11.0 Configuring and Testing Your Network
11.0.1 Chapter IntroductionPage 1:
In this chapter, we will examine the process for connecting and configuring computers, switches, and routers into an Ethernet LAN.
We will introduce the basic configuration procedures for Cisco network devices. These procedures require the use of the Cisco Internetwork Operating System (IOS) and the related configuration files for intermediary devices.
An understanding of the configuration process using the IOS is essential for network administrators and network technicians. The labs will familiarize you with common practices used to configure and monitor Cisco devices.
Learning Objectives
Upon completion of this chapter, you will be able to:
- Define the role of the Internetwork Operating System (IOS).
- Define the purpose of a configuration file.
- Identify several classes of devices that have the IOS embedded.
- Identify the factors contributing to the set of IOS commands available to a device.
- Identify the IOS modes of operation.
- Identify the basic IOS commands.
- Compare and contrast the basic show commands.
11.0.1 - Chapter Introduction
The diagram depicts configuring and testing the network. The output of a router is shown as well as network equipment rooms.
The diagram depicts configuring and testing the network. The output of a router is shown as well as network equipment rooms.
11.1 Configuring Cisco devices - IOS basics
11.1.1 Cisco IOSPage 1:
Similar to a personal computer, a router or switch cannot function without an operating system. Without an operating system, the hardware does not have any capabilities. The Cisco Internetwork Operating System (IOS) is the system software in Cisco devices. It is the core technology that extends across most of the Cisco product line. The Cisco IOS is used for most Cisco devices regardless of the size and type of the device. It is used for routers, LAN switches, small Wireless Access Points, large routers with dozens of interfaces, and many other devices.
The Cisco IOS provides devices with the following network services:
- Basic routing and switching functions
- Reliable and secure access to networked resources
- Network scalability
The services provided by the Cisco IOS are generally accessed using a command line interface (CLI). The features accessible via the CLI vary based on the version of the IOS and the type of device.
The IOS file itself is several megabytes in size and is stored in a semi-permanent memory area called flash. Flash memory provides non-volatile storage. This means that the contents of the memory are not lost when the device loses power. Even though the contents are not lost they can be changed or overwritten if needed.
Using flash memory allows the IOS to be upgraded to newer versions or to have new features added. In many router architectures, the IOS is copied into RAM when the device is powered on and the IOS runs from RAM when the device is operating. This function increases the performance of the device.
11.1.1 - Cisco I O S
The diagram depicts the Cisco Internetwork Operating System (I O S) for networking devices. Features of Cisco I O S include:
-Security
-Addressing
-Interfaces
-Routing
-Q o S
-Managing Resources
The diagram depicts the Cisco Internetwork Operating System (I O S) for networking devices. Features of Cisco I O S include:
-Security
-Addressing
-Interfaces
-Routing
-Q o S
-Managing Resources
Page 2:
Access Methods
There are several ways to access the CLI environment. The most usual methods are:
- Console
- Telnet or SSH
- AUX port
The CLI can be accessed through a console session, also known as the CTY line. A console uses a low speed serial connection to directly connect a computer or terminal to the console port on the router or switch.
The console port is a management port that provides out-of-band access to a router. The console port is accessible even if no networking services have been configured on the device. The console port is often used to access a device when the networking services have not been started or have failed.
Examples of console use are:
- The initial configuration of the network device
- Disaster recovery procedures and troubleshooting where remote access is not possible
- Password recovery procedures
During operation, if a router cannot be accessed remotely, a connection to the console can enable a computer to determine the status of the device. By default, the console conveys the device startup, debugging, and error messages.
For many IOS devices, console access does not require any form of security, by default. However, the console should be configured with passwords to prevent unauthorized device access. In the event that a password is lost, there is a special set of procedures for bypassing the password and accessing the device. The device should be located in a locked room or equipment rack to prevent physical access.
Telnet and SSH
A method for remotely accessing a CLI session is to telnet to the router. Unlike the console connection, Telnet sessions require active networking services on the device. The network device must have at least one active interface configured with a Layer 3 address, such as an IPv4 address. Cisco IOS devices include a Telnet server process that launches when the device is started. The IOS also contains a Telnet client.
A host with a Telnet client can access the vty sessions running on the Cisco device. For security reasons, the IOS requires that the Telnet session use a password, as a minimum authentication method. The methods for establishing logins and passwords will be discussed in a later section.
The Secure Shell (SSH) protocol is a more secure method for remote device access. This protocol provides the structure for a remote login similar to Telnet, except that it utilizes more secure network services.
SSH provides stronger password authentication than Telnet and uses encryption when transporting session data. The SSH session encrypts all communications between the client and the IOS device. This keeps the user ID, password, and the details of the management session private. As a best practice, always use SSH in place of Telnet whenever possible.
Most newer versions of the IOS contain an SSH server. In some devices, this service is enabled by default. Other devices require the SSH server to be enabled.
IOS devices also include an SSH client that can be used to establish SSH sessions with other devices. Similarly, you can use a remote computer with an SSH client to start a secure CLI session. SSH client software is not provided by default on all computer operating systems. You may need to acquire, install, and configure SSH client software for your computer.
AUX
Another way to establish a CLI session remotely is via a telephone dialup connection using a modem connected to the router's AUX port. Similar to the console connection, this method does not require any networking services to be configured or available on the device.
The AUX port can also be used locally, like the console port, with a direct connection to a computer running a terminal emulation program. The console port is required for the configuration of the router, but not all routers have an auxiliary port. The console port is also preferred over the auxiliary port for troubleshooting because it displays router startup, debugging, and error messages by default.
Generally, the only time the AUX port is used locally instead of the console port is when there are problems using the console port, such as when certain console parameters are unknown.
11.1.1 - Cisco I O S
The diagram depicts accessing the Cisco I O S software on a device. The back of a Cisco 1841 router is shown with various ports and interfaces identified. The serial and FastEthernet interfaces can be used for Telnet access. The console port is used for terminal access, and the auxiliary port is used for modem access.
The diagram depicts accessing the Cisco I O S software on a device. The back of a Cisco 1841 router is shown with various ports and interfaces identified. The serial and FastEthernet interfaces can be used for Telnet access. The console port is used for terminal access, and the auxiliary port is used for modem access.
11.1.2 Configuration Files
Page 1:
Network devices depend on two types of software for their operation: operating system and configuration. Like the operating system in any computer, the operating system facilitates the basic operation of the device's hardware components.
Configuration files contain the Cisco IOS software commands used to customize the functionality of a Cisco device. Commands are parsed (translated and executed) by the Cisco IOS software when the system is booted (from the startup-config file) or when commands are entered in the CLI while in configuration mode.
A network administrator creates a configuration that defines the desired functionality of a Cisco device. The configuration file is typically a few hundred to a few thousand bytes in size.
Types of Configuration Files
A Cisco network device contains two configuration files:
- The running configuration file - used during the current operation of the device
- The startup configuration file - used as the backup configuration and is loaded when the device is started
Startup Configuration File
The startup configuration file (startup-config) is used during system startup to configure the device. The startup configuration file or startup-config file is stored in non-volatile RAM (NVRAM). Since NVRAM is non-volatile, when the Cisco device is turned off, the file remains intact. The startup-config files are loaded into RAM each time the router is started or reloaded. Once the configuration file is loaded into RAM, it is considered the running configuration or running-config.
Running Configuration
Once in RAM, this configuration is used to operate the network device.
The running configuration is modified when the network administrator performs device configuration. Changes to the running configuration will immediately affect the operation of the Cisco device. After making any changes, the administrator has the option of saving those changes back to the startup-config file so that they will be used the next time the device restarts.
Because the running configuration file is in RAM, it is lost if the power to the device is turned off or if the device is restarted. Changes made to the running-config file will also be lost if they are not saved to the startup-config file before the device is powered down.
11.1.2 - Configuration Files
The diagram depicts Cisco I O S configuration files stored in a network device, the startup configuration, and the running configuration.
The startup configuration file is contained in NV RAM. At startup, the startup configuration is copied from NV RAM to RAM and executed as the running configuration.
The running configuration file is loaded into RAM. Configuration edits change the running configuration. Running configuration directs device operation.
The diagram depicts Cisco I O S configuration files stored in a network device, the startup configuration, and the running configuration.
The startup configuration file is contained in NV RAM. At startup, the startup configuration is copied from NV RAM to RAM and executed as the running configuration.
The running configuration file is loaded into RAM. Configuration edits change the running configuration. Running configuration directs device operation.
11.1.3 Cisco IOS Modes
Page 1:
The Cisco IOS is designed as a modal operating system. The term modal describes a system where there are different modes of operation, each having its own domain of operation. The CLI uses a hierarchical structure for the modes.
In order from top to bottom, the major modes are:
- User executive mode
- Privileged executive mode
- Global configuration mode
- Other specific configuration modes
Some commands are available to all users; others can be executed only after entering the mode in which that command is available. Each mode is distinguished with a distinctive prompt, and only commands that are appropriate for that mode are allowed.
The hierarchical modal structure can be configured to provide security. Different authentication can be required for each hierarchal mode. This controls the level of access that network personnel can be granted.
The figure shows the IOS modal structure with typical prompts and features.
11.1.3 - Cisco I O S Modes
The diagram depicts the Cisco I O S mode hierarchical structure. From top to bottom, the major modes are:
User executive mode appears as Router>. Examples of commands in user executive mode include show (limited), enable, and so on.
Privileged executive mode appears as Router#. Examples of commands in privileged executive mode include debug, reload, configure, and so on.
Global configuration mode appears as Router(config)#. Examples of commands in global configuration mode include hostname, enable secret, i p route, and so on.
Other specific configuration modes include interface, router, line, and so on.
Examples of commands in interface configuration mode include i p address, encapsulation, no shutdown, and so on.
Examples of commands in router configuration mode include network, version, auto-summary, and so on.
Examples of commands in line configuration mode include password, login, modem commands, and so on.
The diagram depicts the Cisco I O S mode hierarchical structure. From top to bottom, the major modes are:
User executive mode appears as Router>. Examples of commands in user executive mode include show (limited), enable, and so on.
Privileged executive mode appears as Router#. Examples of commands in privileged executive mode include debug, reload, configure, and so on.
Global configuration mode appears as Router(config)#. Examples of commands in global configuration mode include hostname, enable secret, i p route, and so on.
Other specific configuration modes include interface, router, line, and so on.
Examples of commands in interface configuration mode include i p address, encapsulation, no shutdown, and so on.
Examples of commands in router configuration mode include network, version, auto-summary, and so on.
Examples of commands in line configuration mode include password, login, modem commands, and so on.
Page 2:
Command Prompts
When using the CLI, the mode is identified by the command-line prompt that is unique to that mode. The prompt is composed of the words and symbols on the line to the left of the entry area. The word prompt is used because the system is prompting you to make an entry.
By default, every prompt begins with the device name. Following the name, the remainder of the prompt indicates the mode. For example, the default prompt for the global configuration mode on a router would be:
Router(config)#
As commands are used and modes are changed, the prompt changes to reflect the current context, as shown in the figure.
11.1.3 - Cisco I O S Modes
The diagram depicts the Cisco I O S prompt structure in use with specific commands.
Router>ping 192.168.10.5
Router#show running-config
Router(config)#interface FastEthernet 0/0
Router(config-i f)#i p address 192.168.10.1 255.255.255.0
The prompt changes to indicate the current C L I mode.
Switch>enable
Switch#config terminal
Switch(config)#interface FastEthernet 0/1
Switch(config- i f)#description connection to WEST LAN4
The diagram depicts the Cisco I O S prompt structure in use with specific commands.
Router>ping 192.168.10.5
Router#show running-config
Router(config)#interface FastEthernet 0/0
Router(config-i f)#i p address 192.168.10.1 255.255.255.0
The prompt changes to indicate the current C L I mode.
Switch>enable
Switch#config terminal
Switch(config)#interface FastEthernet 0/1
Switch(config- i f)#description connection to WEST LAN4
Page 3:
Primary Modes
The two primary modes of operation are:
- User EXEC
- Privileged EXEC
Each mode has similar commands. However, the privileged EXEC mode has a higher level of authority in what it allows to be executed.
User Executive Mode
The user executive mode, or user EXEC for short, has limited capabilities but is useful for some basic operations. The user EXEC mode is at the top of the modal hierarchical structure. This mode is the first entrance into the CLI of an IOS router.
The user EXEC mode allows only a limited number of basic monitoring commands. This is often referred to as view-only mode. The user EXEC level does not allow the execution of any commands that might change the configuration of the device.
By default, there is no authentication required to access the user EXEC mode from the console. It is a good practice to ensure that authentication is configured during the initial configuration.
The user EXEC mode is identified by the CLI prompt that ends with the > symbol. This is an example that shows the > symbol in the prompt:
Switch>
Privileged EXEC Mode
The execution of configuration and management commands requires that the network administrator use the privileged EXEC mode, or a specific mode further down the hierarchy.
The privileged EXEC mode can be identified by the prompt ending with the # symbol.
Switch#
By default, privileged EXEC does not require authentication. It is a good practice to ensure that authentication is configured.
Global configuration mode and all other more specific configuration modes can only be reached from the privileged EXEC mode. In a later section of this chapter, we will examine device configuration and some of the configuration modes.
11.1.3 - Cisco I O S Modes
The diagram depicts Cisco I O S primary modes. These include the following:
User EXEC mode: Limited examination of router and remote access.
Switch>
Router>
Global Configuration Mode: Global configuration commands.
Switch(config)#
Router(config)#
Privileged EXEC Mode: Detailed examination of router, debugging, testing, file manipulation, and remote access.
Switch#
Router#
Other Configuration Modes: Specific service or interface configurations.
Switch(config-)#
Router(config-)#
The diagram depicts Cisco I O S primary modes. These include the following:
User EXEC mode: Limited examination of router and remote access.
Switch>
Router>
Global Configuration Mode: Global configuration commands.
Switch(config)#
Router(config)#
Privileged EXEC Mode: Detailed examination of router, debugging, testing, file manipulation, and remote access.
Switch#
Router#
Other Configuration Modes: Specific service or interface configurations.
Switch(config-)#
Router(config-)#
Page 4:
Moving between the User EXEC and Privileged EXEC Modes
The enable and disable commands are used to change the CLI between the user EXEC mode and the privileged EXEC mode, respectively.
In order to access the privileged EXEC mode, use the enable command. The privileged EXEC mode is sometimes called the enable mode.
The syntax for entering the enable command is:
Router>enable
This command is executed without the need for an argument or keyword. Once
Router#
The # at the end of the prompt indicates that the router is now in privileged EXEC mode.
If password authentication has been configured for the privileged EXEC mode, the IOS prompts for the password.
For example:
Router>enable
Password:
Router#
The disable command is used to return from the privileged EXEC to the user EXEC mode.
For example:
Router#disable
Router>
11.1.3 - Cisco I O S Modes
The diagram depicts Cisco I O S modes used with some command examples. The following shows the default user mode and privileged mode prompts for a router. For a switch, the default prompt is Switch>.
Router con0 is now available.
Press RETURN to get started.
User Access Verification
Password:
Router> (Note: This is the user mode prompt)
Router>enable
Password:
Router# (Note: This is the privileged mode prompt)
Router#disable
Router> (Note: This is the user mode prompt)
Router>exit
The diagram depicts Cisco I O S modes used with some command examples. The following shows the default user mode and privileged mode prompts for a router. For a switch, the default prompt is Switch>.
Router con0 is now available.
Press RETURN to get started.
User Access Verification
Password:
Router> (Note: This is the user mode prompt)
Router>enable
Password:
Router# (Note: This is the privileged mode prompt)
Router#disable
Router> (Note: This is the user mode prompt)
Router>exit
11.1.4 Basic IOS Command Structure
Page 1:
Each IOS command has specific format or syntax and is executed at the appropriate prompt. The general syntax for a command is the command followed by any appropriate keywords and arguments. Some commands include a subset of keywords and arguments that provide additional functionality. The figure shows these parts of a command.
The command is the initial word or words entered in the command line. The commands are not case-sensitive. Following the command are one or more keywords and arguments.
The keywords describe specific parameters to the command interpreter. For example, the show command is used to display information about the device. This command has various keywords that can be used to define what particular output should be displayed. For example:
Switch#show running-config
The command show is followed by the keyword running-config. The keyword specifies that the running configuration is to be displayed as the output.
A command might require one or more arguments. Unlike a keyword, an argument is generally not a predefined word. An argument is a value or variable defined by the user. As an example, when applying a description to an interface with the description command, enter a line such as this:
Switch(config-if)#description MainHQ Office Switch
The command is: description. The argument is: MainHQ Office Switch. The user defines the argument. For this command, the argument can be any text string of up to 80 characters.
After entering each complete command, including any keywords and arguments, press the
11.1.4 - Basic Cisco I O S Command Structure
The diagram depicts the basic Cisco I O S command structure.
Cisco I O S prompt commands are followed by a space and the keyword or arguments.
Example One:
Router>ping 192.168.10.5
In this example, the prompt is Router>, the command is ping, followed by a space, and the keyword or argument is 192.168.10.5.
Example Two:
Router>show i p protocols
In this example, the prompt is Router>, the command is show, followed by a space, and the keyword or argument is i p protocols.
The diagram depicts the basic Cisco I O S command structure.
Cisco I O S prompt commands are followed by a space and the keyword or arguments.
Example One:
Router>ping 192.168.10.5
In this example, the prompt is Router>, the command is ping, followed by a space, and the keyword or argument is 192.168.10.5.
Example Two:
Router>show i p protocols
In this example, the prompt is Router>, the command is show, followed by a space, and the keyword or argument is i p protocols.
Page 2:
IOS Conventions
The figure and the following examples demonstrate some conventions for documenting IOS commands.
For the ping command:
Format:
Router>ping IP address
Example with values:
Router>ping 10.10.10.5
The command is ping and the argument is the IP address.
Similarly, the syntax for entering the traceroute command is:
Format:
Switch>traceroute IP address
Example with values:
Switch>traceroute 192.168.254.254
The command is traceroute and the argument is the IP address.
