Cover | Table of Contents | Colophon

Table of Contents

Chapter 1: Getting Started

Content preview·Buy reprint rights for this chapter

In the first edition of this book, I may have dated myself a bit by starting this chapter off with the following paragraph:

The modern world is networked in a way that could barely be imagined a few decades ago. Today, the Internet reaches into virtually every business and almost every home. Our children and even our grandparents speak of dot-coms, email, and web sites. The Internet is now part of our culture.

Almost four years have passed since then, which does not seem like much time at all. But in the networking and computer fields, that's a very long time indeed. Our children and grandparents now speak of dot-bombs, MP3s, broadband, voice over IP, instant messaging, and outsourcing. Even the once-killer app email has been surpassed by the gratification of instant messaging. Things have certainly changed, which leaves us to wonder what the next few years will bring.

No matter what happens, Cisco is likely to continue its dominance of the networking world. Even that little router sitting on your cable or DSL connection at home could very well be a Cisco device. Routers and switches are the glue that holds the Internet together. And Cisco is the most prominent router manufacturer, holding the largest share of the market. Their routers come in all shapes and sizes, from inexpensive units for homes and small offices to equipment that costs hundreds of thousands of dollars, used by very large ISPs and telcos. Almost all of their devices—from the smallest to the largest—run the Internetwork Operating System (IOS) . Therefore, they share the same command set, the same user interface, and the same configuration techniques. While a small home network router doesn't have the features or the capacity of an ISP's router, you configure them pretty much the same way. Both routers use access lists, have similar security mechanisms, support the same set of protocols in the same way, and so on.

As Cisco continues developing its product line, it's clear that the Internetwork Operating System (IOS) is a key part of its strategy. As new products come out, they all have the familiar IOS interface.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

IOS User Modes

Content preview·Buy reprint rights for this chapter

IOS has two primary modes of operation: user mode and privileged mode. When you first connect to the router, you are placed in user mode. The Cisco documentation refers to this as the user exec mode; I am going to omit "exec" throughout this book. The user mode is indicated by the prompt:

Router>

The word "Router" is replaced with your router's hostname if the hostname is already configured.

The show commands in user mode are limited to a few basic levels. You cannot edit or view configurations at this stage; you can only view the router status and other miscellaneous information. To obtain a basic listing of commands, type a question mark:

Router>?
         

Editing the router's configuration requires you to be in the privileged exec mode, which I call "privileged mode ." Use the enable command to enter this mode:

Router>enable
Password:
Router#         Privileged mode prompt
         

You can always tell whether you are in user mode or privileged mode by looking at the prompt. The user mode prompt has a > at the end; the privileged mode prompt always has a # at the end, regardless of the submode.

If you are familiar with Unix, you can equate privileged mode to "root" access. You could also equate it to the administrator level in Windows 2000 or the supervisor in NetWare. In this mode, you have permission to access everything inside the router, including configuration commands. However, you can't type configuration commands directly. Before you can change the router's actual configuration, you must enter a submode of the privileged mode by giving the command configure terminal (see "Command-Line Completion" later in this chapter for a shortcut). This command can be entered only when you are in privileged mode.

Router#configure terminal
            
Enter configuration commands, one per line. End with Ctrl-Z

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Command-Line Completion

Content preview·Buy reprint rights for this chapter

Command-line completion makes the IOS interface much more user-friendly. It saves you extra typing and helps out when you cannot remember a command's syntax. In a previous example, we used the command configure terminal:

Router#configure terminal
         

But you could have saved wear and tear on your hands by typing:

Router#conf t
         

IOS expands the command conf t to configure terminal, completing the command for you. It may seem like extra work to learn these short versions of the commands, but doing so really pays off, especially for the commands you use frequently. But if you haven't learned the shortcut, you can try pressing Tab. In this case, you could have pressed Tab after typing conf; the router fills in the best completion, which is configure. If you press Tab and the router doesn't fill in the rest of the command, type a few more letters and press Tab again.

Here is another example:

Router#show running-config
         

This long command can be shortened to:

Router#sh ru
         

The router knows that show is what you wanted, because show is the only command that begins with "sh"; likewise, the only subcommand of show that begins with "ru" is running-config.

If the router does not understand a command, it repeats the entire command line and places a caret (^) under the point at which it ran into trouble. For example:

Router>show itnerface e0
>show itnerface e0
       ^
% Invalid input detected at '^' marker.

The caret symbol is pointing to the "t" in "itnerface", which is the command the router does not understand. We can quickly fix that by retyping the command:

Router>show interface e0
         

We now get the correct output! Since we also know how to use shortcuts, we can type:

Router>sh int e0
         

With this command we get the same result as with its lengthy counterpart. Command-line completion saves a lot of typing, and it helps you keep your sanity when you're working with long commands.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Get to Know the Question Mark

Content preview·Buy reprint rights for this chapter

Previously, I said that you can get the available commands by typing ? at the prompt. You can also use this trick to find the subcommands of any command. For example, if you know you want to use the copy command but cannot remember which subcommand you need, type:

Router#copy ?
  WORD            Copy from flash device - format <dev:>[partition:][filename]
  flash           Copy from system flash
  flh-log         Copy FLH log file to server
  mop             Copy from a MOP server
  rcp             Copy from an rcp server
  running-config  Copy from current system configuration
  startup-config  Copy from startup configuration
  tftp            Copy from a TFTP server

Another use of the question mark is to find all commands that match what you have typed so far. For example, if you know the first part of a command, type it, and then type a question mark. The router will return a list of all the matching commands. In the following example, we remember that the configure command begins with "co", but that's it. The router gives us the matching commands:

Router#co?
configure  connect  copy

Note the important difference between these two examples. In the first example, there was a space before the question mark, which gave us the next command that complements copy. Had there not been a space, the router would have tried to complete the word "copy" for us, not given us the next available commands. In the next example, we did not add the space, so the router tried to complete "co" with all the commands it could find that start with "co".

What if you don't see the command you're looking for? Bear in mind that the router returns only commands that are relevant to the mode you are currently in. For example, if you are in user mode, you are given only commands that apply to that mode.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Command-Line Editing Keys

Content preview·Buy reprint rights for this chapter

IOS provides a number of keyboard shortcuts that let you edit the line you're typing. They should be familiar to any user of Unix or Emacs, though the details are a little different in some cases. Table 1-1 lists the command-line editing keys.

Table 1-1: Command-line editing keys

Keys	Commands
Ctrl-a	Returns the cursor to the beginning of the current line.
Ctrl-b	Moves the cursor back one character. (Equivalent to the left-arrow key.)
Ctrl-d	Deletes the character to the left of the cursor.
Ctrl-e	Moves the cursor to the end of the line.
Ctrl-f	Moves the cursor forward one character. (Equivalent to the right-arrow key.)
Ctrl-k	Deletes all the characters from the current cursor position to the end of the line.
Ctrl-n	Goes to the next command in the session history. (Equivalent to the down-arrow key.)
Ctrl-p	Goes to the previous command in the session history. (Equivalent to the up-arrow key.)
Ctrl-t	Switches the current character with the character to the left of the cursor.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Pausing Output

Content preview·Buy reprint rights for this chapter

Using the terminal command, you can set an important feature of the user interface: the pausing of lengthy output. For example, if you run a command that has more than one page of output, the router will pause after 24 lines with a —More— prompt. The value 24 is the default terminal length. Depending on the size of your terminal window, this might not be adequate. You can change the length and width using the terminal command, like this:

Router>terminal length 10
Router>terminal width 80
         

These commands set the terminal length to 10 and the width to 80, which means the router will pause after 10 lines of output and that each of these lines will be 80 characters long. You can disable the pausing altogether by setting the terminal length to 0:

