1
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
10
Cisco Device Operation
Terms you’ll need to understand:
✓ Random access memory (RAM)
✓ Non-volatile random access memory (NVRAM)
✓ Flash
✓ Central processing unit (CPU)
✓ Read-only memory (ROM)
✓ Configuration register
✓ Exec mode
✓ Privilege mode
✓ Trivial File Transfer Protocol (TFTP)
✓ Simple Network Management Protocol (SNMP)
✓ Protocol translation
✓ Debugging
Techniques you’ll need to master:
✓ Issuing infrastructure commands
✓ Viewing router configurations
✓ Using common IOS commands
✓ Configuring protocol translation
2
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Chapter 10
This chapter focuses on monitoring and maintaining router networks via IOS
commands. In particular, this chapter describes Cisco router’s major hardware
components, common show and debug IOS commands, and methods used to
configure protocol translation.
This chapter covers the following Cisco device operation CCIE blueprint objec-
tives as laid out by the Cisco Systems CCIE program:
➤ Operation commands—show, debug.
➤ Infrastructure—NVRAM, flash, memory, CPU, file system, config reg.
➤ Operations—File transfers, password recovery, Simple Network Management
Protocol (SNMP), accessing devices, password security.
As with other chapters in this book, additional information is provided for com-
pleteness and in preparation for additional subjects as the CCIE program expands.
Infrastructure Commands
Cisco routers consist of many hardware components. The main components of a
Cisco router include:
➤ RAM
➤ NVRAM
➤ Flash
➤ CPU
➤ ROM
➤ Configuration registers
➤ Interfaces
Figure 10.1 illustrates Cisco routers’ hardware components. Each hardware com-
ponent is vital for Cisco routers to operate properly. To help you prepare for the
CCIE exam, the next few sections present the main concepts you need to know
about Cisco hardware components. Let’s begin by looking at random access
memory (RAM).
RAM
Routers use random access memory (RAM) to store the current configuration
file and other important data collected by the router. This data includes the IP
routing table and buffer information. Buffers temporarily store packets before a
router processes them.
3
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Cisco Device Operation
RAM information is lost if the router power cycles (loses and regains power) or is
restarted by an administrator. To view a router’s current configuration, use the
show running-config IOS command. Before IOS version 10.3, administrators
used the write terminal command to show a router’s configuration. The write
terminal command is still valid in today’s IOS releases, but Cisco prefers users to
use the show running-config command.
NVRAM
Non-volatile RAM (NVRAM) stores a copy of the router’s configuration file.
The NVRAM storage area is permanent and retained by the router in the event
of a power cycle. When the router powers up from a power cycle or a reboot, the
stored configuration file is copied by the IOS from the NVRAM to RAM. To
view the configuration file stored in NVRAM, issue the show startup-config
command. In earlier versions of IOS (before version 10.3), the show config com-
mand was used to view the configuration file stored in NVRAM. In IOS ver-
sions 11.0+, both the show config and show startup-config commands will work.
Again, Cisco prefers to use the show startup-config command.
Flash
Flash is erasable and programmable and is used to store the router’s IOS image.
Furthermore, the flash contains a certain amount of space, which varies by router
model to allow multiple versions of IOS to be stored. Therefore, you can delete,
Random access memory (RAM)
Flash
Read only
memory (ROM)
Non-volatile RAM
(NVRAM)
Router interfaces
LAN, WAN, CONSOLE,
AUX PORT
Figure 10.1
Components of a Cisco router.
4
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Chapter 10
retrieve, and store new versions of IOS in the flash memory system. To view the
flash on a Cisco router, use the show flash IOS command. Listing 10.1 shows a
sample flash display on a Cisco 2500 router.
Note: On a high-performance router, such as Cisco 4000 series and 7000 series
routers, you can make the flash system look like a file system and store many versions
of IOS. In the Cisco 2500 series, routers can partition the flash with the partition
flash <number of partition> <size of each partition> command.
Listing 10.1
The show flash command.
R1>sh flash
System flash directory:
File Length Name/status
1 9558976 c2500-ajs40-l.112-17.bin
[9559040 bytes used, 7218176 available, 16777216 total]
16384K bytes of processor board System flash
Listing 10.1 shows that the IOS image c2500-ajs40-l.112-17.bin is currently
stored on the flash.
The Cisco 7500 series router provides the option of installing additional
PCMCIA flash memory. If this additional memory is installed, the dir
slot0 IOS command displays the IOS image stored within.
CPU
The central process unit (CPU) is the heart of a router, and every Cisco router
has a CPU. A CPU manages all the router’s processes, such as IP routing, and
new routing entries, such as remote IP networks learned through some form of
dynamic routing protocol. To view a CPU’s status, use the show process IOS
command, as shown in Listing 10.2.
Listing 10.2
The (truncated) show process command.
R1>show process
CPU utilization for five seconds: 9%/7%; one minute: 9%;
five minutes: 10%
PID QTy PC Runtime (ms) Invoked uSecs Stacks TTY Proc
1 Csp 318F396 24456 1043 234 732/1000 0 Load Meter
2 M* 0 28 28 1000 3268/4000 0 Exec
3 Lst 317D1FC 1304 175 5257 1724/2000 0 Check heap
The show process command displays the router utilization within the past five
seconds and the past one minute as well as the average over the last five minutes.
Following the CPU utilization statistics are details about specific processes.
5
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Cisco Device Operation
ROM
Read only memory (ROM) stores a scaled-down version of a router’s IOS in the
event that the flash system becomes corrupted or there is no current IOS image
stored in flash. ROM also contains the bootstrap program (sometimes referred to
as the rxboot image in Cisco documentation) and device’s power up diagnostics.
You can only perform a software upgrade (that is, perform a software image upgrade
on the ROM) by replacing ROM chips, because the ROM is not programmable.
ROM also contains the bootstrap program and power up diagnostics. The bootstrap
program enables you to isolate or rule out hardware issues. For example, you may
have a faulty flash card and subsequently the router cannot boot the IOS image.
The power diagnostics program tests all the hardware interfaces on the router.
ROM mode is the term for when a router is not running as healthy as it should be.
ROM mode contains a limited number of IOS commands, which enable the
administrator to troubleshoot software or hardware problems on a router.
The various Cisco model routers have different ROM modes, but in all Cisco
routers, you can issue the ? command in ROM mode to identify the available
commands used to troubleshoot a Cisco IOS-based router.
Listing 10.3 provides all the available options on a Cisco 4000 router when the ?
command is used.
Listing 10.3
The ? command when in ROM mode.
> ?
? Types this display
$ Toggle cache state
B [filename] [TFTP Server IP address | TFTP Server Name]
Load and execute system image from ROM or from TFTP server
C [address] Continue [optional address]
D /S M L V Deposit value V of size S into location L with
modifier M
E /S M L Examine location L with size S with modifier M
G [address] Begin execution
H Help for commands
I Initialize
K Displays Stack trace
L [filename] [TFTP Server IP address | TFTP Server Name]
Load system image from ROM or from TFTP server, but do not
begin execution
O Show software configuration register option settings
P Set break point
S Single step next instruction
T function Test device (? for help)
6
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Chapter 10
The options in Listing 10.3 allow you to initialize a router with the I command
once you have finished ROM mode. ROM mode enables you to recover lost
passwords, by altering the configuration registers, which will be discussed later in
this chapter.
Configuration Registers
A configuration register is a16-bit number that defines how a router will operate
on a power cycle. These options include if the IOS will be loaded from flash or
ROM. Configuration registers are used to advise the Cisco IOS router to load
the configuration file from the NVRAM or to ignore the configuration file stored
in memory for example. The default configuration register is displayed as 0x2102
on a Cisco router when converted to binary is shown below:
➤ Bit Number—15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
➤ Value—0 0 1 0 0 0 0 1 0 0 0 0 0 0 1 0
Keep in mind that the bits are numbered from right to left. In the preceding
example, the value is displayed as 0x2102(0010.0001.0000.0010). The function
of the configuration register bits are determined by their position as follows:
➤ Bits 0 through 3—Determines the boot option whether the router loads the
IOS from the flash (binary value is 010) or ROM (binary value is 000).
➤ Bit 4—Reserved.
➤ Bit 5—Reserved
➤ Bit 6—Tells the router to load the configuration from NVRAM if set to 1
and to ignore the NVRAM if set to 0.
➤ Bit 7—Indicates whether to ignore the Cisco IOS banner. The default setting
is 0 or don’t show the Cisco banner at startup; a 1 bit indicates to show the
IOS banner message.
➤ Bit 8—Specifies whether to enter ROM mode without power cycling the router.
If bit 8 is set to 1 and the break key is issued while the router is up and running
normally, the router will go into ROM mode. This is a dangerous scenario
because if this is performed your router immediately stops functioning.
➤ Bit 9—Reserved.
➤ Bit 10—Specifies the broadcast address to use where 1 equals the use all 0s
for broadcast at boot (in conjunction with bit 14). Bit 10 interacts with bit 14.
➤ Bits 11 and 12—Sets the baud rate of the console port. For example, if bits 11
and 12 are set to 00, the baud rate will be 9600. The baud rate 4800 can be set
when these bits are set to 01, 2400bps is 10 and finally 1200bps is 11.
7
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Cisco Device Operation
➤ Bit 13—Tells the router to boot from ROM if the flash cannot boot from a
network, such as a TFTP server. If bit 13 is set to 0 and no IOS is found, the
router will hang. If bit 13 is set to 1 and no IOS is found, the router will boot
from ROM.
➤ Bit 14—Interacts with Bit 10 to define broadcast address. The possible com-
binations are shown in Table 10.1.
➤ Bit 15—Specifies to enable diagnostics display on startup and ignore the
NVRAM.
To view the current configuration register, issue the show version command, as
shown in Listing 10.4. The configuration registers setting is the last line in the
command output.
Listing 10.4
The (truncated) show version command.
R1>show version
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-AJS40-L), Version 11.2(17), RELEASE
SOFTWARE (fc1)
Copyright (c) 1986-1999 by Cisco Systems, Inc.
Compiled Tue 05-Jan-99 13:27 by ashah
Image text-base: 0x030481E0, data-base: 0x00001000
ROM: System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE
BOOTFLASH: 3000 Bootstrap Software (IGS-RXBOOT),
Version 10.2(8a), RELEASE SOFTWARE
R1 uptime is 6 days, 1 hour, 36 minutes
System restarted by reload
System image file is "flash:c2500-ajs40-l.112-17.bin", ..
..booted via flash
cisco 2520 (68030) processor (revision E) with 8192K/2048K byte
Processor board ID 02956210, with hardware revision 00000002
Bridging software.
SuperLAT software copyright 1990 by Meridian Technology Corp.
X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.
TN3270 Emulation software.
Basic Rate ISDN software, Version 1.0.
Table 10.1
Bits 10 and 14 settings.
Bit 14
Bit 10
Address (<net> <host>)
Off
Off
<ones> <ones>
Off
On
<zeros> <zeroes>
On
On
<net> <zeros>
On
Off
<net> <ones>
8
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Chapter 10
1 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
2 Low-speed serial(sync/async) network interface(s)
1 ISDN Basic Rate interface(s)
32K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read ONLY)
Configuration register is 0x2102
As you can see, Listing 10.4 uses the show version IOS command to display the
configuration register as 0x2102. The show version command also displays other
useful router information, such as the uptime of the router, the IOS image in use,
and the hardware configuration. Table 10.2 displays common configuration reg-
ister values you can use in day-to-day troubleshooting.
Interfaces
Interfaces provide connections to a network. Interfaces include LANs, WANs,
and management ports (that is, console and auxiliary ports).
To view the current LAN or WAN interface, you can issue the show interface
command. The show interface command displays all LAN and WAN interfaces.
To display information regarding console or auxiliary ports, you can use the show
line command. Figure 10.2 summarizes the available IOS commands adminis-
trators can use to view a router’s current configuration.
Now that we’ve discussed the hardware basics of Cisco routers, let’s move on to
the review how routers operate. While we discuss router operation, we’ll also
cover how administrators can manage Cisco routers.
Router Operation
This section concentrates on some of the more common IOS manipulation tasks
that you will be required to master. We’ll start by examining how to access rout-
ers. Then, we’ll look at how to:
➤ Use passwords to provide security
Table 10.2
Common registers and descriptions.
Register Value
Description
0x2100
Boots the router using the system bootstrap found in ROM.
0x2102
Boots the router using flash and NVRAM. This is the
default setting.
0x2142
Boots the router using flash and ignores NVRAM. This value is
used to recover passwords or modify configuration parameters.
9
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Cisco Device Operation
➤ Copy and back up configurations
➤ Recover passwords
➤ Enable Simple Network Management Protocol management
Methods of Accessing Cisco Routers
A Cisco router can be accessed in number of ways. You can physically access a
router via the console port, or you can access a router remotely through a modem
via the auxiliary port. You can also access a router via a network or virtual termi-
nal ports, which allow Telnet access.
If you do not have physical access to a router—either via a console port or an
auxiliary port via dial up—you can access a router through the software interface
called the virtual terminal (also referred to as a VTY port). When you Telnet to a
router, you are asked for the VTY password. For example, on the following router,
R1, the administrator types the remote address of R2 and tries to Telnet to one of
the VTY ports. Listing 10.5 provides the session dialog.
Listing 10.5
Using a VTY port to establish a Telnet connection.
R1#Telnet 131.108.1.2
Trying 131.108.1.2 ... Open
show running-config
write terminal
show flash
dir slot0:
show interfaces
show startup-config
show config
Random access memory (RAM)
Flash
Read only
memory (ROM)
Non-volatile RAM
(NVRAM)
Router interfaces
LAN, WAN, CONSOLE,
AUX PORT
Figure 10.2
Interface IOS commands.
10
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Chapter 10
User Access Verification
Password: xxxxx
R2>
In circumstances similar to Listing 10.5, be aware that you will only enter Exec
mode. You are still required to supply a privilege password, or the secret password
if it’s configured, if you want to access the advanced IOS command set.
IOS Operational Modes
The Cisco IOS supports a number of modes that permit administrators to ac-
cess, view, and configure a router. The modes are summarized as follows:
➤ Exec mode—Maintains a limited IOS command set. The Exec mode prompt
for a router named R1 is R1>. Essentially a limited router operational view-
only mode. The Exec mode, which allows a user to view the status of the
router and has a limited number of commands, is displayed with the follow-
ing prompt:
R1>
The > (greater than sign) specifies Exec mode.
➤ Priv Exec mode—Provides all available options, including configuration, de-
bug, and test commands. The Priv Exec prompt for a router named R1 is
R1#. To enter privileged exec mode (Priv Exec mode), which allows users to
have complete control of a router, you must first enable Exec mode and then
enter a valid password. The password is known as the enable password. After
supplying a valid password, you enter the Priv Exec prompt command (R1#),
as shown in the following code snippet:
R1>enable
Password:
R1#
In the preceding code, the pound sign (#) specifies Priv Exec mode.
➤ Global Configuration mode—Enables you to make global configuration changes.
The configuration prompt for a router named R1 is R1(config)#.
➤ Interface Configuration mode—Allows you to modify interface parameters, such as
network and IP addressing. The prompt for a router named R1 is R1(config-if )#.
Note: A variety of specialized configuration modes, such as the interface configuration
mode, are available when configuring a route-map, netbios-list, or access-list.
11
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Cisco Device Operation
➤ ROM Monitor mode—Enables you to recover a router from some form of
fault. For example, ROM Monitor mode enables you to recover passwords or
serve as a backup if flash fails. The prompt is > or rommon>.
➤ Setup mode—Provides an interactive mode when a router is first powered up
out of the box. You will be prompted for information, such as IP address or
host name. You can start this mode by entering the setup command.
As you can see in the preceding list, each mode uses a distinct prompt.
Providing Password Security
Cisco routers can have passwords set on all operation modes, including the con-
sole port, privilege mode, and virtual terminal access. To set a console password
to prevent unauthorized console access to the router, issue the commands shown
in Listing 10.6.
All passwords are case sensitive.
Listing 10.6
Setting a console password.
R1(config)#line con 0
R1(config-line)#password cisco
You can also set a password on the auxiliary port,
R1(config)#line aux 0
R1(config-line)#password cisco
To set the privilege mode password you have two options, they are the enable and
secret password. To set these passwords, use the following commands:
R4(config)#enable password cisco
R1(config)#enable secret ccie
The command to set an
enable password is enable password
<password>. You can also set a more secure password, called a
secret password, that is encrypted when viewing the configuration
with the enable secret <password>command. A secret password
overrides an enable password.
In Listing 10.6, the secret password will always be used. Now, let’s issue the show
running-config command to display the configuration after entering the enable
and secret passwords in the preceding code (see Listing 10.7).
12
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Chapter 10
Listing 10.7
The show running-config command after entering enable and
secret passwords.
R1#sh running-config
Building configuration
Current configuration:
!
version 11.2
!
hostname R1
!
enable secret 5 $1$Aiy2$GGSCYdG57PdRiNg/.D.XI.
enable password cisco
As you can see in Listing 10.7, the secret password is encrypted (using Cisco’s
proprietary algorithm) while the enable password is readable. This setup enables
you to hide secret passwords when the configuration is viewed. If you desire, you
can also encrypt the enable password by issuing the service password-encryption
command, as displayed in Listing 10.8.
Listing 10.8
The service password-encryption command.