Commands are used to execute an action, and the keywords are used to identify where or how to execute the command.
For another example, return to examining the description command.
Format:
Router(config-if)#description string
Example with values:
Switch(config-if)#description Interface to Building a LAN
The command is description , and the argument applied to the interface is the text string, Interface to Building a LAN. Once the command is executed, that description will be applied to the particular interface.
11.1.4 - Basic Cisco I O S Command Structure
The diagram depicts Cisco I O S command syntax conventions. A tabular listing shows the common conventions and a description of what they mean.
Convention: boldface
Description: Boldface text indicates commands and keywords that are entered literally as shown.
Convention: italics
Description: Italic text indicates arguments for which the user supplies values.
Convention: [X]
Description: Square brackets enclose an optional element (keyword or argument).
Convention: |
Description: A vertical line indicates a choice within an optional or required set of keywords or arguments.
Convention: [X I Y]
Description: Square brackets enclose an optional element (keyword or argument).
Convention: {X I Y}
Description: Braces, or curly brackets, enclosing keywords or arguments separated by a vertical line indicate a required choice.
The diagram depicts Cisco I O S command syntax conventions. A tabular listing shows the common conventions and a description of what they mean.
Convention: boldface
Description: Boldface text indicates commands and keywords that are entered literally as shown.
Convention: italics
Description: Italic text indicates arguments for which the user supplies values.
Convention: [X]
Description: Square brackets enclose an optional element (keyword or argument).
Convention: |
Description: A vertical line indicates a choice within an optional or required set of keywords or arguments.
Convention: [X I Y]
Description: Square brackets enclose an optional element (keyword or argument).
Convention: {X I Y}
Description: Braces, or curly brackets, enclosing keywords or arguments separated by a vertical line indicate a required choice.
11.1.5 Using CLI Help
Page 1:
The IOS has several forms of help available:
- Context-sensitive help
- Command Syntax Check
- Hot Keys and Shortcuts
The context-sensitive help provides a list of commands and the arguments associated with those commands within the context of the current mode. To access context-sensitive help, enter a question mark, ?, at any prompt. There is an immediate response without the need to use the
One use of context-sensitive help is to get a list of available commands. This can be used when you are unsure of the name for a command or you want to see if the IOS supports a particular command in a particular mode.
For example, to list the commands available at the user EXEC level, type a question mark ? at the Router> prompt.
Another use of context-sensitive help is to display a list of commands or keywords that start with a specific character or characters. After entering a character sequence, if a question mark is immediately entered-without a space-the IOS will display a list of commands or keywords for this context that start with the characters that were entered.
For example, enter sh? to get a list of commands that begin with the character sequence sh.
A final type of context-sensitive help is used to determine which options, keywords, or arguments are matched with a specific command. When entering a command, enter a space followed by a ? to determine what can or should be entered next.
As shown in the figure, after entering the command clock set 19:50:00, we can enter the ? to determine the options or keywords that fit with this command.
11.1.5 - Using C L I Help
The diagram depicts the use of context-sensitive help. An example of a sequence of commands using the C L I context-sensitive help is provided. The device command prompt in the examples is Cisco.
Cisco#cl?
Clear clock
Cisco#clock ?
set Set the time and date
Cisco#clock set
% Incomplete command.
Cisco#clock set ?
hh:mm:ss Current Time
Cisco#clock set 19:50:00
% Incomplete command.
Cisco#clock set 19:50:00 ?
<1 to 31> Day of the month
MONTH Month of the year
Cisco#clock set 19:50:00 25 6
Note: A caret is positioned under the number 6 from the previous command indicating an error.
Invalid input detected at ^ marker.
Cisco#clock set 19:50:00 25 June ?
<1993-2035> Year
Cisco#clock set 19:50:00 25 June 2007
The diagram depicts the use of context-sensitive help. An example of a sequence of commands using the C L I context-sensitive help is provided. The device command prompt in the examples is Cisco.
Cisco#cl?
Clear clock
Cisco#clock ?
set Set the time and date
Cisco#clock set
% Incomplete command.
Cisco#clock set ?
hh:mm:ss Current Time
Cisco#clock set 19:50:00
% Incomplete command.
Cisco#clock set 19:50:00 ?
<1 to 31> Day of the month
MONTH Month of the year
Cisco#clock set 19:50:00 25 6
Note: A caret is positioned under the number 6 from the previous command indicating an error.
Invalid input detected at ^ marker.
Cisco#clock set 19:50:00 25 June ?
<1993-2035> Year
Cisco#clock set 19:50:00 25 June 2007
Page 2:
Command Syntax Check
When a command is submitted by pressing the
There are three different types of error messages:
- Ambiguous command
- Incomplete command
- Incorrect command
11.1.5 - Using C L I Help
The diagram depicts command syntax check help. Cisco I O S returns a help message indicating that required keywords or arguments were left off of the end of the command.
Switch#clock set
% Incomplete command.
Switch#clock set 19:50:00
% Incomplete command.
Cisco I O S returns a help message to indicate that there were not enough characters entered for the command interpreter to recognize the command.
Switch#c
% Ambiguous command: 'c'
Cisco I O S returns a caret to indicate where the command interpreter cannot decipher the command.
Switch#clock set 19:50:00 25 6
Note: A caret is positioned under the number 6 from the previous command.
% Invalid input detected at ^ marker.
The diagram depicts command syntax check help. Cisco I O S returns a help message indicating that required keywords or arguments were left off of the end of the command.
Switch#clock set
% Incomplete command.
Switch#clock set 19:50:00
% Incomplete command.
Cisco I O S returns a help message to indicate that there were not enough characters entered for the command interpreter to recognize the command.
Switch#c
% Ambiguous command: 'c'
Cisco I O S returns a caret to indicate where the command interpreter cannot decipher the command.
Switch#clock set 19:50:00 25 6
Note: A caret is positioned under the number 6 from the previous command.
% Invalid input detected at ^ marker.
Page 3:
11.1.5 - Using C L I Help
The diagram depicts command syntax check messages and how to get help.
Error Message: % Ambiguous command: 'command'.
Meaning: Not enough characters entered for Cisco I O S to recognize the command.
Examples: Switch# c
% Ambiguous command: 'c'
How to Get Help: Reenter the command followed by a question mark (?) with no space between the command and the question mark.
The possible keywords that you can enter with the commands are displayed.
Error Message: % Incomplete command.
Meaning: Not all of the required keywords or arguments were entered.
Examples: Switch#clock set
& Incomplete command.
How to Get Help: Reenter the command followed by a question mark (?) with a space after the last word. The required keywords or arguments are displayed.
Error Message: % Invalid input detected at '^' marker.
Meaning: The command was entered incorrectly. The error occurred where the caret mark (^) appears.
Examples: Switch#
Clock set 19:50:00 25 6
Note: A caret is positioned under the number 6 from the previous command.
% Invalid input detected at '^' marker.
How to Get Help: Reenter the command followed by a question mark (?) in the place pointed by the '^' mark. It can be also needed to delete last keyword(s) or argument(s).
The diagram depicts command syntax check messages and how to get help.
Error Message: % Ambiguous command: 'command'.
Meaning: Not enough characters entered for Cisco I O S to recognize the command.
Examples: Switch# c
% Ambiguous command: 'c'
How to Get Help: Reenter the command followed by a question mark (?) with no space between the command and the question mark.
The possible keywords that you can enter with the commands are displayed.
Error Message: % Incomplete command.
Meaning: Not all of the required keywords or arguments were entered.
Examples: Switch#clock set
& Incomplete command.
How to Get Help: Reenter the command followed by a question mark (?) with a space after the last word. The required keywords or arguments are displayed.
Error Message: % Invalid input detected at '^' marker.
Meaning: The command was entered incorrectly. The error occurred where the caret mark (^) appears.
Examples: Switch#
Clock set 19:50:00 25 6
Note: A caret is positioned under the number 6 from the previous command.
% Invalid input detected at '^' marker.
How to Get Help: Reenter the command followed by a question mark (?) in the place pointed by the '^' mark. It can be also needed to delete last keyword(s) or argument(s).
Page 4:
Hot Keys and Shortcuts
The IOS CLI provides hot keys and shortcuts that make configuring, monitoring, and troubleshooting easier.
The figure shows most of the shortcuts. The following are worthy of special note:
- Tab - Completes the remainder of the command or keyword
- Ctrl-R - Redisplays a line
- Ctrl-Z - Exits configuration mode and returns to the EXEC
- Down Arrow - Allows user to scroll forward through former commands
- Up Arrow - Allows user to scroll backward through former commands
- Ctrl-Shift-6 - Allows the user to interrupt an IOS process such as ping or traceroute
- Ctrl-C - Aborts the current command and exits the configuration mode
Tab - Tab complete is used to complete the remainder of abbreviated commands and parameters if the abbreviation contains enough letters to be different from any other currently available commands or parameters. When enough of the command or keyword has been entered to appear unique, press the Tab key and the CLI will display the rest of the command or keyword.
This is a good technique to use when you are learning because it allows you to see the full word used for the command or keyword.
Ctrl-R - Redisplay line will refresh the line just typed. Use Ctrl-R to redisplay the line. For example, you may find that the IOS is returning a message to the CLI just as you are typing a line. You can use Ctrl-R to refresh the line and avoid having to retype it.
In this example, a message regarding a failed interface is returned in the middle of a command.
Switch#show mac-
16w4d: %LINK-5-CHANGED: Interface FastEthernet0/10, changed state to down
16w4d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/10, changed state to down
To redisplay to line that you were typing use Ctrl-R:
Switch#show mac
Ctrl-Z - Exit configuration mode. To leave a configuration mode and return to privileged EXEC mode, use Ctrl-Z. Because the IOS has a hierarchal mode structure, you may find yourself several levels down. Rather than exit each mode individually, use Ctrl-Z to return directly to the privileged EXEC prompt at the top level.
Up and Down arrows - Using previous commands. The Cisco IOS software buffers several past commands and characters so that entries can be recalled. The buffer is useful for reentering commands without retyping.
Key sequences are available to scroll through these buffered commands. Use the up arrow key (Ctrl P) to display the previously entered commands. Each time this key is pressed, the next successively older command will be displayed. Use the down arrow key (Ctrl N) to scroll forward through the history to display the more recent commands.
Ctrl-Shift-6 - Using the escape sequence. When an IOS process is initiated from the CLI, such as a ping or traceroute, the command runs until it is complete or is interrupted. While the process is running, the CLI is unresponsive. To interrupt the output and interact with the CLI, press Ctrl-Shift-6.
Ctrl-C - This interrupts the entry of a command and exits the configuration mode. This is useful when entering a command you may decide that you wish to cancel the command and exits the configuration mode.
Abbreviated commands or keywords. Commands and keywords can be abbreviated to the minimum number of characters that identifies a unique selection. For example, the configure command can be abbreviated to conf because configure is the only command that begins with conf. An abbreviation of con will not work because more than one command begins with con.
Keywords can also be abbreviated.
As another example, show interfaces can be abbreviated like this:
Router#show interfaces
Router#show int
You can abbreviate both the command and the keywords, for example:
Router#sh int
11.1.5 - Using C L I Help
The diagram depicts C L I hot keys and shortcuts.
C L I Editing:
-Tab - Completes a partial command name entry.
-Backspace - Erases the character to the left of the cursor.
-Ctrl-D - Erases the character at the cursor.
-Ctrl-K - Erases all characters from the cursor to the end of the command line.
-Escape D - Erases all characters from the cursor to the end of the word.
-Ctrl-U or Ctrl-X - Erases al characters from the cursor back to the beginning of the command line.
-Ctrl-W - Erases the word to the left of the cursor.
-Ctrl-A - Moves the cursor to the beginning of the line.
-Left Arrow or Ctrl-B - Moves the cursor one character to the left.
-Escape B - Moves the cursor back one word to the left.
-Escape F - Moves the cursor forward one word to the right.
-Right Arrow or Ctrl-F - Moves the cursor one character to the right.
-Ctrl-E - Moves the cursor to the end of command line.
-Up Arrow or Ctrl-P - Recalls a command in the history buffer, beginning with the most recent commands.
-Ctrl-R or Ctrl-I or Ctrl-L - Redisplays the system prompt and command line after a console message is received.
Note: The Delete key, used to erase to the right of the cursor, is not recognized by terminal programs.
At the More prompt:
-Enter key - Displays the next line.
-Space Bar - Displays the next screen.
-Any alphanumeric key - Returns to the EXEC prompt.
Break keys:
-Ctrl-C - When in any configuration mode, ends the configuration mode and returns to privileged EXEC mode. When in setup mode, goes back to the command prompt.
-Ctrl-Z - When in any configuration mode, ends the configuration mode and returns to privileged EXEC mode.
-Ctrl-Shift-6 - All-purpose break sequence. Stops DNS lookups, trace routes, pings.
Control keys - Press and hold the Ctrl key and then press the specified letter key.
Escape sequences - Press and release the Escape key, and then press the letter key.
The diagram depicts C L I hot keys and shortcuts.
C L I Editing:
-Tab - Completes a partial command name entry.
-Backspace - Erases the character to the left of the cursor.
-Ctrl-D - Erases the character at the cursor.
-Ctrl-K - Erases all characters from the cursor to the end of the command line.
-Escape D - Erases all characters from the cursor to the end of the word.
-Ctrl-U or Ctrl-X - Erases al characters from the cursor back to the beginning of the command line.
-Ctrl-W - Erases the word to the left of the cursor.
-Ctrl-A - Moves the cursor to the beginning of the line.
-Left Arrow or Ctrl-B - Moves the cursor one character to the left.
-Escape B - Moves the cursor back one word to the left.
-Escape F - Moves the cursor forward one word to the right.
-Right Arrow or Ctrl-F - Moves the cursor one character to the right.
-Ctrl-E - Moves the cursor to the end of command line.
-Up Arrow or Ctrl-P - Recalls a command in the history buffer, beginning with the most recent commands.
-Ctrl-R or Ctrl-I or Ctrl-L - Redisplays the system prompt and command line after a console message is received.
Note: The Delete key, used to erase to the right of the cursor, is not recognized by terminal programs.
At the More prompt:
-Enter key - Displays the next line.
-Space Bar - Displays the next screen.
-Any alphanumeric key - Returns to the EXEC prompt.
Break keys:
-Ctrl-C - When in any configuration mode, ends the configuration mode and returns to privileged EXEC mode. When in setup mode, goes back to the command prompt.
-Ctrl-Z - When in any configuration mode, ends the configuration mode and returns to privileged EXEC mode.
-Ctrl-Shift-6 - All-purpose break sequence. Stops DNS lookups, trace routes, pings.
Control keys - Press and hold the Ctrl key and then press the specified letter key.
Escape sequences - Press and release the Escape key, and then press the letter key.
11.1.6 IOS "Examination" Commands
Page 1:
In order to verify and troubleshoot network operation, we must examine the operation of the devices. The basic examination command is the show command.
There are many different variations of this command. As you develop more skill with the IOS, you will learn to use and interpret the output of the show commands. Use the show ? command to get a list of available commands in a given context, or mode.
The figure indicates how the typical show command can provide information about the configuration, operation, and status of parts of a Cisco router.
In this course, we use some of the more basic show commands.
11.1.6 - Cisco I O S "Examination" Commands
The diagram depicts how Cisco I O S show commands can provide information about the configuration, operation, and status of parts of the Cisco router.
RAM Components:
Internetwork Operating System.
Command: Router#show version
Programs.
Command: Router#show processes CPU
Command: Router#show protocols
Active Configuration File.
Command: Router#show running-config
Tables and Buffers.
Command: Router#show memory
Command: Router#show stacks
Command: Router#show buffers
NV RAM Components:
Backup Configuration File
Router#show startup-config
Flash Components:
Operating Systems
Router#show flash
Interfaces
Router#show interface
The diagram depicts how Cisco I O S show commands can provide information about the configuration, operation, and status of parts of the Cisco router.
RAM Components:
Internetwork Operating System.
Command: Router#show version
Programs.
Command: Router#show processes CPU
Command: Router#show protocols
Active Configuration File.
Command: Router#show running-config
Tables and Buffers.
Command: Router#show memory
Command: Router#show stacks
Command: Router#show buffers
NV RAM Components:
Backup Configuration File
Router#show startup-config
Flash Components:
Operating Systems
Router#show flash
Interfaces
Router#show interface
Page 2:
Some of the most commonly used commands are:
show interfaces
Displays statistics for all interfaces on the device. To view the statistics for a specific interface, enter the show interfaces command followed by the specific interface slot/port number. For example:
Router#show interfaces serial 0/1
show version
Displays information about the currently loaded software version, along with hardware and device information. Some of the information shown from this command are:
- Software Version - IOS software version (stored in flash)
- Bootstrap Version - Bootstrap version (stored in Boot ROM)
- System up-time - Time since last reboot
- System restart info - Method of restart (e.g., power cycle, crash)
- Software image name - IOS filename stored in flash
- Router Type and Processor type - Model number and processor type
- Memory type and allocation (Shared/Main) - Main Processor RAM and Shared Packet I/O buffering
- Software Features - Supported protocols / feature sets
- Hardware Interfaces - Interfaces available on router
- Configuration Register - Sets bootup specifications, console speed setting, and related parameters.
- show arp - Displays the ARP table of the device.
- show mac-address-table - (switch only) Displays the MAC table of a switch.
- show startup-config - Displays the saved configuration located in NVRAM.
- show running-config - Displays the contents of the currently running configuration file or the configuration for a specific interface, or map class information.
- show ip interfaces - Displays IPv4 statistics for all interfaces on a router. To view the statistics for a specific interface, enter the show ip interfaces command followed by the specific interface slot/port number. Another important format of this command is show ip interface brief. This is useful to get a quick summary of the interfaces and their operational state.
Router#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 172.16.255.254 YES manual up up
FastEthernet0/1 unassigned YES unset down down
Serial0/0/0 10.10.10.5 YES manual up up
Serial0/0/1 unassigned YES unset down down
The More Prompt
When a command returns more output than can be displayed on a single screen, the --More-- prompt appears at the bottom of the screen. When a --More-- prompt appears, press the Spacebar to view the next portion of output. To display only the next line, press the Enter key. If any other key is pressed, the output is cancelled and you are returned to the prompt.
11.1.6 - Cisco I O S "Examination" Commands
The diagram depicts typical output from the show version command for a router and a switch. The show version command displays information about the currently loaded software version, along with hardware and device information. Some of the information shown from this command is:
-Software Version - Cisco I O S software version (stored in flash).
-Bootstrap Version - Bootstrap version (stored in Boot ROM).
-System up-time - Time since last reboot.
-System restart info - Method of restart (for example, power cycle, crash).
-Software image name - Cisco I O S filename stored in flash.
-Router Type and Processor type - Model number and processor type.
-Memory type and allocation (Shared or Main) - Main Processor RAM and Shared Packet I/O buffering.
-Software Features - Supported protocols and feature sets.
-Hardware Interfaces - Interfaces available on the router.
-Configuration Register - Sets bootup specifications, console speed setting, and related parameters.
The diagram depicts typical output from the show version command for a router and a switch. The show version command displays information about the currently loaded software version, along with hardware and device information. Some of the information shown from this command is:
-Software Version - Cisco I O S software version (stored in flash).
-Bootstrap Version - Bootstrap version (stored in Boot ROM).
-System up-time - Time since last reboot.
-System restart info - Method of restart (for example, power cycle, crash).
-Software image name - Cisco I O S filename stored in flash.
-Router Type and Processor type - Model number and processor type.
-Memory type and allocation (Shared or Main) - Main Processor RAM and Shared Packet I/O buffering.
-Software Features - Supported protocols and feature sets.
-Hardware Interfaces - Interfaces available on the router.
-Configuration Register - Sets bootup specifications, console speed setting, and related parameters.
Page 3:
In this activity, you will use Packet Tracer to examine common IOS show commands.
Click the Packet Tracer icon to launch the Packet Tracer activity.
11.1.6 - Cisco I O S "Examination" Commands
Link to Packet Tracer Exploration: Examine Common Cisco I O S Show Commands
In this activity, you use Packet Tracer to examine common Cisco I O S show commands.
Link to Packet Tracer Exploration: Examine Common Cisco I O S Show Commands
In this activity, you use Packet Tracer to examine common Cisco I O S show commands.
11.1.7 IOS Configuration Modes
Page 1:
Global Configuration Mode
The primary configuration mode is called global configuration or global config. From global config, CLI configuration changes are made that affect the operation of the device as a whole.
We also use the global config mode as a precursor to accessing specific configuration modes.
The following CLI command is used to take the device from privileged EXEC mode to the global configuration mode and to allow entry of configuration commands from a terminal:
Router#configure terminal
Once the command is executed, the prompt changes to show that the router is in global configuration mode.
Router(config)#
Specific Configuration Modes
From the global config mode, there are many different configuration modes that may be entered. Each of these modes allows the configuration of a particular part or function of the IOS device. The list below shows a few of them:
- Interface mode - to configure one of the network interfaces (Fa0/0, S0/0/0,..)
- Line mode - to configure one of the lines (physical or virtual) (console, AUX, VTY,..)
- Router mode - to configure the parameters for one of the routing protocols
To exit a specific configuration mode and return to global configuration mode, enter exit at a prompt. To leave configuration mode completely and return to privileged EXEC mode, enter end or use the key sequence Ctrl-Z.
Once a change has been made from the global mode, it is good practice to save it to the startup configuration file stored in NVRAM. This prevents changes from being lost due to power failure or a deliberate restart. The command to save the running configuration to startup configuration file is:
Router#copy running-config startup-config
11.1.7 - Cisco IOS Configuration Modes
The diagram depicts the hierarchy of Cisco I O S
configuration modes. These include the following:
1. User EXEC mode.
2. Privileged EXEC mode.
3. Global configuration mode.
4. Specific configuration mode.
Examples of specific configuration modes include:
Configuration Mode: Interface
Prompt: Router(config- i f)#
Configuration Mode: Line
Prompt: Router(config-line)#
Configuration Mode: Router
Prompt: Router(config-router)#
The diagram depicts the hierarchy of Cisco I O S
configuration modes. These include the following:
1. User EXEC mode.
2. Privileged EXEC mode.
3. Global configuration mode.
4. Specific configuration mode.
Examples of specific configuration modes include:
Configuration Mode: Interface
Prompt: Router(config- i f)#
Configuration Mode: Line
Prompt: Router(config-line)#
Configuration Mode: Router
Prompt: Router(config-router)#
Page 2:
In this activity, you will use Packet Tracer to practice accessing IOS configuration modes
Click the Packet Tracer icon to launch the Packet Tracer activity.
11.1.7 - Cisco IOS Configuration Modes
Link to Packet Tracer Exploration: Cisco I O S Configuration Modes
In this activity, you use Packet Tracer to practice accessing Cisco I O S configuration modes.
Link to Packet Tracer Exploration: Cisco I O S Configuration Modes
In this activity, you use Packet Tracer to practice accessing Cisco I O S configuration modes.
11.2 Applying a Basic Configuration Using Cisco IOS
11.2.1 Devices Need NamesPage 1:
The hostname is used in CLI prompts. If the hostname is not explicitly configured, a router uses the factory-assigned default hostname "Router." A switch has a factory-assigned default hostname, "Switch." Imagine if an internetwork had several routers that were all named with the default name "Router." This would create considerable confusion during network configuration and maintenance.
When accessing a remote device using Telnet or SSH, it is important to have confirmation that an attachment has been made to the proper device. If all devices were left with their default names, we could not identify that the proper device is connected.
By choosing and documenting names wisely, it is easier to remember, discuss, and identify network devices. To name devices in a consistent and useful way requires the establishment of a naming convention that spans the company or, at least, the location. It is a good practice to create the naming convention at the same time as the addressing scheme to allow for continuity within the organization.
Some guidelines for naming conventions are that names should:
- Start with a letter
- Not contain a space
- End with a letter or digit
- Have characters of only letters, digits, and dashes
- Be 63 characters or fewer
As part of the device configuration, a unique hostname should be configured for each device.
Note: Device host names are only used by administrators when they use the CLI to configure and monitor devices. Unless configured to do so, the devices themselves do not use these names when they discover each other and interoperate.
11.2.1 - Devices Need Names
The diagram depicts a basic configuration using Cisco I O S.
A network administrator is shown attempting to connect to network devices (three routers and a switch) that are not properly configured. Without names, network devices are difficult to identify for configuration purposes.
The diagram depicts a basic configuration using Cisco I O S.
A network administrator is shown attempting to connect to network devices (three routers and a switch) that are not properly configured. Without names, network devices are difficult to identify for configuration purposes.
Page 2:
Applying Names - an Example
Let's use an example of three routers connected together in a network spanning three different cities (Atlanta, Phoenix, and Corpus) as shown in the figure.
To create a naming convention for routers, take into consideration the location and the purpose of the devices. Ask yourself questions such as these: Will these routers be part of an organization's headquarters? Does each router have a different purpose? For example, is the Atlanta router a primary junction point in the network or is it one junction in a chain?
In this example, we will identify each router as a branch headquarters for each city. The names could be AtlantaHQ, PhoenixHQ, and CorpusHQ. Had each router been a junction in a successive chain, the names could be AtlantaJunction1, PhoenixJunction2, and CorpusJunction3.
In the network documentation, we would include these names, and the reasons for choosing them, to ensure continuity in our naming convention as devices are added.
Once the naming convention has been identified, the next step is to apply the names to the router using the CLI. This example will walk us through the naming of the Atlanta router.
Configure IOS Hostname
From the privileged EXEC mode, access the global configuration mode by entering the configure terminal command:
Router#configure terminal
After the command is executed, the prompt will change to:
Router(config)#
In the global mode, enter the hostname:
Router(config)#hostname AtlantaHQ
After the command is executed, the prompt will change to:
AtlantaHQ(config)#
Notice that the hostname appears in the prompt. To exit global mode, use the exit command.
Always make sure that your documentation is updated each time a device is added or modified. Identify devices in the documentation by their location, purpose, and address.
Note: To negate the effects of a command, preface the command with the no keyword.
For example, to remove the name of a device, use:
AtlantaHQ(config)# no hostname
Router(config)#
Notice that the no hostname command caused the router to revert to the default hostname of "Router."
11.2.1 - Devices Need Names
The diagram depicts configuring device names. The network administrator is shown configuring the router and switch with the following names.
Router: Corpus HQ
Router: Phoenix HQ
Router: Atlanta HQ
Switch: Flour_Bluff
The following commands name a router network device for configuration purposes. The router prompt now has the name of the router imbedded in it.
Router>
Router> enable
Router#
Router# configure terminal
Router(config)# hostname Atlanta HQ
Atlanta HQ(config)#
The diagram depicts configuring device names. The network administrator is shown configuring the router and switch with the following names.
Router: Corpus HQ
Router: Phoenix HQ
Router: Atlanta HQ
Switch: Flour_Bluff
The following commands name a router network device for configuration purposes. The router prompt now has the name of the router imbedded in it.
Router>
Router> enable
Router#
Router# configure terminal
Router(config)# hostname Atlanta HQ
Atlanta HQ(config)#
Page 3:
In this activity, you will use Packet Tracer to configure hostnames on routers and switches.
Links
RFC 1178, "Choosing a Name for Your Computer,"
http://www.faqs.org/rfcs/rfc1178.html
Click the Packet Tracer icon to launch the Packet Tracer activity.
11.2.1 - Devices Need Names
Link to Packet Tracer Exploration: Configuring Hostnames on Routers and Switches
In this activity, you use Packet Tracer to configure hostnames on routers and switches.
Link to Packet Tracer Exploration: Configuring Hostnames on Routers and Switches
In this activity, you use Packet Tracer to configure hostnames on routers and switches.
11.2.2 Limiting Device Access - Configuring Passwords and Using Banners
Page 1:
Physically limiting access to network devices with closets and locked racks is a good practice; however, passwords are the primary defense against unauthorized access to network devices. Every device should have locally configured passwords to limit access. In a later course, we will introduce how to strengthen security by requiring a userID along with a password. For now, we will present basic security precautions using only passwords.
As discussed previously, the IOS uses hierarchical modes to help with device security. As part of this security enforcement, the IOS can accept several passwords to allow different access privileges to the device.
The passwords introduced here are:
- Console password - limits device access using the console connection
- Enable password - limits access to the privileged EXEC mode
- Enable secret password - encrypted, limits access to the privileged EXEC mode
- VTY password - limits device access using Telnet
Additionally, use strong passwords that are not easily guessed. The use of weak or easily guessed passwords continues to be a security issue in many facets of the business world.
Consider these key points when choosing passwords:
- Use passwords that are more than 8 characters in length.
- Use a combination of upper and lowercase and/or numeric sequences in passwords.
- Avoid using the same password for all devices.
- Avoid using common words such as password or administrator, because these are easily guessed.
As shown in the figure, when prompted for a password, the device will not echo the password as it is being entered. In other words, the password characters will not appear when you type. This is done for security purposes - many passwords are gathered by prying eyes.
Console Password
The console port of a Cisco IOS device has special privileges. The console port of network devices must be secured, at a bare minimum, by requiring the user to supply a strong password. This reduces the chance of unauthorized personnel physically plugging a cable into the device and gaining device access.
The following commands are used in global configuration mode to set a password for the console line:
Switch(config)#line console 0
Switch(config-line)#password password
Switch(config-line)#login
From global configuration mode, the command line console 0 is used to enter line configuration mode for the console. The zero is used to represent the first (and in most cases only) console interface for a router.
The second command, password password specifies a password on a line.
The login command configures the router to require authentication upon login. When login is enabled and a password set, there will be a prompt to enter a password.
Once these three commands are executed, a password prompt will appear each time a user attempts to gain access to the console port.
11.2.2 - Limiting Device Access - Configuring Passwords and Using Banners
The diagram depicts limiting device access by configuring console passwords. The following configuration requires a console login when the switch is next accessed.
Switch(config)#line console 0
Switch(config-line)#password cisco
Switch(config-line)#login
Press RETURN to get started!
User Access Verification
Password:
Switch>
Note: Password characters are not displayed when entered.
The diagram depicts limiting device access by configuring console passwords. The following configuration requires a console login when the switch is next accessed.
Switch(config)#line console 0
Switch(config-line)#password cisco
Switch(config-line)#login
Press RETURN to get started!
User Access Verification
Password:
Switch>
Note: Password characters are not displayed when entered.
Page 2:
Enable and Enable Secret Passwords
To provide additional security, use the enable password command or the enable secret command. Either of these commands can be used to establish authentication before accessing privileged EXEC (enable) mode.
Always use the enable secret command, not the older enable password command, if possible. The enable secret command provides greater security because the password is encrypted. The enable password command can be used only if enable secret has not yet been set.
The enable password command would be used if the device uses an older copy of the Cisco IOS software that does not recognize the enable secret command.
The following commands are used to set the passwords:
Router(config)#enable password password
Router(config)#enable secret password
Note: If no enable password or enable secret password is set, the IOS prevents privileged EXEC access from a Telnet session.
Without an enable password having been set, a Telnet session would appear this way:
Switch>enable
% No password set
Switch>
VTY Password
The vty lines allow access to a router via Telnet. By default, many Cisco devices support five VTY lines that are numbered 0 to 4. A password needs to be set for all available vty lines. The same password can be set for all connections. However, it is often desirable that a unique password be set for one line to provide a fall-back for administrative entry to the device if the other connections are in use.
The following commands are used to set a password on vty lines:
Router(config)#line vty 0 4
Router(config-line)#password password
Router(config-line)#login
By default, the IOS includes the login command on the VTY lines. This prevents Telnet access to the device without first requiring authentication. If, by mistake, the no login command is set, which removes the requirement for authentication, unauthorized persons could connect to the line using Telnet. This would be a major security risk.
Encrypting Password Display
Another useful command prevents passwords from showing up as plain text when viewing the configuration files. This is the service password-encryption command.
This command causes the encryption of passwords to occur when a password is configured. The service password-encryption command applies weak encryption to all unencrypted passwords. This encryption does not apply to passwords as they are sent over media only in the configuration. The purpose of this command is to keep unauthorized individuals from viewing passwords in the configuration file.
If you execute the show running-config or show startup-config command prior to the service password-encryption command being executed, the unencrypted passwords are visible in the configuration output. The service password-encryption can then be executed and the encryption will be applied to the passwords. Once the encryption has been applied, removing the encryption service does not reverse the encryption.
11.2.2 - Limiting Device Access - Configuring Passwords and Using Banners
The diagram depicts limiting device access by configuring a telnet password and password encryption.
Virtual Terminal Password:
Router(config)#line v t y 0 4
Router(config-line)#password cisco
Router(config-line)#login
Enable Password:
Router(config)#enable password san fran
Enable Secret Password:
Router(config)#enable secret cisco
Note: The enable secret password is a strongly encrypted password.
The diagram depicts limiting device access by configuring a telnet password and password encryption.
Virtual Terminal Password:
Router(config)#line v t y 0 4
Router(config-line)#password cisco
Router(config-line)#login
Enable Password:
Router(config)#enable password san fran
Enable Secret Password:
Router(config)#enable secret cisco
Note: The enable secret password is a strongly encrypted password.
Page 3:
Banner Messages
Although requiring passwords is one way to keep unauthorized personnel out of a network, it is vital to provide a method for declaring that only authorized personnel should attempt to gain entry into the device. To do this, add a banner to the device output.
Banners can be an important part of the legal process in the event that someone is prosecuted for breaking into a device. Some legal systems do not allow prosecution, or even the monitoring of users, unless a notification is visible.
The exact content or wording of a banner depends on the local laws and corporate policies. Here are some examples of information to include in a banner:
- "Use of the device is specifically for authorized personnel."
- "Activity may be monitored."
- "Legal action will be pursued for any unauthorized use."
The creation of banners is a simple process; however, banners should be used appropriately. When a banner is utilized it should never welcome someone to the router. It should detail that only authorized personnel are allowed to access the device. Further, the banner can include scheduled system shutdowns and other information that affects all network users.
The IOS provides multiple types of banners. One common banner is the message of the day (MOTD). It is often used for legal notification because it is displayed to all connected terminals.
Configure MOTD using the banner motd command from global mode.
As shown in the figure, the banner motd command requires the use of delimiters to identify the content of the banner message. The banner motd command is followed by a space and a delimiting character. Then, one or more lines of text are entered to represent the banner message. A second occurrence of the delimiting character denotes the end of the message. The delimiting character can be any character as long as it does not occur in the message. For this reason, symbols such as the "#" are often used.
To configure a MOTD, from global configuration mode enter the banner motd command:
Switch(config)#banner motd # message #
Once the command is executed, the banner will be displayed on all subsequent attempts to access the device until the banner is removed.
11.2.2 - Limiting Device Access - Configuring Passwords and Using Banners
The diagram depicts limiting device access using a login banner.
LAB_A(config)#banner m o t d # This is a secure system.
Authorized Access ONLY!!! #
Note: the number signs are delimiting characters and are not included in the message.
Router terminal window output after login banner has been set. Note the message of the day banner resulting from the previous configuration.
LAB_A con0 is now available
Press RETURN to get started.
This is a secure system. Authorized Access ONLY!!!
User Access Verification
password:
LAB_A>enable
Password:
LAB_A#
The diagram depicts limiting device access using a login banner.
LAB_A(config)#banner m o t d # This is a secure system.
Authorized Access ONLY!!! #
Note: the number signs are delimiting characters and are not included in the message.
Router terminal window output after login banner has been set. Note the message of the day banner resulting from the previous configuration.
LAB_A con0 is now available
Press RETURN to get started.
This is a secure system. Authorized Access ONLY!!!
User Access Verification
password:
LAB_A>enable
Password:
LAB_A#
Page 4:
In this activity, you will use Packet Tracer to practice the IOS commands for setting passwords and banners on switches and routers.
Click the Packet Tracer icon to launch the Packet Tracer activity.
