ios-basic configuration
DESCRIPTION
TRANSCRIPT
Chapter 6
IOS
Basic Configuration
• Hyper Terminal• Included with Windows– Baud Rate: 9600– Data Bits: 8– Parity: None– Stop Bits: 1– Flow Control: None
Other Terminal Programs
• Hyperterm• Teraterm• Minicom• securecrt
Getting Involved
• Router# clock set 11:15:11 25 april 2011• Show history• Show terminal• Terminal history size ?
Gathering Basic Information
• Show version
Basic Configuration
• Hostname <name>• Banner motd x unauthorized access prohibited
x• Enable password• Enable secret
Auxiliary Password
• Conf t• Line aux 0• Password 5678• login
Console Password
• Line console 0• Password 5678• Login
• Additional commands– Exec-timeout ?– Logging synchronous
Telnet Password
• Line vty 0 ?• Password 5678• login
Secure Shell
1. set your hostname: hostname ccna2. Set domain name: ip domain-name ccna.com3. Set username: username haitham password
56784. Generate encryption key: crypto key generate
rsa general-keys modulus 10245. Ssh version 26. Line vty 0 ?7. Transport input ssh telnet
Encrypting Passwords
• Show running-config• Service password-encryption• No service password-encryption
Descriptions
• Conf t• Interface• Description bla bla bla• Do show run– What does do mean?
Router Interfaces
• Move through interfaces• Move from interface to another
Bringing Up an Interface
• Conf t• Interface ?• No shutdown• Ip address # #
Using the pipe |
• Pipe means: Output Modifier• Show run | begin interface• Show ip route | include #
Serial Interface Commands
• DCE vs. DTE ‘find the clock symbol’• Add clocking to DCE only– Does it really matter?
• Conf t• Int serial ?• Clock rate ?• Show controllers– Command that shows DCE connection
Viewing, Saving, and Erasing Configurations
• Show running-config• Show startup-config• Copy running-config startup-config• Erase start-up config• Reload– Take care
• Erase running-config
Verifying Settings
• Ping #destination-ip• Ping
– Called: extended ping• Traceroute #destination-ip
– No map this time • telnet #destination-ip• Show interface #interface-id• Show ip interface• Show ip interface brief• Show protocols• Show controllers #serial-id
Internal Components
• Bootstrap:– Stored in ROM, used to bring router up during
initialization. Boot the router, load the IOS.• POST:– Stored in ROM, used to check the basic
functionality of the router hardware and determines which interfaces are present
Internal Components
• RAM:– Hold packet buffers, ARP cache, routing tables,
running-config, most routers expand IOS from flash to RAM on boot
• ROM:– Start and maintain the router. Hold Boot Strap, and
POST• Flash Memory:– Store CISCO IOS by default. It is not erased when
router is reloaded.
Internal Components
• NVRAM:– Hold the router and switch configuration. Not
erased when device is reloaded. Does not store IOS. Configuration Register is stored in NVRAM.
• Configuration Register– Control how the router boots up. This value can be
found as the last line in #show version. Default: 0x2102 -> load IOS from flash and load configuration from NVRAM
Router Boot Sequence
When router boots up, it performs sequence of steps, called: Boot Sequence.1. Router performs POST2. Locate IOS. Bootstrap loads IOS.
Configuration Register Bits
Changing Configuration Register Value
• Main Reasons:– Force system into the ROM monitor mode– Select boot source– Enable or disable Break function– Control Broadcast addresses– Set console terminal baud rate– Load OS from ROM– Enable booting from TFTP
Important
• Don’t try this on real device…– Unless you have to!
• Router(config)#config-register 0x2101• Show version• Show flash• Config-register 0x2102• Reload
• Now What?
Recovering Passwords
• The default configuration register value is 0x2102, meaning that bit 6 is off. With the default setting, the router will look for and load a router configuration stored in NVRAM (startup-config). To recover a password, you need to turn on bit 6. Doing this will tell the router to ignore the NVRAM contents. The configuration register value to turn on bit 6 is 0x2142.
main steps to password recovery
1. Boot the router and interrupt the boot sequence by performing a break, which will take the router into ROM monitor mode. 2. Change the configuration register to turn on bit 6 (with the value 0x2142). 3. Reload the router. 4. Enter privileged mode. 5. Copy the startup-config file to running-config. 6. Change the password. 7. Reset the configuration register to the default value. 8. Save the router configuration. 9. Reload the router (optional).
1. Break the Boot Sequence
• Ctrl + Break• While loading!• Rommon: Rom Monitor Mode
Configure the Register
• Cisco ISR/2600:– Rommon 1> confreg 0x2142– Rommon 1> reload
• Cisco 2500:– >o/r 0x2142
Reload the Router
• Cisco ISR/2600:– Rommon 1> reset
• Cisco 2500:– >I
Change Configuration
• Copy startup-config running-config• Copy start run– Same command
Reset Configuration
• Conf t• Config-register 0x2102