R1(config)#service password-encryption
The service password-encryption command encrypts all passwords issued to the
router using the MD5 encryption algorithm. Listing 10.9 shows an example of
how these passwords appear when the configuration is viewed after all passwords
have been encrypted.
Listing 10.9
The show running-config command after encrypting all
passwords.
R1#show running-config
Building configuration...
Current configuration:
!
version 11.2
hostname R1
!
enable secret 5 $1$Aiy2$GGSCYdG57PdRiNg/.D.XI.
enable password 7 121A0C041104
Notice in Listing 10.9 that both the enable and secret passwords are encrypted.
The final Cisco password you can set is the virtual terminal password. This pass-
word verifies remote Telnet sessions to a router. Listing 10.10 displays the com-
mands necessary to set the virtual terminal password on a Cisco router.
13
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Cisco Device Operation
Listing 10.10
Using the password command to set a virtual terminal
password.
R4(config)#line vty 0 4
R4(config-line)#password ccie
If you issue the no login command below the virtual terminal command (line vty
0 4), remote Telnet users will not be asked to supply a password, and they will
automatically enter Exec mode. For example:
R1#telnet R2
Trying 1.1.1.1 ... Open
R2>
Keep in mind that the preceding setup is not a secure access method for a router
network.
Copying and Backing Up Configuration Files
Cisco IOS allows you to copy and back up the configuration file and the IOS
image locally or to a remote TFTP server. With this feature, you can back up
your configuration and IOS images as well as copy new configurations.
To save your configuration to a TFTP server or NVRAM, you must use the copy
command and determine whether you want to copy the startup or running con-
figuration. Listing 10.11 provides a complete list of available copy options.
Listing 10.11
The copy command options.
R1#copy ?
flash Copy from system flash
flh-log Copy FLH log file to server
mop Copy from a MOP server
rcp Copy from an rcp server
running-config Copy from current system configuration
startup-config Copy from startup configuration
tftp Copy from a TFTP server
When you issue a copy command, the first statement indicates what you want to
copy and the second statement indicates where the copied information will be
placed. For example, to copy a running configuration to NVRAM, you issue the
following command:
copy running-config startup-config
Following is a sample display taken from a Cisco 2500 router where the adminis-
trator has issued the copy command to save the running configuration to NVRAM:
14
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Chapter 10
R1#copy running-config startup-config
Building configuration...
[OK]
R1#
After you execute a copy command, the router will tell you whether the proce-
dure was successful by using indication OK, as shown in the preceding code for
the successful copying from the running configuration to NVRAM.
To back up the router’s running configuration to a TFTP server, you use the
following copy command:
copy running-config tftp
Listing 10.12 provides an example of saving a running configuration to a TFTP
server
Listing 10.12
The copy running-config tftp command.
R1#copy running-config tftp
Remote host []? 10.72.128.45
Name of configuration file to write [r1-confg]?
Write file wtc-ts2-confg on host 10.72.128.45? [confirm]Y
Building configuration...
Writing R1 !!!! [OK]
R1#
After issuing the copy command, you will need to supply the IP address of the
destination TFTP server for the running configuration file.
Note: You need to ensure that the remote TFTP server has been configured with
sufficient write access so that a file can be copied.
To load a new IOS to flash, use the copy command. To save the flash to a TFTP
server, use the copy tftp flash command as follows:
R1#copy tftp flash
To copy the contents of a router’s flash (IOS Image) to a TFTP server, use the
copy flash tftp command:
R1#copy flash tftp
Both the copy tftp flash and flash tftp commands require users to enter the IP
address of the TFTP server and the IOS image name. Thus, issue a show version
command prior to executing these commands so that you can copy the IOS im-
age name.
15
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Cisco Device Operation
In IOS versions earlier than version 10.3, the write network command was used
to copy a configuration file to a TFTP server. Following is a summary of the
write network commands found in IOS versions predating version 10.3:
R1#write ?
erase Erase NVRAM memory
memory Write to NVRAM memory
network Write to network TFTP server
terminal Write to your terminal
Table 10.3 summarizes common copy commands used to save and restore con-
figuration and IOS files.
Password Recovery
Password recovery allows a router administrator to recover a lost or unknown
password on a Cisco router. For password recovery, an administrator must have
physical access to the router via the console or auxiliary port. When a user enters
an incorrect enable password, the user receives an error message similar to the
message shown in Listing 10.13.
Listing 10.13
An incorrect password error message.
R1>enable
Password: cisco
Password: cisco
Password: cisco
% Bad passwords
R1>
When a user receives a % Bad passwords message, the user can neither access the
advanced command set, in this case enable mode, nor make any configuration
changes. Fortunately, Cisco provides the following 10-step method that admin-
istrators can use to recover a lost password without losing configuration files:
Table 10.3
Common file transfer commands.
Command
Description
copy running-config startup-config
Copies the current configuration to NVRAM.
copy startup-config running-config
Copies NVRAM to the running RAM.
copy running-config tftp
Copies the current configuration to a
TFTP server.
copy tftp running-config
Copies a file from a TFTP server to RAM.
copy tftp flash
Copies a new IOS image to flash.
copy flash tftp
Copies an image on flash to a TFTP server.
16
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Chapter 10
1. Power cycle the router.
2. Issue a control break or the break key command on the application to enter
into ROM mode. The control break key sequence must be entered within 60
seconds of the router restarting.
3. Once you are in ROM mode change the config register value to ignore the
startup configuration file that is stored in NVRAM. Use the following com-
mand syntax o/r 0x2142.
4. Allow the router to reboot by entering the command i.
5. After the router has finished booting up, without its startup-configuration
look at show startup-config. If the password is encrypted, move to Step 6,
which requires you to enter the enable mode (type enable and you will not be
required to enter any password) and copy the startup configuration to the
running configuration with the copy startup-config running-config com-
mand. Then, change the password.