11.2.2 - Limiting Device Access - Configuring Passwords and Using Banners
Link to Packet Tracer Exploration: Cisco I O S Commands for Setting Passwords and Banners
In this activity, you use Packet Tracer to practice the Cisco I O S commands for setting passwords and banners on switches and routers.
Link to Packet Tracer Exploration: Cisco I O S Commands for Setting Passwords and Banners
In this activity, you use Packet Tracer to practice the Cisco I O S commands for setting passwords and banners on switches and routers.
11.2.3 Managing Configuration Files
Page 1:
As we have discussed, modifying a running configuration affects the operation of the device immediately.
After making changes to a configuration, consider these options for the next step:
- Make the changed configuration the new startup configuration.
- Return the device to its original configuration.
- Remove all configuration from the device.
Remember, because the running configuration is stored in RAM, it is temporarily active while the Cisco device is running (powered on). If power to the router is lost or if the router is restarted, all configuration changes will be lost unless they have been saved.
Saving the running configuration to the startup configuration file in NVRAM preserves the changes as the new startup configuration.
Before committing to the changes, use the appropriate show commands to verify the device's operation. As shown in the figure, the show running-config command can be used to see a running configuration file.
When the changes are verified to be correct, use the copy running-config startup-config command at the privileged EXEC mode prompt. The following example shows the command:
Switch#copy running-config startup-config
Once executed, the running configuration file replaces the startup configuration file.
Return the Device to Its Original Configuration
If the changes made to the running configuration do not have the desired effect, it may become necessary to restore the device to its previous configuration. Assuming that we have not overwritten the startup configuration with the changes, we can replace the running configuration with the startup configuration. This is best done by restarting the device using the reload command at the privileged EXEC mode prompt.
When initiating a reload, the IOS will detect that the running config has changes that were not saved to startup configuration. A prompt will appear to ask whether to save the changes made. To discard the changes, enter n or no.
An additional prompt will appear to confirm the reload. To confirm, press the Enter key. Pressing any other key will abort the process.
For example:
Router#reload
System configuration has been modified. Save? [yes/no]: n
Proceed with reload? [confirm]
*Apr 13 01:34:15.758: %SYS-5-RELOAD: Reload requested by console. Reload Reason:
Reload Command.
System Bootstrap, Version 12.3(8r)T8, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2004 by cisco Systems, Inc.
PLD version 0x10
GIO ASIC version 0x127
c1841 processor with 131072 Kbytes of main memory
Main memory is configured to 64 bit mode with parity disabled
11.2.3 - Managing Configuration Files
The diagram depicts checking configuration files using the following command. This lists the complete configuration currently active in RAM.
Router#show running-configuration
Version 12.2
hostname Router
interface FastEthernet0/0
no i p address
duplex auto
speed auto
shutdown
interface Serial0/0
no i p address
shutdown
interface Serial0/1
no i p address
shutdown
The active configuration can be copied to NV RAM using the following command:
Router#copy running-configuration startup-configuration
The diagram depicts checking configuration files using the following command. This lists the complete configuration currently active in RAM.
Router#show running-configuration
Version 12.2
hostname Router
interface FastEthernet0/0
no i p address
duplex auto
speed auto
shutdown
interface Serial0/0
no i p address
shutdown
interface Serial0/1
no i p address
shutdown
The active configuration can be copied to NV RAM using the following command:
Router#copy running-configuration startup-configuration
Page 2:
Backing Up Configurations Offline
Configuration files should be stored as backup files in the event of a problem. Configuration files can be stored on a Trivial File Transfer Protocol (TFTP) server, a CD, a USB memory stick, or a floppy disk stored in a safe place. A configuration file should also be included in the network documentation.
Backup Configuration on TFTP Server
As shown in the figure, one option is to save the running configuration or the startup configuration to a TFTP server. Use either the copy running-config tftp or copy startup-config tftp command and follow these steps:
1. Enter the copy running-config tftp command.
2. Enter the IP address of the host where the configuration file will be stored.
3. Enter the name to assign to the configuration file.
4. Press Enter to confirm each choice.
See the figure to view this process.
Removing All Configurations
If undesired changes are saved to the startup configuration, it may be necessary to clear all the configurations. This requires erasing the startup configuration and restarting the device.
The startup configuration is removed by using the erase startup-config command.
To erase the startup configuration file use erase NVRAM:startup-config or erase startup-config at the privileged EXEC mode prompt:
Router#erase startup-config
Once the command is issued, the router will prompt you for confirmation:
Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]
Confirm is the default response. To confirm and erase the startup configuration file, press the Enter key. Pressing any other key will abort the process.
Caution: Exercise care when using the erase command. This command can be used to erase any file in the device. Improper use of the command can erase the IOS itself or another critical file.
After removing the startup configuration from NVRAM, reload the device to remove the current running configuration file from RAM. The device will then load the default startup configuration that was originally shipped with the device into the running configuration.
11.2.3 - Managing Configuration Files
The diagram depicts copying the active configuration to a TFTP server using the following command:
Router#copy running-config tftp
Remote host [ ]? 131.108.2.155
Name of configuration file to write [Tokyo-config]? tokyo.2
Write file Tokyo.2 to 131.108.2.155? [confirm]
Writing Tokyo.2 !!!!!! [OK]
The diagram depicts copying the active configuration to a TFTP server using the following command:
Router#copy running-config tftp
Remote host [ ]? 131.108.2.155
Name of configuration file to write [Tokyo-config]? tokyo.2
Write file Tokyo.2 to 131.108.2.155? [confirm]
Writing Tokyo.2 !!!!!! [OK]
Page 3:
Backup Configurations with Text Capture (HyperTerminal)
Configuration files can be saved/archived to a text document. This sequence of steps ensures that a working copy of the configuration files is available for editing or reuse later.
When using HyperTerminal, follow these steps:
1. On the Transfer menu, click Capture Text.
2. Choose the location.
3. Click Start to begin capturing text.
4. Once capture has been started, execute the show running-config or show startup-config command at the privileged EXEC prompt. Text displayed in the terminal window will be placed into the chosen file.
5. After the configurations have been displayed, Stop the capture.
6. View the output to verify that it was not corrupted.
See the figure for an example.
11.2.3 - Managing Configuration Files
The diagram depicts saving or archiving configuration files to a text document using HyperTerminal. This sequence of steps ensures that a working copy of the configuration file is available for editing or reuse later.
In the terminal session:
1. Start the text capture process. From the program menu, use the Transfer, Capture Text option.
2. Issue a show running-config command.
3. Stop the capture process. From the program menu, use the Transfer, Capture Text, Stop option.
4. Save the text file.
The diagram depicts saving or archiving configuration files to a text document using HyperTerminal. This sequence of steps ensures that a working copy of the configuration file is available for editing or reuse later.
In the terminal session:
1. Start the text capture process. From the program menu, use the Transfer, Capture Text option.
2. Issue a show running-config command.
3. Stop the capture process. From the program menu, use the Transfer, Capture Text, Stop option.
4. Save the text file.
Page 4:
Backup Configurations with Text Capture (TeraTerm)
Configuration files can be saved/archived to a text document using TeraTerm.
As shown in the figure, the steps are:
1. On the File menu, click Log.
2. Choose the location. TeraTerm will begin capturing text.
3. Once capture has been started, execute the show running-config or show startup-config command at the privileged EXEC prompt. Text displayed in the terminal window will be placed into the chosen file.
4. When the capture is complete, select Close in the TeraTerm: Log window.
5. View the output to verify that it was not corrupted.
Restoring Text Configurations
A configuration file can be copied from storage to a device. When copied into the terminal, the IOS executes each line of the configuration text as a command. This means that the file will require editing to ensure that encrypted passwords are in plain text and that non-command text such as "--More--" and IOS messages are removed. This process is discussed in the lab.
Further, at the CLI, the device must be set at the global configuration mode to receive the commands from the text file being copied.
When using HyperTerminal, the steps are:
1. Locate the file to be copied into the device and open the text document.
2. Copy all of the text.
3. On the Edit menu, click paste to host.
When using TeraTerm, the steps are:
1. On the File menu, click Send file.
2. Locate the file to be copied into the device and click Open.
3. TeraTerm will paste the file into the device.
The text in the file will be applied as commands in the CLI and become the running configuration on the device. This is a convenient method for manually configuring a router.
11.2.3 - Managing Configuration Files
The diagram depicts saving or archiving configuration files to a text document using TeraTerm.
In the terminal session:
1. Start the log process. Select Log from the File menu.
2. Issue a show running-config command.
3. Close the log.
The diagram depicts saving or archiving configuration files to a text document using TeraTerm.
In the terminal session:
1. Start the log process. Select Log from the File menu.
2. Issue a show running-config command.
3. Close the log.
Page 5:
In this activity, you will use Packet Tracer to practice IOS configuration management.
Click the Packet Tracer icon to launch the Packet Tracer activity.
11.2.3 - Managing Configuration Files
Link to Packet Tracer Exploration: Practice Cisco I O S Configuration Management
In this activity, you use Packet Tracer to practice Cisco I O S configuration management.
Link to Packet Tracer Exploration: Practice Cisco I O S Configuration Management
In this activity, you use Packet Tracer to practice Cisco I O S configuration management.
11.2.4 Configuring Interfaces
Page 1:
Throughout this chapter, we have discussed commands that are generic to IOS devices. Some configurations are specific to a type of device. One such configuration is the configuration of interfaces on a router.
Most intermediary network devices have an IP address for the purpose of device management. Some devices, such as switches and wireless access points, can operate without having an IP address.
Because the purpose of a router is to interconnect different networks, each interface on a router has its own unique IPv4 address. The address assigned to each interface exists in a separate network devoted to the interconnection of routers.
There are many parameters that can be configured on router interfaces. We will discuss the most basic interface commands, which are summarized in the figure.
11.2.4 - Configuring Interfaces
The diagram depicts configuring router interfaces. All interfaces are accessed by issuing the interface command at the global configuration prompt.
In the following commands, the type argument includes serial, Ethernet, FastEthernet, and others.
Command Box 1 shows the following:
Router(config)#interface type port
Router(config)#interface type slot/port
Router(config)#interface type slot/subslot/port
The following command is used to administratively turn off the interface:
Router(config- i f)#shutdown
The following command is used to turn on an interface that has been shut down:
Router(config- i f)#no shutdown
The following command is used to quit the current interface configuration mode:
Router(config- i f)#exit
When the configuration is complete, the interface is enabled, and interface configuration mode is exited.
The diagram depicts configuring router interfaces. All interfaces are accessed by issuing the interface command at the global configuration prompt.
In the following commands, the type argument includes serial, Ethernet, FastEthernet, and others.
Command Box 1 shows the following:
Router(config)#interface type port
Router(config)#interface type slot/port
Router(config)#interface type slot/subslot/port
The following command is used to administratively turn off the interface:
Router(config- i f)#shutdown
The following command is used to turn on an interface that has been shut down:
Router(config- i f)#no shutdown
The following command is used to quit the current interface configuration mode:
Router(config- i f)#exit
When the configuration is complete, the interface is enabled, and interface configuration mode is exited.
Page 2:
Configuring Router Ethernet Interfaces
Router Ethernet interfaces are used as the gateways for the end devices on the LANs directly connected to the router.
Each Ethernet interface must have an IP address and subnet mask to route IP packets.
To configure an Ethernet interface follow these steps:
1. Enter global configuration mode.
2. Enter interface configuration mode.
3. Specify the interface address and subnet mask.
4. Enable the interface.
As shown in the figure, configure the Ethernet IP address using the following commands:
Router(config)#interface FastEthernet 0/0
Router(config-if)#ip address ip_address netmask
Router(config-if)#no shutdown
Enabling the Interface
By default, interfaces are disabled. To enable an interface, enter the no shutdown command from the interface configuration mode. If an interface needs to be disabled for maintenance or troubleshooting, use the shutdown command.
Configuring Router Serial Interfaces
Serial interfaces are used to connect WANs to routers at a remote site or ISP.
To configure a serial interface follow these steps:
1. Enter global configuration mode.
2. Enter interface mode.
3. Specify the interface address and subnet mask.
4. Set the clock rate if a DCE cable is connected. Skip this step if a DTE cable is connected.
5. Turn on the interface.
Each connected serial interface must have an IP address and subnet mask to route IP packets.
Configure the IP address with the following commands:
Router(config)#interface Serial 0/0/0
Router(config-if)#ip address ip_address netmask
Serial interfaces require a clock signal to control the timing of the communications. In most environments, a DCE device such as a CSU/DSU will provide the clock. By default, Cisco routers are DTE devices, but they can be configured as DCE devices.
On serial links that are directly interconnected, as in our lab environment, one side must operate as DCE to provide a clocking signal. The clock is enabled and the speed is specified with the clock rate command. Some bit rates might not be available on certain serial interfaces. This depends on the capacity of each interface.
In the lab, if a clock rate needs to be set on an interface identified as DCE, use the 56000 clock rate.
As shown in the figure, the commands that are used to set a clock rate and enable a serial interface are:
Router(config)#interface Serial 0/0/0
Router(config-if)#clock rate 56000
Router(config-if)#no shutdown
Once configuration changes are made to the router, remember to use the show commands to verify the accuracy of the changes, and then save the changed configuration as the startup configuration.
11.2.4 - Configuring Interfaces
The diagram depicts configuring Ethernet and serial interfaces. The back of a Cisco 1841 router is shown with the interfaces identified. The bottom FastEthernet 0/0 interface is highlighted for router Ethernet interface configuration, and the bottom Serial 0/0/0 interface is highlighted for router serial interface configuration.
Configuring a router Ethernet interface:
Router(config)#interface FastEthernet 0/0
Router(config- i f)#i p address 192.168.10.1 255.255.255.0
Router(config- i f)#no shutdown
Router(config- i f)#exit
Router(config)#
Configuring a router serial interface:
Router(config)#interface Serial 0/0/0
Router(config- i f)#i p address 192.168.11.1 255.255.255.252
Router(config- i f)#clock rate 56000
Router(config- i f)#no shutdown
Router(config- i f)#exit
Router(config)#
The diagram depicts configuring Ethernet and serial interfaces. The back of a Cisco 1841 router is shown with the interfaces identified. The bottom FastEthernet 0/0 interface is highlighted for router Ethernet interface configuration, and the bottom Serial 0/0/0 interface is highlighted for router serial interface configuration.
Configuring a router Ethernet interface:
Router(config)#interface FastEthernet 0/0
Router(config- i f)#i p address 192.168.10.1 255.255.255.0
Router(config- i f)#no shutdown
Router(config- i f)#exit
Router(config)#
Configuring a router serial interface:
Router(config)#interface Serial 0/0/0
Router(config- i f)#i p address 192.168.11.1 255.255.255.252
Router(config- i f)#clock rate 56000
Router(config- i f)#no shutdown
Router(config- i f)#exit
Router(config)#
Page 3:
As the hostname helps to identify the device on a network, an interface description indicates the purpose of the interface. A description of what an interface does or where it is connected should be part of the configuration of each interface. This description can be useful for troubleshooting.
The interface description will appear in the output of these commands: show startup-config, show running-config, and show interfaces.
For example, this description provides valuable information about the purpose of the interface:
This interface is the gateway for the administration LAN.
A description can assist in determining the devices or locations connected to the interface. Here is another example:
Interface F0/0 is connected to the main switch in the administration building.
When support personnel can easily identify the purpose of an interface or connected device, they can more easily understand the scope of a problem, and this can lead to reaching a resolution sooner.
Circuit and contact information can also be embedded in the interface description. The following description for a serial interface provides the information the network administrator may need before deciding to test a WAN circuit. This description indicates where the circuit terminates, the circuit ID, and the phone number of the company supplying the circuit:
FR to GAD1 circuit ID:AA.HCGN.556460 DLCI 511 - support# 555.1212
To create a description, use the command description. This example shows the commands used to create a description for a FastEthernet interface:
HQ-switch1#configure terminal
HQ-switch1(config)#interface fa0/1
HQ-switch1(config-if)#description Connects to main switch in Building A
Once the description is applied to the interface, use the show interfaces command to verify the description is correct.
See the figure for an example.
11.2.4 - Configuring Interfaces
The diagram depicts configuring router interface descriptions used for internal network documentation.
Example 1:
Router(config)#interface FastEthernet 0/0
Router(config- i f)#description Building B Sales LAN
Router(config- i f)#exit
Note: The description is all the text after the command description and the space.
Example 2:
Router(config)#interface Serial 0/0/0
Router(config- i f)#description To Perth CKT-PT27834365-01
Router(config- i f)#exit
The diagram depicts configuring router interface descriptions used for internal network documentation.
Example 1:
Router(config)#interface FastEthernet 0/0
Router(config- i f)#description Building B Sales LAN
Router(config- i f)#exit
Note: The description is all the text after the command description and the space.
Example 2:
Router(config)#interface Serial 0/0/0
Router(config- i f)#description To Perth CKT-PT27834365-01
Router(config- i f)#exit
Page 4:
Configuring a Switch Interface
A LAN switch is an intermediary device that interconnects segments within a network. Therefore, the physical interfaces on the switch do not have IP addresses. Unlike a router where the physical interfaces are connected to different networks, a physical interface on a switch connects devices within a network.
Switch interfaces are also enabled by default. As shown in the Switch 1 figure, we can assign descriptions but do not have to enable the interface.
In order to be able to manage a switch, we assign addresses to the device. With an IP address assigned to the switch, it acts like a host device. Once the address is assigned, we access the switch with telnet, ssh or web services.
The address for a switch is assigned to a virtual interface represented as a Virtual LAN interface (VLAN). In most cases, this is the interface VLAN 1. In the Switch 2 figure, we assign an IP address to the VLAN 1 interface. Like the physical interfaces of a router, we also must enable this interface with the no shutdown command.
Like any other host, the switch needs a gateway address defined to communicate outside of the local network. As shown in the Switch 2 figure, we assign this gateway with the ip default-gateway command.
11.2.4 - Configuring Interfaces
The diagram depicts configuring a switch interface.
