This article is interconnected with the Navigating Cisco IOS software. If you haven’t read that yet, you must read that. After a clear and firm understanding of Navigation article, it is time to put that knowledge to the test by exposing yourself to the huge number of commands that are available for configuration and verification.
This article is specifically arranged to ensure that you understand which layer of Cisco IOS navigation hierarchy each command resides. With the article divided into these sections, you will learn to apply these commands correctly if presented with a Cisco configuration objective for the exam and the real world.
Additionally, you should notice similarities and form an association between the syntax and functionality of the commands and the level of IOS to which they can be applied and utilized. Having this knowledge at your fingertips will prove invaluable when configuring simulations or eliminating distracting answers on the CCNA, ICND1, ICND2 exams, etc.
As mentioned in our “Foundation Cisco IOS operations” article, Global configuration commands affect the entire router or switch’s operations. We enter Global Configuration by typing configure terminal from Privileged EXEC, which changes the prompt to Router(config)#. This section looks at the syntax and functions of some basic Global Configuration parameters that you can configure in a switch or a router.
Altering the Boot Sequence
In the foundation of Cisco IOS operation, we see that there are two means of altering the default boot sequence of a router. Namely, by changing certain fields in the configuration register, you can force the Cisco device to perform actions such as booting from ROM and ignoring the startup configuration. In Global configuration, the config register command enables you to manipulate those fields and ultimately change the normal default operations of the router or switch.
For example, if you wanted to manipulate the configuration register to enter ROM mon on the next reboot, the Global Configuration command would look like this on a router:
On the next boot, this router instructs the bootstrap to immediately boot into ROM mon in ROM. The prompt displays rommon 1>, signifying that the manipulation was successful and you are indeed in the mini-IOS.
The second Global Configuration command to globally affect the startup sequence that was mentioned in our previous article is the boot system command. With this command, you can optionally instruct the bootstrap to boot from specific locations, and even tell it which file to load if there are multiple IOS files at that location. Two different examples of the boot system commands are as follows:
Router(config)#boot system tftp c2600-do3s-mz.120-5.T1 172.16.1.1 Router(config)#boot system flash c2600-do3s-mz.120-5.T1
The first command instructs the bootstrap to locate the IOS on the TFTP server located at 172.16.1.1. the second boot system command configures the bootstrap to specifically load the IOS file c2600-do3S-mz.120-5.T1 in the possible event that Flash has multiple IOS image files on it. In examples where you have multiple boot system commands in a sequence, such as an example just given, the bootstrap test each command in successive order until it successfully locates and loads an IOS.
Changing the Hostname
The default prompt for a router starts with the hostname Router. You should change the hostname to uniquely identify the Cisco device in your internetwork. This is especially useful if you are using Telnet to remotely manage multiple devices you need to identify to which device you are connected. The syntax for the command to change the hostname of the Cisco device is the hostname, followed by the name you have chosen (up to 25 characters) as illustrated here:
Router(config)#hostname CCNA2811 CCNA2811(config)#
Notice that once we type the hostname command, the prompt immediately is changed to its new hostname (in this case, CCNA2811).
Creating a Login Banner
It is advisable to display a login banner as a means to provide notice of acceptable use or as a warning to anyone attempting to gain unauthorized access to your Cisco device. In Cisco terms, this is known as the message of the day. This message is displayed to any user attempting to gain an EXEC session on all terminal lines in the IOS. An example configuration for the message of the days is as follows:
CCNA2811(config)#banner motd# This is a private system and may be accessed only by authorized users. Unauthorized access is strictly prohibited and will be enforced to the full extent of the law.#
Notice that the banner motd (message of the day) command example contains a # character before and after the message. This is known as a delimiting character and is used to inform the IOS where your banner begins and ends. This can be any character, so it makes sense to use a character that is not present in the banner itself. For instance, if the delimiting character were “v”, the banner would be displayed as This is a Pri.
Assigning a Password for Privileged EXEC Mode
Gaining access to Privileged EXEC essentially means you have access to all the functionality of the IOS, including those commands that can detrimentally affect the router or switch. With that being said, it makes sense to secure access to Privileged EXEC to ensure those who gain access are indeed skilled and authorized to do so. This is achieved in Global Configuration with the creation of an enable password, which prompts anyone attempting to access Privileged EXEC with a password that is known only by those who truly are privileged.
The command to assign a password to gain access to Privileged EXEC can be achieved with one of the following two commands:
CCNA2811(config)#enable password myenablepassword CCNA2811(config)#enable secret mysecretpassword
So what is the difference between the two commands? The enable secret password is secure because it utilizes a non-reversible one-way MD5 (Message Digest 5) cryptographic hash of the password so it cannot be deciphered by anybody who can be seen by anyone that gains access to that configuration. In practice, it is customary to utilize the enable secret command for the security that it provides over the enable password command. The following configuration demonstrates a secure enable password configuration, and the resulting prompt that occurs when you try to re-enter Privileged EXEC:
CCNA1841>enable CCNA1841#configure terminal Enter configuration commands, one per line. End with CNTL/Z. CCNA1841(config)#enable secret gif orgot CCNA(config)#end CCNA1841# *Aug 12:21:46:38.055:%SYS-5-CONFIG_I: Configured from console by console CCNA1841#disable CCNA1841>enable Password:
It is possible to encrypt the password used in the enable password command by using the following Global Configuration command:
This command actually encrypts all clear text passwords in your configuration, including passwords you assign to the EXEC lines. This is useful in case anyone happens to actually see your configuration because the password cannot be distinguished visually upon initial sight.
Be advised, however, that the encryption used is a Cisco proprietary encryption, which is easily broken to reveal the actual password. When choosing between this method and the enable secret method for secure Privileged EXEC, use enables secret because its encryption is exponentially stronger.
To be continued………
Read our other CCNA Course Articles,
- All about Navigating the Cisco IOS
- Introduction to Foundation Cisco IOS Operation
- All you need to know about Cisco Routers and Switches