Router#show i % Ambiguous command: "show i" Router#show i? interfaces ip ipv6 Router#show i In this example, apparently, more than one parameter for the show command begins with the letter i. As shown above you can use context-sensitive help to figure out what parameter to use. % Unknown command or computer name, or unable to find computer address If you enter a command that the IOS does not understand, you'll see this error message. If you see this, use the context-sensitive help to figure out the correct command to enter. Administration of cisco devices backup of IOS In this article I will demonstrate that how can you perform basic administrative task on Cisco devices. Back Up and Restore IOS You can use TFTP, FTP, or RCP to transfer an IOS image to or from a server. Only tftp server is covered in CCNA exam so we will cover it. TFTP is the trivial file transfer protocol. Unlike FTP, there are no means of authenticating with a username or password or navigating directories. To back up your IOS, you will use the copy command from within privileged EXEC mode. The syntax of this command iscopy <from> <to>. Thus, if you want to copy an IOS from your IOS to a TFTP server, the syntax would be copy tftp flash. After executing this command, you will be prompted with a number of questions asking for such things as the IOS filename and IP address of the TFTP server. To restore or upgrade your IOS from a TFTP server to a router, the syntax would be copy tftp flash. Remember the following troubleshooting steps if you are having difficulties using TFTP: Verify that the TFTP server is running. Verify cable configurations. You should use a crossover cable between a router and a server or, if you have a switch, use a straight-through cable from the router to the switch and from the switch to the server. Verify that your router is on the same subnet as your TFTP server. If you are using a Linux TFTP server, make sure that you first use the touch command to create a zero-byte file with the name of the IOS image; otherwise, the file will not copy to the TFTP server. Being a Cisco Associate you should be able to take back and restore of networks critical resources. Cisco devices use Tftp server for this purpose. In real life you should keep daily back up of Cisco IOS and running configuration. In lab we can do the same practical on packet tracker. Step by Step Guide to Back up and Restore of Network Devices Download this topology and load it in packet tracer Download topology As you can see in diagram we have a TFTP server connected with router from cross cable. A pc is connected with router from console cable. IP address on Server is 10.0.0.2 and 10.0.0.1 on routers fast Ethernet port 0/0 is already configured. Now your task is to take the back of running configuration on tftp server. So we can retrieve it in any situations. Double click on pc0 click on Desktop tab select terminal click on terminal configuration ( Do not change default setting). Click on ok This will emulate Router on screen Now Follow these steps R1>enable R1#copy running-config tftp: Address or name of remote host []? 10.0.0.2 Destination filename [R1-confg]? .!! [OK - 359 bytes] 359 bytes copied in 3.078 secs (0 bytes/sec) R1# Now we have taken the backup of running configuration. To verify it click on Server and select config tab and click onTFTP and scroll down. At the end of window you can see the backup files. As you can see in image we have successfully taken the backup. Now open again terminal in PC0 and remove the startup configuration. And reload the router. R1>enable R1#erase startup-config Erasing the nvram filesystem will remove all configuration files! Continue? [confirm] [OK] Erase of nvram: complete %SYS-7-NV_BLOCK_INIT: Initialized the geometry of nvram R1#reload Proceed with reload? [confirm] Now router will restart and as we have already discussed in our pervious article Booting process of Cisco devices, that router load its running configuration from NARAM. And we have deleted the contain for NAVRAM (Startup-configuration) so it will launch default startup program. Write No and press enter. Now you will see default router prompt. We have to do some basic setting before connecting the TFTP Server. Router>enable Router#configure terminal Router(config)#interface fastethernet 0/0 Router(config-if)#ip address 10.0.0.1 255.0.0.0 Router(config-if)#no shutdown Router(config-if)#exit Router(config)#exit Router# we have done the essential configuration to connect the tftp server. Now restore the configuration back to router Router#copy tftp running-config Address or name of remote host []? 10.0.0.2 Source filename []? R1-confg Destination filename [running-config]? Loading R1-confg from 10.0.0.2: ! [OK - 359 bytes] 359 bytes copied in 0.032 secs (11218 bytes/sec) R1# At this point the configuration is in RAM so you will lost it on reboot so copy it in NVRAM. R1#copy running-config startup-config Destination filename [startup-config]? Building configuration... [OK] R1# Step by step guide on How to update IOS Being a CCNA certified associate you should also be capable to update the IOS of Cisco devices. This process include the serious risk of getting defective of device. So don’t do it on live device until you became perfect on simulator. Download this topology and load it in packet tracer Download topology IP and other setting is already configured on Server and Router. We have new IOS stored on TFTP Server. Double click on pc0 click on Desktop tab select terminal click on terminal configuration ( Do not change default setting). This will emulate Router on screen. First step toward the updating of IOS is to check the available space in flash wR1>enable R1#sh flash System flash directory: File Length Name/status 1 33591768 c1841-advipservicesk9-mz.124-15.T1.bin [33591768 bytes used, 30424616 available, 64016384 total] 63488K bytes of processor board System flash (Read/Write) R1# As you can see in output we have 30424616 bytes free available. We can download new IOS in flash from TFTP Server. To load new IOS R1#copy tftp flash Address or name of remote host []? 