| Home | Basic Management | Accessing | Router Software | Commands | IOS Naming |
| Configuration Register | Password Recovery | Break Keys |

Basic Cisco Router Configuration and Management

ROUTER COMPONENTS

RAM
Random-Access Memory similar to the function as RAM in PCs. This is where the IOS runs its processes. It also contains the running configuration, routing and other tables as well as packet buffers.

ROM
This Read-Only Memory stores a older 'lite' IOS used to boot the router for the very first time, or when the Flash memory is erased or corrupted.

FLASH
This piece of 'flash-able' memory stores the IOS image, the operating system of the router.

NVRAM
In contradiction to normal RAM, Non-Volatile Random-Access Memory is a special type of memory that doesn't lose its content when the router's power is turned off.
It stores the startup configuration and the configuration register.

Configuration register
The NVRAM has a special location which contains the 16-bit configuration register. Every time the router boots it reads this value. The config-register value is a hexadecimal value ranging from 0x0000 to 0xFFFF and can be set using the config-register command.

The most important portion of the configuration register to understand for the exam is the boot field, (bit 0 through 3, hexadecimal range 0x0000-0x000F) the boot field value is used to specify from where the IOS image should be loaded or bypassed even during startup.

Boot field

Meaning

 0x0

The router will enter ROM monitor mode and remain at the system bootstrap prompt.

 0x1

The IOS image stored in ROM will be loaded.

 0x2-0xF

The router will boot as normal and load the default IOS image stored in Flash and enables boot system commands.


The other 12 bits are used for various functions such as enabling/disabling the Break function, setting the Console line speed, bypassing NVRAM and controlling the broadcast address. 

To change the configuration register you have to enter be in global configuration mode. Use the command configure terminal often abbreviated to conf t in privileged EXEC mode to enter global config mode. You can enter privileged EXEC mode using the command: Router>enable When you enter the correct password the prompt will change to Router# (where "Router" is the hostname of the router).

Once you are in global config mode use the following command to change configuration register value:
           Router(config)#config-register 0x2102
where 0x2102 is an example of a config-register value.

You can view the configuration setting using the Router#show version command. The last line of the output will display the current value, and if it is different, the value after reboot:
        Configuration register is 0x2142 (will be 0x2102 at next reload)

Router start-up sequence
Routers boot similar to regular computers in which they first perform a power on self test (POST) of hardware, next load bootstrap code from ROM, then the IOS image is loaded from Flash into RAM, then a hardware inventory takes place and finally the router will find and load a configuration file.
You can reboot a router using the power switch or the reload command.

Initial router configuration
As mentioned earlier the router configuration is stored in NVRAM, this is the place where the router will search for a configuration file, alternatively you can configure the router to load a configuration file from a TFTP server. If the router cannot locate a configuration file (on a new router for example) it will start setup and it will ask if you want to enter the initial configuration dialog, if you answer with No, you'll be taken to the command prompt and you'll be able to configure the router manually. If you answer with Yes, you'll be taken through a list of questions allowing you to configure the router e.g. set a hostname, enable password and enable secret, configure routed and routing protocols and interface addressing. You can also initiate this configuration dialog using the command: setup

Manage configuration files
A Cisco router usually contains two configurations: the startup configuration (usually stored in NVRAM) and the running configuration (stored in RAM). Since IOS version 11.0 CISCO started using these terms in the commands as well.

To copy the currently running active configuration to NVRAM, so it will be used the next time you reload the router. This command is mainly used to save the configuration when you have changed it.
        Router#copy running-config startup-config

The following command loads the startup configuration stored in NVRAM into RAM and making it the active configuration:
         Router#copy startup-config running-config
You can also copy the running configuration to a TFTP server using the following command:
        Router#copy running-config tftp 222.222.222.1

 as well as the startup config:
        Router#copy startup-config tftp 222.222.222.1
You can view the running configuration using the command:
         Router#show running-config

View the startup config using the command:
        Router#show startup-config

You can use the erase command to delete the content of NVRAM:
        Router#erase startup-config

Load, backup, and upgrade IOS
Instead of using the IOS stored in flash you can load it from a TFTP server or you can load the limited IOS from ROM. This can be configured in the configuration file using the following commands in global configuration mode:

To load Cisco IOS software from Flash memory use the command:
         Router(Config)#boot system flash

Although this is default behavior, using this command can be useful especially when you multiple IOS images stored in FLASH, if you do not specify a filename the first image located will be loaded.

To load Cisco IOS software from a TFTP server use the command:
         Router(Config)#boot system tftp

To load Cisco IOS software from ROM use the command:
         Router(Config)#boot system rom
Note that this will load the limited IOS version which might prevent normal operation.

You can use a combination of, or all these commands to provide some redundancy, you can even specify multiple TFTP servers. Make sure you place them in the correct order, flash first, tftp as backup, rom as last resort. The configuration register's boot field must be set to 0x2 through 0xF, in order for the router to check the configuration file in NVRAM for boot system commands.

