I’m going to start my series of Daily Drill Downs on the Cisco Internetwork Operating System (IOS) from the very beginning. You are about to discover how network engineers manage to get all their computers talking to each other using Cisco routers, how your access servers let users log on to your network, and so on. To figure this out, you have to start from the very beginning, i.e., Cisco’s IOS.
The Cisco IOS is the solutions set, provided as a complex software kit to the end user. It includes numerous components that work on top of other components manufactured by Cisco, and it offers various features for supervising and administrating.
First, let’s look at the hardware aspect of Cisco routers. A Cisco router, like a standard PC, has a central processing unit (CPU). The CPU, or processor, varies by router series and model. For example, the router’s CPU that I’ll use in my examples is a Motorola 68030. A router’s processor performs the work required to process packets, maintains all of the tables necessary to route and bridge, and makes routing decisions.
The rate at which a router can process packets depends heavily on the type of processor the router has.
A Cisco router has four main types of memory:
- Read-only memory (ROM)
- Flash memory
- Random-access memory (RAM)
- Nonvolatile RAM (NVRAM)
A router’s bootstrap software is normally stored in ROM. The IOS is stored in flash memory, as is the software the router uses to run. RAM is used for all the dirty jobs—mostly for handling buffers and tables. The primary purpose of NVRAM is to store the configuration the IOS reads when the router boots.
The Cisco IOS is no longer the only one possible for Cisco routers. It’s always good to have an alternative, right? The Linux zealots gave it to us: uClinux/Cisco (Embedded Linux/Microcontroller Project), which was developed to run on Cisco routers. This uClinux is a derivative of the Linux 2.0 kernel (intended for microcontrollers without memory management units) and has successfully been ported to Cisco. Koen De Vleeschauwer (author of one of the patches for uClinux) created a patch that allows uClinux to run on older MC68EC030-based Cisco routers, which is why the range of applicability of uClinux in Cisco isn’t very wide. It includes Cisco 2500, 3000, and 4000 series routers and requires 4 MB of RAM. I’m sure that it might be useful someday, but not at the present time. For now, I wouldn’t even think about changing my router’s IOS to uClinux.
Configuring the Cisco IOS
My goal is to get you started configuring Cisco IOS-based routers. You must understand that nobody can memorize all of the commands; however, there are a few you absolutely must know. I’ll point these out as we go along. Also, there are some resources you’ll need during your work with the Cisco IOS. The first is Cisco’s UniverCD, which, as a rule, comes with all new Cisco hardware. You can also get the UniverCD from Cisco’s official Web Site or from the Usenet newsgroup (comp.dcom.sys.cisco). Many Cisco specialists are linked to these sites, so I’m sure you’ll be able to find a solution there for any of your router problems.
From the beginning
Let’s imagine that you’ve just gotten your new Cisco equipment and you’re determined to master it. The first thing I do each time I get a new Cisco router, switch, or access server is to find the version of Cisco IOS it uses. To find the version, enter this command:
core-rtr1# show version
You should see something like this:
Cisco Internetwork Operating System Software
IOS ™ 3000 Software (IGS-I-L), Version 11.1(7),
RELEASE SOFTWARE (fc2)
Copyright (c) 1986-1996 by cisco Systems, Inc.
Compiled Wed 23-Oct-96 20:37 by tej
Image text-base: 0x0301FC14, data-base: 0x00001000
ROM: System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE
ROM: 3000 Bootstrap Software (IGS-RXBOOT), Version 10.2(8a),
RELEASE SOFTWARE (fc1)
core-rtr1 uptime is 14 weeks, 3 days, 1 hour, 20 minutes
System restarted by power-on
System image file is “flash:igs-i-l.111-7”, booted via flash
cisco 2500 (68030) processor (revision F) with 1024K/1024K
bytes of memory.
Processor board ID 04794083, with hardware revision 00000000
X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.
1 Ethernet/IEEE 802.3 interface.
2 Serial network interfaces.
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read ONLY)
Configuration register is 0x2102
The most important things you should get from this screen are the Cisco router model (Cisco 2500), Cisco IOS software version (11.1(7)), and the name of the boot image (igs-i-l.111-7). You don’t need to remember anything more from this display.
Now, you need to find out what feature set you have on your IOS. Basically, brand-new routers have an IP variant with no additional feature set. There is the possibility, however, that you might need to access an older, already configured router with a different IOS set. So, the issue now is how to identify your IOS. It’s pretty easy. Cisco has a very detailed explanation for its IOS-naming convention. You can find this in a white paper called Cisco IOS Reference Guide.
There are some things that every Cisco specialist should know about IOS naming. The IOS filename consists of four parts. In our case, the filename is igs-i-l.111-7. The first part, igs, is a platform or board identifier. The second section, i, stands for the feature list. The third section stands for image memory allocation and compression; for example, l means that image will be relocated at run time and is not compressed. The last part, 111-7, identifies the image version.
Now that you’re familiar with the IOS feature list, parameters, and version, you’re ready to start working directly with router configuration.
