IOS basic commands

In this article we will go through some basic IOS commands.

Hostname command

The hostname command is used to configure the device hostname. Because this command changes a device configuration, it must be entered in the global configuration mode. After typing the command, the prompt will change and display the new hostname.

Here is an example that shows you how to change a hostname of a device.
First, enter the global configuration mode by typing the enable command in the user EXEC mode and the configuration terminal command in the privileged EXEC mode. Once inside the global configuration mode, type the command hostname R1. Notice how the prompt was changed to reflect the configured value.

Router>
Router>enable
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R1
R1(config)#

 

No shutdown command

By default, all interfaces on a Cisco router are turned off. To enable an interface, the no shutdown command is used. You first need to enter the submode of the interface that you want to configure. You can do that by using the global configuration mode command interface INTERFACE_TYPE/ INTERFACE_NUMBER. You can get a list of available interfaces by typing the ‘?’ character after the interface command.

You may notice that the promt has changed to reflect the mode you are currently in. For the interface mode the HOSTNAME#(config-if) prompt is shown.

Once inside the interface mode, you can enable an interface by typing the no shutdown command.

R1(config)#interface GigabitEthernet 0/1
R1(config-if)#no shutdown
R1(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to up
R1(config-if)#

 

IP address command

The ip address interface mode command is used to assign an IP address to an interface. The syntax of this command is ip address IP_ADDRESS SUBNET_MASK. For example, if we want to assign an IP address of 10.0.0.1 with the subnet mask 255.0.0.0 to an interface, we would use the following command:

R1(config-if)#ip address 10.0.0.1 255.0.0.0

 
What if you had made a mistake and written the ip address 10.0.0.2 255.0.0.0 command instead of the command above? Well, you can remove the wrong IP address by typing the same command, but this time with the no keyword in front of it, in our case no ip address. You can remove any command from your IOS configuration by using the no keyword in front of the command.

R1(config-if)#ip address 10.0.0.2 255.0.0.0
R1(config-if)#no ip address
R1(config-if)#

 

Setting up passwords

Each Cisco IOS device has built-in authentication features. There are three basic ways to configure authentication on a device:

  • Configure a password for the console access – by default, the console access doesn’t require a password. You can configure a password for the console access by using the following set of commands:

 

HOSTNAME(config) line console 0
HOSTNAME(config-line) password PASSWORD 
HOSTNAME(config-line) login

This will force a user to type the password when trying to access the device through the console port.

User Access Verification

Password:

Router>

 

  • Configure a password for the telnet access – by default, the telnet access is disabled. You need to enable it. This is done using the following sequence of commands:
HOSTNAME(config) line vty FIRST_VTY LAST_VTY
HOSTNAME(config-line) password PASSWORD
HOSTNAME(config-line) login

 

The first command defines a range of virtual terminal sessions that you would like to configure. A virtual session can be a telnet or SSH session. Cisco devices usually support 16 concurrent VTY sessions. So, this command usually looks like this: line vty 0 15.
The login command allows remote access to a device. It is required in order for telnet to work.

PC>telnet 10.0.0.2

Tying 10.0.0.2 ...Open



User Access Verification

Password:

R1>

  • Configure a password for the privileged EXEC mode – from the privileged EXEC mode, you can enter the global configuration mode and change the configuration of a device. Therefore it is important to prevent an unauthorized user from entering the global configuration mode. You can do that by setting up a password to enter the privileged EXEC mode. This can be done in two ways:

 

HOSTNAME(config) enable password PASSWORD
HOSTNAME(config) enable secret PASSWORD

Both of the commands above accomplish the same thing, but with one major difference. The enable secret PASSWORD command encrypts the password, while the enable password PASSWORD command doesn’t, which means that an unauthorized user could just read a password from the device configuration:

R1#show run
Building configuration...
Current configuration : 696 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R1
!
!
!
enable secret 5 $1$mERr$cP1uxB/ASHbnPQTLzT8H10
enable password PASSWORD

 

Notice how the password (cisco) is visible in the device’s configuration.

Service password-encryption command

By default,  passwords configured using the enable password command and passwords for the console or telnet access are stored in clear text in the configuration file. This presents a security risk because an attacker could easily find out passwords. The global configuration service password-encryption command encrypts all passwords configured.

It is important to note that this type of password encryption is not consider especially secure, since the algorithm used can be easily cracked. Cisco recommends using this command only with additional security measures.

