What Is CCNA?: February 2012

Network Utility

A number of tools built into each operating system can be used for diagnostic purpose. These network utilities can help diagnose from where the problems are originating when users have trouble connecting to a network. It may be necessary to utilize the network utilities such as ping command, tracert command, nslookup command etc to help identify and fix network related problems. The ping command is one of the most useful commands which sends a series packets to another system which in turn sends back reply. This utility can be extremely useful in troubleshooting problems with remote hosts. ARP (Address Resolution Protocol) command resolves the IP address to a network card address (MAC address). The ipconfig command allows you to view TCP/IP settings and configuration. The tracert command is the route tracing utility which can be used to determine the path that an IP packet has taken to reach a destination. The netstat command displays protocol information and connection status and provides useful information regarding traffic flow. The nslookup command can be used to query Internet domain servers. In this lesson, you will learn the syntax and functions of these commands in detail.

Troubleshooting Methodology

In spite of monitoring and maintenance, network problem still occurs. When the problem occur network administrator or support engineers can determine and resolve the problem more efficiently by using structured approach rather than using random solution.

The structure approach consists of four steps which will help to solve the problems.

Set the problems priority.
Divide the network into parts.
Develop a list of possible causes.
Study the result of the test to identify a solution.

Setting priority Initial step an administrator should take after receiving multiple problems is to establish the priority according to the requirement. Setting priorities in network problem solving is done by assessing the problem’s impact. This can be done by gathering information which provides the foundation for isolating the problem. Information gathering involves scanning the network checking for the cause and a possible solution. This quick scan should also include a review of the history if the problem has occurred before and if there is a recorded solution.

Divide the network into parts If the scan does not gives any solution to the problem, then administrator has to divide the network into as many as segments as possible so that they can troubleshoot a small segment rather than one large network. After isolating the problem down to a specific segment, the administrator can check each network component which includes clients, adapters, hubs, cabling and servers.

Possible Causes After collecting all the information, develop a list of possible causes for the problem. Assign rank in order of most likely to cause the problem to least likely to cause the problem. Select the one from the list of possible causes, test it and check if that is a problem.

Study the result If the test resolves the problem, then it means that you are successful in identifying the problem. If the testing did not isolate the problem, go back to the list of possible solution and try to resolve again.

TCP/IP Network Diagnostic Utilities

The TCP/IP suite has wide variety of programs available for troubleshooting or obtaining performance data. Most of these utilities are command-line programs. To run them, first run cmd.exe (on NT or windows 2000) or command.com (on windows 9x) and when the command prompt box opens, type the desired command line utility.

Ping command

Ping (packet InterNet Groper) command can be used to verify connectivity between computers in a network. The ping command tells the minimum, maximum and average time taken by ping packet to reach the specified destination and how long it will take to receive a reply. Ping is a utility used to verify if a network data packet is capable of being delivered to an address without errors. If errors are found during the delivery of packets to the destination, the ping command displays error message. Ping command creates an echo request to a host on a TCP/IP based network. It communicates by using ICMP (Internet Control Messaging Protocol) protocol. When using ping command, systems sends ICMP packet and waits for a response from a remote host.

Example of ping command: to use ping command, type PING followed by the IP address for which you want to verify the connection at the command prompt.

C :/> ping 192.168.1.2

ARP Command

ARP is used to perform IP address resolution for mapping a 32-bit internet protocol address to MAC address that is recognized in the local network. ARP uses a broadcast to perform this by asking the host which has given IP address to respond to the broadcast with its MAC address.

ARP commands: The arp command has three useful options for trouble shooting which are shown below in the table.

arp
arp -s adds static address that remain until the machine is rebooted
arp -a ( or -g ) displays the IP and MAC address and inform you as to whether the mapping is static or dynamic
arp -d manually delete the entry

With these options you can view the contents of the ARP table, delete a problem entity and install a corrected entry.

The physical address as shown as above in the format 00-25-5e-93-bf-29 is the unique manufacturer identification number.

Note: If an IP address is assigned to particular network adapter, it cannot be changed to a new address. To use ARP, type ARP at the command prompt or type arp /? To view the list of options.

IPCONIG Command

IPCONIG is a MS-DOS command which can be used to display the network settings currently assigned and given by a network administrator. Use ipconfig command to view host computer configuration information including IP address, subnet mask and default gateway. You can use the ipconfig command with all option to view detailed configuration information for all interfaces.

Example: The example below shows the output obtained by entering ipconfig/all

TRACERT Command

TRACERT is short for trace route which displays the path that data takes to reach the destination. The tracert command is used to see the network packet sent and received and the number of hops required for that packet to reach its destination. The tracert command displays a series of routers used for delivering packets from computer to the destination and time taken on each hop. If the packets are unable to be delivered to the destination, the tracert command displays the last router which has successfully forwarded the packet. To use tracert command, type TRACERT and IP address, or the name of the router which you want to see at the command prompt. You can see that there will be a maximum of 30 hops displayed.

NETSTAT Command

The netstat command is used to view the active TCP and UDP port activity for either servers or workstations. When netstat is used with-I flag, netstat displays statistics for the network interface configured. If the- a option is used, it gives all interfaces present not only those that has been configured currently.

To use NETSTAT command, type NETSTAT with the appropriate switches at the command prompt. As with other command-line utilities, use “/? Switch to obtain the list of valid switches and explanation of their function.

Syntax for netstat command

C :/> Netstat /?

NSLOOKUP (Name Server Lookup)Command

NSLOOKUP is a MS-DOS utility which enables to look up an IP address of a domain to host on a network. Using NSLOOKUP, you can identify domain’s name server, IP address of specific host, look up the fully-qualified domain name for an IP address, look up mail server for a specific domain or host etc. If you enter a domain name then you will get IP address to which it corresponds and if you enter an IP number then you get the domain name to which it corresponds. Example is as shown below.

Telnet

Telnet which is a part of TCP/IP protocol suite is a virtual terminal protocol that allows you to establish connection to remote devices, gather information and run programs. When the routers and switches are configured, Telnet programs can be used to reconfigure or to check the routers and switches without using a console cable.

Note: you cannot use CDP to gather information about routers and switches that are not directly connected to your device. But you can use the Telnet application to connect to neighbor device, and then run CDP on those remote devices to gather information on them.

There is slight variation when you use Telnet on Cisco router when compared to using it on most of Catalyst switches. The telnet command can be used to open Telnet connection from the Catalyst switch. With Cisco IOS software on router, there is no need to enter the connect or telnet command to establish Telnet connection. You can just IP address or hostname of the target device from any prompt and router will assume that you want to telnet to that device.

Switch#telnet 172.16.10.2
Trying 172.19.10.2....Open
Password required, but none set
[Connection to 172.19.10.2 closed by foreign host]
Switch#

Remember that VTY ports on a router are configured as login, meaning that you need to have VTY passwords set on the router to establish connection. Passwords can be set as shown below.

Switch#config t
Enter configuration commands one per line. End with
CTRL+Z
Switch(config)#line vty 0 4
Switch(config-line)#login
Switch(config-line)#password ccna
Switch(config-line)#^Z
Switch#

Again try to connect to router from the 2950 console:

Switch#telnet 172.16.10.2
User access verification
Password:
Switch>

Remember that VTY Password is the user-mode Password, not enable-mode password. When you try to enter into privileged mode after establishing connection into router, the following output will be displayed.

Switch>
Switch>en
% No password set
Switch>

Verifying Telnet Connections
To see the Telnet connectivity made from your router to router to remote device, use show sessions command as demonstrated below:

Switch#sh sessions
Conn Host Address Byte Idle Conn. Name
1 172.19.10.2 172.19.10.2 0 0 172.19.10.2
*2 192.168.0.148 192.168.0.148 0 0 192.168.0.148
Switch#

With the help of show sessions command, you can view a list of host to which Telnet connectivity is established. Information displayed in the show sessions output are host name, the IP address, the byte count, the amount of time the device has been idle and the connection name given to the session.

When multiple sessions in progress, the asterisk sigh next to connection 2 indicates that session2 is the last session. You can return to the last session by pressing Enter twice.

Checking Telnet users

You can view list of all active console and VTY ports in use on the router with show user command.

Switch#sh users
Line   User  Host(s) Idle Location
*0 and 0  172.19.10.2 00:07:52
   172.19.0.148 00:07:18

In the show user output, con represent the local console. In this example, the console is connected to two remote IP address or device. If there are multiple users, the asterisk (*) represent the current terminal session from which the show user command was entered.

Suspending Telnet Sessions
Imagine Telnet session is established between Router1 and Router2. To suspend the Telnet session and to come back to your local device (router or switch), press Ctrl+Shift+6 at the same time, release the keys and press the character x. The prompt indicates that the Telnet session has been suspended.

Switch#x
Switch#sh sessions
Conn Host          Address Byte Idle Conn. Name
1 10.1.1.2 10.1.1.2 0 1 10.1.1.2
Switch#resume 1
Switch#

There are various ways to re-establish a suspended telnet session

Press Enter key twice to return to the previous devious device prompt.
Enter resume command if there is only one session. Entering resume command without session number helps you enter last active session.
The show sessions command helps to find the session number as shown in the above example.
The resume session number command helps to reconnect to a specific Telnet session as shown in the example above.

Closing a Telnet session

You can end a Telnet session in a few different ways. Entering exit or disconnect is probably the easiest and quickest.

Use exit or logout EXEC command to end a session from a remote device.
Use disconnects command to close a session from a local device. If there are multiple sessions, you can use disconnect (session name) (session number) command from the local device.

Managing Network Environment

Various CDP commands and the Telnet utility will help you to gather diagnostic information. By using CDP, you can gather hardware and protocol information about neighboring devices which is very useful information for troubleshooting. In this lesson, you will learn various CDP commands used to verify the network. Network administrator can use CDP commands to gather information about devices and their network which are directly connected to the device. The function of CDP is limited to gathering information about immediate neighbors. But other tools such as Telnet can be used to collect information about remote devices. In this lesson, you will also learn how to use Telnet to gather information about remote devices.

Gathering Information about Neighboring Device

Cisco Discovery protocol (CDP) is a network and media independent layer 2 protocol which is used to discover information about neighboring network device. As CDP operates at Data Link Later, it does not require any Network Layer protocol such as IP or IPX to transfer information.

CDP runs on all Cisco-manufactured equipment including routers, bridges, access servers and switches. Using CDP you cam view information about all Cisco devices which are directly attached to the switch or router. CDP is primarily used to gather protocol addresses of neighboring devices. It can be also used to show information about interfaces used by router.

CDP runs on all media that support sub-network .Access protocol (SNAP) including local-area network (LAN), Frame Relay and Asynchronous transfer Mode (ATM) physical media.

Each device configured for CDP sends periodic messages known as advertisements to a MAC multicast address 0100.0ccc.cccc, every 60 seconds by default. Each device sends at least one address at which it can receive SNMP (Simple Network Management Protocol) message. The advertisements also contain time-to-live or hold time information. This indicates the time length the receiving device should hold CDP information before discarding it. Each device also listens to the periodic CDP message sent by other device which helps to know about other neighboring devices. The information gathered includes type of device, software version and network layer addresses if configured. This information will be stored in the device’s RAM.

To view CDP output, use show cdp command. CDP has several keywords which help to view different types of information and different levels of details. CDP packet made up of ASCII strings represent information such as device name, protocol addressing information, port connectivity information and device operating system information.

CDP functionality is enabled by default on all the devices. To prevent other non-devices from getting information about your device, it has to be disabled at the device level. This can be done by using global configuration command no cdp run. This will disable CDP protocol on entire device. To disable CDP on particular interface, you can use no cdp enable command; which will protect the bandwidth while connecting to non-Cisco device.

Router(config-if)#no cdp enable
To re-enable CDP on an interface, use the cdp enable interface configuration command.

Displaying CDP information about neighboring device
One of the most important commands regarding CDP is the show cdp neighbors command. The output is as shown below.

Router#show cdp ?
  entry      Information for specific neighbor entry
  interface  CDP interface status and configuration
  neighbors  CDP neighbor entries
  
Router#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID    Local Intrfce   Holdtme    Capability   Platform    Port ID
Switch       Fas 0/0          165            S       2950        Fas 0/1
Switch       Fas 0/1          165            S       2950        Fas 0/1

The output displays following information

Type of device that is discovered
Name of the device
Number and type of the local interface
Number of seconds the CDP advertisement valid for the port
Device type
Device product number
Port ID

The format of show cdp neighbor output may vary depending on the type of device but information displayed will be same across devices. The show cdp neighbors command can also be used on Catalyst switch to display CDP updates received on the local interface. Local interface is also referred as local port on a switch.

Displaying detailed CDP information about neighboring device

To view detailed information about neighboring device, use show cdp neighbor detail command. The information displayed by using show cdp neighbor detail command includes additional information such as IP address and IOS version about neighboring device. The output from show cdp neighbor detail command is same as that produced by using show cdp entry * command.

Router#show cdp ?
  entry      Information for specific neighbor entry
  interface  CDP interface status and configuration
  neighbors  CDP neighbor entries

The show cdp entry * command displays information about specific neighbor when the neighbor’s name is added in the command string. The name entered is case sensitive and it can be obtained by using show cdp command.

Router#show cdp entry *

Device ID: Switch
Entry address(es): 
Platform: cisco 2950, Capabilities: Switch
Interface: FastEthernet0/0, Port ID (outgoing port): FastEthernet0/1
Holdtime: 123

Version :
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(22)EA4, 
RELEASE SOFTWARE(fc1)
Copyright (c) 1986-2005 by cisco Systems, Inc.
Compiled Wed 18-May-05 22:31 by jharirba

advertisement version: 2
Duplex: full
---------------------------

Device ID: Switch
Entry address(es): 
Platform: cisco 2950, Capabilities: Switch
Interface: FastEthernet0/1, Port ID (outgoing port): FastEthernet0/1
Holdtime: 123

Version :
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(22)EA4, 
RELEASE SOFTWARE(fc1)
Copyright (c) 1986-2005 by cisco Systems, Inc.
Compiled Wed 18-May-05 22:31 by jharirba

advertisement version: 2
Duplex: full

The output from the show cdp entry * command displays the following information

The IP address of the neighboring device.
Information on Layer 3 protocol.
Device’s platform information.
The capabilities of the device.
The type of local interface and ID of outgoing remote port.
Hold time value in seconds.
The type of IOS and its version.

