Basic IOS

Accessing the Switch and Router

•  Directly using the console port
–  No configuration needed on the router
•  Telnet – over the network
–  Network connection
–  Network configuration on both ends (IP address, subnet
mask, etc.)
–  Telnet password configured on router
•  Modem – We won t do this!

2
Accessing the
router and
switch directly

•  The console port on the router allows you to connect a dumb

terminal or a computer with terminal emulator software directly.
•  No IP addressing or other configurations needed on the router.
•  Used for:
–  Configuring a device that has never been configured.
–  Configuring a device directly, because you are physically located
where the device is.
–  Troubleshooting a device that you can no longer access remotely.
–  Performing password recovery.

3
Console Port on 2950 Switch

4
Management port – Console Port connection

5
Serial Port

6
Management port – AUX port connection

FYI Only! This is for connecting using a modem. Urrrg!

7
Connecting console interfaces

When connected using the console interface, the computer is acting

as a dumb terminal .

<Router Output>

8
Terminal Emulators
•  HyperTerminal: Comes with Windows
•  Teraterm: Free download (recommended)
•  Settings:
–  9600 Baud
–  8 Data Bits
–  1 Stop Bit
–  No Parity

9
Using HyperTerminal

Settings

Match
serial port
on PC

10
Teraterm

11
Connecting console interfaces

<Router Output>

12
Booting up the Switch and the
Router
Power-up the router (and switch) – No
configuration
If the routers do not have a saved configuration.
After several lines of information on the screen you should eventually see:

Would you like to enter the initial configuration dialog? [yes/no]: n

•  Always answer n fo no.

•  We will never be using setup mode.
•  If you accidentally press y and enter Setup Mode, press and hold down the control key
and press C (CTRL-C).
•  Wait a few seconds, and then press Enter.

On some routers you may see the following message.

Would you like to terminate autoinstall? [yes/no]: y

<There will be several lines of output>

Router>

14
Power-up the router (and switch) – Has
Configuration
The router has a pre-existing configuration.

If after you power-up the router, instead of getting the previous message, you get:

Router>

•  Someone has saved a configuration on the router (startup-config).

•  Because it is always best to begin our labs without a previous router configuration, you
will need to erase the startup-config and reboot the router.

Router> enable
If you are prompted for a password type: class or if that does not work, type cisco

Router# erase startup-config

Turn off the router and then turn it back on.

15
User Mode and Privilege Mode,
Getting Help, and Abbreviated
Commands
User Mode (Router and Switch)
Router>
Switch>

•  User mode will allow you to view the state of the router, but
will not allow you to modify its configuration.
•  Don t confuse user mode with users of the network.
•  This is only for network techs, operators, engineers, etc.

17
Privilege Mode (Router and Switch)
Router> enable <user mode>
Router# <privilege mode>

Router# disable <privilege mode>

Router> enable <user mode>

Router# <privilege mode>

•  Allows the administrator to modify the router configuration

18
Getting Help (Router and Switch)
Router> ?
Exec commands:
access-enable Create a temporary Access-List
entry
access-profile Apply user-profile to interface
clear Reset functions
<text omitted>
ping Send echo messages
ppp Start IETF Point-to-Point Protocol
(PPP)
--More--

•  Press the Space Bar to scroll a screen s worth of more commands.

•  Press the Enter or Return key to scroll down just one line of the list.
•  Press any other key to halt the list output.

19
Getting Help (Router and Switch)
Router> show ?
alps Alps information
backup Backup status
c2600 Show c2600 information
call Show call
cca CCA information
ccm-manager Call Manager Application information
cdapi CDAPI information
cef Cisco Express Forwarding
class-map Show QoS Class Map
clock Display the system clock
<text omitted>
--More—
Router> show

•  Starts you off where you finished.

20
Getting Help (Router and Switch)
Router> show interfaces ?
Async Async interface
BRI ISDN Basic Rate
Interface
BVI Bridge-Group Virtual
Interface
<text omitted>
Router> show interfaces

•  Starts you off where you finished.

21
Abbreviated commands (Router and Switch)

Router# sh inter

Same as

Router# show interfaces

• 

22
Global Configuration Mode
and Passwords
Using exit, end and Control-Z

end

exit

24
Router>ena
Router#configure terminal <Must be in privileged mode>
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#?
Configure commands:
access-list Add an access list entry
<text omitted>

Router(config)#exit
00:03:20: %SYS-5-CONFIG_I: Configured from console by con

Router#config t
Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#exit
00:03:34: %SYS-5-CONFIG_I: Configured from console by console
Router#

25
Hostname
Router#config t
Router(config)#hostname R1
R1(config)#

•  Changes the name, the prompt on the router.

