Navigating the Cisco IOS – CCNA Course
By now, you have a new-found love and respect for your Cisco equipment after knowing all the work that occurs when you turn on your router or switch.
What better way to prove that love and respect but by mastering the IOS that the Cisco devices have so painstakingly found and loaded for your administration and configuration pleasure? This article looks at the hierarchical levels of the IOS and what type of interactivity you can encounter at each level.
At your company, you may have level 1 technicians who are not strong in Cisco fundamentals, thus, you want to ensure only that they have access to basic troubleshooting and statistics without worrying that they might change the configuration or cause some other network catastrophe. Because a multitude of administrators might need to gain access to these Cisco devices, it makes sense to ensure that the first level of IOS hierarchy they encounter is somewhat limited in the extent of what can be done. This is the nature of User EXEC.
In User EXEC, you are limited in the number and type of commands that are available to you. For instance, the majority of show commands are available at this level of the IOS hierarchy because they do not detrimentally affect the router or the switch to perform these commands.
In addition, you can test IP connectivity to other devices with ping as well as remotely administer other devices or troubleshoot all the way to Layer 7 with Telnet. The Cisco IOS prompt for User EXEC is signified by the greater than sign (>) following the hostname of the Cisco device. For example, a cisco router and switch with their default hostnames would look like Router> and Switch>, respectively. The following figure displays the commands that you have available at User EXEC.
Router>? Exec commands: access-enable create a temporary access-list entery access-profile apply user-profile to interface call voice call clear reset functions connect open a terminal connection crypto encryption related commands disable turn off privileged commands disconnect disconnect an existing network conection enable turn on privileged commands exit exit from EXEC help description of teh interactive help system lock lock the terminal login log in as a particular user logout exit from the EXEC modemui start a modem-like user interface mrinfo request neighbor and version information from a multicast router mstat show statistics after multiple multicast traceroutes mtrace trace reverse multicast path from a destination to source name-connection name an existing network connection pad open a X.29 PAD connection ping send exho messages ppp start IETF point-to-point protocol (PPP) release release a resource renew renew a resource resume resume an active network connection rlogin open an rlogin connection set set system parameter (not config) show show running system information slip start serial-line IP (SLIP) ssh open a secure shell client connection systat display information about terminal lines tclquit quit tool command language shell telnet open a telnet connection terminal set a terminal line parameters traceroute trace route to destination tunnel open a tunnel connection udptn open an udptn connection where list active connection x28 become an X.28 PAD x3 set X.3 parameters on PAD
Assuming you need to acquire more functionality from your Cisco devices beyond basic troubleshooting and statistical displays, you have to have anther layer of the Cisco IOS hierarchy in which you have access to all commands. Happily named, Privileged EXEC is the next level of the IOS, in which you have the same commands as you do in User EXEC, as well as some commands that can alter the Cisco device’s functionality.
For example, in Privileged EXEC, you can perform debug commands that can show you hundreds of real-time routing and switching functions and report them to the console. Because this can cause quite a processing strain on the device, these commands are reserved for only those who can access Privileged EXEC. Additionally, some show commands such as show startup-config and show running-config can be seen only by those who should be able (privileged) to see the configuration of the devices (including passwords). Some other new and dangerous commands available in Privileged EXEC include delete, clear, erase, configure, copy, and reload (reboots the device), to name a few.
To gain access to Privileged EXEC, type the command enable from User EXEC. After you press Enter, the prompt changes from > to #, signifying that you are now in Privileged EXEC mode. Because anybody can read this section and learn how to get to these commands, it makes sense to have some way for the IOS to prompt for a password to authorize those who truly should be granted access. In the future article, we’ll discuss how to apply these passwords to restrict who gains access from User EXEC to Privileged EXEC. To return back to User EXEC, the reverse command is disabled.
One of the commands that you can access through Privileged EXEC is configured. This means that we have to enter yet another level of the Cisco IOS to make any configuration changes to the Cisco device. By typing the configure terminal command, you are telling the Cisco IOS that you are going to configure the Cisco device via your terminal window. The new level you enter after you complete this command is called Global Configuration.
You can recognize it by looking at the command prompt, which will reflect Router (config)# for routers and switch (config)# for Switches.
The following figure displays a partial output of just some of the commands that are available in Global Configuration. Note that the commands delete, debug, clear, configure, and copy do not show up in the list of commands. You have a different set of commands available to you at this level of the IOS versus Privileged and User EXEC. This means that you must exit Global Configuration to use these commands as well as the show, reload, and other Privileged EXEC specific commands.
Of equal note, after you enter a command in the IOS, it is immediately applied to running-config and applied to the device’s operation. The configurations are not listed and then applied later like batch files or executed compiled programs. Configuration help is shown in the following figure.
Router>enable Router#configure terminal Enter configuration commands. One per line. End with CNTL/Z Router(config)#7 Configure commands: Aaa Authentication, authorization and accounting Aal2-profile Configure AAL2 profile Access-list Add an access list entry Alias Create command alias Appfw Configure the application firewall policy Application Define application Archive Archive the configuration Arp Set a static ARP entry Async-bootp Modify system bootp parameters Backhaul-session-manager Configure backhaul session manager Banner Define a login banner Bba-group Configure BBA group Boot Modify system boot parameters Bridge Adjust system buffer pool parameters Busy-message Display message when connection to host fails Call Configure call parameters Call-history-mib Define call history mib parameters Call-manager-fallback SRST for cisco call manager manager fallback. For call manager express configuration use the telephony-service command Carrier-id Name of the carrier associated with this trunk group ccm-manager Call manager Cdp Global CDP configuration subcommands Chat-script Define a modem chat script Class-map Configure QOS class map Clns Global CLNS configuration subcommands Clock Configure time-of-day clock Cns CNS agents Config-register Define the configuration register Configuration Configuration access Connect Cross-connect two interfaces Control-plane Configure control plane services Crypto Encryption module Default Set a command to its defaults Default-value Default character bits values Define Interface range macro definition Dial-control-mib Define dial control mib parameters Dial-peer Dial map(peer) configuration commands
As the name states, any configuration that is applied in this level applies globally to the Cisco router or switch. Here we can perform configuration tasks such as changing the hostname of the router or switch, creating a login banner, creating a password to prompt users trying to gain access to Privileged EXEC and many others. It is also at this level of the Cisco IOS hierarchy that you can enter several different sub-configuration modes to apply specific configurations for things such as interfaces, routing protocols, and EXEC lines.
Directly from Global Configuration, you can configure interface-specific commands that apply only to interfaces specified in the configuration. Now you can enable the interfaces, assign IP addresses, set speeds, and configure other interface commands. Once again, the commands that are available at this sub-configuration level of the IOS are not applicable at Global Configuration or Privileged EXEC and User EXEC.
To configure an interface, you must specify the interface you want to configure. If the device has fixed (non-modular) interfaces, you simply specify the type of interface followed by the interface number (and remember Cisco routers start their numbering schema with 0). For example, the 1600 series router has a fixed Ethernet interface that cannot be removed from the router. To configure that interface, you type interface Ethernet 0 from Global Configuration. Most devices today utilize the modular configuration in which you have to specify the module number as well as the interface number because these devices can change functionality depending on the type of module inserted into them. For example, to configure the second WAN serial interface on the first module on a 2800 series router, you would input interface serial 0/1 where 0 is the module number (the first module starts with 0) and 1 is the interface. The prompt in Interface Configuration Mode is displayed as Router(config-if)#, regardless of the interface type. This means you must keep track of what interface you are configuring because the prompt does not specify the type.
Also accessed from Global Configuration, line configuration are specific to those EXEC lines through which a user can gain access to the Cisco device. Specifically, you can configure options such as logins and passwords for a user trying to gain User EXEC access to the console and auxiliary ports, as well as the 5 vty (virtual teletype) Telnet lines into a router or switch. From Global Configuration, you must utilize the keyword, line, followed by the EXEC line you want to configure. For example, to configure console-specific commands, you would type line console 0 from Global Configuration. The prompt changes to Router (config-line)#, regardless of the line you are configuring.
Even though the Cisco IOS is a command-line interface, it is not without its help features to help you through your navigation of the IOS. Specifically, to see what commands are available at any level of the IOS, you can use the help feature of the IOS, the question mark. By typing ? (no Enter keystroke necessary) at any level of the IOS, you get a listing of all the commands available and a brief description of the command.
Quite often, the list of available commands may extend beyond one terminal screen. This is apparent because the string More is displayed at the bottom of the list on the screen. To see the next page of listed commands, you can press the space bar and the command list scrolls another terminal screen’s length. If you prefer to see the commands line by line, you can keep hitting the Enter key and it displays only the next command each time you press it. On the chance that you have found the command you were looking for in the list, you can hit any key (pause for inevitable “where’s any key?” joke) to get back to the command prompt.
In some instances, you may not recall the command that you are looking for, but you do remember the first letter of the command. Let’s say, for example, the command is in Global configuration and starts with the letter l. you could use the question mark and scroll through all the commands; however, the IOS enables you to see the commands starting with l if you type the letter followed immediately by the question mark (no space in between), as demonstrated below. Similarly, if you remembered that the command started with lcg, you can type those characters, followed immediately by the question mark, to see the commands logging and login string.
