Operating Cisco IOS Software
Understanding the enterprise network environment provides a perspective about the need for greater functionality and control over network components, delivered through more sophisticated network devices such as switches. Cisco IOS Software is feature-rich network system software, providing network intelligence for business-critical solutions. The following sections compare the functionality of switches and devices in small office, home office (SOHO) network environments with network components in enterprise network environments, and describe Cisco IOS Software functions and operation.
Cisco IOS Software Features and Functions
Cisco IOS Software is the industry-leading and is the most widely deployed network system software. This topic describes the features and functions of Cisco IOS Software.
The Cisco IOS Software platform is implemented on most Cisco hardware platforms, including switches, routers, and similar Cisco IOS–based network devices. It is the embedded software architecture in all Cisco devices and is also the operating system of
Cisco Catalyst switches.
Cisco IOS Software enables the following network services in Cisco products:
- Features to carry the chosen network protocols and functions.
- Connectivity enables high-speed traffic between devices.
- Security controls access and prohibit unauthorized network use.
- Scalability adds interfaces and capability as needed for network growth.
- Reliability ensures dependable access to networked resources.
The Cisco IOS Software command-line interface (CLI) is accessed through a console connection, a modem connection, or a Telnet session. Regardless of which connection method is used, access to the Cisco IOS Software CLI is generally referred to as an EXEC session.
Configuring Network Devices
The Cisco IOS CLI is used to communicate the configuration details that implement the network requirements of an organization. This topic describes the initial steps for starting and configuring a Cisco network device.
When a Cisco IOS device is started for the first time, its initial configuration with default settings is sufficient for it to operate at Layer 2. When a Cisco router is started for the first time, however, the device does not have sufficient information in its initial configuration to operate at Layer 3, because the device management requires IP address information on its router interfaces, at a minimum. However, when an “unconfigured” Cisco device starts for the first time, with no “startup configuration” settings, the IOS will prompt you for basic configuration information using an interactive dialog mode called setup mode.
This basic configuration sets up the device with the following information:
- Protocol addressing and parameter settings, such as configuring the IP address and subnet mask on an interface
- Options for administration and management, such as setting up passwords
In this section, a minimal device configuration for a switch is discussed. Changes to these minimal or default configurations to meet particular network requirements constitute many of the tasks of a network administrator. Figure 2-14 shows the basic startup steps for a Cisco router or switch.
Figure 2-14 Switch and Router Startup Steps
When a Cisco device starts up, the following three main operations are performed on the networking device:
- The device performs hardware-checking routines. A term often used to describe this initial set of routines is power-on self test (POST).
- After the hardware has been shown to be in good working order, the device performs system startup routines. These initiate the switch or device operating system IOS software.
- After the operating system is loaded, the device tries to find and apply software configuration settings (later to be stored in the startup-config file) that establish the details needed for network operation. Typically, a sequence of fallback routines provides software startup alternatives, if needed.
External Configuration Sources
A switch or device can be configured from sources that are external to the device.
Figure 2-15 illustrates the many sources from which a Cisco device can obtain configuration settings.
Figure 2-15 Sources for Router Configurations
You can access a device directly or from a remote location without being physically connected to the device. You can connect directly by using a console cable connection to the console (CON) port, or you can connect from a remote location by dialing into a modem connected to the auxiliary (AUX) port on the device. After a Cisco device is properly configured, you can also make an over-the-network connection, through Telnet (to VTY ports). In general, the console port is recommended for initial configuration because it displays device startup messages, whereas the auxiliary port does not provide this information. A Cisco IOS device can be configured through the following connections:
- Console terminal: Upon initial installation, you can configure networking devices from the console terminal, which is connected through the console port. You will need the following items to configure a Cisco device from the console port:
- RJ-45–to–RJ-45 rollover cable
Console Port
Auxiliary Port
(Router Only)
Interfaces
Telnet
TFTP
PC or UNIX Server
Web or Network
Management
Server
Virtual Terminal
154 Chapter 2: Ethernet LANs - Personal computer (PC) or equivalent with “terminal” communications software configured with the following settings:
Speed: 9600 bits per second
Data bits: 8
Parity: None
Stop bit: 1
Flow control: None
- RJ-45–to–RJ-45 rollover cable
- Remote terminal: To support a remote device, a modem connection to the auxiliary port of the device allows a remote device to be configured from a remote terminal. However, the auxiliary port of the device must first be configured for communication with the external modem. You need the following items to connect remotely to the auxiliary port on a Cisco device:
- Straight-through serial cable
- 14.4-kilobits-per-second (kbps) modem
- PC or equivalent with suitable communications software
After initial startup and after an initial basic configuration, you access and configure the device in the following ways:
- Establish a terminal (vty) session using Telnet.
