433 8C10 3FPMCIVQISRE4NQU7HR5KM Nieznany (2)

○

Cisco Device Operation

Terms you’ll need to understand:

✓ Random access memory (RAM)

✓ Non-volatile random access memory (NVRAM)

✓ Flash

✓ Central processing unit (CPU)

✓ Read-only memory (ROM)

✓ Configuration register

✓ Exec mode

✓ Privilege mode

✓ Trivial File Transfer Protocol (TFTP)

✓ Simple Network Management Protocol (SNMP)

✓ Protocol translation

✓ Debugging

Techniques you’ll need to master:

✓ Issuing infrastructure commands

✓ Viewing router configurations

✓ Using common IOS commands

✓ Configuring protocol translation

○

Chapter 10

This chapter focuses on monitoring and maintaining router networks via IOS
commands. In particular, this chapter describes Cisco router’s major hardware
components, common show and debug IOS commands, and methods used to
configure protocol translation.

This chapter covers the following Cisco device operation CCIE blueprint objec-
tives as laid out by the Cisco Systems CCIE program:

➤ Operation commands—show, debug.

➤ Infrastructure—NVRAM, flash, memory, CPU, file system, config reg.

➤ Operations—File transfers, password recovery, Simple Network Management

Protocol (SNMP), accessing devices, password security.

As with other chapters in this book, additional information is provided for com-
pleteness and in preparation for additional subjects as the CCIE program expands.

Infrastructure Commands

Cisco routers consist of many hardware components. The main components of a
Cisco router include:

➤ RAM

➤ NVRAM

➤ Flash

➤ CPU

➤ ROM

➤ Configuration registers

➤ Interfaces

Figure 10.1 illustrates Cisco routers’ hardware components. Each hardware com-
ponent is vital for Cisco routers to operate properly. To help you prepare for the
CCIE exam, the next few sections present the main concepts you need to know
about Cisco hardware components. Let’s begin by looking at random access
memory (RAM).

RAM

Routers use random access memory (RAM) to store the current configuration
file and other important data collected by the router. This data includes the IP
routing table and buffer information. Buffers temporarily store packets before a
router processes them.

○

Cisco Device Operation

RAM information is lost if the router power cycles (loses and regains power) or is
restarted by an administrator. To view a router’s current configuration, use the
show running-config IOS command. Before IOS version 10.3, administrators
used the write terminal command to show a router’s configuration. The write
terminal command is still valid in today’s IOS releases, but Cisco prefers users to
use the show running-config command.

NVRAM

Non-volatile RAM (NVRAM) stores a copy of the router’s configuration file.
The NVRAM storage area is permanent and retained by the router in the event
of a power cycle. When the router powers up from a power cycle or a reboot, the
stored configuration file is copied by the IOS from the NVRAM to RAM. To
view the configuration file stored in NVRAM, issue the show startup-config
command. In earlier versions of IOS (before version 10.3), the show config com-
mand was used to view the configuration file stored in NVRAM. In IOS ver-
sions 11.0+, both the show config and show startup-config commands will work.
Again, Cisco prefers to use the show startup-config command.

Flash

Flash is erasable and programmable and is used to store the router’s IOS image.
Furthermore, the flash contains a certain amount of space, which varies by router
model to allow multiple versions of IOS to be stored. Therefore, you can delete,

Random access memory (RAM)

Flash

Read only

memory (ROM)

Non-volatile RAM

(NVRAM)

Router interfaces

LAN, WAN, CONSOLE,

AUX PORT

Figure 10.1

Components of a Cisco router.

○

Chapter 10

retrieve, and store new versions of IOS in the flash memory system. To view the
flash on a Cisco router, use the show flash IOS command. Listing 10.1 shows a
sample flash display on a Cisco 2500 router.

Note: On a high-performance router, such as Cisco 4000 series and 7000 series
routers, you can make the flash system look like a file system and store many versions
of IOS. In the Cisco 2500 series, routers can partition the flash with the partition
flash <number of partition> <size of each partition> command.

Listing 10.1

The show flash command.

R1>sh flash

System flash directory:

File Length Name/status

1 9558976 c2500-ajs40-l.112-17.bin

[9559040 bytes used, 7218176 available, 16777216 total]

16384K bytes of processor board System flash

Listing 10.1 shows that the IOS image c2500-ajs40-l.112-17.bin is currently
stored on the flash.

The Cisco 7500 series router provides the option of installing additional
PCMCIA flash memory. If this additional memory is installed, the dir
slot0 IOS command displays the IOS image stored within.

CPU

The central process unit (CPU) is the heart of a router, and every Cisco router
has a CPU. A CPU manages all the router’s processes, such as IP routing, and
new routing entries, such as remote IP networks learned through some form of
dynamic routing protocol. To view a CPU’s status, use the show process IOS
command, as shown in Listing 10.2.

Listing 10.2

The (truncated) show process command.

R1>show process

CPU utilization for five seconds: 9%/7%; one minute: 9%;

five minutes: 10%

PID QTy PC Runtime (ms) Invoked uSecs Stacks TTY Proc

1 Csp 318F396 24456 1043 234 732/1000 0 Load Meter

2 M* 0 28 28 1000 3268/4000 0 Exec

3 Lst 317D1FC 1304 175 5257 1724/2000 0 Check heap

The show process command displays the router utilization within the past five
seconds and the past one minute as well as the average over the last five minutes.
Following the CPU utilization statistics are details about specific processes.

○

Cisco Device Operation

ROM

Read only memory (ROM) stores a scaled-down version of a router’s IOS in the
event that the flash system becomes corrupted or there is no current IOS image
stored in flash. ROM also contains the bootstrap program (sometimes referred to
as the rxboot image in Cisco documentation) and device’s power up diagnostics.
You can only perform a software upgrade (that is, perform a software image upgrade
on the ROM) by replacing ROM chips, because the ROM is not programmable.

ROM also contains the bootstrap program and power up diagnostics. The bootstrap
program enables you to isolate or rule out hardware issues. For example, you may
have a faulty flash card and subsequently the router cannot boot the IOS image.
The power diagnostics program tests all the hardware interfaces on the router.
ROM mode is the term for when a router is not running as healthy as it should be.
ROM mode contains a limited number of IOS commands, which enable the
administrator to troubleshoot software or hardware problems on a router.

The various Cisco model routers have different ROM modes, but in all Cisco
routers, you can issue the ? command in ROM mode to identify the available
commands used to troubleshoot a Cisco IOS-based router.

Listing 10.3 provides all the available options on a Cisco 4000 router when the ?
command is used.

Listing 10.3

The ? command when in ROM mode.

> ?

? Types this display

$ Toggle cache state

B [filename] [TFTP Server IP address | TFTP Server Name]

Load and execute system image from ROM or from TFTP server

C [address] Continue [optional address]

D /S M L V Deposit value V of size S into location L with

modifier M

E /S M L Examine location L with size S with modifier M

G [address] Begin execution

H Help for commands

I Initialize

K Displays Stack trace

L [filename] [TFTP Server IP address | TFTP Server Name]

Load system image from ROM or from TFTP server, but do not

begin execution

O Show software configuration register option settings

P Set break point

S Single step next instruction

T function Test device (? for help)

○

Chapter 10

The options in Listing 10.3 allow you to initialize a router with the I command
once you have finished ROM mode. ROM mode enables you to recover lost
passwords, by altering the configuration registers, which will be discussed later in
this chapter.

Configuration Registers

A configuration register is a16-bit number that defines how a router will operate
on a power cycle. These options include if the IOS will be loaded from flash or
ROM. Configuration registers are used to advise the Cisco IOS router to load
the configuration file from the NVRAM or to ignore the configuration file stored
in memory for example. The default configuration register is displayed as 0x2102
on a Cisco router when converted to binary is shown below:

➤ Bit Number—15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0

➤ Value—0 0 1 0 0 0 0 1 0 0 0 0 0 0 1 0

Keep in mind that the bits are numbered from right to left. In the preceding
example, the value is displayed as 0x2102(0010.0001.0000.0010). The function
of the configuration register bits are determined by their position as follows:

➤ Bits 0 through 3—Determines the boot option whether the router loads the

IOS from the flash (binary value is 010) or ROM (binary value is 000).

➤ Bit 4—Reserved.

➤ Bit 5—Reserved

➤ Bit 6—Tells the router to load the configuration from NVRAM if set to 1

and to ignore the NVRAM if set to 0.

➤ Bit 7—Indicates whether to ignore the Cisco IOS banner. The default setting

is 0 or don’t show the Cisco banner at startup; a 1 bit indicates to show the
IOS banner message.

➤ Bit 8—Specifies whether to enter ROM mode without power cycling the router.

If bit 8 is set to 1 and the break key is issued while the router is up and running
normally, the router will go into ROM mode. This is a dangerous scenario
because if this is performed your router immediately stops functioning.

➤ Bit 9—Reserved.

➤ Bit 10—Specifies the broadcast address to use where 1 equals the use all 0s

for broadcast at boot (in conjunction with bit 14). Bit 10 interacts with bit 14.

➤ Bits 11 and 12—Sets the baud rate of the console port. For example, if bits 11

and 12 are set to 00, the baud rate will be 9600. The baud rate 4800 can be set
when these bits are set to 01, 2400bps is 10 and finally 1200bps is 11.

○

Cisco Device Operation

➤ Bit 13—Tells the router to boot from ROM if the flash cannot boot from a

network, such as a TFTP server. If bit 13 is set to 0 and no IOS is found, the
router will hang. If bit 13 is set to 1 and no IOS is found, the router will boot
from ROM.

➤ Bit 14—Interacts with Bit 10 to define broadcast address. The possible com-

binations are shown in Table 10.1.

➤ Bit 15—Specifies to enable diagnostics display on startup and ignore the

NVRAM.

To view the current configuration register, issue the show version command, as
shown in Listing 10.4. The configuration registers setting is the last line in the
command output.

Listing 10.4

The (truncated) show version command.

R1>show version

Cisco Internetwork Operating System Software

IOS (tm) 2500 Software (C2500-AJS40-L), Version 11.2(17), RELEASE

SOFTWARE (fc1)

Compiled Tue 05-Jan-99 13:27 by ashah

Image text-base: 0x030481E0, data-base: 0x00001000

ROM: System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE

BOOTFLASH: 3000 Bootstrap Software (IGS-RXBOOT),

Version 10.2(8a), RELEASE SOFTWARE

R1 uptime is 6 days, 1 hour, 36 minutes

System restarted by reload

System image file is "flash:c2500-ajs40-l.112-17.bin", ..

..booted via flash

cisco 2520 (68030) processor (revision E) with 8192K/2048K byte

Processor board ID 02956210, with hardware revision 00000002

Bridging software.

X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.

TN3270 Emulation software.

Basic Rate ISDN software, Version 1.0.

Table 10.1

Bits 10 and 14 settings.

Bit 14

Bit 10

Address (<net> <host>)

Off

Off

Off

○

Chapter 10

1 Ethernet/IEEE 802.3 interface(s)

2 Serial network interface(s)

2 Low-speed serial(sync/async) network interface(s)

1 ISDN Basic Rate interface(s)

32K bytes of non-volatile configuration memory.

16384K bytes of processor board System flash (Read ONLY)

Configuration register is 0x2102

As you can see, Listing 10.4 uses the show version IOS command to display the
configuration register as 0x2102. The show version command also displays other
useful router information, such as the uptime of the router, the IOS image in use,
and the hardware configuration. Table 10.2 displays common configuration reg-
ister values you can use in day-to-day troubleshooting.

Interfaces

Interfaces provide connections to a network. Interfaces include LANs, WANs,
and management ports (that is, console and auxiliary ports).

To view the current LAN or WAN interface, you can issue the show interface
command. The show interface command displays all LAN and WAN interfaces.
To display information regarding console or auxiliary ports, you can use the show
line command. Figure 10.2 summarizes the available IOS commands adminis-
trators can use to view a router’s current configuration.

Now that we’ve discussed the hardware basics of Cisco routers, let’s move on to
the review how routers operate. While we discuss router operation, we’ll also
cover how administrators can manage Cisco routers.

Router Operation

This section concentrates on some of the more common IOS manipulation tasks
that you will be required to master. We’ll start by examining how to access rout-
ers. Then, we’ll look at how to:

➤ Use passwords to provide security

Table 10.2

Common registers and descriptions.

Register Value

Description

0x2100

Boots the router using the system bootstrap found in ROM.

0x2102

Boots the router using flash and NVRAM. This is the
default setting.

0x2142

Boots the router using flash and ignores NVRAM. This value is
used to recover passwords or modify configuration parameters.

○

Cisco Device Operation

➤ Copy and back up configurations

➤ Recover passwords

➤ Enable Simple Network Management Protocol management

Methods of Accessing Cisco Routers

A Cisco router can be accessed in number of ways. You can physically access a
router via the console port, or you can access a router remotely through a modem
via the auxiliary port. You can also access a router via a network or virtual termi-
nal ports, which allow Telnet access.

If you do not have physical access to a router—either via a console port or an
auxiliary port via dial up—you can access a router through the software interface
called the virtual terminal (also referred to as a VTY port). When you Telnet to a
router, you are asked for the VTY password. For example, on the following router,
R1, the administrator types the remote address of R2 and tries to Telnet to one of
the VTY ports. Listing 10.5 provides the session dialog.

