1. Command status
1. router>
The router is in the user command state. At this time, the user can view the router's connection status and access other networks and hosts, but cannot see and change the router's settings.
2. router#
Type enable at the router> prompt, and the router enters the privileged command status router#. At this time, you can not only execute all user commands, but also see and change the router's settings content.
3. router(config)#
Type configure terminal at the router# prompt, and the prompt router(config)# appears. At this time, the router is in the global setting state. At this time, the global parameters of the router can be set.
4. router(config-if)#; router(config-line)#; router(config-router)#;…
The router is in a local setting state, and at this time, a local parameter of the router can be set.
5. >
The router is in RXBOOT state. Press ctrl-break within 60 seconds after booting to enter this state. At this time, the router cannot complete the normal functions and can only perform software upgrades and manual boots.
6. Set the dialogue status
This is a state that is automatically entered when a new router is powered on. You can also enter this state using the SETUP command in the privileged command state. At this time, the router can be set through dialogue.
Return to the directory
3. Set up the dialogue process
1. Show prompt information
2. Setting of global parameters
3. Setting of interface parameters
4. Show results
The use of the setting dialogue process can avoid the tediousness of manually entering commands, but it cannot completely replace manual settings. Some special settings must be completed through manual input.
After entering the setup dialogue process, the router will first display some prompt information:
--- System Configuration Dialog ---
At any point you may enter a question mark ? for help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets [].
This tells you that you can type "?" anywhere during the setup conversation to get help from the system, press ctrl-c to exit the setup process, and the default settings will be displayed in '[]'. Then the router will ask if it enters the settings conversation:
Would you like to enter the initial configuration dialog? [yes]:
If you press y or enter, the router will enter the setup dialogue process. First you can see the current status of each port:
First, would you like to see the current interface summary? [yes]:
Any interface listed with OK? value "NO" does not have a valid configuration
Interface IP-Address OK? Method Status Protocol
Ethernet0 unassigned NO unset up up
Serial0 unassigned NO unset up up
……… ……… … …… … …
Then, the router starts setting global parameters:
Configuring global parameters:
1. Set the router name:
Enter host name [Router]:
2. Set the ciphertext (secret) that enters the privileged state. This ciphertext will not be displayed in plain text after setting:
The enable secret is a one-way cryptographic secret used
instead of the enable password when it exists.
Enter enable secret: cisco
3. Set the password to enter the privileged state. This password only works when there is no ciphertext and will be displayed in plaintext after setting:
The enable password is used when there is no enable secret
and when using older software and some boot images.
Enter enable password: pass
4. Set the password for accessing the virtual terminal:
Enter virtual terminal password: cisco
5. Ask if you want to set up various network protocols supported by your router:
Configure SNMP Network Management? [yes]:
Configure DECnet? [no]:
Configure AppleTalk? [no]:
Configure IPX? [no]:
Configure IP? [yes]:
Configure IGRP routing? [yes]:
Configure RIP routing? [no]:
………
6. If the dial-up access server is configured, the system will also set the parameters of the asynchronous port:
Configure Async lines? [yes]:
1) Set the maximum speed of the line:
Async line speed [9600]:
2) Whether to use hardware flow control:
Configure for HW flow control? [yes]:
3) Whether to set modem:
Configure for modems? [yes/no]: yes
4) Whether to use the default modem command:
Configure for default chat script? [yes]:
5) Whether to set the PPP parameters of the asynchronous port:
Configure for Dial-in IP SLIP/PPP access? [no]: yes
6) Whether to use dynamic IP addresses:
Configure for Dynamic IP addresses? [yes]:
7) Whether to use the default IP address:
Configure Default IP addresses? [no]: yes
Whether to use TCP header compression:
Configure for TCP Header Compression? [yes]:
9) Whether to use the routing table to update on the asynchronous port:
Configure for routing updates on async links? [no]: y
10) Whether to set other protocols on the asynchronous port.
Next, the system will set parameters for each interface.
