BUY THIS BOOK

Safari Books Online

What is this?

Looking to Reprint this content?

Envelope Tell a friend

CISCO IOS in a Nutshell
CISCO IOS in a Nutshell

By James Boney

Cover | Table of Contents | Colophon

Table of Contents

Chapter 1: Getting Started
Content preview·Buy reprint rights for this chapter
The modern world is networked in a way that could barely be imagined a few decades ago. Today, the Internet reaches into virtually every business and almost every home. Our children and even our grandparents speak of dot-coms, email, and web sites. The Internet is now part of our culture.
Routers are the glue that holds the Internet together. And Cisco is the most prominent router manufacturer, holding the largest share of the market. Their routers come in all sizes, from inexpensive units for homes and small offices to equipment costing well over $100,000 and capable of routing at gigabit speeds. One of the most impressive facts about their product line is its unified operating system. Almost all of their routers, as well as half of their switches—from the smallest to the largest—run the Internetwork Operating System (IOS). Therefore, they share the same command set, the same user interface, and the same configuration techniques. While an 800-series home router doesn't have the features or the capacity of a 7500-series router that might be used to connect an ISP to an Internet backbone, you configure them the same way. Both routers use access lists, have similar security mechanisms, support the same set of protocols in the same way, and so on. A home router probably wouldn't have a Frame Relay interface, but if it did, it would be configured just like a Frame Relay interface on a mid-sized corporate router.
IOS is an extremely powerful and complex operating system with an equally complex configuration language. There are many commands, with many options, and if you get something wrong you can easily take your company offline. That's why I've decided to provide a quick-reference guide to IOS. As large a book as this is, though, it's impossible to cover all of IOS. Therefore, I've limited the discussion to IOS configuration for the TCP/IP protocol family. I've included all the commands that you need to work with TCP/IP and the lower-level protocols on which it relies. The trade-off is that I've made no attempt to cover other protocols that IOS supports, and there are many: IPX, AppleTalk, SNA, DecNet, and virtually any other protocol suite that is now or ever has been in widespread use.
Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!
Introduction
Content preview·Buy reprint rights for this chapter
The modern world is networked in a way that could barely be imagined a few decades ago. Today, the Internet reaches into virtually every business and almost every home. Our children and even our grandparents speak of dot-coms, email, and web sites. The Internet is now part of our culture.
Routers are the glue that holds the Internet together. And Cisco is the most prominent router manufacturer, holding the largest share of the market. Their routers come in all sizes, from inexpensive units for homes and small offices to equipment costing well over $100,000 and capable of routing at gigabit speeds. One of the most impressive facts about their product line is its unified operating system. Almost all of their routers, as well as half of their switches—from the smallest to the largest—run the Internetwork Operating System (IOS). Therefore, they share the same command set, the same user interface, and the same configuration techniques. While an 800-series home router doesn't have the features or the capacity of a 7500-series router that might be used to connect an ISP to an Internet backbone, you configure them the same way. Both routers use access lists, have similar security mechanisms, support the same set of protocols in the same way, and so on. A home router probably wouldn't have a Frame Relay interface, but if it did, it would be configured just like a Frame Relay interface on a mid-sized corporate router.
IOS is an extremely powerful and complex operating system with an equally complex configuration language. There are many commands, with many options, and if you get something wrong you can easily take your company offline. That's why I've decided to provide a quick-reference guide to IOS. As large a book as this is, though, it's impossible to cover all of IOS. Therefore, I've limited the discussion to IOS configuration for the TCP/IP protocol family. I've included all the commands that you need to work with TCP/IP and the lower-level protocols on which it relies. The trade-off is that I've made no attempt to cover other protocols that IOS supports, and there are many: IPX, AppleTalk, SNA, DecNet, and virtually any other protocol suite that is now or ever has been in widespread use.
Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!
