Command-Line Interface Command Modes 589 Privileged Mode Command List Privileged EXEC mode provides a detailed examination of the router and allows con- figuration changes to be made to the router. A specific mode is entered depending upon the configuration change that is required. From privileged EXEC mode, other modes can be entered; privileged EXEC mode must be entered before entering these other modes (see the next section, “Router Configuration Modes”). To access privileged mode from user EXEC mode, type enable (or the abbreviation en): Router>enable Password: Router>en Password: You are prompted for a password. If you type a question mark (?) at the privileged mode prompt Router#?, the screen displays a longer list of commands than it would at the user mode prompt. Table 12-2 provides a complete list with descriptions of privi- leged mode commands. Note that the list of commands varies depending on the type of router platform being configured. show Shows running system information slip Starts Serial Line IP (SLIP) systat Displays information about terminal lines telnet Opens a Telnet connection terminal Sets terminal line parameters tn3270 Opens a TN3270 connection traceroute Sets a traceroute to the destination tunnel Opens a tunnel connection where Lists active connections x3 Sets X.3 parameters on PAD xremote Enters Xremote mode Table 12-1 User ModeCommands (Continued) Command Description 1102.book Page 589 Tuesday, May 20, 2003 2:53 PM 590 Chapter 12: Router Configuration Table 12-2 Privileged Mode Commands Command Description access-enable Creates a temporary access list entry access-template Creates a temporary access list entry appn Sends a command to the APPN subsystem atmsig Executes ATM signaling commands bfe Sets manual emergency modes calendar Manages the hardware calendar cd Changes the current device clear Resets functions clock Manages the system clock cmt Starts or stops FDDI connection-management functions configure Enters configuration mode connect Opens a terminal connection copy Copies configuration or image data debug Uses debugging functions (see also undebug) delete Deletes a file dir Lists files on a given device disable Turns off privileged commands disconnect Disconnects an existing network connection enable Turn on privileged commands erase Erases Flash or configuration memory exit Exits EXEC mode format Formats a device help Gets a description of the interactive help system lat Opens a LAT connection 1102.book Page 590 Tuesday, May 20, 2003 2:53 PM Command-Line Interface Command Modes 591 lock Locks the terminal login Logs in as a particular user logout Exits EXEC mode mbranch Traces the multicast route down the tree branch mrbranch Traces the reverse multicast up the tree branch mrinfo Requests neighbor and version information from a multicast router mstat Shows statistics after multiple multicast traceroutes mtrace Traces reverse multicast path from destination source name-connection Names an existing network connection ncia Starts or stops an NCIA server pad Opens an X.29 PAD connection ping Sends echo messages ppp Starts the IETF Point-to-Point Protocol (PPP) pwd Displays current device reload Halts and performs a cold return resume Resumes an active network connection rlogin Opens an rlogin connection rsh Executes a remote command sdlc Sends SDLC test frames send Sends a message over tty lines setup Runs the setup command facility show Shows running system information slip Starts Serial Line IP (SLIP) squeeze Squeezes a device continues Table 12-2 Privileged Mode Commands (Continued) Command Description 1102.book Page 591 Tuesday, May 20, 2003 2:53 PM 592 Chapter 12: Router Configuration Router Configuration Modes Global configuration commands are used in a router to apply configuration statements that affect the system as a whole. Use the privileged EXEC command configure to enter global configuration mode. After this command is entered, a prompt asking for the source of the configuration commands appears, at which you can specify terminal, nvram, or network. The default selection is to type in commands from the terminal console. Pressing the Enter key begins this configuration method. The first configuration mode is referred to as global configuration mode, or global con- fig, for short. Table 12-3 describes some of the configuration modes that you access from global configuration mode. start-chat Starts a chat script on a line Systat Displays information about terminal lines tarp Targets ID Resolution Process (TARP) commands telnet Opens a Telnet connection terminal Sets terminal-line parameters test Tests subsystems, memory, and interfaces tn3270 Opens a TN3270 connection traceroute Sets a traceroute to the destination tunnel Opens a tunnel connection undebug Disables debugging functions (see also debug) undelete Undeletes a file verify Verifies the checksum of a Flash file where Lists active connections which-route Does an OSI route table lookup and displays results write Writes running configuration to memory, network, or terminal x3 Sets X.3 