Note: On router either show cdp neighbors detail or show cdp entry * command can be used. But on 1900 switches, only show cdp neighbors detail command is available.

Displaying Configuration Information and Interface Status for a Device
The show cdp interface command is used to display interface status and configuration information about the local device. It displays information about the interfaces on which CDP is enabled.

The show cdp interface command displays the following status fields

Administrative and protocol condition of the interface.
Encapsulation type for the interface.
Frequency at which CDP packets are sent
Hold time in seconds.

Basic Configuration On Switch - I

Setting the hostname of the switch

As it is with a router, the hostname on a switch is only locally significant. This means that it doesn’t have any function on the network or with name resolution. When you boot the 1900 switch, you will get the standard user mode

Switch>enable
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname CCNA
CCNA(config)#

Setting the User Mode and Enable Mode Passwords

In order to prevent unauthorized user connecting the switch, you can set password on switch. Both user mode and privilege mode password can be set as in router. To configure the user mode password, press K at the switch console output. To enter into enable mode, you can use enable command, then you can enter into global configuration mode by entering config t command.

After entering into global configuration mode, user mode and enable mode passwords can be by making use of enable password command.

The below shows the configuration and user mode passwords for 2950 switch.

CCNA(config)#enable password ?
  7      Specifies a HIDDEN password will follow
  LINE   The UNENCRYPTED (cleartext) 'enable' password
  level  Set exec level password
CCNA(config)#enable password level ?
  <1-15>  Level number

Level number 1 can be used to enter the user mode password. And to enter the enable mode password, use level mode 15. The password should have at least four characters but it should not be more than eight.

The example below shows how you can set both user mode and enable mode passwords on the 2920 switch.

CCNA(config)#enable password level 1 CCNA
CCNA(config)#enable password level 15 CCNA1
CCNA(config)#exit
CCNA#

To set user mode passwords for 2950 switch, follow this.

Switch>enable
Switch#configure t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#line ?
<0-16> First Line number
console Primary terminal line
vty Virtual terminal
Switch(config)#line vty ?
<0-15> First Line number
Switch(config)#line vty 0 15
Switch(config-line)#login
% Login disabled on line 1, until 'password' is set
% Login disabled on line 2, until 'password' is set
% Login disabled on line 3, until 'password' is set
% Login disabled on line 4, until 'password' is set
% Login disabled on line 5, until 'password' is set
% Login disabled on line 6, until 'password' is set
% Login disabled on line 7, until 'password' is set
% Login disabled on line 8, until 'password' is set
% Login disabled on line 9, until 'password' is set
% Login disabled on line 10, until 'password' is set
% Login disabled on line 11, until 'password' is set
% Login disabled on line 12, until 'password' is set
% Login disabled on line 13, until 'password' is set
% Login disabled on line 14, until 'password' is set
% Login disabled on line 15, until 'password' is set
% Login disabled on line 16, until 'password' is set
Switch(config-line)#password telnet
Switch(config-line)#line con 0
Switch(config-line)#password cisco
Switch(config-line)#exit
Switch(config)#exit
Switch#

Setting the Enable Secret Password

The enable secret password is the most secure password and it supersedes the enable password which means that if enable secret password is set, then there is no need to set enable password.

Note: Enable password and enable secret password are same on the 1900 switch but on 2950 switch the enable secret password and enable password has to be different.

CCNA#config t
Enter configuration commands, one per line. End with CNTL/Z.
CCNA(config)#enable password cisco
CCNA(config)#enable secret cisco
Enable secret password is same as enable password
This is not recommended. Re-enter the enable secret
CCNA(config)#enable secret ccna
CCNA(config)#

Basic Configuration On Switch

Most of the switch functions are built into the device to enhance its performance. Due to this fact switch can be implemented with minimum configuration. However, most the configuration parameters can be changed according to your need. To configure the switch you have to enter into the command-line interface which allows you to change the configuration parameters. The task involved in configuring a switch is setting the basic information including switch’s name, manage IP address and the default gateway. In order to install and configure, you have to understand the start up sequence of the switch and describe the normal boot sequence. In this lesson, you will learn the process of starting and configuring a 1900 switch and 2950 switch.

Switch Bootup Process

When 1900 switch is switched on, it runs through a power-on-self-test (POST). Initially all the port LEDs are green and the POST determines whether all ports are in good state. The ports LEDs which are in good condition blinks any they are then turned off. If the POST finds a port which has failed both the system LED and the port’s LED turn amber. Color cable is connected to the switch, the menu given below appears after the POST.

By pressing K, you can use the command-line interface, and when you press M, you ‘II be allowed to configure the switch through a menu system. Pressing I allows you to configure the IP configuration of the switch, but you can also do this through the menu or CLI at any time. And once the IP configuration is set, this selection no longer appears. This is what the switch’s output looks like on the console screen when the switch is powered up:

1 user(s) now connected to Management Console:
User Interface Menu
[M] Menus
[k] Command Line
[I] IP Configuration
Enter selection Key:
CLI session with the switch is open
To end the CLI session, enter[Exit].

