UNIT THREE

Cisco IOS Basics

ƒ Understanding and configuring the Cisco Internetwork Operating System (IOS).

ƒ Internal components Of A Cisco Router
ƒ Managing Configuration Registers
ƒ Router Boot Sequence
ƒ Connecting to a router.
ƒ Bringing up a router and Logging into a router
ƒ Understanding the router prompts and Understanding the CLI prompts.
ƒ Perform an initial configuration on a router
ƒ Performing editing and help features and Gathering basic routing information
ƒ Viewing and saving router configurations and Verifying routing configurations
ƒ Performing interface configurations and Setting router hostnames
ƒ Setting router passwords
ƒ Setting the Banner MOTD (Message of the Day)

UNIT 3
Cisco IOS Basics

1
INTRODUCTION TO THE CISCO IOS
Cisco is the king of routing and switching.The Cisco certifications reach beyond the
popular certifications, such as the MCSE and CNE, to provide you with an
indispensable(too important to be without) factor in understanding today’s network—
insight into the Cisco world of internetworking. By deciding that you want to become
Cisco certified, you are saying that you want to be the best—the best at routing and the
best at switching.
CISCO IOS
It’s now time to introduce you to the Cisco Internetwork Operating System (IOS). The
IOS is what runs Cisco routers and also some Cisco switches.First, you need to know
exactly what an internetwork is, right? You create an internetwork when you take two or
more LANs or WANs and connect them via a router, and configure a logical network
addressing scheme with a protocol like IP. The largest and most well-known example of
an Internetworked is the Internet. Internetworking is used to connect (LANs) and other
types of networks together, so that users and computers in one location can communicate
with users and computers in other locations. As shown in figures 1.0 and 1.1.

Figure 1.0 Internetworked Network

Main Applications/Responsibilities Of Cisco Router Ios

These are some of the important things the Cisco router IOS software is responsible for:

ƒ Managing Static and dynamic Routing

ƒ Adding security to control access and stop unauthorized network use
ƒ Providing scalability for ease of network growth
ƒ Support simultaneous Local and remote connectivity

ROUTERS
But before I want to give a little bit description about layer 3 device i.e Routers. As you
know that layer 2 devices are Switches and Bridges and layer1 devices are cables and
Repeaters.
A router is a multiport connectivity device that can integrate LANs and WANs running at
different transmission speeds and using a variety of protocols. Router operate at the

2
Ntework layer (layer 3) of the OSI Model. Network layer directs data from one segment
or type of network to another.Historically, routers have been slower than switches or
bridges because they pay attention to information in layer 3 and higher, such as protocols
and logical addresses. Consequently, unlike bridges and layer 2 switches, routers are
protocol-depenent. They must be designed or configurd to recognize a certain protocol
before they can forward data transmitted using that protocol.
A typical router has an internal processor, its own memory and power supply.

SERIES OF CISCO ROUTERS

There are different series of routers in which some of them are the most important and in
common use: 2500, 2600 and 3600 series.
But here I am going to show you pictorial representation of 2500 and 3600. So have a
look first 3600 series. As shows in figure 1.1 front side of the 3600 router. We have status
indicators that indicate what is going on inside the router. We have also Consol and
Auxiliary ports. We have also flash memory card.

Figure 1.1 3600 Router front side

Now have a look to back side of the 3600 router. As shown in figure 1.2. There are four
bays. There are four serial interfaces. We have also Ethernet interface. We have also
power cord and ON/OFF button.

Figure 1.2. 3600 Router Back side

3
Now I am going to show you pictorial representation of 2500 Router.. Dear students
there are further sub series in 2500. Namely 2503, 2509 and 25014. As shown in figure
1.3. So all of them are looking same.

Figure 1.3. Front sides of 2503, 2509 and 25014 Routers

Now have a look of the back side of the three sub series. As shown in figure 1.4.

.
Now I am going to start from the top one and from left to right Attachment Unit Interface (AUI)
connector which is used for Ethernet (LAN), next to AUI port we have two Serial
interfaces, these are used for WAN. Next is BRI connector that is used for ISDN line and
for normal telephone line ATM connector is used. Next are Consol and the Auxiliary
(common to each Cisco device). AUX port is used for remote dialup management but not
in use now days. So Consol port is used for short administration and Auxiliary port is
used for remote. A dialup modem is connected to aux port and a telephone line is placed
or plugged in that modem you have to dial that line # from remote location to dial in to
our router which is not practically used.

The third way to connect to a Cisco router is through the program . Telnet
is a terminal emulation program. You can use Telnet to connect to any active interface on
a router like an Ethernet or serial port.
Once again Figure 4.1 shows an illustration of a 2501 Cisco router. Pay special attention
to all the different kinds of interfaces and connections.

4
 The 2501 router has two serial interfaces for WAN connection and one Attachment Unit
Interface (AUI) connection for a 10Mbps Ethernet network connection. This router also
has one console and one auxiliary connection via RJ-45 connectors.

As we know that 2500 series machines just aren’t capable of handling the demands of
today’s typical corporate network. You’ll find 2600 or better in that kind of environment.

A Cisco 2600 series router is a better router than those populating the 2500 series because
it has a faster processor and can handle many more interfaces. Figure 4.2 shows a
diagram of a Cisco 2600 modular router.

The Internal Components of a Cisco Router

In order to configure and troubleshoot a Cisco internetwork, you need to know the major
components of Cisco routers and understand what each one does. Table 9.1 describes the
major Cisco router components.
TABLE 9 . 1 Cisco Router Components

Component Description

Stored in the microcode of the ROM, the bootstrap is used to bring a router
Bootstrap
up during initialization. It will boot the router and then load the IOS.

POST (power-on Stored in the microcode of the ROM, the POST is used to check the basic
self-test) functionality of the router hardware and determines which interfaces are
present.

5
ROM monitor Stored in the microcode of the ROM, the ROM monitor is used for
manufacturing, testing, and troubleshooting

Mini-IOS Called the RXBOOT or bootloader by Cisco, the mini-IOS is a small IOS in
ROM that can be used to bring up an interface and load a Cisco IOS into
flash memory.

RAM (random access Used to hold packet buffers, ARP cache, routing tables, and also the
memory) software and data structures that allow the router to function.
Runningconfig is stored in RAM, and the IOS can also be run from RAM in
some routers.

ROM (read-only Used to start and maintain the router.

memory)

Flash memory Used on the router to hold the Cisco IOS. Flash memory is not erased when
the router is reloaded. It is EEPROM (electronically erasable programmable
read-only memory) created by Intel.

NVRAM Used to hold the router configuration. NVRAM is not erased

(nonvolatile RAM) when the router or switch is reloaded.

Configuration Used to control how the router boots up. This value can be seen with the
register show version command and typically is 0x2102, which tells the router to
load the IOS from flash memory as well as tell the IOS in RAM to load the
configuration from NVRAM.

Managing Configuration Registers

All Cisco routers have a 16-bit software register that’s written into NVRAM. By default,
the is set to load the Cisco IOS from and to look for
and load the startup- config file from NVRAM.

The boot field, which consists of bits 0–3 in the configuration register, controls the router
boot sequence. Table 9.4 describes the boot field bits.
Checking the Current Configuration Register Value
You can see the current value of the configuration register by using the show version
command (sh version or show ver for short), as demonstrated here:

6
Router#sh version
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-I-M), Version 12.1(8)T3,
RELEASE SOFTWARE (fc1)

Configuration register is 0x2102

The last information given from this command is the value of the configuration register.
In this example, the value is 0x2102—the default setting. The configuration register
setting of 0x2102 tells the router to look in NVRAM for the boot sequence. Notice that
the show version command also provides the IOS version, and in the example above, it
shows the IOS version as 12.1(8)T3.

Changing the Configuration Register

You can change the configuration register value to modify how the router boots and runs.
The following is some of the possible reasons for changing the configuration register:

ƒ Force the system into the ROM monitor mode.

ƒ Loading small IOS from ROM
ƒ Enable booting from a Trivial File Transfer Protocol (TFTP) server.

And you can change the configuration register by using the config-register command.
Here’s an example. The following commands tell the router to boot a small IOS from
ROM monitor mode and then show the current configuration register value:

Router(config)#config-register 0x101
Router(config)#^Z
Router#sh ver

Configuration register is 0x2102 (will be 0x0101 at next reload)

Notice that the show version command shows the current configuration register value, as
well as what it will be when the router reboots. Any change to the configuration register
won’t take effect until the router is reloaded. The 0x0101 will load the IOS from ROM
the next time the router is rebooted. You may see it listed as 0x101; that’s basically the
same thing, and it can be written either way.

The Router Boot Sequence

When a router boots up, it performs a series of steps, called the , to test the
hardware and load the necessary software. The boot sequence consists of the following
steps:
1. The router performs a POST. The POST tests the hardware to verify that all
components of the device are operational and present. For example, the POST checks for
the different interfaces on the router. The POST is stored in and run from
.

7
2. The bootstrap looks for and loads the Cisco IOS software. The bootstrap is a program
in ROM that is used to execute programs. The bootstrap program is responsible for
finding where each IOS program is located and then loading the file. By default, the IOS
software is loaded from flash memory in all Cisco routers.

3. The IOS software looks for a valid configuration file stored in NVRAM. This file is
called startup-config and is only there if an administrator copies the running-config file
into NVRAM.
4. If a startup-config file is in NVRAM, the router will load and run this file. The router
is now operational. If a startup-config file is not in NVRAM, the router will start the
setup mode configuration upon bootup.

Connecting and Logging on to a Cisco Router

You can connect to a Cisco router to configure it, verify its configuration, and check
statistics. There are different ways to do this, but most often, especially for short distance
administration the first place you would connect to is the console port. The
is usually an RJ-45 (8-pin ) connection located at the back of the router: and serial 9 pin
at computer end. If you have a rollover cable with RJ 45 at both ends then DB9Convertor
is used at computer end —by default, there’s no password set. As shown in the following
figure 1.0.

Connecting a Rollover Cable to Your Router

Figure 1-10 shows how to connect a rollover cable from your PC to a router

Adapters

You need two types of adapters to connect a PC to a router.

• RJ-45-to-DB-9 Adapter
• RJ-45-to-DB-25 Adapter

RJ-45-to-DB-9 Adapter

This adapter connects a router to a PC though a COM port.

RJ-45-to-DB-9 Adapter

8
RJ-45-to-DB-25 Adapter

This adapter connects a router to PC through a serial port.

RJ-45-to-DB-25 Adapter

Cisco provides this cable with the Cisco 600, 800, 1600 and 1700 Series Routers.

Figure1-0. Rollover Cable Connections

Although isn’t used to connect any Ethernet connections together, you can
use a rolled Ethernet cable to connect a host to a router console serial communication
(com) port. If you have a Cisco router or switch, you would use this cable to connect your

9
PC running Hyper- Terminal to the Cisco hardware. Eight wires are used in this cable to
connect serial devices, although not all eight are used to send information, just as in
Ethernet networking. Figure 1.17 shows the eight wires used in a rolled cable.

These are probably the easiest cables to make, because you just cut the end off on one
side of a straight-through cable and reverse the end. Once you have the correct cable
connected from your PC to the Cisco router or switch, you can start HyperTerminal to
create a console connection and configure the device. Set the configuration as follows

1. Open HyperTerminal and enter a name for the connection. It is irrelevant what
you name it, but I always just use “Cisco.” Then click OK.

2. Choose the communications port—either COM1 or COM2, whichever is open on

your PC.

10
 3. Now set the port settings. The default values (2400bps and no flow control) will
not work; you must set the port settings as shown in Figure 1.18.

Notice that the bit rate is now set to 9600 and the flow control is set to none. At this
point, you can click OK and press the Enter key, and you should be connected to your
Cisco device console port.

You can also connect to a Cisco router through an auxiliary port—which is really the
same thing as a console port, so it follows that you can use it as one. But this auxiliary
port also allows you to configure modem commands so that a modem can be connected

11
to the router. This is a cool feature—it lets you dial up a remote router and attach to the
auxiliary port.
The third way to connect to a Cisco router is through the program Telne .You can use
Telnet to connect to any active interface on a router like an Ethernet or serial port
Introduction to the Basic User Interface
The front end of a piece of software that is used by the administrator is to make different
configuration changes and also monitor a particular devices and conectivities is know as
the user interface.now on most of the decivecs you have a couple of chices on user
interface.
1) Command Line Interface(CLI)
2) Graphical User Interface (GUI)

So with Cisco devices specifically in the IOS, you are going to have a CLI and another
one is GUI which is also called a Menu interface you might see and may be will see on
some of the Switches.
In the world of Networking supporters for each of these of two types of interfaces are
usually pretty well separate. You have people that love GUI because it is easy and user
friendly and the command line Interface will give you a prompt i.e. > you need to know
exactly what to type in i.e. syntax and every thing for proper operation to take place.
Experienced people love CLI because there is no need to move to different screens for
different configurations unlike GUI that is way CLI is fast as compared to GUI. So my
suggestion is also try to use CLI. But for CLI you to have memorized syntax and pupose
of each command by heart. But if don’t have enough experice then you can use GUI.

User Vs. Privileged Mode

User mode is indicated with the ‘>’ next to the router name. You can look at settings but
can not make changes from user mode. In privilege mode (indicated by the ‘#’, you can
do anyhting). To get into privilege mode/level the keyword is ENABLE. So the following
are the commands applicable on User level provided by Router0>?

1. Press <enter> to get to the router prompt.

Router>
2. You are now in . Type the command that is used to view all the available
commands at this prompt.
3. Type the command used to enter .
Router>enable
Router#

Q. How would you display all commands appplicale on User Exec Mode?
Ans:
Router0>?
Exec commands:
enable Turn on privileged commands
exit Exit from the EXEC
logout Exit from the EXEC

12
 ping Send echo messages
show Show running system information
traceroute Trace route to destination

Q. How would you display specifications of a Router?

Ans:
Router0>show version
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-I-M), Version 12.2(13e), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Fri 30-Apr-04 15:39 by miwang
Image text-base: 0x8000808C, data-base: 0x80A05838
ROM: System Bootstrap, Version 12.1(3r)T2, RELEASE SOFTWARE (fc1)
System returned to ROM by reload
System image file is "flash:c2600-i-mz.122-13e.bin"
cisco 2621 (MPC860) processor (revision 0x200) with 60416K/5120K bytes of memory
.Processor board ID JAD05190MTZ (4292891495)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
4 FastEthernet/IEEE 802.3 interface(s)
2 Low-speed serial(sync/async) network interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)

--More- -
Notice the - -More- -This means that there is more information pertaining to the last
command. To view more commands line by line, press: Enter. To exit the output and
return to the router prompt, press: e (this can be any letter; it is just easy to remember that
e is for exit. To view more output one screen at a time, press the space bar.

4. View the available commands in .

Router#?

Global and subcommands Areas

I am just going to start from the EXEC Session this is the name given by Cisco to the act
of accessing Cisco IOS operating system via the command line Interface and within the
operating system you need to understand that there are two levels of permission. First one
is the User level and the second one is the Privilege level. From privilege mode you have
access to all, so within privilege mode you can activate Configuration mode. In a
configuration mode you can make changes to the structure of the IOS within the router.

