Connect to Cisco IOS
1.1 Cisco USB Console on MAC OS X
USB Console is a CDC (Connected Device Configuration) device, hence there are is no need for a separate running driver on the MAC OS. There are several methods of accessing the router once the router is connected to a usb port on the MAC.
• Using a terminal emulation program such as Z-Term for MAC OS X. For more information on Z-Term, please refer http://en.wikipedia.org/wiki/ZTerm
• Using “screen” program which is a built-in program for MAC OS X.
The steps below illustrate how to run “screen” program on the MAC
• Open a Terminal window on the MAC.
• Plug the Router usb console port to an available usb port on the MAC
• Find the enumerated port number for the usb connection on the MAC by entering these commands on the MAC terminal window:
o Change directory to /dev ‘cd /dev’
o List enumerated usb port ‘ls –ltr *usb*
o Generally the connected usb port will be listed as some tty device ‘tty.usbmodem’ with a numeration suffix such as ‘tty.usbmodem1a21’
• Connect to the above usb port using the “screen” program on the Terminal window followed by the speed of the router console ‘screen /dev/tty.usbmodem1a21 9600’
• To disconnect usbconsole and exit from “screen” program, on the Terminal window, enter Ctrl-a follow by Ctrl-\ . Screen will prompt for confirmation to exit/quit the program.
• Illustrated example below:
DT-macbook: user$ cd /dev DT-macbook:dev user$ ls -ltr /dev/*usb* crw-rw-rw- 1 root wheel 9, 66 Apr 1 16:46 tty.usbmodem1a21 DT-macbook:dev user$ DT-macbook:dev user$ screen /dev/tty.usbmodem1a21 9600 router# to quit, ^a (Ctrl-a) then ^\ (Ctrl-\) , user will see prompt to quit below: Copyright 2009Cisco Systems 1 Company Confidential .Really quit and kill all your windows [y/n]
1.2 Cisco USB Console on Linux
USB Console is a CDC (Connected Device Configuration) device, hence there are is no need for a separate running driver on Linux. There ‘are several methods of accessing the router once the router is connected to a usb port on Linux machines.
• Using Serial to Network Proxy program such as ser2net which provides a way for user to connect either locally or from a network to the Linux machine serial port.
• Using “screen” program which is available for most Linux OS.
The steps below illustrate how to run “screen” program on a Linux machine:
• Open a Terminal window on the Linux machine.
• Plug the Router usbconsole port to an available usb port on the Linux machine
• Generally the connected usb port will be listed as some tty device ‘ttyACM’ with a numeration suffix such as ‘ttyACM0’
• Connect to the above usb port using the “screen” program on the Terminal window followed by the speed of the router console ‘screen /dev/ttyACM0 9600’
• To disconnect usbconsole and exit from “screen” program, on the Terminal window, enter Ctrl-a follow by Colon to enter “screen” program menu. Then enter quit to exit “screen”.
• Illustrated example below:
usb-suse:/etc # screen /dev/ttyACM0 9600
Cisco IOS mode
In hierarchical order from most basic to most specialized, the major modes are:
- User executive (User EXEC) mode
- Privileged executive (Privileged EXEC) mode
- Global configuration mode
- Other specific configuration modes, such as interface configuration mode
- Line mode – to configure one of the physical or virtual lines (console, AUX, VTY)
- Interface mode – to configure one of the network interfaces (Fa0/0, S0/0/0)
The two primary modes of operation are user EXEC mode and privileged EXEC mode.The enable and disable commands are used to change the CLI between the user EXEC mode and the privileged EXEC mode, respectively.
To exit a specific configuration mode and return to global configuration mode, enter exit at a prompt. To leave configuration mode completely and return to privileged EXEC mode, enter end or use the key sequence Ctrl-Z.