Listing 10.5

Using a VTY port to establish a Telnet connection.

R1#Telnet 131.108.1.2

Trying 131.108.1.2 ... Open

show running-config

write terminal

show flash

dir slot0:

show interfaces

show startup-config

show config

Random access memory (RAM)

Flash

Read only

memory (ROM)

Non-volatile RAM

(NVRAM)

Router interfaces

LAN, WAN, CONSOLE,

AUX PORT

Figure 10.2

Interface IOS commands.

○

Chapter 10

User Access Verification

Password: xxxxx

R2>

In circumstances similar to Listing 10.5, be aware that you will only enter Exec
mode. You are still required to supply a privilege password, or the secret password
if it’s configured, if you want to access the advanced IOS command set.

IOS Operational Modes

The Cisco IOS supports a number of modes that permit administrators to ac-
cess, view, and configure a router. The modes are summarized as follows:

➤ Exec mode—Maintains a limited IOS command set. The Exec mode prompt

for a router named R1 is R1>. Essentially a limited router operational view-
only mode. The Exec mode, which allows a user to view the status of the
router and has a limited number of commands, is displayed with the follow-
ing prompt:

R1>

The > (greater than sign) specifies Exec mode.

➤ Priv Exec mode—Provides all available options, including configuration, de-

bug, and test commands. The Priv Exec prompt for a router named R1 is
R1#. To enter privileged exec mode (Priv Exec mode), which allows users to
have complete control of a router, you must first enable Exec mode and then
enter a valid password. The password is known as the enable password. After
supplying a valid password, you enter the Priv Exec prompt command (R1#),
as shown in the following code snippet:

R1>enable

Password:

R1#

In the preceding code, the pound sign (#) specifies Priv Exec mode.

➤ Global Configuration mode—Enables you to make global configuration changes.

The configuration prompt for a router named R1 is R1(config)#.

➤ Interface Configuration mode—Allows you to modify interface parameters, such as

network and IP addressing. The prompt for a router named R1 is R1(config-if )#.

Note: A variety of specialized configuration modes, such as the interface configuration
mode, are available when configuring a route-map, netbios-list, or access-list.

○

Cisco Device Operation

➤ ROM Monitor mode—Enables you to recover a router from some form of

fault. For example, ROM Monitor mode enables you to recover passwords or
serve as a backup if flash fails. The prompt is > or rommon>.

➤ Setup mode—Provides an interactive mode when a router is first powered up

out of the box. You will be prompted for information, such as IP address or
host name. You can start this mode by entering the setup command.

As you can see in the preceding list, each mode uses a distinct prompt.

Providing Password Security

Cisco routers can have passwords set on all operation modes, including the con-
sole port, privilege mode, and virtual terminal access. To set a console password
to prevent unauthorized console access to the router, issue the commands shown
in Listing 10.6.

All passwords are case sensitive.

Listing 10.6

Setting a console password.

R1(config)#line con 0

R1(config-line)#password cisco

You can also set a password on the auxiliary port,

R1(config)#line aux 0

R1(config-line)#password cisco

To set the privilege mode password you have two options, they are the enable and
secret password. To set these passwords, use the following commands:

R4(config)#enable password cisco

R1(config)#enable secret ccie

The command to set an

enable password is enable password

<password>. You can also set a more secure password, called a
secret password, that is encrypted when viewing the configuration
with the enable secret <password>command. A secret password
overrides an enable password.

In Listing 10.6, the secret password will always be used. Now, let’s issue the show
running-config command to display the configuration after entering the enable
and secret passwords in the preceding code (see Listing 10.7).

○

Chapter 10

Listing 10.7

The show running-config command after entering enable and
secret passwords.

R1#sh running-config

Building configuration

Current configuration:

version 11.2

hostname R1

enable secret 5 $1$Aiy2$GGSCYdG57PdRiNg/.D.XI.

enable password cisco

As you can see in Listing 10.7, the secret password is encrypted (using Cisco’s
proprietary algorithm) while the enable password is readable. This setup enables
you to hide secret passwords when the configuration is viewed. If you desire, you
can also encrypt the enable password by issuing the service password-encryption
command, as displayed in Listing 10.8.

Listing 10.8

The service password-encryption command.

