Using the Cisco IOS CLI to Perform Initial Configuration
This section contains the following procedures:
Configuring the Router Hostname
The hostname is used in CLI prompts and default configuration filenames. If you do not configure the router hostname, the router uses the factory-assigned default hostname “Router.”
Do not expect capitalization and lower casing to be preserved in the hostname. Uppercase and lowercase characters are treated as identical by many Internet software applications. It may seem appropriate to capitalize a name as you would ordinarily do, but conventions dictate that computer names appear in all lowercase characters. For more information, see RFC 1178, Choosing a Name for Your Computer.
The name must also follow the rules for Advanced Research Projects Agency Network (ARPANET) hostnames. They must start with a letter, end with a letter or digit, and have as interior characters only letters, digits, and hyphens. Names must be 63 characters or fewer. For more information, see RFC 1035, Domain Names—Implementation and Specification.
SUMMARY STEPS
1. enable
2. configure terminal
3. hostname name
4. Verify that the router prompt displays your new hostname.
5. end
DETAILED STEPS
|
|
|
Step 1 |
enable
Router> enable |
Enables privileged EXEC mode.
- Enter your password if prompted.
|
Step 2 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
hostname name
Router(config)# hostname myrouter |
Specifies or modifies the hostname for the network server. |
Step 4 |
Verify that the router prompt displays your new hostname.
myrouter(config)# |
— |
Step 5 |
end
myrouter# end |
(Optional) Returns to privileged EXEC mode. |
Configuring the Enable and Enable Secret Passwords
To provide an additional layer of security, particularly for passwords that cross the network or are stored on a TFTP server, you can use either the enable password command or enable secret command. Both commands accomplish the same thing—they allow you to establish an encrypted password that users must enter to access privileged EXEC (enable) mode.
We recommend that you use the enable secret command because it uses an improved encryption algorithm. Use the enable password command only if you boot an older image of the Cisco IOS software or if you boot older boot ROMs that do not recognize the enable secret command.
For more information, see the “Configuring Passwords and Privileges” chapter in Cisco IOS Security Configuration Guide. Also see the Cisco IOS Password Encryption Facts tech note and the Improving Security on Cisco Routers tech note.
Restrictions
If you configure the enable secret command, it takes precedence over the enable password command; the two commands cannot be in effect simultaneously.
SUMMARY STEPS
1. enable
2. configure terminal
3. enable password password
4. enable secret password
5. end
6. enable
7. end
DETAILED STEPS
|
|
|
Step 1 |
enable
Router> enable |
Enables privileged EXEC mode.
- Enter your password if prompted.
|
Step 2 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
enable password password
Router(config)# enable password pswd2 |
(Optional) Sets a local password to control access to various privilege levels.
- We recommend that you perform this step only if you boot an older image of the Cisco IOS software or if you boot older boot ROMs that do not recognize the enable secret command.
|
Step 4 |
enable secret password
Router(config)# enable secret greentree |
Specifies an additional layer of security over the enable password command.
- Do not use the same password that you entered in Step 3.
|
Step 5 |
end
Router(config)# end |
Returns to privileged EXEC mode. |
Step 6 |
enable
Router> enable |
Enables privileged EXEC mode.
- Verify that your new enable or enable secret password works.
|
Step 7 |
end
Router(config)# end |
(Optional) Returns to privileged EXEC mode. |
Configuring the Console Idle Privileged EXEC Timeout
This section describes how to configure the console line’s idle privileged EXEC timeout. By default, the privileged EXEC command interpreter waits 10 minutes to detect user input before timing out.
When you configure the console line, you can also set communication parameters, specify autobaud connections, and configure terminal operating parameters for the terminal that you are using. For more information on configuring the console line, see the “Configuring Operating Characteristics for Terminals” chapter in Cisco IOS Configuration Fundamentals Configuration Guide, and “Troubleshooting, Fault Management, and Logging” chapter in the Cisco IOS Network Management Configuration Guide.
SUMMARY STEPS
1. enable
2. configure terminal
3. line console 0
4. exec-timeout minutes [ seconds ]
5. end
6. show running-config
DETAILED STEPS
|
|
|
Step 1 |
enable
Router> enable |
Enables privileged EXEC mode.
- Enter your password if prompted.
|
Step 2 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
line console 0
Router(config)# line console 0 |
Configures the console line and starts the line configuration command collection mode. |
Step 4 |
exec-timeout minutes [ seconds ]
Router(config-line)# exec-timeout 0 0 |
Sets the idle privileged EXEC timeout, which is the interval that the privileged EXEC command interpreter waits until user input is detected.
- The example shows how to specify no timeout. Setting the exec-timeout value to 0 causes the router to never log out once logged in. This could have security implications if you leave the console without manually logging out using the disable command.
|
Step 5 |
end
Router(config)# end |
Returns to privileged EXEC mode. |
Step 6 |
show running-config
Router(config)# show running-config |
Displays the running configuration file.
- Verify that you properly configured the idle privileged EXEC timeout.
|
Examples
The following example shows how to set the console idle privileged EXEC timeout to 2 minutes 30 seconds:
The following example shows how to set the console idle privileged EXEC timeout to 10 seconds:
Configuring Gigabit Ethernet Interfaces
This sections shows how to assign an IP address and interface description to an Ethernet interface on your router.
For comprehensive configuration information on Gigabit Ethernet interfaces, see the “Configuring LAN Interfaces” chapter of Cisco IOS Interface and Hardware Component Configuration Guide, http://www.cisco.com/en/US/docs/ios/12_2/interface/configuration/guide/icflanin.html
For information on interface numbering, see Software Configuration Guide for your router.
SUMMARY STEPS
1. enable
2. show ip interface brief
3. configure terminal
4. interface gigabitethernet 0/ port
5. description string
6. ip address ip-address mask
7. no shutdown
8. end
9. show ip interface brief
DETAILED STEPS
|
|
|
Step 1 |
enable
Router> enable |
Enables privileged EXEC mode.
- Enter your password if prompted.
|
Step 2 |
show ip interface brief
Router# show ip interface brief |
Displays a brief status of the interfaces that are configured for IP.
- Learn which type of Ethernet interface is on your router.
|
Step 3 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 4 |
interface gigabitethernet 0/ port
Router(config)# interface gigabitethernet 0/0 |
Specifies the gigabit Ethernet interface and enters interface configuration mode. Note For information on interface numbering, see Software Configuration Guide. |
Step 5 |
description string
Router(config-if)# description GE int to 2nd floor south wing |
(Optional) Adds a description to an interface configuration.
- The description helps you remember what is attached to this interface. The description can be useful for troubleshooting.
|
Step 6 |
ip address ip-address mask
Router(config-if)# ip address 172.16.74.3 255.255.255.0 |
Sets a primary IP address for an interface. |
Step 7 |
no shutdown
Router(config-if)# no shutdown |
Enables an interface. |
Step 8 |
end
Router(config)# end |
Returns to privileged EXEC mode. |
Step 9 |
show ip interface brief
Router# show ip interface brief |
Displays a brief status of the interfaces that are configured for IP.
- Verify that the Ethernet interfaces are up and configured correctly.
|
Examples
Configuring the GigabitEthernet Interface: Example
interface GigabitEthernet0/0
description GE int to HR group
ip address 172.16.3.3 255.255.255.0
Sample Output for the show ip interface brief Command
Router# show ip interface brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 172.16.3.3 YES NVRAM up up
GigabitEthernet0/1 unassigned YES NVRAM administratively down down
Specifying a Default Route or Gateway of Last Resort
This section describes how to specify a default route with IP routing enabled. For alternative methods of specifying a default route, see the Configuring a Gateway of Last Resort Using IP Commands tech note.
The Cisco IOS software uses the gateway (router) of last resort if it does not have a better route for a packet and if the destination is not a connected network. This section describes how to select a network as a default route (a candidate route for computing the gateway of last resort). The way in which routing protocols propagate the default route information varies for each protocol.
For comprehensive configuration information about IP routing and IP routing protocols, see Cisco IOS IP Configuration Guide. In particular, see the “Configuring IP Addressing” chapter and all “Part 2: IP Routing Protocols” chapters.
IP Routing
You can configure integrated routing and bridging (IRB) so the router can route and bridge simultaneously. The router will act as an IP host on the network whether routing is enabled or not. To read more about IRB see the following URL at Cisco.com:
http://www.cisco.com/en/US/tech/tk389/tk815/tk855/tsd_technology_support_sub-protocol_home.html
IP routing is automatically enabled in the Cisco IOS software. When IP routing is configured, the system will use a configured or learned route to forward packets, including a configured default route.
Note This task section does not apply when IP routing is disabled. To specify a default route when IP routing is disabled, see the Configuring a Gateway of Last Resort Using IP Commands tech note at Cisco.com.
Default Routes
A router might not be able to determine the routes to all other networks. To provide complete routing capability, the common practice is to use some routers as smart routers and give the remaining routers default routes to the smart router. (Smart routers have routing table information for the entire internetwork.) These default routes can be passed along dynamically, or can be configured into the individual routers.
Most dynamic interior routing protocols include a mechanism for causing a smart router to generate dynamic default information that is then passed along to other routers.
Default Network
If a router has an interface that is directly connected to the specified default network, the dynamic routing protocols running on the router will generate or source a default route. In the case of RIP, the router will advertise the pseudo network 0.0.0.0. In the case of IGRP, the network itself is advertised and flagged as an exterior route.
A router that is generating the default for a network also may need a default of its own. One way a router can generate its own default is to specify a static route to the network 0.0.0.0 through the appropriate device.
Gateway of Last Resort
When default information is being passed along through a dynamic routing protocol, no further configuration is required. The system periodically scans its routing table to choose the optimal default network as its default route. In the case of RIP, there is only one choice, network 0.0.0.0. In the case of IGRP, there might be several networks that can be candidates for the system default. The Cisco IOS software uses both administrative distance and metric information to determine the default route (gateway of last resort). The selected default route appears in the gateway of last resort display of the show ip route EXEC command.
If dynamic default information is not being passed to the software, candidates for the default route are specified with the ip default-network global configuration command. In this usage, the ip default-network command takes an unconnected network as an argument. If this network appears in the routing table from any source (dynamic or static), it is flagged as a candidate default route and is a possible choice as the default route.
If the router has no interface on the default network, but does have a route to it, it considers this network as a candidate default path. The route candidates are examined and the best one is chosen, based on administrative distance and metric. The gateway to the best default path becomes the gateway of last resort.
SUMMARY STEPS
1. enable
2. configure terminal
3. ip routing
4. ip route dest-prefix mask next-hop-ip-address [ admin-distance ] [ permanent ]
5. ip default-network network-number
or
ip route dest-prefix mask next-hop-ip-address
6. end
7. show ip route
DETAILED STEPS
|
|
|
Step 1 |
enable
Router> enable |
Enables privileged EXEC mode.
- Enter your password if prompted.
|
Step 2 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
ip routing
Router(config)# ip routing |
Enables IP routing. |
Step 4 |
ip route dest-prefix mask next-hop-ip-address [ admin-distance ] [ permanent ]
Router(config)# ip route 192.168.24.0 255.255.255.0 172.28.99.2 |
Establishes a static route. |
Step 5 |
ip default-network network-number or ip route dest-prefix mask next-hop-ip-address
Router(config)# ip default-network 192.168.24.0
Router(config)# ip route 0.0.0.0 0.0.0.0 172.28.99.1 |
Selects a network as a candidate route for computing the gateway of last resort. Creates a static route to network 0.0.0.0 0.0.0.0 for computing the gateway of last resort. |
Step 6 |
end
Router(config)# end |
Returns to privileged EXEC mode. |
Step 7 |
show ip route
Router# show ip route |
Displays the current routing table information.
- Verify that the gateway of last resort is set.
|
Examples
Specifying a Default Route: Example
ip route 192.168.24.0 255.255.255.0 172.28.99.2
ip default-network 192.168.24.0
Sample Output for the show ip route Command
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
Gateway of last resort is 172.28.99.2 to network 192.168.24.0
172.24.0.0 255.255.255.0 is subnetted, 1 subnets
C 172.24.192.0 is directly connected, GigaEthernet0
S 172.24.0.0 255.255.0.0 [1/0] via 172.28.99.0
S* 192.168.24.0 [1/0] via 172.28.99.2
172.16.0.0 255.255.255.0 is subnetted, 1 subnets
C 172.16.99.0 is directly connected, GigaEthernet1
SUMMARY STEPS
1. enable
2. configure terminal
3. line vty line-number [ ending-line-number ]
4. password password
5. login
6. end
7. show running-config
8. From another network device, attempt to open a Telnet session to the router.
DETAILED STEPS
|
|
|
Step 1 |
enable
Router> enable |
Enables privileged EXEC mode.
- Enter your password if prompted.
|
Step 2 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
line vty line-number [ ending-line-number ]
Router(config)# line vty 0 4 |
Starts the line configuration command collection mode for the virtual terminal lines (vty) for remote console access.
- Make sure that you configure all vty lines on your router.
Note To verify the number of vty lines on your router, use the line vty ? command. |
Step 4 |
password password
Router(config-line)# password guessagain |
Specifies a password on a line. |
Step 5 |
login
Router(config-line)# login |
Enables password checking at login. |
Step 6 |
end
Router(config-line)# end |
Returns to privileged EXEC mode. |
Step 7 |
show running-config
Router# show running-config |
Displays the running configuration file.
- Verify that you properly configured the virtual terminal lines for remote access.
|
Step 8 |
From another network device, attempt to open a Telnet session to the router.
Router# 172.16.74.3 Password: |
Verifies that you can remotely access the router and that the virtual terminal line password is correctly configured. |
Examples
The following example shows how to configure virtual terminal lines with a password:
What to Do Next
After you configure the vty lines, follow these steps:
- (Optional) To encrypt the virtual terminal line password, see the “Configuring Passwords and Privileges” chapter in Cisco IOS Security Configuration Guide. Also see the Cisco IOS Password Encryption Facts tech note.
- (Optional) To secure the VTY lines with an access list, see “Part 3: Traffic Filtering and Firewalls” in the Cisco IOS Security Configuration Guide.