6. Copy the startup configuration to RAM.
7. Enable all active interfaces.
8. Change the configuration register to 0x2102 (default).
9. Reload router.
10. Check the new password.
To review, let’s look at an example. Assume you are directly connected to router
R1, and you do not know the enable password. You first need to power cycle the
router. So, you power cycle the router and press the control break key (the Esc
key) to enter boot mode. Listing 10.14 shows the dialog displayed by the router
after a break is issued.
Listing 10.14
Password recovery dialog on a Cisco router.
System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE
Copyright (c) 1986-1995 by cisco Systems
Abort at 0x10EA882 (PC)
!control break issued followed by ? to view help options
>>?
$ Toggle cache state
B [filename] [TFTP Server IP address | TFTP Server Name]
Load and execute system image from ROM
or from TFTP server
C [address] Continue execution [optional address]
D /S M L V Deposit value V of size S into location L with
modifier M
17
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Cisco Device Operation
E /S M L Examine location L with size S with modifier M
G [address] Begin execution
H Help for commands
I Initialize
K Stack trace
L [filename] [TFTP Server IP address | TFTP Server Name]
Load system image from ROM or from TFTP server,
but do not begin execution
O Show configuration register option settings
P Set the break point
S Single step next instruction
T function Test device (? for help)
As you can see in Listing 10.14, the ? symbol can be used to display all the
available options. To view the current configuration register, issue the following
e/s 2000002 command, which displays the value of the configuration register:
>e/s 2000002
! This command will display the current configuration register
2000002: 2102
! Type q to quit
>
The value 2102 is the default register on Cisco IOS routers. For illustrative purposes,
let’s change the register to 0x2142, which will tell the IOS to ignore the configu-
ration in NVRAM and boot with no configuration. The command to change is
0/r 0x2142 followed by the initialize command, which will reload the router:
>0/r 0x2142
>initialize
The preceding command will reboot the router and ignore your startup configu-
ration. The aim here is to change the password without losing your original con-
figuration. Listing 10.15 displays a truncated display by the Cisco IOS after it
reloads.
Listing 10.15
Dialog after reload.
System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE
Copyright (c) 1986-1995 by Cisco Systems
2500 processor with 6144 Kbytes of main memory
F3: 9407656+151288+514640 at 0x3000060
Restricted Rights Legend
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-AJS40-L), Version 11.2(17)
Copyright (c) 1986-1999 by cisco Systems, Inc.
18
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Chapter 10
Compiled Tue 05-Jan-99 13:27 by ashah
Image text-base: 0x030481E0, data-base: 0x00001000
Basic Rate ISDN software, Version 1.0.
1 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
2 Low-speed serial(sync/async) network interface(s)
1 ISDN Basic Rate interface(s)
32K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read ONLY)
— System Configuration Dialog —
At any point you may enter a question mark ‘?’ for help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets ‘[]’.
Would you like to enter the initial configuration dialog? [yes]:No
Press RETURN to get started!
......
Router>
Notice in Listing 10.15 that the router reverts to the default configuration. Enter
the enable keyword to get into privilege mode. In this scenario, you will not be
prompted for the enable password, because there isn’t one. You can view the startup
config by using the show startup-config (or show config in IOS versions predat-
ing version 10.3), as shown in Listing 10.16.
Listing 10.16
The sh startup-config command.
Router#sh startup-config
Using 1968 out of 32762 bytes
! Last configuration change at 16:35:50 UTC Tue May 18 1999
! NVRAM config last updated at 16:35:51 UTC Tue May 18 1999
version 11.2
service password-encryption
no service udp-small-servers
no service tcp-small-servers
hostname R1
!
enable password 7 05080F1C2243
As you can see in Listing 10.16, the enable password is encrypted. In instances
where the password is not encrypted, you could view the password using the sh
startup-config command. But, when a password is encrypted, you’ll need to copy
the startup config to the running config and change the password manually, by
using a command similar to the following:
Router#copy startup-config running-config
19
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Cisco Device Operation
At this point in the example, you are still in privilege mode, so you can enter
Global Configuration mode to change the password back to its original setting
(cisco in this instance), as displayed in Listing 10.17.
Listing 10.17
Changing a password and setting the configuration registry
commands.
R1#config term
R1(config)#enable password cisco
R1(config)#config-register 0x2102
You then complete password recovery by changing the configuration register back
to the 0x2102 the default. When the router reloads, it will load the new configu-
ration file with the password set to cisco as well change the configuration register
back to its default value. Here is the dialog that occurs when the password in the
example is set back to cisco using Cisco’s password recovery method:
R1>ena
Password: cisco
R1#
Now, we’ll look at SNMP’s configuration parameters and restrictions on Cisco
routers.
Enabling Simple Network Management Protocol (SNMP)
Simple Network Management Protocol (SNMP) is an Application layer proto-
col that operates at layer 7 of the OSI model. SNMP is used to manage network
devices, such as routers and switches. SNMP is also used by routers and switches
to notify SNMP managers when errors occur or thresholds are reached the device
running SNMP issue trap, which is notification that the threshold has been reached.
The Simple Network Management Protocol (SNMP) system consists of three
parts:
➤ SNMP Manager—Server based platform requesting and setting parameters.
This device has overall control of a network. Cisco supplies the program called
CiscoWorks that collects traps and other SNMP information, such as hard-
ware types, CPU utilization, and much more.
➤ SNMP Agent—Software running on a device. The SNMP manager can get
information from a device or set values on the device, such as system contact
or router name.
➤ Management Information Base (MIB)—The set of rules that define the infor-
mation that is sent and received.
20
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Chapter 10
To configure SNMP on a router, you must define the relationship between the
manager and the agent. To specify the recipient of a trap message, use the follow-
ing IOS command:
snmp-server host host community-string [trap-type]
To specify the types of traps sent:
snmp-server enable traps [trap-type] [trap-option]
To establish trap message authentication:
snmp-server trap-authentication
To view sent and received SNMP messages, use the show snmp command. List-
ing 10.18 provides a sample sh snmp command display taken from a Cisco router.