10.0.0.2 Source filename []? c1841-ipbasek9-mz.124-12.bin Destination filename [c1841-ipbasek9-mz.124-12.bin]? . Loading c1841-ipbasek9-mz.124-12.bin from 10.0.0.2: !!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! [OK - 16599160 bytes] 16599160 bytes copied in 5.989 secs (620180 bytes/sec) As you can see in output we have downloaded new IOS now we can remove old IOS R1#delete flash:c1841-advipservicesk9-mz.124-15.T1.bin Delete filename [c1841-advipservicesk9-mz.124-15.T1.bin]? Delete flash:/c1841-advipservicesk9-mz.124-15.T1.bin? [confirm] R1#show flash System flash directory: File Length Name/status 2 16599160 c1841-ipbasek9-mz.124-12.bin [16599160 bytes used, 47417224 available, 64016384 total] 63488K bytes of processor board System flash (Read/Write) R1# Now restart the router to take effect of new IOS R1#reload Proceed with reload? [confirm] %SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload Command. System Bootstrap, Version 12.3(8r)T8, RELEASE SOFTWARE (fc1) Cisco 1841 (revision 5.0) with 114688K/16384K bytes of memory. Self decompressing the image : ################################################################# [OK] Restricted Rights Legend Cisco IOS Software, 1841 Software (C1841-IPBASEK9-M), Version 12.4(12), Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2006 by Cisco Systems, Inc. Compiled Mon 15-May-06 14:54 by pt_team Image text-base: 0x600790EC, data-base: 0x61480000 Cisco IOS Software, 1841 Software (C1841-IPBASEK9-M), Version 12.4(12), Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2006 by Cisco Systems, Inc. Compiled Mon 15-May-06 14:54 by pt_team --- System Configuration Dialog --Continue with configuration dialog? [yes/no]: no Press RETURN to get started! Router> As you can see in output router is booted from new IOS. As new IOS is loaded so all previous configuration will also be removed load it again from TFTP Server and save it to NVRAM. Other Useful administrative commands no ip domain-lookup Router(config)#no ip domain-lookup Ever type in a command incorrectly and are left having to wait for a minute or two as the router tries to translate your command to a domain server of 255.255.255.255? The router is set by default to try to resolve any word that is not a command to a Domain Name System (DNS) server at address 255.255.255.255. If you are not going to set up DNS, turn off this feature to save you time as you type, especially if you are not good in typing. logging synchronous Router(config)#line console 0 Router(config-line)#logging synchronous Router(config-line)#exit Router(config)# Some time it happens that you are typing a command and an informational line appears in the middle of what you were typing? Lose your place? Do not know where you are in the command, so you just press R and start all over? The logging synchronous command tells the router that if any informational items get displayed on the screen, your prompt and command line should be moved to a new line, so as not to confuse you. The informational line does not get inserted into the middle of the command you are trying to type. If you were to continue typing, the command would execute properly, even though it looks wrong on the screen. exec-timeout Router(config)#line console 0 Router(config-line)#exec-timeout 0 0 Router(config-line)# The command exec-timeout 0 0 is great for a lab environment because the console never logs out. This is considered to be bad security and is dangerous in the real world. The default for the exec-timeout command is 10 minutes and zero (0) seconds (exec-timeout 10 0). erase startup-config Router#erase startup-config Some time you want to reconfigure the router. Or want to sell the old one. In such a scenario you would like to erase the start up configuration. The running configuration is still in dynamic memory. Reload the router to clear the running configuration. do Command Router(config)#do show running-config The do command is useful when you want to execute EXEC commands, such as show, clear, or debug, while remaining in global configuration mode or in any configuration submode. You cannot use the do command to execute the configure terminal command because it is the configure terminal command that changes the mode to global configuration mode Summary of Useful commands for administrations Router(config)#boot system flash imagename Loads the Cisco IOS Software with image-name Router(config)#boot system tftp imagename 172.16.10.3 Loads the Cisco IOS Software with image-name from a TFTP server Router(config)#boot system rom Loads the Cisco IOS Software from ROM. Router(config)#exit exit from global configurations Router#copy running-config startupconfig Saves the running configuration to NVRAM. The router will execute commands in their order on the next reload. Router#copy running-config startupconfig Saves the running configuration from DRAM to NVRAM (locally). Router#copy running-config tftp Copies the running configuration to the remote TFTP server Address or name of remote host[ ]? 192.168.1.20 The IP address of the TFTP server. Press Enter key Destination Filename [Router-confg]? The name to use for the file saved on the TFTP server Press Enter key !!!!!!!!!!!!!!! Each bang symbol (!) = 1 datagram of data. 624 bytes copied in 7.05 secs Router# File has been transferred successfully Router#copy tftp running-config Copies the configuration file from the TFTP server to DRAM. Address or name of remote host[ ]? 