Welcome to the command line
As a rule, IOS configuration is accomplished using the Command Line Interface (CLI). Therefore, to configure IOS-based routers, you need a good understanding of how the CLI works, and you need to feel comfortable with its capabilities. The CLI is very simple; however, just like any other command-line interface (i.e., sh, csh, and bash in your favorite UNIX system or Command.com in your beloved Windows environment), it isn’t very friendly to beginners.
Cisco provides some configuration alternatives to the CLI. You can use AutoInstall to configure a new router or Setup to change the configuration if you prefer. A few other very helpful configuration tools are available, but as a rule they’re not very well documented. The most popular ones are ClickStart and ConfigMaker. ClickStart enables you to configure a router using a Web interface and is available on a number of Cisco series routers. ConfigMaker is used on a Windows 95 or Windows NT platform to quickly and easily configure Cisco 1000, 1600, 2500, and 3600 series routers (as well as a few access servers) from a single PC. This tool simplifies the process of configuration but lacks flexibility.
To use the CLI, your terminal must be connected to the router through the console port (CON on the router’s front or back deck) or one of the TTY lines. By default, the terminal is a basic configuration that should work for most terminal sessions, but you can personalize it however you wish.
I’m going to skip the login procedure; I’ll assume you’re familiar with it. The only thing I’d like to point out is that Cisco has two basic means of logging in: password-based and username-based. For example, a password-based logging scheme requires that you know the access password of the router. In a username-based logging scheme, you must know the login name and password; this scheme allows several people to log in to the same router with their own passwords and with different privileged modes.
Cisco command-line basics
Before I get to CLI mode, let me explain how to enter commands and how to navigate its help system. IOS CLI allows you to edit a command as you’re typing it. You can move the cursor around on the command line and add, delete, and insert characters—everything is quite the same as in your favorite command shell. The keystrokes for editing the IOS command line are in general a subset of those in the bash command shell used on UNIX hosts. The command line in CLI is limited to 253 characters.
The IOS CLI keeps the last 10 commands you typed in a command-history buffer. It’s not permanent—after you log out, it is destroyed. Actually, there are two command-history buffers. One buffer is for user-mode and privileged-mode commands, and the other is for configuration-mode commands. The command-history buffer has two options: You can turn off the command history, and you can change the size of the history buffer. The command terminal no history turns the history off, and the command terminal history turns it on. It is on by default. You can change the number of lines kept in both command-history buffers by issuing the terminal history size command, as shown here:
core-rtr1#terminal history size 25
To check the current history buffer, use the show history command:
sh int se1/0
sh int se0/0
sh int serial 0/0
sh int ethernet 0/0
sh int ethernet 1/0
All interface types, commands, and command arguments can be abbreviated to the number of letters that make them unique on the router. For example, the following abbreviations work:
- sh for show
- conf t for configure terminal
- int for interface
- e for ethernet
In my example output, I use full variants of the commands to make sure everything is clear.
The Command Line Interface
Okay, let’s go to the CLI itself. The command prompt changes based on the mode that you’re using or the mode in which the router is running. Several command modes are available: user mode, privileged mode, configuration mode, sub-configuration modes, and ROM monitor mode. User, privileged, configuration, and sub-configuration modes are IOS command modes. These are the modes that we will be moving through during configuration. User mode is what used to be called EXEC mode. Privileged mode is what used to be called privileged EXEC.
When you log in to a router using the password scheme, you’re in user mode. Let’s look at an example:
core-rtr1#User Access Verification
This is like “look-only” mode—you can perform basic functions, but you cannot examine the current configuration or change anything. Some paranoid network engineers restricted this mode to a tiny number of operations such as ping or traceroute and nothing more. The EXEC commands are not saved across reboots of the router.
When you want to do something that could potentially affect IOS operations or you want to view either of the configurations, then you must change to privileged mode. Privileged-mode commands are a superset of the user-mode commands. In other words, all user-mode commands are still available while you’re in privileged mode.
There are two ways to get into this mode. The first one is to type enable followed by a password for privileged mode, as in the following example:
To get back to user mode, you must type the disable command. I suggest that you always switch back to user mode when you no longer require privileges. That’s a security issue.
The second way to get into privileged mode is to use a username-based scheme and log in with your username with the privilege level set to a value of 15, as shown here:
core-rtr1#User Access Verification
Looking at this issue from the position of a network security officer, however, I would deny any access to privileged mode through the second method. The user’s password is encrypted using the weak Cisco’s XOR-like encryption scheme, and it could be easily decrypted. On the other hand, using a privileged-mode password (what used to be called a secret password), the encryption scheme is MD5 hash, which is a one-way scheme so it can’t be decrypted.
Although you may not be quite ready to configure your own Cisco router, you are one step closer to it after reading this Daily Drill Down. Learning and understanding the command-line tools offered in Cisco technology are critical to the deployment and administration of anything bearing the Cisco name. In this Daily Drill Down, I explored the basics of the Cisco Internetwork Operating System.
The authors and editors have taken care in preparation of the content contained herein but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for any damages. Always have a verified backup before making any changes.