CCNA Certification/Router Operation

Router Operation edit

Operating and Configuring IOS Devices edit

One can think of Cisco networking devices as specialized computer devices designed to perform the task of handling data packets. As with other computers, the Cisco device has an operating system. Most Cisco networtking equipment executes the Cisco Internetworking Operating System which is usually just known as Cisco IOS.

Cisco IOS has a command line interface (CLI) and using this is similar in style to using the command line environment in Windows, or alternatively a Unix shell such as Bash. It is important to realize that the set of commands that one uses in Cisco CLI is completely different from those available on the CLIs for Windows or Unix. Cisco CLI is designed for the purposes of configuring, and therefore also for inspecting the configuration of, a networking device. Obviously it is not designed for general purpose computing in the way in which the Bash shell is.

Telnet and Console Access edit

Generally, there are two ways to get access to the Cisco CLI. On the one hand, one can always connect to the console port on the device and this is the way that devices, e.g. routers or switches, are configured when they are taken out of the box to be installed and commissioned. On the other hand, once the device has been commissioned and placed on a network, one can launch a telnet session from a computer on the network and connect to the telnet server on the Cisco device. What distinguishes these two access mechanisms is whether or not one needs to be physically beside the device. Obviously with console access one needs to be close to the device whereas with telnet access one could, in principle, be anywhere on the IP network on which the device is installed. Of course there may be, and usually there are, security mechanisms installed on the network to restrict the client which can access any networking device such as a Cisco router or switch.

Regardless of the mechanism by which one establishes a connection to the CLI, the activity is known in Cisco terminology as establishing an EXEC session.

Privilege Levels within an EXEC Session edit

Most command line environments provide some type of restriction on which commands a user can execute. In Unix for example, this is achieved through a combination of the user id and group id. In Cisco CLI, it is achieved by having two levels of privilege. Normally, when any user logs in, they are automatically in user mode. In this mode, the configuration of the device can be viewed but not modified. This means that the commands which can be actioned in user mode are not critical to the operation of the device.

If the device has been configured to have the name MyDevice, then the CLI prompt in user mode will be


One example of a command is show version, which prints out details of various aspects of the hardware and IOS software running on the device. Executing

   MyDevice>show version

on a Cisco Catalyst 2960G 24 port Ethernet switch, which has been configured to have the hostname MyDevice, yielded the following output

   Cisco IOS Software, C2960 Software (C2960-LANBASE-M), Version 12.2(25)FX, RELEASE SOFTWARE (fc1)
   Copyright (c) 1986-2005 by Cisco Systems, Inc.
   Compiled Wed 12-Oct-05 22:05 by yenanh
   ROM: Bootstrap program is C2960 boot loader
   BOOTLDR: C2960 Boot Loader (C2960-HBOOT-M) Version 12.2(25r)FX, RELEASE SOFTWARE (fc4)
   MyDevice uptime is 27 weeks, 4 days, 23 hours, 1 minute
   System returned to ROM by power-on
   System image file is "flash:c2960-lanbase-mz.122-25.FX/c2960-lanbase-mz.122-25.FX.bin"
   cisco WS-C2960G-24TC-L (PowerPC405) processor (revision A0) with 61440K/4088K bytes of memory.
   Processor board ID FOC0938T107
   Last reset from power-on
   1 Virtual Ethernet interface
   24 Gigabit Ethernet interfaces
   The password-recovery mechanism is enabled.
   64K bytes of flash-simulated non-volatile configuration memory.
   Base ethernet MAC Address       : 00:14:A9:52:07:80
   Motherboard assembly number     : 73-10015-04
   Power supply part number        : 341-0098-01
   Motherboard serial number       : FOC093813VK
   Power supply serial number      : AZS094402EQ
   Model revision number           : A0
   Motherboard revision number     : A0
   Model number                    : WS-C2960G-24TC-L
   System serial number            : FOC0938T107
   Top Assembly Part Number        : 800-26673-01
   Top Assembly Revision Number    : B0
   Version ID                      : V01
   CLEI Code Number                : COM2300ARA
   Hardware Board Revision Number  : 0x01
   Switch   Ports  Model              SW Version              SW Image
   ------   -----  -----              ----------              ----------
   *    1   24     WS-C2960G-24TC-L   12.2(25)FX              C2960-LANBASE-M

  Configuration register is 0xF

If one types the command enable when in user mode, then IOS will attempt to enter privileged mode. Generally, a password is set for privileged mode, clearly a good security practice, when the device is commissioned but this is not always the case. If a password has been set, then the user will be required to enter it successfully in order for IOS to transition to privileged mode.

Once in privileged mode, all of the commands that were available in user mode remain available but in addition the user now has access to commands which can configure, restart or debug the networking device. In that sense, these are deemed to be critical commands. For example, one can switch off an Ethernet port thereby stopping all layer 2 data packets to/from computers connected, whether directly or indirectly, to that port. If this were not the action which one intended, then the consequences for users of the connected computers could be catastrophic.

To exit from privileged mode and return to user mode, the CLI command is


Managing Network Environments edit

Setting passwords on a Cisco router edit

Cisco router has five passwords:

  • Console
  • Aux
  • VTY
  • Enable password
  • Enable Secret

The Console, Aux, and VTY passwords are used to enter into user mode via console port, auxiliary port, and Telnet, respectively. The enable, and enable Secret passwords are used to enter into privileged EXEC mode.

Configuring an enable password edit

Enter privileged EXEC mode

router> enable

Configuring an privileged EXEC mode password

Router(config)# enable password {password}

Configuring an enable secret password edit

Router(config)# enable secret {password}

Force encrypted passwords

Router(config)# service password-encryption

Discovering information about an IP network edit

References edit

External links edit