NetworkClue.com
NetworkClue Home PageHome Contact UsContact ConsultingConsult
Bulletin Board
Internet Services covers Secrets to hosting websites, Hosting your own web server, and using DNS Servers.Operating Systems leads you through the decision of Linux vs. Windows, ideal installations and setups to create an efficient and redundant environment for your business, and great features to make management easier.Routing & Firewalls contains articles that will allow you to take control of your router. Learn how to protect your company with access lists and advanced firewall techniques.Hardware answers the common questions about Switches vs. Hubs, recommends SysAdmin Tools, and recommendations for adequate power protection.Utilities will cover fighting spam, using Anti-Virus programs effectively and the must haves for every administrator's software toolbox.

Firewalls
Cisco
-Cisco IOS
-Cisco Access Lists
-Applying ACLs
-Editing ACLs
-Advanced ACLs
-Compression
Network Equipment
TCP/IP
Bulletin Board

Cisco IOS

By Joshua Erdman
Digital Foundation, inc.

Most Cisco routers run on an operating system referred to as IOS. This is a text based commandline interface that allows you to type in the various commands and set device parameters. This article will be focusing on using the IOS to help shorten your learning curve.

Getting help

In any mode of IOS (see below) you can query for help. Just by entering a ? by itself, a list of available commands will be displayed corresponding to the mode you are currently in. You can also query for options of a specific command by typing in the command and then following it with a space and then adding a questionmark. For example:

enable
access-list ?

First we got into enabled mode (The enable comand gies you the privileges needed to view security sensitive settings - see below: The modes of IOS) then the next line instructs the IOS to display all the options for the access-list command. Notice the space between the command and the '?'.

Another helpful thing for you newbies, is if you are given a bunch of shorthand commands and you want to know what the full command is, just type the shorthand given and then immediately follow the command with a ? (no space between!). For example:

sho?

displays all the commands starting with 'sho'. There is only one however, it is 'show'. Below I will discuss shorthand in detail.

Clue: Typing in the question mark all by itself will show every command available in the current mode that you are in.

IOS shorthand

Like a DOS or Linux commandline it is all text based. But unlike either, a simple type of shorthand can be used when entering commands. This is very nice for the experienced user, but for the newbie, things get very confusing. In detail, you only have to type enough of the command for it to be unique from all the other commands. For example:

show running-config
sho run

These are the same command to display the current running configuration of the router. Many times when someone tries to help you out by giving you commands they tend to be in shorthand.

en
conf t
int ser0/0
shut

This is all shorthand:
'en' - Enable (see below)
'conf t' - configure terminal
'int ser0/0' - interface serial0/0
'shut' - shutdown

The modes of IOS

IOS has many different modes, the main ones being user exec and privileged mode. Both usually require authentication to enter. So when you initially telnet into your router you are in basic mode. This allows you to do very few commands, such as ping, telnet to another host, and get statistical information. Access to all configurations are off limits, even for viewing.

User Exec Mode

When you first log in, you are already at user exec mode. You can also tell because you are given the ">" prompt.

Privileged Exec Mode

Privileged Exec Mode is simply the administration mode for the router. This mode by itself allows you to view router settings that are considered private. To get into the privileged exec mode you must use the enable command.

Clue: People with a clue would type 'en' to enter privileged exec mode.

The Privileged exec mode is given the "#" prompt. A few of the common commands are listed below:

  • show access-list - displays all access lists and the number of matches each line has recieved since the access list was applied.
  • show interface - displayes the mani configurations of all interfaces.
  • show interface summary - (IOS version 12.0 and newer) Displays a quick summary of all interfaces.

Privileged mode has a a few sub modes as well such as global configuration mode, interface configuration mode, and routing configuration mode, which are described below. You can think of the different modes as a tree that give you more access and more specific configurations as you traverse down the branches.

                User Exec Mode
                      |
              Privleged Mode (en)
                      |
         Global Configuration (conf t)
            |                     |
      Interface (int ...)     Routing (route..)

Global Configuration Mode

Now that your router is enabled (or in privileged mode), you can enter the configuration mode which allows you to make changes to the router settings that are currently in memory.

The configuration that is currently in memory is referred to as the the running configuration.

Common tasks from this mode are: create access-lists, change passwords, shutdown interfaces, set DNS Server, configure logging, and enter default routes. This mode is displayed by the "(config)#" prompt.

To enter configuration mode for you to manually enter commands type:

conf t

There are other configuration modes as well that allow you to configure the router by loading a configuration file via TFTP (configure network) or a configuration that is already stored on the router (configure memory). To view these modes from the privileged mode, just type:

conf ?

Interface and Route Configuration Modes

These modes are entered by already being in global configuration mode (see the diagram above) and then entering:

int ser0/0 - interface mode for serial card 0 port0
int eth 0/0 - interface mode for ethernet card 0 port 0
router (route protocol) - To enter into a router protocol configuration

Running-Config vs. Startup-Config

The router keeps two different sets of configurations. When you first turn it on the router loads the startup configuration into memory. Now that it is loaded it is now called the running configuration, the startup configuration is the original copy.

When you make a change, it happens on the fly and is applied to the running configuration. Suppose you totally screw up and cannot even telnet to the router anymore, just unplug it and plug it back in and it will boot up off the startup configuration again.

This is a good feature in this case, but what if you made a bunch of changes, forgot to update the startup configuration and then the power goes out? You guessed it, all your work is lost. So keep in mind what you are doing and keep track of when you want to save.

Saving the running configuration is easily done with the command:

copy running-config startup-config
  copy run start

And of course if you ever screw anything up but still have access to the router, you can always copy the startup configuration to the running configuration. And you do not even have to reboot.

Article last reviewed: 06/07/2004


del.icio.us

Created by: Digital Foundation, inc.

Copyright © 2002-2005 Digital Foundation, inc.   www.networkclue.com

All content of the NetworkClue website is copyrighted. Articles, notes, outlines, and all other materials may not be stored on the Internet or sold or placed by themselves or with other material in any electronic or printed format in whole or part. However materials may be referenced by links to the site.

 

Related Articles:
Access Control Lists
Applying ACLs
Firewalls

 

Advertise Here