192.168.119.20 The IP address of the TFTP server. Source filename [ ]?Router-confg Enter the name of the file you want to retrieve Destination filename [running-config]? Press Enter key Router# File has been transferred successfully. Router#copy flash tftp Backup of flash to tftp Router#copy tftp flash Restore flash from tftp server How to configure SDM Security Device Manager SDM is a web-based application, implemented with Java that manages the basic administration and security features on a Cisco router. SDM is installed in the router’s flash memory and is remotely accessed from an administrator’s desktop using a web browser with Java and Secure Sockets Layer (SSL) (HTTPS). Originally, Cisco developed SDM for small office/home office (SOHO) networks, where the administrator performing the configuration is probably not familiar with Cisco's CLI. SDM was designed by Cisco to allow you to perform basic administration functions and to manage the security features of your router. SDM cannot perform all functions that can be performed from the CLI, such as the configuration of complex QoS policies or the Border Gateway Protocol (BGP) routing protocol, to name a couple. Nor are all interface types supported within SDM, such as ISDN and dialup. However, for the features and interface types not supported, you can still configure these from the CLI of the router.Likewise, most troubleshooting tasks are still done from the CLI with show and debug commands. PC Requirements Operating System Xp, Vista, Server 2000, ( not Advance server), Server2003 Internet browser Internet Explorer higher then 5.6, Mozilla firefox Java installed. Minimally you'll need version 1.4.2(08) of Sun's Java Runtime Environment (JRE). Minimum screen resolution of 1024x768. (a resolution lower than this will not allow you to view the entire Java-based screen). On your router, you'll minimally need IOS version 12.2 for SDM to function; and depending on the version of SDM, you will need between 5MB and 8MB of available flash on your router. The default user account and passwords in the sdmconfig-xxxx.cfg file included with SDM are sdm and sdm—don't use these! Change them before copying and pasting the configuration from the sdmconfig file into the router. Everyone knows these passwords, and these are the first passwords an attacker will guess to break into the router. SDM Security Device Manager File Descriptions Filename Description common.tar Support file for SDM securedesktop-ios-xxxxk9.pkg Cisco Secure Desktop (CSD) client software for the SSL VPN client, where xxxx sslclient-win-xxxx.pkg represents the version number of CSD SSL VPN Client (SVC) tunneling software, where xxxx represents the version of SVC es.tar Application file for SDM home.shtml Support HTML file for SDM home.tar sdmconfig-xxxx.cfg Support file for SDM Default router configuration with commands necessary to access SDM, where xxxx represents the model number of the router wlanui.tar Wireless application setup program for a radio module installed in the router sdm.tar SDM application file xxxx.sdf IPS signature files (some common names are attack-drop.sdf, 128MB.sdf, 256MB.sdf, and sdmips.sdf) Necessary Router Configuration Step 1 Enable the HTTP and HTTPS servers on your router by entering the following commands in global configuration mode: Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# ip http server Router(config)# ip http secure-server Router(config)# ip http authentication local Router(config)# ip http timeout-policy idle 600 life 86400 requests 10000 Step 2 Create a user account defined with privilege level 15 (enable privileges). Enter the following command in global configuration mode, replacing username and password with the strings that you want to use: Router(config)# username username privilege 15 secret 0 password For example, if you chose the username admin and the password vinita, you would enter the following: Router(config)# username admin privilege 15 secret 0 vinita You will use this username and password to log in to Cisco SDM. Step 3 Configure SSH and Telnet for local login and privilege level 15. Use the following commands: Router(config)# line vty 0 4 Router(config-line)# privilege level 15 Router(config-line)# login local Router(config-line)# transport input telnet ssh Router(config-line)# exit Step 4 Assign ip address to Fast Ethernet port. This will be used to access this router Router(config)#interface fastethernet 0/0 Router(config-if)#ip address 192.168.1.1 255.255.255.0 Router(config-if)#no shutdown Accessing SDM Cisco SDM is stored in the router flash memory. It is invoked by executing an HTML file in the router archive, which then loads the signed Cisco SDM Java file. To launch Cisco SDM, complete the following steps: Step 1 From your browser, enter the following URL: https://<router IP address> In our example it would be https://192.168.1.1 The https:// designation specifies that SSL protocol be used for a secure connection. The http:// designation can be used if SSL is not available. Step 2 The Cisco SDM home page will appear in the browser window. The username and password dialog box will appear. The type and shape of the dialog box will depend on the type of browser that you are using. Enter the username and password for the privileged (privilege level 15) account on your router. The Cisco SDM Java applet will begin loading to your PC's web browser. Step 3 Cisco SDM is a signed Java applet. This can cause your browser to display a security warning. Accept the certificate. Cisco SDM displays the Launch page.