Cisco Commands
IP Addressing Commands
arp (global)
arp (interface)
arp timeout
clear arp-cache
clear host
clear ip nat translation
clear ip nhrp
clear ip route
ip address
ip broadcast-address
ip classless
ip default-gateway
ip directed-broadcast
ip domain-list
ip domain-lookup
ip domain-lookup nsap
ip domain-name
ip forward-protocol
ip forward-protocol any-local-broadcast
ip forward-protocol spanning-tree
ip forward-protocol turbo-flood
ip helper-address
ip host
ip hp-host
ip irdp
ip mobile arp
ip name-server
ip nat
ip nat inside destination
ip nat inside source
ip nat outside source
ip nat pool
ip nat translation
ip netmask-format
ip nhrp authentication
ip nhrp holdtime
ip nhrp interest
ip nhrp map
ip nhrp map multicast
ip nhrp max-send
ip nhrp network-id
ip nhrp nhs
ip nhrp record
ip nhrp responder
ip nhrp use
ip probe proxy
ip proxy-arp
ip redirects
ip routing
ip subnet-zero
ip unnumbered
ping (privileged)
ping (user)
show arp
show hosts
show ip aliases
show ip arp
show ip interface
show ip irdp
show ip masks
show ip nat statistics
show ip nat translations
show ip nhrp
show ip nhrp traffic
show ip redirects
term ip netmask-format
trace (privileged)
trace (user)
tunnel mode
IP Addressing Commands
This chapter describes the function and displays the syntax for IP addressing commands. For more information about defaults and usage guidelines, see the corresponding chapter of the Network Protocols Command Reference, Part 1.
arp (global)
To add a permanent entry in the Address Resolution Protocol (ARP) cache, use the arp global configuration command. To remove an entry from the ARP cache, use the no form of this command.
arp ip-address hardware-address type [alias]
no arp ip-address hardware-address type [alias]
| ip-address | IP address in four-part dotted-decimal format corresponding to the local data link address. |
| hardware-address | Local data link address (a 48-bit address). |
| type | Encapsulation description. For Ethernet interfaces, this is typically the arpa keyword. For Fiber Distributed Data Interface (FDDI) and Token Ring interfaces, this is always snap. |
| alias | (Optional) Indicates that the Cisco IOS software should respond to ARP requests as if it were the owner of the specified address. |
arp (interface)
To control the interface-specific handling of IP address resolution into 48-bit Ethernet, FDDI, and Token Ring hardware addresses, use the arp interface configuration command. To disable an encapsulation type, use the no form of this command.
arp {arpa | probe | snap}
no arp {arpa | probe | snap}
| arpa | Standard Ethernet-style ARP (RFC 826). |
| probe | HP Probe protocol for IEEE-802.3 networks. |
| snap | ARP packets conforming to RFC 1042. |
arp timeout
To configure how long an entry remains in the ARP cache, use the arp timeout interface configuration command. To restore the default value, use the no form of this command.
arp timeout seconds
no arp timeout seconds
| seconds | Time (in seconds) that an entry remains in the ARP cache. A value of zero means that entries are never cleared from the cache. |
clear arp-cache
To delete all dynamic entries from the ARP cache, to clear the fast-switching cache, and to clear the IP route cache, use the clear arp-cache EXEC command.
clear arp-cache
clear host
To delete entries from the host-name-and-address cache, use the clear host EXEC command.
clear host {name | *}
| name | Particular host entry to remove. |
| * | Removes all entries. |
clear ip nat translation
To clear dynamic Network Address Translation (NAT) translations from the translation table, use the clear ip nat translation EXEC command.
clear ip nat translation {* | [inside global-ip local-ip] [outside local-ip global-ip]}
clear ip nat translation protocol inside global-ip global-port local-ip local-port [outside
local-ip global-ip]
| * | Clears all dynamic translations. |
| inside | Clears the inside translations containing the specified global-ip and local-ip addresses. |
| global-ip | When used without the arguments protocol, global-port, and local-port, clears a simple translation that also contains the specified local-ip address. When used with the arguments protocol, global-port, and local-port, clears an extended translation. |
| local-ip | (Optional) Clears an entry that contains this local IP address and the specified global-ip address. |
| outside | Clears the outside translations containing the specified global-ip and local-ip addresses. |
| protocol | (Optional) Clears an entry that contains this protocol and the specified global-ip address, local-ip address, global-port, and local-port. |
| global-port | (Optional) Clears an entry that contains this global-port and the specified protocol, global-ip address, local-ip address, and local-port. |
| local-port | (Optional) Clears an entry that contains this local-port and the specified protocol, global-ip address, local-ip address, and global-port. |
clear ip nhrp
To clear all dynamic entries from the Next Hop Resolution Protocol (NHRP) cache, use the clear ip nhrp EXEC command.
clear ip nhrp
clear ip route
To delete routes from the IP routing table, use the clear ip route EXEC command.
clear ip route {network [mask] | *}
| network | Network or subnet address to remove. |
| mask | (Optional) Subnet address to remove. |
| * | Removes all routing table entries. |
ip address
To set a primary or secondary IP address for an interface, use the ip address interface configuration command. To remove an IP address or disable IP processing, use the no form of this command.
ip address ip-address mask [secondary]
no ip address ip-address mask [secondary]
| ip-address | IP address. |
| mask | Mask for the associated IP subnet. |
| secondary | (Optional) Specifies that the configured address is a secondary IP address. If this keyword is omitted, the configured address is the primary IP address. |
ip broadcast-address
To define a broadcast address for an interface, use the ip broadcast-address interface configuration command. To restore the default IP broadcast address, use the no form of this command.
ip broadcast-address [ip-address]
no ip broadcast-address [ip-address]
| ip-address | (Optional) IP broadcast address for a network. |
ip classless
At times the router might receive packets destined for a subnet of a network that has no network default route. To have the Cisco IOS software forward such packets to the best supernet route possible, use the ip classless global configuration command. To disable this feature, use the no form of this command.
ip classless
no ip classless
ip default-gateway
To define a default gateway (router) when IP routing is disabled, use the ip default-gateway global configuration command. To disable this function, use the no form of this command.
ip default-gateway ip-address
no ip default-gateway ip-address
| ip-address | IP address of the router. |
ip directed-broadcast
To enable the translation of directed broadcast to physical broadcasts, use the ip directed-broadcast interface configuration command. To disable this function, use the no form of this command.
ip directed-broadcast [access-list-number]
no ip directed-broadcast [access-list-number]
| access-list-number | (Optional) Number of the access list. If specified, a broadcast must pass the access list to be forwarded. If not specified, all broadcasts are forwarded. |
ip domain-list
To define a list of default domain names to complete unqualified host names, use the ip domain-list global configuration command. To delete a name from a list, use the no form of this command.
ip domain-list name
no ip domain-list name
| name | Domain name. Do not include the initial period that separates an unqualified name from the domain name. |
ip domain-lookup
To enable the IP Domain Naming System (DNS)-based host name-to-address translation, use the ip domain-lookup global configuration command. To disable the DNS, use the no form of this command.
ip domain-lookup
no ip domain-lookup
ip domain-lookup nsap
To allow DNS queries for Connectionless Network System (CLNS) addresses, use the ip domain-lookup nsap global configuration command. To disable this feature, use the no form of this command.
ip domain-lookup nsap
no ip domain-lookup nsap
ip domain-name
To define a default domain name that the Cisco IOS software uses to complete unqualified host names (names without a dotted-decimal domain name), use the ip domain-name global configuration command. To disable use of the DNS, use the no form of this command.
ip domain-name name
no ip domain-name
| name | Default domain name used to complete unqualified host names. Do not include the initial period that separates an unqualified name from the domain name. |
ip forward-protocol
To specify which protocols and ports the router forwards when forwarding broadcast packets, use the ip forward-protocol global configuration command. To remove a protocol or port, use the no form of this command.
ip forward-protocol {udp [port] | nd | sdns}
no ip forward-protocol {udp [port] | nd | sdns}
| udp | Forward User Datagram Protocol (UDP) datagrams. See the "Default" section below for a list of port numbers forwarded by default. |
| port | (Optional) Destination port that controls which UDP services are forwarded. |
| nd | Forward Network Disk (ND) datagrams. This protocol is used by older diskless Sun workstations. |
| sdns | Secure Data Network Service. |
ip forward-protocol any-local-broadcast
To forward any broadcasts including local subnet broadcasts, use the ip forward-protocol any-local-broadcast global configuration command. To disable this type of forwarding, use the no form of this command.
ip forward-protocol any-local-broadcast
no ip forward-protocol any-local-broadcast
ip forward-protocol spanning-tree
To permit IP broadcasts to be flooded throughout the internetwork in a controlled fashion, use the ip forward-protocol spanning-tree global configuration command. To disable the flooding of IP broadcasts, use the no form of this command.
ip forward-protocol spanning-tree
no ip forward-protocol spanning-tree
ip forward-protocol turbo-flood
To speed up flooding of User Datagram Protocol (UDP) datagrams using the spanning-tree algorithm, use the ip forward-protocol turbo-flood global configuration command. To disable this feature, use the no form of this command.
ip forward-protocol turbo-flood
no ip forward-protocol turbo-flood
ip helper-address
To have the Cisco IOS software forward User Datagram Protocol (UDP) broadcasts, including BOOTP, received on an interface, use the ip helper-address interface configuration command. To disable the forwarding of broadcast packets to specific addresses, use the no form of this command.
ip helper-address address
no ip helper-address address
| address | Destination broadcast or host address to be used when forwarding UDP broadcasts. There can be more than one helper address per interface. |
ip host
To define a static host name-to-address mapping in the host cache, use the ip host global configuration command. To remove the name-to-address mapping, use the no form of this command.
ip host name [tcp-port-number] address1 [address2...address8]
no ip host name address1
| name | Name of the host. The first character can be either a letter or a number. If you use a number, the operations you can perform are limited. |
| tcp-port-number | (Optional) TCP port number to connect to when using the defined host name in conjunction with an EXEC connect or Telnet command. The default is Telnet (port 23). |
| address1 | Associated IP address. |
| address2...address8 | (Optional) Additional associated IP address. You can bind up to eight addresses to a host name. |
ip hp-host
To enter into the host table the host name of an HP host to be used for HP Probe Proxy service, use the ip hp-host global configuration command. To remove a host name, use the no form of this command.
ip hp-host hostname ip-address
no ip hp-host hostname ip-address
| hostname | Name of the host. |
| ip-address | IP address of the host. |
ip irdp
To enable ICMP Router Discovery Protocol (IRDP) processing on an interface, use the ip irdp interface configuration command. To disable IRDP routing, use the no form of this command.
ip irdp [multicast | holdtime seconds | maxadvertinterval seconds | minadvertinterval
seconds | preference number | address address [number]]
no ip irdp
| multicast | (Optional) Use the multicast address (224.0.0.1) instead of IP broadcasts. |
| holdtime seconds | (Optional) Length of time in seconds advertisements are held valid. Default is three times the maxadvertinterval value. Must be greater than maxadvertinterval and cannot be greater than 9000 seconds. |
| maxadvertinterval seconds | (Optional) Maximum interval in seconds between advertisements. The default is 600 seconds. |
| minadvertinterval seconds | (Optional) Minimum interval in seconds between advertisements. The default is 0.75 times the maxadvertinterval. If you change the maxadvertinterval value, this value defaults to three-quarters of the new value. |
| preference number | (Optional) Preference value. The allowed range is -231 to 231. The default is 0. A higher value increases the router's preference level. You can modify a particular router so that it will be the preferred router to which others home. |
| address address [number] | (Optional) IP address (address) to proxy-advertise, and optionally, its preference value (number). |
ip mobile arp
To enable local-area mobility, use the ip mobile arp interface configuration command. To disable local-area mobility, use the no form of this command.
ip mobile arp [timers keepalive hold-time] [access-group access-list-number | name]
no ip mobile arp [timers keepalive hold-time] [access-group access-list-number | name]
| timers | (Optional) Indicates that you are setting local-area mobility timers. |
| keepalive | (Optional) Frequency, in seconds, at which the Cisco IOS software sends unicast ARP messages to a relocated host to verify that the host is present and has not moved. The default keepalive time is 300 seconds (5 minutes). |
| hold-time | (Optional) Hold time, in seconds. This is the length of time the software considers that a relocated host is present without receiving some type of ARP broadcast or unicast from the host. Normally, the hold time should be at least three times greater than the keepalive time. The default hold time is 900 seconds (15 minutes). |
| access-group | (Optional) Indicates that you are applying an access list. This access list applies only to local-area mobility. |
| access-list-number | (Optional) Number of a standard IP access list. It is a decimal number from 1 to 99. Only hosts with addresses permitted by this access list are accepted for local-area mobility. |
| name | (Optional) Name of an IP access list. The name cannot contain a space or quotation mark, and must begin with an alphabetic character to avoid ambiguity with numbered access lists. |
ip name-server
To specify the address of one or more name servers to use for name and address resolution, use the ip name-server global configuration command. To remove the addresses specified, use the no form of this command.
ip name-server server-address1 [[server-address2]...server-address6]
no ip name-server server-address1 [[server-address2]...server-address6]
| server-address1 | IP addresses of name server. |
| server-address2...server-address6 | (Optional) IP addresses of additional name servers (a maximum of six name servers). |
ip nat
To designate that traffic originating from or destined for the interface is subject to Network Address Translation (NAT), use the ip nat interface configuration command. To prevent the interface from being able to translate, use the no form of this command.
ip nat {inside | outside}
no ip nat {inside | outside}
| inside | Indicates the interface is connected to the inside network (the network subject to NAT translation). |
| outside | Indicates the interface is connected to the outside network. |
ip nat inside destination
To enable Network Address Translation (NAT) of the inside destination address, use the ip nat inside destination global configuration command. To remove the dynamic association to a pool, use the no form of this command.
ip nat inside destination list {access-list-number | name} pool name
no ip nat inside destination list {access-list-number | name}
| list access-list-number | Standard IP access list number. Packets with destination addresses that pass the access list are translated using global addresses from the named pool. |
| list name | Name of a standard IP access list. Packets with destination addresses that pass the access list are translated using global addresses from the named pool. |
| pool name | Name of the pool from which global IP addresses are allocated during dynamic translation. |
ip nat inside source
To enable Network Address Translation (NAT) of the inside source address, use the ip nat inside source global configuration command. To remove the static translation or remove the dynamic association to a pool, use the no form of this command.
ip nat inside source {list {access-list-number | name} pool name [overload] | static local-ip
global-ip}
no ip nat inside source {list {access-list-number | name} pool name [overload] | static local-ip
global-ip}
| list access-list-number | Standard IP access list number. Packets with source addresses that pass the access list are dynamically translated using global addresses from the named pool. |
| list name | Name of a standard IP access list. Packets with source addresses that pass the access list are dynamically translated using global addresses from the named pool. |
| pool name | Name of the pool from which global IP addresses are allocated dynamically. |
| overload | (Optional) Enables the router to use one global address for many local addresses. When overloading is configured, each inside host's TCP or UDP port number distinguishes between the multiple conversations using the same local IP address. |
| static local-ip | Sets up a single static translation; this argument establishes the local IP address assigned to a host on the inside network. The address could be randomly chosen, allocated from RFC 1918, or obsolete. |
| global-ip | Sets up a single static translation; this argument establishes the globally unique IP address of an inside host as it appears to the outside world. |
ip nat outside source
To enable Network Address Translation (NAT) of the outside source address, use the ip nat outside source global configuration command. To remove the static entry or the dynamic association, use the no form of this command.
ip nat outside source {list {access-list-number | name} pool name | static global-ip local-ip}
no ip nat outside source {list {access-list-number | name} pool name | static global-ip local-ip}
| list access-list-number | Standard IP access list number. Packets with source addresses that pass the access list are translated using global addresses from the named pool. |
| list name | Name of a standard IP access list. Packets with source addresses that pass the access list are translated using global addresses from the named pool. |
| pool name | Name of the pool from which global IP addresses are allocated. |
| static global-ip | Sets up a single static translation. This argument establishes the globally unique IP address assigned to a host on the outside network by its owner. It was allocated from globally routable network space. |
| local-ip | Sets up a single static translation. This argument establishes the local IP address of an outside host as it appears to the inside world. The address was allocated from address space routable on the inside (RFC 1918, perhaps). |
ip nat pool
To define a pool of IP addresses for Network Address Translation (NAT), use the ip nat pool global configuration command. To remove one or more addresses from the pool, use the no form of this command.
ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length}
[type rotary]
no ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length}
[type rotary]
| name | Name of the pool. |
| start-ip | Starting IP address that defines the range of addresses in the address pool. |
| end-ip | Ending IP address that defines the range of addresses in the address pool. |
| netmask netmask | Network mask that indicates which address bits belong to the network and subnetwork fields and which bits belong to the host field. Specify the netmask of the network to which the pool addresses belong. |
| prefix-length prefix-length | Number that indicates how many bits of the netmask are ones (how many bits of the address indicate network). Specify the netmask of the network to which the pool addresses belong. |
| type rotary | (Optional) Indicates that the range of address in the address pool identify real, inside hosts among which TCP load distribution will occur. |
ip nat translation
To change the amount of time after which Network Address Translation (NAT) translations time out, use the ip nat translation global configuration command. To disable the timeout, use the no form of this command.
ip nat translation {timeout | udp-timeout | dns-timeout | tcp-timeout | finrst-timeout}
seconds
no ip nat translation {timeout | udp-timeout | dns-timeout | tcp-timeout | finrst-timeout}
| timeout | Specifies that the timeout value applies to dynamic translations except for overload translations. Default is 86400 seconds (24 hours). |
| udp-timeout | Specifies that the timeout value applies to the UDP port. Default is 300 seconds (5 minutes). |
| dns-timeout | Specifies that the timeout value applies to connections to the Domain Naming System (DNS). Default is 60 seconds. |
| tcp-timeout | Specifies that the timeout value applies to the TCP port. Default is 86400 seconds (24 hours). |
| finrst-timeout | Specifies that the timeout value applies to Finish and Reset TCP packets, which terminate a connection. Default is 60 seconds. |
| seconds | Number of seconds after which the specified port translation times out. Default values are listed in the Default section. |
ip netmask-format
To specify the format in which netmasks are displayed in show command output, use the ip netmask-format line configuration command. To restore the default display format, use the no form of this command.
ip netmask-format {bitcount | decimal | hexadecimal}
no ip netmask-format [bitcount | decimal | hexadecimal]
| bitcount | Addresses are followed by a slash and the total number of bits in the netmask. For example, 131.108.11.0/24 indicates that the netmask is 24 bits. |
| decimal | Network masks are displayed in dotted decimal notation (for example, 255.255.255.0). |
| hexadecimal | Network masks are displayed in hexadecimal format, as indicated by the leading 0X (for example, 0XFFFFFF00). |
ip nhrp authentication
To configure the authentication string for an interface using Next Hop Resolution Protocol (NHRP), use the ip nhrp authentication interface configuration command. To remove the authentication string, use the no form of this command.
ip nhrp authentication string
no ip nhrp authentication [string]
| string | Authentication string configured for the source and destination stations that controls whether NHRP stations allow intercommunication. The string can be up to 8 characters long. |
ip nhrp holdtime
To change the number of seconds that NHRP nonbroadcast, multiaccess (NBMA) addresses are advertised as valid in authoritative NHRP responses, use the ip nhrp holdtime interface configuration command. To restore the default value, use the no form of this command.
ip nhrp holdtime seconds-positive [seconds-negative]
no ip nhrp holdtime [seconds-positive [seconds-negative]]
| seconds-positive | Time in seconds that NBMA addresses are advertised as valid in positive authoritative NHRP responses. |
| seconds-negative | (Optional) Time in seconds that NBMA addresses are advertised as valid in negative authoritative NHRP responses. |
ip nhrp interest
To control which IP packets can trigger sending a Next Hop Resolution Protocol (NHRP) Request, use the ip nhrp interest interface configuration command. To restore the default value, use the no form of this command.
ip nhrp interest access-list-number
no ip nhrp interest [access-list-number]
| access-list-number | Standard or extended IP access list number in the range 1 to 199. |
ip nhrp map
To statically configure the IP-to-NBMA address mapping of IP destinations connected to a nonbroadcast, multiaccess (NBMA) network, use the ip nhrp map interface configuration command. To remove the static entry from NHRP cache, use the no form of this command.
ip nhrp map ip-address nbma-address
no ip nhrp map ip-address nbma-address
| ip-address | IP address of the destinations reachable through the NBMA network. This address is mapped to the NBMA address. |
| nbma-address | NBMA address that is directly reachable through the NBMA network. The address format varies depending on the medium you are using. For example, ATM has an NSAP address, Ethernet has a MAC address, and SMDS has an E.164 address. This address is mapped to the IP address. |
ip nhrp map multicast
To configure NBMA addresses used as destinations for broadcast or multicast packets to be sent over a tunnel network, use the ip nhrp map multicast interface configuration command. To remove the destinations, use the no form of this command.
ip nhrp map multicast nbma-address
no ip nhrp map multicast nbma-address
| nbma-address | Nonbroadcast, multiaccess (NBMA) address which is directly reachable through the NBMA network. The address format varies depending on the medium you are using. |
ip nhrp max-send
To change the maximum frequency at which NHRP packets can be sent, use the ip nhrp max-send interface configuration command. To restore this frequency to the default value, use the no form of this command.
ip nhrp max-send pkt-count every interval
no ip nhrp max-send
| pkt-count | Number of packets which can be transmitted in the range from 1 to 65535. Default is 5 packets. |
| every interval | Time (in seconds) in the range from 10 to 65535. Default is 10 seconds. |
ip nhrp network-id
To enable the Next Hop Resolution Protocol (NHRP) on an interface, use the ip nhrp network-id interface configuration command. To disable NHRP on the interface, use the no form of this command.
ip nhrp network-id number
no ip nhrp network-id [number]
| number | Globally unique, 32-bit network identifier for a nonbroadcast, multiaccess (NBMA) network. The range is 1 to 4294967295. |
ip nhrp nhs
To specify the address of one or more NHRP Next Hop Servers, use the ip nhrp nhs interface configuration command. To remove the address, use the no form of this command.
ip nhrp nhs nhs-address [net-address [netmask]]
no ip nhrp nhs nhs-address [net-address [netmask]]
| nhs-address | Address of the Next Hop Server being specified. |
| net-address | (Optional) IP address of a network served by the Next Hop Server. |
| netmask | (Optional) IP network mask to be associated with the net IP address. The net IP address is logically ANDed with the mask. |
ip nhrp record
To re-enable the use of forward record and reverse record options in NHRP Request and Reply packets, use the ip nhrp record interface configuration command. To suppress the use of such options, use the no form of this command.
ip nhrp record
no ip nhrp record
ip nhrp responder
To designate which interface's primary IP address the Next Hop Server will use in NHRP Reply packets when the NHRP requestor uses the Responder Address option, use the ip nhrp responder interface configuration command. To remove the designation, use the no form of this command.
ip nhrp responder type number
no ip nhrp responder [type] [number]
| type | Interface type whose primary IP address is used when a Next Hop Server complies with a Responder Address option (for example, serial, tunnel). |
| number | Interface number whose primary IP address is used when a Next Hop Server complies with a Responder Address option. |
ip nhrp use
To configure the software so that NHRP is deferred until the system has attempted to send data traffic to a particular destination multiple times, use the ip nhrp use interface configuration command. To restore the default value, use the no form of this command.
ip nhrp use usage-count
no ip nhrp use usage-count
| usage-count | Packet count in the range from 1 to 65535. Default is 1. |
ip probe proxy
To enable the HP Probe Proxy support, which allows the Cisco IOS software to respond to HP Probe Proxy Name requests, use the ip probe proxy interface configuration command. To disable HP Probe Proxy, use the no form of this command.
ip probe proxy
no ip probe proxy
ip proxy-arp
To enable proxy ARP on an interface, use the ip proxy-arp interface configuration command. To disable proxy ARP on the interface, use the no form of this command.
ip proxy-arp
no ip proxy-arp
ip redirects
To enable the sending of redirect messages if the Cisco IOS software is forced to resend a packet through the same interface on which it was received, use the ip redirects interface configuration command. To disable the sending of redirect messages, use the no form of this command.
ip redirects
no ip redirects
ip routing
To enable IP routing, use the ip routing global configuration command. To disable IP routing, use the no form of this command.
ip routing
no ip routing
ip subnet-zero
To enable the use of subnet zero for interface addresses and routing updates, use the ip subnet-zero global configuration command. To restore the default, use the no form of this command.
ip subnet-zero
no ip subnet-zero
ip unnumbered
To enable IP processing on a serial interface without assigning an explicit IP address to the interface, use the ip unnumbered interface configuration command. To disable the IP processing on the interface, use the no form of this command.
ip unnumbered type number
no ip unnumbered type number
| type number | Type and number of another interface on which the router has an assigned IP address. It cannot be another unnumbered interface. |
ping (privileged)
To check host reachability and network connectivity, use the ping (IP packet internet groper function) privileged EXEC command.
ping [protocol] {host | address}
| protocol | (Optional) Protocol keyword. The default is IP. |
| host | Host name of system to ping. |
| address | IP address of system to ping. |
ping (user)
To check host reachability and network connectivity, use the ping (IP packet internet groper function) user EXEC command.
ping [protocol] {host | address}
| protocol | (Optional) Protocol keyword. The default is IP. |
| host | Host name of system to ping. |
| address | IP address of system to ping. |
show arp
To display the entries in the ARP table, use the show arp privileged EXEC command.
show arp
show hosts
To display the default domain name, the style of name lookup service, a list of name server hosts, and the cached list of host names and addresses, use the show hosts EXEC command.
show hosts
show ip aliases
To display the IP addresses mapped to TCP ports (aliases) and SLIP addresses, which are treated similarly to aliases, use the show ip aliases EXEC command.
show ip aliases
show ip arp
To display the Address Resolution Protocol (ARP) cache, where SLIP addresses appear as permanent ARP table entries, use the show ip arp EXEC command.
show ip arp [ip-address] [hostname] [mac-address] [type number]
| ip-address | (Optional) ARP entries matching this IP address are displayed. |
| hostname | (Optional) Host name. |
| mac-address | (Optional) 48-bit MAC address. |
| type number | (Optional) ARP entries learned via this interface type and number are displayed. |
show ip interface
To display the usability status of interfaces configured for IP, use the show ip interface EXEC command.
show ip interface [type number]
| type | (Optional) Interface type. |
| number | (Optional) Interface number. |
show ip irdp
To display IRDP values, use the show ip irdp EXEC command.
show ip irdp
show ip masks
To display the masks used for network addresses and the number of subnets using each mask, use the show ip masks EXEC command.
show ip masks address
| address | Network address for which a mask is required. |
show ip nat statistics
To display Network Address Translation (NAT) statistics, use the show ip nat statistics EXEC command.
show ip nat statistics
show ip nat translations
To display active Network Address Translation (NAT) translations, use the show ip nat translations EXEC command.
show ip nat translations [verbose]
| verbose | (Optional) Displays additional information for each translation table entry, including how long ago the entry was created and used. |
show ip nhrp
To display the Next Hop Resolution Protocol (NHRP) cache, use the show ip nhrp EXEC command.
show ip nhrp [dynamic | static] [type number]
| dynamic | (Optional) Displays only the dynamic (learned) IP-to-NBMA address cache entries. |
| static | (Optional) Displays only the static IP-to-NBMA address entries in the cache (configured through the ip nhrp map command). |
| type | (Optional) Interface type about which to display the NHRP cache (for example, atm, tunnel). |
| number | (Optional) Interface number about which to display the NHRP cache. |
show ip nhrp traffic
To display Next Hop Resolution Protocol (NHRP) traffic statistics, use the show ip nhrp traffic EXEC command.
show ip nhrp traffic
show ip redirects
To display the address of a default gateway (router) and the address of hosts for which a redirect has been received, use the show ip redirects EXEC command.
show ip redirects
term ip netmask-format
To specify the format in which netmasks are displayed in show command output, use the term ip netmask-format EXEC command. To restore the default display format, use the no form of this command.
term ip netmask-format {bitcount | decimal | hexadecimal}
term no ip netmask-format [bitcount | decimal | hexadecimal]
| bitcount | Addresses are followed by a slash and the total number of bits in the netmask. For example, 131.108.11.55/24 indicates that the netmask is 24 bits. |
| decimal | Netmasks are displayed in dotted decimal notation (for example, 255.255.255.0). |
| hexadecimal | Netmasks are displayed in hexadecimal format, as indicated by the leading 0X (for example, 0XFFFFFF00). |
trace (privileged)
To discover the routes the packets follow when traveling to their destination from the router, use the trace privileged EXEC command.
trace [destination]
| destination | (Optional) Destination address or host name on the command line. The default parameters for the appropriate protocol are assumed and the tracing action begins. |
trace (user)
To discover the routes the router packets follow when traveling to their destination, use the trace user EXEC command.
trace ip destination
| destination | Destination address or host name on the command line. The default parameters for the appropriate protocol are assumed and the tracing action begins. |
tunnel mode
To set the encapsulation mode for the tunnel interface, use the tunnel mode interface configuration command. To set to the default, use the no form of this command.
tunnel mode {aurp | cayman | dvmrp | eon | gre ip [multipoint] | nos}
no tunnel mode
| aurp | AppleTalk Update-Based Routing Protocol (AURP). |
| cayman | Cayman TunnelTalk AppleTalk encapsulation. |
| dvmrp | Distance Vector Multicast Routing Protocol. |
| eon | EON compatible CLNS tunnel. |
| gre ip | Generic routing encapsulation (GRE) protocol over IP. |
| multipoint | (Optional) Enables a GRE tunnel to be used in a multipoint fashion. Can be used with the gre ip keyword only, and requires the use of the tunnel key command. |
| nos | KA9Q/NOS compatible IP over IP. |
Cisco Routers
Also check: http://www.tomax7.com/mcse/cisco_routerconfig.htm
Routing with Cisco 2500 and 1000 Series for LAN-ISDN Service
Commands
Commands - General
There are 3 different modes of operation within the Cisco IOS.
- Disabled mode
- Enabled mode
- Configuration mode
In the Disabled mode you can use a limited number of commands. This is used primarily to monitor the router.
The Enabled mode is used to show configuration information, enter the configuration mode, and make changes to the configuration.
The Configuration mode is used to enter and update the runtime configuration.
To get a list of the commands for the cisco type '?' at the prompt. To get further information about any command, type the command followed by a '?'.
| clear | Reset functions |
| clock | Manage the system clock |
| configure | Enter configuration mode |
| debug | Debugging functions (see also 'undebug') |
| disable | Turn off privileged commands |
| enable | Turn on privileged commands |
| erase | Erase flash or configuration memory |
| exit | Exit from the EXEC |
| help | Description of the interactive help system |
| login | Log in as a particular user |
| logout | Exit from the EXEC |
| no | Disable debugging functions |
| ping | Send echo messages |
| reload | Halt and perform a cold restart |
| setup | Run the SETUP command facility |
| show | Show running system information |
| telnet | Open a telnet connection |
| terminal | Set terminal line parameters |
| test | Test subsystems, memory, and interfaces |
| traceroute | Trace route to destination |
| tunnel | Open a tunnel connection |
| undebug | Disable debugging functions (see also 'debug') |
| verify | Verify checksum of a Flash file |
| write | Write running configuration to memory, network, or terminal |
| | |
| show |
|
| access-lists | List access lists |
| arp | ARP table |
| buffers | Buffer pool statistics |
| configuration | Contents of Non-Volatile memory |
| controllers | Interface controller status |
| debugging | State of each debugging option |
| dialer | Dialer parameters and statistics |
| extended | Extended Interface Information |
| flash | System Flash information |
| flh-log | Flash Load Helper log buffer |
| history | Display the session command history |
| hosts | IP domain-name, lookup style, name servers, and host table |
| interfaces | Interface status and configuration |
| ip | IP information |
| isdn | ISDN information |
| line | TTY line information |
| logging | Show the contents of logging buffers |
| memory | Memory statistics |
| privilege | Show current privilege level |
| processes | Active process statistics |
| protocols | Active network routing protocols |
| queue | Show queue contents |
| queueing | Show queueing configuration |
| reload | Scheduled reload information |
| route-map | route-map information |
| running-config | Current operating configuration |
| sessions | Information about Telnet connections |
| smf | Software MAC filter |
| stacks | Process stack utilization |
| startup-config | Contents of startup configuration |
| subsys | Show subsystem information |
| tcp | Status of TCP connections |
| terminal | Display terminal configuration parameters |
| users | Display information about terminal lines |
| version | System hardware and software status |
Other Useful Commands
View the Software Version
View the Ethernet IP
View the Serial IP
View the Default Route
View the Filters
View the Bandwidth
Add a Static Route
Change the Dial Number
Turn Filters On and Off
Ping from the Router
Traceroute from the Router
View the Software Version
Cisco>enCisco#wr term <--- Shows the running configuration Building configuration...Current configuration:!version 11.2no service udp-small-serversno service tcp-small-servers!hostname Cisco!interface Ethernet0 ip address 192.168.1.1 255.255.255.0!interface Serial0 ip address 192.168.6.1 255.255.255.0 encapsulation frame-relay frame-relay lmi-type ansi!interface Serial1 ip address 192.168.4.2 255.255.255.0 encapsulation frame-relay bandwidth 1536 keepalive 5 frame-relay map ip 192.168.4.1 101 IETF!router rip version 2 network 192.168.4.0 network 192.168.6.0 neighbor 192.168.6.2 neighbor 192.168.4.1!ip classlessip route 0.0.0.0 0.0.0.0 192.168.6.2ip route 0.0.0.0 0.0.0.0 192.168.4.1!line con 0line aux 0line vty 0 4login!end View the Ethernet IP
From the enable command prompt:Router#wr termThis will show the running configuration.Within the configuration, you will see an interface ethernet 0 section:interface Ethernet0ip address 38.150.93.1 255.255.255.0no ip directed-broadcast View the Serial IP
From the enable command prompt:Router#wr termWithin the configuration, you will see an interface serial 0 section:interface Serial0ip address 38.21.10.100 255.255.255.0ip broadcast-address 38.21.10.255ip access-group 106 inencapsulation frame-relaybandwidth 56no fair-queueframe-relay map ip 38.21.10.1 500 IETF View the Default Route
From the enable command prompt:Router#wr termWithin the configuration, you will see an ip route section. In the ip route section, look for a route:ip route 0.0.0.0 0.0.0.0 38.167.29.1The last ip address is the POP ip. View the Filters
From the enable command prompt:Router#wr termUnder interface serial 0, look for:ip access-group 104 inip access-group 105 outThis means that access-group 104 is the inbound filter set andaccess-group 105 is the outbound filter set.Then, continue to look in the configuration for the access-list statements:(Example access-list statements)access-list 104 deny ip 38.166.101.0 0.0.0.255 anyaccess-list 104 permit tcp any any establishedaccess-list 104 permit tcp any eq ftp-data any gt 1023access-list 104 permit udp any eq domain any gt 1023access-list 104 permit udp any eq domain any eq domainaccess-list 104 permit icmp any anyaccess-list 104 permit udp any eq snmp any gt 1023access-list 105 deny ip any 38.166.101.0 0.0.0.255access-list 105 permit tcp any any establishedaccess-list 105 permit tcp any any eq ftpaccess-list 105 deny udp any eq netbios-ns anyaccess-list 105 deny udp any eq netbios-dgm anyaccess-list 105 permit ip any any View the Bandwidth
From the enable command prompt:Router#wr termWithin the config, you will see an interface serial 0 section:interface Serial0ip address 38.21.10.100 255.255.255.0ip broadcast-address 38.21.10.255ip access-group 106 inencapsulation frame-relaybandwidth 56no fair-queueframe-relay map ip 38.21.10.1 500 IETF Add a Static Route
From the enable command prompt:Cisco#config tEnter configuration commands, one per line. End with CNTL/Z.Cisco(config)#ip route DEST.DEST.DEST.DEST MASK.MASK.MASK.MASK GATE.GATE.GATE.GATEwhere: DEST.DEST.DEST.DEST = The destination network the static route is for MASK.MASK.MASK.MASK = The subnet mask of the destination network GATE.GATE.GATE.GATE = The gateway of the static routeExample route statement:ip route 38.222.75.0 255.255.255.0 38.20.5.1Cisco(config)#^Z (hit z) Write the entry to memory:Cisco#wr memBuilding configuration...[OK] Change the Dial Number
At the prompt:Type en to put the router in enable mode:test.com>enThe password should be the same as the one used to telnet in.Password:To view the router's configuration, type:test.com#show configThere will be a line in the configuration that says:dialer map IP 38.1.1.1 speed 64 name LD3330 2707000The 2707000 is the dial number.NOTE: Record what interface the dialer map IP line is underbecause you will need to use that interface when changing the number.
Type config t to configure from terminal.test.com#config tEnter configuration commands, one per line. End with CNTL/Z.Enter the interface that the dialer map IP line is under:test.com(config)#interface BRI0Add in the new dialer map IP line with the new phone number:test.com(config)#dialer map IP 38.1.1.1 speed 64 name LD3330 [new number]Now, remove the old dialer map IP line.To remove a line, type no and then the line.For example, to remove the old dialer map IP, type:test.com(config)#no dialer map IP 38.1.1.1 speed 64 name LD3330 2707020Now leave config mode:test.com(config)# [control] zSave changes:test.com# write memBuilding configuration...[OK]Verify the new number is in the config:test.com#show configThe new number should be in the dialer map IP line. Turn Filters On and Off
From the enable command prompt:To turn the filters off:Router#configure terminalRouter(config)#interface Serial0Router(config-if)#no ip access-group 104 inRouter(config-if)#no ip access-group 105 outRouter(config-if)# Hit CTRL-ZRouter#wr memBuilding configuration...[OK]Router#To turn the filters on:Router#configure terminalRouter(config)#interface Serial0Router(config-if)#ip access-group 104 inRouter(config-if)#ip access-group 105 outRouter(config-if)# Hit CTRL-ZRouter#wr memBuilding configuration...[OK]Router# Ping from the Router
From the enable command prompt, type:Cisco#ping Example: Cisco#ping 38.8.14.2Cisco Router Configuration Commands (click here for more Cisco stuff)
| Requirement | Cisco Command |
| Set a console password to cisco | Router(config)#line con 0 |
| Set a telnet password | Router(config)#line vty 0 4 |
| Stop console timing out | Router(config)#line con 0 |
| Set the enable password to cisco | Router(config)#enable password cisco |
| Set the enable secret password to peter. This password overrides the enable password and is encypted within the config file | Router(config)#enable secret peter |
| Enable an interface | Router(config-if)#no shutdown |
| To disable an interface | Router(config-if)#shutdown |
| Set the clock rate for a router with a DCE cable to 64K | Router(config-if)clock rate 64000 |
| Set a logical bandwidth assignment of 64K to the serial interface | Router(config-if)bandwidth 64 |
| To add an IP address to a interface | Router(config-if)#ip addr 10.1.1.1 255.255.255.0 |
| To enable RIP on all 172.16.x.y interfaces | Router(config)#router rip |
| Disable RIP | Router(config)#no router rip |
| To enable IRGP with a AS of 200, to all interfaces | Router(config)#router igrp 200 |
| Disable IGRP | Router(config)#no router igrp 200 |
| Static route the remote network is 172.16.1.0, with a mask of 255.255.255.0, the next hop is 172.16.2.1, at a cost of 5 hops | Router(config)#ip route 172.16.1.0 255.255.255.0 172.16.2.1 5 |
| Disable CDP for the whole router | Router(config)#no cdp run |
| Enable CDP for he whole router | Router(config)#cdp run |
| Disable CDP on an interface | Router(config-if)#no cdp enable |
Cisco Router Show Commands
Requirement Cisco Command
View version information show version
View current configuration (DRAM) show running-config
View startup configuration (NVRAM) show startup-config
Show IOS file and flash space show flash
Shows all logs that the router has in its memory show log
View the interface status of interface e0 show interface e0
Overview all interfaces on the router show ip interfaces brief
View type of serial cable on s0 show controllers 0 (note the space between the 's' and the '0')
Display a summary of connected cdp devices show cdp neighbor
Display detailed information on all devices show cdp entry *
Display current routing protocols show ip protocols
Display IP routing table show ip route
Display access lists, this includes the number of displayed matches show access-lists
Check the router can see the ISDN switch show isdn status
Check a Frame Relay PVC connections show frame-relay pvc
show lmi traffic stats show frame-relay lmi
Display the frame inverse ARP table show frame-relay map
Cisco Router Basic Operations
Requirement Cisco Command
Enable Enter privileged mode
Return to user mode from privileged disable
Exit Router Logout or exit or quit
Recall last command up arrow or
Recall next command down arrow or
Suspend or abort
Refresh screen output
Compleat Command TAB
Cisco Router Copy Commands
Requirement Cisco Command
Save the current configuration from DRAM to NVRAM copy running-config startup-config
Merge NVRAM configuration to DRAM copy startup-config running-config
Copy DRAM configuration to a TFTP server copy runing-config tftp
Merge TFTP configuration with current router configuration held in DRAM copy tftp runing-config
Backup the IOS onto a TFTP server copy flash tftp
Upgrade the router IOS from a TFTP server copy tftp flash
Cisco Router Debug Commands
Requirement Cisco Command
Enable debug for RIP debug ip rip
Enable summary IGRP debug information debug ip igrp events
Enable detailed IGRP debug information debug ip igrp transactions
Debug IPX RIP debug ipx routing activity
Debug IPX SAP debug IPX SAP
Enable debug for CHAP or PAP debug ppp authentication
Switch all debugging off no debug all
undebug all
http://www.tomax7.com/mcse/index.htm
http://www.preplogic.com/products/exams/pe_preview.aspx?source=B0508_mcmcsehmpg519x59_peprev_050908
LAB 1 Basic Cisco configuration commands
1. Connect PC Ethernet port and Cisco router Ethernet port by using:
· Cross-over UTP cable (cable with pin 1 connected to pin 6 and pin 2 connected to pin 6, both on RJ45 connector) or by using
· HUB and two straight UTP cables.
2. Power on the router and look at the massages appearing on the screen, while the router is booting
Part 1
BASIC COMMANDS
Using the commands on the router:
· show version
· show ip interface brief or: show interface
answer the following questions:
1. Router name:
2. Router type:
3. IOS version:
4. Memory amount:
5. Flash ROM amount:
6. Number and types of interfaces:
Part 2
IP address space for each working group (4 PC, 4 routers) is:
WG1: 192.168.1.0/24
WG2: 192.168.2.0/24
WG3: 192.168.3.0/24
WG4: 192.168.4.0/24
Each WG should split its IP address space to subnets by which they will be able to establish the following connections:
Eth. Eth.