Switch 1 Configuration. In this example, note the interface configuration.
Switch1#configure terminal
Switch1(config)#interface FastEthernet 0/1
Switch1(config- i f)#description To TAM switch
Switch1(config- i f)#exit
Switch1(config)#hostname Flour_Bluff
Flour_Bluff(config)#exit
Flour_Bluff#
Switch 2 Configuration. In this example, note how the prompt changes to indicate the current Cisco I O S mode.
Switch2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch2(config) #interface v lan 1
Switch2(config- i f) #i p address 192.168.1.2 255.255.255.0
Switch2(config- i f) #no shutdown
Switch2(config- i f) #exit
Switch2(config) #i p default-gateway 192.168.1.1
Switch2(config) #exit
Switch2#
The diagram depicts configuring a switch interface.
Switch 1 Configuration. In this example, note the interface configuration.
Switch1#configure terminal
Switch1(config)#interface FastEthernet 0/1
Switch1(config- i f)#description To TAM switch
Switch1(config- i f)#exit
Switch1(config)#hostname Flour_Bluff
Flour_Bluff(config)#exit
Flour_Bluff#
Switch 2 Configuration. In this example, note how the prompt changes to indicate the current Cisco I O S mode.
Switch2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch2(config) #interface v lan 1
Switch2(config- i f) #i p address 192.168.1.2 255.255.255.0
Switch2(config- i f) #no shutdown
Switch2(config- i f) #exit
Switch2(config) #i p default-gateway 192.168.1.1
Switch2(config) #exit
Switch2#
Page 5:
In this activity, you will use Packet Tracer to practice the IOS commands to configure interfaces.
Click the Packet Tracer icon to launch the Packet Tracer activity.
11.2.4 - Configuring Interfaces
Link to Packet Tracer Exploration: Configuring Interfaces
In this activity, you use Packet Tracer to practice the Cisco I O S commands to configure interfaces.
Link to Packet Tracer Exploration: Configuring Interfaces
In this activity, you use Packet Tracer to practice the Cisco I O S commands to configure interfaces.
11.3 Verifying Connectivity
11.3.1 Test the StackPage 1:
The Ping Command
Using the ping command is an effective way to test connectivity. The test is often referred to as testing the protocol stack, because the ping command moves from Layer 3 of the OSI model to Layer 2 and then Layer 1. Ping uses the ICMP protocol to check for connectivity.
Using ping in a Testing Sequence
In this section, we will use the router IOS ping command in a planned sequence of steps to establish valid connections, starting with the individual device and then extending to the LAN and, finally, to remote networks. By using the ping command in this ordered sequence, problems can be isolated. The ping command will not always pinpoint the nature of the problem, but it can help to identify the source of the problem, an important first step in troubleshooting a network failure.
The ping command provides a method for checking the protocol stack and IPv4 address configuration on a host. There are additional tools that can provide more information than ping, such as Telnet or Trace, which will be discussed in more detail later.
IOS Ping Indicators
A ping from the IOS will yield to one of several indications for each ICMP echo that was sent. The most common indicators are:
- ! - indicates receipt of an ICMP echo reply
- . - indicates a timed out while waiting for a reply
- U - an ICMP unreachable message was received
The "." (period) can indicate problems in the communication. It may indicate connectivity problem occurred somewhere along the path. It also may indicate a router along the path did not have a route to the destination and did not send an ICMP destination unreachable message. It also may indicate that ping was blocked by device security.
The "U" indicates that a router along the path did not have a route to the destination address and responded with an ICMP unreachable message.
Testing the Loopback
As a first step in the testing sequence, the ping command is used to verify the internal IP configuration on the local host. Recall that this test is accomplished by using the ping command on a reserved address called the loopback (127.0.0.1). This verifies the proper operation of the protocol stack from the Network layer to the Physical layer - and back - without actually putting a signal on the media.
Ping commands are entered into a command line.
Enter the ping loopback command with this syntax:
C:>ping 127.0.0.1
The reply from this command would look something like this:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
The result indicates that four test packets were sent - each 32 bytes in size - and were returned from host 127.0.0.1 in a time of less than 1 ms. TTL stands for Time to Live and defines the number of hops that the ping packet has remaining before it will be dropped.
11.3.1 - Test the Stack
The diagram depicts testing the local TCP/IP stack by pinging the local host. This confirms that TCP/IP is installed and working on the local network adapter.
Pinging 127.0.0.1 causes a device to ping itself.
The diagram depicts testing the local TCP/IP stack by pinging the local host. This confirms that TCP/IP is installed and working on the local network adapter.
Pinging 127.0.0.1 causes a device to ping itself.
Page 2:
In this activity, you will use the IOS ping command in Packet Tracer to determine if the state of IP connection operational.
Click the Packet Tracer icon to launch the Packet Tracer activity.
11.3.1 - Test the Stack
Link to Packet Tracer Exploration: Testing the Protocol Stack
In this activity, you use the Cisco I O S ping command in Packet Tracer to determine if the state of the IP connection is operational.
Link to Packet Tracer Exploration: Testing the Protocol Stack
In this activity, you use the Cisco I O S ping command in Packet Tracer to determine if the state of the IP connection is operational.
11.3.2 Testing the Interface Assignment
Page 1:
In the same way that you use commands and utilities to verify a host configuration, you need to learn commands to verify the interfaces of intermediary devices. The IOS provides commands to verify the operation of router and switch interfaces.
Verifying the Router Interfaces
One of the most used commands is the show ip interface brief command. This provides a more abbreviated output than the show ip interface command. This provides a summary of the key information for all the interfaces.
Looking at the Router 1 figure, we can see that this output shows all interfaces attached on the router, the IP address, if any, assigned to each interface, and the operational status of the interface.
Looking at the line for the FastEthernet 0/0 interface, we see that the IP address is 192.168.254.254. Looking at the last two columns, we can see the Layer 1 and Layer 2 status of the interface. The up in the Status column shows that this interface is operational at Layer 1. The up in the Protocol column indicates that the Layer 2 protocol is operational.
In the same figure, notice that the Serial 0/0/1 interface has not been enabled. This is indicated by administratively down in the Status column. This interface can be enabled with the no shutdown command.
Testing Router Connectivity
As with an end device, we can verify the Layer 3 connectivity with the ping and traceroute commands. In the Router 1 figure, you can see sample outputs from a ping to a host in the local LAN and a trace to a remote host across the WAN.
Verifying the Switch Interfaces
Examining the Switch 1 figure, you can see the use of the show ip interface brief command to verify the condition of the switch interfaces. As you learned earlier, the IP address for the switch is applied to a VLAN interface. In this case, the Vlan1 interface is assigned an IP address 192.168.254.250. We can also see that this interface has been enabled and is operational.
Examining the FastEthernet0/1 interface, you can see that this interface is down. This indicates that no device is connected to the interface or the network interface of the devices that is connected is not operational.
In contrast, the outputs for the FastEthernet0/2 and FastEthernet0/3 interfaces are operational. This is indicated by both the Status and Protocol being shown as up.
Testing Switch Connectivity
Like other hosts, the switch can test its Layer 3 connectivity with the ping and traceroute commands. The Switch1 figure also shows a ping to the local host and a trace to a remote host.
Two important things to keep in mind are that an IP address is not required for a switch to perform its job of frame forwarding and that the switch requires a gateway to communicate outside its local network.
11.3.2 - Testing the Interface Assignment
The diagram depicts interface testing using the show i p interface brief command and connectivity testing using the ping and trace route commands for a router and a switch.
Network topology:
A PC with IP address 192.168.254.1 is connected to a switch with IP address 192.168.254.250. The switch is connected to a router default gateway, interface FA0/0, which has IP address 192.168.254.254. The router interface S0/0/0, with IP address 172.16.0.254, is connected to a network cloud. Output from the show i p interface brief, ping, and traceroute commands is provided for the router.
Router1# show i p interface brief
Interface: FastEthernet0/0
IP Address: 192.168.254.254
OK?: YES
Method: NV RAM
Status: up
Protocol: up
Interface: FastEthernet0/1/0
IP Address: unassigned
OK?: YES
Method: unset
Status: down
Protocol: down
Interface: Serial0/0/0
IP Address: 172.16.0.254
OK?: YES
Method: NV RAM
Status: up
Protocol: up
Interface: Serial0/0/1
IP Address: unassigned
OK?: YES
Method: unset
Status: administratively down
Protocol: down
The ping command shows that the router is able to connect to the PC with the IP address 192.168.254.1, and the trace route command shows a successful trace to the external host address 192.168.0.1.
Output from the show i p interface brief, ping and traceroute commands is provided for the switch.
Switch1# show i p interface brief
Interface: V LAN1
IP Address: 192.168.254.250
OK?: YES
Method: manual
Status: up
Protocol: up
Interface: FastEthernet0/1
IP Address: unassigned
OK?: YES
Method: unset
Status: down
Protocol: down
Interface: FastEthernet0/2
IP Address: unassigned
OK?: YES
Method: unset
Status: up
Protocol: up
Interface: FastEthernet0/3
IP Address: unassigned
OK?: YES
Method: unset
Status: up
Protocol: up
output omitted
The ping command shows that the switch is able to connect to the PC with the IP address 192.168.254.1, and the traceroute command shows a successful trace to the external host address 192.168.0.1.
The diagram depicts interface testing using the show i p interface brief command and connectivity testing using the ping and trace route commands for a router and a switch.
Network topology:
A PC with IP address 192.168.254.1 is connected to a switch with IP address 192.168.254.250. The switch is connected to a router default gateway, interface FA0/0, which has IP address 192.168.254.254. The router interface S0/0/0, with IP address 172.16.0.254, is connected to a network cloud. Output from the show i p interface brief, ping, and traceroute commands is provided for the router.
Router1# show i p interface brief
Interface: FastEthernet0/0
IP Address: 192.168.254.254
OK?: YES
Method: NV RAM
Status: up
Protocol: up
Interface: FastEthernet0/1/0
IP Address: unassigned
OK?: YES
Method: unset
Status: down
Protocol: down
Interface: Serial0/0/0
IP Address: 172.16.0.254
OK?: YES
Method: NV RAM
Status: up
Protocol: up
Interface: Serial0/0/1
IP Address: unassigned
OK?: YES
Method: unset
Status: administratively down
Protocol: down
The ping command shows that the router is able to connect to the PC with the IP address 192.168.254.1, and the trace route command shows a successful trace to the external host address 192.168.0.1.
Output from the show i p interface brief, ping and traceroute commands is provided for the switch.
Switch1# show i p interface brief
Interface: V LAN1
IP Address: 192.168.254.250
OK?: YES
Method: manual
Status: up
Protocol: up
Interface: FastEthernet0/1
IP Address: unassigned
OK?: YES
Method: unset
Status: down
Protocol: down
Interface: FastEthernet0/2
IP Address: unassigned
OK?: YES
Method: unset
Status: up
Protocol: up
Interface: FastEthernet0/3
IP Address: unassigned
OK?: YES
Method: unset
Status: up
Protocol: up
output omitted
The ping command shows that the switch is able to connect to the PC with the IP address 192.168.254.1, and the traceroute command shows a successful trace to the external host address 192.168.0.1.
Page 2:
The next step in the testing sequence is to verify that the NIC address is bound to the IPv4 address and that the NIC is ready to transmit signals across the media.
In this example, also shown in the figure, assume that the IPv4 address assigned to a NIC is 10.0.0.5.
To verify the IPv4 address, use the following steps:
At the command line, enter the following:
C:>ping 10.0.0.5
A successful reply would resemble:
Reply from 10.0.0.5: bytes=32 time<1ms TTL=128
Reply from 10.0.0.5: bytes=32 time<1ms TTL=128
Reply from 10.0.0.5: bytes=32 time<1ms TTL=128
Reply from 10.0.0.5: bytes=32 time<1ms TTL=128
Ping statistics for 10.0.0.5:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
This test verifies that the NIC driver and most of the NIC hardware are working properly. It also verifies that the IP address is properly bound to the NIC, without actually putting a signal on the media.
If this test fails, it is likely that there are issues with the NIC hardware and software driver that may require reinstallation of either or both. This procedure is dependent on the type of host and its operating system.
11.3.2 - Testing the Interface Assignment
The diagram depicts testing the local NIC assignment using the ping command and pinging the IP address assigned to the host.
IP Address: 10.0.0.5
Subnet Mask: 255.255.255.0
Default Gateway: 10.0.0.254
C:\> ping 10.0.0.5
A device pings its own IP address to verify that the host NIC address is bound and ready for transmitting signals across the media.
The diagram depicts testing the local NIC assignment using the ping command and pinging the IP address assigned to the host.
IP Address: 10.0.0.5
Subnet Mask: 255.255.255.0
Default Gateway: 10.0.0.254
C:\> ping 10.0.0.5
A device pings its own IP address to verify that the host NIC address is bound and ready for transmitting signals across the media.
Page 3:
In this activity, you will use the ping command in Packet Tracer to test interface responses.
Click the Packet Tracer icon to launch the Packet Tracer activity.
11.3.2 - Testing the Interface Assignment
Link to Packet Tracer Exploration: Use the ping command in Packet Tracer to Test Interface Responses
In this activity, you use the ping command in Packet Tracer to test interface responses.
Link to Packet Tracer Exploration: Use the ping command in Packet Tracer to Test Interface Responses
In this activity, you use the ping command in Packet Tracer to test interface responses.
11.3.3 Testing Local Network
Page 1:
The next test in the sequence is to test hosts on the local LAN.
Successfully pinging remote hosts verifies that both the local host (the router in this case) and the remote host are configured correctly. This test is conducted by pinging each host one by one on the LAN.
See the figure for an example.
If a host responds with Destination Unreachable, note which address was not successful and continue to ping the other hosts on the LAN.
Another failure message is Request Timed Out. This indicates that no response was made to the ping attempt in the default time period indicating that network latency may be an issue.
Extended Ping
To examine this the IOS offers an "extended" mode of the ping command. This mode is entered by typing ping in privileged EXEC mode, at the CLI prompt without a destination IP address. A series of prompts are then presented as shown in this example. Pressing Enter accepts the indicated default values.
Router#ping
Protocol [ip]:
Target IP address:10.0.0.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:5
Extended commands [n]: n
Entering a longer timeout period than the default allows for possible latency issues to be detected. If the ping test is successful with a longer value, a connection exists between the hosts, but latency may be an issue on the network.
Note that entering "y" to the "Extended commands" prompt provides more options that are useful in troubleshooting - you will explore these options in the Lab and Packet Tracer activities.
11.3.3 - Testing Local Network
The diagram depicts testing the local network by pinging from one host to another. The host with IP address 10.0.0.5 pings the host with IP address 10.0.0.3. Successfully pinging the other host's IPv4 addresses verifies that not only is the local host configured properly, but the other hosts are configured correctly as well.
Network topology:
Five hosts, A, B, C , D, and E, are connected to a switch with a management IP address. The switch is connected to a router.
Host A: 10.0.0.1/24
Host B: 10.0.0.2/24
Host C: 10.0.0.3/24
Host D: 10.0.0.4/24
Host E: 10.0.0.5/24
Switch: 10/0/0/254/24
Router: 10.0.0.250/24
The diagram depicts testing the local network by pinging from one host to another. The host with IP address 10.0.0.5 pings the host with IP address 10.0.0.3. Successfully pinging the other host's IPv4 addresses verifies that not only is the local host configured properly, but the other hosts are configured correctly as well.
Network topology:
Five hosts, A, B, C , D, and E, are connected to a switch with a management IP address. The switch is connected to a router.
Host A: 10.0.0.1/24
Host B: 10.0.0.2/24
Host C: 10.0.0.3/24
Host D: 10.0.0.4/24
Host E: 10.0.0.5/24
Switch: 10/0/0/254/24
Router: 10.0.0.250/24
Page 2:
In this activity, you will use the ping command in Packet Tracer to determine if a router can actively communicate across the local network.
Click the Packet Tracer icon to launch the Packet Tracer activity.
11.3.3 - Testing Local Network
Link to Packet Tracer Exploration: Test Connectivity to a Host on the Local Network
In this activity, you use the ping command in Packet Tracer to determine if a router can actively communicate across the local network.
Link to Packet Tracer Exploration: Test Connectivity to a Host on the Local Network
In this activity, you use the ping command in Packet Tracer to determine if a router can actively communicate across the local network.
11.3.4 Testing Gateway and Remote Connectivity
Page 1:
The next step in the testing sequence is to use the ping command to verify that a local host can connect with a gateway address. This is extremely important because the gateway is the host's entry and exit to the wider network. If the ping command returns a successful response, connectivity to the gateway is verified.
To begin, choose a station as the source device. In this case, we chose 10.0.0.1, as shown in the figure. Use the ping command to reach the gateway address, in this case, 10.0.0.254.
c:>ping 10.0.0.254
The gateway IPv4 address should be readily available in the network documentation, but if it is not available, use the ipconfig command to discover the gateway IP address.
If the gateway test fails, back up one step in the sequence and test another host in the local LAN to verify that the problem is not the source host. Then verify the gateway address with the network administrator to ensure that the proper address is being tested.
If all devices are configured properly, check the physical cabling to ensure that it is secure and properly connected. Keep an accurate record of what attempts have been made to verify connectivity. This will assist in solving this problem and, perhaps, future problems.
Testing Route Next Hop
In a router, use the IOS to test the next hop of the individual routes. As you learned, each route has the next hop listed in the routing table. To determine the next hop, examine the routing table from the output of the show ip route command. Frames carrying packets that are directed to the destination network listed in the routing table are sent to the device that represents the next hop. If the next hop is not accessible, the packet will be dropped. To test the next hop, determine the appropriate route to the destination and try to ping the appropriate next hop for that route in the routing table. A failed ping indicates that there might be a configuration or hardware problem. However, the ping may also be prohibited by security in the device. If the ping is successful you can move on to testing connectivity to remote hosts.
11.3.4 - Testing Gateway and Remote Connectivity
The diagram depicts testing gateway connectivity. An echo request or ping is sent from host 10.0.0.1 to the router gateway IP address 10.0.0.254, and an echo reply is returned indicating that the gateway is accessible.
Network topology: The topology is the same as 11.3.3 diagram 1.
The diagram depicts testing gateway connectivity. An echo request or ping is sent from host 10.0.0.1 to the router gateway IP address 10.0.0.254, and an echo reply is returned indicating that the gateway is accessible.
Network topology: The topology is the same as 11.3.3 diagram 1.
Page 2:
Testing Remote Hosts
Once verification of the local LAN and gateway is complete, testing can proceed to remote devices, which is the next step in the testing sequence.
The figure depicts a sample network topology. There are 3 hosts within a LAN, a router (acting as the gateway) that is connected to another router (acting as the gateway for a remote LAN), and 3 remote hosts. The verification tests should begin within the local network and progress outward to the remote devices.
Begin by testing the outside interface of a router that is directly connected to a remote network. In this case, the ping command is testing the connection to 192.168.0.253, the outside interface of the local network gateway router.
If the ping command is successful, connectivity to the outside interface is verified. Next, ping the outside IP address of the remote router, in this case, 192.168.0.254. If successful, connectivity to the remote router is verified. If there is a failure, try to isolate the problem. Retest until there is a valid connection to a device and double-check all addresses.
The ping command will not always help with identifying the underlying cause to a problem, but it can isolate problems and give direction to the troubleshooting process. Document every test, the devices involved, and the results.
Check for Router Remote Connectivity
A router forms a connection between networks by forwarding packets between them. To forward packets between any two networks, the router must be able to communicate with both the source and the destination networks. The router will need routes to both networks in its routing table.
To test the communication to the remote network, you can ping a known host on this remote network. If you cannot successfully ping the host on the remote network from a router, you should first check the routing table for an appropriate route to reach the remote network. It may be that the router uses the default route to reach a destination. If there is no route to reach this network, you will need to identify why the route does not exist. As always, you also must rule out that the ping is not administratively prohibited.
11.3.4 - Testing Gateway and Remote Connectivity
The diagram depicts testing remote connectivity. An echo request or ping is sent from host 10.0.0.1 to remote host IP address 10.0.0.254, and an echo reply is returned indicating that the gateway is accessible.
Network topology:
Two hosts and a printer on LAN A, the 10.0.0.0/24 network, are connected to a switch that is connected to a router gateway on R1. Two hosts and a printer on LAN B, the 10.0.1.0/24 network, are connected to a switch that is connected to a router gateway on R2. Routers R1 FA0/0 and R2 FA0/1 are connected.
Each hop between the local and remote host is pinged.
Local host: 10.0.0.1
Router R1 FA0/0: 192.168.0.253
Router R2 FA0/1: 192.168.0.254
Router R2 FA0/0: 10.0.1.254
Remote host: 10.0.1.1
The diagram depicts testing remote connectivity. An echo request or ping is sent from host 10.0.0.1 to remote host IP address 10.0.0.254, and an echo reply is returned indicating that the gateway is accessible.
Network topology:
Two hosts and a printer on LAN A, the 10.0.0.0/24 network, are connected to a switch that is connected to a router gateway on R1. Two hosts and a printer on LAN B, the 10.0.1.0/24 network, are connected to a switch that is connected to a router gateway on R2. Routers R1 FA0/0 and R2 FA0/1 are connected.
Each hop between the local and remote host is pinged.
Local host: 10.0.0.1
Router R1 FA0/0: 192.168.0.253
Router R2 FA0/1: 192.168.0.254
Router R2 FA0/0: 10.0.1.254
Remote host: 10.0.1.1
Page 3:
In this activity you will use the the ping command in Packet Tracer to verify that a local host can communicate across the internetwork to a given remote host and identify several conditions that might cause the test to fail.
Click the Packet Tracer icon to launch the Packet Tracer activity.
11.3.4 - Testing Gateway and Remote Connectivity
Link to Packet Tracer Exploration: Verify Communication Across the Internetwork
In this activity, you use the ping command in Packet Tracer to verify that a local host can communicate across the internetwork to a given remote host and identify several conditions that might cause the test to fail.
Link to Packet Tracer Exploration: Verify Communication Across the Internetwork
In this activity, you use the ping command in Packet Tracer to verify that a local host can communicate across the internetwork to a given remote host and identify several conditions that might cause the test to fail.
11.3.5 Tracing and Interpreting Trace Results
Page 1:
The next step in the testing sequence is to perform a trace.
A trace returns a list of hops as a packet is routed through a network. The form of the command depends on where the command is issued. When performing the trace from a Windows computer, use tracert. When performing the trace from a router CLI, use traceroute.
Ping and Trace
Ping and trace can be used together to diagnose a problem.
Let's assume that a successful connection has been established between Host 1 and Router A, as shown in the figure.
Next, let's assume that Host 1 pings Host 2 using this command.
C:>ping 10.1.0.2
The ping command returns this result:
Pinging 10.1.0.2 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 10.1.0.2:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss)
The ping test failed.
This is a test of communication beyond the local network to a remote device. Because the local gateway responded but the host beyond did not, the problem appears to be somewhere beyond the local network. A next step is to isolate the problem to a particular network beyond the local network. The trace commands can show the path of the last successful communication.
Trace to a Remote Host
Like ping commands, trace commands are entered in the command line and take an IP address as the argument.
Assuming that the command will be issued from a Windows computer, we use the tracert form:
C:>tracert 10.1.0.2
Tracing route to 10.1.0.2 over a maximum of 30 hops
1 2 ms 2 ms 2 ms 10.0.0.254
2 * * * Request timed out.
3 * * * Request timed out.
4 ^C
The only successful response was from the gateway on Router A. Trace requests to the next hop timed out, meaning that the next hop did not respond. The trace results indicate that the failure is therefore in the internetwork beyond the LAN.
11.3.5 - Tracing and Interpreting Trace Results
The diagram depicts testing the path from a local to a remote host using the trace route Cisco I O S utility and the Windows trace rt utility.
Network topology:
Two hosts on LAN A, the 10.0.0.0/24 network, are connected to a switch that is connected to a router gateway on Router A. Two hosts on LAN B, the 10.1.0.0/24 network, are connected to a switch that is connected to a router gateway on Router D. Routers A and D are interconnected through routers B and C using WAN links.
Trace from a router:
RouterA#trace route 10.1.0.2
Trace from a host:
C:\>trace rt 10.1.0.2
The diagram depicts testing the path from a local to a remote host using the trace route Cisco I O S utility and the Windows trace rt utility.
Network topology:
Two hosts on LAN A, the 10.0.0.0/24 network, are connected to a switch that is connected to a router gateway on Router A. Two hosts on LAN B, the 10.1.0.0/24 network, are connected to a switch that is connected to a router gateway on Router D. Routers A and D are interconnected through routers B and C using WAN links.
Trace from a router:
RouterA#trace route 10.1.0.2
Trace from a host:
C:\>trace rt 10.1.0.2
Page 2:
Testing Sequence - Putting it all Together
As a review, let's walk through the testing sequence in another scenario.
Test 1: Local Loopback - Successful
C:>ping 127.0.0.1
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Host 1has the IP stack properly configured.
Test 2: Local NIC - Successful
C:>ping 192.168.23.3
Pinging 192.168.23.3 with 32 bytes of data:
Reply from 192.168.23.3: bytes=32 time<1ms TTL=128
Reply from 192.168.23.3: bytes=32 time<1ms TTL=128
Reply from 192.168.23.3: bytes=32 time<1ms TTL=128
Reply from 192.168.23.3: bytes=32 time<1ms TTL=128
Ping statistics for 192.168.23.3:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
The IP address is properly assigned to the NIC and the electronics in the NIC respond to the IP address.
Test 3: Ping Local Gateway - Successful
C:>ping 192.168.23.254
Pinging 192.168.23.254 with 32 bytes of data:
Reply from 192.168.23.254: bytes=32 time<1ms TTL=128
Reply from 192.168.23.254: bytes=32 time<1ms TTL=128
Reply from 192.168.23.254: bytes=32 time<1ms TTL=128
Reply from 192.168.23.254: bytes=32 time<1ms TTL=128
Ping statistics for 192.168.23.254:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
The default gateway is operational. This also verifies the operation of the local network.
Test 4: Ping Remote Host - Failure
C:>ping 192.168.11.1
Pinging 192.168.11.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 192.168.11.1:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss)
This is a test of the communication beyond the local network. Because the gateway responded but the host beyond did not, the problem appears to be somewhere beyond the local network.
Test 5: Traceroute to Remote Host - Failure at First Hop
C:>tracert 192.168.11.1
Tracing route to 192.168.11.1 over a maximum of 30 hops
1 * * * Request timed out.
2 * * * Request timed out.
3 ^C
There appear to be conflicting results. The default gateway responds, indicating that there is communication between Host1 and the gateway. On the other hand, the gateway does not appear to be responding to traceroute.
One explanation is that the local host is not configured properly to use 192.168.23.254 as the default gateway. To confirm this, we examine the configuration of Host1.
Test 6: Examine Host Configuration for Proper Local Gateway - Incorrect
C:>ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
IP Address. . . . . . . . . . . . : 192.168.23. 3
Subnet Mask . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . : 192.168.23.253
From the output of the ipconfig command, it can be determined that the gateway is not properly configured on the host. This explains the false indication that the problem was in the internetwork beyond the local network. Even though the address 192.168.23.254 responded, this was not the address configured in Host1 as the gateway.
Unable to build a frame, Host1 drops the packet. In this case, there is no response indicated from the trace to the remote host.
11.3.5 - Tracing and Interpreting Trace Results
The diagram depicts the interpretation of ping test results.
Network topology: The topology is the same as the 11.3.5 diagram 1.
A ping from Host1 to a correct gateway address, 192.168.23.254, succeeds. A ping from Host1 to a remote host fails because the wrong gateway address is configured on the host.
IP Address: 192.168.23.3
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.23.253
The diagram depicts the interpretation of ping test results.
Network topology: The topology is the same as the 11.3.5 diagram 1.
A ping from Host1 to a correct gateway address, 192.168.23.254, succeeds. A ping from Host1 to a remote host fails because the wrong gateway address is configured on the host.
IP Address: 192.168.23.3
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.23.253
Page 3:
In this activity, you will use the various ping commands to identify network connectivity problems.
Click the Packet Tracer icon to launch the Packet Tracer activity.
11.3.5 - Tracing and Interpreting Trace Results
Link to Packet Tracer Exploration: Test Host Connectivity with Ping
In this activity, you use the various ping commands to identify network connectivity problems.
Link to Packet Tracer Exploration: Test Host Connectivity with Ping
In this activity, you use the various ping commands to identify network connectivity problems.
Page 4:
In this activity, you will use the tracert and traceroute commands to observe a path used across an internetwork.
Click the Packet Tracer icon to launch the Packet Tracer activity.
11.3.5 - Tracing and Interpreting Trace Results
Link to Packet Tracer Exploration: Test Host Connectivity with Trace route
In this activity, you use the trace rt and trace route commands to observe a path used across an internetwork.
Link to Packet Tracer Exploration: Test Host Connectivity with Trace route
In this activity, you use the trace rt and trace route commands to observe a path used across an internetwork.
11.4 Monitoring and Documenting of Networks
11.4.1 Basic Network BaselinesPage 1:
One of the most effective tools for monitoring and troubleshooting network performance is to establish a network baseline. A baseline is a process for studying the network at regular intervals to ensure that the network is working as designed. It is more than a single report detailing the health of the network at a certain point in time. Creating an effective network performance baseline is accomplished over a period of time. Measuring performance at varying times and loads will assist in creating a better picture of overall network performance.
The output derived from network commands can contribute data to the network baseline. The figure shows the information to record.
One method for starting a baseline is to copy and paste the results from an executed ping, trace, or other relevant command into a text file. These text files can be time stamped with the date and saved into an archive for later retrieval.
An effective use of the stored information is to compare the results over time. Among items to consider are error messages and the response times from host to host. If there is a considerable increase in response times, there may be a latency issue to address.
The importance of creating documentation cannot be emphasized enough. Verification of host-to-host connectivity, latency issues, and resolutions of identified problems can assist a network administrator in keeping a network running as efficiently as possible.
Corporate networks should have extensive baselines; more extensive than we can describe in this course. Professional-grade software tools are available for storing and maintaining baseline information. In this course, we will cover some basic techniques and discuss the purpose of baselines.
11.4.1 - Basic Network Baselines
The diagram depicts network baselining using the ping command. The same test to a particular host is run at different times, and the roundtrip times are compared. The following is the output from two ping tests.
Test 1:
FEB 2, 2007 08:14:43
C:\>ping 10.66.254.159
Pinging 10.66.254.159 with 32 bytes of data:
Reply from 10.66.254.159: bytes=32 time<1ms
TTL=128
Reply from 10.66.254.159: bytes=32 time<1ms
TTL=128
Reply from 10.66.254.159: bytes=32 time<1ms
TTL=128
Reply from 10.66.254.159: bytes=32 time<1ms
TTL=128
Ping statistics for 10.66.254.159:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate roundtrip time in milliseconds:
Test 2:
MAR 17, 2007 14:41:06
C:\>ping 10.66.254.159
Pinging 10.66.254.159 with 32 bytes of data:
Reply from 10.66.254.159: bytes=32 time<6ms
TTL=128
Reply from 10.66.254.159: bytes=32 time<6ms
TTL=128
Reply from 10.66.254.159: bytes=32 time<6ms
TTL=128
Reply from 10.66.254.159: bytes=32 time<6ms
TTL=128
Ping statistics for 10.66.254.159:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate roundtrip time in milliseconds:
In Test 2, the reply time increased from 1 millisecond to 6 milliseconds.
The diagram depicts network baselining using the ping command. The same test to a particular host is run at different times, and the roundtrip times are compared. The following is the output from two ping tests.
Test 1:
FEB 2, 2007 08:14:43
C:\>ping 10.66.254.159
Pinging 10.66.254.159 with 32 bytes of data:
Reply from 10.66.254.159: bytes=32 time<1ms
TTL=128
Reply from 10.66.254.159: bytes=32 time<1ms
TTL=128
Reply from 10.66.254.159: bytes=32 time<1ms
TTL=128
Reply from 10.66.254.159: bytes=32 time<1ms
TTL=128
Ping statistics for 10.66.254.159:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate roundtrip time in milliseconds:
Test 2:
MAR 17, 2007 14:41:06
C:\>ping 10.66.254.159
Pinging 10.66.254.159 with 32 bytes of data:
Reply from 10.66.254.159: bytes=32 time<6ms
TTL=128
Reply from 10.66.254.159: bytes=32 time<6ms
TTL=128
Reply from 10.66.254.159: bytes=32 time<6ms
TTL=128
Reply from 10.66.254.159: bytes=32 time<6ms
TTL=128
Ping statistics for 10.66.254.159:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate roundtrip time in milliseconds:
In Test 2, the reply time increased from 1 millisecond to 6 milliseconds.
Page 2:
Host Capture
One common method for capturing baseline information is to copy the output from the command line window and paste it into a text file.
To capture the results of the ping command, begin by executing a command in the command line similar to this one. Substitute a valid IP address on your network.
C:>ping 10.66.254.159
The reply will appear below the command.
See the figure for an example.
With the output still in the command window, follow these steps:
1. Right-click the command prompt window, then click Select All.
2. Press Ctrl-C to copy the output.
3. Open a text editor.
4. Press Ctrl-V to paste the text.
5. Save the text file with the date and time as part of the name.
Run the same test over a period of days and save the data each time. An examination of the files will begin to reveal patterns in network performance and provide the baseline for future troubleshooting.
When selecting text from the command window, use the Select All command to copy all the text in the window. Use the Mark command to select a portion of the text.
See the figure for instructions when using Windows XP Professional.
11.4.1 - Basic Network Baselines
The diagram depicts host ping capture, which is accomplished by copying the output from the command line window and pasting it into a text file. The following steps describe the process.
Step 1. Issue the ping command to generate the ping results.
Step 2. Right-click in the command window and select Mark or Select All.
Step 3. Or click on the command window icon and select Edit, and then Mark or Select All.
Step 4. Mark or select text by dragging the cursor from the top left to bottom right of the window. Press Enter.
Step 5. Paste the selected text into a text editor and save the file.
The diagram depicts host ping capture, which is accomplished by copying the output from the command line window and pasting it into a text file. The following steps describe the process.
Step 1. Issue the ping command to generate the ping results.
Step 2. Right-click in the command window and select Mark or Select All.
Step 3. Or click on the command window icon and select Edit, and then Mark or Select All.
Step 4. Mark or select text by dragging the cursor from the top left to bottom right of the window. Press Enter.
Step 5. Paste the selected text into a text editor and save the file.
Page 3:
IOS Capture
Capturing ping command output can also be completed from the IOS prompt. The following steps describe how to capture the output and save to a text file.
When using HyperTerminal for access, the steps are:
1. On the Transfer menu, click Capture Text.
2. Choose Browse to locate or type the name of the saving the file.
3. Click Start to begin capturing text
4. Execute the ping command in the user EXEC mode or at the privileged EXEC prompt. The router will place the text displayed on the terminal in the location chosen.
5. View the output to verify that it was not corrupted.
6. On the Transfer menu, click Capture Text, and then click Stop Capture.
Data generated using either the computer prompt or the router prompt can contribute to the baseline.
Links:
Baseline Best Practices
11.4.1 - Basic Network Baselines
The diagram depicts router ping capture using HyperTerminal for access and then saving the output to a text file.
In the terminal session:
1. Start the text capture process by selecting Capture Text from the Transfer menu.
2. Issue the ping i p address command.
3. Stop the capture process by selecting Capture Text, Stop Capture from the Transfer menu.
4. Save the text file.
The diagram depicts router ping capture using HyperTerminal for access and then saving the output to a text file.
In the terminal session:
1. Start the text capture process by selecting Capture Text from the Transfer menu.
2. Issue the ping i p address command.
3. Stop the capture process by selecting Capture Text, Stop Capture from the Transfer menu.
4. Save the text file.
11.4.2 Capturing and Interpreting Trace Information
Page 1:
As previously discussed, trace can be used to trace the steps, or hops, between hosts. If the request reaches the intended destination, the output shows every router that the packet traverses. This output can be captured and used in the same way that ping output is used.
Sometimes the security settings at the destination network will prevent the trace from reaching the final destination. However, we can still capture a baseline of the hops along the path.
Recall that the form for using trace from a Windows host is tracert.
To trace the route from your computer to cisco.com, enter this command in a command line:
C:>tracert www.cisco.com
See the figure for sample output.
The steps for saving the trace output are identical to the steps for saving ping output: Select the text from the command window and paste it into a text file.
The data from a trace can be added to the data from the ping commands to provide a combined picture of network performance. For example, if the speed of a ping command decreases over time, compare the trace output for the same time period. Examining the response times on a hop-by-hop comparison may reveal a particular point of longer response time. This delay may be due to congestion at that hop creating a bottleneck in the network.
Another case might show that the hop pathway to the destination may vary over time as the routers select different best paths for the trace packets. These variations may show patterns that could be useful in scheduling large transfers between sites.
11.4.2 - Capturing and Interpreting Trace Information
The diagram depicts output from the Windows trace rt command.
The first few lines of output are shown below.
C:\>trace rt www.cisco.com
Tracing router to www.cisco.com [198.133.219.25]
Over a maximum of 30 hops:
1 1 ms <1 ms <1 ms
192.168.0.1
2 20 ms 20 ms 20 ms
nexthop.wa.ii.net [203.59.14.16]
3 20 ms 19 ms 20 ms
gi2-4.per-qv1-bdr1.ii.net [203.215.2.32]
4 79 ms 78 ms 78 ms
gi0-14-0-0.syd-ult-corel.ii.net [203.215.20.2]
5 79 ms 81 ms 79 ms
202.139.19.33
Output omitted
The diagram depicts output from the Windows trace rt command.
The first few lines of output are shown below.
C:\>trace rt www.cisco.com
Tracing router to www.cisco.com [198.133.219.25]
Over a maximum of 30 hops:
1 1 ms <1 ms <1 ms
192.168.0.1
2 20 ms 20 ms 20 ms
nexthop.wa.ii.net [203.59.14.16]
3 20 ms 19 ms 20 ms
gi2-4.per-qv1-bdr1.ii.net [203.215.2.32]
4 79 ms 78 ms 78 ms
gi0-14-0-0.syd-ult-corel.ii.net [203.215.20.2]
5 79 ms 81 ms 79 ms
202.139.19.33
Output omitted
Page 2:
Router Capture
Capturing the traceroute output can also be done from the router prompt. The following steps show how to capture the output and save it to a file.
Recall that the form of trace for the router CLI is traceroute.
When using HyperTerminal, the steps used are:
1. On the Transfer menu, click Capture Text.
2. Choose a use Browse to locate or type the name of the saving the file.
3. Click Start to begin capturing text
4. Execute the traceroute command in the user EXEC mode or at the privileged EXEC prompt. The router will place the text displayed on the terminal in the location chosen.
5. View the output to verify that it was not corrupted.
6. On the Transfer menu, click Capture Text, and then click Stop Capture.
Store the text files generated by these tests in a safe location, along with the rest of the network documentation.
11.4.2 - Capturing and Interpreting Trace Information
The diagram depicts capturing router traceroute results by copying the output from a HyperTerminal session and pasting it into a text file.
In the terminal session:
1. Start the text capture process by selecting Capture Text from the Transfer menu.
2. Issue a traceroute i p address command.
3. Stop the capture process by selecting Capture Text, Stop Capture from the Transfer menu.
4. Save the text file.
The diagram depicts capturing router traceroute results by copying the output from a HyperTerminal session and pasting it into a text file.
In the terminal session:
1. Start the text capture process by selecting Capture Text from the Transfer menu.
2. Issue a traceroute i p address command.
3. Stop the capture process by selecting Capture Text, Stop Capture from the Transfer menu.
4. Save the text file.
11.4.3 Learning About the Nodes on the Network
Page 1:
If an appropriate addressing scheme exists, identifying IPv4 addresses for devices in a network should be a simple task. Identifying the physical (MAC) addresses, however, can be a daunting task. You would need access to all of the devices and sufficient time to view the information, one host at a time. Because this is not a practical option in many cases, there is an alternate means of MAC address identification using the arp command.
The arp command provides for the mapping of physical addresses to known IPv4 addresses. A common method for executing the arp command is to execute it from the command prompt. This method involves sending out an ARP request. The device that needs the information sends out a broadcast ARP request to the network, and only the local device that matches the IP address of the request sends back an ARP reply containing its IP-MAC pair.
To execute an arp command, at the command prompt of a host, enter:
C:host1>arp -a
As shown in the figure the arp command lists all devices currently in the ARP cache, which includes the IPv4 address, physical address, and the type of addressing (static/dynamic), for each device.
The cache can be cleared by using the arp -d command, in the event the network administrator wants to repopulate the cache with updated information.
Note: The ARP cache is only populated with information from devices that have been recently accessed. To ensure that the ARP cache is populated, ping a device so that it will have an entry in the ARP table.
Ping Sweep
Another method for collecting MAC addresses is to employ a ping sweep across a range of IP addresses. A ping sweep is a scanning method that can be executed at the command line or by using network administration tools. These tools provide a way to specify a range of hosts to ping with one command.
Using the ping sweep, network data can be generated in two ways. First, many of the ping sweep tools construct a table of responding hosts. These tables often list the hosts by IP address and MAC address. This provides a map of active hosts at the time of the sweep.
As each ping is attempted, an ARP request is made to get the IP address in the ARP cache. This activates each host with recent access and ensures that the ARP table is current. The arp command can return the table of MAC addresses, as discussed above, but now there is reasonable confidence that the ARP table is up-to-date.
11.4.3 - Learning About the Nodes on the Network
The diagram depicts learning about the nodes on the network using the arp command from a host command prompt. The arp -a output from a host displays the IP and MAC address pairing according to what the host knows.
Network topology:
Five hosts, A, B, C, D, and E, are connected to a switch that is connected to a router.
Host A: 10.0.0.1/24
Host B: 10.0.0.2/24
Host C: 10.0.0.3/24
Host D: 10.0.0.4/24
Host E: 10.0.0.5/24
Router: 10.0.0.254/24
C:\ >arp -a displays the following information regarding the
network devices it knows about:
Internet Address: 10.0.0.2
Physical Address: 00-08-a3-b6-ce-04
Type: dynamic
Internet Address: 10.0.0.3
Physical Address: 00-0d-56-09-fb-d1
Type: dynamic
Internet Address: 10.0.0.4
Physical Address: 00-12-3f-d4-6d-1b
Type: dynamic
Internet Address: 10.0.0.254
Physical Address: 00-10-7b-e7-fa-ef
Type: dynamic
The diagram depicts learning about the nodes on the network using the arp command from a host command prompt. The arp -a output from a host displays the IP and MAC address pairing according to what the host knows.
Network topology:
Five hosts, A, B, C, D, and E, are connected to a switch that is connected to a router.
Host A: 10.0.0.1/24
Host B: 10.0.0.2/24
Host C: 10.0.0.3/24
Host D: 10.0.0.4/24
Host E: 10.0.0.5/24
Router: 10.0.0.254/24
C:\ >arp -a displays the following information regarding the
network devices it knows about:
Internet Address: 10.0.0.2
Physical Address: 00-08-a3-b6-ce-04
Type: dynamic
Internet Address: 10.0.0.3
Physical Address: 00-0d-56-09-fb-d1
Type: dynamic
Internet Address: 10.0.0.4
Physical Address: 00-12-3f-d4-6d-1b
Type: dynamic
Internet Address: 10.0.0.254
Physical Address: 00-10-7b-e7-fa-ef
Type: dynamic
Page 2:
Switch Connections
One additional tool that can be helpful is a mapping of how hosts are connected to a switch. This mapping can be obtained by issuing the show mac-address-table command.
Using a command line from a switch, enter the show command with the mac-address-table argument:
Sw1-2950#show mac-address-table
See the figure for sample output.
This table in the figure lists the MAC address of the hosts that are connected to this switch. Like other output in the command window, this information can be copied and pasted into a file. Data can also be pasted into a spreadsheet for easier manipulation later.
An analysis of this table also reveals that the Fa0/23 interface is either a shared segment or is connected to another switch. Several MAC addresses are representing multiple nodes. This is an indication that a port is connected to another intermediary device such as a hub, wireless access point, or another switch.
Additional commands and tools for data gathering presented in later courses.
11.4.3 - Learning About the Nodes on the Network
The diagram depicts MAC addresses connected to switch ports as displayed using the show mac-address-table command. Note that multiple MAC addresses are associated with port FA0/23.
Sw1-2950#show mac-address-table
Mac Address Table
V LAN: All
Mac Address: 0014.a8a8.8780
Type: STATIC
Ports: CPU
V LAN: All
Mac Address: 0010.0ccc.cccc
Type: STATIC
Ports: CPU
V LAN: All
Mac Address: 0100.0ccc.cccd
Type: STATIC
Ports: CPU
V LAN: All
Mac Address: 0100.0cdd.dddd
Type: STATIC
Ports: CPU
V LAN: 1
Mac Address: 0001.e640.3b4b
Type: DYNAMIC
Ports: FA0/23
V LAN: 1
Mac Address: 0002.fde1.6acb
Type: DYNAMIC
Ports: FA0/14
V LAN: 1
Mac Address: 0006.5b88.dfc4
Type: DYNAMIC
Ports: GI0/2
V LAN: 1
Mac Address: 0006.5bdd.6fee
Type: DYNAMIC
Ports: FA0/23
V LAN: 1
Mac Address: 0006.5bdd.7035
Type: DYNAMIC
Ports: FA0/23
Output omitted
The diagram depicts MAC addresses connected to switch ports as displayed using the show mac-address-table command. Note that multiple MAC addresses are associated with port FA0/23.
Sw1-2950#show mac-address-table
Mac Address Table
V LAN: All
Mac Address: 0014.a8a8.8780
Type: STATIC
Ports: CPU
V LAN: All
Mac Address: 0010.0ccc.cccc
Type: STATIC
Ports: CPU
V LAN: All
Mac Address: 0100.0ccc.cccd
Type: STATIC
Ports: CPU
V LAN: All
Mac Address: 0100.0cdd.dddd
Type: STATIC
Ports: CPU
V LAN: 1
Mac Address: 0001.e640.3b4b
Type: DYNAMIC
Ports: FA0/23
V LAN: 1
Mac Address: 0002.fde1.6acb
Type: DYNAMIC
Ports: FA0/14
V LAN: 1
Mac Address: 0006.5b88.dfc4
Type: DYNAMIC
Ports: GI0/2
V LAN: 1
Mac Address: 0006.5bdd.6fee
Type: DYNAMIC
Ports: FA0/23
V LAN: 1
Mac Address: 0006.5bdd.7035
Type: DYNAMIC
Ports: FA0/23
Output omitted
Page 3:
Documenting Network Performance
Use 100 successive pings to the same remote host. Paste these entries into an Excel spreadsheet and create a chart showing the mean, median, mode, and the number and percentage of dropped packets. Hint: Dropped packets have a consistently large value assigned to them.
Conduct this test for 3 samples spread out over a 24-hour period and repeated every day for 5 days at approximately the same time.
To get a better picture of network performance, try increasing the packet size by 100 bytes at a time for 20 pings. Plot the average values for each of the 20 pings to see the effect of the increase in packet size. Also, note any time there is a large change in throughput.
Click the lab icon for more details.
11.4.3 - Learning About the Nodes on the Network
Link to Hands-on Lab: Network Latency Documentation with Ping
In this lab you use the ping command to document network latency, compute various statistics on the output of a ping capture, and measure delay effects from larger datagrams.
Link to Hands-on Lab: Network Latency Documentation with Ping
In this lab you use the ping command to document network latency, compute various statistics on the output of a ping capture, and measure delay effects from larger datagrams.
11.5 Lab Activity
11.5.1 Basic Cisco Device ConfigurationPage 1:
In this lab, you will configure common settings on a Cisco Router and Cisco Switch.
Click the lab icon for more details.
11.5.1 - Basic Cisco Device Configuration
Link to Hands-on Lab: Basic Cisco Device Configuration
In this lab, you configure common settings on a Cisco Router and Cisco Switch.
Link to Hands-on Lab: Basic Cisco Device Configuration
In this lab, you configure common settings on a Cisco Router and Cisco Switch.
Page 2:
In this activity, you will use PT to configure common settings on a Cisco router and Cisco switch.
Click the Packet Tracer icon to launch the Packet Tracer activity.
11.5.1 - Basic Cisco Device Configuration
Link to Packet Tracer Exploration: Basic Cisco Device Configuration
In this activity, you use PT to configure common settings on a Cisco router and Cisco switch.
Link to Packet Tracer Exploration: Basic Cisco Device Configuration
In this activity, you use PT to configure common settings on a Cisco router and Cisco switch.
11.5.2 Managing Device Configuration
Page 1:
In this lab, you will configure common settings on a Cisco Router, save the configuration to a TFTP server, and restore the configuration from a TFTP server.
Click the lab icon for more details.
11.5.2 - Managing Device Configuration
Link to Hands-on Lab: Managing Device Configuration
In this lab, you configure common settings on a Cisco router, save the configuration to a TFTP server, and restore the configuration from a TFTP server.
Link to Hands-on Lab: Managing Device Configuration
In this lab, you configure common settings on a Cisco router, save the configuration to a TFTP server, and restore the configuration from a TFTP server.
Page 2:
In this activity, you will use PT to configure common settings on a Cisco Router, save the configuration to a TFTP server, and restore the configuration from a TFTP server.
Click the Packet Tracer icon to launch the Packet Tracer activity.
11.5.2 - Managing Device Configuration
Link to Packet Tracer Exploration: Managing Device Configuration
In this activity, you use PT to configure common settings on a Cisco router, save the configuration to a TFTP server, and restore the configuration from a TFTP server.
Link to Packet Tracer Exploration: Managing Device Configuration
In this activity, you use PT to configure common settings on a Cisco router, save the configuration to a TFTP server, and restore the configuration from a TFTP server.
11.5.3 Configure Host Computers for IP Networking
Page 1:
In this lab, you will create a small network that requires connecting network devices and configuring host computers for basic network connectivity. The Appendix is a reference for configuring the logical network.
Click the lab icon for more details.
11.5.3 - Configure Host Computers for IP Networking
Link to Hands-on Lab: Configure Host Computers for IP Networking
In this lab, you create a small network that requires connecting network devices and configuring host computers for basic network connectivity. The appendix is a reference for configuring the logical network.
11.5.4 Network Testing
Page 1:
In this lab, you will create a small network that requires connecting network devices and configuring host computers for basic network connectivity. SubnetA and SubnetB are subnets that are currently needed. SubnetC, SubnetD, SubnetE, and SubnetF are anticipated subnets, not yet connected to the network.
Click the lab icon for more details.
11.5.4 - Network Testing
Link to Hands-on Lab: Network Testing
In this lab, you create a small network that requires connecting network devices and configuring host computers for basic network connectivity. Subnet A and Subnet B are subnets that are currently needed. Subnet C, Subnet D, Subnet E, and Subnet F are anticipated subnets that are not yet connected
to the network.
11.5.5 Network Documentation with Utility Commands
Page 1:
Network documentation is a very important tool for the network administration. A well-documented network can save network engineers significant amounts of time in troubleshooting and planning future growth.
In this lab, you will create a small network that requires connecting network devices and configuring host computers for basic network connectivity. SubnetA and SubnetB are subnets that are currently needed. SubnetC is an anticipated subnet, not yet connected to the network.
Click the lab icon for more details.
11.5.5 - Network Documentation with Utility Commands
Link to Hands-on Lab: Network Documentation with Utility Commands
In this lab, you create a small network that requires connecting network devices and configuring host computers for basic network connectivity. Subnet A and Subnet B are subnets that are currently needed. Subnet C is an anticipated subnet that is not yet connected to the network.
Link to Hands-on Lab: Network Documentation with Utility Commands
In this lab, you create a small network that requires connecting network devices and configuring host computers for basic network connectivity. Subnet A and Subnet B are subnets that are currently needed. Subnet C is an anticipated subnet that is not yet connected to the network.
11.5.6 Case Study
Page 1:
Click the lab icon for more details.
11.5.6 - Case Study
Link to Hands-on Lab: Case Study - Datagram Analysis with Wireshark
In this lab, you demonstrate how TCP segments, IP packets, and Ethernet II frames are constructed and explain the segment, packets, or frame fields associated with each. You also explain the contents of an ARP REQUEST and an ARP REPLY.
11.6 Summary
11.6.1 Summary and ReviewPage 1:
This chapter introduced the issues to be considered when connecting and configuring computers, switches, and routers to build an Ethernet-based local area network.
The Cisco Internetwork Operating System (IOS) software and the configuration files for routers and switches were presented. This included accessing and using the IOS CLI modes and configuration processes, and understanding the significance of the prompt and help functions.
Managing IOS configuration files and using a methodical structured approach to testing and documenting network connectivity are key network administrator and network technician skills.
Summary of IOS features and commands:
User EXEC Mode
- enable - Enter Privileged EXEC mode
- copy running-config startup-config - Copy the active configuration to NVRAM.
- copy startup-config running-config - Copy the configuration in NVRAM to RAM.
- erase startup-configuration - Erase the configuration located in NVRAM.
- ping ip_address - Ping to that address.
- traceroute ip_address - Trace each hop to that address.
- show interfaces - Display statistics for all interfaces on a device.
- show clock - Show the time set in the router.
- show version - Display currently loaded IOS version, hardware, and device information.
- show arp - Display the ARP table of the device.
- show startup-config - Display the saved configuration located in NVRAM.
- show running-config - Display the contents of the currently running configuration file.
- show ip interface - Display IP statistics for interface(s) on a router.
- configure terminal - Enter terminal configuration mode.
- hostname hostname - Assign a host name to device.