parameters on PAD xremote Enters Xremote mode Table 12-2 Privileged Mode Commands (Continued) Command Description 1102.book Page 592 Tuesday, May 20, 2003 2:53 PM Command-Line Interface Command Modes 593 Typing exit at one of these specific configuration modes returns the router to global configuration mode. Pressing Ctrl-Z leaves the configuration modes completely and returns the router to privileged EXEC mode. Example 12-1 demonstrates this sequence of transitioning between configuration modes. Table 12-3 Router Configuration Modes Configuration Mode Prompt Interface Router(config-if)# Subinterface Router(config-subif)# Controller Router(config-controller)# Map-list Router(config-map-list)# Map-class Router(config-map-class)# Line Router(config-line)# Router Router(config-router)# IPX-router Router(config-ipx-router)# Route-map Router(config-route-map)# Example 12-1 Navigating Privileged EXEC, Global Config, and Specific Configuration Modes Router# configure terminal Router(config)#(commands) Router(config)# exit Router# Router#configure terminal Router(config)# router protocol Router(config-router)#(commands) Router(config-router)# exit Router(config)#interface type port Router(config-if)#(commands) Router(config-if)# exit Router(config)# exit Router# 1102.book Page 593 Tuesday, May 20, 2003 2:53 PM 594 Chapter 12: Router Configuration Router Startup Modes Whether it is accessed from the console or by a Telnet session through a vty port, a router can be placed in several modes. Each mode provides different functions: ■ ROM monitor mode is generally a recovery mode. It allows certain configuration tasks, such as recovering a lost password or downloading software (IOS). The router boots into ROM monitor mode if the router does not find a valid system image or if the boot sequence is interrupted during startup. In many routers, Rommon> is the default prompt for ROM monitor mode. ■ Setup mode is a prompted dialog that helps users create a first-time basic config- uration. Setup mode consists of a series of questions with default answers in brackets. Setup mode does not have a defining default prompt. The router prompts the user to enter setup mode if a valid startup configuration file is not found. Setup can also be entered by typing setup from privileged mode. Note that setup mode also can be invoked manually if the user erased the NVRAM and rebooted the router. ■ RXBoot mode is a special mode that the router can enter by changing the set- tings of the configuration register and rebooting the router. RXBoot mode pro- vides the router with a subset of Cisco IOS Software and enters a streamlined setup mode. The streamlined setup mode differs from the standard setup mode because streamlined setup does not configure global router parameters. There are prompts only to configure interface parameters, which permit the router to boot. This allows the router to boot when it cannot find a valid Cisco IOS Software image in Flash memory. The default prompt is the host name followed by <boot>. Table 12-4 briefly describes some of the commonly used configuration commands. Table 12-4 Selection of Router Configuration Commands Command Description configure terminal Configures manually from the console termi- nal configure memory Loads configuration information from NVRAM copy tftp running-config Loads configuration information from a net- work TFTP server into RAM show running-config Displays the current configuration in RAM 1102.book Page 594 Tuesday, May 20, 2003 2:53 PM Configuring a Router Name 595 Use the commands shown in Figure 12-1 for routers running Cisco IOS Software Release 11.0 or later. Figure 12-1 Configuration File Commands Configuring a Router Name One of the first basic configuration tasks is to name the router, as shown in Example 12-2. Naming a router helps to better manage the network by uniquely identifying each router within the network. The router is named in global configuration mode. The name of the router is called the host name and is displayed as the system prompt. If a router is not named, the system default is Router. copy running-config startup-config Stores the current configuration from RAM into NVRAM copy running-config tftp Stores the current configuration from RAM on a network TFTP server show startup-config Displays the saved configuration, which is the contents of NVRAM erase startup-config Erases the contents of NVRAM Table 12-4 Selection of Router Configuration Commands (Continued) Command Description 1102.book Page 595 Tuesday, May 20, 2003 2:53 PM 596 Chapter 12: Router Configuration Configuring and Protecting Router Passwords A router can be secured to restrict access by using passwords. Passwords can be estab- lished for virtual terminal lines and the console line. Privileged mode EXEC also can have a password. From global configuration mode, use the enable password command to restrict access to privileged mode. This password, however, will be visible from the router’s configu- ration files. To enter an encrypted password in privileged mode, use the command enable secret. If an enable secret password is configured, it is used instead of the enable password. From the configuration files, a person can view only the encryption, not the actual password. Enable secret passwords cannot be read; another user might be able to break into the configuration, but the only thing that can be done is to overwrite the password because it is one-way encrypted and cannot be converted back to clear text. Passwords can be further protected from display through the use of the service password-encryption command. This command is entered from global configuration mode. The line console 0 configuration mode can be used to establish a login password on the console terminal. This is useful on a network on which multiple people have access to the router. This prevents anyone not authorized from accessing the router. Telnet requires a password check. Different hardware platforms have different num- bers of vty lines defined. The range 0 through 4 is used to specify five vty lines. These five incoming Telnet sessions can be simultaneous. The same password can be used for Example 12-2 Naming a Router Router(config)#hostname Cougars Cougars(config)# Lab Activity CLI Modes and Router Identification In this lab, you identify the basic router modes of user and privilege. You also use several commands that will enter specific modes to become familiar with the router prompt for each mode. In addition, you name the router. 1102.book Page 596 Tuesday, May 20, 2003 2:53 PM Examining the show Commands 597 all lines, or one line can be set uniquely. This often is used in large networks with many network administrators. If a catastrophic problem occurs on a network and all com- mon vty lines are used, the one unique line can be reserved for recovery. Use the command line vty 0 4 to establish a login password on incoming Telnet sessions. Example 12-3 demonstrates the different ways to configure and protect passwords. Examining the show Commands Many show commands exist, which help examine the contents of files in the router and are useful in troubleshooting. From each mode in the router, the show ? command can be used to see all the available options. Table 12-5 lists some of the show com- mand options. Example 12-3 Configuring/Protecting Passwords ! Console Password Router(config)# line console 0 Router(config-line)# login Router(config-line)# password cisco ! Virtual Terminal Password Router(config)# line vty 0 4 Router(config-line)# login Router(config-line)# password cisco ! Enable Password Router(config)# enable password san-fran !Perform Password Encryption Router(config)# service password encryption set password here Router(config)# no service password encryption Lab Activity Configuring Router Passwords In this lab, you configure passwords for the console, virtual terminals, and a secret password. chpt_12.fm Page 597 Tuesday, May 27, 2003 2:34 PM 598 Chapter 12: Router Configuration Examples 12-4, 12-5, and 12-6 display sample output from the show protocols, show version, and show interfaces commands, respectively. Table 12-5 show Commands Command Description show interfaces Displays all the statistics for all the interfaces on the router. If a user wants to view the statistics for a spe- cific interface, he can enter the show interfaces com- mand followed by the specific interface and port number. For example: Router# show interfaces serial 1 show controllers serial Displays information specific to the interface hard- ware. show clock Displays the time set in the router. show hosts Displays a cached list of host names and addresses. show users Displays all users who are connected to the router. show history Displays a history of commands that have been entered. show flash Displays information about Flash memory and what Cisco IOS Software files are stored there. show version Displays information about the Cisco IOS Software image that is running in RAM. show arp Displays the router’s address resolution (ARP) table. show protocol Displays the global and interface-specific status of any configured Layer 3 protocols. show startup-configuration Displays the saved configuration located in NVRAM. show running-configuration Displays the configuration currently running in RAM. Example 12-4 show protocols Command Output Router# show protocols Global values: Internet Protocol routing is enabled DECnet routing is enabled 1102.book Page 598 Tuesday, May 20, 2003 2:53 PM . mode Table 12 -1 User ModeCommands (Continued) Command Description 11 02. book Page 589 Tuesday, May 20 , 20 03 2: 53 PM 590 Chapter 12 : Router Configuration Table 12 -2 Privileged Mode Commands Command Description access-enable. Squeezes a device continues Table 12 -2 Privileged Mode Commands (Continued) Command Description 11 02. book Page 5 91 Tuesday, May 20 , 20 03 2: 53 PM 5 92 Chapter 12 : Router Configuration Router Configuration. 11 02. book Page 594 Tuesday, May 20 , 20 03 2: 53 PM Configuring a Router Name 595 Use the commands shown in Figure 12 -1 for routers running Cisco IOS Software Release 11 .0 or later. Figure 12 -1