Router
PC2
Router
PC1
Serial
Serial
PC3
Router
PC4
Router
Eth
Eth. Eth. (this part only WG 1, 2 and 3)
Part 3
Set up a new IP address, mask and Default Gateway on each WG PC
· Each WG should decide which IP addresses will be used (from each subnet) for PC to router connection and for router to router connection .
· Start -> Settings -> Control pannel -> Network -> TCP/IP Ethernet… -> Properties -> IP address and Gateway
Part 4
Displaying the configurations
Enter privilege mode (enable)
Display the configuration saved in NVRAM (show config)
Display the running configuration (show running-config)
Setting and changing the configuration
Enter the configuration mode (conf term)
Change the router name (hostname)
Exit the privilege mode (CTRL-Z), you are back in Privileged mode!
Save the configuration (copy running-config startup-config)
Setting the passwords (REMEMBER YOU PASSWORD – we prefer to always use “ceenet”)
Enter the configuration mode (conf term)
Specify virtual terminal lines you would like to configure (line vty 0 4)
Request login authentication (login)
Set a password for the exec mode (password my_password)
Set a password for the privileged (enable secret my_password)
Exit the privilege mode (CTRL-Z), you are back in Privileged mode!
Configuring the interface
Enter the configuration mode (conf term)
Select first ethernet interface (interface ethernet ? you got all the types of interfaces
from part 1 task – for example Interface Ethernet0/0)
Select the ip address and subnet mask (ip address your_IP_address mask )
Enable the interface (no shut)
Exit the privilege mode (CTRL-Z), you are back in Privileged mode!
Checking router status and IP connectivity
Check host connectivity (ping connected_PC_ip_address)
Check host reachability (trace connected_PC_ip_address)
Check status of an interface (show interface eth?)
Display debug information (debug ip icmp)
Disable debug information (undebug all)
Part 5
Establishing router to router connectivity:
Configuring the Serial interface:
Enter the configuration mode (conf term)
Select first Serial interface (interface Serial ? you got all the types of interfaces
from part 1 task – for example Interface Serial0)
Select the ip address and subnet mask (ip address your_IP_address mask )
Find out which Serial interface got connected DCE and which DTE CISCO cable
· DTE (Data Terminal Equipment – MALE conector)
· DCE (Data Communication Equipment – FEMALE connector)
On Serial Interface with DCE cable enable line CLOCK by entering the command:
· clock rate 1000000
Enable the interface (no shut)
Exit the privilege mode (CTRL-Z), you are back in Privileged mode!
Connect DTE and DCE cable
Checking router status and IP connectivity
Check neighbor router connectivity (ping connected_router_ip_address)
Check status of an interface (show interface serial?)
Provide routers with info where other (not directly connected) subnets are by configuring static routes on each router:
The command is:
ip route
·
or the subnet between next two routers
·
Check connectivity (ping) from your PC to all other PC’s in your WG
· open DOS window (Start -> Programs -> DOS)
· ping host_ip_address
Check reachibility (traceroute) from your PC to all other PS’s in your WG
· open DOS window (Start -> Programs -> DOS)
· tracert host_ip_address
Part 6 (optional)
Connect your network to other WG network (by Ethernet or Serial connection):
· decide which subnet will be used for interconnection
· configure static routes to other subnets
· Check connectivity (ping) from your PC to all other PC’s (in others WG)
· Check reachibility (traceroute) from your PC to all other PS’s (in others WG)
Cisco Quick Tips
Josh Gentry, jgentry@swcp.com
v.1.2, May 15, 2006
Quick tips for performing common tasks with Cisco networking equipment, brought to you by the author of the widely used, Cisco Router Configuration Tutorial.
Restarting or Rebooting
· Restart immediately
To restart or reboot a Cisco immediately, in enable mode:
Router#reload
· Restart or Reload in N Minutes
To restart or reboot a Cisco in a certain number of minutes, in enable mode:
Router#reload in 5
Extra Tip: This is useful when you are afraid that the configuration changes you are about to make might break something or lock you out of the router. You tell the router to reload in a certain number of minutes, then make your changes. If it turns out your changes are catastrophic and you can't log back into the router to fix them, the router will reload in a few minutes and go back to its previous configuration.
Cisco Routing
· Add a Static Route on your Cisco routers
For example, in configuration mode:
Router(config)#ip route 192.168.1.0 255.255.255.240 192.168.1.254 1
· Show route table of Cisco router
In enable mode:
Router#show ip route
Cisco ARP
· Clear ARP Table of your Cisco router or switch
To clear the ARP table, in enable mode:
Router#clear arp
· Show ARP table of a Cisco router or switch
To display the ARP table of a Cisco router, in enable mode:
Router#show arp
Cisco Load
· Show Proccessor Load of your Cisco router or switch
Like any computer, a Cisco router can be limited by its processing power. To show the processor utilization, in enable mode:
Router#show proc cpu
At the beginning of the output, look for a line like this:
CPU utilization for five seconds: 37%/31%; one minute: 39%; five minutes: 40%
Cisco Memory
· Show Used and Available Memory of your Cisco router or switch
Like any computer, a Cisco router can be limited by its available memory. To show the used and available memory, in enable mode:
Router#show proc mem
At the beginning of the output, look for a line like this:
Total: 200234528, Used: 70508188, Free: 129726340
Cisco Committed Access Rate (CAR)
- An example that limits an IP to 512K, with a nice, fat burst.
First create the access lists.
access-list 100 permit ip any host 192.168.100.100access-list 100 permit ip host 192.168.100.100 any
Then apply rate limiting rules to the appropriate interface:
rate-limit input access-group 100 512000 1024000 2048000 conform-action transmit exceed-action droprate-limit output access-group 100 512000 1024000 2048000 conform-action transmit exceed-action drop
Extra Tip: If, in a rate-limit rule, you reference an access list that does not exist, the rule will match all traffic. Usually not good.
1. What this document covers
There are several methods available for configuring Cisco routers. It can be done over the network from a TFTP server. It can be done through the menu interface provided at bootup, and it can be done from the menu interface provided by using the command setup. This tutorial does not cover these methods. It covers configuration from the IOS command-line interface only. Useful for anyone new to Cisco routers, and those studying for CCNA.
Note that this tutorial does not cover physically connecting the router to the networks it will be routing for. It covers operating system configuration only.
1.1 Reasons for using the command-line
The main reason for using the command-line interface instead of a menu driven interface is speed. Once you have invested the time to learn the command-line commands, you can perform many operations much more quickly than by using a menu. This is basically true of all command-line vs. menu interfaces. What makes it especially efficient to learn the command-line interface of the Cisco IOS is that it is standard across all Cisco routers. Also, some questions on the CCNA exam require you to know command-line commands.
2. Getting started with Cisco
Initially you will probably configure your router from a terminal. If the router is already configured and at least one port is configured with an IP address, and it has a physical connection to the network, you might be able to telnet to the router and configure it across the network. If it is not already configured, then you will have to directly connect to it with a terminal and a serial cable. With any Windows box you can use Hyperterminal to easily connect to the router. Plug a serial cable into a serial (COM) port on the PC and the other end into the console port on the Cisco router. Start Hyperterminal, tell it which COM port to use and click OK. Set the speed of the connection to 9600 baud and click OK. If the router is not on, turn it on.
If you wish to configure the router from a Linux box, either Seyon or Minicom should work. At least one of them, and maybe both, will come with your Linux distribution.
Often you will need to hit the Enter key to see the prompt from the router. If it is unconfigured it will look like this:
Router>
If it has been previously configured with a hostname, it will look like this:
hostname of router>
If you have just turned on the router, after it boots it will ask you if you wish to begin initial configuration. Say no. If you say yes, it will put you in the menu interface. Say no.
2.1 Modes
The Cisco IOS command-line interface is organized around the idea of modes. You move in and out of several different modes while configuring a router, and which mode you are in determines what commands you can use. Each mode has a set of commands available in that mode, and some of these commands are only available in that mode. In any mode, typing a question mark will display a list of the commands available in that mode.
Router>?
2.2 Unprivileged and privileged modes
When you first connect to the router and provide the password (if necessary), you enter EXEC mode, the first mode in which you can issue commands from the command-line. From here you can use such unprivileged commands as ping, telnet, and rlogin. You can also use some of the show commands to obtain information about the system. In unprivileged mode you use commands like, show version to display the version of the IOS the router is running. Typing show ? will diplay all the show commands available in the mode you are presently in.
Router>show ?
