Download - Cisco IOS for Dummies
![Page 2: Cisco IOS for Dummies](https://reader030.vdocuments.us/reader030/viewer/2022020712/54fd78764a795930028b466a/html5/thumbnails/2.jpg)
This course
Basis knowledge about Cisco hardware/softwareIntroduction to Cisco‘s IOSHow to configure an IOS based switch
Examples for Cat2950 / Cat 3550Basic admin tasksNO: advanced features, routing, CatOS
![Page 3: Cisco IOS for Dummies](https://reader030.vdocuments.us/reader030/viewer/2022020712/54fd78764a795930028b466a/html5/thumbnails/3.jpg)
Cisco
World-wide one of the biggest supplier of network hardware (about 60% world-wide)Near 100% probability packet will pass a Cisco machine while traveling the internetSingle point of failure?
Monoculture are never good!Latest security bug (were we lucky?)
![Page 4: Cisco IOS for Dummies](https://reader030.vdocuments.us/reader030/viewer/2022020712/54fd78764a795930028b466a/html5/thumbnails/4.jpg)
Cisco Hardware
Wide range from small (AP, VoIP-Phone, ...) ...... to big (ISP core routers)Main Software is IOSBut others exists:
Web Interfaces („older“ AP, VoIP)CatOS for „older“ Catalysts / Supervisor boards
![Page 5: Cisco IOS for Dummies](https://reader030.vdocuments.us/reader030/viewer/2022020712/54fd78764a795930028b466a/html5/thumbnails/5.jpg)
Cisco Catalyst Switches
Big HardwareFull hot-swapable / redundanceSlot1 Supervisor BoardN Slots extensions
Network portsFeature Cards eg. RSM, MSFC, ...
![Page 6: Cisco IOS for Dummies](https://reader030.vdocuments.us/reader030/viewer/2022020712/54fd78764a795930028b466a/html5/thumbnails/6.jpg)
Cisco IOS
Internetwork Operating System„one-size“ fits all (??)Not really: highly dependant on hardware/versionMain interface: command line (CLI)
Console and telnetnewer versions: web interface (don‘t use it!) and SSH (V1.5, single(/tripple) DES)
![Page 7: Cisco IOS for Dummies](https://reader030.vdocuments.us/reader030/viewer/2022020712/54fd78764a795930028b466a/html5/thumbnails/7.jpg)
IOS user management
„old-model“: no users, only passwordsPrivilege levels: from 0 (user nobody) to 15 (user root)Login with user passwordTo configure: „enable“ + enable password (== „su -“)„new-model“: define users with privilege levelsOne exception:
On console: priv15 -> priv0 downgradethus: „enable“ + password still needed
![Page 8: Cisco IOS for Dummies](https://reader030.vdocuments.us/reader030/viewer/2022020712/54fd78764a795930028b466a/html5/thumbnails/8.jpg)
Cisco IOS CLI
Comfortable user interfaceCommand completion: <TAB>Got stuck/what command was that? <?>
Show all available commandsShow next required parameter
<?>: anyplace, anytime, anywhereCommand shortening:
„show version“ -> „sh ver“Usually use short command (beginners: use <TAB> !!)
![Page 9: Cisco IOS for Dummies](https://reader030.vdocuments.us/reader030/viewer/2022020712/54fd78764a795930028b466a/html5/thumbnails/9.jpg)
IOS configs
Getting started:„show version“ -> „sh ver“ (HW/SW info)„show interfaces“ -> „sh int“
Two configurations:running-config (the current configuration): „sh run“startup-config (config loaded after a reload): „sh start“
BEWARE: only non-default entries are shown(so what are the default entries? That depends ...)
![Page 10: Cisco IOS for Dummies](https://reader030.vdocuments.us/reader030/viewer/2022020712/54fd78764a795930028b466a/html5/thumbnails/10.jpg)
IOS edit config
change running configuration-> changes take immediate effekt (this is dangerous!!)To configure: „configure terminal“ -> „conf t“To exit from configuration „exit“ (up one level) or <CONTROL>-Z to quit configuration modeAfter changes, check config: „sh run“Everything is fine: „copy run start“Something bad happened: „reload“ or hard power-cycle
startup-config will be loaded
![Page 11: Cisco IOS for Dummies](https://reader030.vdocuments.us/reader030/viewer/2022020712/54fd78764a795930028b466a/html5/thumbnails/11.jpg)
IOS edit config (2)
Disable command „X“:„no X“ (copy the whole command line!)Disable an Interface „shutdown“Classical small reboot:„shut“ + „no shut“ on Interface
![Page 12: Cisco IOS for Dummies](https://reader030.vdocuments.us/reader030/viewer/2022020712/54fd78764a795930028b466a/html5/thumbnails/12.jpg)
IOS interfaces
Physical interfaces (numbers depending on HW):In general: Hardware{slot/}numberFastEthernet0/X (F0/X)GigabitEthernet0/X (G0/X)
Show interface configuration:„sh run int F0/1“
Show interface status:„sh int F0/1“
![Page 13: Cisco IOS for Dummies](https://reader030.vdocuments.us/reader030/viewer/2022020712/54fd78764a795930028b466a/html5/thumbnails/13.jpg)
IOS interface statusswitch-cat3550-0195-1#sh int g0/1
GigabitEthernet0/1 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is 000c.ce42.b681 (bia000c.ce42.b681)
Description: Uplink c100-e3
[...]
