HON’s Wiki # Cisco General (IOS/IOS XE)

Home / Networking

Contents

• General Configuration
  • CLI Usage
  • Basics
  • AAA
  • Lines
• Tasks
  • Safe Shutdown (IOS XE)
  • Reset Password (Old)
  • Copy Config to Device Using SCP (Old)
• Information
  • Boot (Old)
  • Modes

I keep most of my Cisco notes elsewhere, sorry.

General Configuration

CLI Usage

• Most commands take effect immediately.
• Select range of interfaces: int range g1/0/1-52 (example)
• Reset interface(s): default int [range] <if>[-<end>]
• CLI interaction:
  • Tab: Auto-complete.
  • ?: Prints the allowed keywords.
  • | <filter>: Can be used to filter the output using one of the filter commands.
• Show configurations: show [run|start]
  • | section <section> can be used to show a specific section.

Basics

• Save/load config:
  • Save running config: copy run start or write mem
  • Restore startup config: copy start run
• System status:
  • Show alarms: show facility-alarm status
• Interface status:
  • L2/L3 oiverview: sh ip int br
• Optics:
  • Show transceivers: sh interfaces transceiver

AAA

• Disable the password-encryption service, use encrypted passwords instead. Perferrably type 9 (scrypt) secrets if available.
• Set enable secret (for entering privileged EXEC mode): enable algorithm-type scrypt secret <secret>
• Enable user auth: aaa new-model
• Local user database:
  • Enable local database: aaa authentication login default local
  • Add user: username <username> privilege 15 algorithm-type scrypt secret <password>
    • privilege 15 means the user will enter directly into privileged EXEC mode.
    • algorithm-type scrypt means it will use the secure scrypt password hashing algorithm.
• TACACS+:
  • TODO

Lines

• Includes the console line and vty (telnet/SSH) lines.
• Configured using line conf. mode: line <con|vty> <n>
• Set inactivity logout: exec-timeout <min> <sec>
  • 0 0 disables it, which is practical for labs.
• Enabel synchronous logging for console: logging synchronous
• (Not recommended) Enable simple password-based console login:
  1. Enter line conf. mode.
  2. Enable login: login
  3. Set console password: password [alg] <password>
• (Recommended) Enable user-based console login:
  1. Enter line conf. mode.
  2. Enable login: login
  3. Set to use the local database: login authentication default

Tasks

Safe Shutdown (IOS XE)

This is the recommended way to shut the device down, instead of just pulling the power. It allows the system to clean up file systems and such.

1. Issue the reload command in privileged exec mode and confirm.
2. Wait for the system bootstrap messages.
3. Remove power.

Reset Password (Old)

1. Power off the device.
2. Connect using serial.
3. Power on the device and immediately prepare for the next step.
4. Press Ctrl+Break to enter ROMMON.
5. Type confreg 0x2142 to make it ignore the startup config.
6. (Required?) Type sync to save the environment.
7. Type boot to start booting the IOS image. Wait for it to boot.
8. Log in using default (no) credentials and make the necessary changes.
   • To reset the startup config, run erase startup-config.
9. Enter config mode and run config-register 0x2102 to re-enable loading the startup config.
10. Reboot: reload

Copy Config to Device Using SCP (Old)

Note: Copying to the running config will merge it into it instead of overwriting it. Copying it to the startup config instead and restarting is one way around that.

1. Enable SSH, SCP, default login authentication and default exec authorization.
2. Backup the old startup config: copy startup-config flash:startup-config.backup
3. Copy from PC to device: scp new-config.txt [email protected]:flash:/new-config (example)
4. Copy new config to running config to validate it: copy flash:new-config running-config
   • Note that this will merge the two configs, which may lead to some new warnings or errors.
5. Copy new config to startup config: copy flash:new-config startup-config
6. Reload: reload

Information

• Memories:
  • ROM: For bootstrap stuff.
  • Flash: For IOS images.
  • NVRAM: For startup configuration files.
  • RAM: For running config, tables, etc.

Boot (Old)

• IOS image sources (in default order): Flash, TFTP, ROM.
• Startup config sources (in default order): NVRAM, TFTP, system configuration dialog.
• Some details may be configured using the configuration register.

Modes

• User EXEC mode (Router>):
  • Used to run basic, non-privileged commands, like ping or show (limited).
  • Entered when logging in as “not very privileged” users.
• Privileged EXEC mode (Router#) (aka enable mode):
  • Used to run more privileged (all) commands.
  • Entered when logging in as “privileged” users or when running enable from user EXEC mode.
• Global configuration mode (Router(config)#) and special configuration mode (Router(config-xxx)#):
  • Used to configure the unit.
  • Global configuration mode is entered by running configure terminal in privileged EXEC mode.
  • “Special” configuration mode (it’s not actually collectively called that) is entered when configuring an interface, a virtual router interface, a console line, a VLAN etc. from global configuration mode.
• Setup mode:
  • Used to interactivly configure some the “basics”.
  • Entered when loggin into a factory reset unit or when running setup.
  • Completely useless, never use it.
• ROM monitor mode (aka ROMMON).

---

hon.one | HON95/wiki | Edit page