CCNA Certification/Router Operation
Acknowledgements — Introduction — The OSI Model — Application Layer — Transport Layer — Network Layer — Addressing — Routing Protocols — Data Link Layer — Switching — Physical Layer — Router Operation — Advanced Addressing Topics — Advanced Routing Topics — Advanced Switching Topics — Security — WAN — Configuration — Conclusion — References — About the Exam — Cisco Router Commands — Quick Reference Sheet
Router Operation
Operating and Configuring IOS Devices
One can think of Cisco networking devices as specialized computer devices designed to perform the task of handling data packets. As with other computers, the Cisco device has an operating system. Most Cisco networtking equipment executes the Cisco Internetworking Operating System which is usually just known as Cisco IOS.
Cisco IOS has a command line interface (CLI) and using this is similar in style to using the command line environment in Windows, or alternatively a Unix shell such as Bash. It is important to realize that the set of commands that one uses in Cisco CLI is completely different from those available on the CLIs for Windows or Unix. Cisco CLI is designed for the purposes of configuring, and therefore also for inspecting the configuration of, a networking device. Obviously it is not designed for general purpose computing in the way in which the Bash shell is.
Telnet and Console Access
Generally, there are two ways to get access to the Cisco CLI. On the one hand, one can always connect to the console port on the device and this is the way that devices, e.g. routers or switches, are configured when they are taken out of the box to be installed and commissioned. On the other hand, once the device has been commissioned and placed on a network, one can launch a telnet session from a computer on the network and connect to the telnet server on the Cisco device. What distinguishes these two access mechanisms is whether or not one needs to be physically beside the device. Obviously with console access one needs to be close to the device whereas with telnet access one could, in principle, be anywhere on the IP network on which the device is installed. Of course there may be, and usually there are, security mechanisms installed on the network to restrict the client which can access any networking device such as a Cisco router or switch.
Regardless of the mechanism by which one establishes a connection to the CLI, the activity is known in Cisco terminology as establishing an EXEC session.
Privilege Levels within an EXEC Session
Most command line environments provide some type of restriction on which commands a user can execute. In Unix for example, this is achieved through a combination of the user id and group id. In Cisco CLI, it is achieved by having two levels of privilege. Normally, when any user logs in, they are automatically in user mode. In this mode, the configuration of the device can be viewed but not modified. This means that the commands which can be actioned in user mode are not critical to the operation of the device.
If the device has been configured to have the name MyDevice, then the CLI prompt in user mode will be
MyDevice>
One example of a command is show version, which prints out details of various aspects of the hardware and IOS software running on the device. Executing
MyDevice>show version
on a Cisco Catalyst 2960G 24 port Ethernet switch, which has been configured to have the hostname MyDevice, yielded the following output
Cisco IOS Software, C2960 Software (C2960-LANBASE-M), Version 12.2(25)FX, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2005 by Cisco Systems, Inc. Compiled Wed 12-Oct-05 22:05 by yenanh
ROM: Bootstrap program is C2960 boot loader BOOTLDR: C2960 Boot Loader (C2960-HBOOT-M) Version 12.2(25r)FX, RELEASE SOFTWARE (fc4)
MyDevice uptime is 27 weeks, 4 days, 23 hours, 1 minute System returned to ROM by power-on System image file is "flash:c2960-lanbase-mz.122-25.FX/c2960-lanbase-mz.122-25.FX.bin"
cisco WS-C2960G-24TC-L (PowerPC405) processor (revision A0) with 61440K/4088K bytes of memory. Processor board ID FOC0938T107 Last reset from power-on 1 Virtual Ethernet interface 24 Gigabit Ethernet interfaces The password-recovery mechanism is enabled.
64K bytes of flash-simulated non-volatile configuration memory. Base ethernet MAC Address : 00:14:A9:52:07:80 Motherboard assembly number : 73-10015-04 Power supply part number : 341-0098-01 Motherboard serial number : FOC093813VK Power supply serial number : AZS094402EQ Model revision number : A0 Motherboard revision number : A0 Model number : WS-C2960G-24TC-L System serial number : FOC0938T107 Top Assembly Part Number : 800-26673-01 Top Assembly Revision Number : B0 Version ID : V01 CLEI Code Number : COM2300ARA Hardware Board Revision Number : 0x01
Switch Ports Model SW Version SW Image ------ ----- ----- ---------- ---------- * 1 24 WS-C2960G-24TC-L 12.2(25)FX C2960-LANBASE-M
Configuration register is 0xF
If one types the command enable when in user mode, then IOS will attempt to enter privileged mode.
Generally, a password is set for privileged mode, clearly a good security practice, when the device is
commissioned but this is not always the case. If a password has been set, then the user will be required to
enter it successfully in order for IOS to transition to privileged mode.
Once in privileged mode, all of the commands that were available in user mode remain available but in addition the user now has access to commands which can configure, restart or debug the networking device. In that sense, these are deemed to be critical commands. For example, one can switch off an Ethernet port thereby stopping all layer 2 data packets to/from computers connected, whether directly or indirectly, to that port. If this were not the action which one intended, then the consequences for users of the connected computers could be catastrophic.
To exit from privileged mode and return to user mode, the CLI command is
disable
Managing Network Environments
Setting passwords on a Cisco router
Cisco router has five passwords:
- Console
- Aux
- VTY
- Enable password
- Enable Secret
The Console, Aux, and VTY passwords are used to enter into user mode via console port, auxiliary port, and Telnet, respectively. The enable, and enable Secret passwords are used to enter into privileged EXEC mode.
Configuring an enable password
Enter privileged EXEC mode
router> enable
Configuring an privileged EXEC mode password
Router(config)# enable password {password}
Configuring an enable secret password
Router(config)# enable secret {password}
Force encrypted passwords
Router(config)# service password-encryption