R1(config)#service password-encryption

The service password-encryption command encrypts all passwords issued to the
router using the MD5 encryption algorithm. Listing 10.9 shows an example of
how these passwords appear when the configuration is viewed after all passwords
have been encrypted.

Listing 10.9

The show running-config command after encrypting all
passwords.

R1#show running-config

Building configuration...

Current configuration:

version 11.2

hostname R1

enable secret 5 $1$Aiy2$GGSCYdG57PdRiNg/.D.XI.

enable password 7 121A0C041104

Notice in Listing 10.9 that both the enable and secret passwords are encrypted.

The final Cisco password you can set is the virtual terminal password. This pass-
word verifies remote Telnet sessions to a router. Listing 10.10 displays the com-
mands necessary to set the virtual terminal password on a Cisco router.

○

Cisco Device Operation

Listing 10.10

Using the password command to set a virtual terminal
password.

R4(config)#line vty 0 4

R4(config-line)#password ccie

If you issue the no login command below the virtual terminal command (line vty
0 4), remote Telnet users will not be asked to supply a password, and they will
automatically enter Exec mode. For example:

R1#telnet R2

Trying 1.1.1.1 ... Open

R2>

Keep in mind that the preceding setup is not a secure access method for a router
network.

Copying and Backing Up Configuration Files

Cisco IOS allows you to copy and back up the configuration file and the IOS
image locally or to a remote TFTP server. With this feature, you can back up
your configuration and IOS images as well as copy new configurations.

To save your configuration to a TFTP server or NVRAM, you must use the copy
command and determine whether you want to copy the startup or running con-
figuration. Listing 10.11 provides a complete list of available copy options.

Listing 10.11

The copy command options.

R1#copy ?

flash Copy from system flash

flh-log Copy FLH log file to server

mop Copy from a MOP server

rcp Copy from an rcp server

running-config Copy from current system configuration

startup-config Copy from startup configuration

tftp Copy from a TFTP server

When you issue a copy command, the first statement indicates what you want to
copy and the second statement indicates where the copied information will be
placed. For example, to copy a running configuration to NVRAM, you issue the
following command:

copy running-config startup-config

Following is a sample display taken from a Cisco 2500 router where the adminis-
trator has issued the copy command to save the running configuration to NVRAM:

○

Chapter 10

R1#copy running-config startup-config

Building configuration...

[OK]

R1#

After you execute a copy command, the router will tell you whether the proce-
dure was successful by using indication OK, as shown in the preceding code for
the successful copying from the running configuration to NVRAM.

To back up the router’s running configuration to a TFTP server, you use the
following copy command:

copy running-config tftp

Listing 10.12 provides an example of saving a running configuration to a TFTP
server

Listing 10.12

The copy running-config tftp command.

R1#copy running-config tftp

Remote host []? 10.72.128.45

Name of configuration file to write [r1-confg]?

Write file wtc-ts2-confg on host 10.72.128.45? [confirm]Y

Building configuration...

Writing R1 !!!! [OK]

R1#

After issuing the copy command, you will need to supply the IP address of the
destination TFTP server for the running configuration file.

Note: You need to ensure that the remote TFTP server has been configured with
sufficient write access so that a file can be copied.

To load a new IOS to flash, use the copy command. To save the flash to a TFTP
server, use the copy tftp flash command as follows:

R1#copy tftp flash

To copy the contents of a router’s flash (IOS Image) to a TFTP server, use the
copy flash tftp command:

R1#copy flash tftp

Both the copy tftp flash and flash tftp commands require users to enter the IP
address of the TFTP server and the IOS image name. Thus, issue a show version
command prior to executing these commands so that you can copy the IOS im-
age name.

○

Cisco Device Operation

In IOS versions earlier than version 10.3, the write network command was used
to copy a configuration file to a TFTP server. Following is a summary of the
write network commands found in IOS versions predating version 10.3:

R1#write ?

erase Erase NVRAM memory

memory Write to NVRAM memory

network Write to network TFTP server

terminal Write to your terminal

Table 10.3 summarizes common copy commands used to save and restore con-
figuration and IOS files.

Password Recovery

Password recovery allows a router administrator to recover a lost or unknown
password on a Cisco router. For password recovery, an administrator must have
physical access to the router via the console or auxiliary port. When a user enters
an incorrect enable password, the user receives an error message similar to the
message shown in Listing 10.13.

Listing 10.13

An incorrect password error message.