Full-duplex, 1000Mb/s
[...]
![Page 14: Cisco IOS for Dummies](https://reader030.vdocuments.us/reader030/viewer/2022020712/54fd78764a795930028b466a/html5/thumbnails/14.jpg)
IOS Interface status (2)
5 minute input rate 2219000 bits/sec, 234 packets/sec
5 minute output rate 2725000 bits/sec, 381 packets/sec
310311669 packets input, 132621980 bytes, 0 no buffer
Received 911690 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 675982 multicast, 0 pause input
0 input packets with dribble condition detected
Rule of thumb: <1000 packets/sec are OKLook out for errors (== link/cabel problems)
![Page 15: Cisco IOS for Dummies](https://reader030.vdocuments.us/reader030/viewer/2022020712/54fd78764a795930028b466a/html5/thumbnails/15.jpg)
IOS VLANs
Defining a VLAN:Older versions: logical interface: „int vlanX“New version: „vlan database“
„show“ vlans„vlan X“ define a VLAN (options possible)„apply“ save the latest VLAN modifications (don‘t forget)
Logical VLAN interfaces only used for assigning IP addresses
![Page 16: Cisco IOS for Dummies](https://reader030.vdocuments.us/reader030/viewer/2022020712/54fd78764a795930028b466a/html5/thumbnails/16.jpg)
IOS configure interfaces
„conf t“„int F0/Y“„switchport access vlan X“Interface F0/Y is now member of the VLAN XReminder: VLANs in FB3 domain:
VLAN X -> 134.102.X/24VLAN 83 -> 134.102.112/21 VLAN 86 -> 172.21/16 VLAN 229 -> 134.102.124/24
![Page 17: Cisco IOS for Dummies](https://reader030.vdocuments.us/reader030/viewer/2022020712/54fd78764a795930028b466a/html5/thumbnails/17.jpg)
IOS configure trunks
Trunk: in the case a physical link which transmits more then one VLANTwo protocols ISL (Cisco) and IEEE802.1q (== dot1q)dot1q is the standard„conf t“, „int G0/X“ as usual„switchport mode trunk“ (== this port is a trunk)„switchport trunk allowed vlan 1,86,218,224“ „switchport trunk encapsulation dot1q“ (Cat 3550 only)
The Cat3550 speaks ISL and dot1q (2950 is dot1q-only)
![Page 18: Cisco IOS for Dummies](https://reader030.vdocuments.us/reader030/viewer/2022020712/54fd78764a795930028b466a/html5/thumbnails/18.jpg)
Cisco 2950/3550 step by step
Configure via console 9600,8N1Initial setup: should be OK, no need to give an IP addressThree passwords (login, secret, enable)Start configuration: „conf t“no ip http serverhostname switch-catXXXX-YYYY
![Page 19: Cisco IOS for Dummies](https://reader030.vdocuments.us/reader030/viewer/2022020712/54fd78764a795930028b466a/html5/thumbnails/19.jpg)
step by step (2)
Configure users and passwordsaaa new-modelaaa authentication login default local
aaa authorization exec default localservice password-encryptionusername root privilege 15 password XXXXXX
enable password XXXXXX
username root privilege 15 password 7 0011223344Enable password 7 4433221100BEWARE: keep these line secret (not a one-way-func.!!!)