Configuring banners

You can display a banner on a Cisco device. A banner is usually shown before the login prompt. It is usually some text that appears on the screen when a user connect to the device (e.g. some legal information).

The most commonly used banner is the Message Of The Day (MOTD) banner. This banner, if configured, is shown before the login prompt to every user that is trying to establish a session with the device. The following global configuration command is used to configure a MOTD banner:

hostname(config) banner motd DELIMITING_CHARACTER TEXT DELIMITING_CHARACTER

A delimiting character is a character of your choice. Its purpose is to signify the start and end of a text that will appear in the banner. For example, the command banner motd # Unauthorized access forbidden! # will show the following text: Unauthorized access forbidden!.

Press RETURN to get started.








Unauthorized access forbidden!

R1>

 

Show version command

The show version command is used to display information about a Cisco device. The command can be entered in both the user EXEC and privileged EXEC mode. By using this command you can find out many useful information about your Cisco device, such as:

  • Software Version – IOS software version
  • System up-time – time since last reboot
  • Software image name – IOS filename stored in flash
  • Hardware Interfaces – interfaces available on device
  • Configuration Register value – bootup specifications, console speed setting, etc.
  • Amount of RAM memory – amount of RAM memory
  • Amount of NVRAM memory
  • Amount of Flash memory

 

The following example shows the output of the command:

R1>show version
Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.1(4)M4, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Wed 23-Feb-11 14:19 by pt_team
ROM: System Bootstrap, Version 15.1(4)M4, RELEASE SOFTWARE (fc1)
cisco1941 uptime is 43 minutes, 14 seconds
System returned to ROM by power-on
System image file is "flash0:c1900-universalk9-mz.SPA.151-1.M4.bin"
Last reload type: Normal Reload
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
.
Cisco CISCO1941/K9 (revision 1.0) with 491520K/32768K bytes of memory.
Processor board ID FTX152400KS
2 Gigabit Ethernet interfaces
DRAM configuration is 64 bits wide with parity disabled.
255K bytes of non-volatile configuration memory.
249856K bytes of ATA System CompactFlash 0 (Read/Write)
License Info:

License UDI:
-------------------------------------------------
Device# PID SN
-------------------------------------------------
*0 CISCO1941/K9 FTX1524L2EP-

Technology Package License Information for Module:'c1900'
----------------------------------------------------------------
Technology Technology-package Technology-package
Current Type Next reboot
-----------------------------------------------------------------
ipbase ipbasek9 Permanent ipbasek9
security None None None
data None None None
Configuration register is 0x2102
R1>

 

Show history command

An IOS device stores, by default, 10 last commands you have entered in your current EXEC session. You can use the show history command from the user EXEC or privileged EXEC mode to display them.

R1#show history
show version
show history
enable
show history
R1#

 

You can set a number of commands saved in the buffer for the current terminal session by using the terminal history size NUMBER command from the user EXEC or privileged EXEC mode.

NOTE
Another way to recall your command from the history buffer is by using the up arrow key on your keyboard. Most recent command is recalled first.

Show running-configuration & show startup-configuration commands

After you have changed the configuration of your device you can verify its configuration. To dispay the current configuration, type show running-configuration from the privileged EXEC mode. This show the configuration that is stored in a device’s RAM.

R1#show running-config
Building configuration...
Current configuration : 696 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R1
!
!
!
enable secret 5 $1$mERr$cP1uxB/ASHbnPQTLzT8H10
enable password PASSWORD
!
!
!
!
!
!
ip cef
no ipv6 cef
!
!
!
!
license udi pid CISCO1941/K9 sn FTX1524L2EP-
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
shutdown

 

After you have stored your running configuration into the startup configuration, you can view the saved configuration using the show startup-config command from the privileged EXEC mode.

This command shows the configuration that is currently stored in the device’s NVRAM. This configuration will be loaded next time the device is restarted.

R1#show startup-config
Using 610 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
!
!
!
license udi pid CISCO1941/K9 sn FTX1524L2EP-
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
shutdown
!

Download our Free CCNA Study Guide PDF for complete notes on all the CCNA 200-301 exam topics in one book.

We recommend the Cisco CCNA Gold Bootcamp as your main CCNA training course. It’s the highest rated Cisco course online with an average rating of 4.8 from over 30,000 public reviews and is the gold standard in CCNA training: