In this article we will go through some basic IOS commands.
The hostname command is used to configure the device hostname. Because this command changes a device configuration, it must be entered in the global configuration mode. After typing the command, the prompt will change and display the new hostname.
Here is an example that shows you how to change a hostname of a device.
First, enter the global configuration mode by typing the enable command in the user EXEC mode and the configuration terminal command in the privileged EXEC mode. Once inside the global configuration mode, type the command hostname R1. Notice how the prompt was changed to reflect the configured value.
No shutdown command
By default, all interfaces on a Cisco router are turned off. To enable an interface, the no shutdown command is used. You first need to enter the submode of the interface that you want to configure. You can do that by using the global configuration mode command interface INTERFACE_TYPE/ INTERFACE_NUMBER. You can get a list of available interfaces by typing the ‘?’ character after the interface command.
You may notice that the promt has changed to reflect the mode you are currently in. For the interface mode the HOSTNAME#(config-if) prompt is shown.
Once inside the interface mode, you can enable an interface by typing the no shutdown command.
IP address command
The ip address interface mode command is used to assign an IP address to an interface. The syntax of this command is ip address IP_ADDRESS SUBNET_MASK. For example, if we want to assign an IP address of 10.0.0.1 with the subnet mask 255.0.0.0 to a interface, we would use the following command:
ip address 10.0.0.1 255.0.0.0
What if you had made a mistake and written the ip address 10.0.0.2 255.0.0.0 command instead of the command above? Well, you can remove the wrong IP address by typing the same command, but this time with the no keyword in front of it, in our case no ip address. You can remove any command from your IOS configuration by using the no keyword in front of the command.
Setting up passwords
Each Cisco IOS device has the built-in authentication features. There are three basic ways to configure authentication on a device:
- Configure a password for the console access – by default, the console access doesn’t requires a password. You can configure a password for the console access by using the following set of commands:
HOSTNAME(config) line console 0 HOSTNAME(config-line) password PASSWORD HOSTNAME(config-line) login
This will force a user to type the password when trying to access the device through the console port.
- Configure a password for the telnet access – by default, the telnet access is disabled. You need to enable it. This is done using the following sequence of commands:
HOSTNAME(config) line vty FIRST_VTY LAST_VTY HOSTNAME(config-line) password PASSWORD HOSTNAME(config-line) login
The first command defines a range of virtual terminal sessions that you would like to configure. A virtual session can be a telnet or SSH session. Cisco devices usually supports 16 concurrent VTY sessions. So, this command usually looks like this: line vty 0 15.
The login command allows a remote access to a device. It is required in order for telnet to work.
- Configure a password for the privileged EXEC mode – from the privileged EXEC mode you can enter the global configuration mode and change the configuration of a device. Therefore it is important to prevent an unauthorized user from entering the global configuration mode. You can do that by setting up a password to enter the privileged EXEC mode. This can be done in two ways:
HOSTNAME(config) enable password PASSWORD HOSTNAME(config) enable secret PASSWORD
Both of the commands above accomplish the same thing, but with one major difference. The enable secret PASSWORD commands encrypts the password, while the enable password PASSWORD command doesn’t, which means that an unauthorized user could just read a password from the device configuration:
Notice how the password (cisco) is visible in the device’s configuration.
Service password-encryption command
By default, passwords configured using the enable password command and passwords for the console or telnet access are stored in clear text in the configuration file. This presents a security risk because an attacker could easily find out passwords. The global configuration service password-encryption command encrypts all passwords configured.
It is important to note that this type of password encryption is not consider especially secure, since the algorithm used can be easily cracked. Cisco recommends using this command only with additional security measures.
You can display a banner on a Cisco device. A banner is usually shown before the login prompt. It is usually some text that appears on the screen when a user connect to the device (e.g. some legal information).
The most commonly used banner is the Message Of The Day (MOTD) banner. This banner, if configured, is shown before the login prompt to every user that is trying to establish a session with the device. The following global configuration command is used to configure a MOTD banner:
hostname(config) banner motd DELIMITING_CHARACTER TEXT DELIMITING_CHARACTER
A delimiting character is a character of your choice. Its purpose is to signify the start and end of a text that will appear in the banner. For example, the command banner motd # Unauthorized access forbidden! # will show the following text: Unauthorized access forbidden!.
Show version command
The show version command is used to display information about a Cisco device. The command can be entered in both the user EXEC and privileged EXEC mode. By using this command you can find out many useful information about your Cisco device, such as:
- Software Version – IOS software version
- System up-time – time since last reboot
- Software image name – IOS filename stored in flash
- Hardware Interfaces – interfaces available on device
- Configuration Register value – bootup specifications, console speed setting, etc.
- Amount of RAM memory – amount of RAM memory
- Amount of NVRAM memory
- Amount of Flash memory
The following example shows the output of the command:
Show history command
An IOS device stores, by default, 10 last commands you have entered in your current EXEC session. You can use the show history command from the user EXEC or privileged EXEC mode to display them.
You can set a number of command saved in the buffer for the current terminal session by using the terminal history size NUMBER command from the user EXEC or privileged EXEC mode.
Show running-configuration & show startup-configuration commands
After you have changed the configuration of your device you can verify its configuration. To dispay the current configuration, type show running-configuration from the privileged EXEC mode. This show the configuration that is stored in a device’s RAM.
After you have stored your running configuration into the startup configuration, you can view the saved configuration using the show startup-config command from the privileged EXEC mode.
This command shows the configuration that is currenty stored in the device’s NVRAM. This configuration will be loaded next time the device is restarted.