Contents
- 1 Cisco IOS Modes of Operation
- 2 Status, Settings, and Diagnostic Commands
- 3 Interface Configuration
- 4 Configure the RIP Routing Process
- 5 Configure the OSPF Routing Process
- 6 Configure DHCP Server
- 7 Switch: VLAN (Virtual Local Area Network)
Contents
- Cisco IOS Modes of Operation
- Cisco IOS: CLI Configuration
- Cisco IOS: Setting Passwords
- Status, Settings, and Diagnostic Commands
- Interface Configuration
- RIP Routing Protocol Configuration
- OSPF Routing Protocol Configuration
- DHCP Server on Cisco IOS Configuration
- Switch: VLAN (Virtual Local Area Network)
- Switch: Port Security
- SSH Configuration
- Show Output Modifier: Pipe |
- Troubleshooting & Verifying Networks
- Network Simulators, Emulators, and Practice Labs
- Cisco IOS Tutorials
__
Cisco IOS Modes of Operation
The Cisco IOS software provides access to several different command modes. Each command mode provides a different group of related commands.
For security purposes, the Cisco IOS software provides two levels of access to commands: user and privileged. The unprivileged user mode is called user EXEC mode. The privileged mode is called privileged EXEC mode.
The following table describes some of the most commonly used modes, the resulting prompts, and how to enter these modes. The prompt helps you identify which mode you are in and, therefore, which commands are available to you.
Mode of Operation | Prompt / Mode | How to Enter the Mode | Usage |
---|---|---|---|
User EXEC (aka unprivileged mode) | Router> | First level accessed | Change terminal settings on a temporary basis, perform basic tests, and list system information |
Privileged EXEC | Router# | From user EXEC mode, enter enable | System administration, set operating parameters |
Global Configuration | Router(config)# | From privileged EXEC, enter configure terminal | Modify configurations that affect the system as a whole |
Interface Configuration | Router(config-if)# | From global config mode, enter: interface <interface type> <slot>/<interface #> | Modify the operation of an interface. |
__
Cisco IOS: CLI Configuration
- Prevent “Translating. domain server (255.255.255.255)” Messages after an Invalid Command is Entered on a Router
- Prevent CLI timeout
- Force all router status messages to be displayed on a new line.
configure terminal
no ip domain-lookup
line console 0
exec-timeout 0 0
logging synchronous
end
copy running-config startup-config
__
Cisco IOS: Setting Passwords
- Privilege mode encrypted password
- router(config)# enable secret <password>
- Console password
- Router(config)# line console 0
- Router(config-line)# password <password>
- Router(config-line)# login
- Router(config-line)# exit
- Telnet password:
- Router(config)# line vty 0 15
- Router(config-line)# password <password>
- Router(config-line)# login
- Router(config-line)# exit
- Encrypt all clear text passwords
- Router(config)# service password-encryption
It’s also a good practice to set a banner message
- Router(config)# banner motd # Unauthorized Access is Strictly Forbidden #
__
Status, Settings, and Diagnostic Commands
Note: The default Console/Serial/COM port settings are: 9600, 8, N, 1, none
Prompt / Mode | Command | Description |
---|---|---|
Router# | show running-config | Displays the current configuration of all parameters the router is currently using. show run | section interface show run | section include router |
Router# | show interfaces | Displays the status of all interfaces, including if the interface is up or down and if its line protocol is up or down. Lots of details. |
Router# | show ip interface brief | Displays just the IP address, and the status of each interface and its line protocol. (up or down) Check that the IP address of each interface is correct, and that “Status” and “Protocol” are both “up” for each enabled interface. |
Router# | show ip route | Displays the routing table. Check that indirect routes are listed. Check that the mask and network address are correct for each “directly connected” interface. # show run | section router |
Router# | show ip protocol | Shows the details of the enabled routing protocol service.