You must enter privileged mode to configure the router. You do this by using the command enable. Privileged mode will usually be password protected unless the router is unconfigured. You have the option of not password protecting privileged mode, but it is HIGHLY recommended that you do. When you issue the command enable and provide the password, you will enter privileged mode.
To help the user keep track of what mode they are in, the command-line prompt changes each time you enter a different mode. When you switch from unprivileged mode to privileged mode, the prompt changes from:
Router>
to
Router#
This would probably not be a big deal if there were just two modes. There are, in fact, numerous modes, and this feature is probably indispensable. Pay close attention to the prompt at all times.
Within privileged mode there are many sub-modes. In this document I do not closely follow Cisco terminology for this hierarchy of modes. I think that my explanation is clearer, frankly. Cisco describes two modes, unprivileged and privileged, and then a hierarchy of commands used in privileged mode. I reason that it is much clearer to understand if you just consider there to be many sub-modes of privileged mode, which I will also call parent mode. Once you enter privileged mode (parent mode) the prompt ends with a pound sign (#). There are numerous modes you can enter only after entering privileged mode. Each of these modes has a prompt of the form:
Router(arguments)#
They still all end with the pound sign. They are subsumed within privileged mode. Many of these modes have sub-modes of their own. Once you enter priliged mode, you have access to all the configuration information and options the IOS provides, either directly from the parent mode, or from one of its submodes.
3. Configuring your Cisco Router
If you have just turned on the router, it will be completely unconfigured. If it is already configured, you may want to view its current configuration. Even if it has not been previously configured, you should familiarize yourself with the show commands before beginning to configure the router. Enter privileged mode by issuing the command enable, then issue several show commands to see what they display. Remember, the command show ? will display all the showcommands aavailable in the current mode. Definately try out the following commands:
Router#show interfacesRouter#show ip protocolsRouter#show ip routeRouter#show ip arp
When you enter privileged mode by using the command enable, you are in the top-level mode of privileged mode, also known in this document as "parent mode." It is in this top-level or parent mode that you can display most of the information about the router. As you now know, you do this with the show commands. Here you can learn the configuration of interfaces and whether they are up or down. You can display what IP protocols are in use, such as dynamic routing protocols. You can view the route and ARP tables, and these are just a few of the more important options.
As you configure the router, you will enter various sub-modes to set options, then return to the parent mode to display the results of your commands. You also return to the parent mode to enter other sub-modes. To return to the parent mode, you hit ctrl-z. This puts any commands you have just issued into affect, and returns you to parent mode.
3.1 Global configuration (config)
To configure any feature of the router, you must enter configuration mode. This is the first sub-mode of the parent mode. In the parent mode, you issue the command config.
Router#configRouter(config)#
As demonstrated above, the prompt changes to indicate the mode that you are now in.
In connfiguration mode you can set options that apply system-wide, also refered to as "global configurations." For instance, it is a good idea to name your router so that you can easily identify it. You do this in configuration mode with the hostname command.
Router(config)#hostname ExampleNameExampleName(config)#
As demonstrated above, when you set the name of the host with the hostname command, the prompt immediately changes by replacing Router with ExampleName. (Note: It is a good idea to name your routers with an organized naming scheme.)
Another useful command issued from config mode is the command to designate the DNS server to be used by the router:
ExampleName(config)#ip name-server aa.bb.cc.ddExampleName(config)#ctrl-ZExampleName#
This is also where you set the password for privileged mode.
ExampleName(config)#enable secret examplepasswordExampleName(config)#ctrl-ZExampleName#
Until you hit ctrl-Z (or type exit until you reach parent mode) your command has not been put into affect. You can enter config mode, issue several different commands, then hit ctrl-Z to activate them all. Each time you hit ctrl-Z you return to parent mode and the prompt:
ExampleName#
Here you use show commands to verify the results of the commands you issued in config mode. To verify the results of the ip name-server command, issue the command show host.
3.2 Configuring Cisco router interfaces
Cisco interface naming is straightforward. Individual interfaces are referred to by this convention:
media type slot#/port#
"Media type" refers to the type of media that the port is an interface for, such as Ethernet, Token Ring, FDDI, serial, etc. Slot numbers are only applicable for routers that provide slots into which you can install modules. These modules contain several ports for a given media. The 7200 series is an example. These modules are even hot-swapable. You can remove a module from a slot and replace it with a different module, without interrupting service provided by the other modules installed in the router. These slots are numbered on the router.
Port number refers to the port in reference to the other ports in that module. Numbering is left-to-right, and all numbering starts at 0, not at one.
For example, a Cisco 7206 is a 7200 series router with six slots. To refer to an interface that is the third port of an Ethernet module installed in the sixth slot, it would be interface ethernet 6/2. Therefor, to display the configuration of that interface you use the command:
ExampleName#show interface ethernet 6/2
If your router does not have slots, like a 1600, then the interface name consists only of:
media type port#
For example:
ExampleName#show interface serial 0
Here is an example of configuring a serial port with an IP address:
ExampleName#configExampleName(config)#interface serial 1/1ExampleName(config-if)#ip address 192.168.155.2 255.255.255.0ExampleName(config-if)#no shutdownExampleName(config-if)#ctrl-ZExampleName#
Then to verify configuration:
ExampleName#show interface serial 1/1
Note the no shutdown command. An interface may be correctly configured and physically connected, yet be "administratively down." In this state it will not function. The command for causing an interface to be administratively down is shutdown.
ExampleName(config)#interface serial 1/1ExampleName(config-if)#shutdownExampleName(config-if)#ctrl-ZExampleName#show interface serial 1/1
In the Cisco IOS, the way to reverse or delete the results of any command is to simply put no infront of it. For instance, if we wanted to unassign the IP address we had assigned to interface serial 1/1:
ExampleName(config)#interface serail 1/1ExampleName(config-if)#no ip address 192.168.155.2 255.255.255.0ExampleName(config-if)ctrl-ZExampleName#show interface serial 1/1
Configuring most interfaces for LAN connections might consist only of assigning a network layer address and making sure the interface is not administratively shutdown. It is usually not necessary to stipulate data-link layer encapsulation. Note that it is often necessary to stipulate the appropriate data-link layer encapsulation for WAN connections, such as frame-relay and ATM. Serial interfaces default to using HDLC. A discussion of data-link protocols is outside the scope of this document. You will need to look up the IOS command encapsulation for more details.
3.3 Configuring Cisco Routing
IP routing is automatically enabled on Cisco routers. If it has been previously disabled on your router, you turn it back on in config mode with the command ip routing.
ExampleName(config)#ip routingExampleName(config)#ctrl-Z
There are two main ways a router knows where to send packets. The administrator can assign static routes, or the router can learn routes by employing a dynamic routing protocol.
These days static routes are generally used in very simple networks or in particular cases that necessitate their use. To create a static route, the administrator tells the router operating system that any network traffic destined for a specified network layer address should be forwarded to a similiarly specified network layer address. In the Cisco IOS this is done with the ip route command.
ExampleName#configExampleName(config)#ip route 172.16.0.0 255.255.255.0 192.168.150.1ExampleName(config)#ctrl-ZExampleName#show ip route
Two things to be said about this example. First, the packet destination address must include the subnet mask for that destination network. Second, the address it is to be forwarded to is the specified addres of the next router along the path to the destination. This is the most common way of setting up a static route, and the only one this document covers. Be aware, however, that there are other methods.
Dynamic routing protocols, running on connected routers, enable those routers to share routing information. This enables routers to learn the routes available to them. The advantage of this method is that routers are able to adjust to changes in network topologies. If a route is physically removed, or a neighbor router goes down, the routing protocol searches for a new route. Routing protocols can even dynamically choose between possible routes based on variables such as network congestion or network reliability.
There are many different routing protocols, and they all use different variables, known as "metrics," to decide upon appropriate routes. Unfortunately, a router needs to be running the same routing protocols as its neighbors. Many routers can, however, run mutliple protocols. Also, many protocols are designed to be able to pass routing information to other routing protocols. This is called "redistribution." The author has no experience with trying to make redistribution work. There is an IOS redistribute command you can research if you think this is something you need. This document's compagnion case study describes an alternative method to deal with different routing protocols in some circumstances.
Routing protocols are a complex topic and this document contains only this superficial description of them. There is much to learn about them, and there are many sources of information about them available. An excelent source of information on this topic is Cisco's website, http://www.cisco.com.
This document describes how to configure the Routing Information Protocol (RIP) on Cisco routers. From the command-line, we must explicitly tell the router which protocol to use, and what networks the protocol will route for.
ExampleName#configExampleName(config)#router ripExampleName(config-router)#network aa.bb.cc.ddExampleName(config-router)#network ee.ff.gg.hhExampleName(config-router)#ctrl-ZExampleName#show ip protocols
Now when you issue the show ip protocols command, you should see an entry describing RIP configuration.