IOS User Modes
Content preview·Buy reprint rights for this chapter
There are two primary modes of operation within the IOS: user mode and privileged mode. When you first connect to the router, you are placed in the user mode. The Cisco documentation refers to this as the user exec mode; I am going to omit "exec" throughout this book. The user mode is indicated by the prompt: 
Router>
The word "Router" is replaced with your router's hostname if the hostname is already configured.
The show commands in user mode are limited to a few basic levels. You cannot edit or view configurations at this stage; you can only view the router status and other miscellaneous information. To obtain a basic listing of commands, type a question mark: 
Router>?
Editing the router's configuration requires you to be in the privileged exec mode, which I simply call "privileged mode." Use the enable command to enter this mode: 
Router>enable
Password:
Router#         Privileged mode prompt
You can always tell whether you are in user mode or privileged mode by looking at the prompt. The user mode prompt has a > at the end; the privileged mode prompt always has a # at the end, regardless of the submode.
If you are familiar with Unix, you can equate privileged mode to "root" access. You could also equate it to the administrator level in NT or the supervisor in NetWare. In this mode, you have permission to access everything inside the router, including configuration commands. However, you can't type configuration commands directly. Before you can change the router's actual configuration, you must enter a submode of the privileged mode by giving the command configure terminal (see Section 1.3 for a shortcut). This command can be entered only when you are in the privileged mode. 
Router#configure terminal
            Enter configuration commands, one per line. End with Ctrl-Z
Router(config)#        Configuration mode
To exit from configuration mode, you can use the command
Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!
Command-Line Completion
Content preview·Buy reprint rights for this chapter
Command-line completion makes the IOS interface much more user-friendly. It saves you extra typing and helps out when you cannot remember a command's syntax. In a previous example, we used the command configure terminal: 
Router#configure terminal
But you could have saved wear and tear on your hands by typing:
Router#conf t
IOS expands the command conf t to configure terminal. Another shortcut is to press Tab after typing "conf"; the router will fill in the best completion, which is "configure". Here is another example: 
Router#show running-config
This long command can be shortened to:
Router#sh ru
The router knows that "show" is what you wanted because show is the only command that begins with "sh"; likewise, the only subcommand of show that begins with "ru" is running-config.
If the router does not understand a command, it repeats the entire command line and places a caret (^) under the point at which it ran into trouble. For example: 
Router>show itnerface e0
>show itnerface e0
       ^
% Invalid input detected at '^' marker.
The caret symbol is pointing to the "t" in "itnerface", which is the command the router does not understand. We can quickly fix that by retyping the command: 
Router>show interface e0
We now get the correct output! Since we also know how to use shortcuts, we can type: 
Router>sh int e0
With this command we get the same result as its lengthy counterpart. Command-line completion saves a lot of typing, and it helps you keep your sanity when you're working with long commands.
Another form of command-line completion is the use of the Tab key. If you start a command by entering the first few characters, you can hit the Tab key. As long as there is only one match, the router will complete the command: for example, if you type "sh" and hit Tab, the router completes the "sh" with "show". If the router does not complete the command, you can enter a few more letters and try again.
Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!
Get to Know the Question Mark
Content preview·Buy reprint rights for this chapter
Previously, I said that you can get the available commands by typing ? at the prompt. You can also use this trick to find the subcommands of any command. For example, if you know you want to use the copy command but cannot remember which subcommand you need, type: 
Router#copy ?
  WORD            Copy from flash device - format <dev:>[partition:][filename]
  flash           Copy from system flash
  flh-log         Copy FLH log file to server
  mop             Copy from a MOP server
  rcp             Copy from an rcp server
  running-config  Copy from current system configuration
  startup-config  Copy from startup configuration
  tftp            Copy from a TFTP server
Another use of the question mark is to find all commands that match what you have typed so far. For example, if you know the first part of a command, type it and then type a question mark. The router will return a list of all the matching commands. In the following example, we remember that the configure command begins with "co", but that's it. The router gives us the matching commands: 
Router#co?        
configure  connect  copy
Note the important difference between these two examples. In the first example, there was a space before the question mark, which gave us the next command that complements copy. Had there not been a space, the router would have tried to complete the word "copy" for us, not given us the next available commands. In the next example, we did not add the space, so the router tried to complete "co" with all the commands it could find that start with "co".