Listing 10.18
The sh snmp command.
R1# show snmp
167 SNMP packets input
0 Bad SNMP version errors
0 Unknown community name
0 Illegal operation for community name supplied
0 Encoding errors
197 Number of requested variables
0 Number of altered variables
0 Get-request PDUs
167 Get-next PDUs
0 Set-request PDUs
107 SNMP packets output
0 Too big errors (Maximum packet size 484)
0 No such name errors
0 Bad values errors
0 General errors
107 Get-response PDUs
0 SNMP trap PDUs
The preceding display shows what has been sent and received by a router or
switch.
SNMP is one of the most commonly used protocols for network management,
and you will undoubtedly run across it over and over again in your networking
career. The next section discusses how you can take that little portion of your
network that has a legacy protocol that will not go away and translate it to the
common protocol in your network, IP for example.
21
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Cisco Device Operation
Cisco Protocol Translation
and Applications
Cisco IOS allows networks to translate from one protocol to another without the
need to implement every type of protocol across all your routers and throughout
your network. Figure 10.3 provides an overview of Cisco’s protocol translation
features. The network shown in Figure 10.3 is a relatively small network, but the
translation configuration serves as a helpful tool for this section’s discussion.
Imagine that the three routers shown in Figure 10.3 use IP, and the PC located
on Router 2’s Ethernet segment needs to communicate with the LAT host on
R2
10.1.6.0/24
R1
Translate TCP
10.1.6.100 LAT test
Translation
configuration
R3
Understands IP
only, needs to talk
to LAT host
IP Network
LAT host
service called
test
Dummy IP
address
10.1.6.100,
does not exist
TCP/IP
translated to
LAT service
test
Figure 10.3
Protocol translation overview.
22
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Chapter 10
router R1’s Ethernet segment. Ordinarily, this would not be possible—either the
PC would require LAT to be installed and bridged across the IP network, or the
LAT host would require TCP/IP to be installed. Fortunately, Cisco IOS pro-
vides a workaround. Instead of installing LAT or TCP/IP, you can use Cisco IOS
to translate a TCP/IP session into a LAT session. Using a valid IP address at the
R2 Ethernet segment then translating to LAT performs this without the need to
install special software or enable bridging, because LAT is not a routable protocol.
Cisco IOS supports translation for the following protocols:
➤ TCP/IP
➤ LAT
➤ X.25
Referring to Figure 10.3, let’s suppose a LAT service called test resides on R1’s
Ethernet interface. Let’s consider the example where the PC telnets to a valid IP
address that is routed to the segment where the LAT host resides. The PC Telnets
to a valid IP address on R1’s Ethernet segment for IP routing to work correctly,
although this IP host address does not exist, and the translation will be per-
formed at R1. When router R1 receives a TCP/IP session request for the IP
10.1.6.100, the router will translate the TCP/IP session into a LAT session and
perform the protocol conversion on behalf of the PC. The configuration on router
R1 would be as follows:
translate tcp 10.1.6.100 lat test
The preceding setup is an example of a one-way translation. You can also use
two-way translations to translate from TCP/IP to LAT as well as from LAT to
TCP/IP. A two-way translation might be useful in situations in which you have
two LAT devices separated by an IP-only backbone.
To monitor protocol translation, use the show translate IOS command, as follows:
R1#sh translate
Translate From: TCP 10.1.6.100 Port 23
To: LAT TEST
1/0 users active, 10 peak, 20 total, 0 failures
The preceding command displays the number of translations in use, the peak
number of users who are using protocol translation, and the total number of
current active translations.
Up to this point in the chapter, we’ve mostly looked at some useful show IOS
commands. Therefore, it’s easy to see that the show command set supplies some
23
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Cisco Device Operation
of the most useful IOS commands used by router administrators. Similar to the
show command set, the debug command set also contains some useful com-
mands for router administrators. Thus, in keeping with the Exam Cram philoso-
phy of completeness, the next section focuses on common debug commands that
you need to be familiar with.
Common Debug Commands
The debug commands are used to troubleshoot what the router is processing.
These commands can only be accessed through privilege mode.
Debug messages are always sent to the console port and can be displayed on your
VTY connection by using the terminal monitor IOS command. Without this
command, you will not see debug messages during a VTY session.
Debugging output is assigned a high priority in the CPU process. Therefore,
debugging output can render a system unusable if a CPU has to provide a consid-
erable amount of resources to process debugging data. You should use the debug
command with extreme caution in a production environment. Of course, this
doesn’t mean that you should never use debug commands. Some common tech-
niques used to reduce the impact of debug commands is to turn off debugging on
the console port by issuing the no logging console command. You will still re-
ceive debug output to a VTY session, but no CPU cycles will be used to send the
output to the console. You can also send debug output to an external server in a
log file that can be viewed at later time or stored to present to Cisco’s technical
assistance center when resolving complex routing or switching faults.
To get an appreciation for the debug command set, you can use the ? command
to view the available debugging options. The debugging options are too numer-
ous to mention here, but be aware that you have access to the entire IOS debug
command set. In the next few sections, we’ll cover the three most useful debug
commands used to troubleshoot data networks:
➤ debug ip packet
➤ debug ip routing
➤ debug arp
To turn debugging off, issue the no command with the specific debug
command previously issued. For example, if you turn on ARP requests
with the debug arp command, you can turn the command off by
issuing the no debug arp command. If you have several debug
commands active, you can turn them all off at once by issuing the
undebug all or no debug all command.
24
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Chapter 10
debug ip packet
The debug ip packet command displays general IP packet information. This com-
mand can be a handy debug tool to use if you do not receive a response from a
remote station. Listing 10.19 shows an example of the debug ip packet com-
mand when a user successfully pings a remote router with a local address of 10.1.4.1
and a destination address of 10.1.7.1.