As you know that there are two levels within the IOS and they are called EXEC level.
User Exec level and it is that level as soon you logon to the router and then once we
typed in Enable command we move into a level which is called the privilege level. Once
we here in the privilege level from here we can move to configuration mode. How we do

13
that: type CONFIGURE TERMINAL because we want to make configuration from a
terminal i.e. computer. Once we do that we are in the configuration mode and ready and
in power to make changes. When you first login to the User Exec mode you will get a
prompt just like HOSTNAME> and after typing Enable command at the User Exec
mode you will be in the HOSTNAME#. Once you administered the Configure Terminal.
As shown in the following figure.

Now you will be in HOSTNAME (CONFIG)# , now you can configure your router.
Now the question is there what we will do once we there i.e. in configuration mode. Now
we are going to discuss the command types available in the configuration mode.

The fisrt one is the Global Command and the second is subcommands area. Let me to
start from Global command, the Global command take effects over the entire Router and
subcommand will not take effect over the entire router only a piece or subset of the
configuration. Let me give you an example:

If I type Router RIP that is a global command what I am doing is I am turning RIP ON as
a routing protocol on the entire router. I am doing this at this prompt:

HOSTNAME (CONFIG)# ROUTER RIP, as soon I typed this command and hit enter I
am going to enter into an option or availabilty of subcommand. And my prompt will
change from HOSTNAME (CONFIG)# to HOSTNAME(CONFIG-ROUTER)# so we
enter into the subsection of ROUTER of the configuration mode or subacommand area.
So any command that I issued here i.e. HOSTNAME(CONFIG-ROUTER)# so that
command will be a subcommand.

14
Lab.1

Now we are in the configuration mode. Now I can issue a command:

So we turn on RIP on R1.

The commands which are coming after R1(config-router)#? are called subcommands.

Navigation
Now I need to navigate from the subcommand area to global area. For example, we are in
subcommand area of RIP. Now we want to quit one level back toward global
configuration area.

If you want to move from this global configuration area to subcommand area of the
Console.As given in the following command.

So it moves me to config-line subcommands area. Now I want to move from here to

another subcommand area of RIP. As shown as follow:

15
Conside the following command:

Back to the global level. Now just type? at the global level as shown:

So above are all available commands at the global level. Now have a look to the
following command:

As you know that currently I am in global mode. Just by pressing Backspace to remove
aaa from the prompt and then type in Exit,CTRL+C, and END commands; as shown as
follow:

One more thing that you have to look, So I type in router followed by space and then? at
the global configuration mode, it will give me all the subcommands for the next key word
available at this golobal configuration mode. As shown:

16
FILE TYPES
There are two configuration files on the IOS, namely:

RUNNING CONFIGURATION FILE

STARTUP CONFIGURATION FILE

RUNNING CONFIGURATION FILE IS STORED IN RAM and STARTUP

CONFIGURATION FILE is stored in the memory space of NVRAM, which means if I
reboot my router that startup-config will stll be there, it is because that is the file that
Iwant to use to start my router.each time. If I make changes in my RUNNING-config not
in startup-config file. Now I am going to quit from my router and after that once again I
am going ot reboot my router and I am going back to inoerder to config.it is higly
recommended that RUNNING CONFIGURATION FILE and STARTUP
CONFIGURATION FILE must have the same contents, otherwise your router will use
not work up to the expection because you did not copy the contents of RUNNING
CONFIGURATION FILE to STARTUP CONFIGURATION FILE before shut dowing
the router.

You can verify the contents of these two files by using the following commands:

Show running-config
Show startup-config

If you type the following command; you will see that show command support the above
two options; as shown in the following command:
On User Exec mode:
Router0>show ?
access-lists List access lists
cdp CDP information
history Display the session command history
interfaces Interface status and configuration
ip IP information
version System hardware and software status

On Privilege Mode
Router0>en
Router0#show ?
access-lists List access lists
arp Arp table
cdp CDP information
history Display the session command history
interfaces Interface status and configuration
ip IP information
running-config Current operating configuration
startup-config Contents of startup configuration
version System hardware and software status

17
if you want to display current configuration or if you want to displaty the current
contents of the RAM:
Router0#show running-config
Current configuration:
!
version 12.2
!
hostname Router0
!
interface FastEthernet0/0
no ip address
!
interface FastEthernet1/0
no ip address
!
interface Serial2/0
no ip address
!
interface Serial3/0
no ip address
!
interface FastEthernet4/0
no ip address
!
interface FastEthernet5/0
--More—
The exclamation points in above output separate entry; if there is any remark in front of it
should be consider as a remaks [not part of the router configurations]

Now we are going to check the contents stored in the startup-config file:
Router0#show startup-config
%% Non-volatile configuration memory is not present

You have also understand the following command:

Router0#write terminal
Current configuration:
!
version 12.2
!
hostname Router0
!
interface FastEthernet0/0
no ip address
!
interface FastEthernet1/0

18
 no ip address
!
interface Serial2/0
no ip address
!
interface Serial3/0
no ip address
!
interface FastEthernet4/0
no ip address
!
interface FastEthernet5/0
--More--

Copy command
Synax : Router0#copy source file target file
Example :
Router0>en
Router0#copy running-config startup-config
Router0#show startup-config
!
version 12.2
!
hostname Router0
!
interface FastEthernet0/0
no ip address
!
interface FastEthernet1/0
no ip address
!
interface Serial2/0
no ip address
!
interface Serial3/0
no ip address
!
interface FastEthernet4/0
no ip address
!
interface FastEthernet5/0
no ip address
--More--
Now compare these contents(in NVRAM) to current configuration‘s contents in RAM,
you see exatly the same configurations in both files.

19
Erase command
Erase command is used to remove contents from startuo-config file. But there is no
command to erase running-config. After erasing contents of startup-config, then you
have to copy the contents of running-config to startup-config, if you are not doing this the
and you are going to reboot the router so you have nothing in startup-config so your
router will boot in setup mode.

Example :
Router0#show startup-config
!
version 12.2
!
hostname Router0
!
interface FastEthernet0/0
no ip address
!
interface FastEthernet1/0
no ip address
!
interface Serial2/0
no ip address
!
interface Serial3/0
no ip address
!
interface FastEthernet4/0
no ip address
!
interface FastEthernet5/0
no ip address
!
!
!
line con 0
!
end

Router0# erase startup-config

Erase of nvram: complete
Router0#show startup-config
%% Non-volatile configuration memory is not present
Router0#

20
Image text-base: 0x80008088, data-base: 0x8080853C
Once the IOS is loaded, the information learned from the POST will be displayed next, as
shown here:

Cisco 2621 (MPC860) processor (revision 0x101) with 26624K/6144K bytes of memory.
Processor board ID JAD050697JB (146699779)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
2 FastEthernet/IEEE 802.3 interface(s)
1 Serial network interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)

Once the IOS is loaded, and up and running, a valid configuration will be loaded from
NVRAM. If there isn’t a configuration in NVRAM, the router will go into —a
step-by-step process to help you configure the router. You can also enter setup mode at
any time from the command line by typing the command setup from something called
privileged mode, which I’ll get to in a minute. Setup mode only covers some very global
commands, but it can be really helpful if you don’t know how to configure certain
protocols, such as bridging or DECnet.

Setup Mode
You actually have two options when using setup mode: Basic Management and
Extended Setup. Basic Management only gives you enough configurations to allow
connectivity to the router, but Extended Setup gives you the power to configure some
global parameters as well as interface configuration parameters. To enter Setup mode,
just say “yes” or “y” to the following question:

--- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]: y

At any point you may enter a question mark '?' for help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets '[]'.

Notice the two lines above that say you can use Ctrl+C to abort(to end or cause sth to
end before it has been completed) configuration dialog at any prompt, and that the default
settings are in square brackets: [].

Basic Management setup configures only enough connectivity for management of the
system. But since you can do so much more with Extended Setup, this mode will ask
you to configure each interface on the system, as seen here:

Would you like to enter basic management setup?[yes/no]:n

First, would you like to see the current interface summary? [yes]:[Enter]

22
Image text-base: 0x80008088, data-base: 0x8080853C
Once the IOS is loaded, the information learned from the POST will be displayed next, as
shown here:

Cisco 2621 (MPC860) processor (revision 0x101) with 26624K/6144K bytes of memory.
Processor board ID JAD050697JB (146699779)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
2 FastEthernet/IEEE 802.3 interface(s)
1 Serial network interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)

Once the IOS is loaded, and up and running, a valid configuration will be loaded from
NVRAM. If there isn’t a configuration in NVRAM, the router will go into —a
step-by-step process to help you configure the router. You can also enter setup mode at
any time from the command line by typing the command setup from something called
privileged mode, which I’ll get to in a minute. Setup mode only covers some very global
commands, but it can be really helpful if you don’t know how to configure certain
protocols, such as bridging or DECnet.

Setup Mode
You actually have two options when using setup mode: Basic Management and
Extended Setup. Basic Management only gives you enough configurations to allow
connectivity to the router, but Extended Setup gives you the power to configure some
global parameters as well as interface configuration parameters. To enter Setup mode,
just say “yes” or “y” to the following question:

--- System Configuration Dialog ---

Would you like to enter the initial configuration dialog? [yes/no]: y

At any point you may enter a question mark '?' for help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets '[]'.

Notice the two lines above that say you can use Ctrl+C to abort(to end or cause sth to
end before it has been completed) configuration dialog at any prompt, and that the default
settings are in square brackets: [].

Basic Management setup configures only enough connectivity for management of the
system. But since you can do so much more with Extended Setup, this mode will ask
you to configure each interface on the system, as seen here:

Would you like to enter basic management setup?[yes/no]:n

First, would you like to see the current interface summary? [yes]:[Enter]

22
Any interface listed with OK? value "NO" does not have a valid configuration

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 unassigned NO unset Down Down
FastEthernet0/1 unassigned NO unset Down Down

Configuring global parameters:

Enter host name [Router]: Todd

The enable secret is a password used to protect access to privileged EXEC and
configuration modes. This password, after entered, becomes encrypted in the
configuration. Enter enable secret: todd

The enable password is used when you do not specify an enable secret password, with
some older software versions, and some boot images. Enter enable password: todd
% Please choose a password that is different from the enable secret
Enter enable password: todd1

There’s something I want you to look at. Did you notice that setup mode asks you to
configure two enable passwords? I’m going to cover passwords later in the chapter, but
you should know that you really only use the enable secret password. The enable
password is for pre-10.3 IOS routers (really old routers). Even so, you must configure the
password when in setup mode, and it has to be different. It will never be used if the
enable secret is configured, though.