Router>terminal length 0
         

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

show Commands

Content preview·Buy reprint rights for this chapter

As you work with IOS, you'll become intimately familiar with the show commands. They are among the most useful commands you will ever use; they allow you to view just about any settings within the router. Issuing the command show ? produces output like this:

Router>show ?
  clock     Display the system clock
  history   Display the session command history
  hosts     IP domain-name, lookup style, nameservers, and host table
  sessions  Information about Telnet connections
  snmp      snmp statistics
  terminal  Display terminal configuration parameters
  users     Display information about terminal lines
  version   System hardware and software status

The show command has many different subcommands. However, notice that we are in user mode. In privileged mode, the show command has a lot more subcommands, which would take up a few pages if we listed them here. The important thing to remember is that show commands often have more than one keyword. For example, the command show ip route works by itself, but many other options can be applied to it. For example:

router#show ip route ?
  Hostname or A.B.C.D  Network to display information about or hostname
  bgp                  Border Gateway Protocol (BGP)
  connected            Connected
  egp                  Exterior Gateway Protocol (EGP)
  eigrp                Enhanced Interior Gateway Routing Protocol (EIGRP)
  igrp                 Interior Gateway Routing Protocol (IGRP)
  isis                 ISO IS-IS
  odr                  On Demand stub Routes
  ospf                 Open Shortest Path First (OSPF)
  rip                  Routing Information Protocol (RIP)
  static               Static routes
  summary              Summary of all routes
  supernets-only       Show supernet entries only
  <cr>

I certainly haven't explained routing enough for you to understand the output of this command. However, you can see how to find show keywords with the question mark. The

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Chapter 2: IOS Images and Configuration Files

Content preview·Buy reprint rights for this chapter

Eventually you will want to upgrade your router's software. The IOS (Internetwork Operating System) is the software that resides inside the Cisco device. Upgrading IOS involves transferring a new IOS image to your router from some kind of server. As we'll see in this chapter, there are several methods for uploading a new IOS image: the most common include using Trivial File Transfer Protocol (TFTP), Remote Copy Protocol (RCP), or Secure Copy Protocol (SCP). Before we discuss how to transfer a new image, let's define exactly what is meant by an "image file" and how it differs from a configuration file.

IOS image files contain the system code that your router uses to function, that is, the image contains the IOS itself, plus various feature sets (optional features or router-specific features). However, the features are not configured in any way. The router's actual configuration—which features are enabled and how they are used in your particular network environment—is stored in a configuration file written in IOS's configuration language. The commands in this file describe everything from the router's name and the IP address of each interface to the protocols that you're using, address translation, security, and more. The router is useless without a concrete configuration—just like an operating system kernel is useless without the configuration files (such as the Windows registry or the files in /etc on a Unix system) that tell the kernel how you want it to operate in a particular situation.

IOS is the software that resides inside the Cisco device. You can think of IOS as the kernel or the actual operating code within your router. The IOS image has a name, which specifies the platform for which the image was built, the features it includes, and where the image is located in memory. To see the name of the image your router is running, give the command show version:

Router>show version
Cisco Internetwork Operating System Software IOS (tm)
 3600 Software (C3640-JS-M), Version 12.0(5)T1,  RELEASE SOFTWARE (fc1)

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

IOS Image Filenames

Content preview·Buy reprint rights for this chapter

IOS is the software that resides inside the Cisco device. You can think of IOS as the kernel or the actual operating code within your router. The IOS image has a name, which specifies the platform for which the image was built, the features it includes, and where the image is located in memory. To see the name of the image your router is running, give the command show version:

Router>show version
Cisco Internetwork Operating System Software IOS (tm)
 3600 Software (C3640-JS-M), Version 12.0(5)T1,  RELEASE SOFTWARE (fc1)

In this example, C3640-JS-M is the IOS image name. The name has three parts: platform identifier , feature set, and image execution location. In this example, C3640 is the platform identifier, JS is the feature set, and M is the image execution location.