Listing 10.19
The debug ip packet command.R1#debug ip packet
IP packet debugging is on
R1# ping 10.1.7.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.7.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent(5/5),round-trip min/avg/max=36/36/36ms
R1#
IP: s=10.1.4.1 (local), d=10.1.7.1 (Serial2), len 100, sending
IP: s=10.1.7.1 (Serial2), d=10.1.4.1 (Serial2), len 100, rcvd 3
IP: s=10.1.4.1 (local), d=10.1.7.1 (Serial2), len 100, sending
IP: s=10.1.7.1 (Serial2), d=10.1.4.1 (Serial2), len 100, rcvd 3
IP: s=10.1.4.1 (local), d=10.1.7.1 (Serial2), len 100, sending
IP: s=10.1.7.1 (Serial2), d=10.1.4.1 (Serial2), len 100, rcvd 3
IP: s=10.1.4.1 (local), d=10.1.7.1 (Serial2), len 100, sending
IP: s=10.1.7.1 (Serial2), d=10.1.4.1 (Serial2), len 100, rcvd 3
IP: s=10.1.4.1 (local), d=10.1.7.1 (Serial2), len 100, sending
IP: s=10.1.7.1 (Serial2), d=10.1.4.1 (Serial2), len 100, rcvd 3
In Listing 10.19, the display shows a successful ping request as well as several
messages. In the message area, the s field indicates the source of the IP packet,
which is 10.1.4.1 for the local router. The (local) information after 10.1.4.1 indi-
cates that the IP address refers to a local interface. The d field indicates the
destination IP device, which is 10.1.7.1 via Serial 2. The len field specifies the
length of the IP packet. The last field indicates whether the packet was sent
(sending) or received (rcvd).
debug ip routing
The debug ip routing command displays the IP routing entries that have been
inserted or removed from an IP routing table. This information can be useful if a
router is not sending or receiving IP routing updates. The debug ip routing com-
mand display can confirm what the router is inserting or deleting from the IP
routing table. Listing 10.20 presents an example taken from an OSPF router that
has just been activated.
25
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Cisco Device Operation
Listing 10.20
The debug ip routing command.
R1#debug ip routing
IP routing debugging is on
RT: add 9.1.1.1/32 via 10.1.4.2, ospf metric [110/870]
RT: add 10.1.7.0/24 via 10.1.4.2, ospf metric [110/2431]
RT: add 131.108.1.0/24 via 10.1.4.2, ospf metric [110/2431]
RT: add 131.108.2.0/24 via 10.1.4.2, ospf metric [110/879]
In Listing 10.20, you can see that a number of remote networks have been dis-
covered. Also, the metric and administrative distances are displayed.
debug arp
The debug arp command displays all Address Resolution Protocol requests. For
example, this command can be used to determine why a certain end device is not
responding to an ARP request. Listing 10.21 provides a sample debug arp dis-
play taken from a Cisco router.
Listing 10.21
The debug arp output request.
IP ARP: sent req src 10.72.128.45 0000.0c11.1111, dst 10.72.128.1
0000.0000.0000
Listing 10.21 shows the ARP request from a device with an IP address of
10.72.128.45 and a MAC address of 0000.0c11.1111. This device needs the MAC
address of the IP device 10.72.128.1. The 0000.0000.0000 indicates an unknown
MAC address. Listing 10.22 displays the reply from the device with the IP ad-
dress 10.72.128.1.
Listing 10.22
The debug arp output reply.
IP ARP: rcvd rep src 10.72.128.1 0010.117a.a813, dst 10.72.128.45
Listing 10.22 displays an output of the debug command debug arp. In this par-
ticular case the router has replied to the request for the MAC address that is
configured with the IP address 10.72.128.1.
26
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Chapter 10
Practice Questions
Question 1
Which of the following is not a Cisco router component?
❍ a. RAM
❍ b. NVRAM
❍ c. Flash
❍ d. ROM
❍ e. CPA
The correct answer is e. The CPA acronym does not refer to any hardware com-
ponent on any Cisco router. Answers a, b, c, and d are incorrect, because Cisco
routers consist of RAM, NVRAM, Flash, and ROM.
Question 2
Which of the following router components stores the startup configuration?
❍ a. RAM
❍ b. NVRAM
❍ c. Flash
❍ d. ROM
The correct answer is b. NVRAM stores a router’s startup configuration. Answer a
is incorrect, because RAM stores a copy of the configuration and is copied from
NVRAM when a router is powered up. Answers c and d are incorrect, because flash
is used to store IOS images and ROM contains a scaled-down version of IOS.
27
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Cisco Device Operation
Question 3
Which IOS command displays the IOS images stored on flash?
❍ a. show IOS
❍ b. show cisco
❍ c. show flash
❍ d. display flash
The correct answer is c. The show flash IOS command displays the images stored
on flash. You can also use sh fl as shorthand. Answers a, b, and d are incorrect,
because they are invalid IOS commands.
Question 4
What IOS command was used to display the following corrupted IOS display?
CPU utilization for five seconds: 7%/5%;
one minute: 7%; five minutes: 7%
PID QTy PC Runtime (ms) Invoked %^&$#@^
2 M* 0 16 14
3 Lst 317D1FC 7456 136
4 Cwe 3182F1E 0
5 Mst 31218F0 8 2
6 Lwe 31A9B5E 24 48
...
❍ a. show protocol
❍ b. show process
❍ c. show cpu
❍ d. display process
The correct answer is b. The display shows the utilization of the CPU on the first
line, which corresponds to the display provided by the IOS command show pro-
cess, or sh proc. Answer a is incorrect, because show protocol displays the proto-
col in use per interface. Answers c and d are incorrect, because they are invalid
IOS commands.
28
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Chapter 10
Question 5
Which configuration register will instruct a router to ignore the startup con-
figuration?
❍ a. 0x2102
❍ b. 0x2142
❍ c. 0x2101
❍ d. 0x2100
The correct answer is b. The bit in position 6 tells the router to boot the configu-
ration from NVRAM or ignore the configuration in NVRAM.. Answer a is in-
correct, because 0x2102 is the default configuration register and boots the
configuration from NVRAM. Answer c is incorrect, because 0x2101ignores the
IOS on flash. Answer d is incorrect, because 0x2100 causes the router to boot
into ROM mode (and the prompt will be >).