When you power on a 2950 switch, it’s just like a Cisco router-the switch comes up into setup mode. However, unlike a router, the switch is actually usable in fresh-out-of-the-box condition.

You can just plug the switch into network and connect network segments together without any configuration! This is because switch ports are enabled by default, and you don’t need an IP address on a switch to make it work in a network-unless you want to manage the switch via the network.

Here’s the 2950 switch’s initial output:

At any point you may enter a question mark '?' for help.
Use Ctrl+c to abort configuration dialog at any prompt
Default settings are in square brackets '[]'.
Continue with configuration dialog?[Yes/No]:yes

Enter IP address: 16.0.0.5
Enter IP netmask: 255.0.0.0
Would you like to enter a default gateway address?[Yes]: 255.0.0.0
% Please answer 'yes' or 'no'.
Would you like to enter a default gateway address?[Yes]: yes
IP address of default gateway: 17.0.0.5
Enter host name[Switch]: CCNA
The enable secret is a one-way cryptographic secret used
instead of enable password when it exists.
Enter enable secret: CCNA
Would you like to configure Telnet password?[Yes]: yes
Enter Telnet password: 123
Would you like to enable as a cluster command switch?[Yes/No]: no
The following configuration command script was created:
ip subnet-zero
interface VLAN1
ip address 16.0.0.5 255.0.0.0
ip default-gateway 17.0.0.5
hostname CCNA
enable secret 5
line vty 0 15
password 123
snmp community private rw
snmp community public ro
!
end
Use this configuration?[yes/no]: yes
Building configuration....
[OK]
Use the enabled mode 'configure' command to modify this configuration
Press RETURN to get started
CCNA>

Erasing the Switch Configuration

When changes are made to the switch’s running-config, the switch will automatically copy the configuration itself on the NVRAM. This is the major difference between router and switch when user enters copy running-config startup-config.

But the 2950 switch has a running-config and a startup-config. User can save the configuration by using copy run start command and user can erase the contents of NVRAM with the help of erase startup-config command.

To delete files from 2950, just type erase startup-config from the privileged mode prompt like this:

CCNA#erase startup-config
Erasing the nvram filesystem will remove all files continue?[confirm](enter)
[OK]
Erase of nvram: complete
CCNA#

Unlike the 1900, when you erase the configuration on the 2950, you have to reload the switch before the running-config actually deletes the file.

Basic Router Configuration

A router needs to be configured in order to operate within the network. Once it is configured, a network operator has to check the status of various components. There are several methods available for configuring Cisco router. This best method to configure is from command-line interface. In this lesson, you will learn configuration of router using command-line interface. If is very important to understand various prompts that you will find while configuring the router-which helps to know where you are at any time within the configuration mode. In this lesson, you will learn different command prompts that are used while configuring.

The first step in the configuration is assigning the name-name of the router is known as hostname. If the hostname is not set, then the default name will be Router. The next step is assigning passwords. Different passwords are used to secure a router like console, VTY, enable and enable secret password are used to secure privileged mode while the other two are used to configure passwords when the user mode is accessed through console or through Telnet. In this lesson, you will learn the commands used to set the passwords. In addition to this, you will also learn the configuration of router interface which is very important to enable communication with other devices.

Configuring a Router from Command-line Interface (CLI)

Cisco uses CLI to refer to the terminal user command line interface to the IOS. The term CLI indicates that the user is typing the commands at the terminal. The Cisco IOS command-line interface is organized around the idea of modes. Each mode has a set of commands and some of these commands are only available in that particular mode. In any mode, by typing question mark helps to view list of commands which are available in that mode. For example: By typing Router>?, you can view list of commands in the user mode.

Overview of Router Modes
The first mode in which you can issue commands from the command-line interface is the EXEC mode. From this mode you can use show commands to obtain information about the system. You can also use commands like show version to display the version of the IOS the router is running. To configure router, you have to enter into privileged mode. This can be done by using command enable. When you type command enable and correct password (if password is set), you will enter into privileged mode.

The command-line prompt changes each time the user enters into different modes. When user change the mode from user to privileged mode, the prompt changes as shown below.

Router> enable
To
Router#

From the privileged mode, user can enter into global configuration mode by using configure terminal command. To configure any feature of the router, you must enter configuration mode.

Router#config t
Router(config)#

From global configuration, user have access to specific configuration mode which include following.

