In this article we will go through some basic IOS commands.
The hostname command is used to configure the device hostname. Because this command changes a device configuration, it must be entered in the global configuration mode. After typing the command, the prompt will change and display the new hostname.
Here is an example that shows you how to change a hostname of a device.
First, enter the global configuration mode by typing the enable command in the user EXEC mode and the configuration terminal command in the privileged EXEC mode. Once inside the global configuration mode, type the command hostname R1. Notice how the prompt was changed to reflect the configured value.
Router> Router>enable Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname R1 R1(config)#
No shutdown command
By default, all interfaces on a Cisco router are turned off. To enable an interface, the no shutdown command is used. You first need to enter the submode of the interface that you want to configure. You can do that by using the global configuration mode command interface INTERFACE_TYPE/ INTERFACE_NUMBER. You can get a list of available interfaces by typing the ‘?’ character after the interface command.
You may notice that the promt has changed to reflect the mode you are currently in. For the interface mode the HOSTNAME#(config-if) prompt is shown.
Once inside the interface mode, you can enable an interface by typing the no shutdown command.
R1(config)#interface GigabitEthernet 0/1 R1(config-if)#no shutdown R1(config-if)# %LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to up R1(config-if)#
IP address command
The ip address interface mode command is used to assign an IP address to an interface. The syntax of this command is ip address IP_ADDRESS SUBNET_MASK. For example, if we want to assign an IP address of 10.0.0.1 with the subnet mask 255.0.0.0 to an interface, we would use the following command:
R1(config-if)#ip address 10.0.0.1 255.0.0.0
What if you had made a mistake and written the ip address 10.0.0.2 255.0.0.0 command instead of the command above? Well, you can remove the wrong IP address by typing the same command, but this time with the no keyword in front of it, in our case no ip address. You can remove any command from your IOS configuration by using the no keyword in front of the command.
R1(config-if)#ip address 10.0.0.2 255.0.0.0 R1(config-if)#no ip address R1(config-if)#
Setting up passwords
Each Cisco IOS device has built-in authentication features. There are three basic ways to configure authentication on a device:
- Configure a password for the console access – by default, the console access doesn’t require a password. You can configure a password for the console access by using the following set of commands:
HOSTNAME(config) line console 0 HOSTNAME(config-line) password PASSWORD HOSTNAME(config-line) login
This will force a user to type the password when trying to access the device through the console port.
User Access Verification Password: Router>
- Configure a password for the telnet access – by default, the telnet access is disabled. You need to enable it. This is done using the following sequence of commands:
HOSTNAME(config) line vty FIRST_VTY LAST_VTY HOSTNAME(config-line) password PASSWORD HOSTNAME(config-line) login
The first command defines a range of virtual terminal sessions that you would like to configure. A virtual session can be a telnet or SSH session. Cisco devices usually support 16 concurrent VTY sessions. So, this command usually looks like this: line vty 0 15.
The login command allows remote access to a device. It is required in order for telnet to work.
PC>telnet 10.0.0.2 Tying 10.0.0.2 ...Open User Access Verification Password: R1>
- Configure a password for the privileged EXEC mode – from the privileged EXEC mode, you can enter the global configuration mode and change the configuration of a device. Therefore it is important to prevent an unauthorized user from entering the global configuration mode. You can do that by setting up a password to enter the privileged EXEC mode. This can be done in two ways:
HOSTNAME(config) enable password PASSWORD HOSTNAME(config) enable secret PASSWORD
Both of the commands above accomplish the same thing, but with one major difference. The enable secret PASSWORD command encrypts the password, while the enable password PASSWORD command doesn’t, which means that an unauthorized user could just read a password from the device configuration:
R1#show run Building configuration... Current configuration : 696 bytes ! version 15.1 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption ! hostname R1 ! ! ! enable secret 5 $1$mERr$cP1uxB/ASHbnPQTLzT8H10 enable password PASSWORD
Notice how the password (cisco) is visible in the device’s configuration.
Service password-encryption command
By default, passwords configured using the enable password command and passwords for the console or telnet access are stored in clear text in the configuration file. This presents a security risk because an attacker could easily find out passwords. The global configuration service password-encryption command encrypts all passwords configured.
It is important to note that this type of password encryption is not consider especially secure, since the algorithm used can be easily cracked. Cisco recommends using this command only with additional security measures.
You can display a banner on a Cisco device. A banner is usually shown before the login prompt. It is usually some text that appears on the screen when a user connect to the device (e.g. some legal information).