|
Router# | show controller | Displays the controller state that is specific to controller hardware. Generally useful for diagnostic tasks. |
Router# | show controller serial 0/0 | Use to determine if a serial interface is DCE or DTE. e.g. DCE => DCE V.35, clock rate 9600 e.g. DTE => DTE V.35 TX and RX clocks detected |
Router# | show ip arp | Displays the mapping of IP addresses to MAC addresses |
Router# | show ip rip database [ip-address {mask}] | |
Router(config)# | no ip domain-lookup | Prevent “Translating. domain server (255.255.255.255)” messages after an invalid command is entered on Cisco IOS. |
Router# | reload | To reload the operating system, use the reload command in privileged EXEC or diagnostic mode. |
__
Interface Configuration
Set the IP address and enable the interface
Prompt / Mode | Command | Description |
---|---|---|
Router> | enable | |
Router# | configure terminal | Enter Global Configuration mode |
Router(config)# | interface <interface type> <slot>/<interface #> | Tell the device which interface to configure |
Router(config-if)# | description “<text of description>” | e.g. description “Connection to 2621-B” |
Router(config-if)# | ip address <ip address> <subnet mask> | Specify IP address and subnet mask for the interface |
Router(config-if)# | no shutdown | Enable the interface |
Router(config-if)# | exit or ctrl-z or end | Exit from interface config mode |
References
- Catalyst Switched Port Analyzer (SPAN) Configuration Example (port mirroring or port monitoring)
__
Sub-Interface Configuration for InterVLAN Routing
When configuring a sub-interface, if you do not define the encapsulation, before adding the ip address, you’ll get the following error:
% Configuring IP routing on a LAN subinterface is only allowed if that subinterface is already configured as part of an IEEE 802.10, IEEE 802.1Q, or ISL vLAN.
Define the encapsulation as dot1q, a.k.a. TRUNK, and set the VLAN ID to be supported by that sub-interface; vlan 10 in the following example:
R1 (config) # interface fa0/0.10 R1 (config-subif) # encapsulation dot1q 10 R1 (config-subif) # ip address 192.168.10.1 255.255.255.0
Reference
- Configuring EtherChannel and 802.1Q Trunking Between Catalyst L2 Fixed Configuration Switches and a Router (InterVLAN Routing)
- Sub-Interface Routing Error
__
Configure the RIP Routing Process
Prompt / Mode | Command | Description |
---|---|---|
Router> | enable | |
Router# | configure terminal | Enter Global Configuration mode |
Router(config)# | router rip | |
Router(config-router)# | network <network address> | e.g. network 192.168.1.0 |
Router(config-router)# | version 2 | Set to RIP v2. Default is v1. Note: RouterSim v6.0.0 has a bug in RIP v2 that adds invalid routes to the table. |
Router(config-router)# | exit or ctrl-z or end |
How to remove a network or RIP from a router
- no network <network address>
- Note: In RouterSim v5 through v8.x you cannot remove a specific network address. You’ll have to remove the routing process, and then add all the network addresses again.
- no router rip removes the RIP routing process thus clearing all the defined networks.
__
Configure the OSPF Routing Process
Prompt / Mode | Command | Description |
---|---|---|
Router> | enable | |
Router# | configure terminal | Enter Global Configuration mode |
Router(config)# | router ospf <process- id> | Process-id: Internally used identification parameter for an OSPF routing process. It is locally assigned and can be any positive integer. A unique value is assigned for each OSPF routing process. |
Router(config-router)# | network <network address> <wildcard mask> area<area #> | A 0 octet in the wildcard mask indicates that the corresponding octet in the network must match exactly. A 255 indicates that you don’t care what the corresponding octet is in the network number. |
Router(config-router)# | router-id <IP or ID# as 4 octets) | e.g. router-id 1.1.1.1 After setting the router-id, “reload” or “clear ip ospf process” for the new router id to take effect. |
Router(config-router)# | exit or ctrl-z or end | |
Router # | debug ip ospf events | Only use when troubleshooting OSPF. Remember to turn off debug with the “no” prefix when done troubleshooting. |
References
- Cisco IOS Commands (at pantz.org)
- Working with Configuration Files
- Cisco administration 101: What you need to know about OSPF by David Davis
- Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols, Release 12.2 – OSPF commands – Cisco Systems: router ospf
- OSPF Authentication on Cisco Routers
- IP Routing: OSPF Design Guide: Document ID: 7039
- OSPF Neighbor States – Cisco Document ID: 13685
__
OSPF Hello and Dead Intervals
OSPF uses hello packets and two timers to check if a neighbor is still alive or not:
- Hello Interval: defines how often we send the hello packet.
- Dead Interval: defines how long we should wait for hello packets before we declare the neighbor dead.
Set the hello and dead intervals on interfaces which communicate with neighboring routers.
R1(config)# interface Serial 0/0 R1(config-if)# ip ospf hello-interval <seconds> R1(config-if)# ip ospf dead-interval <seconds> [ Defaults to four times the value of the hello interval ]
R1(config)# interface FastEthernet 0/0 R1(config-if)# ip ospf hello-interval 7 R1(config-if)# ip ospf dead-interval 28
Show the Router ID, Hello, and Dead Intervals on an Interface
2621-A# show ip ospf interface s0/0 Serial0/0 is up, line protocol is up Internet address is 14.25.143.9/30, Area 0 Process ID 100, Router ID 1.1.1.1, Network Type POINT-TO-POINT, Cost: 64 Transmit Delay is 1 sec, State POINT-TO-POINT, Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:02 Index 2/2, flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 1, maximum is 1 Last flood scan time is 0 msec, maximum is 0 msec Neighbor Count is 1 , Adjacent neighbor count is 1 Adjacent with neighbor 2.2.2.2 Suppress hello for 0 neighbor(s) 2621-A# show ip ospf interface FastEthernet 0/0 | include intervals
Reference
__
Configure DHCP Server
Prompt / Mode | Command | Purpose |
---|---|---|
Router(config)# | ip dhcp excluded-address <start IP> <end IP> | Exclude a range of IP addresses to be assigned as static IP’s. |
Router(config)# | ip dhcp pool <poolname> | Creates a name for the DHCP server address pool and places you in DHCP pool configuration mode (identified by the config-dhcp# prompt). |
Router(dhcp-config)# | network <network address> <mask> | Specifies the subnet network number and mask of the DHCP address pool. |
Router(dhcp-config)# | default-router <Default Gateway IP> | |
Router(dhcp-config)# | lease <Days> <Hours> <Minutes> | e.g. 7 days 1 hour 20 minutes: 7 1 20 |
Router(config-dhcp)# | dns-server <address> [address2 … address8] | Specifies the IP address of a DNS server that is available to a DHCP client. One IP address is required; however, you can specify up to eight IP addresses in one command line. |
Router(config-dhcp)# | netbios-name-server <address> [address2 … address8] | Specifies the NetBIOS WINS server that is available to a Microsoft DHCP client. One address is required; however, you can specify up to eight addresses in one command line. |
Router(dhcp-config)# | end |
Display IP address lease bindings on the Cisco IOS DHCP Server
- show ip dhcp binding
DHCP Configuration for IPv6
R1(config)#ipv6 dhcp pool PoolOne
R1(config-dhcpv6)#address prefix 2001:db8:1::/64
R1(config-dhcpv6)#dns-server 2001:db8:2::100
R1(config-dhcpv6)#domain-name SampleDomain.org
R1(config-dhcpv6)#exit
R1(config)#
Then configure the interface to join the multicast group and listen for DHCP requests
R1(config)#int f0/0
R1(config-if)#ipv6 dhcp server PoolOne
R1(config-if)#ipv6 nd managed-config-flag
(For router advertisements set the M bit to 1)
(nd = network discovery)
R1(config-if)#end
Check the DHCP configuration
R1#show ipv6 dhcp pool
DHCPv6 pool: PoolOne
Address allocation prefix: 2001:DB8:1::/64 valid 172800 preferred 86488 (0 in use, 0 conflicts)
DNS server: 2001:DB8:2::100
Doman name: SampleDomain.org
Active clients: 0
show client that received IP
R1#show ipv6 dhcp binding
Show Interface configuration
R1#show ipv6 int f0/0
R1#show ipv6 neighbors
__
Switch: VLAN (Virtual Local Area Network)
Configuring a VLAN
Prompt / Mode | Command | Description |
---|---|---|
Switch# | configure terminal | Enter Global Configuration mode |
Switch(config)# | vlan <number> | Create a VLAN |
Switch(config-vlan)# | name <name/description> | Add a name or description to the VLAN. |
Switch(config-vlan)# | exit | |
Switch(config)# | interface <type> <mod/port> | Enter the interface configuration mode. e.g. interface fastethernet0/1 |
Switch(config-if)# | switchport mode access | Configure the port mode. |
Switch(config-if)# | switchport access <VLAN ID> | Enter the VLAN membership mode for the port. |
Switch(config-if)# | end | |
Switch# | show vlan | Verify the VLAN configuration. |
Configuring a Trunk Port
Prompt / Mode | Command | Description |
---|---|---|
Switch(config)# | interface fa0/24 | |
Switch(config-if)# | switchport trunk encapsulation dot1q | |
Switch(config-if)# | switchport mode trunk | |
Switch(config-if)# | end | |
Switch# | show interface trunk | verify your trunk port |
Switch# | show interface Fa0/15 switchport | Verify the switchport configuration |
Configuring an IP Address on a Switch
The Management VLAN interface, is a routed interface on every Cisco switch and is called interface VLAN 1.
