Navigating the IOS
- Manage Cisco IOS
By now, you have a new-found love and respect for your Cisco equipment after knowing all the work that occurs when you turn on your router or switch. What better way to prove that love and respect but by mastering the IOS that the Cisco devices have so painstakingly found and loaded for your administration and configuration pleasure? This section looks at the hierarchical levels of the IOS and what type of interactivity you can encounter at each level.
You will be able to eliminate several distracting incorrect answers in the exam by recognizing the level of the IOS hierarchy the commands will be found.
At your organization, you may have Level 1 technicians who are not strong in Cisco fundamentals; thus, you want to ensure only that they have access to basic troubleshooting and statistics without worrying that they might change the configuration or cause some other network catastrophe. Because a multitude of administrators might need to gain access to these Cisco devices, it makes sense to ensure that the first level of IOS hierarchy they encounter is somewhat limited in the extent of what can be done. This is the nature of User EXEC.
In User EXEC, you are limited in the number and type of commands that are available to you. For instance, the majority of show commands are available at this level of the IOS hierarchy because they do not detrimentally affect the router or the switch to perform these commands. In addition, you can test IP connectivity to other devices with ping as well as remotely administer other devices or troubleshoot all the way up to Layer 7 with Telnet. The Cisco IOS prompt for User EXEC is signified by the greater than sign (>) following the hostname of the Cisco device. For example, a Cisco router and switch with their default hostnames would look like Router> and Switch>, respectively. Figure 7.3 displays the commands that you have available at User EXEC.
FIGURE 7.3 User EXEC command display
Assuming you need to acquire more functionality from your Cisco devices beyond basic troubleshooting and statistical displays, you have to have another layer of the Cisco IOS hierarchy in which you have access to all commands. Happily named, Privileged EXEC is the next level of the IOS, in which you have the same commands as you do in User EXEC, as well as some commands that can alter the Cisco device’s functionality. For example, in Privileged EXEC, you can perform debug commands that can show you hundreds of real-time routing and switching functions and report them to the console. Because this can cause quite a processing strain on the device, these commands are reserved for only those who can access Privileged EXEC. Additionally, some show commands such as show startup-config and show running-config can be seen only by those who should be able (privileged) to see the configuration of the devices (including passwords). Some other new and dangerous commands available in Privileged EXEC include delete, clear, erase, configure, copy, and reload (reboots the device), to name a few.
To gain access to Privileged EXEC, type the command enable from User EXEC. After you press Enter, the prompt changes from > to #, signifying that you are now in Privileged EXEC mode. Because anybody can read this section and learn how to get to these commands, it makes sense to have some way for the IOS to prompt for a password to authorize those who truly should be granted access. The next chapter discusses how to apply these passwords to restrict who gains access from User EXEC to Privileged EXEC. To return back to User EXEC, the reverse command is disable.
One of the commands that you can access through Privileged EXEC is configure. This means that we have to enter yet another level of the Cisco IOS to make any configuration changes to the Cisco device. By typing the configure terminal command, you are telling the Cisco IOS that you are going to configure the Cisco device via your terminal window. The new level you enter after you complete this command is called Global Configuration. You can recognize it by looking at the command prompt, which will reflect Router(config)# for routers and Switch(config)# for switches.
Figure 7.4 displays a partial output of just some of the commands that are available in Global Configuration. Note that the commands delete, debug, clear, configure, and copy do not show up in the list of commands. You have a different set of commands available to you at this level of the IOS versus Privileged and User EXEC. This means that you must exit Global Configuration to use these commands as well as show, reload, and other Privileged EXECspecific commands.
Of equal note, after you enter a command in the IOS, it is immediately applied to runningconfig and applied to the device’s operation. The configurations are not listed and then applied later like batch files or executed compiled programs. Configuration help is shown in Figure 7.4.
FIGURE 7.4 Partial Global Configuration command display.
Newer releases of Cisco IOS are making it possible to utilize some of these commands across the lev els of the Cisco IOS hierarchies. However, for exam purposes, put on a pair of Cisco horse blinders to this new functionality and focus on the original levels and syntaxes described throughout this book.
As the name states, any configuration that is applied in this level applies globally to the Cisco router or switch. Here we can perform configuration tasks such as changing the hostname of the router or switch, creating a login banner, creating a password to prompt users trying to gain access to Privileged EXEC, and many others. It is also at this level of the Cisco IOS hierarchy that you can enter several different sub-configuration modes to apply specific configurations for things such as interfaces, routing protocols, and EXEC lines (which are discussed throughout this book).
Directly from Global Configuration, you can configure interface-specific commands that apply only to interfaces specified in the configuration. Now you can enable the interfaces, assign IP addresses, set speeds, and configure other interface commands. Once again, the commands that are available at this sub-configuration level of the IOS are not applicable at Global Configuration or Privileged EXEC and User EXEC.
To configure an interface, you must specify the interface you want to configure. If the device has fixed (non-modular) interfaces, you simply specify the type of interface followed by the interface number (and remember Cisco routers start their numbering schema with 0). For example, the 1600 series router has a fixed ethernet interface that cannot be removed from the router. To configure that interface, you type interface Ethernet 0 from Global Configuration. Most devices today utilize the modular configuration in which you have to specify the module number as well as the interface number because these devices can change functionality depending on the type of module inserted into them. For example, to configure the second WAN serial interface on the first module on a 2800 series router, you would input interface serial 0/1 where 0 is the module number (first module starts with 0) and 1 is the interface. The prompt in Interface Configuration Mode is displayed as Router(config-if)#, regardless of the interface type. This means you must keep track of what interface you are configuring because the prompt does not specify the type.
Also accessed from Global Configuration, line configurations are specific to those EXEC lines through which a user can gain access to the Cisco device. Specifically, you can configure options such as logins and passwords for a user trying to gain User EXEC access to the console and auxiliary ports, as well as the 5 vty (virtual teletype) Telnet lines into a router or switch. From Global Configuration, you must utilize the keyword, line, followed by the
EXEC line you want to configure. For example, to configure console-specific commands, you would type line console 0 from Global Configuration. The prompt changes to Router(config-line)#, regardless of the line you are configuring.
Even though the Cisco IOS is a command-line interface, it is not without its help features to help you through your navigation of the IOS. Specifically, to see what commands are available at any level of the IOS, you can use the help feature of the IOS, the question mark. By typing ? (no Enter keystroke necessary) at any level of the IOS, you get a listing of all the commands available and a brief description of the command, such as you saw in Figures 7.3 and 7.4.
Quite often, the list of available commands may extend beyond one terminal screen. This is apparent because the string —More— is displayed at the bottom of the list on the screen. To see the next page of listed commands, you can press the space bar and the command list scrolls another terminal screen’s length. If you prefer to see the commands line by line, you can keep hitting the Enter key and it displays only the next command each time you press it. On the chance that you have found the command you were looking for in the list, you can hit any key (pause for inevitable “where’s the any key?” joke) to get back to the command prompt.
In some instances, you may not recall the command that you are looking for, but you do remember the first letter of the command. Let’s say, for example, the command is in Global Configuration and starts with the letter l. You could use the question mark and scroll through all the commands; however, the IOS enables you to see the commands starting with l if you type the letter, followed immediately by the question mark (no space in between), as demonstrated below. Similarly, if you remembered that the command started with log, you can type those characters, followed immediately by the question mark, to see the commands logging and login-string.
Router>enable Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#l? l2tp-class lane li-view line logging login login-string Router(config)#l
Keep in mind that many commands in the IOS require a string of keywords to comprehend what you are trying to achieve with the command. For instance, if I was searching for the command logging and hit the Enter key, the IOS would report back an error to the terminal screen that the command was incomplete because it does not understand where I want to send my logging information. If you are unsure of the commands available, once again, you use the question mark for command help. In this case, you must put a space after the first keyword followed by the question mark. The IOS then displays a list of commands that are valid after the keyword logging, as displayed here:
Router(config)#logging ? Hostname or A.B.C.D IP address of the logging host buffered Set buffered logging parameters buginf Enable buginf logging for debugging cns-events Set CNS Event logging level console Set console logging parameters count Count every log message and timestamp last occurrence exception Limit size of exception flush output facility Facility parameter for syslog messages filter Specify logging filter history Configure syslog history table host Set syslog server IP address and parameters monitor Set terminal line (monitor) logging parameters on Enable logging to all enabled destinations origin-id Add origin ID to syslog messages queue-limit Set logger message queue size rate-limit Set messages per second limit reload Set reload logging level server-arp Enable sending ARP requests for syslog servers when first configured source-interface Specify interface for source address in logging transactions trap Set syslog server logging level userinfo Enable logging of user info on privileged mode enabling Router(config)#logging
In the simulations on the Cisco exam, you can use ? for help when configuring or troubleshooting the Cisco device. If you get stuck in a simulation, utilize the help feature extensively because you do not get docked points for using this feature.
To make things easy for administration, the Cisco IOS enables you to abbreviate commands as long as you type enough characters for the IOS to interpret the command that you want to input. For instance, the previous example involved trying to locate the command that started with l in Global Configuration. Because there were several commands that started with l, you
would need to type in more characters to find the logging command. Specifically, you would need to type logg, which is just enough characters for the IOS to understand that you want to use the logging command. If you want the IOS to complete typing the command for you, you can hit the Tab key and it autocompletes the command when you provide enough characters.
The simulations on the exam support some of the abbreviations; however, not all of them are support ed. With that being said, it is a good idea to be able to type the entire command in case it is not sup ported for abbreviation. The Tab autocomplete, however, is not supported on the exam simulations.
Some multiple-choice questions and answers may show you the completed command, whereas others may show you the abbreviated one. Do not discount a valid answer if the full command syntax is not used.
To make terminal editing simpler and faster, Cisco has created several shortcut keystrokes that can speed up IOS navigation. The most useful of these shortcuts enables you to cycle through your command history to re-use or edit previously typed commands. You can use both the up and down arrow keys or Ctrl+N and Ctrl+P (if arrow keys are not supported at your terminal) to cycle through the last 10 commands in the history buffer relative to the level of the IOS you are currently located. Table 7.2 lists some other useful terminal editing keystrokes that will help you navigate within a command line.
The terminal editing keys discussed so far are very useful for moving within a particular level of the IOS. However, you need to know how to navigate back from those different levels of the Cisco IOS. Namely, if you need to go back one level of the IOS, simply type the command exit. For instance, if you are in the Interface Configuration mode of the IOS and you need to go back to Global Configuration, just type exit, and your prompt display should change from Router(config-if)# to Router(config)#.
Suppose you are back in the interface configuration and you need to ping or traceroute to your neighbor or do a show command to verify that the interface is working. Recall that this variety of commands can be performed only in Privileged EXEC or User EXEC. To return to these levels of the IOS hierarchy, you can type exit until you are all the way back. You can also use the keystroke Ctrl+Z or the keyword end, which will automatically take you back to Privileged EXEC, regardless of how deep in the configuration levels you happen to be.
Common Syntax Errors
As mentioned before, the IOS reports back error messages if you have not provided the correct syntax for a command. The three syntax error messages that you may encounter are as follows:
- Ambiguous Command—This error is displayed when you have not typed enough characters for the IOS to distinguish which command you want to use. In other words, several commands start with those same characters, so you must type more letters of the command for the IOS to recognize your particular command.
- Incomplete Command—The IOS has recognized your keyword syntax with this error message; however, you need to add more keywords to tell the IOS what you want to do with this command.
- Invalid Input—Also known as the “fat finger” error, this console error message is displayed when you mistype a command. The IOS displays a caret mark (^) at the point up to which the IOS could understand your command.
Below is an example for each of these three error console messages. Also notice that this configuration snapshot now includes abbreviations to get into Privileged EXEC and Global Configuration.
Router> Router>en Router#conf t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#r % Ambiguous command: “r” Router(config)#router % Incomplete command. Router(config)#routre rip ^ % Invalid input detected at ‘^’ marker.
STEP BY STEP
7.1 Navigating the IOS
- Go into Privileged EXEC by typing enable or en (or any abbreviation you feel comfortable with).
- Enter Global Configuration by typing configure terminal or config t.
- Enter the Line Configuration mode for the console by typing line console 0 or line con 0.
- Look at the list of commands available by using ?.
- Press the space bar to cycle page by page or Enter to cycle line by line.
- Return back to Global Configuration by typing exit.
- Enter the interface configuration for serial 0/0 by typing interface serial 0/0 or int ser 0/0.
- Exit back to Privileged EXEC by typing Ctrl+Z or end
Use the output below as a loose reference of what the output might look like:
! Step 1 Router> Router>en ! Step 2 Router#conf t Enter configuration commands, one per line. End with CNTL/Z.o ! Step 3 Router(config)#line con 0 ! Step 4 Router(config-line)#? Line configuration commands: absolute-timeout Set absolute timeout for line disconnection access-class Filter connections based on an IP access list activation-character Define the activation character autocommand Automatically execute an EXEC command autocommand-options Autocommand options autohangup Automatically hangup when last connection closes autoselect Set line to autoselect —More— ! Step 5 buffer-length Set DMA buffer length ***Output Removed for Brevity ! Step 6 Router(config-line)#exit ! Step 7 Router(config)#int ser 0/0 ! Step 8 Router(config-if)#end Router# *Sep 26 23:40:41.019: %SYS-5-CONFIG_I: Configured from console by console