IOS Commands: Privileged Mode
IOS Commands: Privileged Mode
Privileged Mode
enable - get to privileged mode
disable - get to user mode
enable password <password_here> - sets privileged mode password
enable secret <password_here> - sets encrypted privileged mode
password
Setting Passwords
enable secret <password_here> - set encrypted password for privileged
access
enable password <password_here> - set password for privileged access
(used when there is no enable secret and when using older software)
Set password for console access:
(config)#line console 0
(config-line)#login
(config-line)#password <password_here>
Set password for virtual terminal (telnet) access (password must be
set to access router through telnet):
(config)#line vty 0 4
(config-line)#login
(config-line)#password <password_here>
Set password for auxiliary (modem) access:
(config)#line aux 0
(config-line)#login
(config-line)#password <password_here>
General Commands
no shutdown - (enables the interface)
reload - restarts the router
sh ver - Cisco IOS version, uptime of router, how the router started,
where system was loaded from, the interfaces the POST found, and the
configuration register
sh clock - shows date and time on router
sh history - shows the history of your commands
sh debug - shows all debugging that is currently enabled
no debug all - turns off all debugging
sh users - shows users connected to router
sh protocols - shows which protocols are configured
banner motd # Your_message # - Set/change banner
hostname <router_name_here> - use to configure the hostname of the
router
clear counters - clear interface counters
Miscellaneous Commands
sh controller t1 - shows status of T1 lines
sh controller serial 1 - use to determine if DCE or DTE device
(config-if)#clock rate 6400 - set clock on DCE (bits per second)
(config-if)#bandwidth 64 - set bandwidth (kilobits)
IP Commands
Configure IP on an interface:
int serial 0
ip address 157.89.1.3 255.255.0.0
int eth 0
ip address 2008.1.1.4 255.255.255.0
Other IP Commands:
sh ip route - view ip routing table
ip route <remote_network> <mask> <default_gateway>
[administrative_distance] - configure a static IP route
ip route 0.0.0.0 0.0.0.0 <gateway_of_last_resort> - sets default
gateway
ip classless - use with static routing to allow packets destined
for unrecognized subnets to use the best possible route
sh arp - view arp cache; shows MAC address of connected routers
ip address 2.2.2.2 255.255.255.0 secondary - configure a 2nd ip
address on an interface
sh ip protocol
IPX Commands
Enable IPX on router:
ipx routing
Configure IPX + IPX-RIP on an int:
int ser 0
ipx network 4A
Other Commands:
sh ipx route - shows IPX routing table
sh ipx int e0 - shows ipx address on int
sh ipx servers - shows SAP table
sh ipx traffic - view traffic statistics
debug ipx routing activity - debugs IPS RIP packets
debug ipx sap - debugs SAP packets
Routing Protocols
Configure RIP:
router rip
network 157.89.0.0
network 208.1.1.0
Other RIP Commands:
debug ip rip - view RIP debugging info
Configure IGRP:
router IGRP 200
network 157.89.0.0
network 208.1.1.0
Other IGRP Commands:
debug ip igrp events - view IGRP debugging info
debug ip igrp transactions - view IGRP debugging info
PPP Configuration
encapsulation ppp
ppp authentication <chap_or_pap_here>
ppp chap hostname <routername_here>
ppp pap sent-username <username_here>
sh int ser 0 - use to view encapsulation on the interface
Frame-Relay Configuration
encapsulation frame-relay ietf - use IETF when setting up a frame-
relay network between a Cisco router and a non-Cisco router
frame-relay lmi-type ansi - LMI types are Cisco, ANSI, Q933A; Cisco
is the default; LMI type is auto-sensed in IOS v11.2 and up
frame-relay map ip 3.3.3.3 100 broadcast - if inverse ARP won't work,
map Other IP to Your DLCI # (local)
keepalive 10 - use to set keepalive
sh int ser 0 - use to show DLCI, LMI, and encapsulation info
sh frame-relay pvc - shows the configured DLCI's; shows PVC traffic
stats
sh frame-relay map - shows route maps
sh frame-relay lmi - shows LMI info
Keyboard Shortcuts
CTRL-P - show previous command
CTRL-N - show next command
SHIFT-CTRL-6 - Break
Show Commands
CATALYST COMMANDS
For Native IOS - Not CatOS
SWITCH ADDRESS:
# Config# ip address 192.168.10.2 255.255.255.0
# Config# ip default-gateway 192.168.10.1
DUPLEX MODE:
# Config# interface Ethernet 0/5 - .fastethernet. for 100 Mbps ports
# Config-if# duplex full - also, half | auto | full-flow-control
SWITCHING MODE:
# Config# switching-mode store-and-forward - also, fragment-free
VLANS:
# Config# vlan 10 name FINANCE
# Config# interface Ethernet 0/3
# Config-if# vlan-membership static 10
TRUNK LINKS:
# Config-if# trunk on - also, off | auto | desirable | nonegotiate
# Config-if# no trunk-vlan 2
-removes vlan 2 from the trunk port
-by default, all vlans are set on a trunk port
CONFIGURING VTP:
# Config# delete vtp - should be done prior to adding to a network
# Config# vtp server - the default is server, also client and
transparent
# Config# vtp domain Camp - name doesn.t matter, just so all switches
use the same
# Config# vtp password 1234 - limited security
# Config# vtp pruning enable - limits vtp broadcasts to only switches
affected
# Config# vtp pruning disable
FLASH UPGRADE:
# Config# copy tftp://192.5.5.5/configname.ios opcode - .opcode. for
ios upgrade, .nvram. for startup config
Notes
Static Routing - manually assigned by the Admin user entering the routes
(Routed Protocols - IP, IPX and AppleTalk)
Dynamic Routing - generated/determined by a Routing Protocol (Routing
Protocols - RIP I, RIP II, IGRP, EIGRP, OSPF, NLSP, RTMP)
Dynamic
1) With Dynamic Routing, routers pass information between each other so
that routing tables are regularly maintained.