Prompt / Mode | Command | Description |
---|---|---|
Switch(config)# | interface vlan 1 | |
Switch(config-if)# | ip address 192.168.10.19 255.255.255.240 | |
Switch(config-if)# | no shutdown |
__
Switch Diagnostics & Information
Prompt / Mode | Command | Description |
---|---|---|
Switch# | show interface vlan 1 | |
Switch# | show mac address-table | |
Switch# | show ip int brief | |
Switch# | show port-security | |
Switch# | show port-security int f0/3 | |
Switch# | show running-config | |
Switch# | show spanning-tree detail |
__
VLAN References
- What is a VLAN? How to Setup a VLAN on a Cisco Switc
- VLANs and Trunks for Beginners – Part 1 (video
- How to Configure VLANs on a Cisco Switch
- How to define the VLANs allowed on a trunk link
- c3550(config-if)#switchport trunk allowed vlan remove 5-10,1
- Routing Between VLANs Overview (pdf)
- CCNA – VLAN Questions
__
Switch: Port Security
Switch# config t
Switch(config)# int f0/1
Switch(config-if)# switchport mode access
Switch(config-if)#switchport port-security violation restrict
Switch(config-if)#switchport port-security mac-address aa.bb.cc.dd.ee.ff
Switch# config t
Switch(config)# int f0/1
Switch(config-if)# switchport mode access
Switch(config-if)# switchport port-security mac-address sticky
Switch(config-if)# switchport port-security maximum 2
Switch(config-if)# switchport port-security violation restrict
The first two MAC addresses coming into the port “stick” to it as static addresses and will be placed in the running-config, but when a third address tried to connect, the packets would be dropped, until one of the two “sticky” MAC are present.
__
SSH Configuration
Here are the steps for setting up SSH on your Cisco devices:
1. Set your hostname: | Router(config)# hostname R1 |
2. Set the domain name—both the hostname and domain name are required for the encryption keys to be generated: | R1(config)# ip domain-name <domain name> |
3. Set the username to allow SSH client access: | R1(config)# username <username> password <password> |
4. Generate the encryption keys for securing the session: | R1(config)# crypto key generate rsa |
5. Enable SSH version 2 on the device: | R1(config)# ip ssh version 2 |
6. Set the SSH timeout: | R1(config)# ip ssh time-out <seconds> |
7. Connect to the VTY lines of the switch or router: | R1(config)# line vty 0 15 |
8. Tell the lines to use the local database for password: | R1(config-line)# login local |
9. Configure your access protocols: | R1(config-line)# transport input ssh |
__
Show Output Modifier: Pipe |
Router# show run | ?
Router# show run | begin interface
interface FastEthernet0/0 description WAN Connection to Sales Branch Office ip address 12.12.12.5 255.255.255.248 duplex auto speed auto !
Router# show run | begin router
router rip network 18.0.0.0 network 201.111.2.0 <output cut>
Router# show running-config | section include router
router rip network 18.0.0.0 network 201.111.2.0
Router# show ip route | include 192.168.3.32
Router# show running-config | section include interface
interface FastEthernet0/0 ip address 201.111.2.5 255.255.255.0 duplex auto speed auto interface FastEthernet0/1 ip address 18.2.143.10 255.0.0.0 duplex auto speed auto
Router# show interface | include ( is )
FastEthernet0/0 is up, line protocol is up (connected) Hardware is Lance, address is 00d0.584e.a701 (bia 00d0.584e.a701) Internet address is 201.111.2.5/24 Full-duplex, 100Mb/s, media type is RJ45 FastEthernet0/1 is up, line protocol is up (connected) Hardware is Lance, address is 00d0.584e.a702 (bia 00d0.584e.a702) Internet address is 18.2.143.10/8 Full-duplex, 100Mb/s, media type is RJ45
__
Cisco IOS Tutorials
- Cisco IOS CLI for beginners – Part 1 (DansCourses)
- Cisco IOS CLI for beginners – Part 2 (DansCourses)
- Cisco IOS CLI for beginners – Part 3 (DansCourses)
- Cisco IOS CLI for beginners – Part 4 (DansCourses)
- Basic Router & Switch IOS configuration commands – CCNA beginner