The platform identifier indicates the hardware for which the image was built. Table 2-1 lists the most common platform identifiers. This list is quite extensive and grows as new products are released.

Table 2-1: Common platform identifiers

Identifier	Platforms
as	Access Server 5200 series
ca	Cisco Advantage
cpa	Cisco Pro
cs	Communication Server
c800, c1000, c1005, c1600

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

The New Cisco IOS Packaging Model

Content preview·Buy reprint rights for this chapter

In release 12.3, Cisco changed the image package naming model. As you can see from the previous explanations, image selection had become overly complex and difficult to understand. In the new packaging model , the image selection has been reduced from 44 to 8 possible packages.

Some of the advantages of the new package model are:

• Easier to select the features you want
• Feature set reduced from 44 to 8 packages
• Consistent image names across platforms
• Consistent functionality across platforms

Figure 2-1 shows the eight major packages. This figure illustrates the concept of package inheritance . With package inheritance, any package automatically inherits all the features of the packages below it. For example, IP Base is the first package in the tree. Its features are inherited by all the packages above it.

Figure 2-1: New image packaging model inheritance

As of this writing, the new feature packaging is available only on 800, 1700, 2600, 3600, 2700, and 7000 series routers. However, you can expect more devices to join this group in the future.

Here's an example of the new image naming scheme:

c3745-entbase-mz.123-9a.bin

This name translates to a platform of 3745, a feature set of "Enterprise Base," and a release of 12.3.9a.

As we have just seen, the filenames for a given release are packed with information. They do not, however, tell you the status of the release . Cisco has three codes for the status of the release:

GD

General Deployment indicates that the code is extremely stable for the most demanding production environments. Although this image is very stable, the number of new features is extremely limited.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Loading Image Files Through the Network

Content preview·Buy reprint rights for this chapter

From time to time you will need to load a new system image, either to upgrade the image that was shipped with your router, to install bug fixes, or to add new feature sets that you've purchased. The most common way to upload an image is to copy it to the router from some other system on your network—after all, the router is a network device, and it's easiest to use the router's networking capabilities. You can also use the console port or an AUX port to upload an image using Xmodem. In this book, I'll focus on loading image files over the network. We'll cover TFTP first, then provide details on using RCP or SCP, which is often preferred today for its security features.

Say that you have just purchased a 2501 router and want to upgrade to the latest version of IOS. Assume that you have downloaded the new image from Cisco's web site or that you have it on a CD or some other medium. If you haven't already set up the router, you'll need a serial connection from a terminal (or a PC with a terminal-emulation program) to do some simple configuration before you can install the image: at a minimum: you need to set up an IP address. You'll also need a connection to the network so that the router can access your TFTP server. Once you've set things up, your primitive network will look like Figure 2-2.

Figure 2-2: Getting an IOS image from a TFTP server

Before you start the upgrade, you must configure the IP address for the router's Ethernet interface (in this case, ethernet0). Let's assume that the address 10.10.1.1 is available for the router and that the TFTP server is 10.10.1.2. Before you load the new image, enter the following commands:

Router>enable
Router#config terminal
Router(config)#interface ethernet0
Router(config-if)#ip address 10.10.1.1 255.255.255.0
Router(config-if)#no shutdown
Router(config-if)#exit
Router(config)#exit
Router#ping 
  10.10.1.2

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Using the IOS Filesystem for Images

Content preview·Buy reprint rights for this chapter

The upgrade procedure described in the previous sections is for a Class B IOS filesystem. Class B filesystems are probably the most common, but they aren't universal—particularly on high-end routers. There are also Class A and Class C filesystems ; the filesystem you have depends on the router you're using. Table 2-4 shows which filesystem a number of different routers use.

Table 2-4: Flash filesystem types

Filesystem type	Router
Class A	7000 series, C12000, and LightStream 1010
Class B	1003, 1004, 1005, 2500, 2600, 3600, 4000, AS5200, 800
Class C	3810, disk0 of SC3640

As far as a user is concerned, the filesystems differ primarily in the commands that they support. Table 2-5 lists the filesystem commands and what they do.

Table 2-5: Filesystem commands

Command	Filesystem	Description
cd	All	Changes the working directory.
delete	All

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

The Router's Configuration

Content preview·Buy reprint rights for this chapter

Every router has two different configurations to consider:

Running configuration

The router's active configuration, which is stored in the router's RAM. Every configuration command you give is stored in the running configuration . If you reboot your router, this configuration is lost. If you make changes that you want to save, you must copy the running configuration to a safe location, such as a network server, or save it as the router's startup configuration .

Startup configuration

The configuration that is loaded when the router boots. This configuration is stored in the router's nonvolatile memory (NVRAM) . You cannot edit a startup configuration directly. All commands you enter are stored in the running configuration, which can be copied into the startup configuration.

In other words, when you boot a router, the startup configuration becomes the initial running configuration. As you modify the configuration, the two diverge: the startup configuration remains the same, while the running configuration reflects the changes you have made. If you want to make your changes permanent, you must copy the running configuration to the startup configuration.

The following command copies the router's current running configuration into the startup configuration:

Router#copy running-config startup-config
Building configuration...

Similarly, to save the running configuration on a network server using TFTP, you would give the command:

Router#copy running-config tftp
         

You'll be prompted for additional information, such as the remote host and the name for the saved file.

The terms "running configuration" and "startup configuration" were added in recent versions of IOS. In earlier versions, you used the command

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Loading Configuration Files

Content preview·Buy reprint rights for this chapter

Loading and saving configuration files is much simpler than loading a kernel image. This section summarizes the commands that load and save the configuration.

Once loaded, the running configuration is used by the router immediately. Use these commands to load it using either TFTP or RCP:

Router#copy tftp running-config               
               (for TFTP)
Router#copy rcp running-config                
               (for RCP)
Router#copy scp://user@ip:. running-config    
               (for SCP)
            

The startup configuration is not used until the router is rebooted. Loading the startup configuration can be dangerous because the router doesn't parse the configuration file and won't give you any warning if the file has errors. The configuration is not parsed until the router is rebooted—and if the configuration is incorrect, the router may not boot properly. Therefore, use the following commands with care:

Router#copy tftp startup-config               
               (for TFTP)
Router#copy rcp startup-config                
               (for RCP)
Router#copy scp://user@ip:. startup-config    
               (for SCP)
            

The following command is the most important command of all, because if you don't save your running configuration, all your configuration changes will be lost during the next reboot of the device. Once you are satisfied that your current router configuration is correct, copy your configuration to the startup configuration with this command:

Router#copy running-config startup-config
            

The following commands display the startup or the running configuration:

Router#show startup-config
Router#show running-config
            

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Chapter 3: Basic Router Configuration

Content preview·Buy reprint rights for this chapter

Managing a handful of routers quickly becomes a large task, and managing thousands of routers is even worse. You can minimize your administrative burden by configuring your routers carefully, completely, and consistently. I strongly recommend that you use every helpful item possible—even if the configuration item is not required. Every moment spent doing configuration groundwork translates into many hours saved when you are troubleshooting or performing maintenance tasks. When you try to solve a network problem at 2 A.M., the importance of properly configured routers becomes painfully clear.

This chapter covers most of the configuration items that make routers more manageable and easier to tame.

The examples in this book use "Router" as the router 's name. That's fine for examples, but a bad idea in real life. Eventually, a router should be given a name. To set the router name to "Sphinx", use the hostname command:

Router(config)#hostname Sphinx
Sphinx(config)#

The router instantly responds by updating the prompt to reflect the new router name. The name can be up to 254 characters long, but don't use a name so long that you can't type it comfortably.