SUMMARY STEPS
1. enable
2. configure terminal
3. line aux 0
4. See the tech notes and sample configurations to configure the line for your particular implementation of the AUX port.
DETAILED STEPS
|
|
|
Step 1 |
enable
Router> enable |
Enables privileged EXEC mode.
- Enter your password if prompted.
|
Step 2 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
line aux 0
Router(config)# line aux 0 |
Starts the line configuration command collection mode for the auxiliary line. |
Step 4 |
See the tech notes and sample configurations to configure the line for your particular implementation of the AUX port. |
— |
Verifying Network Connectivity
This section describes how to verify network connectivity for your router.
Prerequisites
- Complete all previous configuration tasks in this document.
- The router must be connected to a properly configured network host.
SUMMARY STEPS
1. enable
2. ping [ ip-address | hostname ]
3. telnet { ip-address | hostname }
DETAILED STEPS
|
|
|
Step 1 |
enable
Router> enable |
Enables privileged EXEC mode.
- Enter your password if prompted.
|
Step 2 |
ping [ ip-address | hostname ]
Router# ping 172.16.74.5 |
Diagnoses initial network connectivity.
- To verify connectivity, ping the next hop router or connected host for each configured interface to.
|
Step 3 |
telnet { ip-address | hostname }
Router# telnet 10.20.30.40 |
Logs in to a host that supports Telnet.
- If you want to test the vty line password, perform this step from a different network device, and use your router’s IP address.
|
Examples
The following display shows sample output for the ping command when you ping the IP address 192.168.7.27:
Target IP address: 192.168.7.27
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.7.27, timeout is 2 seconds:
Success rate is 100 percent, round-trip min/avg/max = 1/2/4 ms
The following display shows sample output for the ping command when you ping the IP hostname username1 :
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.7.27, timeout is 2 seconds:
Success rate is 100 percent, round-trip min/avg/max = 1/3/4 ms
Saving Your Router Configuration
This section describes how to avoid losing your configuration at the next system reload or power cycle by saving the running configuration to the startup configuration in NVRAM. The NVRAM provides 256KB of storage on the router.
SUMMARY STEPS
1. enable
2. copy running-config startup-config
DETAILED STEPS
|
|
|
Step 1 |
enable
Router> enable |
Enables privileged EXEC mode.
- Enter your password if prompted.
|
Step 2 |
copy running-config startup-config
Router# copy running-config startup-config |
Saves the running configuration to the startup configuration. |
Saving Backup Copies of Configuration and System Image
To aid file recovery and minimize downtime in case of file corruption, we recommend that you save backup copies of the startup configuration file and the Cisco IOS software system image file on a server.
SUMMARY STEPS
1. enable
2. copy nvram:startup-config { ftp: | rcp: | tftp: }
3. show {flash0 | flash1}:
4. copy {flash0 | flash1}: { ftp: | rcp: | tftp: }
DETAILED STEPS
|
|
|
Step 1 |
enable
Router> enable |
Enables privileged EXEC mode.
- Enter your password if prompted.
|
Step 2 |
copy nvram:startup-config { ftp: | rcp: | tftp: }
Router# copy nvram:startup-config ftp: |
Copies the startup configuration file to a server.
- The configuration file copy can serve as a backup copy.
- Enter the destination URL when prompted.
|
Step 3 |
show {flash0 | flash1}:
Router# show {flash0|flash1} : |
Displays the layout and contents of a flash memory file system.
- Learn the name of the system image file.
|
Step 4 |
copy {flash0 | flash1}: { ftp: | rcp: | tftp: }
Router# copy {flash0|flash1}: ftp : |
Copies a file from flash memory to a server.
- Copy the system image file to a server to serve as a backup copy.
- Enter the filename and destination URL when prompted.
|
Examples
Copying the Startup Configuration to a TFTP Server: Example
The following example shows the startup configuration being copied to a TFTP server:
Router# copy nvram:startup-config tftp:
Remote host[]? 172.16.101.101
Name of configuration file to write [rtr2-confg]? <cr>
Write file rtr2-confg on host 172.16.101.101?[confirm] <cr>
Copying from Flash Memory to a TFTP Server: Example
The following example shows the use of the show {flash0|flash1}: command in privileged EXEC to learn the name of the system image file and the use of the copy {flash0|flash1}: tftp: privileged EXEC command to copy the system image (c3900-2is-mz) to a TFTP server. The router uses the default username and password.
Router# show {flash0|flash1}:
[4137952 bytes used, 12639264 available, 16777216 total]
16384K bytes of processor board System flash (Read/Write)\
Router# copy {flash0|flash1}: tftp:
IP address of remote host [255.255.255.255]? 172.16.13.110
filename to write on tftp host? c3600-c2is-mz
writing c3900-c2is-mz !!!!...