Question 6
Which IOS commands display the configuration register? [Choose the two
best answers]
❑ a. show version
❑ b. show hardware
❑ c. show running-config
❑ d. show startup-config
❑ e. show configuration-register
The correct answers are a and b. To view the configuration register, you can use the
show version (sh ver) or show hardware (sh ha) IOS command. Answers c and d
are incorrect, because they will not display the register. The command show run-
ning-config will display the current configuration on the router. The command
show startup-config will display the configuration store in NVRAM. Answer e
is incorrect, because show configuration-register is an invalid IOS command.
29
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Cisco Device Operation
Question 7
How can a Cisco router be accessed? [Choose the three best answers]
❑ a. Console port
❑ b. VTY port
❑ c. Exec mode
❑ d. Auxiliary port
The correct answers are a, b, and d. To access a Cisco router, you can be physically
connected via the console port or remotely connected via a modem on the auxil-
iary port. You can also Telnet to a router through the virtual terminal (VTY
port). Answer c is incorrect, because the Exec mode is a mode of operation and
not an access method.
Question 8
Which IOS command will encrypt all passwords configured on a Cisco router?
❍ a. password all
❍ b. service password encryption
❍ c. service password-encryption
❍ d. password encryption
The correct answer is c. To encrypt passwords on a Cisco router, you use the
service password-encryption global command. Answers a, c, and d are incorrect,
because they are invalid Cisco IOS commands.
Question 9
Which IOS command can be used to copy an IOS image from a TFTP server
to ROM?
❍ a. copy tftp flash
❍ b. copy flash tftp
❍ c. copy tftp rom
❍ d. copy rom tftp
❍ e. You cannot write to ROM
30
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Chapter 10
The correct answer is e. You cannot write to ROM, which is read-only memory.
The ROM contains a scaled-down version of IOS. You can physically swap the
ROM chips. You cannot perform a software upgrade by using any IOS com-
mand. Answers a, b, c, and d are incorrect, because ROM is not programmable.
The copy tftp flash command will copy an IOS image from a TFTP server to the
flash on board a Cisco router. The copy flash tftp command stores a copy of the
flash on a Cisco router to a TFTP server. The copy tftp rom command is not a
valid Cisco IOS command. The command copy rom tftp is also not a valid IOS
command.
Question 10
Which IOS command enables you to monitor CPU processes down to the
packet level?
❍ a. reload
❍ b. terminal on
❍ c. debug
❍ d. show
❍ e. display
❍ f. Cisco routers do not have a CPU
The correct answer is c. To see a detailed view of CPU tasks, you use the debug
command. Answer a is incorrect, because the reload command is used to reload
the router. Answer b is incorrect, because terminal on is an invalid IOS com-
mand. Answer d is incorrect, because, while the show command displays status
and configuration parameters, it does not show detail at the packet level. Answer
e is incorrect, because display is an invalid IOS command. Answer f is incorrect,
because all Cisco routers contain a CPU.
Question 11
Which IOS commands will turn off all currently active debug commands on
a Cisco router? [Choose the two best answers]
❑ a. debug all
❑ b. no debug all
❑ c. undebug all
❑ d. no debug
31
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Cisco Device Operation
The correct answers are b and c. To turn off all debugging, you can use no debug
all or undebug all. Answer a is incorrect, because debug all turns on every pos-
sible debug command. Answer d is incorrect; if you issue no debug, the router
will respond by requesting for more information, because the command is in-
complete.
Question 12
Which IOS command will set the enable password to
CisCo?
❍ a. enable password cisco
❍ b. enable-password CisCo
❍ c. enable password CisCo
❍ d. enable password cisco
❍ e. Both c and d are correct
The correct answer is c. All passwords on a Cisco router are case sensitive, and
the syntax to set the password is enable password. Therefore, to set the password
to CisCo, the IOS command is enable password CisCo. Answers a and d are
incorrect, because the password is entered incorrectly. Answer b is incorrect, be-
cause enable-password CisCo is an invalid IOS command—there is no dash
between enable and password. Answer e is incorrect, because only answer c shows
the correct command.
Question 13
SNMP operates at which layer of the OSI model?
❍ a. Layer 1
❍ b. Layer 2
❍ c. Later 3
❍ d. Layer 4
❍ e. Layer 5
❍ f. Layer 6
❍ g. Layer 7
The correct answer is g. SNMP is an Application layer protocol, and the Appli-
cation layer is layer 7 of the OSI model. Answers a, b, c, d, e, and f are incorrect,
because SNMP operates at layer 7 of the OSI model.
32
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
○
Chapter 10
Need to Know More?
Chappell, Laura. Introduction to Cisco Router Configuration (ICRC).
Macmillan Publishing Company: Indianapolis, Indiana, 1998. ISBN:
1-57870-076-0. Chapters 5 and 6 provide an excellent overview of
Cisco router device operation.
Cisco IOS 12.0 Fundamentals. Cisco Press: Indianapolis, Indiana, 1999.
ISBN 1-57870-155-4. This book provides all the configurable op-
tions available with Cisco IOS. Each chapter provides a brief intro-
duction followed by all the IOS command options. Part I provides a
comprehensive description of the command line interface. Part II de-
scribes file management on Cisco routers, and Part III details system
management, with extensive coverage of show commands.
Coe, Jeffrey, and Matthew Rees. CCNA Routing And Switching Exam
Cram. The Coriolis Group: Scottsdale, Arizona, 1999. ISBN 1-57610-
434-6. Chapter 5 provides details about managing Cisco routers along
with some helpful sample examination questions.
www.cisco.com provides a wealth of documentation related to the topics
discussed in this chapter. For debug commands and sample displays,
visit the documentation home page.