The most commonly used banner is the Message Of The Day (MOTD) banner. This banner, if configured, is shown before the login prompt to every user that is trying to establish a session with the device. The following global configuration command is used to configure a MOTD banner:
hostname(config) banner motd DELIMITING_CHARACTER TEXT DELIMITING_CHARACTER
A delimiting character is a character of your choice. Its purpose is to signify the start and end of a text that will appear in the banner. For example, the command banner motd # Unauthorized access forbidden! # will show the following text: Unauthorized access forbidden!.
Press RETURN to get started. Unauthorized access forbidden! R1>
Show version command
The show version command is used to display information about a Cisco device. The command can be entered in both the user EXEC and privileged EXEC mode. By using this command you can find out many useful information about your Cisco device, such as:
- Software Version – IOS software version
- System up-time – time since last reboot
- Software image name – IOS filename stored in flash
- Hardware Interfaces – interfaces available on device
- Configuration Register value – bootup specifications, console speed setting, etc.
- Amount of RAM memory – amount of RAM memory
- Amount of NVRAM memory
- Amount of Flash memory
The following example shows the output of the command:
R1>show version Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.1(4)M4, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2007 by Cisco Systems, Inc. Compiled Wed 23-Feb-11 14:19 by pt_team ROM: System Bootstrap, Version 15.1(4)M4, RELEASE SOFTWARE (fc1) cisco1941 uptime is 43 minutes, 14 seconds System returned to ROM by power-on System image file is "flash0:c1900-universalk9-mz.SPA.151-1.M4.bin" Last reload type: Normal Reload This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to . Cisco CISCO1941/K9 (revision 1.0) with 491520K/32768K bytes of memory. Processor board ID FTX152400KS 2 Gigabit Ethernet interfaces DRAM configuration is 64 bits wide with parity disabled. 255K bytes of non-volatile configuration memory. 249856K bytes of ATA System CompactFlash 0 (Read/Write) License Info: License UDI: ------------------------------------------------- Device# PID SN ------------------------------------------------- *0 CISCO1941/K9 FTX1524L2EP- Technology Package License Information for Module:'c1900' ---------------------------------------------------------------- Technology Technology-package Technology-package Current Type Next reboot ----------------------------------------------------------------- ipbase ipbasek9 Permanent ipbasek9 security None None None data None None None Configuration register is 0x2102 R1>
Show history command
An IOS device stores, by default, 10 last commands you have entered in your current EXEC session. You can use the show history command from the user EXEC or privileged EXEC mode to display them.
R1#show history show version show history enable show history R1#
You can set a number of commands saved in the buffer for the current terminal session by using the terminal history size NUMBER command from the user EXEC or privileged EXEC mode.
Another way to recall your command from the history buffer is by using the up arrow key on your keyboard. Most recent command is recalled first.
Show running-configuration & show startup-configuration commands
After you have changed the configuration of your device you can verify its configuration. To dispay the current configuration, type show running-configuration from the privileged EXEC mode. This show the configuration that is stored in a device’s RAM.
R1#show running-config Building configuration... Current configuration : 696 bytes ! version 15.1 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption ! hostname R1 ! ! ! enable secret 5 $1$mERr$cP1uxB/ASHbnPQTLzT8H10 enable password PASSWORD ! ! ! ! ! ! ip cef no ipv6 cef ! ! ! ! license udi pid CISCO1941/K9 sn FTX1524L2EP- ! ! ! ! ! ! ! ! ! ! ! spanning-tree mode pvst ! ! ! ! ! ! interface GigabitEthernet0/0 no ip address duplex auto speed auto shutdown
After you have stored your running configuration into the startup configuration, you can view the saved configuration using the show startup-config command from the privileged EXEC mode.
This command shows the configuration that is currently stored in the device’s NVRAM. This configuration will be loaded next time the device is restarted.
R1#show startup-config Using 610 bytes ! version 15.1 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption ! hostname Router ! ! ! ! ! ! ! ! ip cef no ipv6 cef ! ! ! ! license udi pid CISCO1941/K9 sn FTX1524L2EP- ! ! ! ! ! ! ! ! ! ! ! spanning-tree mode pvst ! ! ! ! ! ! interface GigabitEthernet0/0 no ip address duplex auto speed auto shutdown !
Download our Free CCNA Study Guide PDF for complete notes on all the CCNA 200-301 exam topics in one book.
We recommend the Cisco CCNA Gold Bootcamp as your main CCNA training course. It’s the highest rated Cisco course online with an average rating of 4.8 from over 30,000 public reviews and is the gold standard in CCNA training: