Главная Обзор Помощь
Регистрация Вход
jeremy
/
HON95-wiki
зеркало из https://github.com/HON95/wiki
1
0
Ответвить 0
Файлы Задачи 0 Вики
Дерево: fd6ee42cee
Ветки Метки
HON95-wiki
/
networking
/
cisco-ios-general.md

cisco-ios-general.md 5.0 KB
История Исходник

title: Cisco IOS General breadcrumbs:

  • title: Network --- {% include header.md %}

Software configuration for Cisco switches and routers running IOS or derivatives.

General Configuration

CLI Usage

  • Most commands take effect immediately.
  • Select range of interfaces: int range g1/0/1-52 (example)
  • Reset interface(s): default int [range] <if>[-<end>]
  • CLI interaction:
    • Tab: Auto-complete.
    • ?: Prints the allowed keywords.
    • | <filter>: Can be used to filter the output using one of the filter commands.
  • Show configurations: show [run|start]
    • | section <section> can be used to show a specific section.

Basics

  • Save/load config:
    • Save running config: copy run start or write mem
    • Restore startup config: copy start run
  • System status:
    • Show alarms: show facility-alarm status
  • Interface status:
    • L2/L3 oiverview: sh ip int br
  • Optics:
    • Show transceivers: sh interfaces transceiver

AAA

  • Disable the password-encryption service, use encrypted passwords instead. Perferrably type 9 (scrypt) secrets if available.
  • Set enable secret (for entering privileged EXEC mode): enable algorithm-type scrypt secret <secret>
  • Enable user auth: aaa new-model
  • Local user database:
    • Enable local database: aaa authentication login default local
    • Add user: username <username> privilege 15 algorithm-type scrypt secret <password>
      • privilege 15 means the user will enter directly into privileged EXEC mode.
      • algorithm-type scrypt means it will use the secure scrypt password hashing algorithm.
  • TACACS+:
    • TODO

Lines

  • Includes the console line and vty (telnet/SSH) lines.
  • Configured using line conf. mode: line <con|vty> <n>
  • Set inactivity logout: exec-timeout <min> <sec>
    • 0 0 disables it, which is practical for labs.
  • Enabel synchronous logging for console: logging synchronous
  • (Not recommended) Enable simple password-based console login:
    1. Enter line conf. mode.
    2. Enable login: login
    3. Set console password: password [alg] <password>
  • (Recommended) Enable user-based console login:
    1. Enter line conf. mode.
    2. Enable login: login
    3. Set to use the local database: login authentication default

Tasks

Reset Password

  1. Power off the device.
  2. Connect using serial.
  3. Power on the device and immediately prepare for the next step.
  4. Press Ctrl+Break to enter ROMMON.
  5. Type confreg 0x2142 to make it ignore the startup config.
  6. (Required?) Type sync to save the environment.
  7. Type boot to start booting the IOS image. Wait for it to boot.
  8. Log in using default (no) credentials and make the necessary changes.
    • To reset the startup config, run erase startup-config.
  9. Enter config mode and run config-register 0x2102 to re-enable loading the startup config.
  10. Reboot: reload

Copy Config to Device Using SCP

Note: Copying to the running config will merge it into it instead of overwriting it. Copying it to the startup config instead and restarting is one way around that.

  1. Enable SSH, SCP, default login authentication and default exec authorization.
  2. Backup the old startup config: copy startup-config flash:startup-config.backup
  3. Copy from PC to device: scp new-config.txt admin@10.10.10.10:flash:/new-config (example)
  4. Copy new config to running config to validate it: copy flash:new-config running-config
    • Note that this will merge the two configs, which may lead to some new warnings or errors.
  5. Copy new config to startup config: copy flash:new-config startup-config
  6. Reload: reload

Information

  • Memories:
    • ROM: For bootstrap stuff.
    • Flash: For IOS images.
    • NVRAM: For startup configuration files.
    • RAM: For running config, tables, etc.

Boot

  • IOS image sources (in default order): Flash, TFTP, ROM.
  • Startup config sources (in default order): NVRAM, TFTP, system configuration dialog.
  • Some details may be configured using the configuration register.

Modes

  • User EXEC mode (Router>):
    • Used to run basic, non-privileged commands, like ping or show (limited).
    • Entered when logging in as "not very privileged" users.
  • Privileged EXEC mode (Router#) (aka enable mode):
    • Used to run more privileged (all) commands.
    • Entered when logging in as "privileged" users or when running enable from user EXEC mode.
  • Global configuration mode (Router(config)#) and special configuration mode (Router(config-xxx)#):
    • Used to configure the unit.
    • Global configuration mode is entered by running configure terminal in privileged EXEC mode.
    • "Special" configuration mode (it's not actually collectively called that) is entered when configuring an interface, a virtual router interface, a console line, a VLAN etc. from global configuration mode.
  • Setup mode:
    • Used to interactivly configure some the "basics".
    • Entered when loggin into a factory reset unit or when running setup.
    • Completely useless, never use it.
  • ROM monitor mode (aka ROMMON).

{% include footer.md %}