R1>enable

Password: cisco

% Bad passwords

R1>

When a user receives a % Bad passwords message, the user can neither access the
advanced command set, in this case enable mode, nor make any configuration
changes. Fortunately, Cisco provides the following 10-step method that admin-
istrators can use to recover a lost password without losing configuration files:

Table 10.3

Common file transfer commands.

Command

Description

copy running-config startup-config

Copies the current configuration to NVRAM.

copy startup-config running-config

Copies NVRAM to the running RAM.

copy running-config tftp

Copies the current configuration to a
TFTP server.

copy tftp running-config

Copies a file from a TFTP server to RAM.

copy tftp flash

Copies a new IOS image to flash.

copy flash tftp

Copies an image on flash to a TFTP server.

○

Chapter 10

1. Power cycle the router.

2. Issue a control break or the break key command on the application to enter

into ROM mode. The control break key sequence must be entered within 60
seconds of the router restarting.

3. Once you are in ROM mode change the config register value to ignore the

startup configuration file that is stored in NVRAM. Use the following com-
mand syntax o/r 0x2142.

4. Allow the router to reboot by entering the command i.

5. After the router has finished booting up, without its startup-configuration

look at show startup-config. If the password is encrypted, move to Step 6,
which requires you to enter the enable mode (type enable and you will not be
required to enter any password) and copy the startup configuration to the
running configuration with the copy startup-config running-config com-
mand. Then, change the password.

6. Copy the startup configuration to RAM.

7. Enable all active interfaces.

8. Change the configuration register to 0x2102 (default).

9. Reload router.

10. Check the new password.

To review, let’s look at an example. Assume you are directly connected to router
R1, and you do not know the enable password. You first need to power cycle the
router. So, you power cycle the router and press the control break key (the Esc
key) to enter boot mode. Listing 10.14 shows the dialog displayed by the router
after a break is issued.

Listing 10.14

Password recovery dialog on a Cisco router.

System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE

Abort at 0x10EA882 (PC)

!control break issued followed by ? to view help options

>>?

$ Toggle cache state

B [filename] [TFTP Server IP address | TFTP Server Name]

Load and execute system image from ROM

or from TFTP server

C [address] Continue execution [optional address]

D /S M L V Deposit value V of size S into location L with

modifier M

○

Cisco Device Operation

E /S M L Examine location L with size S with modifier M

G [address] Begin execution

H Help for commands

I Initialize

K Stack trace

L [filename] [TFTP Server IP address | TFTP Server Name]

Load system image from ROM or from TFTP server,

but do not begin execution

O Show configuration register option settings

P Set the break point

S Single step next instruction

T function Test device (? for help)

As you can see in Listing 10.14, the ? symbol can be used to display all the
available options. To view the current configuration register, issue the following
e/s 2000002 command, which displays the value of the configuration register:

>e/s 2000002

! This command will display the current configuration register

2000002: 2102

! Type q to quit

The value 2102 is the default register on Cisco IOS routers. For illustrative purposes,
let’s change the register to 0x2142, which will tell the IOS to ignore the configu-
ration in NVRAM and boot with no configuration. The command to change is
0/r 0x2142 followed by the initialize command, which will reload the router:

>0/r 0x2142

>initialize

The preceding command will reboot the router and ignore your startup configu-
ration. The aim here is to change the password without losing your original con-
figuration. Listing 10.15 displays a truncated display by the Cisco IOS after it
reloads.

Listing 10.15

Dialog after reload.

System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE

2500 processor with 6144 Kbytes of main memory

F3: 9407656+151288+514640 at 0x3000060

Restricted Rights Legend

Cisco Internetwork Operating System Software

IOS (tm) 2500 Software (C2500-AJS40-L), Version 11.2(17)

○

Chapter 10

Compiled Tue 05-Jan-99 13:27 by ashah

Image text-base: 0x030481E0, data-base: 0x00001000

Basic Rate ISDN software, Version 1.0.

1 Ethernet/IEEE 802.3 interface(s)

2 Serial network interface(s)

2 Low-speed serial(sync/async) network interface(s)

1 ISDN Basic Rate interface(s)

32K bytes of non-volatile configuration memory.

16384K bytes of processor board System flash (Read ONLY)

— System Configuration Dialog —

At any point you may enter a question mark ‘?’ for help.

Use ctrl-c to abort configuration dialog at any prompt.

Default settings are in square brackets ‘[]’.

Would you like to enter the initial configuration dialog? [yes]:No

Press RETURN to get started!

......