The next password is for setting up Telnet sessions to the router. The reason setup mode
has you configure a Telnet (or VTY, which stands for Virtual TeleType) password is
because you can’t telnet into a router by default if a password for the VTY lines hasn’t
been set. Here is how you do that:
The virtual terminal password is used to protect access to the router over a network
interface.

Enter virtual terminal password: todd

Configure SNMP Network Management? [yes]:[Enter] or [no]
Community string [public]:[no]
Configure DECnet? [no]:[Enter]
Configure AppleTalk? [no]:[Enter]
Configure IP? [yes]:[Enter]
Configure IGRP routing? [yes]:no
Configure RIP routing? [no]:[Enter]
Configure bridging? [no]:[Enter]
Configure IPX? [no]:[Enter]

23
The preceding commands can help you configure a protocol if you’re not sure which
commands you need to configure. But if you use the command-line interface (CLI)
instead of setup mode, you’ll have a lot more flexibility.

If you have an Async modem card installed in your router, you can have setup mode
configure the modems for you, as seen here:

Async lines accept incoming modems calls. If you will have users dialing in via modems,
configure these lines.

Configure Async lines? [yes]:n

If your router has an ISDN BRI interface, you’ll be prompted for the ISDN switch type to
be configured. Take a look at the router output:
BRI interface needs isdn switch-type to be configured

Valid switch types are:

[0] none..........Only if you don't want to configure BRI
[1] basic-1tr6....1TR6 switch type for Germany
[2] basic-5ess....AT&T 5ESS switch type for the US/Canada
[3] basic-dms100..Northern DMS-100 switch type for
US/Canada
[4] basic-net3....NET3 switch type for UK and Europe
[5] basic-ni......National ISDN switch type
[6] basic-ts013...TS013 switch type for Australia
[7] ntt...........NTT switch type for Japan
[8] vn3...........VN3 and VN4 switch types for France
Choose ISDN BRI Switch Type [2]:2

The next section of the Extended Setup is configuring the interfaces. We only have two
Fast Ethernet interfaces on this router: FastEthernet 0/0 and FastEthernet 0/1 I’ll go
over various types of router interfaces later in this unit):

Configuring interface parameters:

Do you want to configure FastEthernet0/0 interface? [yes]:[Enter]

Use the 100 Base-TX (RJ-45) connector? [yes]:[Enter]
Operate in full-duplex mode? [no]: y [Enter]
Configure IP on this interface? [yes]:[Enter]
IP address for this interface: 1.1.1.1
Subnet mask for this interface [255.0.0.0]: 255.255.0.0
Class A network is 1.0.0.0, 16 subnet bits; mask is /16

24
Do you want to configure FastEthernet0/1 interface? [yes]:[Enter]
Use the 100 Base-TX (RJ-45) connector? [yes]:[Enter]
Operate in full-duplex mode? [no]:y [Enter]
Configure IP on this interface? [yes]:[Enter]
IP address for this interface: 2.2.2.2
Subnet mask for this interface [255.0.0.0]: 255.255.0.0
Class A network is 2.0.0.0, 16 subnet bits; mask is /16

This configuration is very basic, I know, but it will allow you to get a router up and
running quickly. Notice the mask is displayed as /16, which means 16 out of 32 bits are
being used.

The Extended Setup will now show the running configuration created:

The following configuration command script was created:(R#sh running.configstatsetuo).

The following configuration command script was created:

hostname Todd
enable secret 5 $1$B0wu$5F0m/EDdtRkQ4vy4a8qwC/
enable password todd1
line vty 0 4
password todd
snmp-server community public
!
no decnet routing
no appletalk routing
ip routing
no bridge 1
no ipx routing
!
interface FastEthernet0/0
media-type 100BaseX
full-duplex
ip address 1.1.1.1 255.255.0.0
no mop enabled
!
interface FastEthernet0/1
media-type 100BaseX
full-duplex
ip address 2.2.2.2 255.255.0.0
no mop enabled
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
!
end

25
[0] Go to the IOS command prompt without saving this config.
[1] Return back to the setup without saving this config.
[2] Save this configuration to nvram and exit.

Enter your selection [2]:0

The most interesting part of the Extended Setup is the options you get at the end. You can
go to CLI mode and discard the running-config (0); you can go back to setup to do it all
over again (1); or you can save this configuration to NVRAM, something known as
startup-config (2). This file would then be loaded every time the router is rebooted.

I’m going to choose 0 to go to the IOS—we’re not going to save the file we just created.
Doing this will take us to the CLI, which we will discuss next.

Command-Line Interface
Because it’s so much more flexible, the truly is the best
way to configure a router. I sometimes refer to the CLI as “Cash Line Interface” because
if you can create advanced configurations on Cisco routers and switches using the CLI,
then you’ll get the cash!

To use the CLI, just say No to entering the initial configuration dialog. After you do that,
the router will respond with messages that tell you all about the status of each and every
one of the router’s interfaces. Here’s an example:

Would you like to enter the initial configuration dialog? [yes]:n

Would you like to terminate autoinstall? [yes]:[Enter]

2: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed

state to up
00:00:42: %LINK-3-UPDOWN: Interface Serial0/0, changed
state to down
00:00:42: %LINK-3-UPDOWN: Interface Serial0/1, changed
state to down
00:00:42: %LINEPROTO-5-UPDOWN: Line protocol on Interface
FastEthernet0/0, changed state to up
00:00:42: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Serial0/0, changed state to down
00:00:42: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Serial0/1, changed state to down
00:01:30: %LINEPROTO-5-UPDOWN: Line protocol on Interface
FastEthernet0/0, changed state to down
00:01:31: %LINK-5-CHANGED: Interface Serial0/0, changed

26
state to administratively down
00:01:31: %LINK-5-CHANGED: Interface FastEthernet0/0, changed
state to administratively down
00:01:31: %LINK-5-CHANGED: Interface Serial0/1, changed
state to administratively down
00:01:32: %IP-5-WEBINST_KILL: Terminating DNS process
00:01:38: %SYS-5-RESTART: System restarted --
Cisco Internetwork Operating System Software
IOS (tm) 2600 Software (2600-BIN-M), Version 12.2(13),
RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Tue 04-Jan-03 19:23 by dschwart

Press RETURN to get started!

After the interface status messages appear and you press Enter, the Router> prompt will
appear. This is called (user mode) and is mostly used to view statistics,
but it’s also a stepping-stone to logging into privileged mode. You can only view and
change the configuration of a Cisco router in (privileged mode),
which you get into with the enable command.
Here’s how you would do that:
Router>
Router>enable
Router#

You now end up with a Router# prompt, which indicates you’re in ,

where you can both view and change the router’s configuration. You can go back from
privileged mode into user mode by using the disable command, as seen here:

Router#disable
Router>
At this point, you can type logout to exit the console:

Router>logout

Router con0 is now available

Press RETURN to get started.

Or you could just type logout or exit from the privileged-mode prompt to log out:
Router>en
Router#logout
Router con0 is now available
Press RETURN to get started.

Configuration Mode
Most of the configuration is done in global configuration mode. From the privilege mode
you can enter configuration mode by typing CONFIG T you can exit configuration mode
type END or <CTL>+Z

27
Example:
Noor>en
Noor#CONFIG T
Enter configuration commands, one per line. End with CNTL/Z.
Noor(config)#
OR
Noor>en
Noor#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Noor(config)#

Use of End
Noor(config)#end
%SYS-5-CONFIG_I: Configured from console by console
Noor#
Q. What command do you use to configure the hostname?
Ans. The Router’s Host Name is used for local identification. When you log into the
router you see the Host Name in front of the prompt (either the > or the #). This can be
used to identify the location or function of the router. Set your Router’s hostname to
“Noor”.
Press RETURN to get started!
Router0>en
Router0#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router0(config)#hostname Noor
Noor(config)#

Introduction to interface configuration

Q. How would you display all available interfaces on R0 and their status?
Ans:
Router0>en
Router0#sh ip interface brief
Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 unassigned YES manual down down

FastEthernet1/0 unassigned YES manual down down

Serial2/0 unassigned YES manual down down

Serial3/0 unassigned YES manual down down

FastEthernet4/0 unassigned YES manual down down

FastEthernet5/0 unassigned YES manual down down

28
To make changes to an interface, you use the interface command from global
configuration mode:
Router0#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router0(config)#int FastEthernet0/0
Now we are in interface configuration mode (subcommand area).
Router0(config-if)#ip address 200.100.100.1
% Incomplete command.
Router0(config-if)#ip address 200.100.100.1 255.255.255.0
Router0(config-if)#
Note: By default, all interfaces are shutdown(disabled). Now Enable the FastEthernet0/0
interface on R0.
Router0(config-if)#no shut
Router0(config-if)#

Now you can check using the following command on R0:

Router0#sh interface
FastEthernet0/0 is down, line protocol is down
Hardware is Lance, address is 0030.f2d7.fe90 (bia 0030.f2d7.fe90)
Internet address is 200.100.100.1/24
MTU 1500 bytes, BW 100000 Kbit, DLY 1000 usec, rely 255/255, load 1/255

So now your FastEthernet0/0 on R0 is configured and an IP is assigned.

Command History
The routers Command Line Interface (CLI) maintains by default the last 10 commands
you have entered in memory, for later retrieval. You can change this default value. You
cycle through previous router commands entered (since last power loss), using one of the
two methods. To view all of the past commands still router memory at the same time, use
the show history command. For single line retrieval, use either the Arrow-Up ( for
previous command ) and Arrow-Down ( for next command), or Control-P ( for previous
command) and Control-N ( for next command).

Example :
First, use the show history command to see the last 10 commands that were entered on
the router:

Router#sh history
en
sh history
show terminal
sh cdp neig
sh ver
sh flash
sh int fa0

29
sh history
sh int s0/0
sh int s0/1

Now you use the show terminal command to verify the terminal history size:

Router#sh terminal
Line 0, Location: "", Type: ""

History is enabled, history size is 10.

Full user help is disabled
Allowed transports are lat pad v120 telnet mop rlogin
nasi. Preferred is lat.
No output characters are padded
No special data dispatching characters
Group codes: 0

The terminal history size command, used from privileged mode, can change the size of
the history buffer:

Router#terminal history size ?

<0-256> Size of history buffer

Router#terminal history size 25

Verify the change with the show terminal command.

Router#sh terminal
Line 0, Location: "", Type: ""

Editing is enabled.
History is enabled, history size is 25.
Full user help is disabled
Allowed transports are lat pad v120 telnet mop rlogin
nasi. Preferred is lat.
No output characters are padded
No special data dispatching characters
Group codes: 0

Setting Passwords
There are five passwords used to secure your Cisco routers: console, auxiliary, telnet
(VTY), enable password, and enable secret. Just as you learned earlier in the chapter, the
first two passwords are used to set your enable password, which is used to secure
privileged mode. This will prompt a user for a password when the enable command is
used. The other three are used to configure a password when user mode is accessed either
through the console port, the auxiliary port, or via Telnet.

30
 We will look at each of these in the following sections.

Lab: Extended Basics

Enable Passwords
The enable password controls access to privilege mode. This is a VERY important
password because in privilege mode you can make configuration changes. Set your
enable password to “eit123”. You set the enable passwords from global configuration
mode like this:
Example:
Router0>en
Router0#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router0(config)#enable password eit123
^
% Invalid input detected at '^' marker.
Router0(config)#

Let’s test this password. Exit out of the router and try to enter privilege mode. Now type:
conf term and proceed with the lab instructions in the next step.

The only problem with the enable password is that it appears in plain text in the router’s
configuration file. If you need to show someone this file so that they can help you
troubleshoot a problem you may inadvertently (by accident) compromise the security of
your systems by reveling the passwords. What command will create an encrypted
password? Set enable secret password to “eit123”. What command did you use?

Example:
Router0>en
Router0#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router0(config)#enable secret eit123
^
% Invalid input detected at '^' marker.
Router0(config)#

You can now test this password by logging out of the router and then typing enable. The
enable secret is an additional password over and above the enable password, in fact, it
overrides the enable password. If you have set both passwords, the enable SECRET is the
password you use to enter into privilege mode. The enable PASSWORD is still present
but is now deactivated.

User-mode passwords are assigned by using the line command:

Router(config)#line ?

Here are the lines we are concerned with:

aux Sets the user-mode password for the auxiliary port. It’s usually used for attaching a

31
modem to the router, but it can be used as a console as well.

console Sets a console user-mode password.

vty Sets a Telnet password on the router. If this password isn’t set, then Telnet can’t be
used by default.
To configure the user-mode passwords, you configure the line you want and use either
the login or no login command to tell the router to prompt for authentication. The next
section will provide a line-by-line example of each line configuration.

Console Password
So can applly passwords on lines, like Console. By default console password is not set it
is free of password.To set the console password, use the line console 0 command. But
look at what happened when I tried to type line console 0 ?.
Here’s the example:

Router0>en
Router0#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router0(config)#line console 0
Router0(config-line)#password wahab
Router0(config-line)#

Since there’s only one console port, I can only choose line console 0. You can set all your
line passwords to the same password, but for security reasons, I’d recommend that you
make them different.

Telnet Password
You can apply password on telnet. To set the user-mode password for Telnet access into
the router, use the line vty command. Routers that aren’t running the Enterprise edition of
the Cisco IOS default to five VTY lines, 0 through 4. But if you have the Enterprise
edition, you’ll have significantly more. The best way to find out how many lines you
have is to use that question mark:
Router(config-line)#line vty 0 ?
<1-4> Last Line Number

Example:
R1 (config) # line vty o 4
R1 (config-line) # password Wahab

So what will happen if you try to telnet into a router that doesn’t have a VTY password
set? You’ll receive an error stating that the connection is refused because, well, the
password isn’t set. But you can get around this and tell the router to allow Telnet
connections without a password by using the no login command:

Router(config-line)#line vty 0 4
Router(config-line)#no login

32
After your routers are configured with an IP address, you can use the Telnet program to
configure and check your routers instead of having to use a console cable. You can use
the Telnet program by typing telnet from any command prompt.

Auxiliary Password
To configure the auxiliary password, go into global configuration mode and type line aux
?.You can see that you only get a choice of 0–0 (that’s because there’s only one port):

Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#line aux ?
<0-0> First Line number
Router(config)#line aux 0
Router(config-line)#login
Router(config-line)#password todd
It’s important to remember the login command, or the auxiliary port won’t prompt for
authentication.
Okay, now watch what happens when I try to set the Aux on the “newer” IOS that Cisco
has released:

2600A#config t
Enter configuration commands, one per line. End with CNTL/Z.
2600A(config)#line aux 0
2600A(config-line)#login
% Login disabled on line 65, until 'password' is set
2600A(config-line)#
Cisco has begun this process of not letting you set the “login” command before a
password is set on a line because if you set the login command under a line, and then
don’t set a password, the line won’t be usable. And it will prompt for a password that
doesn’t exist. So this is a good thing—a feature, not a hassle!

Banners
A good reason for having a is to add a security notice to users dialing or telnetting
into your internetwork. You can set a banner on a Cisco router so that when either a user
logs into the router or an administrator telnets into the router, the banner will give them
the information you want them to have. Message of the day (MOTD) is the most
extensively used banner. It gives a message to every person dialing into or connecting to
the router via Telnet or auxiliary port, or through a console port.

Seeting the Banner MOTD (Message of the Day)

The goal of this lab is to setup a banner MOTD. The MOTD is displayed when someone
logs into the router. The banner can also be used to display information about router itself
or to display a security message.

1. Connect to the Router1 and enter privileged mode.

33
Router1>
Router>Enable
Router#
2.

34