•  Very important to do early on so you don t get confused
about which router you are configuring.

26
Passwords

•  There are only two passwords we will use in our classes,

they are cisco and class. (both lowercase).
•  Of course this is something you would not do in a
production network, but so we do not have to do password
recovery on equipment and to make it easier for everyone,
we will use only these two passwords.
•  Console = cisco
•  VTY = cisco
•  Priviledge = class

27
Console password = cisco
Router#conf t
R1(config)#line console 0
R1(config-line)#password cisco
R1(config-line)#login
R1(config-line)#exit
R1(config)#

•  The console password requires someone to enter a

password before accessing the router using the console
port.

28
VTY password = cisco
R1(config)#line vty 0 4
R1(config-line)#password cisco
R1(config-line)#login
R1(config-line)#exit
R1(config)#

•  The vty password requires someone to enter a password

before accessing the router remotely using telnet.

29
Privilege password = class
R1(config)#enable secret class
R1(config)#end

Test it:

R1#disable
R1>enable
Password:class
R1#

•  The privilege mode password requires someone to enter a

password when entering privilege mode with the enable
command.

30
Configuring router passwords

Not recommended, clear text

Encrypts the passwords

above, but…

Use this command instead, password is encryped

Router(config)#enable secret <password>

31
service password-encryption command

WARNING
•  service password-encryption uses a Cisco Level 7
encryption which is very easy to decrypt.
•  For the GetPass! software www.boson.com
•  However, the enable secret <password> uses a stronger
encryption method and cannot be easily hacked.

32
enable secret <password> command

Doesn t work for enable secret!

•  More later!

33
Viewing, Saving and Erasing the
Configurations
Router#show running-config
Current configuration : 542 bytes
!
running-config
version 12.2 •  The running-config file is
! the configuration in RAM
interface FastEthernet0/0 memory.
no ip address •  All changes are made to
shutdown the running-config file.
duplex auto •  This is the configuration
speed auto that the router is
! currently using.
interface Serial0/0
no ip address
•  The running-config is
lost when the router
shutdown
loses power or reloads.
!
line con 0 •  Privilege mode
line aux 0 command.
line vty 0 4
!
end
Router#
35

Router#show startup-config
startup-config is not present
Router#
startup-config
•  The startup-config file is
the saved configuration
in NVRAM.
•  If there is a startup-
config file in NVRAM
when the router boots
up, this file will be copied
into running-config.
•  The running-config is
what the router will use.
•  Privilege mode
command.
36
 Copy running-config to startup-config
Router#copy running-config startup-config
Destination filename [startup-config]? <Press Enter>
Building configuration...
[OK]
Router#show startup-config
Current configuration : 542 bytes
!
version 12.2
!
interface FastEthernet0/0
<text omitted>
•  The running-config should be periodically saved to startup-config when
you are satisfied with your changes and you do not want to lose them.
(Lab)
•  Production network, startup-config should always match running-config
in case of power failure, etc.
•  Privilege mode command.
37
Erase startup-config
Router#erase startup-config
Erasing the nvram filesystem will remove all files!
Continue? [confirm] <Press Enter>
[OK]
Erase of nvram: complete
Router#

•  When you are done with the routers in the lab, please be
sure to erase the startup-config.
•  If you are starting a lab, and you do not get the message:
Would you like to enter the initial configuration dialog?
[yes/no]:
•  You will need to erase the startup-config and reboot.
•  Privilege mode command.
38
copy running-config startup-config

Router# copy running-config startup-config

Or
Router# copy running startup
OR
Router# copy run start
OR
Any usage of the command or parameters, so that they are still uniquely
recognizable.

39
copy running-config startup-config
WARNING
•  Using an incorrect configuration file name could overwrite the router s IOS in
flash, as the router believes you are trying to copy a blank file into flash.

Router#copy running-config start-up Incorrect file name!

**** NOTICE ****
Flash load helper v1.0
This process will accept the copy options and then terminate
the current system image to use the ROM based image for the copy.
Routing functionality will not be available during that time.
If you are logged in via telnet, this connection will terminate.
Users with console access can see the results of the copy
operation.
---- ******** ----
Proceed? [confirm]^C Press <control> C
%Copy cancelled by user request.
Router#

40
Executing adds, moves, and changes

running-config startup-config IOS Bootup program

IOS (running) ios (partial)

41
copy running-config startup-config

During bootup

running-config
RAM

startup-config
Router# copy running-config startup-config

•  Changes to the router are automatically put in the running-config file.