To backup the IOS stored in Flash to an TFTP server use the command:
         Router#copy flash tftp 222.222.222.1 c2600-js-l_121-5.bin

To upgrade the IOS stored in Flash use the command:
         Router#copy tftp flash

You will be prompted for an IP address of the TFTP server (defaults to the broadcast address 255.255.255.255) and a filename.

To delete the content stored in Flash use the command:
         Router#erase flash
NOTE Be absolutely sure you know what you are doing when you erase flash.  If not - DO NOT do it.

CONNECTING TO A ROUTER
There are multiple ways to establish connectivity to a router to perform configuration tasks:

- Console port
Cisco routers are equipped with a Console port. This is a RJ-45 port on most routers but on some high-end routers it's a DB-25 connector. You can connect a terminal (a notebook or a PC for instance) to the console port using a RJ-45 cable with RJ-45, DB-9 or DB-25 connectors on the ends. A common example is the use of a RJ-45 cable with a RJ-45 connector connecting to the router's console port and a DB-9 connector on the other end connecting to the PC's COM port. When you connect a PC to the router's console port you can use a terminal emulator to configure the router. When you start a session the following should appear:

        Router con0 is now available.
        Press RETURN to get started

- Auxilary port
Cisco routers in the series 1700 and up are also equipped with an Auxilary port. This port can be used to connect a modem to it and allow for remote administration of the router.

Managing a router using the ports mentioned above is called out-of-band management.

- Telnet
Once your router is configured with an IP address a Telnet connection will probably be the most commonly used way to connect to a router to configure and monitor it. Cisco IOS, the router's operating system, has a build-in Telnet server and a Telnet client. This allows you to connect to a router using a telnet client from a PC but from another Cisco router as well. This type of connection using the same network the router operates in is also known as in-band management.

ROUTER MODES

User EXEC mode
This is the mode you enter once you are logged on to the router. In this mode you can perform non-disruptive troubleshooting, view the routing table and status of components. You can NOT view or modify the configuration in User EXEC mode.

When you connect to the router and press the <Enter> key (Press RETURN to get started) you'll be prompted for a password:
         User Access Verification
        Password:
When you enter the correct console, telnet or AUX password password (depending on how you connect to the router) and press <Enter> the User EXEC mode command prompt will appear.
         Router>
"Router" is the default hostname for all Cisco routers. The > indicates you are in User EXEC mode.

To exit User EXEC mode and quit the session with the command-line executive use one of the following commands:
         Router>logout
        or
         Router>exit

Privileged EXEC mode
This is similar to logging on as an administrator in Windows 2000 for example. When you are in this mode you can do disruptive troubleshooting; you can view and modify the configuration.
         Router>enable <enter>
        Password:
After submitting the correct enable password (or enable secret) and pressing the <Enter> key the command prompt will change again:
         Router#

The # indicates you are in Privileged EXEC mode.

To exit Privileged EXEC mode and return to User EXEC mode use the following command:
         Router#disable

To exit Privileged EXEC mode and quit the session with the command-line executive use one of the following commands:
         Router#logout
        or
         Router#exit

Global Configuration mode
To actually change the content of the running configuration, you'll have enter global configuration mode using the configure terminal (to configure the running configuration) or the command configure memory (to configure the startup config) in Privileged EXEC mode. Global configuration mode allows you to configure settings which affect the entire router, hence its name 'global'. To show you how this works we are going to change the hostname of the router as an example:
         Router#configure terminal (usually abbreviated to conf t)

        Enter configuration commands, one per line. End with CNTL/Z.
         Router(config)#hostname David
        David(config)#
As you can see the change immediately takes effect by looking at the prompt, which now reflects the new name.

To exit global configuration mode and return to User EXEC mode use one of the following commands:
        David(config)#end
         or
         David(config)#exit
 Or use the key combination Ctrl-Z

You can use the following command to save the configuration to NVRAM so it will be used next time the router starts:
         David#copy running-config startup
Interface Configuration mode
You need to enter interface configuration mode when you want to configure settings specific to an interface, such as configuring an IP address.

To enter interface configuration mode you must use the interface command and provide the name and number of an existing interface, examples are:
         Router(config)#interface ethernet 0
        Router(config-if)#

        Router(config)#interface serial 2
        Router(config-if)#

As you can see in the first example, the first possible interface is 0, the second Ethernet interface on a router would be Ethernet 1, also noticeable is the change in the prompt.
These commands are usually abbreviated, for example to int e1 or int s0
For 2600 and 1700 model routers they have two layers of slots and fast ethernet ports. 
Use int fa0/0 or int s 0/0. There is a debate on the space after e, fa, and s - try both and use what works.

To exit interface configuration mode and return to global configuration mode, enter the following command:
         Router(config-if)#exit

To exit interface configuration mode and return to Privileged EXEC mode, use the key combination Ctrl-Z
or
        Router(config-if)#end

Other configuration modes include:
    Sub-interface configuration mode Router(config-subif)
    Router configuration mode Router(config-router)
    Line configuration mode Router(config-line)

CONFIGURING ROUTER PASSWORDS

This section describes the 4 main passwords which are directly related to managing and configuring the router.

Console password
Use the following commands to configure the console password, the first command is used to enter Line configuration mode to modify the operation of a terminal line, followed by a line number:

         Router(config)#line con
        Router(config-line)#login
        Router(config-line)#password cisco123
Telnet password
Use the following commands to configure a password for Telnet access (all 5 default connections):

         Router(config)#line vty 0 4
        Router(config-line)#login
        Router(config-line)#password cisco123
Auxilary password
Use the following commands to configure the auxiliary port password:

         Router(config)#line aux
        Router(config-line)#login
        Router(config-line)#password cisco123
Enable password and enable secret
The enable password and enable secret are local passwords used to control access to Privileged EXEC mode. The difference between these two are that the enable password is stored in clear-text in the configuration file and the enable secret is encrypted using irreversible MD5 encryption.
For example, in the configuration file an enable password could be:
        enable password cisco123

and an enable secret could be:
        enable secret 5$1$iSuI$i7TiENAn69392tYvh5wwZ1

The enable secret password overrides the regular enable password, except when and old IOS image is used that doesn't support the encrypted enable secret.

To configure an enable password, go to global config mode and issue the following command:
        Router(config)#enable password cisco123
 where cisco123 is just an example for a password.

To configure an enable secret, go to global config mode and issue the following command:
         Router(config)#enable secret cisco456
 where cisco456 is just an example for a password.

If you do not set an enable password or enable secret, you don't have to enter a password when you type the enable command, but you will end up having problems connecting to the router using telnet for example, you won't be able to enter Privileged EXEC mode.

By default all password except the enable secret are stored as clear-text in the configuration file. When you have backups on TFTP servers or floppy disks even, this might be an important issue. This can be solved using the following command to provide some encryption the passwords:
        Router(config)#service password-encryption

 The irreversible MD5 encryption used to encrypt the enable secret is much stronger than the rather simple encryption used by the service password-encryption, which can be decrypted by publicly available tools.

Context-sensitive help facility
An IOS feature that helps with using the correct command syntax. For example, when you type a command but you do not know the full syntax, you can type a ? behind it and a list with possible options (in that particular mode) will appear:

Router#show ?
  access-expression List access expression
  access-lists List access lists
  accounting Accounting data for active sessions
  aliases Display alias commands
  appletalk AppleTalk information
  arap Show Appletalk Remote Access statistics
  arp ARP table
  async Information on terminal lines used as router interfaces
  backup Backup status
  bridge Bridge Forwarding/Filtering Database [verbose]
  buffers Buffer pool statistics
  cdp CDP information
  clock Display the system clock
  compress Show compression statistics
  configuration Contents of Non-Volatile memory
  controllers Interface controller status
  debugging State of each debugging option
  decnet DECnet information
  dhcp Dynamic Host Configuration Protocol status
  dialer Dialer parameters and statistics
  dnsix Shows Dnsix/DMDP information
  dxi atm-dxi information
  entry Queued terminal entries
--More--

You don't need to press the <Enter> key after the ? and when the end of the list is reached the command will be after the prompt again, without the ? so you can continue typing the correct option. (When a list like this does not fit in the maximum allowed lines, --More-- will be displayed on the last line, press the <Enter> key to scroll down one line at a time or the <Spacebar> to scroll down to the next screen.)

When you type a single ? or just the command help a list with all possible commands will be displayed.

Command history and editing features
This refers to another set of useful features which are meant to make working with the command line interface a little bit more convenient.

By default the 10 previously issued commands are remembered. These commands can be retrieved to use them again by pressing Ctrl-P or the up arrow key. You can modify the command- lines history buffer size using the following command:
         Router#terminal history size 25

This will set the amount to 25.

You can view the history using the following command:
         Router#show history

Some other useful key combinations:
Ctrl-P (or UP arrow key) Displays the previous command in the history buffer.
 Ctrl-N (or DOWN arrow key) Displays the next command in the history buffer.
Ctrl-A Jumps to the beginning of the command line.
 Ctrl-E Jumps to the end of the command line.
 Ctrl-B (or LEFT arrow key) Moves the cursor back one character.
 Ctrl-F (or RIGHT arrow key) Moves the cursor forward one character.
Ctrl-W Deletes the last word typed.
Backspace Deletes the previous character.

The arrow keys function only on ANSI-compatible terminals such as VT100s, you can configure your terminal emulator to use VT100 emulation.

Another useful feature to assist with the command syntax is auto-complete. For example, when you type a command partly but you don't know how to spell a particular option you can let IOS complete it by pressing the TAB key:
         Router#show cdp nei<TAB>
        Router#show cdp neighbors
This only works when the given part is enough to determine 1 particular option, for example the command Router#show access does not result in Router#show access-expression because it could be Router#show access-lists as well.

These enhanced editing features are enabled by default, if you wish to disable them use the command:
         Router(config)#no terminal editing

Another useful feature to assist with the Command Line Interface (CLI) is to know that all logging is sent to the console by default. It is good to be able to see on the screen what is happening whey changes occur on you router. It is also a little difficult to concentrate when you are new to these events. To stop the default logging to the console enter the following command while in config mode:
        Router(config)#no logging console

Top