cisco 640 802 ccna portable command guide 2008 phần 10 pdf

Restoring the Cisco IOS Software from ROM Monitor Mode Using Xmodem 191Figure 16-1 Finding the Cisco IOS Software Image File Do you wish to continue?. 192 Restoring IOS software using tf

Restoring the Cisco IOS Software from ROM Monitor Mode Using Xmodem 191

Figure 16-1 Finding the Cisco IOS Software Image File

Do you wish to continue? y/n [n ]:yy Choose y to continue.

In HyperTerminal, go to Transfer, then Send File (see Figure 16-1) Locate the Cisco IOS Software file

on the hard drive and click Send

(see Figure 16-2).

Router will reload when transfer is completed.

Reset baud rate on router.

Router(config)#llilininneee ccocoonnn 00

Router(config-line)#sspsppeeeeeedd d 99966600000

Router(config-line)#eexexxiiitt HyperTerminal will stop

responding Reconnect to the router using 9600 baud, 8-N-1.

192 Restoring IOS software using tftpdnld

Figure 16-2 Sending the Cisco IOS Software Image File to the Router

Restoring the Cisco IOS Software Using the ROM Monitor

Environmental Variables and tftpdnld Command

NOTE: Commands and environmental variables are case sensitive, so be sure that you have not accidentally added spaces between variables and answers

rommon 1>IIIPPP A_AADDDDDDRRERESESSSSS===119199222 116168688 111000000 11 Indicates the IP address for this

rommon 5>TTTFFFTTPTPP _FFFIILILELEE=== cc2c2266600000-0-j-jjsss -ll_l 11122211-1-3-33 bbbiinin Indicates the filename to fetch

from the TFTP server.

rommon 6>tttfffttptppdddnnnlldld Starts the process.

CHAPTER 17

Password-Recovery Procedures and the Configuration Register

This chapter provides information and commands concerning the following topics:

• The configuration register

— A visual representation

— What the bits mean

— The boot field

— Console terminal baud rate settings

— Changing the console line speed: CLI

— Changing the console line speed: ROM Monitor mode

• Password-recovery procedures for Cisco routers

• Password-recovery procedures for 2960 series switches

The Configuration Register

A Visual Representation

The configuration register is a 16-bit field stored in NVRAM The bits are numbered from 15 to 0 looking at the bit stream from left to right Bits are split up into groups

of 4, and each group is represented by a hexadecimal digit.

router#ssshhhoowow w vvveeerrsrssiiiooonn The last line of output tells you what

the configuration register is set to.

router#cccooonnfnfifiiggguuurreree ttteerermrmmiiinnnaalal Moves to global configuration mode.router(config)#cccooonnnffifiiggg -rreregeggiiissstteteerrr

194 The Configuration Register

What the Bits Mean

The Boot Field

NOTE: Even though there are 16 possible combinations in the boot field, only

3 are used

TIP: Because the default boot field has 14 different ways to represent it, a

configuration register setting of 0x2102 is the same as 0x2109, or 210F The boot system command is described in Chapter 16, “Backing Up and Restoring Cisco

IOS Software and Configurations.”

Bit Number Hexadecimal Meaning

00–03 0x0000–0x000F Boot field.

09 0x0200 Causes system to use secondary bootstrap

(typically not used).

10 0x0400 IP broadcast with all 0s.

5, 11, 12 0x0020, 0x0800,

0x1000

Console line speed.

13 0x2000 Boots default ROM software if network boot fails.

14 0x4000 IP broadcasts do not have net numbers.

15 0x8000 Enables diagnostic messages and ignores NVRAM

contents.

00 Stays at the ROM Monitor on a reload or power cycle

01 Boots the first image in flash memory as a system image

02–F Enables default booting from flash memory

Enables boot system commands that override default booting from

flash memory

The Configuration Register 195

Console Terminal Baud Rate Settings

Changing the Console Line Speed: CLI

TIP: Cisco IOS Software does not allow you to change the console speed bits

directly with the config-register command.

Changing the Console Line Speed: ROM Monitor Mode

router(config)#llilininneee ccocoonnnsssoololelee 00 Enters console line mode

router(config-line)#sspsppeeeeeedd d 11199922020000 Changes speed to 19200 baud

rommon1>cccooonnnffrfrreeegg Shows configuration

summary Step through the questions,

answering with the defaults until you can change the console baud rate.

Configuration Summary

enabled are:

load rom after netboot fails

console baud: 9600

boot: image specified by the boot system commands

or default to: x (name of system image)

196 Password-Recovery Procedures for Cisco Routers

TIP: Make sure that after you change the console baud rate, you change your terminal program to match the same rate!

Password-Recovery Procedures for Cisco Routers

do you wish to change the configuration? y/n [n]: yy

enable “diagonstic mode”? y/n [n]: nn

enable “use net in IP bcast address”? y/n [n]: nn

disable “load rom after netboot fails”? y/n [n]: nn

enable “use all zero broadcast”? y/n [n]: nn

enable “break/abort has effect”? y/n [n]: nn

enable “ignore system config info”? y/n [n]: nn

change console baud rate? y/n [n]: yy

boot: image specified by the boot system commands

or default to: x (name of system image)

change the boot characteristics? y/n [n]: nn After the summary is

shown again, choose n

to not change the configuration and go to the rommon>prompt again.

rommon2>

1700/2600/ISR Series Commands

Step 1: Boot the router

and interrupt the boot

sequence as soon as text

appears on the screen.

Press Ç-ı

>

Press Ç-ırommon 1>

Password-Recovery Procedures for Cisco Routers 197

Step 2: Change the

Step 3: Reload the router. >ii rommon 2>rrreeessseetet

Step 4: Enter privileged

mode (Do not enter setup

mode.)

Router>eenenanaabbblllee Router>eenenanaabbblllee

Step 5: Copy the startup

configuration into the

running configuration.

Router#ccocopoppyyy sststtaaarrrttutupupp-c

-cooonnnffifigigg rrruununnnnniiinngng-g cccoononfnffiiigg

Router#ccocopoppyyy sststtaaarrrttutupupp-c

teeerrrmmimininnaaall

Denver#ccocononnfffiiigguguurrreee t

teeerrrmmimiinnnaaallDenver(config)#eeennanababbllleee

s

seeecccrreretett new

Denver(config)#eeennanaabbblllee es

seeecccrrereettt newDenver(config)# Denver(config)#

Step 7: Reset the

configuration register back

to its default value.

Denver(config)#cccoononfnffiiiggg-r

-reeegggiisiststteeerrr 000xxx22211010022

Denver(config)#cccoononnfffiiigg-gr

-cooonnnffifigigg sssttataarrrtttuupup-p cccoononfnffiiigg

Denver#ccocopoppyyy rruruunnnnnniiningngg-c

-cooonnnffifiiggg sststataarrrtttuupupp -cccoononfnffiiigg

198 Password Recovery for 2960 Series Switches

Password Recovery for 2960 Series Switches

Step 9: Verify the

Configuration register

is 0x2142 (will be 0x2102 at next reload)

Step 10: Reload the router. Denver#rrerelelloooaaadd Denver#rrerelelloooaaadd

Unplug the power supply from the back of the switch.

Press and hold the Mode button on the front of the

switch.

Plug the switch back in.

Release the Mode button when the SYST LED blinks

amber and then turns solid green When you release

the Mode button, the SYST LED blinks green.

Issue the following commands:

switch: ffflllaaasshshh _iiinninitit Initializes the flash memory.switch: llloooaaadd_d hhheeellplpepeerr

switch: dddiiirrr ffflllaaasshsh:h: Do not forget the colon This

displays which files are in flash memory.

switch: bbboooooott Boots the switch.

Password Recovery for 2960 Series Switches 199

When asked whether you want to enter the

configuration dialog, enter n to exit out to the switch

prompt.

Takes you to user mode.

switch>eenennaaabbbllele Enters privileged mode.switch#rrereennnaaammeme e fffllalasasshhh:::ccocoonnnfffiigig.g ooollldd d

f

flllaasashshh:::cccoononnfffiiigg.g.t.tteeexxxtt

Renames the configuration file back to the original name.Destination filename [config.text] Press ®.

768 bytes copied in 0.624 seconds

reloaded Notice the new prompt.

2960Switch#ccocoonnnfffiigiguguurrreee ttteeerrrmmimininnaaall Enters global configuration

This page intentionally left blank

CHAPTER 18

Cisco Discovery Protocol (CDP)

This chapter provides information and commands concerning the following topic:

• Cisco Discovery Protocol (CDP)

Cisco Discovery Protocol

Router#ssshhhoooww w cccdddpp Displays global CDP information

(such as timers)Router#ssshhhoooww w cccdddppp nnneeeiiigghghbhbbooorrsrs Displays information about neighbors

Router#ssshhhoooww w cccdddppp nnneeeiiigghghbhbbooorrsrs s dddeeettataaiiill Displays more detail about the

neighbor deviceRouter#ssshhhoooww w cccdddppp eeennntttrryry y wwwoorordrd Displays information about the device

named wordRouter#ssshhhoooww w cccdddppp eeennntttrryry y ** Displays information about all devices

Router#ssshhhoooww w cccdddppp iiinnnttteererfrffaaaccece Displays information about interfaces

that have CDP runningRouter#ssshhhoooww w cccdddppp iiinnnttteererfrffaaaccece xe Displays information about specific

interface x running CDP

Router#ssshhhoooww w cccdddppp tttrrraaafffffifiicc Displays traffic information—packets

in/out/versionRouter(config)#ccdcddppp hhohoollldddttitimimmeee x Changes the length of time to keep

CDP packetsRouter(config)#ccdcddppp ttitiimmmeeerr xr Changes how often CDP updates are

sentRouter(config)#ccdcddppp rruruunn Enables CDP globally (on by default)

Router(config)#nnonoo cccddpdpp rrruunun Turns off CDP globally

Router(config-if)#cccddpdpp eeennanababblllee Enables CDP on a specific interface

202 Cisco Discovery Protocol

CAUTION: Although CDP is necessary for some management applications, CDP should still be disabled in some instances

Disable CDP globally if

• CDP is not required at all

• The device is located in an insecure environment

Use the command no cdp run to disable CDP globally:

RouterOrSwitch(config)#nnnooo ccdcdpdpp rrruunun

Disable CDP on any interface if

• Management is not being performed

• The switch interface is a nontrunk interface

• The interface is connected to a nontrusted network

Use the interface configuration command no cdp enable to disable CDP on a

Router#cclclleeeaaarr r cccdddpp p tttaaabbbllele Deletes the CDP table

Router#ddedeebbbuuugg g cccdddpp p aaadddjjjaacacceeennnccycy Monitors CDP neighbor information

Router#ddedeebbbuuugg g cccdddpp p eeevvveeenntnttss Monitors all CDP events

Router#ddedeebbbuuugg g cccdddpp p iiipp Monitors CDP events specifically

for IPRouter#ddedeebbbuuugg g cccdddpp p pppaaaccckkekeetttss Monitors CDP packet-related

information

CHAPTER 19

Telnet and SSH

This chapter provides information and commands concerning the following topics:

• Using Telnet to remotely connect to other devices

• Configuring the Secure Shell Protocol (SSH)

Using Telnet to Remotely Connect to Other Devices

The following five commands all achieve the same result: the attempt to connect remotely to the router named Paris at IP address 172.16.20.1.

Any of the preceding commands lead to the following configuration sequence:

Denver>ttteeelllnnenetett pppaararriiiss Enter if ip host command was used previously

to create a mapping of an IP address to the

Paris> As long as vty password is set See the

Caution following this table.

Paris>eexexxiiitt Terminates the Telnet session and returns

you to the Denver prompt.

Denver>

Paris>lloloogggooouutut Terminates the Telnet session and returns

you to the Denver prompt.

204 Using Telnet to Remotely Connect to Other Devices

CAUTION: The following configuration creates a big security hole Never use it

in a live production environment Use it in the lab only!

Denver>

Paris> Ç-Í-6,

release, then press x

Suspends the Telnet session but does not terminate it, and returns you to the Denver prompt.

The line number is listed in the output

gained from the show users command.

Denver(config)#llilininneee vvtvttyyy 00 0 44 Moves to line configuration mode for vty

lines 0–4.

Denver(config-line)

s

seeesssssisiiooonnn l-lliiimmmiitit t x

Limits the number of simultaneous sessions

per vty line to x number.

Configuring the Secure Shell Protocol (SSH) 205

NOTE: A device must have two passwords for a remote user to be able to make changes to your configuration:

• Line vty password (or have it explicitly turned off; see the preceding Caution)

• Enable or enable secret password

Without the enable or enable secret password, a remote user will only be able to

get to user mode, not to privileged mode This is extra security

Configuring the Secure Shell Protocol (SSH)

CAUTION: SSH Version 1 implementations have known security issues It is ommended to use SSH Version 2 whenever possible

rec-NOTE: To work, SSH requires a local username database, a local IP domain, and

an RSA key to be generated

The Cisco implementation of SSH requires Cisco IOS Software to support Shamir-Adleman (RSA) authentication and minimum Data Encryption Standard (DES) encryption—a cryptographic software image

Rivest-Denver(config)#llilininneee vvtvttyyy 00 0 44 Moves you to line configuration mode for vty

lines 0–4.

Denver(config-line)#nnonoo ppapaasssssswwowororrdd The remote user is not challenged when

Telnetting to this device.

Denver(config-line)#nnonoo llloogogigiinn The remote user moves straight to user mode.

This page intentionally left blank

CHAPTER 20

The ping and traceroute Commands

This chapter provides information and commands concerning the following topics:

• ICMP redirect messages

• The ping command

• Examples of using the ping and the extended ping commands

• The traceroute command

ICMP Redirect Messages

The ping Command

The following table describes the possible ping output characters.

Router(config-if)#nnnoo o iiippp rrereedddiiirrereeccctttss Disables ICMP redirects from this

specific interfaceRouter(config-if)#iiipp p rrreeeddidirirreeecccttsts Reenables ICMP redirects from this

specific interface

Router#pppiiinnngg w.x.y.zg Checks for Layer 3 connectivity with

device at address w.x.y.z

Router#pppiiinnngg Enters extended ping mode, which

provides more options

Character Meaning

! Successful receipt of a reply.

Device timed out while waiting for a reply.

U A destination unreachable error protocol data unit (PDU) was

received.

Q Source quench (destination too busy).

208 Examples of Using the ping and the Extended ping Commands

Examples of Using the ping and the Extended ping Commands

& Packet lifetime exceeded.

Router#ppipiinnnggg 117177222 1.16166888 220200 11 Performs a basic Layer 3

test to address.

Router#ppipiinnnggg ppapaarrriisis Same as above but through

the IP host name.

Router#ppipiinnngg Enters extended ping mode;

can now change parameters

Datagram size [100]: ® Enter the size of datagrams

being sent The default

is 100.

Timeout in Seconds [2]: ® Enter the timeout delay

between sending echo requests.

Extended commands [n]: yyyeeses Allows you to configure

extended commands.Source address or interface: 110100 000 1.11000 11 Allows you to explicitly set

where the pings are originating from.

Type of Service [0] Allows you to set the TOS

field in the IP header.

The traceroute Command 209

The traceroute Command

Set DF bit in IP header [no] Allows you to set the DF bit

in the IP header.

Validate reply data? [no] Allows you to set whether

you want validation.

Data Pattern [0xABCD] Allows you to change the

data pattern in the data field

of the ICMP echo request packet.

Loose, Strict, Record, Timestamp,

Verbose[none]: ®

Sweep range of sizes [no]: ®

Type escape sequence to abort

Sending 100, 100-byte ICMP Echos to

addressRouter#ttrtrraaacccee e 11177722.2.1.11666 220200 11 Common shortcut spelling of the traceroute

command