1.Configuring interface Ethernet0:
1) Whether to use this interface:
Is this interface in use? [yes]:
2) Whether to set the IP parameters of this interface:
Configure IP on this interface? [yes]:
3) Set the IP address of the interface:
IP address for this interface: 192.168.162.2
4) Set the IP subnet mask of the interface:
Number of bits in subnet field [0]:
Class C network is 192.168.162.0, 0 subnet bits; mask is /24
After setting all interface parameters, the system will display the results of the entire setup dialogue process:
The following configuration command script was created:
hostname Router
enable secret 5 $1$W5Oh$p6J7tIgRMBOIKVXVG53Uh1
enable password pass
…………
Please note that the garbled code is displayed after the enable secret, while the setting content is displayed after the enable password.
After the display is finished, the system will ask whether to use this setting:
Use this configuration? [yes/no]: yes
If you answer yes, the system will store the settings result into the router's NVRAM, and then end the settings dialogue process to make the router start working normally.
Return to the directory
4. Commonly used commands
1. Help
In IOS operations, you can type "?" regardless of any state or location to get the help of the system.
2. Change the command status
Task Command
Enter privileged command state enable
Exit privileged command status disable
Enter the settings dialog state
Enter the global setting state config terminal
Exit global settings status end
Enter the port setting status interface type slot/number
Enter sub-port setting status interface type [point-to-point | multipoint]
Enter the line setting status line type slot/number
Enter the router protocol
Exit local settings status exit
3. Show commands
Task Command
View version and boot information show version
View run settings show running-config
Check the boot settings show startup-config
Show port information show interface type slot/number
Show routing information show ip router
4. Copy command
For backup and upgrade of IOS and CONFIG
5. Network Commands
Task Command
Log in to the remote host telnet hostname|IP address
Network detection ping hostname|IP address
Routing trace hostname|IP address
6. Basic Setting Commands
Task Command
Global settings config terminal
Set access user and password username username password password
Set privileged password enable secret password
Set the router name hostname name
Set static route destination subnet-mask next-hop
Start IP routing
Start IPX routing ipx routing
Port settings interface type slot/number
Set IP address ip address address subnet-mask
Set up IPX network ipx network network
Activate the port no shutdown
Physical line settings line type number
Start the login process login [local|tacacs server]
Set login password password
5. Configure IP addressing
1. IP address classification
IP addresses are divided into two parts: network address and host address. The first 8 bits of Class A address are network addresses, the last 24 bits are host addresses, the 16 bits of Class B address are network addresses, the last 16 bits are host addresses, the first 24 bits of Class C address are network addresses, and the last 8 bits are host addresses. The network address range is shown in the following table:
Type Network address range
A 1.0.0.0 to 126.0.0.0 valid 0.0.0.0 and 127.0.0.0.0 are reserved
B 128.1.0.0 to 191.254.0.0 valid 128.0.0.0 and 191.255.0.0 are reserved
C 192.0.1.0 to 223.255.254.0 is valid 192.0.0.0 and 223.255.255.0 are reserved
D 224.0.0.0 to 239.255.255.255.255 for multicast
E 240.0.0.0 to 255.255.255.254 reserved 255.255.255.255 for broadcast
2. Assign the interface IP address
Task Command
Interface type slot/number
Set IP address for interface ip address ip-address mask
Mask is used to identify the number of network address bits in the IP address. The IP address (ip-address) and mask (mask) are combined to obtain the network address.
3. Use variable-length subnet mask
By using variable-length subnet masks, different masks can be used by networks with the same network number on different interfaces, which can save IP addresses and make full use of effective IP address space.
As shown in the figure below:
The E0 ports of Router1 and Router2 use the C-class address 192.1.0.0 as the network address. The E0 of Router1 is 192.1.0.128, the mask is 255.255.255.192, and the network address of E0 of Router2 is 192.1.0.64, and the mask is 255.255.255.192. In this way, a C-class network address is assigned to two networks, which not only divides two subnets, but also plays the role of saving addresses.