Another important rule to understand is that the router will return only commands that are relevant to the mode you are currently in. For example, if you are in user mode, you will be given only commands that apply to that mode.
Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!
Command-Line Editing Keys
Content preview·Buy reprint rights for this chapter
IOS provides a number of keyboard shortcuts that let you edit the line you're typing. They should be familiar to any user of Unix or Emacs. Table 1-1 lists the command-line editing keys.
Table 1-1: Command-line editing keys
Keys
Commands
Ctrl-a
Returns the cursor to the beginning of the current line.
Ctrl-b
Moves the cursor back one character. (Equivalent to the left arrow key.)
Ctrl-d
Deletes the character to the left of the cursor.
Ctrl-e
Moves the cursor to the end of the line.
Ctrl-f
Moves the cursor forward one character. (Equivalent to the right arrow key.)
Ctrl-k
Deletes all the characters from the current cursor position to the end of the line.
Ctrl-n
Goes to the next command in the session history. (Equivalent to the down arrow key.)
Ctrl-p
Goes to the previous command in the session history. (Equivalent to the up arrow key.)
Ctrl-t
Switches the current character with the character to the left of the cursor.
Ctrl-r
Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!
Pausing Output
Content preview·Buy reprint rights for this chapter
Using the terminal command, you can set an important feature of the user interface: the pausing of lengthy output. For example, if you run a command that has more than one page of output, the router will pause after 24 lines with a "—More—" prompt. The value 24 is the default terminal length. Depending on the size of your terminal window, this might not be adequate. You can change the length and width using the terminal command, like this: 
Router>terminal length 10
Router>terminal width 80
These commands set the terminal length to 10 and the width to 80, which means the router will pause after 10 lines of output and that each of these lines will be 80 characters long. You can disable the pausing altogether by setting the terminal length to 0: 
Router>terminal length 0
Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!
show Commands
Content preview·Buy reprint rights for this chapter
As you work with IOS, you'll become intimately familiar with the show commands. They are among the most useful commands you will ever use; they allow you to view just about any settings within the router. Issuing the command show ? produces output like this: 
Router>show ?
  clock     Display the system clock
  history   Display the session command history
  hosts     IP domain-name, lookup style, nameservers, and host table
  sessions  Information about Telnet connections
  snmp      snmp statistics
  terminal  Display terminal configuration parameters
  users     Display information about terminal lines
  version   System hardware and software status
The show command has many different subcommands. However, notice that we are in user mode. In privileged mode, the show command has a lot more subcommands, which would take up a few pages if we listed them here. The important thing to remember is that show commands often have more than one keyword. For example, the command show ip route works by itself, but there are also many other options that can be applied to it. For example: 
router#show ip route ?
  Hostname or A.B.C.D  Network to display information about or hostname
  bgp                  Border Gateway Protocol (BGP)
  connected            Connected
  egp                  Exterior Gateway Protocol (EGP)
  eigrp                Enhanced Interior Gateway Routing Protocol (EIGRP)
  igrp                 Interior Gateway Routing Protocol (IGRP)
  isis                 ISO IS-IS
  odr                  On Demand stub Routes
  ospf                 Open Shortest Path First (OSPF)
  rip                  Routing Information Protocol (RIP)
  static               Static routes
  summary              Summary of all routes
  supernets-only       Show supernet entries only
  <cr>
I certainly haven't explained routing enough for you to understand the output of this command. However, you can see how to find show keywords with the question mark. The
Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!
Chapter 2: IOS Images and Configuration Files
Content preview·Buy reprint rights for this chapter
Eventually you will want to upgrade your router's software. Upgrading IOS involves transferring a new IOS image to your router from some kind of server. As we'll see in this chapter, there are several methods for uploading a new IOS image: the most common is to use a TFTP (Trivial File Transfer Protocol) server or an RCP (Remote Copy Protocol) server somewhere on your network. Before we discuss how to transfer a new image, let's define exactly what is meant by an "image file" and how it differs from a configuration file.
IOS image files contain the system code that your router uses to function; that is, the image contains the IOS itself, plus various feature sets (optional features or router-specific features). However, the features are not configured in any way. The router's actual configuration—which features are enabled and how they are used in your particular network environment—is stored in a configuration file written in IOS's configuration language. The commands in this file describe everything from the router's name and the IP address of each interface to the protocols that you're using, address translation, security, and more. The router is useless without a concrete configuration—just like an operating system kernel is useless without the configuration files (for example, the Windows registry, or the files in /etc on a Unix system) that tell the kernel how you want it to operate in a particular situation.
IOS is the software that resides inside the Cisco device. You can think of IOS as the kernel or the actual operating code within your router. The IOS image has a name, which specifies the platform for which the image was built, the features it includes, and where the image is located in memory. To see the name of the image your router is running, give the command show version : 
Router>show version
Cisco Internetwork Operating System Software IOS (tm)
 3600 Software (C3640-JS-M), Version 12.0(5)T1,  RELEASE SOFTWARE (fc1)
Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!
IOS Images
Content preview·Buy reprint rights for this chapter
Eventually you will want to upgrade your router's software. Upgrading IOS involves transferring a new IOS image to your router from some kind of server. As we'll see in this chapter, there are several methods for uploading a new IOS image: the most common is to use a TFTP (Trivial File Transfer Protocol) server or an RCP (Remote Copy Protocol) server somewhere on your network. Before we discuss how to transfer a new image, let's define exactly what is meant by an "image file" and how it differs from a configuration file.
IOS image files contain the system code that your router uses to function; that is, the image contains the IOS itself, plus various feature sets (optional features or router-specific features). However, the features are not configured in any way. The router's actual configuration—which features are enabled and how they are used in your particular network environment—is stored in a configuration file written in IOS's configuration language. The commands in this file describe everything from the router's name and the IP address of each interface to the protocols that you're using, address translation, security, and more. The router is useless without a concrete configuration—just like an operating system kernel is useless without the configuration files (for example, the Windows registry, or the files in /etc on a Unix system) that tell the kernel how you want it to operate in a particular situation.
IOS is the software that resides inside the Cisco device. You can think of IOS as the kernel or the actual operating code within your router. The IOS image has a name, which specifies the platform for which the image was built, the features it includes, and where the image is located in memory. To see the name of the image your router is running, give the command show version : 
Router>show version
Cisco Internetwork Operating System Software IOS (tm)
 3600 Software (C3640-JS-M), Version 12.0(5)T1,  RELEASE SOFTWARE (fc1)
Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!
Using the IOS Filesystem for Images
Content preview·Buy reprint rights for this chapter
The upgrade procedure described in the previous sections is for a Class B IOS filesystem. Class B filesystems are probably the most common, but they aren't universal—particularly on high-end routers. There are also Class A and Class C filesystems; the filesystem you have depends on the router you're using. Table 2-4 shows which filesystem is used in a number of different routers.
Table 2-4: Flash filesystem types
Filesystem type
Router
Class A
7000 series, C12000, and LightStream 1010
Class B
1003, 1004, 1005, 2500, 3600, 4000, AS5200, 800
Class C
3810
As far as a user is concerned, the filesystems differ primarily in the commands that they support. Table 2-5 lists the filesystem commands and what they do.
Table 2-5: Filesystem commands
Command
Filesystem
Description
cd
All
Changes the working directory.
delete
All
Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!
The Router's Configuration
Content preview·Buy reprint rights for this chapter
Every router has two different configurations to consider:
Running configuration
The router's active configuration, which is stored in the router's RAM. Every configuration command you give is stored in the running configuration. If you reboot your router, this configuration will be lost. If you make changes that you want to save, you must copy the running configuration to a safe location, such as a network server, or save it as the router's startup configuration.
Startup configuration
The configuration that is loaded when the router boots. This configuration is stored in the router's nonvolatile memory (NVRAM). You cannot edit a startup configuration directly. All commands you enter are stored in the running configuration, which can be copied into the startup configuration.
In other words, when you boot a router, the startup configuration becomes the initial running configuration. As you modify the configuration, the two diverge: the startup configuration remains the same, while the running configuration reflects the changes you have made. If you want to make your changes permanent, you must copy the running configuration to the startup configuration.
The following command copies the router's current running configuration into the startup configuration: 
Router#copy running-config startup-config
Building configuration...
Similarly, to save the running configuration on a network server using TFTP, you would give the command: 
Router#copy running-config tftp
You'll be prompted for additional information, such as the remote host and the name for the saved file.
The terms "running configuration" and "startup configuration" were added in recent versions of IOS. In earlier versions, you used the command write
Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!
Loading Configuration Files
Content preview·Buy reprint rights for this chapter
Loading and saving configuration files is much simpler than loading a kernel image. This section summarizes the commands that load and save the configuration.
Once loaded, the running configuration will immediately be used by the router. Use these commands to load it using either TFTP or RCP: 
Router#copy tftp running-config        
               (for TFTP)
Router#copy rcp running-config         
               (for RCP)
The startup configuration is not used until the router is rebooted. Loading the startup configuration can be dangerous, because the router doesn't parse the configuration file and won't give you any warning if the file has errors. The configuration is not parsed until the router is rebooted—and if the configuration is incorrect, the router may not boot properly. Therefore, use the following commands with care: 
Router#copy tftp startup-config         
               (for TFTP)
Router#copy rcp startup-config          
               (for RCP)
The following command is the most important of all. If you don't save your running configuration, all your configuration changes will be lost during the next reboot of the device. Once you are satisfied that your current router configuration is correct, copy your configuration to the startup configuration with this command: 
Router#copy running-config startup-config
The following commands display the startup or the running configuration: 
Router#show startup-config
Router#show running-config
The following command deletes the startup configuration:
Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!
Chapter 3: Basic Router Configuration
Content preview·Buy reprint rights for this chapter
Managing a handful of routers quickly becomes a large task, and managing thousands of routers is even worse. You can minimize your administrative burden by configuring your routers carefully, completely, and consistently. I strongly recommend that you use every helpful item possible—even if the configuration item is not required. Every moment spent doing configuration groundwork translates into many hours saved when you are troubleshooting or performing maintenance tasks. When you try to solve a network problem at 2 A.M., the importance of properly configured routers becomes painfully clear.
This chapter covers most of the configuration items that make routers more manageable and easier to tame.
The examples in this book use "Router" as the router's name. That's fine for examples, but a bad idea in real life. Eventually, a router should be given a name. To set the router name to "Sphinx", use the hostname command: 
Router(config)#hostname Sphinx
Sphinx(config)#
The router instantly responds by updating the prompt to reflect the new router name. The name can be up to 254 characters long, but don't use a name so long that you can't type it comfortably.
It's a good practice to follow a naming convention for your routers. With a logical, consistent naming scheme, it's easy to remember a router's name, or guess the name if you've forgotten it. For example, let's say that your router names all start with "rtr", followed by the city initials, followed by a number. Then, late one night when you're staring at a blank terminal screen trying to remember the name of the backbone router in New York, you can type rtr-ny-01 and be reasonably confident that you've guessed correctly.
Don't use underscores ( _ ) in router names. They are hard to type, often lead to confusion, and aren't legal in Domain Name System (DNS) names. Use a hyphen (-) instead. Similarly, avoid mixing upper- and lowercase. Instead of "routerOneNewYork", use "router-one-newyork". The router won't care, but your users will!
Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!
