Tài liệu Cisco Device Operation pdf

Therefore, you can delete, Random access memory RAM Flash Read only memory ROM Non-volatile RAM NVRAM Router interfaces LAN, WAN, CONSOLE, AUX PORT Figure 10.1 Components of a Cisco rout

○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○ ○

10

Cisco Device Operation

Terms you’ll need to understand:

✓ Random access memory (RAM)

✓ Non-volatile random access memory (NVRAM)

✓ Flash

✓ Central processing unit (CPU)

✓ Read-only memory (ROM)

✓ Configuration register

✓ Exec mode

✓ Privilege mode

✓ Trivial File Transfer Protocol (TFTP)

✓ Simple Network Management Protocol (SNMP)

✓ Protocol translation

✓ Debugging

Techniques you’ll need to master:

✓ Issuing infrastructure commands

✓ Viewing router configurations

✓ Using common IOS commands

✓ Configuring protocol translation

This chapter focuses on monitoring and maintaining router networks via IOScommands In particular, this chapter describes Cisco router’s major hardware

components, common show and debug IOS commands, and methods used to

configure protocol translation

This chapter covers the following Cisco device operation CCIE blueprint tives as laid out by the Cisco Systems CCIE program:

objec-➤ Operation commands—show, debug.

➤ Infrastructure—NVRAM, flash, memory, CPU, file system, config reg.

➤ Operations—File transfers, password recovery, Simple Network Management

Protocol (SNMP), accessing devices, password security

As with other chapters in this book, additional information is provided for pleteness and in preparation for additional subjects as the CCIE program expands

com-RAM

Routers use random access memory (RAM) to store the current configurationfile and other important data collected by the router This data includes the IP

routing table and buffer information Buffers temporarily store packets before a

router processes them

RAM information is lost if the router power cycles (loses and regains power) or is

restarted by an administrator To view a router’s current configuration, use the

show running-config IOS command Before IOS version 10.3, administrators used the write terminal command to show a router’s configuration The write terminal command is still valid in today’s IOS releases, but Cisco prefers users to use the show running-config command.

mand was used to view the configuration file stored in NVRAM In IOS

ver-sions 11.0+, both the show config and show startup-config commands will work Again, Cisco prefers to use the show startup-config command.

Flash

Flash is erasable and programmable and is used to store the router’s IOS image.Furthermore, the flash contains a certain amount of space, which varies by routermodel to allow multiple versions of IOS to be stored Therefore, you can delete,

Random access memory (RAM)

Flash Read only

memory (ROM)

Non-volatile RAM (NVRAM)

Router interfaces LAN, WAN, CONSOLE,

AUX PORT

Figure 10.1 Components of a Cisco router.

retrieve, and store new versions of IOS in the flash memory system To view the

flash on a Cisco router, use the show flash IOS command Listing 10.1 shows a

sample flash display on a Cisco 2500 router

Note: On a high-performance router, such as Cisco 4000 series and 7000 series

routers, you can make the flash system look like a file system and store many versions

of IOS In the Cisco 2500 series, routers can partition the flash with the partition flash <number of partition> <size of each partition> command.

Listing 10.1 The show flash command.

R1>sh flash

System flash directory:

File Length Name/status

1 9558976 c2500-ajs40-l.112-17.bin

[9559040 bytes used, 7218176 available, 16777216 total]

16384K bytes of processor board System flash

Listing 10.1 shows that the IOS image c2500-ajs40-l.112-17.bin is currentlystored on the flash

The Cisco 7500 series router provides the option of installing additional

PCMCIA flash memory If this additional memory is installed, the dir slot0 IOS command displays the IOS image stored within.

CPU

The central process unit (CPU) is the heart of a router, and every Cisco routerhas a CPU A CPU manages all the router’s processes, such as IP routing, andnew routing entries, such as remote IP networks learned through some form of

dynamic routing protocol To view a CPU’s status, use the show process IOS

command, as shown in Listing 10.2

Listing 10.2 The (truncated) show process command.