4. Use Network Address Translation (NAT)
NAT (Network Address Translation) functions to translate internal private addresses into external legal global addresses. It allows users who do not have legal IP addresses to access the external Internet through NAT.
When establishing an intranet, it is recommended to use the following address groups for hosts, which are reserved by the Network Working Group (RFC 1918) for private network address allocation.
l Class A:10.1.1.1 to 10.254.254.254
l Class B:172.16.1.1 to 172.31.254.254
l Class C:192.168.1.1 to 192.168.254.254
The command description is as follows:
Task Command
Define a standard access list access-list-number permit source [source-wildcard]
Define a global address pool ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length} [type rotary]
Create dynamic address translation ip nat inside source {list {access-list-number | name} pool name [overload] | static local-ip global-ip}
Specify internal and external ports ip nat {inside | outside}
As shown in the figure below,
The router's Ethernet 0 port is an inside port, that is, this port connects to the internal network, and the network connected to this port should be translated. Serial 0 port is an outside port, which has a legal IP address (a legal IP address assigned by the NIC or service provider). The host from network 10.1.1.0/24 will select an address from the IP address pool c2501 as its legal address and access the Internet via Serial 0 port. The command ip nat inside source list 2 pool c2501 parameter overload in overload will allow multiple internal addresses to use the same global address (a legal IP address, which is the address assigned by the NIC or service provider). The command ip nat pool c2501 202.96.38.1 202.96.38.62 netmask 255.255.255.192 defines the scope of the global address.
Settings are as follows:
ip nat pool c2501 202.96.38.1 202.96.38.62 netmask 255.255.255.192
interface Ethernet 0
ip address 10.1.1.1 255.255.255.0
ip nat inside
!
interface Serial 0
ip address 202.200.10.5 255.255.255.252
ip nat outside
!
ip route 0.0.0.0 0.0.0.0 Serial 0
access-list 2 permit 10.0.0.0 0.0.0.255
! Dynamic NAT
!
ip nat inside source list 2 pool c2501 overload
line console 0
exec-timeout 0 0
!
line vty 0 4
end
1. router>
The router is in the user command state. At this time, the user can view the router's connection status and access other networks and hosts, but cannot see and change the router's settings.
2. router#
Type enable at the router> prompt, and the router enters the privileged command status router#. At this time, you can not only execute all user commands, but also see and change the router's settings content.
3. router(config)#
Type configure terminal at the router# prompt, and the prompt router(config)# appears. At this time, the router is in the global setting state. At this time, the global parameters of the router can be set.
4. router(config-if)#; router(config-line)#; router(config-router)#;…
The router is in a local setting state, and at this time, a local parameter of the router can be set.
5. >
The router is in RXBOOT state. Press ctrl-break within 60 seconds after booting to enter this state. At this time, the router cannot complete the normal functions and can only perform software upgrades and manual boots.
6. Set the dialogue status
This is a state that is automatically entered when a new router is powered on. You can also enter this state using the SETUP command in the privileged command state. At this time, the router can be set through dialogue.
Return to the directory
3. Set up the dialogue process
1. Show prompt information
2. Setting of global parameters
3. Setting of interface parameters
4. Show results
The use of the setting dialogue process can avoid the tediousness of manually entering commands, but it cannot completely replace manual settings. Some special settings must be completed through manual input.
After entering the setup dialogue process, the router will first display some prompt information:
--- System Configuration Dialog ---
At any point you may enter a question mark ? for help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets [].
This tells you that you can type "?" anywhere during the setup conversation to get help from the system, press ctrl-c to exit the setup process, and the default settings will be displayed in '[]'. Then the router will ask if it enters the settings conversation:
Would you like to enter the initial configuration dialog? [yes]:
If you press y or enter, the router will enter the setup dialogue process. First you can see the current status of each port:
First, would you like to see the current interface summary? [yes]:
Any interface listed with OK? value "NO" does not have a valid configuration
Interface IP-Address OK? Method Status Protocol
Ethernet0 unassigned NO unset up up
Serial0 unassigned NO unset up up
……… ……… … …… … …
Then, the router starts setting global parameters:
Configuring global parameters:
1. Set the router name:
Enter host name [Router]:
2. Set the ciphertext (secret) that enters the privileged state. This ciphertext will not be displayed in plain text after setting:
The enable secret is a one-way cryptographic secret used
instead of the enable password when it exists.