Router>

Notice in Listing 10.15 that the router reverts to the default configuration. Enter
the enable keyword to get into privilege mode. In this scenario, you will not be
prompted for the enable password, because there isn’t one. You can view the startup
config by using the show startup-config (or show config in IOS versions predat-
ing version 10.3), as shown in Listing 10.16.

Listing 10.16

The sh startup-config command.

Router#sh startup-config

Using 1968 out of 32762 bytes

! Last configuration change at 16:35:50 UTC Tue May 18 1999

! NVRAM config last updated at 16:35:51 UTC Tue May 18 1999

version 11.2

service password-encryption

no service udp-small-servers

no service tcp-small-servers

hostname R1

enable password 7 05080F1C2243

As you can see in Listing 10.16, the enable password is encrypted. In instances
where the password is not encrypted, you could view the password using the sh
startup-config command. But, when a password is encrypted, you’ll need to copy
the startup config to the running config and change the password manually, by
using a command similar to the following:

Router#copy startup-config running-config

○

Cisco Device Operation

At this point in the example, you are still in privilege mode, so you can enter
Global Configuration mode to change the password back to its original setting
(cisco in this instance), as displayed in Listing 10.17.

Listing 10.17

Changing a password and setting the configuration registry
commands.

R1#config term

R1(config)#enable password cisco

R1(config)#config-register 0x2102

You then complete password recovery by changing the configuration register back
to the 0x2102 the default. When the router reloads, it will load the new configu-
ration file with the password set to cisco as well change the configuration register
back to its default value. Here is the dialog that occurs when the password in the
example is set back to cisco using Cisco’s password recovery method:

R1>ena

Password: cisco

R1#

Now, we’ll look at SNMP’s configuration parameters and restrictions on Cisco
routers.

Enabling Simple Network Management Protocol (SNMP)

Simple Network Management Protocol (SNMP) is an Application layer proto-
col that operates at layer 7 of the OSI model. SNMP is used to manage network
devices, such as routers and switches. SNMP is also used by routers and switches
to notify SNMP managers when errors occur or thresholds are reached the device
running SNMP issue trap, which is notification that the threshold has been reached.

The Simple Network Management Protocol (SNMP) system consists of three
parts:

➤ SNMP Manager—Server based platform requesting and setting parameters.

This device has overall control of a network. Cisco supplies the program called
CiscoWorks that collects traps and other SNMP information, such as hard-
ware types, CPU utilization, and much more.

➤ SNMP Agent—Software running on a device. The SNMP manager can get

information from a device or set values on the device, such as system contact
or router name.

➤ Management Information Base (MIB)—The set of rules that define the infor-

mation that is sent and received.

○

Chapter 10

To configure SNMP on a router, you must define the relationship between the
manager and the agent. To specify the recipient of a trap message, use the follow-
ing IOS command:

snmp-server host host community-string [trap-type]

To specify the types of traps sent:

snmp-server enable traps [trap-type] [trap-option]

To establish trap message authentication:

snmp-server trap-authentication

To view sent and received SNMP messages, use the show snmp command. List-
ing 10.18 provides a sample sh snmp command display taken from a Cisco router.

Listing 10.18

The sh snmp command.

R1# show snmp

167 SNMP packets input

0 Bad SNMP version errors

0 Unknown community name

0 Illegal operation for community name supplied

0 Encoding errors

197 Number of requested variables

0 Number of altered variables

0 Get-request PDUs

167 Get-next PDUs

0 Set-request PDUs

107 SNMP packets output

0 Too big errors (Maximum packet size 484)

0 No such name errors

0 Bad values errors

0 General errors

107 Get-response PDUs

0 SNMP trap PDUs

The preceding display shows what has been sent and received by a router or
switch.

SNMP is one of the most commonly used protocols for network management,
and you will undoubtedly run across it over and over again in your networking
career. The next section discusses how you can take that little portion of your
network that has a legacy protocol that will not go away and translate it to the
common protocol in your network, IP for example.

○

Cisco Device Operation

Cisco Protocol Translation
and Applications

Cisco IOS allows networks to translate from one protocol to another without the
need to implement every type of protocol across all your routers and throughout
your network. Figure 10.3 provides an overview of Cisco’s protocol translation
features. The network shown in Figure 10.3 is a relatively small network, but the
translation configuration serves as a helpful tool for this section’s discussion.

Imagine that the three routers shown in Figure 10.3 use IP, and the PC located
on Router 2’s Ethernet segment needs to communicate with the LAT host on

10.1.6.0/24

Translate TCP

10.1.6.100 LAT test

Translation

configuration

Understands IP

only, needs to talk

to LAT host

IP Network

LAT host

service called

test

Dummy IP

address

10.1.6.100,

does not exist

TCP/IP

translated to

LAT service

test

Figure 10.3

Protocol translation overview.