Short cut and hotkeys:
- Down Arrow – Allows the user to scroll forward through former commands
- Up Arrow – Allows the user to scroll backward through former commands
- Tab – Completes the remainder of a partially typed command or keyword
- Ctrl-A – Moves to the beginning of the line
- Ctrl-E – Moves to the end of the line
- Ctrl-R – Redisplays a line
- Ctrl-Z – Exits the configuration mode and returns to privileged EXEC mode
- Ctrl-C – Exits the configuration mode or aborts the current command
- Ctrl-Shift-6 – Allows the user to interrupt an IOS process such as ping or traceroute
Examination command (show command)
- Show version: the operating system information in the RAM, include Programs(show processes, show cup neighbors), Active configuration file(show running-config), tables and buffers(show arp, show mac-address-table, show vlan). In detail, it includes:
- Software version – IOS software version (stored in flash)
- Bootstrap version – Bootstrap version (stored in Boot ROM) :A bootstrap is the process of starting up a computer. It also refers to the program that initializes the operating system (OS) during start-up.
- System up-time – Time since last reboot
- System restart info – Method of restart (e.g., power cycle, crash)
- Software image name – IOS filename stored in flash
- Router type and processor type – Model number and processor type
- Memory type and allocation (shared/main) – Main Processor RAM and Shared Packet I/O buffering
- Software features – Supported protocols/feature sets
- Hardware interfaces – Interfaces available on the device
- Configuration register – Sets bootup specifications, console speed setting, and related parameters
- Show flash: show the operating system information in the flash memory.
- Show startup-config: show the backup configuration file in the NVRAM.
Set the password
- Enable password – Limits access to the privileged EXEC mode
- Enable secret – Encrypted, limits access to the privileged EXEC mode
- Console password – Limits device access using the console connection
Switch(config)#line console 0
- VTY password – Limits device access over Telnet
Switch(config)# line vty 0 15
Switch(config-line)# password cisco
- AAA :
R1(config)# username ccna password ciscoccna
enable aaa: by
r1(config)# aaa new-model
Create an authentication list, local keyword indicate that the user database is stored locally on the router:
R1(config)#aaa authentication login LOCAL_AUTH local
The following commands tell the router that users attempting to connect to the router should be authenticated using the list created above:
R1(config)# line console 0
R1(config-line)# login authentication LOCAL_AUTH
R1(config-line)#line vty 0 4
R1(config-line)#login authentication LOCAL_AUTH
Encrypt the password
ip domain-name rtp.cisco.com !--- Generate an SSH key to be used with SSH. crypto key generate rsa ip ssh time-out 60 ip ssh authentication-retries 2
line vty 0 15 password cisco login local !--- Prevent non-SSH Telnets. transport input ssh username admin prvileged 15 password admin
Set the Banner
Switch(config)#banner motd #message #
Save Delete the configuration
- Erase the startup configuration file use
erase startup-configat the privileged EXEC mode prompt.
On a switch you must also issue the
delete vlan.dat command in addition to the
erase startup-config command in order to return the device to its default “out-of-the-box” configuration (comparable to a factory reset):
Switch# delete vlan.dat
Delete filename [vlan.dat]?
Delete flash:vlan.dat? [confirm]
Switch# erase startup-config
Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]
Erase of nvram: complete
- Save the current config to startup config:
Switch#copy running-config startup-config
- Save the current config to TFTP server:
switch#copy running-config tftp
Restore the config from TFTP:
Router# copy tftp running-config
- To discard the current config and restore to the previous one:
If the changes made to the running configuration do not have the desired effect, it may become necessary to restore the device to its previous configuration. Assuming that we have not overwritten the startup configuration with the changes, we can replace the running configuration with the startup configuration. This is best done by restarting the device using the reload command at the privileged EXEC mode prompt.
When initiating a reload, the IOS will detect that the running config has changes that were not saved to startup configuration. A prompt will appear to ask whether to save the changes made. To discard the changes, enter n or no.
An additional prompt will appear to confirm the reload. To confirm, press Enter. Pressing any other key will abort the process.
System configuration has been modified. Save? [yes/no]: n
Proceed with reload? [confirm]
*Apr 13 01:34:15.758: %SYS-5-RELOAD: Reload requested by console. Reload Reason:
System Bootstrap, Version 12.3(8r)T8, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2004 by cisco Systems, Inc.