2) The routers then determine the correct paths packets should take to reach
their destinations.
3) Information is passed only between routers.
4) A routing domain is called an Autonomous System, as it is a portion of the
Internetwork under common admin authority.
5) Consists of routers that share information over the same protocol. Can be
split into routing areas.
Encapsulation Types
Encapsulation
802.2 sap
802.3 novell-ether
Ethernet arpa (Internet
II Standard)
Snap snap
WAN Devices
Routers - Offer both internetwork and WAN interface controls
ATM Switches - High-speed cell switching between both LANs and WANs
X.25 and Frame-Relay Switches - Connect private data over public circuits
using digital signals
Modems - Connect private data over public telephone circuits using analog
signals
CSU/DSU (Channel Service Units/Data Service Units) - Customer
Premises Equipment (CPE) which is used to terminate a digital circuit at the
customer site
Communication Servers - Dial in/out servers that allow dialing in from
remote locations and attach to the LAN
Multiplexors - Device that allows more than one signal to be sent out
simultaneously over one physical circuit
ISDN
ISDN BRI (Basic Rate Interface) - 2 64K B channels, plus 1 16K D channel
ISDN PRI (Primary Rate Interface) - 23 64K B channels, plus 1 64K D
channel (North America & Japan), 30 64K B channels, plus 1 64K D channel
(Europe & Australia)
Administrativ
IP Route
e Distance
Directly
connecte
0
d
interface
Static
route
using
0
connecte
d
interface
Static
route
1
using IP
address
EIGRP
summary 5
route
External
BGP 20
route
Internal
EIGRP 90
route
IGRP
100
route
OSPF
110
route
IS-IS
115
route
EGP
140
route
External 170
EIGRP
route
Internal
BGP 200
route
Route of
unknown 255
origin
Switching Terminology
Store-and-Forward ? copies entire frame into buffer, checks for CRC errors
before forwarding. Higher latency.
Cut-Through ? reads only the destination address into buffer, and forwards
immediately; Low latency; "wire-speed"
Fragment free ? modified form of cut-through; switch will read into the first 64
bytes before forwarding the frame. Collisions will usually occur within the first
64 bytes. (default for 1900 series).
Access Lists
Wildcard
Access List Filters Additional Notes
Masks
Source IP
or
Destination The key word ANY
IP, or TCP implies any IP value is
Extended Same as
or UDP allowed, the keyword
IP standard
Source or HOST implies the IP
Destination exactly has to match
Ports, or
Protocol
Packets
sent by
Configured
clients and
as a
servers, -1 means any and all
Standard hexadecimal
and SAP network numbers
IPX number
updates ( works like ANY)
instead of
sent by
binary
servers and
routers
Source
Network or
Match
Node, or
multiple
Destination
networks The most practical use
Extended Network or
with one of the protocol type is
IPX Node, or
statement, for NetBIOS
IPX
again in
Protocol, or
hexadecimal
IPX Socket,
or SAP
Troubleshooting Tools:
Ping Results
! success
, timeout
destination
U
unreachable
unknown
?
packet type
TTL
&
exceeded
Traceroute Results
router rec'd,
but didn't
!H forward
because of
access-list
protocol
P
unreachable
network
N
unreachable
port
U
unreachable
, timeout
Miscellaneous Notes
Multiple Loop Problems ? complex topology can cause multiple loops to
occur. Layer 2 has no mechanism to stop the loop. This is the main reason for
Spanning ? Tree Protocol.
HDLC (High-Level Data Link Control) - Link layer protocol for Serial links.
Cisco Default. Supports the following modes: Normal Response Mode? as per
Secondary under SDLC; Asynchronous Response Mode allows secondary to
communicate without permission; Asynchronous Balanced mode combines
the two stations. Has lower overhead than LAPB but less error checking.