Cisco IOS
In the previous sections we went over some of the concepts behind networking but now we're going to actually dive right in and take a look at the Cisco Internetworking Operating System (Cisco IOS). The IOS is what runs Cisco's routers and switches. It's also what allows us to configure these devices. The first thing we're going to cover is how to connect to a Cisco router or switch and then we'll go through the user interface and how to navigate through it. Lets go ahead and get started.
Connecting to a Cisco Router
Cisco routers have a few different ways to connect and manage it but the most common is to connect to the console port. The console port is typically a standard RJ-45 port but it does require a rollover cable to connect to it.
You can see the console port pictured above. Another method of connecting to the router is to connect to the auxiliary port. The Aux port is practically the same as the console port however it can also be used to connect a modem to the router allowing us to dial into the router from outside of the network.
The next method of connecting to a router is actually through a program called Telnet. Telnet allows us to remotely connect to a router as long as we're inside the network. This is extremely useful because as a network engineer you may not always be physically next to the equipment you need to fix. There is another method of remote connection called Secure Shell. Secure shell creates a more secure session than telnet by encrypting data.
The next method of connecting to a router is actually through a program called Telnet. Telnet allows us to remotely connect to a router as long as we're inside the network. This is extremely useful because as a network engineer you may not always be physically next to the equipment you need to fix. There is another method of remote connection called Secure Shell. Secure shell creates a more secure session than telnet by encrypting data.
Connect via Console
Now that we know the different methods of connecting to a router lets go ahead and connect to one. If you have GNS3 or your own equipment you can follow along. The first thing we would do is connect our rollover cable to the console port of the router and open up a terminal emulation software such as HyperTerminal or PuTTY. I'm going to be using an enhanced version of PuTTY called SuperPuTTY. When you start your emulation software you will need to use the proper settings to connect to a Cisco router. The following image shows what settings you will need to configure to obtain access to the Cisco IOS.
If the router is booting up after you enter these settings you will encounter the router boot sequence. The router will run POST, check the config registry in NVRAM and if its set to default the router will load the ISO from flash. It then checks NVRAM for a startup-config, if the router finds it then it loads it into RAM renaming it running-config and presents you with the CLI. If a startup-config is not present the router will display a initial setup prompt.
You can go through the initial configuration protocol to set up various settings such as the routers hostname, and passwords. But we're going to go ahead and hit no and go through the set up manually.
When we cancel the initial setup we are presented with the CLI and we are considered to be in the user exec mode. As you configure the router you will enter different CLI prompts such as user exec mode. The first thing we will do in order to make configuration changes to our router is enter privileged mode. All we do to get from user exec mode to privileged is type the command 'enable' , at this point you may be prompted for a password if one has been set. Next we go into global config mode by entering the 'configure terminal' command.
When we cancel the initial setup we are presented with the CLI and we are considered to be in the user exec mode. As you configure the router you will enter different CLI prompts such as user exec mode. The first thing we will do in order to make configuration changes to our router is enter privileged mode. All we do to get from user exec mode to privileged is type the command 'enable' , at this point you may be prompted for a password if one has been set. Next we go into global config mode by entering the 'configure terminal' command.
There are a few things you might notice about the above image. First is that I entered the command conf t instead of configure terminal. Within the Cisco IOS you can shorten commands down as long as they aren't ambiguous. For example I was able to enter conf t because there is no other commands that begin with conf, If I were to enter con t I would get the following error -
The other thing you might notice is that as we entered commands the routers prompt changed twice. The router prompt will change as we enter different modes of configuration such as user exec, privileged, and global configuration mode.
Password and Line Configuration
From here we can start configuring our router. Take a look at the following image -
The first thing I did after entering global configuration mode was change the hostname of the router. The hostname is only locally significant and doesn't affect how the router performs in the internetwork. The next thing I did was enter the command, line ? . The line command is used to enter line configuration mode. Lines are the different kind of connections used to manage the router. Entering the ? after the line command lists what commands can follow the line password. The first line I configured was the console and since there is only 1 console port on the router it was the only one I could use. You will probably notice at this point that the prompt changed again to (config-line) indicating that we entered line configuration mode. From here I set a password on the console port so that anyone attempting to make configuration changes through console 0 will have enter the cisco password.
The next line I entered was the VTY line. VTY stands for Virtual Terminal Line. I believe that the acronym VTY is a historic unix-like contraction combining VT for Virtual Terminal and TTY for teletype (this little piece of information is not important for the CCNA but the VTY acronym never made sense to me). Virtual Terminal Lines are your virtual links for remote connections like telnet. You will notice that when I entered the command 'line vty ?' the router listed the number of VTY lines present, 0-935. That's a lot of connections, and you probably wouldn't want to configure all of them. More than likely most routers you encounter will have 5 vty lines. Once I was in line configuration mode for the VTY lines I set passwords on them just like the console port. It's important to note that if passwords are not set on the VTY lines then you cannot connect to them, they have to have a password to be active. The last command I entered into line configuration mode for the VTY lines is the login command. The login command turns the lines on, without it the lines will remain off.
The last 2 commands do pretty much the same thing with one distinct difference. The enable password command sets a password for privileged mode. So anytime someone enters the 'enable' command they will be prompted to enter the password defined by enable password. The next command does the same thing, it sets a password for privileged mode except the 'enable secret' command is encrypted. Take a look at the following image -
The next line I entered was the VTY line. VTY stands for Virtual Terminal Line. I believe that the acronym VTY is a historic unix-like contraction combining VT for Virtual Terminal and TTY for teletype (this little piece of information is not important for the CCNA but the VTY acronym never made sense to me). Virtual Terminal Lines are your virtual links for remote connections like telnet. You will notice that when I entered the command 'line vty ?' the router listed the number of VTY lines present, 0-935. That's a lot of connections, and you probably wouldn't want to configure all of them. More than likely most routers you encounter will have 5 vty lines. Once I was in line configuration mode for the VTY lines I set passwords on them just like the console port. It's important to note that if passwords are not set on the VTY lines then you cannot connect to them, they have to have a password to be active. The last command I entered into line configuration mode for the VTY lines is the login command. The login command turns the lines on, without it the lines will remain off.
The last 2 commands do pretty much the same thing with one distinct difference. The enable password command sets a password for privileged mode. So anytime someone enters the 'enable' command they will be prompted to enter the password defined by enable password. The next command does the same thing, it sets a password for privileged mode except the 'enable secret' command is encrypted. Take a look at the following image -
The image is part of the output from the command 'show running-config' which we will go over in more detail on the next page. As you can see the enable password command is shown in clear text while the enable secret password is a garbled mixture of characters. Obviously the enable secret password is a lot more secure. If both commands are set the enable secret command will take priority and you will have to enter it to gain access to user exec mode.
You should also set a password on the aux line to ensure no unauthorized access is allow. This is done the same as the other line, in global configuration mode you would enter the command 'line aux 0'. Once in line configuration mode simply enter the password command and the login command. Alternatively you could simply issue the 'no login' command to ensure that the aux line is down.
Now we have passwords covering all of our ports and user exec mode is also password protected. This is a good start and whenever I'm working in labs I like to set these commands first . Next we're going to go over interface configuration and take a basic look at our first routing protocol, RIP!
You should also set a password on the aux line to ensure no unauthorized access is allow. This is done the same as the other line, in global configuration mode you would enter the command 'line aux 0'. Once in line configuration mode simply enter the password command and the login command. Alternatively you could simply issue the 'no login' command to ensure that the aux line is down.
Now we have passwords covering all of our ports and user exec mode is also password protected. This is a good start and whenever I'm working in labs I like to set these commands first . Next we're going to go over interface configuration and take a basic look at our first routing protocol, RIP!