Command Lookup Tool http://www.cisco.com/pcgi-bin/Support/Cmdlookup/home.pl -------------------------------------------------------------------------------- Notes: http://www.joshgentry.com/cisco/cisco.htm EXEC mode: Router> privileged mode (router>enable): Router# Router#show interfaces Router#show ip protocols Router#show ip route Router#show ip arp -------------------------------------------------------------------------------- Cisco Notes The light blue serial to RJ45 cable from cisco is called a "rollover cable". -------------------------------------------------------------------------------- Cisco 2513 Interfaces: Ethernet0 (transceiver mac: 0000.0c3a.7bdd)? Serial0 Serial1 TokenRing0 Cisco Console Port (CON) VT100 Emulation,9600 8N1 documentation standard: router>enable router#configure terminal router(config)#xxx router(config)#ctrl-z router# -------------------------------------------------------------------------------- High-Speed Serial Interface (HSSI) (T3) Fast Serial (T1) -------------------------------------------------------------------------------- If you plan to upload a configuration script/file (copy and paste via terminal), the "!" character can be used as a comment... what is an access-list? router#enable router(config)#interface serial0 router(config-if)#ip access-group 110 in router(config)#service ? ! Enable service password-encryption if it isn't already. router(config)#service password-encryption -------------------------------------------------------------------------------- Remember that the 3 Types of Commands are: Global, Major, and Sub-command The Global Command "Configure" takes you down to Router(config) Mode. The Major Command "Line select-interface takes you to Router(Config-line). The Sub-commands "login" and "password" let you configure your password. -------------------------------------------------------------------------------- The initial prompt is called "User Exec Mode", after typing "enable", you will be in "Privleged Exec Mode" or "Exec Mode" for short. To go back to User Exec Mode, type disable: router>enable router#disable router> To reset router to a clean slate: router#erase startup-config router#reload reboot: router#reload reboot in 4 minutes: router#reload in 4 cancel reboot in x minutes: router#reload cancel To restart or reboot a Cisco in a certain number of minutes: router#reload in 5 This is useful when you are afraid that the configuration changes you are about to make might break something or lock you out of the router. You tell the router to reload in a certain number of minutes, then make your changes. If it turns out your changes are catastrophic and you can't log back into the router to fix them, the router will reload in a few minutes and go back to its previous configuration, otherwise: copy running-config startup-config, and type type: router#reload cancel Add a Static Route on your Cisco routers: router(config)#ip route 192.168.1.0 255.255.255.240 192.168.1.254 1 Show route table of Cisco router: router#show ip route Clear ARP Table of your Cisco router or switch: router#clear arp Show ARP table of a Cisco router or switch: router#show arp Show Proccessor Load of your Cisco router or switch: router#show proc cpu At the beginning of the output, look for a line like this: CPU utilization for five seconds: 37%/31%; one minute: 39%; five minutes: 40% Show Used and Available Memory of your Cisco router or switch: router#show proc mem At the beginning of the output, look for a line like this: Total: 200234528, Used: 70508188, Free: 129726340 Cisco Committed Access Rate (CAR) An example that limits an IP to 512K, with a nice, fat burst. First create the access lists: access-list 100 permit ip any host 192.168.100.100 access-list 100 permit ip host 192.168.100.100 any Then apply rate limiting rules to the appropriate interface: rate-limit input access-group 100 512000 1024000 2048000 conform-action transmit exceed-action drop rate-limit output access-group 100 512000 1024000 2048000 conform-action transmit exceed-action drop If, in a rate-limit rule, you reference an access list that does not exist, the rule will match all traffic. Usually not good. -------------------------------------------------------------------------------- router>enable router#configure terminal router(config)#hostname core router(config)#enable password cisco router(config)#enable secret class router(config)#exit router#write memory | copy running-config startup-config router(config)#ip name-server 4.2.2.1 router#show host -------------------------------------------------------------------------------- When you first connect to the router and provide the password (if necessary), you enter EXEC mode, the first mode in which you can issue commands from the command-line. From here you can use such unprivileged commands as ping, telnet, and rlogin. You can also use some of the show commands to obtain information about the system. In unprivileged mode you use commands like, show version to display the version of the IOS the router is running. Typing show ? will display all the show commands available in the mode you are presently in. Definately try the following commands: router#show version This command gives a good amount of information; the IOS version you are running, the available interfaces, the system uptime, the last reload reason, and the configuration register setting. router#show interface Gives a summary of each interface from the IP level. router#show interface brief A very brief summary of each interface. router#show ip arp Displays the entire ARP (Address Resolution Protocol)table, which is the MAC-to-IP resolution table. router#show ip protocols Displays information about the currently running routing protocols. router#show ip route The old standby, which displays the entire IP route table. router#show ip route summary Gives a very useful summary of the IP route table. router#show ip traffic An extensive summary of IP traffic statistics on the router. router#show access-list This useful command not only shows the all the currently configured access-lists, but it also shows you the number of hits each line has received. You can use this information to better troubleshoot your access-lists. router#show cdp neighbors Assuming you have CDP enabled, this command gives you a report of all Cisco devices that the current device is connected to. CDP stands for Cisco Discovery Protocol, which can be an invaluable tool. router#show cdp neighbors detail This command gives even more information about CDP neighbors. router#show ? Until you hit ctrl-Z (or type exit until you reach parent mode) your command has not been put into affect. -------------------------------------------------------------------------------- Configuring Cisco router interfaces Cisco interface naming is straightforward. Individual interfaces are referred to by this convention: media type slot#/port# "Media type" refers to the type of media that the port is an interface for, such as Ethernet, Token Ring, FDDI, serial, etc. Slot numbers are only applicable for routers that provide slots into which you can install modules. These modules contain several ports for a given media. The 7200 series is an example. These modules are even hot-swapable. You can remove a module from a slot and replace it with a different module, without interrupting service provided by the other modules installed in the router. These slots are numbered on the router. Port number refers to the port in reference to the other ports in that module. Numbering is left-to-right, and all numbering starts at 0, not at one. For example, a Cisco 7206 is a 7200 series router with six slots. To refer to an interface that is the third port of an Ethernet module installed in the sixth slot, it would be interface ethernet 6/2. Therefore, to display the configuration of that interface you use the command: router#show interface ethernet 6/2 If your router does not have slots, like a 1600, then the interface name consists only of: media type port# For example: router#show interface serial 0 Here is an example of configuring a serial port with an IP address: router#config router(config)#interface serial 1/1 router(config-if)#ip address 192.168.4.20 255.255.255.0 router(config-if)#no shutdown router(config-if)#ctrl-Z router# Then to verify configuration: router#show interface serial 1/1 Note the no shutdown command. An interface may be correctly configured and physically connected, yet be "administratively down." In this state it will not function. The command for causing an interface to be administratively down is shutdown. In the Cisco IOS, the way to reverse or delete the results of any command is to simply put no infront of it. For instance, if we wanted to unassign the IP address we had assigned to interface serial 1/1: router(config)#interface serail 1/1 router(config-if)#no ip address 192.168.4.20 255.255.255.0 router(config-if)ctrl-Z router#show interface serial 1/1 Configuring most interfaces for LAN connections might consist only of assigning a network layer address and making sure the interface is not administratively shutdown. It is usually not necessary to stipulate data-link layer encapsulation. Note that it is often necessary to stipulate the appropriate data-link layer encapsulation for WAN connections, such as frame-relay and ATM. Serial interfaces default to using HDLC. For a discussion of data-link protocols you will need to look up the IOS command encapsulation for more details. -------------------------------------------------------------------------------- Configuring Cisco Routing IP routing is automatically enabled on Cisco routers. If it has been previously disabled on your router, you turn it back on in config mode with the command ip routing: router(config)#ip routing router(config)#ctrl-Z There are two main ways a router knows where to send packets. The administrator can assign static routes, or the router can learn routes by employing a dynamic routing protocol. These days static routes are generally used in very simple networks or in particular cases that necessitate their use. To create a static route, the administrator tells the router operating system that any network traffic destined for a specified network layer address should be forwarded to a similiarly specified network layer address. In the Cisco IOS this is done with the ip route command: router#config router(config)#ip route 172.16.0.0 255.255.255.0 192.168.150.1 router(config)#ctrl-Z router#show ip route Two things to be said about this example. First, the packet destination address must include the subnet mask for that destination network. Second, the address it is to be forwarded to is the specified addres of the next router along the path to the destination. This is the most common way of setting up a static route, and the only one this document covers. Be aware, however, that there are other methods. Dynamic routing protocols, running on connected routers, enable those routers to share routing information. This enables routers to learn the routes available to them. The advantage of this method is that routers are able to adjust to changes in network topologies. If a route is physically removed, or a neighbor router goes down, the routing protocol searches for a new route. Routing protocols can even dynamically choose between possible routes based on variables such as network congestion or network reliability. There are many different routing protocols, and they all use different variables, known as "metrics," to decide upon appropriate routes. Unfortunately, a router needs to be running the same routing protocols as its neighbors. Many routers can, however, run mutliple protocols. Also, many protocols are designed to be able to pass routing information to other routing protocols. This is called "redistribution." There is an IOS redistribute command you can research if you think this is something you need. This document's companion case study describes an alternative method to deal with different routing protocols in some circumstances. This document describes how to configure the Routing Information Protocol (RIP) on Cisco routers. From the command-line, we must explicitly tell the router which protocol to use, and what networks the protocol will route for. router#config router(config)#router rip router(config-router)#network aa.bb.cc.dd router(config-router)#network ee.ff.gg.hh router(config-router)#ctrl-Z router#show ip protocols Now when you issue the show ip protocols command, you should see an entry describing RIP configuration. -------------------------------------------------------------------------------- Saving your Cisco Router configuration Once you have configured routing on the router, and you have configured individual interfaces, your router should be capable of routing traffic. Give it a few moments to talk to its neighbors, then issue the commands show ip route and show ip arp. There should now be entries in these tables learned from the routing protocol. If you turned the router off right now, and turned it on again, you would have to start configuration over again. Your running configuration is not saved to any perminent storage media. You can see this configuration with the command show running-config: router#show running-config You do want to save your successful running configuration. Issue the command copy running-config startup-config router#copy running-config startup-config Your configuration is now saved to non-volatile RAM (NVRAM). Issue the command show startup-config: router#show startup-config Now any time you need to return your router to that configuration, issue the command copy startup-config running-config. router#copy startup-config running-config -------------------------------------------------------------------------------- Troubleshooting Try to ping next hop in destination: router#ping xx.xx.xx.xx If the ping test is successful, you know that the destination you are having difficulty reaching is alive and physically reachable. If there are routers between your router and the destination you are having difficulty reaching, the problem might be at one of the other routers. Even if you ping a router and it responds, it might have other interfaces that are down, its routing table may be corrupted, or any number of other problems may exist. To see where packets that leave your router for a particular destination go, and how far, use the trace command: router#trace xx.xx.xx.xx It may take a few minutes for this utility to finish, so give it some time. It will display a list of all the hops it makes on the way to the destination. debug commands There are several debug commands provided by the IOS. --------------------------------------------------------------------------------