From privileged EXEC mode, other modes can be entered; privileged EXEC mode must be entered before entering these other modes see the next section, “Router Configuration Modes”.. systat D
Trang 1Privileged Mode Command List
Privileged EXEC mode provides a detailed examination of the router and allows
con-figuration changes to be made to the router A specific mode is entered depending upon
the configuration change that is required From privileged EXEC mode, other modes
can be entered; privileged EXEC mode must be entered before entering these other
modes (see the next section, “Router Configuration Modes”)
To accessprivileged modefrom user EXEC mode, type enable (or the abbreviation en):
Router>enable
Password:
Router>en
Password:
You are prompted for a password If you type a question mark (?) at the privileged
mode prompt Router#?, the screen displays a longer list of commands than it would at
the user mode prompt Table 12-2 provides a complete list with descriptions of
privi-leged mode commands
Note that the list of commands varies depending on the type of router platform being
configured
systat Displays information about terminal lines
telnet Opens a Telnet connection
terminal Sets terminal line parameters
tn3270 Opens a TN3270 connection
traceroute Sets a traceroute to the destination
tunnel Opens a tunnel connection
where Lists active connections
xremote Enters Xremote mode
Table 12-1 User ModeCommands (Continued)
Command Description
Trang 2Table 12-2 Privileged Mode Commands
Command Description access-enable Creates a temporary access list entry
access-template Creates a temporary access list entry
atmsig Executes ATM signaling commands
calendar Manages the hardware calendar
clear Resets functions
clock Manages the system clock
configure Enters configuration mode
connect Opens a terminal connection
debug Uses debugging functions (see also undebug)
delete Deletes a file
disable Turns off privileged commands
disconnect Disconnects an existing network connection
enable Turn on privileged commands
erase Erases Flash or configuration memory
format Formats a device
Trang 3lock Locks the terminal
login Logs in as a particular user
mbranch Traces the multicast route down the tree branch
mrbranch Traces the reverse multicast up the tree branch
mrinfo Requests neighbor and version information from a multicast
router
mstat Shows statistics after multiple multicast traceroutes
mtrace Traces reverse multicast path from destination source
name-connection Names an existing network connection
reload Halts and performs a cold return
resume Resumes an active network connection
rlogin Opens an rlogin connection
setup Runs the setup command facility
squeeze Squeezes a device
continues
Table 12-2 Privileged Mode Commands (Continued)
Command Description
Trang 4Router Configuration Modes
Global configuration commands are used in a router to apply configuration statements
that affect the system as a whole Use the privileged EXEC command configure to
enter global configuration mode After this command is entered, a prompt asking for the source of the configuration commands appears, at which you can specify terminal, nvram, or network The default selection is to type in commands from the terminal console Pressing the Enter key begins this configuration method
The first configuration mode is referred to as global configuration mode, or global
con-fig, for short Table 12-3 describes some of the configuration modes that you access from global configuration mode
start-chat Starts a chat script on a line
Systat Displays information about terminal lines
telnet Opens a Telnet connection
terminal Sets terminal-line parameters
tn3270 Opens a TN3270 connection
traceroute Sets a traceroute to the destination
tunnel Opens a tunnel connection
undebug Disables debugging functions (see also debug)
undelete Undeletes a file
verify Verifies the checksum of a Flash file
where Lists active connections
which-route Does an OSI route table lookup and displays results
write Writes running configuration to memory, network, or terminal
xremote Enters Xremote mode
Table 12-2 Privileged Mode Commands (Continued)
Command Description
Trang 5Typing exit at one of these specific configuration modes returns the router to global
configuration mode Pressing Ctrl-Z leaves the configuration modes completely and
returns the router to privileged EXEC mode
Example 12-1 demonstrates this sequence of transitioning between configuration
modes
Table 12-3 Router Configuration Modes
Configuration Mode Prompt
Example 12-1 Navigating Privileged EXEC, Global Config, and Specific Configuration Modes
Router# configure terminal
Router(config)#(commands)
Router(config)# exit
Router#
Router#configure terminal
Router(config)# router protocol
Router(config-router)#(commands)
Router(config-router)# exit
Router(config)#interface type port
Router(config-if)#(commands)
Router(config-if)# exit
Router(config)# exit
Router#
Trang 6Router Startup Modes
Whether it is accessed from the console or by a Telnet session through a vty port,
a router can be placed in several modes Each mode provides different functions:
■ ROM monitor mode is generally a recovery mode It allows certain configuration
tasks, such as recovering a lost password or downloading software (IOS) The router boots into ROM monitor mode if the router does not find a valid system image or if the boot sequence is interrupted during startup In many routers, Rommon> is the default prompt for ROM monitor mode
■ Setup mode is a prompted dialog that helps users create a first-time basic
config-uration Setup mode consists of a series of questions with default answers in brackets Setup mode does not have a defining default prompt The router prompts the user to enter setup mode if a valid startup configuration file is not
found Setup can also be entered by typing setup from privileged mode Note that
setup mode also can be invoked manually if the user erased the NVRAM and rebooted the router
■ RXBoot mode is a special mode that the router can enter by changing the
set-tings of the configuration register and rebooting the router RXBoot mode pro-vides the router with a subset of Cisco IOS Software and enters a streamlined setup mode The streamlined setup mode differs from the standard setup mode because streamlined setup does not configure global router parameters There are prompts only to configure interface parameters, which permit the router to boot This allows the router to boot when it cannot find a valid Cisco IOS Software image in Flash memory The default prompt is the host name followed by
<boot>
Table 12-4 briefly describes some of the commonly used configuration commands
Table 12-4 Selection of Router Configuration Commands
configure terminal Configures manually from the console
termi-nal
configure memory Loads configuration information from
NVRAM
copy tftp running-config Loads configuration information from a
net-work TFTP server into RAM
show running-config Displays the current configuration in RAM
Trang 7Use the commands shown in Figure 12-1 for routers running Cisco IOS Software
Release 11.0 or later
Figure 12-1 Configuration File Commands
Configuring a Router Name
One of the first basic configuration tasks is to name the router, as shown in Example 12-2
Naming a router helps to better manage the network by uniquely identifying each
router within the network The router is named in global configuration mode The
name of the router is called the host name and is displayed as the system prompt If a
router is not named, the system default is Router
copy running-config startup-config Stores the current configuration from RAM
into NVRAM
copy running-config tftp Stores the current configuration from RAM on
a network TFTP server
show startup-config Displays the saved configuration, which is the
contents of NVRAM
erase startup-config Erases the contents of NVRAM
Table 12-4 Selection of Router Configuration Commands (Continued)
Console or Terminal
config term show running-config
show startup-config erase startup-config
Bit Bucket
copy tftp startup-config
TFTP Server (IP Only)
NVRAM
config memory copy running-config startup-config
copy tftp running-config copy running-config tftp
RAM
Trang 8Configuring and Protecting Router Passwords
A router can be secured to restrict access by using passwords Passwords can be estab-lished for virtual terminal lines and the console line Privileged mode EXEC also can have a password
From global configuration mode, use the enable password command to restrict access
to privileged mode This password, however, will be visible from the router’s configu-ration files To enter an encrypted password in privileged mode, use the command
enable secret If an enable secret password is configured, it is used instead of the enable
password From the configuration files, a person can view only the encryption, not the actual password
Enable secret passwords cannot be read; another user might be able to break into the configuration, but the only thing that can be done is to overwrite the password because it is one-way encrypted and cannot be converted back to clear text
Passwords can be further protected from display through the use of the service
password-encryption command This command is entered from global configuration
mode
The line console 0 configuration mode can be used to establish a login password on the console terminal This is useful on a network on which multiple people have access to the router This prevents anyone not authorized from accessing the router
Telnet requires a password check Different hardware platforms have different num-bers of vty lines defined The range 0 through 4 is used to specify five vty lines These five incoming Telnet sessions can be simultaneous The same password can be used for
Example 12-2 Naming a Router
Router(config)#hostname Cougars Cougars(config)#
Lab Activity CLI Modes and Router Identification
In this lab, you identify the basic router modes of user and privilege You also use several commands that will enter specific modes to become familiar with the router prompt for each mode In addition, you name the router
Trang 9all lines, or one line can be set uniquely This often is used in large networks with many
network administrators If a catastrophic problem occurs on a network and all
com-mon vty lines are used, the one unique line can be reserved for recovery
Use the command line vty 0 4 to establish a login password on incoming Telnet
sessions Example 12-3 demonstrates the different ways to configure and protect
passwords
Examining the show Commands
Many show commands exist, which help examine the contents of files in the router
and are useful in troubleshooting From each mode in the router, the show ? command
can be used to see all the available options Table 12-5 lists some of the show
com-mand options
Example 12-3 Configuring/Protecting Passwords
! Console Password
Router(config)# line console 0
Router(config-line)# login
Router(config-line)# password cisco
! Virtual Terminal Password
Router(config)# line vty 0 4
Router(config-line)# login
Router(config-line)# password cisco
! Enable Password
Router(config)# enable password san-fran
!Perform Password Encryption
Router(config)# service password encryption set password here
Router(config)# no service password encryption
Lab Activity Configuring Router Passwords
In this lab, you configure passwords for the console, virtual terminals, and a secret password
Trang 10Examples 12-4, 12-5, and 12-6 display sample output from the show protocols, show
version, and show interfaces commands, respectively.
Table 12-5 show Commands
show interfaces Displays all the statistics for all the interfaces on the
router If a user wants to view the statistics for a
spe-cific interface, he can enter the show interfaces
com-mand followed by the specific interface and port number For example:
Router# show interfaces serial 1
show controllers serial Displays information specific to the interface
hard-ware
show clock Displays the time set in the router
show hosts Displays a cached list of host names and addresses
show users Displays all users who are connected to the router
show history Displays a history of commands that have been
entered
show flash Displays information about Flash memory and what
Cisco IOS Software files are stored there
show version Displays information about the Cisco IOS Software
image that is running in RAM
show arp Displays the router’s address resolution (ARP) table
show protocol Displays the global and interface-specific status of
any configured Layer 3 protocols
show startup-configuration Displays the saved configuration located in NVRAM
show running-configuration Displays the configuration currently running in
RAM
Example 12-4 show protocols Command Output
Router# show protocols Global values:
Internet Protocol routing is enabled DECnet routing is enabled