- Configure the device through the current connection, or download a previously written startup-config file from a Trivial File Transfer Protocol (TFTP) server on the network.
- Download a configuration file using a network management software application such as CiscoWorks.
NOTE Not all network devices have all the ports shown in Figure 2-15. For example, some Cisco SOHO devices do not have an auxiliary port.
Cisco IOS Command-Line Interface Functions
Cisco IOS Software uses a CLI through the console as its traditional environment to enter commands. While Cisco IOS Software is a core technology that extends across many products, its operation details vary on different internetworking devices. This section describes the functions of the Cisco IOS CLI.
The typical interface to a Cisco IOS device is through a console connection or a Telnet connection to the CLI. Figure 2-16 shows an administrator configuring a router and switch through a console connection.
Figure 2-16 Administrator Connecting to the CLI
To enter commands into the CLI, type or paste the entries within one of the several console command modes. Each command mode is indicated with a distinctive prompt. Pressing the Enter key instructs the device to parse and execute the command. Cisco IOS Software uses a hierarchy of commands in its command-mode structure. Each command mode supports specific Cisco IOS commands related to a type of operation on the device.
As a security feature, Cisco IOS Software separates the EXEC sessions. EXEC sessions are basically any sessions you initiate through CON, AUX, or VTY connections. All such EXEC sessions are defined by, or put into, one the following two access levels:
- User EXEC mode: Allows a person to access only a limited number of basic monitoring commands (like show or other basic troubleshooting commands).
- Privileged EXEC mode: Allows a person to access all device commands, such as those used for configuration and management, and can be password protected to allow only authorized users to access the device at this “full-access” level. This mode is also called enable mode because you get to it with the enable command.
Entering the EXEC Modes
Cisco IOS Software supports two EXEC command modes: user EXEC mode and privileged EXEC mode. The following procedure outlines how to enable and enter the different EXEC modes on a Cisco switch or device:
Step 1 Log in to the device initially with a username and password (if login is configured for CON, AUX, or VTY connections). This brings the device to a user EXEC mode prompt. A prompt displays to signify the user EXEC mode. The right-facing arrow (>) in the prompt indicates that the device or switch is at the user EXEC level. Enter exit to close the session from the user EXEC mode
Step 2 Enter the ? command at the user EXEC level prompt to display command options available in the user EXEC mode. The ? command in privileged EXEC mode reveals many more command options than it does at the user EXEC level. This feature is referred to as context-sensitive help.
User EXEC mode does not contain any commands that might control the operation of the device or switch. For example, user EXEC mode does not allow reloading or configuring of the device or switch. Critical commands, such as configuration and management, require you to be in privileged EXEC (enable) mode. To change to privileged EXEC mode from user EXEC mode, enter the enable command at the hostname> prompt. If an enable password or an enable secret password is configured, the switch or device will then prompt you for the required password.
NOTE If both an enable password and a secret password are set, the secret password is the one that is required.
When the correct enable password is entered, the switch or device prompt changes from hostname> to hostname#, indicating that the user is now at the privileged EXEC mode level. Entering the ? command at the privileged EXEC level will reveal many more command options than those available at the user EXEC mode level. To return to the user EXEC level, enter the disable command at the hostname# prompt.
NOTE For security reasons, a Cisco network device will not echo, or show on the screen, the password that is entered. However, if a network device is configured over a modem link, or if Telnet is used, the password is sent over the connection in plain text. Telnet by itself does not offer a method to secure packets that contain passwords or commands.
Secure Shell (SSH) Protocol, which runs on most Cisco devices, allows communication securely over insecure channels and provides strong authentication. SSH can be seen in this context as an encrypted form of Telnet. Refer to Cisco IOS documentation to learn how to use SSH.
Keyboard Help in the CLI
Cisco devices use Cisco IOS Software with extensive command-line input help facilities, including context-sensitive help. This topic describes the CLI keyboard help that is available on Cisco devices
The Cisco IOS CLI on Cisco devices offers the following types of help:
- Word help: Enter the character sequence of an incomplete command followed immediately by a question mark. Do not include a space before the question mark. The device will display a list of available commands that start with the characters that you entered. For example, enter the sh? command to get a list of commands that begin with the character sequence sh.
- Command syntax help: Enter the ? command to get command syntax help to see how to complete a command. Enter a question mark in place of a keyword or argument. Include a space before the question mark. The network device will then display a list of available command options, with <cr> standing for carriage return. For example, enter show? to get a list of the various command options supported by the show command.
NOTE Cisco devices and Catalyst switches have similar command-line help facilities. All the help facilities mentioned in this section for devices also apply to Catalyst switches, unless otherwise stated.
Special Ctrl and Esc key sequences, the Tab key, the up-arrow and down-arrow keys, and many others can reduce the need to reenter or type entire command strings. Cisco IOS Software provides several commands, keys, and characters to recall or complete command entries from a command history buffer that keeps the last several commands that you entered. These commands can be reused instead of reentered, if appropriate. Console error messages help identify problems with an incorrect command entry. Error messages that might be encountered while using the CLI are shown in Table 2-2.
Table 2-2 CLI Error Messages
The command history buffer stores the commands that have been most recently entered. To see these commands, enter the Cisco IOS show history command. You can use context-sensitive help to determine the syntax of a particular command. For example, if the device clock needs to be set but the clock command syntax is not known, the context-sensitive help provides a means to check the syntax for setting the clock. If the word clock is entered but misspelled, the system performs a symbolic translation of the misspelled command as parsed by Cisco IOS Software. If no CLI command matches the string input, an error message is returned. If there is no Cisco IOS command that begins with the misspelled letters, by default, the device will interpret the misspelled command as a host name and attempt to resolve the host name to an IP address, and then try to telnet to that host.
Context-sensitive help will supply the entire command, even if you enter just the first part of the command, such as cl?.
If you enter the clock command but an error message indicating that the command is incomplete is displayed, enter the question mark (?) command (preceded by a space) to determine what arguments are required for completing the command sequence. In the clock ? example, the help output shows that the keyword set is required after clock. If you now enter the command clock set and then press Enter, but another error message displays indicating that the command is still incomplete, press Ctrl-P (or the up-arrow key) to repeat the command entry. Then, add a space and enter the question mark (?) command to display a list of command arguments that are available at that point in the CLI for the given command.
After the last command recall, the administrator can use the question mark (?) command to reveal the additional arguments, which involve entering the current time using hours, minutes, and seconds. After entering the current time, if you still see the Cisco IOS Software error message indicating that the command entered is incomplete, recall the command, add a space, and enter the question mark (?) to display a list of command arguments that are available at that point for the given command. In the example, enter the day, month, and year using the correct syntax, and then press Enter to execute the command. Syntax checking uses the caret symbol (^) as an error-location indicator. The caret symbol appears at the point in the command string where an incorrect command, keyword, or
argument has been entered. The error-location indicator and interactive help system provide a way to easily find and correct syntax errors. In the clock example, the caret symbol (^) indicates that the month was entered incorrectly. The parser is expecting the month to be spelled out.