The show process command displays the router utilization within the past five

seconds and the past one minute as well as the average over the last five minutes.Following the CPU utilization statistics are details about specific processes

Read only memory (ROM) stores a scaled-down version of a router’s IOS in theevent that the flash system becomes corrupted or there is no current IOS imagestored in flash ROM also contains the bootstrap program (sometimes referred to

as the rxboot image in Cisco documentation) and device’s power up diagnostics.

You can only perform a software upgrade (that is, perform a software image upgrade

on the ROM) by replacing ROM chips, because the ROM is not programmable

ROM also contains the bootstrap program and power up diagnostics The bootstrap

program enables you to isolate or rule out hardware issues For example, you mayhave a faulty flash card and subsequently the router cannot boot the IOS image.The power diagnostics program tests all the hardware interfaces on the router

ROM mode is the term for when a router is not running as healthy as it should be.

ROM mode contains a limited number of IOS commands, which enable theadministrator to troubleshoot software or hardware problems on a router

The various Cisco model routers have different ROM modes, but in all Cisco

routers, you can issue the ? command in ROM mode to identify the available

commands used to troubleshoot a Cisco IOS-based router

Listing 10.3 provides all the available options on a Cisco 4000 router when the ?

command is used

Listing 10.3 The ? command when in ROM mode.

> ?

? Types this display

$ Toggle cache state

B [filename] [TFTP Server IP address | TFTP Server Name]

Load and execute system image from ROM or from TFTP server

C [address] Continue [optional address]

D /S M L V Deposit value V of size S into location L with

modifier M

E /S M L Examine location L with size S with modifier M

G [address] Begin execution

H Help for commands

I Initialize

K Displays Stack trace

L [filename] [TFTP Server IP address | TFTP Server Name]

Load system image from ROM or from TFTP server, but do not begin execution

O Show software configuration register option settings

P Set break point

S Single step next instruction

T function Test device (? for help)

The options in Listing 10.3 allow you to initialize a router with the I command

once you have finished ROM mode ROM mode enables you to recover lostpasswords, by altering the configuration registers, which will be discussed later inthis chapter

Configuration Registers

A configuration register is a16-bit number that defines how a router will operate

on a power cycle These options include if the IOS will be loaded from flash orROM Configuration registers are used to advise the Cisco IOS router to loadthe configuration file from the NVRAM or to ignore the configuration file stored

in memory for example The default configuration register is displayed as 0x2102

on a Cisco router when converted to binary is shown below:

➤ Bit Number—15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0

➤ Value—0 0 1 0 0 0 0 1 0 0 0 0 0 0 1 0

Keep in mind that the bits are numbered from right to left In the precedingexample, the value is displayed as 0x2102(0010.0001.0000.0010) The function

of the configuration register bits are determined by their position as follows:

➤ Bits 0 through 3—Determines the boot option whether the router loads the

IOS from the flash (binary value is 010) or ROM (binary value is 000)

➤ Bit 4—Reserved.

➤ Bit 5—Reserved

➤ Bit 6—Tells the router to load the configuration from NVRAM if set to 1

and to ignore the NVRAM if set to 0

➤ Bit 7—Indicates whether to ignore the Cisco IOS banner The default setting

is 0 or don’t show the Cisco banner at startup; a 1 bit indicates to show theIOS banner message

➤ Bit 8—Specifies whether to enter ROM mode without power cycling the router.

If bit 8 is set to 1 and the break key is issued while the router is up and runningnormally, the router will go into ROM mode This is a dangerous scenariobecause if this is performed your router immediately stops functioning

➤ Bit 9—Reserved.

➤ Bit 10—Specifies the broadcast address to use where 1 equals the use all 0s

for broadcast at boot (in conjunction with bit 14) Bit 10 interacts with bit 14

➤ Bits 11 and 12—Sets the baud rate of the console port For example, if bits 11

and 12 are set to 00, the baud rate will be 9600 The baud rate 4800 can be setwhen these bits are set to 01, 2400bps is 10 and finally 1200bps is 11

➤ Bit 13—Tells the router to boot from ROM if the flash cannot boot from a

network, such as a TFTP server If bit 13 is set to 0 and no IOS is found, therouter will hang If bit 13 is set to 1 and no IOS is found, the router will bootfrom ROM

➤ Bit 14—Interacts with Bit 10 to define broadcast address The possible

com-binations are shown in Table 10.1

➤ Bit 15—Specifies to enable diagnostics display on startup and ignore the

NVRAM

To view the current configuration register, issue the show version command, as

shown in Listing 10.4 The configuration registers setting is the last line in thecommand output

Listing 10.4 The (truncated) show version command.

