Cisco IOS

All posts tagged Cisco IOS

AEtherchannel is the port link aggregation technology invented by a company named Kalpana. This company was acquired by Cisco systems in 1994.  Etherchannel allows us to group several ( practically eight ) physical Ethernet links on a Cisco switch into one logical link. Advantages of etherchannel include increased bandwidth and fault tolerance. For example, when we group eight physical ports into one logical port, considering bandwidth of each port is 100 Mbps, the combined bandwidth is 800 Mbps. What if one of the port fails?. Well the rest of the ports take over thus preventing any failure. Let’ see it a little bit practically.

Imagine we have a network as shown below. There are two separate departments named Sales and Engg  in a company which are connected through a router.

etherchannel1

 

There comes a time when the traffic between these two significant departments becomes so intense that the network administrator decides to interconnect the two switches of the respective departments as shown below so that the traffice doesn’t disturb the router. ( CCNA guys, always remember that  switches are interconnected using crossover cables only ).

etherchannel2

 

Considering the importance of the two departments, the network administrator decides not only to provide additional bandwidth but also provide fault tolerance between the departments. Etherchannel satisfies both these requirements.

Now let’s see how to configure etherchannel.  To configure etherchannel, login to SWITCH1. Enter global configuration mode by typing command “config t”. Type the command “interface port-channel 1″ to create etherchannel port trunk. Type command “interface range fastethernet 0/1-8″ to select eight interfaces to assign to our etherchannel port trunk. Type command “channel-group 1 mode on” to assign the interfaces to the etherchannel port trunk.

etherchannel3

 

We can see below that we have successfully configured  etherchannel  on our switch.

etherchannel4

 

Now let’s configure VLAN trunk over the etherchannel logical port trunk. Type command “interface port-channel 1″ to select the etherchannel port. Type command “switchport mode trunk” to  set etherchannel port as trunk port.

etherchannel5

 

Hope this was helpful.

According to Wikipedia, “In computer networking, a single layer-2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them via one or more routers; such a domain is referred to as a Virtual Local Area NetworkVirtual LAN or VLAN.”

VLAN’s simplify network management, limit the size of a broadcast domain and improve network efficiency. VLANs are of two types.

  • Static VLAN
  • Dynamic VLAN

In a static VLAN, we assign specific ports to a specific VLAN. whereas in dynamic VLAN we assign MAC addresses to a specific VLAN. In this article we are going to see how to create and configure a static VLAN. We are going to create three VLANs and assign ports to them. For this example, we will create three VLANs named Java, SAP and HR.

vlan1

 

We need to be in global configuration mode to create VLANs. The command “vlan 2″ assigns number 2 to the VLAN we are going to create. We can assign any number from 2 to 4094 to the vlan. The command “name java” names our vlan as java. Similarly we can create the vlans SAP and HR.  Before assigning ports to the VLAN let’s see the port states in our switch.

vlan2

 

We can see above that all the ports of the switch are members of VLAN 1. VLAN 1 is a special purpose VLAN used for administration. It is the only precreated VLAN on the Cisco switch. All ports are members of this VLAN by default. So when you are assigning a port to a specific VLAN, you are just changing the port from VLAN1 to that VLAN.

Now let’s assign ports to the VLANs we just created. First,  let’s assign three ports to the VLAN java.

vlan3

 

The “interface fastethernet 0/1″ command selects the fastethernet port 1. The “switchport access vlan2″ command assigns this port to VLAN java. Similarly we can add the fastethernet ports 2 and 3 to the vlan 2. Now let’s see the port states once again.

vlan4

 

We can see that the first three fastethernet ports have been assigned to the VLAN java. Now we will assign fastethernet ports 4 and 5 to VLANs SAP and HR respectively.

vlan5

 

This is how our network  will look like if we connect the host devices.

vlan6

 

And our port states will look like this.

vlan7

 

Imagine you are a network administrator in a large organization with number of switches and routers. To configure a switch or router on a far off location, there are two choices. One is to go near the switch or router to configure it. This is good but imagine how much trouble it is  to go near each and every device to configure it. The second and easy option is the remote configuration of the switch or router.

Remote configuration of a switch/router can be done using telnet or ssh protocols. But using telnet has a disadvantage. It sends data in plain text. So if you happen to type a username ad password for authentication with the switch from a remote location, it will be passed in plain text and anyone sniffing on the network can easily find out your login credentials. This is a big security risk. To overcome this problem, we should use ssh protocol for remote configuration of the switch or router.  SSH protocol is as same as telnet but it uses encryption during the communication. This makes it difficult for hackers to detect the credentials. Let’s see how to enable ssh on cisco routers and switches using IOS. Here I am using a router.

ciscossh1

 

The command “conf t” enables global configuration mode of the switch or router. The “hostname R1″ command changes the default name of router to R1. The name of the router is used to generate names for the keys  by the ssh protocol. So it is necessary to change the default name of the router. The “ip domain-name shunya.com” command sets the domain name for the router. The domain name is also needed for setting name for encryption keys. ( Shunya.com is a fictional domain name I used. you can use your own domain name ).  It’s  time to set login credentials on the router. The “username admin password 123456″ command sets the username and password to admin and 123456 respectively. The “line vty 0 15″ command selects the vty lines from 0 to 15 for line configuration. The “login local” command sets the login to local router. The “exit” command takes us out of the line configuration mode to global configuration mode. it’s time to generate ssh keys.

ciscossh2

 

The “crypto key generate rsa” command generates the cryptographic keys using Rivest Shamir Adlemann algorithm. You will be prompted to enter the number of bits in the modulus. Setting it too low will be too easy to crack. Setting it too high will be time consuming. I set it to 1024.

Let’s see the information about ssh protocol we enabled on the router.

ciscossh3

 

The “show ip ssh” command does this. The reason for prepending this command with “do” is that the “show ip ssh”  is a privileged exec mode command and cannot be executed in global configuration mode. We can also see from the information displayed that the authentication timeout has been set to 120 secs and authentication retries are set to three. Let’s change them. The command “ip ssh time-out 60″ command changes authentication time-out  to 60 secs.  The command “ip ssh authentication-retries” command is used to change the authentication retries.

Finally we will have to set ssh as input transport protocol on vty access lines.

ciscossh4

 

The “line vty 0 15″ command selects all the vty lines. The “transport input ssh” command sets ssh as a input transport protocol.  The “exit” command as already said takes us out of the line configuration mode. We have successfully enabled ssh protocol on our router.

Let’s once again see the information about the ssh we just enabled using “do show ip ssh”.

ciscossh5

 

We have seen how to set passwords on cisco switches or routers here. Of course setting passwords does add to the security of the device but there is small problem. The password is stored in plain text.  Anyone who gets access to the switch can easily see all the passwords by typing command “show running-config or show startup-config”. Today we will see how to encrypt passwords on Cisco routers and switches.

encisco1

Encrypting passwords can further enhance the security of the device. Privileged password can be encrypted by using the command “enable secret” instead of “enable password”. This command should be set from privileged global configuration mode.

encisco2

Lets see what can we see  when we use the command “show running-config”.

encisco3

We can see that the password we set has been encrypted. but what about other passwords. The  console, auxiliary and vty lines passwords cannot be encrypted even if we use “enable secret” command. To encrypt those passwords, we have to use another command “service password-encryption” as shown below.

encisco4

This command will encrypt all the passwords stored in plain text on the device.

Good evening friends, Today we will see how to configure passwords on Cisco routers and switches. Cisco devices have four types of passwords.

  • Console password : Used to set password for the console access.
  • Auxiliary password : It is used to set password to auxiliary port ( if the switch has one.)
  • VTY lines password : Used to set password for  for telnet and ssh access.
  • Privileged password : Used to set password for privileged access to the switch.

I am not going to show you how to set up auxiliary password here. To see how to set up console password and VTY lines password, go here.

Privileged mode of a Cisco device has some advanced IOS commands that can have disastrous consequences if used by wrong hands. So it is very important to set up a password to access privileged commands. Use the following commands

ciscopass1

 

The “enable” command takes us into privileged mode. The “conf t” mode takes us into global configuration mode which pertains to the configuration settings of the whole switch. The “enable password”  sets a password for the privileged mode. ‘123456’ is the password. The “exit”  command takes us out of the privileged mode. To see if a password has been set for the privileged mode, try entering into privileged mode by typing “en” command. We can see that it prompts us for the password.

Basic configuration of a Cisco switch can be done  in three ways, using Cisco Device manager web tool, using Cisco Networking Assistant(CNA) and Cisco IOS setup mode. The first two are GUI tools and the latter is a CLI option. Since Cisco IOS plays a very important part in CCNA exam,  we are going to see how to configure a switch using Cisco IOS setup mode commands.

In this tut, we are going to configure the name of the switch, set management ip address to the switch, configure console and telnet passwords and lastly configure message of the day banner for the switch. To configure a Cisco switch using Cisco IOS, we must connect a computer to the console part of the switch using a rollover cable. For this article however, I am going to use Cisco Packet Tracer software.

bcos1

Naming the switch: 

Naming the switch can ease management and identification of the switch. Run the following commands for naming the switch. A switch can be named using “hostname” command.

bcos3

 

The first two commands allow us to access the global configuration of the switch. If you are not aware of different modes of a Cisco switch, see here. The “hostname” command renames the switch. The rest of the commands are used to exit from global configuration mode.

Configure management IP address:

Configuring management IP address to the switch allows us to connect to the switch from remote locations using either Telnet or HTTP. To configure management IP address on the switch, run the folllowing commands.

bcos4

 

The first two commands (“en” and “conf t”) set the IOS in privileged global configuration mode. This mode enables us to run commands that configure switch settings that apply to the whole switch.

The “interface vlan1″ command selects an interface to work with.  VLAN 1, is  called the management VLAN and is reserved for management of the switch.  We set IP address and the management default IP gateway on this Vlan.

“ip address 10.10.10.3 255.0.0.0” command sets the ip address and the subnet mask of the switch on interface vlan1. The no shutdown command turns on the interface vlan1. The exit command brings us back into global configuration mode from specific configuration mode.

The “ip default-gateway 10.10.10.1″ command sets the default gateway of the switch to 10.10.10.1 . We can see that we first exit from the interface configuration mode ((config-if)# exit) because the default gateway applies to the whole switch, not just to an interface.

Configuring Console password:

To set up a console password on the switch, run the following commands.

bcos5

 

The “line console 0″ command selects the console line. There is only one console line on a cisco switch. The “password 123456″ command sets the password of the console line to 123456. The “login” command instructs the IOS to prompt for authentication when somebody logs into console line.

Configuring telnet password:

To configure telnet password on the switch, run the following commands.

bcos6

 

The “line vty 0 ?” command shows the number of vty lines available on the switch. The response <1-15>  shows that 15 VTY lines are available, which means we can have 15 simultaneous sessions on this switch.  We will configure telnet password on line 1. The “line vty 1″ command selects the line 1. The “password telnet” command sets the telnet password of the line to telnet. The “login” command instructs the IOS to prompt for authentication.

Configuring banners:

Banners can be used to display a brief message about the switch when someone logs in. It helps identifying the switch we log into and its configuration and usage guidelines. We can also add a security warning in the banner message to warn users against unauthorized access to the switch. We should run the following commands to configure banners on the switch.

bcos7

 

We will configure message of the day on the switch. The “banner motd -“ command ( note that there is a space between motd and – ) is used to configure the message of the day banner on the switch. When we run this command, it prompts us to enter the message whcich should be ended by .

This is the basic configuration of he switch. Hope this was hepful.

I am self learning for CCNA. A few months back, I got a thought if we can simulate routers in Vmware Workstation. While I was searching for it I found a different solution, GNS3. After simulating routers in GNS3 and practising CLI interface, I had another idea if we can simulate CISCO Graphical User Interface on our PC. This article is  result of that.

In this article, we are not only going to see how to connect Vmware and GNS3 but also see how to simulate CISCO Graphical user Interface (GUI). For this I use,

1. Vmware Workstation 9.

2. Windows XP as Guest OS.

3. Cisco Security Device Manager v25.

4. GNS3.

5.  C7200 Router Image.

Open Vmware Workstation. On the menu Select “Edit>Virtual Network Editor”. On the Virtal network editor, click on “Vmnet1″ network. It is a default Host-only type network adapter of Vmware. Observe its settings. Enable DHCP server.

vmgns1

 

Install Windows XP as a guest. On its virtual machine settings, change the network adapter to “Vmnet1″.

vmgns2

 

Power on the machine. Install Cisco SDM ( I leave the getting Cisco SDM part to you ). Open CMD and type “ipconfig” to see its IP address. Take note of this.

vmgns3

Open GNS3. Click on “Browse all devices”.

vmgns4

 

Select Router “c7200″ and drag it to the workspace. Do the same with “Cloud”.

vmgns5

 

Close the All Devices tab. Right click on the Cloud.  Select “Configure”, a ‘node configurator’ window will open. On this window, click on “C1″.

vmgns6

On the NIO Ethernet tab, in the “Generic Ethernet NIO tab” dropdown menu, select our network adapter (Vmnet1) from the dropdown menu and click on “Add”. Click on “OK” to close the window.

vmgns7

Right click on the router. Select “Configure”, click on “R1″. Select slots tab. In the Slot 1 dropdown menu, select “PA-4E”. Click on Apply an close the window. The selection PA-4E creates four Ethernet ports on the router. Right click on the router and start the router.

vmgns8

Add a link from “cloud( Vmnet1)” adapter to the “e1/0″ port on the router.

vmgns9

Hover your mouse over the router. We can see all the ports.

vmgns10

Similarly hover your mouse over the cloud to see its connections.

vmgns11

 

Right click on the router and select “Console”. In the global configuration mode, type the following commands.

ip http server”

ip http secure-server”

These commands set up http and https servers respectively which are needed for Cisco SDM.

vmgns12

Type the command “interface Ethernet 1/0″. We are entering into specific configuration mode of our connected interface. Type the command “ip address 192.168.10.3 255.255.255.0″. This sets the interface IP address and subnet mask. Make sure the router IP address is in the same subnet as that of our guest OS in Vmware workstation. Type “no shut” and exit to the privileged mode.

vmgns13

Let’s ping our guest from the router. to ensure that we are connected to Vmware Guest.

vmgns14

Since success rate is 100%  we have successfully connected Vmware and GNS3. Now let’s do the Cisco SDM part. On our Guest machine click on Cisco SDM. A SDM launcher window will open. Type the IP address of the router and click on Launch.

n16

 

Internet Explorer will open as below. Make sure Internet Explorer is configured to allow pop ups and to allow Activex to run from the computer.

n17

 

After some time the following popup will open. Don’t close it.

n18

 

Then we might see a certificate warning. Click on Yes.

n19

 

After some processing, Cisco SDM will open.

n20

 

We have successfully simulated Cisco GUI on our PC. Happy practice friends.

Cisco IOS is the internetwork operating system of both the Cisco switches and routers. It has two interfaces command line interface(CLI) and Graphical User Interface(GUI). Since CCNA exam will surely test your knowledge on these interfaces, it is important to get familiar with them.

Cisco’s IOS command-line interface (CLI) is a text-based interface integrated with the IOS. When a switch or router boots up, the IOS loads the startup configuration from NVRAM and displays the IOS prompt, waiting for commands. We can enter the IOS commands at the IOS prompt.

In this article, we will see various command line modes on Cisco routers and switches. For this, we are going to use Packet Tracer. To see what is Packet Tracer and how to install it in both Linux and Windows, go here. For a startup guide on Packet Tracer, see here. Open Packet Tracer  and select a Cisco 2960 switch.

cclm1

 

Hover on the switch to see its ports.

cclm2

Select a Computer from the End Devices and connect them with a Console wire. What we are simulating here is connecting to the switch from a PC through console.

cclm3

 

Click on the Host device( Computer ). On the window that opens, click on Desktop tab and Click on Terminal.

cclm4

The console opens with the switch booting. Switch finishes its booting operation and loads  into user EXEC mode.

cclm5

Coming to the modes of Cisco IOS, the Cisco IOS has five command line modes.

  • Setup mode
  • User EXEC mode
  • Privileged EXEC mode
  • Global configuration mode
  • Specific Configuraton mode

Setup mode

Setup mode is the initial configuration mode of Cisco switches and routers. They start in setup mode when no startup configuration exists in NVRAM. After completion of the setup mode,  the Cisco IOS transitions to user EXEC mode.

User EXEC mode

The user EXEC mode is the normal operation mode on Cisco switches and routers. The Cisco IOS user EXEC prompt is the switch or router name followed by the ‘greater than’ character >. See all the commands available in user EXEC prompt by typing ‘?’

cclm6

 

Privileged EXEC mode

Privileged EXEC mode is the advanced operation mode of Cisco IOS. It has been designed to restrict access to IOS commands that can have adverse effects on the Cisco device and its configuration. To enter privileged EXEC mode type “enable” or “en” .Privileged EXEC prompt is comprised of the switch or router name followed by the # character. To exit the privileged EXEC prompt type “disable”.

cclm7

 

To see the commands available in privileged EXEC prompt, type ?.

cclm8

 

Global Configuration mode

The global configuration mode is comprised of commands pertaining to the entire Cisco device. In other words, if we need to execute commands to modify the behavior of either the whole switch or the whole router we need to set the IOS in global configuration
mode. Global configuration mode can only be enabled from  privileged
EXEC mode by typing config t” or “conf t”. The prompt in this mode is comprised of the device name followed by “(config)#”.

cclm9

 

See the commands available in this mode by typing ‘?’. If we need to execute a command not available in the global configuration mode we should prefix the command by “do”.

cclm10

 

Specific configuration mode

The specific configuration mode is used for commands that affect the configuration of either just one part or range of components of the Cisco device. Suppose we want to work on a few interfaces (or ports) on our switch or router we need to enable specific configuration mode. We can enable specific configuration mode only from the global configuration mode by selecting the components we want to work with. The prompt in this mode is comprised of the router or switch host name followed by “(config-<component>)#”.

Let’s select interface fastethernet 0/1 by typing “interface fastethernet 0/1″. 

cclm11

If we want to run a command not available in specific configuration mode prefix the command by do”. For example, run the command “do show running-config” in specific configuration mode.

cclm12

 

We can exit from global configuration mode and specific configuration mode by typing “exit”.

One day, I was intently searching for a method to emulate a router or switch in Oracle VirtualBox  After a long search, I didn’t find a method but I found  another virtualizing software called GNS3.  GNS3 is a network emulation software which can be really helpful to someone preparing for CCNA,CCNP,CCIE,JNCIA,JNCIS and JNCIE. It can emulate  Cisco IOS’s, Junos routers and also  complex networks functioning as close as possible to the real networks without needing the network hardware like routers and switches. The best part of it is that it is open source. However we will have to download Cisco IOS and Junos separately.

GNS3 is available for Windows,Linux and MacOS X. In this article, I am going to show you how to install GNS3 in Windows step by step.

Download the software suitable for your Windows from here. The all-in-one download is recommended.

Click on the executable file downloaded. The welcome message pops up.Click on “Next”.

w1

Then the License Agreement is displayed.Click on “I Agree”.

w2

 

Then you are asked to choose the start menu folder in which your  program’s shortcuts will be stored. If you choose the default folder, click “Next”. You can also create a new folder if you want.

w3

 

Then you can choose which components you want to install from the components shown. I suggest you to choose all the options. Click on “Next”.

w4

 

Then you are asked to choose where you want to install your program. you can choose a different folder if you want but the default folder should be OK. Click on “Install”.

w5

 

Then the WinPcap installation wizard starts. WinPcap is an opensource library for packet capture and network analysis for Win32 platforms. Click on “Next”.

w6

 

Click on “Next”.

w7

 

On the WinPcap License Agreement, click on “I Agree”.

w8

 

On the review WinPcap installation options, Click on “Install”.

w9

 

The installation starts.

w10

 

After the installation is finished, Click on “Finish”.

w11

 

Then the  Wireshark installation wizard” opens (only if you selected the component for installation above). Wireshark is a network sniffer. Click on “Next”.

w12

 

You are shown the License Agreement of Wireshark. Click on “I Agree”.

w13

 

Then you are prompted to select the components of Wireshark you want to install. Choose all and Click on “Next”.

w14

 

Then you are prompted to select which shortcuts you want to create. The choice is yours. Click on “Next”.

w15

 

 

Then choose the directory in which you want to install Wireshark and click on “Next”.

w16

 

Then Wireshark starts installing.

w17

 

After the installation is completed, Click on “Next”.

w18

 

Then Completion of Wireshark installation Wizard appears. You are prompted to choose if you want to run Wireshark. Don’t make any selection. Click on “Finish”.

w19

 

Then the installation of GNS3 starts.

w20

 

After the installation is completed, click on “Next”.

w21

 

Completion of GNS3 wizard appears. Click on “Finish”.

w22

 

Start GNS3. The following window appears when we start GNS3 for the first time. Click on 1(the space enclosed in a red box).

w23

 

This is to check whether path to Dynamips and the path to its working directory are valid or not. Dynamips is the core program that allows IOS simulation.Click “OK”.

w24

 

Let’s go to Step 2. Here we configure path to our IOS image directory.We have to store all our images in this directory.Make changes to the path if you want otherwise click on “OK”.

w25

 

Step 3: In this step, we will add one or more uncompressed IOS images of a router or switch. As already said, IOS images should be downloaded separately due to license agreements.

w26

Browse to the folder where your IOS image is.I am adding a CISCO c3700 router for example. Click on Save and your window should like this.

w27

 

Click on “Close” and your GNS3  windows appears.

w28

 

In the Node Types section, click on C700 (the type we just added)  and drag it to the right to see if our router has been added or not. If it is like below, then your installation is success. Happy practising.

w29