Enhanced Editing Commands
The Cisco IOS CLI includes an enhanced editing mode that provides a set of editing key functions. Although the enhanced line-editing mode is automatically enabled, you can disable it. You should disable enhanced line editing if there are scripts that do not interact well when enhanced line editing is enabled. Use the terminal editing EXEC command to turn on advanced line-editing features and the terminal no editing EXEC command to disable advanced line-editing features.
Most commands are “undone,” or turned off, by reentering the command with the word no in front of it. The terminal commands are one of the odd exceptions to the “no” rule.
Notice that terminal editing is turned off by entering terminal no editing (instead of “no terminal editing”).
One of the advanced line-editing features is to provide horizontal scrolling for commands that extend beyond a single line on the screen. When the cursor reaches the right margin, the command line shifts ten spaces to the left. The first ten characters of the line can no longer be seen, but you can scroll back to check the syntax at the beginning of the command. The command entry extends beyond one line, and you can only see the end of the command string:
SwitchX> $ value for customers, employees, and partners.
The dollar sign ($) indicates that the line has been scrolled to the left. To scroll back, press Ctrl-B or the left-arrow key repeatedly until you are at the beginning of the command entry, or press Ctrl-A to return directly to the beginning of the line. The key sequences are shortcuts or hot keys provided by the CLI. Use these key sequences to move the cursor around on the command line for corrections or changes. Table 2-3 describes each of the shortcuts shown in Figure 2-16 and shows some additional shortcuts for command-line editing and controlling command entry.
Table 2-3 Command-Line Editing Keys
NOTE The Esc key is not functional on all terminals.
Command History
The Cisco CLI provides a history or record of commands that have been entered. This feature, called the command history buffer, is particularly useful in helping recall long or complex commands or entries. With the command history feature, you can complete the following tasks:
- Display the contents of the command buffer.
- Set the command history buffer size.
- Recall previously entered commands stored in the history buffer. There is a buffer for the EXEC mode and another buffer for the configuration mode.
By default, command history is enabled, and the system records the last ten command lines in its history buffer. To change the number of command lines that the system will record and recall during the current terminal session only, use the terminal history command at the user EXEC mode prompt. To recall commands in the history buffer beginning with the most recent command, press Ctrl-P or the up-arrow key. Repeat the key sequence to recall successively older commands. To return to more recent commands in the history buffer, after recalling older commands by pressing Ctrl-P or the up-arrow key, press Ctrl-N or the down-arrow key. Repeat the key sequence to recall successively more recent commands. On most computers, there are additional select and copy facilities available. You can copy a previous command string, paste or insert it as the current command entry, and then press Enter.
A Cisco router has the following four primary types of memory:
- RAM: Stores routing tables and the fast-switching cache. RAM holds the current running configuration file, the currently loaded IOS, and so on.
- NVRAM: Used for writable permanent storage of the startup configuration settings.Flash: Provides permanent storage of the Cisco IOS Software image file, backup configurations, and any other files through memory cards.
- ROM: Provides the POST routine and also provides a mini-IOS that can be used for troubleshooting and emergencies, such as when the stored IOS in flash is corrupted.
The mini-IOS provided by ROM can also be for password recovery.
ROM cannot be modified or copied to by device administrators. The show startup-config command displays the saved startup configuration settings stored in NVRAM. The show running-config command displays the current configuration settings currently running in RAM. Figure 2-17 shows the location of the running and startup configuration files, along with where the setup utility copies the configuration.
Figure 2-17 Location of Configuration Files
The show running-config command displays the current running configuration in RAM. When you issue the show running-config command on a router, you will initially see “Building configuration . . . .” This output indicates that the running configuration is being built from the active configuration settings currently running and currently stored in RAM. After the running configuration is built from RAM, the “Current configuration:” message appears, indicating that this is the current running configuration that is currently running in RAM.
The first line of the show startup-config command output indicates the amount of NVRAM used to store the configuration. For example, “Using 1359 out of 32762 bytes” indicates that the total size of the NVRAM is 32,762 bytes and the current configuration stored in NVRAM takes up 1359 bytes.