7. Initial commands
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Wed 18-Jul-07 06:21 by pt_rel_team
--- System Configuration Dialog ---
Would you like to enter the initial configuration dialog? [yes/no]: no
Router>
Router>?
Exec commands:
<1-99> Session number to resume
connect Open a terminal connection
disable Turn off privileged commands
disconnect Disconnect an existing network connection
enable Turn on privileged commands
exit Exit from the EXEC
logout Exit from the EXEC
ping Send echo messages
resume Resume an active network connection
show Show running system information
ssh Open a secure shell client connection
8. User Mode
Router>show ?
arp Arp table
cdp CDP information
class-map Show QoS Class Map
clock Display the system clock
controllers Interface controllers status
crypto Encryption module
dot11 IEEE 802.11 show information
Router>show p?
policy-map pppoe privilege protocols
Router>show privilege
Current privilege level is 1
9. Enable Mode Commands
Router>enable
Router#
Router#?
Exec commands:
<1-99> Session number to resume
auto Exec level Automation
clear Reset functions
clock Manage the system clock
configure Enter configuration mode
-------Few lines are omitted to conserve space-------
no Disable debugging informations
ping Send echo messages
reload Halt and perform a cold restart
--More--
There are still more commands. Either
press enter or Spacebar. If you press
enter then options will come line by line
and if you press spacebar options will
come page by page. If you press any
other key it will stop showing you any
more options and come back to the main
prompt
10. show running-configuration
Router#show run
Router#show running-config
Building configuration...
Current configuration : 712 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
-------Few lines are omitted to conserve space-------
interface FastEthernet0/0
no ip address
duplex auto
speed auto
shutdown
! -------Few lines are omitted to conserve space-------
ip classless
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
11. Router# show version
Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(15)T1, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Wed 18-Jul-07 06:21 by pt_rel_team
ROM: System Bootstrap, Version 12.1(3r)T2, RELEASE SOFTWARE (fc1)
Copyright (c) 2000 by cisco Systems, Inc.
System returned to ROM by power-on
System image file is "c2800nm-advipservicesk9-mz.124-15.T1.bin"
This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and
use.
cisco 2811 (MPC860) processor (revision 0x200) with 60416K/5120K bytes of memory
4 FastEthernet/IEEE 802.3 interface(s)
239K bytes of NVRAM.
62720K bytes of processor board System flash (Read/Write)
Configuration register is 0x2102
12. Router# show interfaces
FastEthernet0/0 is administratively down, line protocol is down (disabled)
Hardware is Lance, address is 0060.3e76.6701 (bia 0060.3e76.6701)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Full-duplex, 100Mb/s, media type is RJ45
ARP type: ARPA, ARP Timeout 04:00:00,
Last input 00:00:08, output 00:00:05, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0 (size/max/drops); Total output drops: 0
----------Few lines are omitted to save space------------
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 input packets with dribble condition detected
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
Router# show interfaces fastethenet
0/1
13. Few other show commands
Router#show ip interface fastethernet 0/1
FastEthernet0/1 is administratively down, line protocol is down (disabled)
Internet protocol processing disabled
Router#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES unset administratively down down
FastEthernet0/1 unassigned YES unset administratively down down
FastEthernet1/0 unassigned YES unset administratively down down
FastEthernet1/1 unassigned YES unset administratively down down
Vlan1 unassigned YES unset administratively down down
Router#
14. Router#show clock
*0:54:46.281 UTC Mon Mar 1 1993
Router#show history
show privilege
enable
show running-config
Router#show privilege
Current privilege level is 15
R1#
R1#show startup-config
startup-config is not present
15. To view the flash file
Router#show flash
System flash directory:
File Length Name/status
3 50938004 c2800nm-advipservicesk9-mz.124-15.T1.bin
2 28282 sigdef-category.xml
1 227537 sigdef-default.xml
[51193823 bytes used, 12822561 available, 64016384 total]
63488K bytes of processor board System flash (Read/Write)
Alternately use dir flash
17. To assign IP address on a interface
R1(config)#interface fastEthernet 0/0
R1(config-if)#
R1(config-if)#do show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES unset administratively down
down
----------Lines removed to save space--------------------------
R1(config-if)#ip address 192.168.100.1 255.255.255.0
R1(config-if)#do show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.100.1 YES manual administratively down down
---------Lines removed to save space--------------------------
R1(config-if)#no shutdown
R1(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state
to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface
FastEthernet0/0, changed state to up
R1(config-if)#do show ip interface brief
Interface IP-Address OK? Method Status
Protocol
FastEthernet0/0 192.168.100.1 YES manual up
up
---------Lines removed to save space--------------------------
R1(config-if)#
18. Description Command
R1(config)#interface fastEthernet 0/0
R1(config-if)#description "CONNECTED TO INTERNET"
R1(config-if)#exit
R1(config)#
Please verify by looking at the running configuration
R1(config)#do show run
Building configuration...
-----------Lines omitted to save space----------
interface FastEthernet0/0
description "CONNECTED TO INTERNET"
19. To save the configuration
R1#copy running-config ?
flash: Copy to flash file
ftp: Copy to current system configuration
scp: Copy to scp: file system
startup-config Copy to startup configuration
tftp: Copy to current system configuration
R1#copy running-config startup-config
Destination filename [startup-config]? (Press Enter)
Building configuration...
[OK]
R1#show startup-config
startup-config is not present
R1#copy ?
flash: Copy from flash: file system
ftp: Copy from ftp: file system
running-config Copy from current system
configuration
scp: Copy from scp: file system
startup-config Copy from startup configuration
tftp: Copy from tftp: file system
Alternately you can use wr
R1#wr
Building configuration...
[OK]
Verify your configuration using show startup-config again….You
will find an exact copy of your running configuration
21. Common privilege mode commands
show running-config
show startup-config
show version
show history
show interfaces [ int No]
show ip interface brief
copy running-config startup-config / wr
22. Hostname, IP-Address & Default gateway
On a switch the interfaces are Layer2 interfaces. So we have to configure IP address on a virtual
interface ( interface vlan 1).
Switch>
Switch>enable
Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#
Switch(config)#hostname SW1R1
SW1R1(config)#do show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/1 unassigned YES manual up up
FastEthernet0/2 unassigned YES manual up up
---------------------- Lines omitted to save space------------
FastEthernet0/24 unassigned YES manual down down
GigabitEthernet0/1 unassigned YES manual down down
GigabitEthernet0/2 unassigned YES manual down down
Vlan1 unassigned YES manual administratively down down
23. To configure the IP address & gateway on a switch
SW1R1(config)#
SW1R1(config)#interface vlan 1
SW1R1(config-if)#ip address 192.168.100.100 255.255.255.0
SW1R1(config-if)#no shutdown
SW1R1(config-if)#exit
%LINK-5-CHANGED: Interface Vlan1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
SW1R1(config)#ip default-gateway 192.168.100.1
SW1R1(config)#^Z
SW1R1#wr
Building configuration...
[OK]
SW1R1#
25. Task
Please assign Hostname & IP address on all the interfaces of all the routers
Please assign Hostname & IP address on the switches
Please assign IP address, Subnet mask & Default Gateway on the PC’s IP configuration window
Please ping each other within the same network
Please ping to the broadcast address
Try to ping to some device on a different network
Which of the devices are reachable and which are not?
26. To configure IP address on a Desktop, click on the PC
icon and once inside go to desktop tab
Inside the
Desktop tab
,you will find
shortcut for
various
useful
applications.
Click on IP
configuratio
n tab to
assign IP
address to
the device
To ping and to
use other CLI
commands on
windows open
Command
Prompt
If you want to
configure the
cisco device
with the help
of console
cable then click
on terminal
28. Pinging from your PC
Ur Default Gateway
is trying to tell you
something
29. Viewing routing table of a router
R1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
192.168.12.0/30 is subnetted, 1 subnets
C 192.168.12.0 is directly connected, FastEthernet1/0
C 192.168.100.0/24 is directly connected, FastEthernet0/0
C 192.168.101.0/24 is directly connected, FastEthernet0/1
30. To assign a static route
R1(config)#ip route ?
A.B.C.D Destination prefix
R1(config)#ip route 192.168.200.0 ?
A.B.C.D Destination prefix mask
R1(config)#ip route 192.168.200.0 255.255.255.0 ?
A.B.C.D Forwarding router's address
-------------Lines removed to save space----------------
FastEthernet FastEthernet IEEE 802.3
R1(config)#ip route 192.168.200.0 255.255.255.0 192.18.12.2
Destination Network
Subnet mask of
the destination
network
Next Router’s IP address
31. Verification of static route
R1(config)#do show run
----------- ------------------
ip route 192.168.200.0 255.255.255.0 192.168.12.2
--------- --------
R1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
-----------Lines removed to save space----------------------
Gateway of last resort is not set
192.168.12.0/30 is subnetted, 1 subnets
C 192.168.12.0 is directly connected, FastEthernet1/0
C 192.168.100.0/24 is directly connected, FastEthernet0/0
C 192.168.101.0/24 is directly connected, FastEthernet0/1
S 192.168.200.0/24 [1/0] via 192.168.12.2
32. Tasks
Please assign the required static routes for the entire topology
Please ping and check again . All the PCs should each other
34. Securing User mode
Remember we are accessing the device using the console cable. So we will now secure the console
port against unauthorized access using a password.