R1>show version

Cisco Internetwork Operating System Software

IOS (tm) 2500 Software (C2500-AJS40-L), Version 11.2(17), RELEASE SOFTWARE (fc1)

Copyright (c) 1986-1999 by Cisco Systems, Inc.

Compiled Tue 05-Jan-99 13:27 by ashah

Image text-base: 0x030481E0, data-base: 0x00001000

ROM: System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE

BOOTFLASH: 3000 Bootstrap Software (IGS-RXBOOT),

Version 10.2(8a), RELEASE SOFTWARE

R1 uptime is 6 days, 1 hour, 36 minutes

System restarted by reload

System image file is "flash:c2500-ajs40-l.112-17.bin",

booted via flash

cisco 2520 (68030) processor (revision E) with 8192K/2048K byte Processor board ID 02956210, with hardware revision 00000002

Bridging software.

SuperLAT software copyright 1990 by Meridian Technology Corp.

X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.

TN3270 Emulation software.

Basic Rate ISDN software, Version 1.0.

Table 10.1 Bits 10 and 14 settings.

Bit 14 Bit 10 Address (<net> <host>)

Off Off <ones> <ones>

Off On <zeros> <zeroes>

On On <net> <zeros>

On Off <net> <ones>

1 Ethernet/IEEE 802.3 interface(s)

2 Serial network interface(s)

2 Low-speed serial(sync/async) network interface(s)

1 ISDN Basic Rate interface(s)

32K bytes of non-volatile configuration memory.

16384K bytes of processor board System flash (Read ONLY)

trators can use to view a router’s current configuration

Now that we’ve discussed the hardware basics of Cisco routers, let’s move on tothe review how routers operate While we discuss router operation, we’ll alsocover how administrators can manage Cisco routers

Router Operation

This section concentrates on some of the more common IOS manipulation tasksthat you will be required to master We’ll start by examining how to access rout-ers Then, we’ll look at how to:

➤ Use passwords to provide security

Table 10.2 Common registers and descriptions.

Register Value Description

0x2100 Boots the router using the system bootstrap found in ROM 0x2102 Boots the router using flash and NVRAM This is the

default setting.

0x2142 Boots the router using flash and ignores NVRAM This value is

used to recover passwords or modify configuration parameters.

➤ Copy and back up configurations

➤ Recover passwords

➤ Enable Simple Network Management Protocol management

Methods of Accessing Cisco Routers

A Cisco router can be accessed in number of ways You can physically access arouter via the console port, or you can access a router remotely through a modemvia the auxiliary port You can also access a router via a network or virtual termi-nal ports, which allow Telnet access

If you do not have physical access to a router—either via a console port or anauxiliary port via dial up—you can access a router through the software interface

called the virtual terminal (also referred to as a VTY port) When you Telnet to a

router, you are asked for the VTY password For example, on the following router,R1, the administrator types the remote address of R2 and tries to Telnet to one ofthe VTY ports Listing 10.5 provides the session dialog

Listing 10.5 Using a VTY port to establish a Telnet connection

R1#Telnet 131.108.1.2

Trying 131.108.1.2 Open

show running-config write terminal

show flash

dir slot0:

show interfaces

show startup-config show config

Random access memory (RAM)

Flash Read only

memory (ROM)

Non-volatile RAM (NVRAM)

Router interfaces LAN, WAN, CONSOLE,

AUX PORT

Figure 10.2 Interface IOS commands.

User Access Verification

Password: xxxxx

R2>

In circumstances similar to Listing 10.5, be aware that you will only enter Execmode You are still required to supply a privilege password, or the secret password

if it’s configured, if you want to access the advanced IOS command set

IOS Operational Modes

The Cisco IOS supports a number of modes that permit administrators to cess, view, and configure a router The modes are summarized as follows:

ac-➤ Exec mode—Maintains a limited IOS command set The Exec mode prompt

for a router named R1 is R1> Essentially a limited router operational

view-only mode The Exec mode, which allows a user to view the status of therouter and has a limited number of commands, is displayed with the follow-ing prompt:

R1>

The > (greater than sign) specifies Exec mode.

➤ Priv Exec mode—Provides all available options, including configuration,

de-bug, and test commands The Priv Exec prompt for a router named R1 is

R1# To enter privileged exec mode (Priv Exec mode), which allows users to

have complete control of a router, you must first enable Exec mode and then

enter a valid password The password is known as the enable password After

supplying a valid password, you enter the Priv Exec prompt command (R1#),

as shown in the following code snippet:

R1>enable

Password:

R1#

In the preceding code, the pound sign (#) specifies Priv Exec mode

➤ Global Configuration mode—Enables you to make global configuration changes.

The configuration prompt for a router named R1 is R1(config)#.

➤ Interface Configuration mode—Allows you to modify interface parameters, such as

network and IP addressing The prompt for a router named R1 is R1(config-if )#.

Note: A variety of specialized configuration modes, such as the interface configuration

mode, are available when configuring a route-map, netbios-list, or access-list.

➤ ROM Monitor mode—Enables you to recover a router from some form of

fault For example, ROM Monitor mode enables you to recover passwords or

serve as a backup if flash fails The prompt is > or rommon>.

➤ Setup mode—Provides an interactive mode when a router is first powered up

out of the box You will be prompted for information, such as IP address or

host name You can start this mode by entering the setup command.

As you can see in the preceding list, each mode uses a distinct prompt

Providing Password Security

Cisco routers can have passwords set on all operation modes, including the sole port, privilege mode, and virtual terminal access To set a console password

con-to prevent unauthorized console access con-to the router, issue the commands shown

in Listing 10.6

All passwords are case sensitive

Listing 10.6 Setting a console password

R4(config)#enable password cisco

R1(config)#enable secret ccie

The command to set an enable password is enable password

<password> You can also set a more secure password, called a

secret password, that is encrypted when viewing the configuration

with the enable secret <password>command A secret password

overrides an enable password

In Listing 10.6, the secret password will always be used Now, let’s issue the show running-config command to display the configuration after entering the enable

and secret passwords in the preceding code (see Listing 10.7)

Listing 10.7 The show running-config command after entering enable and

enable secret 5 $1$Aiy2$GGSCYdG57PdRiNg/.D.XI.

enable password cisco

As you can see in Listing 10.7, the secret password is encrypted (using Cisco’sproprietary algorithm) while the enable password is readable This setup enablesyou to hide secret passwords when the configuration is viewed If you desire, you

can also encrypt the enable password by issuing the service password-encryption

command, as displayed in Listing 10.8

Listing 10.8 The service password-encryption command.

R1(config)#service password-encryption

The service password-encryption command encrypts all passwords issued to the

router using the MD5 encryption algorithm Listing 10.9 shows an example ofhow these passwords appear when the configuration is viewed after all passwordshave been encrypted

Listing 10.9 The show running-config command after encrypting all

enable secret 5 $1$Aiy2$GGSCYdG57PdRiNg/.D.XI.

enable password 7 121A0C041104

Notice in Listing 10.9 that both the enable and secret passwords are encrypted

The final Cisco password you can set is the virtual terminal password This

pass-word verifies remote Telnet sessions to a router Listing 10.10 displays the mands necessary to set the virtual terminal password on a Cisco router

com-Listing 10.10 Using the password command to set a virtual terminal

password

R4(config)#line vty 0 4

R4(config-line)#password ccie

If you issue the no login command below the virtual terminal command (line vty

0 4), remote Telnet users will not be asked to supply a password, and they will

automatically enter Exec mode For example:

Copying and Backing Up Configuration Files

Cisco IOS allows you to copy and back up the configuration file and the IOSimage locally or to a remote TFTP server With this feature, you can back upyour configuration and IOS images as well as copy new configurations

To save your configuration to a TFTP server or NVRAM, you must use the copy

command and determine whether you want to copy the startup or running

con-figuration Listing 10.11 provides a complete list of available copy options.

Listing 10.11 The copy command options.

R1#copy ?

flash Copy from system flash

flh-log Copy FLH log file to server

mop Copy from a MOP server

rcp Copy from an rcp server

running-config Copy from current system configuration

startup-config Copy from startup configuration

tftp Copy from a TFTP server

When you issue a copy command, the first statement indicates what you want to

copy and the second statement indicates where the copied information will beplaced For example, to copy a running configuration to NVRAM, you issue thefollowing command:

copy running-config startup-config

Following is a sample display taken from a Cisco 2500 router where the

adminis-trator has issued the copy command to save the running configuration to NVRAM:

R1#copy running-config startup-config

proce-the successful copying from proce-the running configuration to NVRAM

To back up the router’s running configuration to a TFTP server, you use the

following copy command:

Name of configuration file to write [r1-confg]?

Write file wtc-ts2-confg on host 10.72.128.45? [confirm]Y

Note: You need to ensure that the remote TFTP server has been configured with

sufficient write access so that a file can be copied.

To load a new IOS to flash, use the copy command To save the flash to a TFTP server, use the copy tftp flash command as follows:

R1#copy tftp flash

To copy the contents of a router’s flash (IOS Image) to a TFTP server, use the

copy flash tftp command:

im-In IOS versions earlier than version 10.3, the write network command was used

to copy a configuration file to a TFTP server Following is a summary of the

write network commands found in IOS versions predating version 10.3:

R1#write ?

erase Erase NVRAM memory

memory Write to NVRAM memory

network Write to network TFTP server

terminal Write to your terminal

Table 10.3 summarizes common copy commands used to save and restore

con-figuration and IOS files

Password Recovery

Password recovery allows a router administrator to recover a lost or unknownpassword on a Cisco router For password recovery, an administrator must havephysical access to the router via the console or auxiliary port When a user enters

an incorrect enable password, the user receives an error message similar to themessage shown in Listing 10.13

Listing 10.13 An incorrect password error message

When a user receives a % Bad passwords message, the user can neither access the

advanced command set, in this case enable mode, nor make any configurationchanges Fortunately, Cisco provides the following 10-step method that admin-istrators can use to recover a lost password without losing configuration files:

Table 10.3 Common file transfer commands.

copy running-config startup-config Copies the current configuration to NVRAM.

copy startup-config running-config Copies NVRAM to the running RAM.

copy running-config tftp Copies the current configuration to a

TFTP server.

copy tftp running-config Copies a file from a TFTP server to RAM.

copy tftp flash Copies a new IOS image to flash.

copy flash tftp Copies an image on flash to a TFTP server.

1 Power cycle the router.

2 Issue a control break or the break key command on the application to enterinto ROM mode The control break key sequence must be entered within 60seconds of the router restarting

3 Once you are in ROM mode change the config register value to ignore thestartup configuration file that is stored in NVRAM Use the following com-

mand syntax o/r 0x2142.

4 Allow the router to reboot by entering the command i.

5 After the router has finished booting up, without its startup-configuration

look at show startup-config If the password is encrypted, move to Step 6, which requires you to enter the enable mode (type enable and you will not be

required to enter any password) and copy the startup configuration to the

running configuration with the copy startup-config running-config

com-mand Then, change the password

6 Copy the startup configuration to RAM

7 Enable all active interfaces

8 Change the configuration register to 0x2102 (default)

9 Reload router

10 Check the new password

To review, let’s look at an example Assume you are directly connected to routerR1, and you do not know the enable password You first need to power cycle therouter So, you power cycle the router and press the control break key (the Esckey) to enter boot mode Listing 10.14 shows the dialog displayed by the routerafter a break is issued

Listing 10.14 Password recovery dialog on a Cisco router

System Bootstrap, Version 5.2(8a), RELEASE SOFTWARE

Copyright (c) 1986-1995 by cisco Systems

Abort at 0x10EA882 (PC)

!control break issued followed by ? to view help options

>>?

$ Toggle cache state

B [filename] [TFTP Server IP address | TFTP Server Name]

Load and execute system image from ROM

or from TFTP server

C [address] Continue execution [optional address]

D /S M L V Deposit value V of size S into location L with

modifier M