IOS
From Internetworkpro
Cisco IOS or Internetwork Operating System, is the standard Operating System for Cisco Catalyst Switches, Routers and some access points. It is a command-line operating system using various prompts to organize commands.
Contents |
[edit] Uses
[edit] Cisco Routers
Most Cisco routers use the IOS operating system. Examples include 1800-series ISR, 2500-series, 2600-series, etc routers. IOS is a operating system loaded in router memory.
[edit] Cisco Switches
All Catalyst switches use IOS as their operating system.
[edit] Configuration Methods
As stated above, IOS is configured using a CLI, or sometimes using a GUI such as Cisco SDM. The types of management are in-band and out-of-band management.
[edit] In-band management
In-band management is management of a router/switch via a configured interface, using a protocol such as Telnet or SSH. This type of management is used on configured routers and cannot be used if the administrator cannot connect to a function interface.
[edit] Out-of-band management
Out-of-band management is management of a router/switch via a rollover (also called console) cable. This type of management is used when the router is being initially configured, or if the router has no functioning interfaces.
[edit] Config Files
Cisco IOS devices save their configuration into text configuration files. An example of a basic configuration file from a Cisco 1841 ISR on Packet Tracer is given below.
Current configuration : 433 bytes ! version 12.3 no service password-encryption ! hostname Router ! ! enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0 ! ! ! interface FastEthernet0/0 ip address 192.168.1.1 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 no ip address duplex auto speed auto shutdown ! interface Vlan1 no ip address shutdown ! ip classless ! ! ! ! line con 0 password cisco login line vty 0 4 password cisco login ! ! end
[edit] Router Commands and Usage
[edit] Overview
Cisco IOS uses commands, which differ over various prompts.
[edit] Help Commands
All of the following examples are using a Cisco 1841 ISR router on Packet Tracer, for illustration purposes. Results may vary.
The ? command is one of the most common commands. It will display all commands available at the current prompt.
Example, Router>? will output
<1-99> Session number to resume connect Open a terminal connection disconnect Disconnect an existing network connection enable Turn on privileged commands exit Exit from the EXEC logout Exit from the EXEC ping Send echo messages resume Resume an active network connection show Show running system information telnet Open a telnet connection traceroute Trace route to destination
It can be used to find a command if, for example, you know how the command begins but don't know the full command.
Example, Router>e? will output
enable exit
It can also be used to find the next part of a command if you do not know it. Example, Router>telnet ? will output
WORD IP address or hostname of a remote system <cr>
[edit] User vs. EXEC
All of the following examples are using a Cisco 1841 ISR on Packet Tracer, for illustration purposes. Results may vary.
The Cisco IOS uses two types of permission levels. One is called the user prompt, and is indicated by a > following the prompt you are located at. For example, if the Router> prompt is seen, it means that you are at the user prompt. Router# indicates that you are at the EXEC, or privileged prompt.
[edit] Escalation of privileges
Privileges are escalated using the command enable. Depending on configuration, you will be prompted for a password, see below.
[edit] Protection of EXEC
The EXEC prompt is typically protected using what is called an enable password. There are two methods of password protection.
The first method, the less secure of the two, is the enable password [password] command. It stores the password in plain-text in the configuration file. It is used from the global config prompt. Usage: Router(config)#enable password cisco
The second method, and more secure of the two, is the enable secret [password] command. It stores the password in encrypted form in the configuration file. It is also used from the global config prompt. Usage: Router(config)#enable secret cisco
[edit] De-escalation of privileges
Privileges may be de-escalated using any of the following commands: exit, disable, logout.
[edit] Virtual and Console Lines
All of the following examples are using a Cisco 1841 ISR on Packet Tracer, for illustration purposes. Results may vary.
[edit] Console Lines
Console lines are used for out-of-band management of the IOS device. The console port can be protected using a password. To configure a password on a console line, use the following set of commands:
Router(config)#line con [line number] Router(config-line)#pass [password] Router(config-line)#login
[line number] - The console line for which to set a password for. Most commonly 0. [password] - The password to set for the console line.
Alternatively, you can specify a range of console ports by using the command line con [first] [last].
[edit] Virtual Lines
Virtual lines are used for in-band management of IOS devices, such as telnet. Virtual, or vty, lines can be protected in a similar manner to console lines. Most of the time, a range of lines are specified.
Router(config)#line vty [first] [last] Router(config-line)#pass [password] Router(config-line)#login
[first] - The number of the first vty line to enable/protect. [last] - The number of the last vty line to enable/protect. [password] - The password to set for given vty lines.
[edit] Interface Configuration
All of the following examples are using a Cisco 1841 ISR router on Packet Tracer, for illustration purposes. Results may vary.
Router interfaces include both virtual interfaces and physical interfaces. This section will target physical interfaces. Two examples of physical interfaces are Fast Ethernet (abbreviated Fa) interfaces and serial (abbreviated S) interfaces.
When configuring interface IP addresses, it is important to remember that you may only use IP addresses assigned by your ISP, or private addresses, unless in a lab environment which is not connected to the internet.
To enter an interface, start from the global config prompt. Type the command interface [interface name] to enter the given [interface name]. Example: Router(config)#interface Fa0/0. You will now be shown the prompt Router(config-if)#. The -if indicates that you are configuring an interface.
[edit] Basic configuration
A basic fast ethernet interface will only need an IP configuration to function. This is done using the ip address command. Proper usage is: ip address A.B.C.D [Subnet mask]. To instruct the router to bring the interface up, use the command no shutdown. Example:
Router(config)#interface Fa0/0 Router(config-if)#ip address 192.168.1.1 255.255.255.0 Router(config-if)#no shutdown
[edit] Other configuration
[edit] Interface description
You can set a description for an interface using the description command. Proper usage is description TEXT. Up to 240 characters may be used. Example:
Router(config-if)#description To WKGP_A switch
[edit] Duplex settings
An interface can be configured for either full-duplex or half-duplex operation.
To configure for full-duplex operations: Router(config-if)#duplex full
To configure for half-duplex operations: Router(config-if)#duplex half
To have the router auto-configure duplex: Router(config-if)#duplex auto
[edit] Routing Protocol Configuration
All of the following examples are using a Cisco 1841 ISR router on Packet Tracer, for illustration purposes. Results may vary.
Cisco IOS routers require manual configuration of routing protocols. It is important that you choose a routing protocol carefully. Interior routing protocols include RIP, OSPF, and EIGRP. The most common exterior routing protocol is BGP.
To enter routing configuration, start at the global config prompt. From there, use the command router [protocol].
[edit] RIP Configuration
To define which version of RIP to use, the command version 2 should be used. To set RIP to broadcast a network that the router is directly connected to, use the command net [network]. Example:
Router(config)#router rip Router(config-router)#version 2 Router(config-router)#net 192.168.1.0 Router(config-router)#net 192.168.2.0 Router(config-router)#net 192.168.3.0
[edit] Command Abbreviations
Original command -> Shortened command
enable -> en
exit -> exi
interface -> in
ip address -> ip addr
console (e.x. line console 0) -> con
[edit] Known Issues
[edit] Type 7 encryption
IOS sometimes encrypts passwords using "7" encryption. This encryption method has been cracked for several years, and is vulnerable to anyone with the right software. This encryption method is typically only used in older config files or if the administrator doesn't know about this crack.[1]