- enable password password - Set an unencrypted enable password.
- enable secret password - Set a strongly encrypted enable password.
- service password-encryption - Encrypt display of all passwords except secret.
- banner motd# message # - Sets a message-of-the-day banner.
- line console 0 - Enter console line configuration mode.
- line vty 0 4 - Enter virtual terminal (Telnet) line configuration mode.
- interface Interface_name - Enter interface configuration mode.
- login - Enable password checking at login.
- password password - Set line password.
- ip address ip_address netmask - Set interface IP address and subnet mask.
- description description - Set interface description.
- clock rate value - Set clock rate for DCE device.
- no shutdown - Set interface to up.
- shutdown - Administratively set interface to down.
11.6.1 - Summary and Review
In this chapter, you learned to:
- Define the role of the Cisco Internetwork Operating System or I O S.
- Define the purpose of a configuration file.
- Identify several classes of devices that have the Cisco I O S embedded.
- Identify the factors contributing to the set of Cisco I O S commands available to a device.
- Identify the Cisco I O S modes of operation.
- Identify the basic Cisco I O S commands.
- Compare and contrast the basic show commands.
In this chapter, you learned to:
- Define the role of the Cisco Internetwork Operating System or I O S.
- Define the purpose of a configuration file.
- Identify several classes of devices that have the Cisco I O S embedded.
- Identify the factors contributing to the set of Cisco I O S commands available to a device.
- Identify the Cisco I O S modes of operation.
- Identify the basic Cisco I O S commands.
- Compare and contrast the basic show commands.
Page 2:
11.6.1 - Summary and Review
This is a review and is not a quiz. Questions and answers are provided.
Question 1. List the network services provided by the Cisco I O S.
Answer:
- Basic routing and switching functions.
- Reliable and secure access to networked resources.
- Network scalability.
Question 2. Describe three methods of accessing a Cisco device for C L I management and configuration.
Answer:
- Console
- Telnet or SSH
- AUX port
Question 3. Compare the functions and use of the running-configuration and startup-configuration files.
Answer:
- The running configuration file is used during the current operation of the device.
- The startup configuration file is stored in NV RAM and loaded to provide the device configuration when the device is started or restarted.
Question 4. Distinguish the features of the Cisco I O S user EXEC mode and privileged EXEC mode.
Answer:
User Executive Mode
The user executive mode, or user EXEC for short, has limited capabilities but is useful for some basic operations. The user EXEC mode is at the top of the modal hierarchical structure. This mode is the first entrance into the C L I of a Cisco I O S router.
The user EXEC mode allows only a limited number of basic monitoring commands. This is often referred to as view only mode. The user EXEC level does not allow the execution of any commands that might change the configuration of the device.
The user EXEC mode can be identified by the prompt ending with the > symbol.
Switch>
Privileged EXEC Mode
The execution of configuration and management commands requires that the network administrator use the privileged EXEC mode or a specific mode further down the hierarchy.
The privileged EXEC mode can be identified by the prompt ending with the # symbol.
Switch#
Question 5. What is the difference between entering a question mark with no space and a question mark with a space directly after a partial command at the appropriate prompt?
For example, "cl question mark" and "clock question mark".
Answer: When using the question mark without a space, as with "cl question mark", all available commands that begin with the characters "cl" are listed.
When using the question mark with a space, as with "clock space question mark" all available subcommands that begin with clock are listed.
Question 6. What mode does a prompt of Router# indicate? How is this mode invoked?
Answer: The prompt indicates privileged EXEC mode. It is invoked from user EXEC mode by using the enable command.
Question 7. State the purpose and difference of the configuration commands service password-encryption and enable secret class.
Answer: The service password-encryption command applies weak encryption to all unencrypted passwords. This encryption does not apply to passwords because they are sent over media. The purpose of this command is to keep unauthorized individuals from viewing passwords in the configuration file.
The enable secret command provides security to privileged EXEC mode by encrypting the password.
Question 8. Why are delimiting characters required when setting a message of the day banner?
Answer: The banner m o t d command requires delimiters to identify the content of the banner message.
Question 9. What information should be included in a message of the day login banner on a Cisco device?
Answer: The exact content or wording of a banner depends on the local laws and corporate policies. Here are some examples of information to include in a banner:
- Use of the device is specifically for authorized personnel.
- Activity may be monitored.
- Legal action will be pursued for any unauthorized use.
Question 10. Give three methods of saving or backing up the active configuration of a Cisco device.
Answer: Configuration files can be stored on a Trivial File Transfer Protocol or TFTP server, a CD, a USB memory stick, or a floppy disk stored in a safe place. A configuration file should also be included in the network documentation.
Question 11. What is the purpose of the no shutdown command when configuring interfaces on a router?
Answer: By default, interfaces are disabled. To enable an interface, enter the no shutdown command from interface configuration mode.
Question 12. What information should be included in an interface description on a Cisco router?
Answer: The host name helps to identify the device on a network, and the interface description indicates the purpose of the interface. A description of what an interface does or where it is connected should be part of the configuration of each interface. This description can be useful for
troubleshooting.
Question 13. List the steps to follow to verify that a host can successfully connect to and access a network.
Answer: Steps to verify host connection are the following:
- Test the stack.
- Test the NIC.
- Test another local host.
- Test the gateway.
- Test access to a remote host.
Question 14. What is the purpose of capturing the results of network tests such as ping, trace, and arp?
Answer: They are used to create a record of network traffic for troubleshooting and network performance analysis.
This is a review and is not a quiz. Questions and answers are provided.
Question 1. List the network services provided by the Cisco I O S.
Answer:
- Basic routing and switching functions.
- Reliable and secure access to networked resources.
- Network scalability.
Question 2. Describe three methods of accessing a Cisco device for C L I management and configuration.
Answer:
- Console
- Telnet or SSH
- AUX port
Question 3. Compare the functions and use of the running-configuration and startup-configuration files.
Answer:
- The running configuration file is used during the current operation of the device.
- The startup configuration file is stored in NV RAM and loaded to provide the device configuration when the device is started or restarted.
Question 4. Distinguish the features of the Cisco I O S user EXEC mode and privileged EXEC mode.
Answer:
User Executive Mode
The user executive mode, or user EXEC for short, has limited capabilities but is useful for some basic operations. The user EXEC mode is at the top of the modal hierarchical structure. This mode is the first entrance into the C L I of a Cisco I O S router.
The user EXEC mode allows only a limited number of basic monitoring commands. This is often referred to as view only mode. The user EXEC level does not allow the execution of any commands that might change the configuration of the device.
The user EXEC mode can be identified by the prompt ending with the > symbol.
Switch>
Privileged EXEC Mode
The execution of configuration and management commands requires that the network administrator use the privileged EXEC mode or a specific mode further down the hierarchy.
The privileged EXEC mode can be identified by the prompt ending with the # symbol.
Switch#
Question 5. What is the difference between entering a question mark with no space and a question mark with a space directly after a partial command at the appropriate prompt?
For example, "cl question mark" and "clock question mark".
Answer: When using the question mark without a space, as with "cl question mark", all available commands that begin with the characters "cl" are listed.
When using the question mark with a space, as with "clock space question mark" all available subcommands that begin with clock are listed.
Question 6. What mode does a prompt of Router# indicate? How is this mode invoked?
Answer: The prompt indicates privileged EXEC mode. It is invoked from user EXEC mode by using the enable command.
Question 7. State the purpose and difference of the configuration commands service password-encryption and enable secret class.
Answer: The service password-encryption command applies weak encryption to all unencrypted passwords. This encryption does not apply to passwords because they are sent over media. The purpose of this command is to keep unauthorized individuals from viewing passwords in the configuration file.
The enable secret command provides security to privileged EXEC mode by encrypting the password.
Question 8. Why are delimiting characters required when setting a message of the day banner?
Answer: The banner m o t d command requires delimiters to identify the content of the banner message.
Question 9. What information should be included in a message of the day login banner on a Cisco device?
Answer: The exact content or wording of a banner depends on the local laws and corporate policies. Here are some examples of information to include in a banner:
- Use of the device is specifically for authorized personnel.
- Activity may be monitored.
- Legal action will be pursued for any unauthorized use.
Question 10. Give three methods of saving or backing up the active configuration of a Cisco device.
Answer: Configuration files can be stored on a Trivial File Transfer Protocol or TFTP server, a CD, a USB memory stick, or a floppy disk stored in a safe place. A configuration file should also be included in the network documentation.
Question 11. What is the purpose of the no shutdown command when configuring interfaces on a router?
Answer: By default, interfaces are disabled. To enable an interface, enter the no shutdown command from interface configuration mode.
Question 12. What information should be included in an interface description on a Cisco router?
Answer: The host name helps to identify the device on a network, and the interface description indicates the purpose of the interface. A description of what an interface does or where it is connected should be part of the configuration of each interface. This description can be useful for
troubleshooting.
Question 13. List the steps to follow to verify that a host can successfully connect to and access a network.
Answer: Steps to verify host connection are the following:
- Test the stack.
- Test the NIC.
- Test another local host.
- Test the gateway.
- Test access to a remote host.
Question 14. What is the purpose of capturing the results of network tests such as ping, trace, and arp?
Answer: They are used to create a record of network traffic for troubleshooting and network performance analysis.
Page 3:
This culminating activity will allow you to practice the skills and conceptual understandings you have been developing throughout the entire course.
Packet Tracer Skills Integration Instructions (PDF)
Click the Packet Tracer icon to launch the Packet Tracer activity.
11.6.1 - Summary and Review
Link to Packet Tracer Exploration: Skills Integration Challenge: Configuring and Testing your Network
This culminating activity allows you to practice the skills and conceptual understandings that you have been developing throughout the entire course.
Link to Packet Tracer Exploration: Skills Integration Challenge: Configuring and Testing your Network
This culminating activity allows you to practice the skills and conceptual understandings that you have been developing throughout the entire course.
Page 4:
To Learn More
The IOS feature set of Cisco routers and switches varies significantly across the model range of these devices. This chapter has introduced some of the basic IOS commands and features that are common across most devices. Although some of the more advanced features are covered in later Cisco courses, often during the regular day-to-day administration of a network, other information may be required more immediately.
The Cisco Systems website, http://www.cisco.com, is the source of the technical documentation used to install, operate, and troubleshoot Cisco networking devices. A free cisco.com registration provides access to online tools and information. It is recommended that students register on the website to make use of this resource during their study, and to prepare for using it when in the workplace.
Cisco Router and Switch IOS Password Recovery
An example of the technical documentation available from cisco.com is the procedure to use to recover lost or forgotten passwords on a device. This chapter explained the importance of securing access to the IOS with the use of encrypted passwords. However, for a number of reasons, and particularly in a classroom lab environment, a password may be lost or forgotten, thereby preventing access to the device.
A search for password recovery documents for the 1841 router and 2960 switch (the current recommended CCNA Exploration lab devices) on cisco.com returned the following documents that provide the procedures to follow:
http://www.cisco.com/warp/public/474/pswdrec_1700.pdf
http://www.cisco.com/warp/public/474/pswdrec_2900xl.pdf
If your lab has other models of Cisco routers or switches, equivalent documents can be obtained by conducting a search on Cisco.com.
11.6.1 - Summary and Review
The diagram depicts a collage of people using computers and networks.
The diagram depicts a collage of people using computers and networks.
11.7 Chapter Quiz
11.7.1 Chapter QuizPage 1:
11.7 รข Chapter Quiz
11.7.1 - Chapter Quiz
1. A copy of a configuration file can be saved to a TFTP server. Construct the command sequence to accomplish this task based on the action descriptions provided. (Not all options apply.)
Commands:
configure terminal
copy tftp run
192.168.23.5
enable
copy run tftp
router-config
Action Descriptions:
enter privileged mode
copy configuration to TFTP server
enter location of server
enter destination file name
2. Which command sequence permits access to five virtual terminal lines with a password of cisco?
A. Router(config-line)#configure telnet
Router(config-line)#line vty 0 5
Router(config-line)#password cisco
B. Router(config)#line vty 0 5
Router(config)#password cisco
C. Router(config)#line vty 0 4
Router(config-line)#login
Router(config-line)#password cisco
D. Router(config)#configure telnet
Router(config-line)#password cisco
Router(config-line)#session 0 4
3. Which command turns on a router interface?
A. Router(config-i f)#enable
B. Router(config-i f)#no down
C. Router(config-i f)#s0 active
D. Router(config-i f)#interface up
E. Router(config-i f)#no shutdown
4. What is the purpose of the Cisco I O S enable secret command?
A. To set password protection on incoming Telnet sessions.
B. To set password protection on the console terminal.
C. To allow a user access to User mode.
D. To allow a user to enter a password that will be encrypted.
5. Which command displays statistics for all interfaces configured on a router?
A. list interfaces
B. show interfaces
C. show processes
D. show statistics
6. What command displays a list of commands available for viewing the status of the router?
A. Router#?show
B. Router#sh?
C. Router#show ?
D. Router#help
E. Router#status?
7. An administrator configures a new router and names it SAN JOSE. The administrator needs to set a password that will be required to establish a console session with the router. Which commands should be issued by the administrator to set the console password to CISCO?
A. SANJOSE(config)#enable password CISCO
B. SANJOSE(config)#line con 0
SANJOSE(config-line)#login
SANJOSE(config-line)#enable password CISCO
C. SANJOSE(config)#enable console password CISCO
D. SANJOSE(config)#line con 0
SANJOSE(config-line)#login
SANJOSE(config-line)#password CISCO
8. A network administrator must configure a serial interface with an IP address. The configuration must also identify the remote site to which the interface is connected. Which set of commands will meet these requirements?
A. Chicago(config)#description San Jose T1
Chicago(config)#interface serial0/0
Chicago(config- i f)#i p address 192.168.204.9 255.255.255.252
B. Chicago(config)# interface serial0/0
Chicago(config- i f)#i p address 192.168.204.9 255.255.255.252
Chicago(config- i f)#description San Jose T1
C. Chicago(config)#interface serial0/0
Chicago(config- i f)#i p address 192.168.204.9 netmask 255.255.255.252
Chicago(config- i f)#description San Jose T1
D. Chicago(config)#interface serial0/0
Chicago(config- i f)#i p address 192.168.204.9 255.255.255.252
Chicago(config- i f)#remote site San Jose T1
E. Chicago(config)#interface serial0/0
Chicago(config- i f)#i p address 192.168.204.9 255.255.255.252
Chicago(config- i f)#interface description San Jose T1
9. What does it mean when the ping command returns a result of period?
A. congestion experienced
B. destination unreachable
C. timed out waiting for echo reply
D. successful receipt of an echo reply
10. Which utility shows the route a packet takes to reach its destination?
A. netstat
B. ping
C. Telnet
D. trace route
11.7.1 - Chapter Quiz
1. A copy of a configuration file can be saved to a TFTP server. Construct the command sequence to accomplish this task based on the action descriptions provided. (Not all options apply.)
Commands:
configure terminal
copy tftp run
192.168.23.5
enable
copy run tftp
router-config
Action Descriptions:
enter privileged mode
copy configuration to TFTP server
enter location of server
enter destination file name
2. Which command sequence permits access to five virtual terminal lines with a password of cisco?
A. Router(config-line)#configure telnet
Router(config-line)#line vty 0 5
Router(config-line)#password cisco
B. Router(config)#line vty 0 5
Router(config)#password cisco
C. Router(config)#line vty 0 4
Router(config-line)#login
Router(config-line)#password cisco
D. Router(config)#configure telnet
Router(config-line)#password cisco
Router(config-line)#session 0 4
3. Which command turns on a router interface?
A. Router(config-i f)#enable
B. Router(config-i f)#no down
C. Router(config-i f)#s0 active
D. Router(config-i f)#interface up
E. Router(config-i f)#no shutdown
4. What is the purpose of the Cisco I O S enable secret command?
A. To set password protection on incoming Telnet sessions.
B. To set password protection on the console terminal.
C. To allow a user access to User mode.
D. To allow a user to enter a password that will be encrypted.
5. Which command displays statistics for all interfaces configured on a router?
A. list interfaces
B. show interfaces
C. show processes
D. show statistics
6. What command displays a list of commands available for viewing the status of the router?
A. Router#?show
B. Router#sh?
C. Router#show ?
D. Router#help
E. Router#status?
7. An administrator configures a new router and names it SAN JOSE. The administrator needs to set a password that will be required to establish a console session with the router. Which commands should be issued by the administrator to set the console password to CISCO?
A. SANJOSE(config)#enable password CISCO
B. SANJOSE(config)#line con 0
SANJOSE(config-line)#login
SANJOSE(config-line)#enable password CISCO
C. SANJOSE(config)#enable console password CISCO
D. SANJOSE(config)#line con 0
SANJOSE(config-line)#login
SANJOSE(config-line)#password CISCO
8. A network administrator must configure a serial interface with an IP address. The configuration must also identify the remote site to which the interface is connected. Which set of commands will meet these requirements?
A. Chicago(config)#description San Jose T1
Chicago(config)#interface serial0/0
Chicago(config- i f)#i p address 192.168.204.9 255.255.255.252
B. Chicago(config)# interface serial0/0
Chicago(config- i f)#i p address 192.168.204.9 255.255.255.252
Chicago(config- i f)#description San Jose T1
C. Chicago(config)#interface serial0/0
Chicago(config- i f)#i p address 192.168.204.9 netmask 255.255.255.252
Chicago(config- i f)#description San Jose T1
D. Chicago(config)#interface serial0/0
Chicago(config- i f)#i p address 192.168.204.9 255.255.255.252
Chicago(config- i f)#remote site San Jose T1
E. Chicago(config)#interface serial0/0
Chicago(config- i f)#i p address 192.168.204.9 255.255.255.252
Chicago(config- i f)#interface description San Jose T1
9. What does it mean when the ping command returns a result of period?
A. congestion experienced
B. destination unreachable
C. timed out waiting for echo reply
D. successful receipt of an echo reply
10. Which utility shows the route a packet takes to reach its destination?
A. netstat
B. ping
C. Telnet
D. trace route
0 comments:
Post a Comment