Interface
To configure settings for a specific interface such as configuring IP address, use interface configuration mode. To enter interface configuration mode, use interface command and provide name and number of an existing interface for example:

Router(config)# interface Ethernet 0
Router(config-if)#

Sub-interface
Sub-interface Command supports commands that configure multiple virtual interfaces on a single physical interface. The prompt in this mode is as follows

Router(config-subif)#

Line
You can use line command to configure user mode password. The prompt in this mode is as follows:

Router(config)#line console 0
Router(config-line)#

Router
To configure routing protocol such as IGRP and RIP, the prompt (config-router)#

Router#config t
Router(config)#router rip
Router(config-router)#

When you enter exit, the router will come back from one specific configuration mode to global configuration mode. To exit privileged mode and return to user mode use the following commands

Router#disbale

To exit privileged EXEC mode and quit the session with the command-line executive use one of the following commands

Router#logout
Or
Router#exit

Pressing Ctrl+Z key sequence or typing end enables to quit the configuration mode completely and returns to the privileged EXEC prompt.

The commands which affects entire router are called as global commands. For example hostname and enable password are global commands. Major commands are the commands which indicate a process or interface that will be configured. When major commands are entered, it causes CLI to enter specific configuration mode. Major commands have no affect unless it is followed by subcommand. For example: the major command interface serial 0 has no affect unless it is followed by subcommand which indicates what has to be that interface.
The following is the example of major command and subcommand

Router(config-if)#line console 0 ( major command )
Router(config-line)#password cisco ( subcommand )

Notice by entering major command, changes the configuration mode from one to another.

Setting the host name
Naming a router helps to manage network by uniquely identifying each router within the network. The name of the router is considered as the host name and it is displayed at the system prompt. If name is not configured then the default name is Router. The name of the router can be assigned in the global configuration mode which is as shown below.

Router (config) # hostname CCNA
CCNA(config)#

Setting the System Clock
The system clock runs from the moment the system start up and keeps track of the current data and time based on coordinated Universal Time (UTC). To manually set the system clock, use one of the formats of the clock set EXEC command.

Clock set hh:mm:ss day month yyyy
Clock set hh:mm:ss month day yyyy

In the following example, the system clock is manually set to 1:32 p.m. on Nov 12, 2005:
CCNA# clock set 13:32:00 12 Nov 2011

Show system Time
To display the system clock, use the show clock EXEC command. If time has not been set by the clock set command then this command will show the time lapsed since router is up

CCNA#show clock

Setting the Banner
Router can be identified by configuring message-of-the-day banner which will be displayed on all connected terminal. To specify a message-of-the-day (MOTD) banner, use the banner motd global configuration command. When you connect to the router, the MOTD banner appears before the login prompt. When you enter the banner motd command, it has to be followed by one or more spaces and delimiting character. For example:

CCNA(config)#banner motd #
Enter TEXT message. End with the character '#'.

Setting the Description for an Interface
You can also add description to an interface which helps to remember specific information about that interface. To add a description to an interface configuration, use the description interface configuration command. Use the no form of this command to remove the description. This description appears when you display configuration information which is stored in router memory and in a show interface command.
The following example shows how to add a description for a T1 interface:

CCNA(config)#interface Ethernet 0
CCNA(config-if)#description corporate office

The description “corporate office” appears in the output of the following EXEC commands: show startup-config shows interfaces, and shows running-config.

Setting the Line password
You can secure the router by assigning passwords which protects your from unauthorized access. Passwords can be set both on privileged line and to privileged EXEC mode. To specify a password on a line configuration command. Use the no form of this command to remove the password. Remember the first character cannot be a number. The string can contain any alphanumeric characters, including spaces, up to 80 characters.
Example: configuring router’s console password

CCNA(config)#line console 0
CCNA(config-line)#login
CCNA(config-line)#password ccna

In this example, you can see line console 0 command followed by login and password subcommands are used. This establishes login password for console terminal. The main purpose of this is to establish a need for the user to log in to the console before accessing the router. Console 0 is the router’s console connectivity and login asks the user password before connecting to console.
Vty lines password
Virtual terminal lines (Vty) are used to allow remote access to the router (by telneting through its interfaces). To set user mode password for Telnet access into the router, use live Vty command. Cisco IOS will have default five Vty lines, 0 through 4. The best way to know how many lines you have is by using question mark.

CCNA(config-if)#line vty 0?
<1-4> Last Line Number

CCNA(config)#line vty 0 4
CCNA(config-line)#login
CCNA(config-line)#password ccna

Setting privileged Access Password
To set a local password to control access to various privilege levels, use the enable password global configuration command. The encrypted form of enable password known as enable secret password can also be used. Enter enable secret password command with the desired password at the global configuration mode. If both enable password and enable password are configured then enable secret password is used instead of enable password. Use the no form of this command to remove the password requirement.

CCNA(config)#enable password ccna
CCNA(config)#enable secret cisco
Disabling password
CCNA(config-line)#no enable secret cisco

Configuring a Router Interface
Interface configuration is one of the most important router configurations, because without an interface, a router is a totally useless thing. Interface configurations must be exact to enable communication with other devices. Some of the configurations used to configure an interface are Network layer addresses, media type, bandwidth, and other administrator commands. When you get interface type number command at the router (config) # prompt, then you have to enter both interface type and number. The example of interface type and number is as shown below:

CCNA(config)#interface serial 0
CCNA(config)#interface Ethernet 0

Configure the router interface by following the steps given below
Step 1: Enter global configuration mode. Now configuring the interface from the terminal mode is as shown in the command below

Router>enable
Router#config t
Router(config)#

Step 2: configure the IP address on the selected serial interface and active the interface by using no shutdown command. And also provide clock rate to DCE end cable. The command lines of interface serial0 are as shown below:

Router(config)#interface Serial2/0
Router(config-if)#ip address 192.168.1.10 255.255.255.0
Router(config-if)#clock rate 64000
Router(config-if)#no shutdown

Configure the router Ethernet port by typing interface Ethernet 0 as seen here:

Router(config)#interface FastEthernet4/0
Router(config-if)#ip address 172.10.1.5 255.255.255.0
Router(config-if)#no shutdown

Step 3: For this interface, enter a specified bandwidth. The bandwidth command overrides the default bandwidth and it id used by some protocols for example IGRP. The bandwidth entered will not affect the actual aped of the line. The bandwidth for the router interface can be set by following the command lines as shown below

Router(config-if)# bandwidth 64
Router(config-if)#exit
Router(config) #exit
Router#

Note: Interface is usually attached to the CSU/DSU type of devices that provides clocking for line to the router. If you have back-to-back configuration, data communication equipment end of the cable must provide clocking. By default, Cisco routers are all data terminal equipment (DTE) devices, so you must tell an interface to provide clocking if you need it to act like a DCE device.

Verifying the Configuration
The show commands can be used to verify the configuration of router. The show interfaces command displays the following:

Router#show interfaces
FastEthernet0/0 is administratively down, line protocol is down (disabled)
  Hardware is Lance, address is 00e0.f736.21c1 (bia 00e0.f736.21c1)
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  ARP type: ARPA, ARP Timeout 04:00:00, 
  Last input 00:00:08, output 00:00:05, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0 (size/max/drops); Total output drops: 0
  Queueing strategy: fifo
  Output queue :0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     0 input packets with dribble condition detected
     0 packets output, 0 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
FastEthernet1/0 is administratively down, line protocol is down (disabled)
  Hardware is Lance, address is 0002.4a1e.46ac (bia 0002.4a1e.46ac)
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  ARP type: ARPA, ARP Timeout 04:00:00, 
  Last input 00:00:08, output 00:00:05, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0 (size/max/drops); Total output drops: 0
  Queueing strategy: fifo
  Output queue :0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     0 input packets with dribble condition detected
     0 packets output, 0 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
Serial2/0 is down, line protocol is down (disabled)
  Hardware is HD64570
  Internet address is 192.168.1.10/24
  MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation HDLC, loopback not set, keepalive set (10 sec)
  Last input never, output never, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0 (size/max/drops); Total output drops: 0
  Queueing strategy: weighted fair
  Output queue: 0/1000/64/0 (size/max total/threshold/drops)
     Conversations  0/0/256 (active/max active/max total)
     Reserved Conversations 0/0 (allocated/max allocated)
     Available Bandwidth 96 kilobits/sec
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     0 packets output, 0 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 output buffer failures, 0 output buffers swapped out
     0 carrier transitions
     DCD=down  DSR=down  DTR=down  RTS=down  CTS=down
Serial3/0 is administratively down, line protocol is down (disabled)
  Hardware is HD64570
  MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation HDLC, loopback not set, keepalive set (10 sec)
  Last input never, output never, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0 (size/max/drops); Total output drops: 0
  Queueing strategy: weighted fair
  Output queue: 0/1000/64/0 (size/max total/threshold/drops)
     Conversations  0/0/256 (active/max active/max total)
     Reserved Conversations 0/0 (allocated/max allocated)
     Available Bandwidth 96 kilobits/sec
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     0 packets output, 0 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 output buffer failures, 0 output buffers swapped out
     0 carrier transitions
     DCD=down  DSR=down  DTR=down  RTS=down  CTS=down
FastEthernet4/0 is down, line protocol is down (disabled)
  Hardware is Lance, address is 00e0.a37e.8beb (bia 00e0.a37e.8beb)
  Internet address is 172.10.1.5/24
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  ARP type: ARPA, ARP Timeout 04:00:00, 
  Last input 00:00:08, output 00:00:05, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0 (size/max/drops); Total output drops: 0
  Queueing strategy: fifo
  Output queue :0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     0 input packets with dribble condition detected
     0 packets output, 0 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
FastEthernet5/0 is administratively down, line protocol is down (disabled)
  Hardware is Lance, address is 00d0.976e.dd50 (bia 00d0.976e.dd50)
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  ARP type: ARPA, ARP Timeout 04:00:00, 
  Last input 00:00:08, output 00:00:05, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0 (size/max/drops); Total output drops: 0
  Queueing strategy: fifo
  Output queue :0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     0 input packets with dribble condition detected
     0 packets output, 0 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out

The following is sample output from the Show Interfaces FastEthernet command for the FastEthernet 5/0 interface:

Router#show interface FastEthernet5/0
FastEthernet5/0 is administratively down, line protocol is down (disabled)
  Hardware is Lance, address is 00d0.976e.dd50 (bia 00d0.976e.dd50)
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  ARP type: ARPA, ARP Timeout 04:00:00, 
  Last input 00:00:08, output 00:00:05, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0 (size/max/drops); Total output drops: 0
  Queueing strategy: fifo
  Output queue :0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     0 input packets with dribble condition detected
     0 packets output, 0 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out

Saving your configuration
If the router is turned off and turned on then you have to start configuration over again. The running configuration will not be saved into any storage media. To save running configuration issue copy running-config startup-config command.

Router#copy running-config startup-config

This help to the configuration into NVRAM. Issue the command show startup-config.

Router#show startup-config.

Restoring and Upgrading the Cisco Router IOS

To download the file from a TFTP server to flash memory by using copy tftp flash command, you need the IP address of TFTP server and name of the file which you want to downloading, check whether the file which you want to insert in flash memory is located in TFTP directory on the host. Because the TFTP asks the location and of the file and if the and to be restored is not in the default directory of the TFTP server, this won't works.

When you enter copy tftp flash command, you will see the copying process like this

Router#copy tftp flash
Address or name of remote host []? 192.168.1.12
Source filename []? c2800nm-advipservicesk9-mz.124-15.T1.bin
Destination filename [c2800nm-advipservicesk9-mz.124-15.T1.bin]?
Accessing tftp://192.168.1.12/c2800nm-advipservicesk9-mz.124-15.T1.bin...
Loading c2800nm-advipservicesk9-mz.124-15.T1.bin from 192.168.1.12: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 50938004 bytes]
50938004 bytes copied in 10.752 secs (343504 bytes/sec)

After entering yes three times for erasing flash memory, the router has to be rebooted to load IOS from ROM memory. After completing this, the contents of the flash memory will be erased and file from TFTP server is copied to flash memory.

The row of e characters shows the contents of flash memory being erased. Each exclamation point (!) indicated that one UDP segment has been successfully transferred.

Some other commands used in backing and restoring the router IOS

Router# copy run start
to copy the running configuration to NVRAM

Router# copy start run
to copy configuration from NVRAM to running configuration

Router# copy start tftp
to copy the startup configuration of router to tftp server

Router# copy run tftp
to copy the running configuration of router to tftp server

Router# copy tftp run
to copy configuration from tftp server to NVRAM

Backing up the Cisco IOS for Router

Before upgrading or restoring the Cisco IOS, copy the existing file to a TFTP host as a backup. To perform this any TFTP host can used. By default, the flash memory in router is used to store the Cisco IOS.

Verifying Flash Memory

Before upgrading the Cisco IOS on a router with new IOS file, it is very important to verify the size of the flash memory to hold the new image. The amount of flash memory and file stored in flash memory can be verified by using show flash command (sh flash):

Router>sh flash
System flash directory:
File Length Name/status
3 5571584 c2500-js-l.112-28.bin
2 28282 sigdef-category.xml
1 227537 sigdef-default.xml
[5827403 bytes used, 58188981 available, 64016384 total]
63488K bytes of processor board System flash (Read/Write)

In this example the file name is c2500-js-1.112-18. bin. The file name can be derived as follows
C2500 is the platform.

J indicates that the file contains enterprise image.
S indicates the file contains extended capabilities.
L indicates that the file can be moved from flash memory if required or it be compressed.
11.2-18 is the revision number.
bin indicates that the Cisco IOS is a binary executable file.

The output shows that the flash memory is 64016384 KB (64MB). So if the new file is 10MB in size, then there is enough space for new file. After verifying the flash memory size, user can continue with backup operation.

Backing up the Cisco IOS
The copy flash tftp command can be used to back up the Cisco IOS to a TFTP server. It is straight forward command which need only the file name and the IP address of the TFTP server.

Router#ping 192.168.1.11

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.12, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 47/55/63 ms

Note:The packetInternet Groper (ping) is used to test the network connectivity.

Use copy flash tftp command to copy IOS to the TFTP server after checking the TFTP server.

Router#copy flash tftp
Source filename []? c2800nm-advipservicesk9-mz.124-15.T1.bin
Address or name of remote host []? 192.168.1.12
Destination filename [c2800nm-advipservicesk9-mz.124-15.T1.bin]?

Writing c2800nm-advipservicesk9-mz.124-15.T1.bin...!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 50938004 bytes]

50938004 bytes copied in 10.753 secs (4737000 bytes/sec)

In the above example, the content of the flash memory is copied to TFTP server. The address of the remote host is the IP address of the TFTP server and source file-name is the file in flash memory.

What Is CCNA?