![Page 20: Cisco IOS for Dummies](https://reader030.vdocuments.us/reader030/viewer/2022020712/54fd78764a795930028b466a/html5/thumbnails/20.jpg)
step by step (3)
Configure DNS server and domainip domain-name informatik.uni-bremen.deip name-server 134.102.218.46
ip name-server 134.102.200.14
Configure timeserver and logging timestampsntp server 130.149.17.21ntp server 192.43.244.18
ntp peer 134.102.204.114service timestamps debug datetime msecservice timestamps log datetime msec
![Page 21: Cisco IOS for Dummies](https://reader030.vdocuments.us/reader030/viewer/2022020712/54fd78764a795930028b466a/html5/thumbnails/21.jpg)
step by step (4)
Define available VLANs(this is „outside“ of „configure terminal“)vlan database
vlan X
vlan Yapplyexit
Define logical Interface with IP addressint vlan X
ip address 134.102.X.Y 255.255.255.0
![Page 22: Cisco IOS for Dummies](https://reader030.vdocuments.us/reader030/viewer/2022020712/54fd78764a795930028b466a/html5/thumbnails/22.jpg)
step by step (5)
Define a trunk (uplink)interface GigabitEthernet0/11description Uplink from FooBar
switchport trunk encapsulation dot1q (3550 only)switchport trunk allowed vlan 1,X,Y,Zswitchport mode trunk
(Switch should now be remotly accessible)Define VLANs for every interfaceswitchport access vlan X
![Page 23: Cisco IOS for Dummies](https://reader030.vdocuments.us/reader030/viewer/2022020712/54fd78764a795930028b466a/html5/thumbnails/23.jpg)
step by step (6)
Loghostlogging facility local1logging 134.102.X.Z
Miscellaneous (this needs checking)spanning-tree mode pvstno spanning-tree optimize bpdu transmissionspanning-tree extend system-id
Define usefull aliasesalias exec 0 term len 0alias exec c conf talias exec cpu sh proc cpu
![Page 24: Cisco IOS for Dummies](https://reader030.vdocuments.us/reader030/viewer/2022020712/54fd78764a795930028b466a/html5/thumbnails/24.jpg)
Cisco Discovery Protocoll
IOS announces presence on every Link (layer 2)Platform, SW version, IP address, Outgoing PortEnabled by default on every interfaceDisable: „no cdp enable“ (e.g. wanted on ATM)Check informations:„sh cdp neighbors“„sh cdp entry *“ (check verbose all gathered informations)
![Page 25: Cisco IOS for Dummies](https://reader030.vdocuments.us/reader030/viewer/2022020712/54fd78764a795930028b466a/html5/thumbnails/25.jpg)
Standard admin tasks
Tools like ping/traceroute/telnet are availableAdvanced modus: e.g. „ping <RETURN>“Pipe/grep-like command availableOnly for „long-output“ commands„command | {begin,exclude,include} expressionVery usefull:„sh arp“ (+ grep)„sh mac-address-table“(+ grep)
![Page 26: Cisco IOS for Dummies](https://reader030.vdocuments.us/reader030/viewer/2022020712/54fd78764a795930028b466a/html5/thumbnails/26.jpg)
IOS update
Don‘t do it! I‘m seriuos!!!First problem: CCO account with permissions to download software needed. (-> ZfN)Find out current SW version running („sh ver“)Find out new needed version (Cisco documentation!)READ the documentation!!Always have a known good image readyCheck reboot on serial console!!Worst case: machine does not boot -> Boot Rom
![Page 27: Cisco IOS for Dummies](https://reader030.vdocuments.us/reader030/viewer/2022020712/54fd78764a795930028b466a/html5/thumbnails/27.jpg)
IOS update (2)
Check space on internal flash Delete unwanted stuff (e.g. delete html/*)DOS like commands: dir, delete, copy„dir“ or „dir flash:“ (bootflash:, slotX, ...)Copy new image to flash (rcp and tftp available)Usually TFTP: „copy tftp://134.102.218.99/newimage.bin“ flash:Check the image: „verify flash:newimage.bin“
![Page 28: Cisco IOS for Dummies](https://reader030.vdocuments.us/reader030/viewer/2022020712/54fd78764a795930028b466a/html5/thumbnails/28.jpg)
IOS update (3)
Check the configuration register („sh ver“)Lowest two bits define boot behaviour Both set: use user config (this is wanted!)Check current boot path: „sh boot“Empty path: use first image found on flash:„boot system flash:newimage.bin;flash:oldimage.binCheck everything again!„reload“ and cross your fingers
![Page 29: Cisco IOS for Dummies](https://reader030.vdocuments.us/reader030/viewer/2022020712/54fd78764a795930028b466a/html5/thumbnails/29.jpg)
Hints to get started
Use „show“ a lot: „sh ?“ and „sh X ?“! Use „command ?“ a lot! (Find out about parameters)Unknown interesting command: Use google:
site:cisco.com „command foo“ „12.1“site:cisco.com „command foo“ „2950“
„term mon“ + „sh log“