It's a good practice to follow a naming convention for your routers. With a logical, consistent naming scheme, it's easy to remember a router's name, or guess the name if you've forgotten it. For example, let's say that your router names all start with "rtr", followed by the city initials, followed by a number. Then, late one night when you're staring at a blank terminal screen trying to remember the name of the backbone router in New York, you can type rtr-ny-01 and be reasonably confident that you've guessed correctly.

Don't use underscores ( _ ) in router names. They are hard to type, often lead to confusion, and aren't legal in Domain Name System (DNS) names. Use a hyphen (-) instead. Similarly, avoid mixing upper- and lowercase. Instead of "routerOneNewYork," use "router-one-newyork." The router won't care, but your users will!

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Setting the Router Name

Content preview·Buy reprint rights for this chapter

The examples in this book use "Router" as the router 's name. That's fine for examples, but a bad idea in real life. Eventually, a router should be given a name. To set the router name to "Sphinx", use the hostname command:

Router(config)#hostname Sphinx
Sphinx(config)#

The router instantly responds by updating the prompt to reflect the new router name. The name can be up to 254 characters long, but don't use a name so long that you can't type it comfortably.

It's a good practice to follow a naming convention for your routers. With a logical, consistent naming scheme, it's easy to remember a router's name, or guess the name if you've forgotten it. For example, let's say that your router names all start with "rtr", followed by the city initials, followed by a number. Then, late one night when you're staring at a blank terminal screen trying to remember the name of the backbone router in New York, you can type rtr-ny-01 and be reasonably confident that you've guessed correctly.

Don't use underscores ( _ ) in router names. They are hard to type, often lead to confusion, and aren't legal in Domain Name System (DNS) names. Use a hyphen (-) instead. Similarly, avoid mixing upper- and lowercase. Instead of "routerOneNewYork," use "router-one-newyork." The router won't care, but your users will!

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Setting the System Prompt

Content preview·Buy reprint rights for this chapter

By default, the router uses its hostname as the prompt; the hostname is "Router" if you haven't defined it explicitly. It's often a good idea to put other useful information in the prompt by using the prompt command. For example:

Sphinx(config)#prompt %h:%n%p
Sphinx(config)#exit
Sphinx:5#

We've used three escape sequences to set the prompt to the hostname (%h), followed by the command number (%n), followed by the appropriate prompt character for the current command mode (%p). The escape sequences for the prompt command are listed in Table 3-1.

Table 3-1: Prompt variables

Escape sequence	Meaning
%%	Percent character
lass="literal">%h	Hostname of the router
%n	TTY number for this EXEC session
%p	Prompt character: either > for user level or # for privileged level
%s	Space character
%t	Tab character

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Configuration Comments

Content preview·Buy reprint rights for this chapter

It's a good idea to keep your routers' configuration files on a server somewhere. You can then modify the configuration files using a convenient text editor and upload the files to your routers as necessary. One advantage to this procedure is that you can include comments within your configuration files. A comment is any line beginning with an exclamation point. For example:

!
! This is a comment.
!

You can also type comments when you are configuring the router from the command line, but comments are never saved as part of the router's configuration. Therefore, when you try to view or save

Return to Cisco IOS in a Nutshell

© 2008, O'Reilly Media, Inc. (707) 827-7000 / (800) 998-9938 All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners.

About O'Reilly Privacy Policy Contacts Customer Service Authors Press Room Jobs User Groups Academic Solutions Newsletters Writing for O'Reilly RSS Feeds

Other O'Reilly Sites O'Reilly Radar Ignite Tools of Change for Publishing Digital Media Inside iPhone O'Reilly FYI makezine.com craftzine.com hackszine.com perl.com xml.com

Sponsored Sites Inside Aperture Inside Lightroom Inside Port 25 InsideRIA java.net