R1(config)#
R1(config)#line console 0
R1(config-line)#login
% Login disabled on line 0, until 'password' is set
R1(config-line)#password cisco123
R1(config-line)#exit
R1(config)#^Z
R1#
R1#exit
To verify Please logout and login again
R1#show run
------ Lines omitted to save space---
!
line con 0
password cisco123
login
!
line aux 0
!
line vty 0 4
login
!
end
35. Securing User mode with a username & password
R1(config)#username ADMIN password admin
R1(config)#line console 0
R1(config-line)#login ?
authentication authenticate using aaa method list
local Local password checking
<cr>
R1(config-line)#login local
R1(config-line)#exit
Verification
User Access Verification
Username: ADMIN
Password:
R1>enable
R1#show users
Line User Host(s) Idle Location
* 0 con 0 ADMIN idle 00:00:00
36. Securing the privilege mode
R1(config)#enable password INDIA
For verification go back to the usermode and re enter the privilege mode
R1#disable
R1>
R1>enable
Password:
R1#
R1#
37. enable secret command
R1(config)#enable secret MUMBAI
Verification
R1#show run
Building configuration...
Current configuration : 942 bytes
-----Lines are omitted to save space-----------
no service password-encryption
!
hostname R1
!
enable secret 5 $1$mERr$MSbuqBJDe4Of9OI1Jev6o1
enable password INDIA
!
-----Lines are omitted to save space-----------
username ADMIN password 0 admin
38. Encrypting all the present and future passwords
R1(config)#service password-encryption
R1(config)#
R1(config)#do show run
Building configuration...
Current configuration : 967 bytes
service password-encryption
-------Lines are omitted to conserve space-----------
enable secret 5 $1$mERr$MSbuqBJDe4Of9OI1Jev6o1
enable password 7 0808626A2038
!
username ADMIN password 7 082048430017
39. Encrypting all the present and future passwords
R1(config)#username USER1 password pass1
R1(config)#do show run
Building configuration...
----------lines are omitted to save space--------
service password-encryption
!
----------lines are omitted to save space--------
!
enable secret 5 $1$mERr$MSbuqBJDe4Of9OI1Jev6o1
enable password 7 0808626A2038
!
----------lines are omitted to save space--------
!
username ADMIN password 7 082048430017
username USER1 password 7 08314D5D1A48
40. Tasks
Please try removing service password-encryption command
• R1(config)#no service password-encryption
Assign a new Username & password
• Check the running configuration
• So, What’s the conclusion??
Try the following command
• username XXXX privilege 15 password YYYYY
• Try to log out and log back in
• Did you find any change?
42. Telnet Access
The remote device has closed the
connection
Please check whether telnet is configured
on the remote device
43. On the router (destination)
R1#show run
Building configuration...
------Lines omitted----------
line con 0
password 7 0822455D0A16544541
login local
------Lines omitted----------
!
line vty 0 4
login
!
Option 1: Remove the word login which is under line vty
R1(config)#line vty 0 4
R1(config-line)# no login
R1(config-line)#exit
Option 2: Put back the word login as well as a password
R1(config)#line vty 0 4
R1(config-line)# password xxxx
R1(config-line)#login
R1(config-line)#exit
Option 3: Use a username & password. A username &
password which has already been configured can be used
for this purpose
R1(config)#username XXX password YYYYY
R1(config)#line vty 0 4
R1(config-line)#login local
R1(config-line)#exit
44. SSH configuration
Here we will assume that we have already configured telnet access on the remote device
successfully
Few more prerequestics
• Hostname other then default hostname (Router)
• Domain name
R1(config)#ip domain-name xyz.com
Enable SSH
R1(config)#crypto key generate rsa
The name for the keys will be: R1.xyz.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
45. SSH configuration ..cont
Enable SSH Protocol
Verification
On your PC CLI
• ssh -l username [IPaddress]
R1(config)#line vty 0 4
R1(config-line)#transport input ssh telnet
R1(config-line)#exit
hyphen L (in small letters)