○

Chapter 10

router R1’s Ethernet segment. Ordinarily, this would not be possible—either the
PC would require LAT to be installed and bridged across the IP network, or the
LAT host would require TCP/IP to be installed. Fortunately, Cisco IOS pro-
vides a workaround. Instead of installing LAT or TCP/IP, you can use Cisco IOS
to translate a TCP/IP session into a LAT session. Using a valid IP address at the
R2 Ethernet segment then translating to LAT performs this without the need to
install special software or enable bridging, because LAT is not a routable protocol.

Cisco IOS supports translation for the following protocols:

➤ TCP/IP

➤ LAT

➤ X.25

Referring to Figure 10.3, let’s suppose a LAT service called test resides on R1’s
Ethernet interface. Let’s consider the example where the PC telnets to a valid IP
address that is routed to the segment where the LAT host resides. The PC Telnets
to a valid IP address on R1’s Ethernet segment for IP routing to work correctly,
although this IP host address does not exist, and the translation will be per-
formed at R1. When router R1 receives a TCP/IP session request for the IP
10.1.6.100, the router will translate the TCP/IP session into a LAT session and
perform the protocol conversion on behalf of the PC. The configuration on router
R1 would be as follows:

translate tcp 10.1.6.100 lat test

The preceding setup is an example of a one-way translation. You can also use
two-way translations to translate from TCP/IP to LAT as well as from LAT to
TCP/IP. A two-way translation might be useful in situations in which you have
two LAT devices separated by an IP-only backbone.

To monitor protocol translation, use the show translate IOS command, as follows:

R1#sh translate

Translate From: TCP 10.1.6.100 Port 23

To: LAT TEST

1/0 users active, 10 peak, 20 total, 0 failures

The preceding command displays the number of translations in use, the peak
number of users who are using protocol translation, and the total number of
current active translations.

Up to this point in the chapter, we’ve mostly looked at some useful show IOS
commands. Therefore, it’s easy to see that the show command set supplies some

○

Cisco Device Operation

of the most useful IOS commands used by router administrators. Similar to the
show command set, the debug command set also contains some useful com-
mands for router administrators. Thus, in keeping with the Exam Cram philoso-
phy of completeness, the next section focuses on common debug commands that
you need to be familiar with.

Common Debug Commands

The debug commands are used to troubleshoot what the router is processing.
These commands can only be accessed through privilege mode.

Debug messages are always sent to the console port and can be displayed on your
VTY connection by using the terminal monitor IOS command. Without this
command, you will not see debug messages during a VTY session.

Debugging output is assigned a high priority in the CPU process. Therefore,
debugging output can render a system unusable if a CPU has to provide a consid-
erable amount of resources to process debugging data. You should use the debug
command with extreme caution in a production environment. Of course, this
doesn’t mean that you should never use debug commands. Some common tech-
niques used to reduce the impact of debug commands is to turn off debugging on
the console port by issuing the no logging console command. You will still re-
ceive debug output to a VTY session, but no CPU cycles will be used to send the
output to the console. You can also send debug output to an external server in a
log file that can be viewed at later time or stored to present to Cisco’s technical
assistance center when resolving complex routing or switching faults.

To get an appreciation for the debug command set, you can use the ? command
to view the available debugging options. The debugging options are too numer-
ous to mention here, but be aware that you have access to the entire IOS debug
command set. In the next few sections, we’ll cover the three most useful debug
commands used to troubleshoot data networks:

➤ debug ip packet

➤ debug ip routing

➤ debug arp

To turn debugging off, issue the no command with the specific debug
command previously issued. For example, if you turn on ARP requests
with the debug arp command, you can turn the command off by
issuing the no debug arp command. If you have several debug
commands active, you can turn them all off at once by issuing the
undebug all or no debug all command.

○

Chapter 10

debug ip packet

The debug ip packet command displays general IP packet information. This com-
mand can be a handy debug tool to use if you do not receive a response from a
remote station. Listing 10.19 shows an example of the debug ip packet com-
mand when a user successfully pings a remote router with a local address of 10.1.4.1
and a destination address of 10.1.7.1.

Listing 10.19

The debug ip packet command.R1#debug ip packet

IP packet debugging is on

R1# ping 10.1.7.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.7.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent(5/5),round-trip min/avg/max=36/36/36ms

R1#