IOS basic commands

In this article we will go through some basic IOS commands.

Hostname command

The hostname command is used to configure the device hostname. Because this command changes a device configuration, it must be entered in the global configuration mode. After typing the command, the prompt will change and display the new hostname.

Here is an example that shows you how to change a hostname of a device.
First, enter the global configuration mode by typing the enable command in the user EXEC mode and the configuration terminal command in the privileged EXEC mode. Once inside the global configuration mode, type the command hostname R1. Notice how the prompt was changed to reflect the configured value.

hostname command

No shutdown command

By default, all interfaces on a Cisco router are turned off. To enable an interface, the no shutdown command is used. You first need to enter the submode of the interface that you want to configure. You can do that by using the global configuration mode command interface INTERFACE_TYPE/ INTERFACE_NUMBER. You can get a list of available interfaces by typing the ‘?’ character after the interface command.

You may notice that the promt has changed to reflect the mode you are currently in. For the interface mode the HOSTNAME#(config-if) prompt is shown.

Once inside the interface mode, you can enable an interface by typing the no shutdown command.

no shutdown command

IP address command

The ip address interface mode command is used to assign an IP address to an interface. The syntax of this command is ip address IP_ADDRESS SUBNET_MASK. For example, if we want to assign an IP address of 10.0.0.1 with the subnet mask 255.0.0.0 to a interface, we would use the following command:

ip address 10.0.0.1 255.0.0.0

 
What if you had made a mistake and written the ip address 10.0.0.2 255.0.0.0 command instead of the command above? Well, you can remove the wrong IP address by typing the same command, but this time with the no keyword in front of it, in our case no ip address. You can remove any command from your IOS configuration by using the no keyword in front of the command.

ip address command

Setting up passwords

Each Cisco IOS device has the built-in authentication features. There are three basic ways to configure authentication on a device:

  • Configure a password for the console access – by default, the console access doesn’t requires a password. You can configure a password for the console access by using the following set of commands:

 

HOSTNAME(config) line console 0
HOSTNAME(config-line) password PASSWORD 
HOSTNAME(config-line) login

This will force a user to type the password when trying to access the device through the console port.

console password prompt

  • Configure a password for the telnet access – by default, the telnet access is disabled. You need to enable it. This is done using the following sequence of commands:

 

HOSTNAME(config) line vty FIRST_VTY LAST_VTY
HOSTNAME(config-line) password PASSWORD
HOSTNAME(config-line) login

The first command defines a range of virtual terminal sessions that you would like to configure. A virtual session can be a telnet or SSH session. Cisco devices usually supports 16 concurrent VTY sessions. So, this command usually looks like this: line vty 0 15.
The login command allows a remote access to a device. It is required in order for telnet to work.
telnet password

  • Configure a password for the privileged EXEC mode – from the privileged EXEC mode you can enter the global configuration mode and change the configuration of a device. Therefore it is important to prevent an unauthorized user from entering the global configuration mode. You can do that by setting up a password to enter the privileged EXEC mode. This can be done in two ways:

 

HOSTNAME(config) enable password PASSWORD
HOSTNAME(config) enable secret PASSWORD

Both of the commands above accomplish the same thing, but with one major difference. The enable secret PASSWORD commands encrypts the password, while the enable password PASSWORD command doesn’t, which means that an unauthorized user could just read a password from the device configuration:

enable password command

Notice how the password (cisco) is visible in the device’s configuration.

Service password-encryption command

By default,  passwords configured using the enable password command and passwords for the console or telnet access are stored in clear text in the configuration file. This presents a security risk because an attacker could easily find out passwords. The global configuration service password-encryption command encrypts all passwords configured.

It is important to note that this type of password encryption is not consider especially secure, since the algorithm used can be easily cracked. Cisco recommends using this command only with additional security measures.

Configuring banners

You can display a banner on a Cisco device. A banner is usually shown before the login prompt. It is usually some text that appears on the screen when a user connect to the device (e.g. some legal information).

The most commonly used banner is the Message Of The Day (MOTD) banner. This banner, if configured, is shown before the login prompt to every user that is trying to establish a session with the device. The following global configuration command is used to configure a MOTD banner:

hostname(config) banner motd DELIMITING_CHARACTER TEXT DELIMITING_CHARACTER

A delimiting character is a character of your choice. Its purpose is to signify the start and end of a text that will appear in the banner. For example, the command banner motd # Unauthorized access forbidden! # will show the following text: Unauthorized access forbidden!.

banner motd

Show version command

The show version command is used to display information about a Cisco device. The command can be entered in both the user EXEC and privileged EXEC mode. By using this command you can find out many useful information about your Cisco device, such as:

  • Software Version – IOS software version
  • System up-time – time since last reboot
  • Software image name – IOS filename stored in flash
  • Hardware Interfaces – interfaces available on device
  • Configuration Register value – bootup specifications, console speed setting, etc.
  • Amount of RAM memory – amount of RAM memory
  • Amount of NVRAM memory
  • Amount of Flash memory

 

The following example shows the output of the command:

show version command

Show history command

An IOS device stores, by default, 10 last commands you have entered in your current EXEC session. You can use the show history command from the user EXEC or privileged EXEC mode to display them.

show history command

You can set a number of command saved in the buffer for the current terminal session by using the terminal history size NUMBER command from the user EXEC or privileged EXEC mode.

NOTE
Another way to recall your command from the history buffer is by using the up arrow key on your keyboard. Most recent command is recalled first.

Show running-configuration & show startup-configuration commands

After you have changed the configuration of your device you can verify its configuration. To dispay the current configuration, type show running-configuration from the privileged EXEC mode. This show the configuration that is stored in a device’s RAM.

show running config

After you have stored your running configuration into the startup configuration, you can view the saved configuration using the show startup-config command from the privileged EXEC mode.

This command shows the configuration that is currenty stored in the device’s NVRAM. This configuration will be loaded next time the device is restarted.

show startup config

upravnik