•  If the router loses power or reboots, everything in RAM is lost including the running-
config file.
•  To make sure the changes to the router s configuration remain saved, you must copy
the running-config from RAM into the startup-config into NVRAM:

Router# copy running-config startup-config

42
reload

Router#erase startup-config

43
Managing Console Input

Router(config)#line console 0
Router(config-line)#logging synchronous
Router(config-line)#exec-timeout 0 0
Router(config-line)#exit

Router(config)#no ip domain-lookup

44
The Router
Router internal components

•  CPU •  Buses
•  RAM •  ROM
•  Flash •  Interfaces
•  NVRAM •  Power Supply
46
Router physical characteristics

47
Router external connections

48
Connecting LAN
interfaces

49
Cisco 2500 Series (older routers)

50
Connecting WAN interfaces

51
Connecting WAN interfaces

52
Connecting WAN interfaces

53
NetLab

•  Next Week

54
Interfaces
Interfaces
Router#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES unset administratively down down
Serial0/0 unassigned YES unset administratively down down
BRI0/0 unassigned YES unset administratively down down
BRI0/0:1 unassigned YES unset administratively down down
BRI0/0:2 unassigned YES unset administratively down down
Serial0/1 unassigned YES unset administratively down down
Router#

•  Quick look at interfaces.

56
Configuring an Ethernet interface
Router#conf t
Enter configuration commands, one per line. End with
CNTL/Z.
Router(config)#inter fastethernet 0/0
Router(config-if)#ip add 172.30.1.1 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#end
Router#

•  Your interfaces may differ!

•  Adding an IP address and subnet mask
•  no shutdown – turns on the interface.

57
Configuring a serial interface
R1(config)#inter serial 0/0
R1(config-if)#ip address 192.168.1.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit

•  Your interfaces may differ!

•  Adding an IP address and subnet mask
•  no shutdown – turns on the interface

58
 A brief look at some other
commands we will discuss later
 Examining the show commands
•  show interfaces – Displays all the statistics for all the interfaces on the router. To
view the statistics for a specific interface, enter the show interfaces command
followed by the specific interface and port number.
•  show controllers serial – Displays information-specific to the interface
hardware
•  show clock – Shows the time set in the router
•  show hosts – Displays a cached list of host names and addresses
•  show users – Displays all users who are connected to the router
•  show history – Displays a history of commands that have been entered
•  show flash – Displays information about flash memory and what IOS files are
stored there
•  show version – Displays information about the router and the IOS that is running
in RAM
•  show ARP – Displays the ARP table of the router
•  show protocol – Displays the global and interface specific status of any
configured Layer 3 protocols
•  show startup-configuration – Displays the saved configuration located in
NVRAM
•  show running-configuration – Displays the configuration currently running in
RAM
60
show interfaces <interface> command
Router>show interface ethernet 0 Status MAC Address
Ethernet0 is administratively down, line protocol is down , using hub 0
Hardware is Lance, address is 0010.7b3a.cf84 (bia 0010.7b3a.cf84)
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 255/255, load 1/255
Encapsulation ARPA, loopback not set, keepalive set (10 sec) Routing
ARP link
Data type: ARPA, ARP Timeout 04:00:00 ARP cache entries timer metric
encapsulation
Last input never, output 01:05:35, output hang never information
(Ethernet-II)
Last clearing of "show interface" counters never (later)
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 input packets with dribble condition detected
63 packets output, 11676 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
Router>

61
Where is the MAC Address?
Router>show interface serial 0
Serial0 is administratively down, line protocol is down
Hardware is HD64570
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255
Encapsulation HDLC, loopback not set, keepalive set (10 sec)
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
28 packets output, 9576 bytes, 0 underruns
0 output errors, 0 collisions, 17 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
DCD=down DSR=down DTR=down RTS=down CTS=down
Router>
62
Configuring a serial interface
Lab

Real world

•  On serial links that are directly interconnected, as in a lab environment,

one side must be considered a DCE and provide a clocking signal.
•  The clock is enabled and speed is specified with the clock rate
command.

Router(config)#interface serial 0/0

Router(config-if)#clock rate 56000
Router(config-if)#no shutdown
63
Configuring a serial interface
RouterA RouterB
DTE cable DCE cable
RouterB(config)#inter serial 1
RouterB(config-if)#clock rate ?
Speed (bits per second)
1200
2400
4800
9600
19200
38400
56000
64000
<text omitted>
2000000
4000000

<300-4000000> Choose clockrate from list above

RouterB(config-if)#clock rate 64000

RouterB(config-if)#
64
Configuring a serial interface

DTE Cable DCE Cable

How can you tell which end is the DTE and which end is the DCE?
  Look at the label on the cable.
  Look at the connecter between the two cables - The DTE cable will
always be male and the DCE cable will always be female.
65
Configuring a serial interface
RouterA RouterB
DTE cable DCE cable
RouterA#show controllers serial 0
HD unit 0, idb = 0xECA4C, driver structure at 0xF1EC8
buffer size 1524 HD unit 0, V.35 DTE cable
cpb = 0x62, eda = 0x403C, cda = 0x4050
RX ring with 16 entries at 0x624000
00 bd_ptr=0x4000 pak=0x0F5704 ds=0x62FFB8 status=80 pak_size=22

This is one of few commands where there must be a space between the interface type and the port.

RouterB#show controllers serial 0

buffer size 1524 HD unit 0, V.35 DCE cable, clockrate 64000
cpb = 0x62, eda = 0x408C, cda = 0x40A0
RX ring with 16 entries at 0x624000
00 bd_ptr=0x4000 pak=0x0F2F04 ds=0x627908 status=80 pak_size=22

How can you tell which end is the DTE and which end is the DCE?
  Use the show controllers command!
  It will also tell you the type of cable, in our labs we will be using a V.35
cable.
66
Switch Configuration
Physical startup of the Catalyst switch

•  Switches are dedicated, specialized computers;

–  Central Processing Unit (CPU)
–  Random Access Memory (RAM)
–  Operating System
•  A switch can be managed by connecting to the console port to view
and make changes to the configuration.
•  Lower model switches typically have no power switch to turn them on
and off.
•  They simply connect or disconnect from a power source.
68
Switch LED indicators

•  We will examine LED indicators.

•  Note: Many of these are switch specific, although green is usually
good.
•  LED indicators are only quick view of the status of the switch.
•  For a more detailed view, use IOS commands.
69
 Switch LED indicators - 2950
•  The front panel of a switch has several lights to
help monitor system activity and performance.
•  These lights are called light-emitting diodes
(LEDs).
•  The front of the switch has the following LEDs:
–  System LED
•  Whether the system is receiving power
and functioning correctly.
–  Remote Power Supply (RPS) LED
•  Whether or not the remote power supply
is in use
–  Port Mode LED
•  Indicates the current state of the Mode
button.
•  The modes are used to determine how
the Port Status LEDs are interpreted.
–  Port Status LEDs
•  Has different meanings, depending on
the current value of the Mode LED.
70
Switch LED indicators: Port Status LED

71
Port LEDs during switch POST – System
LED

•  Once the power cable is connected, the

switch initiates a series of tests called the
power-on self test (POST).
•  If the System LED is green, then POST
was successful.
•  If the System LED is amber, then POST
failed. POST failure is considered to be a
fatal error.

72
 Port LEDs during switch POST – Port
Status LED

•  The Port Status LEDs also change during switch POST.

•  The Port Status LEDs turn amber for about 30 seconds as the switch
discovers the network topology and searches for loops.
•  If the Port Status LEDs turn green, the switch has established a link
between the port and a target, such as a computer.
•  If the Port Status LEDs turn off, the switch has determined that nothing
is plugged into the port.
73
Viewing initial bootup output from the
switch

•  The switch may be configured manually with or without the assistance

of the System Configuration dialog.
•  The System Configuration dialog on the switch is simpler than that on a
router.
74
Examining help in the switch CLI

•  The command-line interface (CLI) for Cisco switches is

very similar to the CLI for Cisco routers.
75
Show running-config
ALSwitch#show running-config
Building configuration...

Current configuration : 1300 bytes

!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname ALSwitch
!
!
ip subnet-zero
!
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1 76
Set Port Speed and Duplex Settings

•  The Fast Ethernet switch ports default to:

–  auto-speed
–  auto-duplex.
•  This allows the interfaces to negotiate these settings.
•  When a network administrator needs to ensure an interface
has particular speed and duplex values, the values can be
set manually.

•  More later…

77
HTTP Service and Port

•  A web browser can access this service using the IP

address and port 80, the default port for http.
•  The HTTP service can be turned on or off, and the port
address for the service can be chosen.
78
The GUI Interface

79
Managing the MAC address table

•  Switches learn the MAC addresses of PCs or workstations that are

connected to their switch ports by examining the source address of
frames that are received on that port.
•  Machines may have been removed from a port, turned off, or moved to
another port on the same switch or a different switch.
•  This could cause confusion in frame forwarding.
•  The MAC address entry is automatically discarded or aged out after
300 seconds. 80
Managing the MAC address table

•  Rather than wait for a dynamic entry to age out, the

administrator has the option to use the privileged EXEC
command clear mac-address-table.

81