Enter enable secret: cisco
3. Set the password to enter the privileged state. This password only works when there is no ciphertext and will be displayed in plaintext after setting:
The enable password is used when there is no enable secret
and when using older software and some boot images.
Enter enable password: pass
4. Set the password for accessing the virtual terminal:
Enter virtual terminal password: cisco
5. Ask if you want to set up various network protocols supported by your router:
Configure SNMP Network Management? [yes]:
Configure DECnet? [no]:
Configure AppleTalk? [no]:
Configure IPX? [no]:
Configure IP? [yes]:
Configure IGRP routing? [yes]:
Configure RIP routing? [no]:
………
6. If the dial-up access server is configured, the system will also set the parameters of the asynchronous port:
Configure Async lines? [yes]:
1) Set the maximum speed of the line:
Async line speed [9600]:
2) Whether to use hardware flow control:
Configure for HW flow control? [yes]:
3) Whether to set modem:
Configure for modems? [yes/no]: yes
4) Whether to use the default modem command:
Configure for default chat script? [yes]:
5) Whether to set the PPP parameters of the asynchronous port:
Configure for Dial-in IP SLIP/PPP access? [no]: yes
6) Whether to use dynamic IP addresses:
Configure for Dynamic IP addresses? [yes]:
7) Whether to use the default IP address:
Configure Default IP addresses? [no]: yes
Whether to use TCP header compression:
Configure for TCP Header Compression? [yes]:
9) Whether to use the routing table to update on the asynchronous port:
Configure for routing updates on async links? [no]: y
10) Whether to set other protocols on the asynchronous port.
Next, the system will set parameters for each interface.
1.Configuring interface Ethernet0:
1) Whether to use this interface:
Is this interface in use? [yes]:
2) Whether to set the IP parameters of this interface:
Configure IP on this interface? [yes]:
3) Set the IP address of the interface:
IP address for this interface: 192.168.162.2
4) Set the IP subnet mask of the interface:
Number of bits in subnet field [0]:
Class C network is 192.168.162.0, 0 subnet bits; mask is /24
After setting all interface parameters, the system will display the results of the entire setup dialogue process:
The following configuration command script was created:
hostname Router
enable secret 5 $1$W5Oh$p6J7tIgRMBOIKVXVG53Uh1
enable password pass
…………
Please note that the garbled code is displayed after the enable secret, while the setting content is displayed after the enable password.
After the display is finished, the system will ask whether to use this setting:
Use this configuration? [yes/no]: yes
If you answer yes, the system will store the settings result into the router's NVRAM, and then end the settings dialogue process to make the router start working normally.
Return to the directory
4. Commonly used commands
1. Help
In IOS operations, you can type "?" regardless of any state or location to get the help of the system.
2. Change the command status
Task Command
Enter privileged command state enable
Exit privileged command status disable
Enter the settings dialog state
Enter the global setting state config terminal
Exit global settings status end
Enter the port setting status interface type slot/number
Enter sub-port setting status interface type [point-to-point | multipoint]
Enter the line setting status line type slot/number
Enter the router protocol
Exit local settings status exit
3. Show commands
Task Command
View version and boot information show version
View run settings show running-config
Check the boot settings show startup-config
Show port information show interface type slot/number
Show routing information show ip router
4. Copy command
For backup and upgrade of IOS and CONFIG
5. Network Commands
Task Command
Log in to the remote host telnet hostname|IP address
Network detection ping hostname|IP address
Routing trace hostname|IP address
6. Basic Setting Commands
Task Command
Global settings config terminal
Set access user and password username username password password
Set privileged password enable secret password
Set the router name hostname name
Set static route destination subnet-mask next-hop
Start IP routing
Start IPX routing ipx routing
Port settings interface type slot/number
Set IP address ip address address subnet-mask
Set up IPX network ipx network network
Activate the port no shutdown
Physical line settings line type number
Start the login process login [local|tacacs server]
Set login password password
5. Configure IP addressing
1. IP address classification
IP addresses are divided into two parts: network address and host address. The first 8 bits of Class A address are network addresses, the last 24 bits are host addresses, the 16 bits of Class B address are network addresses, the last 16 bits are host addresses, the first 24 bits of Class C address are network addresses, and the last 8 bits are host addresses. The network address range is shown in the following table:
Type Network address range
A 1.0.0.0 to 126.0.0.0 valid 0.0.0.0 and 127.0.0.0.0 are reserved
B 128.1.0.0 to 191.254.0.0 valid 128.0.0.0 and 191.255.0.0 are reserved
C 192.0.1.0 to 223.255.254.0 is valid 192.0.0.0 and 223.255.255.0 are reserved
D 224.0.0.0 to 239.255.255.255.255 for multicast
E 240.0.0.0 to 255.255.255.254 reserved 255.255.255.255 for broadcast
2. Assign the interface IP address
Task Command
Interface type slot/number
Set IP address for interface ip address ip-address mask
Mask is used to identify the number of network address bits in the IP address. The IP address (ip-address) and mask (mask) are combined to obtain the network address.
3. Use variable-length subnet mask
By using variable-length subnet masks, different masks can be used by networks with the same network number on different interfaces, which can save IP addresses and make full use of effective IP address space.
As shown in the figure below:
The E0 ports of Router1 and Router2 use the C-class address 192.1.0.0 as the network address. The E0 of Router1 is 192.1.0.128, the mask is 255.255.255.192, and the network address of E0 of Router2 is 192.1.0.64, and the mask is 255.255.255.192. In this way, a C-class network address is assigned to two networks, which not only divides two subnets, but also plays the role of saving addresses.
4. Use Network Address Translation (NAT)
NAT (Network Address Translation) functions to translate internal private addresses into external legal global addresses. It allows users who do not have legal IP addresses to access the external Internet through NAT.
When establishing an intranet, it is recommended to use the following address groups for hosts, which are reserved by the Network Working Group (RFC 1918) for private network address allocation.
l Class A:10.1.1.1 to 10.254.254.254
l Class B:172.16.1.1 to 172.31.254.254
l Class C:192.168.1.1 to 192.168.254.254
The command description is as follows:
Task Command
Define a standard access list access-list-number permit source [source-wildcard]
Define a global address pool ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length} [type rotary]
Create dynamic address translation ip nat inside source {list {access-list-number | name} pool name [overload] | static local-ip global-ip}
Specify internal and external ports ip nat {inside | outside}
As shown in the figure below,
The router's Ethernet 0 port is an inside port, that is, this port connects to the internal network, and the network connected to this port should be translated. Serial 0 port is an outside port, which has a legal IP address (a legal IP address assigned by the NIC or service provider). The host from network 10.1.1.0/24 will select an address from the IP address pool c2501 as its legal address and access the Internet via Serial 0 port. The command ip nat inside source list 2 pool c2501 parameter overload in overload will allow multiple internal addresses to use the same global address (a legal IP address, which is the address assigned by the NIC or service provider). The command ip nat pool c2501 202.96.38.1 202.96.38.62 netmask 255.255.255.192 defines the scope of the global address.
Settings are as follows:
ip nat pool c2501 202.96.38.1 202.96.38.62 netmask 255.255.255.192
interface Ethernet 0
ip address 10.1.1.1 255.255.255.0
ip nat inside
!
interface Serial 0
ip address 202.200.10.5 255.255.255.252
ip nat outside
!
ip route 0.0.0.0 0.0.0.0 Serial 0
access-list 2 permit 10.0.0.0 0.0.0.255
! Dynamic NAT
!
ip nat inside source list 2 pool c2501 overload
line console 0
exec-timeout 0 0
!
line vty 0 4
end