Router>enable Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#1? 12tp-class lane li-view line Logging login login-string Router(config)#1
Keep in mind that many commands in the IOS require a string of keywords to comprehend what you are trying to achieve with the command. For instance, if I was searching for the command logging and hit the enter key, the IOS would report back an error to the terminal screen that the command was incomplete because it does not understand where I want to send my logging information. If you are unsure of the commands available, once again, you use the question mark for command help. In this case, you must put a space after the first keyword followed by the question mark. The IOS then displays a list of commands that are valid after the keyword logging, as displayed here:
Router(config)#logging ? Hostname or A.B.C.D IP address of the logging host buffered set buffered logging parameters buginf logging for debugging cns- Events set CNS event logging level Console set console logging parameters Count count every log message and timestamp last occurrence Exception limit size of exception flush output Facility facility parameter for syslog messages filter specify logging filter History Configure syslog history table Host Set syslog server IP address and parameters monitor set terminal line (monitor) logging parameters on Enable logging to all enabled destinations origin-id Add origin ID to syslog messages Queue-limit Set logger message queue size Rate-limit Set messages per second limit Reload Set reload logging level Server-arp Enable sending ARP requests for syslog servers when first configured Source-interface Specify interface for source address in logging transactions Trap Set syslog server logging level Userinfo Enable logging of user info on privileged mode enabling Router(config)#logging
To make things easy for administration, the Cisco IOS enables you to abbreviate commands as long as you type enough characters for the IOS to interpret the command that you want to input. For instance, the previous example involved trying to locate the command that started with l in Global Configuration. Because there were several commands that started with l, you would need to type in more characters to find the logging command. Specifically, you would need to type log, which is just enough characters for the IOS to understand that you want to use the logging command. If you want the IOS to complete typing the command for you, you can hit the Tab key and it auto-completes the command when you provide enough characters.
To make terminal editing simpler and faster, Cisco has created several shortcut keystrokes that can speed up IOS navigation. The most useful of these shortcuts enable you to cycle through your command history to re-use or edit previously typed commands. You can use both the up and down arrows keys or Ctrl+N and Ctrl+P (if arrow keys are not supported at your terminal) to cycle through the last 10 commands in the history buffer relative to the level of the IOS you are currently located. The following table lists some other useful terminal editing keystrokes that will help you navigate within a command line.
|Ctrl+A||Move the cursor to the beginning of the command line|
|Ctrl+E||Move the cursor to the end of the command line|
|Ctrl+B||Move the cursor back one character|
|Ctrl+F||Move the cursor forward one character|
|Esc+B||Move the cursor back one word|
|Esc+F||Move the cursor forward one word|
The terminal editing keys discussed so far are very useful for moving within a particular level of the IOS. However, you need to know how to navigate back from those different levels of the Cisco IOS. Namely, if you need to go back one level of the IOS, simply type the command exit. For instance, if you are in the Interface Configuration mode of the IOS and you need to go back to Global Configuration, just type exit, and your prompt display should change from
Router(config-if)# to Router(config)#
Suppose you are back in the interface configuration and you need to ping or traceroute to your neighbor or do a show command to verify that the interface is working. Recall that this variety of commands can be performed only in Privileged EXEC or User EXEC. To return to these levels of the IOS hierarchy, you can type exit until you are all the way back. You can also use the keystroke Ctrl+Z or the keyword end, which will automatically take you back to Privileged EXEC, regardless of how deep in the configuration levels you happen to be.
Router(config-if)# to Router(config)#
Common Syntax Errors
As mentioned before, the IOS reports back error messages if you have not provided the correct syntax for a command. The three syntax error messages that you may encounter are as follows:
- Ambiguous Command: This error is displayed when you have not typed enough characters for the IOS to distinguish which command you want to use. In other words, several commands start with those same characters, so you must type more letters of the command for the IOS to recognize your particular command.
- Incomplete Command: This IOS has recognized your keyword syntax with this error message; however, you need to add more keywords to tell the IOS what you want to do with this command.
- Invalid Input: Also known as the “Fat finger” error, this console error message is displayed when you mistype a command. The IOS displays a caret mark (^) at the point up to which the IOS could understand your command.
Below is an example for each of these three error console messages. Also, notice that this configuration snapshot now includes abbreviations to get into Privileged EXEC and Global Configuration.
Router> Router>en Router#conf t Enter configuration commands, one per line. End with CNTL/Z Router(config)#r% Ambiguous command: “r” Router(config)#router % Incomplete command. Router (config)# router rip % Invalid input detected at ‘^’ marker.
Step by Step
- Go into Privileged EXEC by typing enable or en (or any abbreviation you feel comfortable with).
- Enter Global Configuration by typing configure terminal or configt.
- Enter the Line Configuration mode for the console by typing line console 0 or line con 0.
- Look at the list of commands available by using ?
- Press the space bar to cycle page by page or Enter to cycle line by line.
- Return back to Global Configuration by typing exit.
- Enter the interface Configuration for serial 0/0 by typing interface serial 0/0 or int ser 0/0.
- Exit back to Privileged EXEC by typing Ctrl+Z or end.
Use the output below as a loose reference of what the output might look like.
! Step 1 Router>Router>en ! Step 2 Router#conf t Enter configuration commands, one per line. End with CNTL/Z.o ! Step 3 Router(config)#line con 0 ! Step 4 Router(config-line)#?
Line Configuration Commands
Absolute-timeout Set absolute timeout for line disconnection Access-class Filter connections based on an IP access Activation-character Define the activation character Auto command Automatically execute an EXEC command` Auto command-options Auto command options Auto hangup Automatically hangup when last connection closes Auto select Set line to auto select -more- ! Step 5 Buffer-length Set DMA buffer length ***output removed for Brevity ! Step 6 Router(config-line)#exit ! Step 7 Router(config)#int ser 0/0 ! Step 8 Router(config-if)#end Roouter# *Sep 26 23:40:41.019: %SYS-5-CONFIG_I:Configured from console by console
Also, Read our other CCNA course topics,