Deal with IOS file:
router# copy flash tftp: Source filename ? c1900-universalk9-mz.SPA.151-4.M4.bin // the file has to be a existe one. Address or name of remote host ? 172.16.1.2 Destination filename [c1900-universalk9-mz.SPA.151-4.M4.bin]? <cr>
|bootflash:||Copy to bootflash: file system|
|disk0:||Copy to disk0: file system|
|disk1:||Copy to disk1: file system|
|flash:||Copy to flash: file system|
|flh:||Copy to flh: file system|
|ftp:||Copy to ftp: file system|
|lex:||Copy to lex: file system|
|null:||Copy to null: file system|
|nvram:||Copy to nvram: file system|
|rcp:||Copy to rcp: file system|
|running-config||Update (merge with) current system configuration|
|slot0:||Copy to slot0: file system|
|slot1:||Copy to slot1: file system|
|startup-config||Copy to startup configuration|
|system:||Copy to system: file system|
|tftp:||Copy to tftp: file system|
The three most common commands used for image copying are:
- copy tftp flash
- copy rcp flash
- copy slot0: slot1:
Set the time on the device
To manually set the system software clock, use one of the formats of the clock set command in privileged EXEC mode.
clock set hh:mm:
ss day month year
clock set hh:mm:
ss month day year
Current time in hours (military format), minutes, and seconds.
Current day (by date) in the month.
Current month (by name). Jan, Feb, Mar….
Current year (no abbreviation).
Command Modes Privileged EXEC mode
The following example manually sets the software clock to 1:32 p.m. on July 23, 1997:
Router# clock set 13:32:00 23 July 1997
Sets the hardware clock.
Performs a one-time update of the software clock from the hardware clock (calendar).
Configures the system to automatically switch to summer time (daylight saving time).
Sets the time zone for display purposes.
For more, check out here. http://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/command/reference/ffun_r/frf012.html#wp1017927
Sync with NTP
First setup NTP server:
switch(config)#ntp server time.google.com
Setup time zone:
switch(config)# clock timezone AEDT 10 0
show running-config | include clock-periodntp clock-period 17180200
Do not attempt to remove or modify the ntp clock-period command. The router automatically generates this command to compensate for internal timer inaccuracies.
Enable IP Domain Name System hostname translation, or you will get an error message (% Unrecognized host or address, or protocol not running.) if you ping a domain name, while no issue with pinging an IP address.
Specify address of the DNS server to use:
router(config)#ip name-server xxx.xxx.xxx.xxx
Then test with a ping:
router(config) #end router# ping www.google.com Translating "www.google.com.au"...domain server (xxx.xxx.xxx.xxx) [OK] Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to xxx.xxx.xxx.xxx, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 124/127/136 ms
Now your Cisco device can communicate by domain name.
CDP allow you to view directly connected devices, but can be a security issue, cause the negotiation traffic is not encrypted. Therefore, it’s is recommended to be turned off.
If you want to enable it , use following command:
- “cdp enable” : enable it on a specific interface.
- “cdp run“: enable it globally.
- show cdp neighbors : show a summary list of the neighbor devices ID and the local interface which is connected to the neighbor device. Also show the neighbor device platform like C2600, 2960 etc.
- Show cdp neighbors detail: have more detailed stuff, like IP address of the neighbor device if it has one, IOS info, hold time, duplex.
Schedule the reload
You may need to schedule a reload for a schedule reboot, or before apply a critical configuration that may lock you out ( Wrong NAT, VPN, ACL config).
Fortunately there are two ways to schedule a reload system:
- at: at a specific time/date
- in: after a time interval
The ‘at’ keyword permits to schedule a reload of the software to take place at the specified time (using a 24-hour clock). If you specify the month and day, the reload is scheduled to take place at the specified time and date.
The following example reloads the router on April 30 at 3:00 a.m.:
Router#reload at 03:00 30 apr Reload scheduled for 03:00:00 UTC Sat Apr 30 2011 (in 42 hours and 10 minutes) by console Reload reason: Reload Command Proceed with reload? [confirm]
Router#show reload Reload scheduled for 03:00:00 UTC Sat Apr 30 2011 (in 42 hours and 10 minutes) by console Reload reason: Reload Command
The ‘in’ keyword permits to schedule a reload of the software to take effect in the specified minutes or hours and minutes.
The followind example reloads the router in 90 minutes:
Router#reload in 1:30 Reload scheduled for 10:20:49 UTC Thu Apr 28 2011 (in 1 hour and 30 minutes) by console Reload reason: Reload Command Proceed with reload? [confirm]