Configuration Soapbox
Content preview·Buy reprint rights for this chapter
Managing a handful of routers quickly becomes a large task, and managing thousands of routers is even worse. You can minimize your administrative burden by configuring your routers carefully, completely, and consistently. I strongly recommend that you use every helpful item possible—even if the configuration item is not required. Every moment spent doing configuration groundwork translates into many hours saved when you are troubleshooting or performing maintenance tasks. When you try to solve a network problem at 2 A.M., the importance of properly configured routers becomes painfully clear.
This chapter covers most of the configuration items that make routers more manageable and easier to tame.
Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!
Setting the Router Name
Content preview·Buy reprint rights for this chapter
The examples in this book use "Router" as the router's name. That's fine for examples, but a bad idea in real life. Eventually, a router should be given a name. To set the router name to "Sphinx", use the hostname command: 
Router(config)#hostname Sphinx
Sphinx(config)#
The router instantly responds by updating the prompt to reflect the new router name. The name can be up to 254 characters long, but don't use a name so long that you can't type it comfortably.
It's a good practice to follow a naming convention for your routers. With a logical, consistent naming scheme, it's easy to remember a router's name, or guess the name if you've forgotten it. For example, let's say that your router names all start with "rtr", followed by the city initials, followed by a number. Then, late one night when you're staring at a blank terminal screen trying to remember the name of the backbone router in New York, you can type rtr-ny-01 and be reasonably confident that you've guessed correctly.
Don't use underscores ( _ ) in router names. They are hard to type, often lead to confusion, and aren't legal in Domain Name System (DNS) names. Use a hyphen (-) instead. Similarly, avoid mixing upper- and lowercase. Instead of "routerOneNewYork", use "router-one-newyork". The router won't care, but your users will!
Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!
Setting the System Prompt
Content preview·Buy reprint rights for this chapter
By default, the router uses its hostname as the prompt; the hostname is "Router" if you haven't defined it explicitly. It's often a good idea to put other useful information in the prompt by using the prompt command. For example: 
Sphinx(config)#prompt %h:%n%p
Sphinx(config)#exit
Sphinx:5#
We've used three escape sequences to set the prompt to the hostname (%h), followed by the command number (%n), followed by the appropriate prompt character for the current command mode (%p). The escape sequences for the prompt command are listed in Table 3-1.
Table 3-1: Prompt variables
Escape sequence
Meaning
%%
Percent character
%h
Hostname of the router
%n
TTY number for this EXEC session
%p
Prompt character: either > for user level or # for privileged level
%s
Space character
%t
Tab character
The no prompt command returns the router to the default prompt.
Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!
Configuration Comments
Content preview·Buy reprint rights for this chapter
It's a good idea to keep your routers' configuration files on a server somewhere. Then you can modify the configuration files using a convenient text editor and upload the files to your routers as necessary. One advantage to this procedure is that you can include comments within your configuration files. A comment is any line beginning with an exclamation point. For example: 
!
! This is a comment.
!
You can also type comments when you are configuring the router from the command line, but comments are never saved as part of the router's configuration. Therefore, when you try to view or save the router's configuration, the comments will be gone.
Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!
The Enable Password
Content preview·Buy reprint rights for this chapter
The enable password secures the privileged mode, which is required for all commands that change the router's configuration. Configuring the enable password therefore keeps people with general access to your router from changing the router's configuration. It takes only one person with enough knowledge to be dangerous to take down your whole network, so securing the privileged (enable) mode is always the right thing to do.
To set the password, use the enable password command: 
Router(config)#enable password not2secure
The password is now set to "not2secure". Once the password is set, the router will prompt you for the password before it enters privileged mode.
By default, passwords are stored in clear text, which means that anybody who can find your router configuration file or watch you list the configuration on the console can see the enable password. The command service password-encryption (with no arguments) configures the router to store the password in an encrypted form.
Chapter 13 discusses better ways to manage passwords and authentication.
Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!
Mapping Hostnames to IP Addresses
Content preview·Buy reprint rights for this chapter
Like all network equipment, routers work naturally with numeric IP addresses. However, using IP addresses isn't convenient for humans—including network administrators. It is much more convenient to work with hostnames. Like any other network

Return to CISCO IOS in a Nutshell