3.4 Saving your Cisco Router configuration
Once you have configured routing on the router, and you have configured individual interfaces, your router should be capable of routing traffic. Give it a few moments to talk to its neighbors, then issue the commands show ip route and show ip arp. There should now be entries in these tables learned from the routing protocol.
If you turned the router off right now, and turned it on again, you would have to start configuration over again. Your running configuration is not saved to any perminent storage media. You can see this configuration with the command show running-config.
ExampleName#show running-config
You do want to save your successful running configuration. Issue the command copy running-config startup-config.
ExampleName#copy running-config startup-config
Your configuration is now saved to non-volatile RAM (NVRAM). Issue the command show startup-config.
ExampleName#show startup-config
Now any time you need to return your router to that configuration, issue the command copy startup-config running-config.
ExampleName#copy startup-config running-config
3.5 Example Cisco Router configuration
- Router>enable
- Router#config
- Router(config)#hostname N115-7206
- N115-7206(config)#interface serial 1/1
- N115-7206(config-if)ip address 192.168.155.2 255.255.255.0
- N115-7206(config-if)no shutdown
- N115-7206(config-if)ctrl-z
- N115-7206#show interface serial 1/1
- N115-7206#config
- N115-7206(config)#interface ethernet 2/3
- N115-7206(config-if)#ip address 192.168.150.90 255.255.255.0
- N115-7206(config-if)#no shutdown
- N115-7206(config-if)#ctrl-z
- N115-7206#show interface ethernet 2/3
- N115-7206#config
- N115-7206(config)#router rip
- N115-7206(config-router)#network 192.168.155.0
- N115-7206(config-router)#network 192.168.150.0
- N115-7206(config-router)#ctrl-z
- N115-7206#show ip protocols
- N115-7206#ping 192.168.150.1
- N115-7206#config
- N115-7206(config)#ip name-server 172.16.0.10
- N115-7206(config)#ctrl-z
- N115-7206#ping archie.au
- N115-7206#config
- N115-7206(config)#enable secret password
- N115-7206(config)#ctrl-z
- N115-7206#copy running-config startup-config
- N115-7206#exit
4. Troubleshooting your Cisco router
Inevitably, there will be problems. Usually, it will come in the form of a user notifying you that they can not reach a certain destination, or any destinattion at all. You will need to be able to check how the router is attempting to route traffic, and you must be able to track down the point of failure.
You are already familiar with the show commands, both specific commands and how to learn what other show commands are available. Some of the most basic, most useful commands you will use for troubleshooting are:
ExampleName#show interfacesExampleName#show ip protocolsExampleName#show ip routeExampleName#show ip arp
4.1 Testing connectivity
It is very possible that the point of failure is not in your router configuration, or at your router at all. If you examine your router's configuration and operation and everything looks good, the problem might be be farther up the line. In fact, it may be the line itself, or it could be another router, which may or may not be under your administration.
One extremely useful and simple diagnostic tool is the ping command. Ping is an implementation of the IP Message Control Protocol (ICMP). Ping sends an ICMP echo request to a destination IP address. If the destination machine receives the request, it responds with an ICMP echo response. This is a very simple exchange that consists of:
Hello, are you alive?
Yes, I am.
ExampleName#ping xx.xx.xx.xx
If the ping test is successful, you know that the destination you are having difficulty reaching is alive and physically reachable.
If there are routers between your router and the destination you are having difficulty reaching, the problem might be at one of the other routers. Even if you ping a router and it responds, it might have other interfaces that are down, its routing table may be corrupted, or any number of other problems may exist.
To see where packets that leave your router for a particular destination go, and how far, use the trace command.
ExampleName#trace xx.xx.xx.xx
It may take a few minutes for this utility to finish, so give it some time. It will display a list of all the hops it makes on the way to the destination.
4.2 debug commands
There are several debug commands provided by the IOS. These commands are not covered here. Refer to the Cisco website for more information.
4.3 Hardware and physical connections
Do not overlook the possibility that the point of failure is a hardware or physical connection failure. Any number of things can go wrong, from board failures to cut cables to power failures. This document will not describew troubleshooting these problems, except for these simple things.
Check to see that the router is turned on. Also make sure that no cables are loose or damaged. Finally, make sure cables are plugged into the correct ports. Beyond this simple advice you will need to check other sources.
4.4 Out of your control
If the point of failure is farther up the line, the prolem might lie with equipment not under your administration. Your only option might be to contact the equipment's administrator, notify them of your problem, and ask them for help. It is in your interest to be courtious and respectful. The other administrator has their own problems, their own workload and their own priorities. Their agenda might even directly conflict with yours, such as their intention to change dynamic routing protocols, etc. You must work with them, even if the situation is frustrating. Alienating someone with the power to block important routes to your network is not a good idea.
5. References
- Leinwand, Pinsky and Culpepper Cisco Router Configuration. Indianapolis, Indiana: Cisco Press, 1998.
- Cisco Systems, Inc., http://www.cisco.com
Router Simulator Supported Commands:
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
To get to User Mode Press ENTER and a password if required. To get to Privileged Mode Router> enable To get back to User Mode Router# disable To Exit the Router Router> exit or logoff Break Key
<shift>+<ctrl>+6 ‘x’
To move to the beginning of the command line Ctrl+A To move to the end of the command line Ctrl+E To move forward one character Ctrl+F [or right arrow key] To move back one character Ctrl+B [or left arrow key] To repeat the previous command Ctrl+P [or up arrow key] To repeat the most recent (last) command Ctrl+N [or down arrow key] To move back one word Esc+B To move forward one word Esc+F To erase a word Ctrl+W To erase a line Ctrl+U To redisplay a line Ctrl+R Ends configuration mode and returns to privileged mode Router# Ctrl+Z To auto complete a command <tab> To show the command buffer Router> show history To set the command buffer size Router> terminal history size To disable advanced editing features Router> terminal no editing To re-enable advanced editing features Router> terminal editing
Viewing Router Information
| View IOS version Router# | show version |
| View current configuration file (RAM) Router# | show running-config |
| View saved configuration file (NVRAM) Router# | show startup-config |
| View IOS version, size of IOS, and free space in FLASH Router# | show flash |
| View CPU utilization Router# | show processes cpu |
| View info about programs in RAM Router# | show processes |
| Display interfaces on router and their status Router# | show interface |
| Display the ip interfaces on router and their status Router# | show ip interface |
| Display which protocols are configured on the router Router# | show protocol |
| Display ip protocol info Router# | show ip protocol |
Cisco Discovery Protocol
| View info of neighboring Cisco devices (routers, switches,etc) Router# | show cdp neighbors [ show cdp neighbor detail] |
| View interface info, default encap, cdp update and holdtime freq Router# | show cdp interface |
| View a neighbors details Router# | show cdp entry RouterB |
| View cdp update and holdtime frequency Router# | show cdp |
| Change update frequency Router# | cdp timer 90 [60 sec is default] |
| Change how long to hold a CDP entry of a neighbor for Router# | cdp holdtime 240 |
| Turn off CDP on an interface Router(config-if)# | no cdp enable |
| CDP is enabled globally [CDP is enabled by default] Router(config)# | cdp run |
Managing Configuration Files
| Run the initial configuration dialog Router# | setup |
| Reboot the router and reload the startup config from NVRAM Router# | reload |
| Enter global configuration mode Router# | config terminal |
| Copy configuration file in RAM to NVRAM Router# | copy running-config startup-config |
| Copy configuration file in NVRAM to RAM Router# | copy startup-config running-config |
| Erase the configuration file in NVRAM [run initial config dialog] Router# | erase startup-config |
| Copy startup config file from TFTP to NVRAM Router# | copy tftp startup-config |
| Copy startup config file from NVRAM to TFTP Router# | copy startup-config tftp |
| Copy startup config file from TFTP to RAM Router# | copy tftp running-config |
| Copy running config file from RAM to TFTP Router# | copy running-config tftp |
| Backup IOS to file server Router# | copy flash tftp |
| Upgrade the IOS from the file server Router# | copy tftp flash |
| Tell router which IOS file in Flash to boot from Router(config)# | boot system flash (ios_filename) |
| Tell router which IOS to request from the TFTP server (fallback) Router(config)# | boot system tftp (ios_filename) tftp_ip_address |
| Tell router to boot from IOS in ROM Router(config)# | boot rom |
Router Password Commands
| Set the enable secret password [to enter privileged mode] Router(config)# | enable secret Rimmer |
| Set the enable password Router(config)# | enable Rimmer |
| Set the password for Telnet Router(config)# | line vty 0 4 ;0 4 specifies num of telnet sessions |
| Router(config-line)# | login |
| Router(config-line)# | password Holly |
| Set the console port password Router(config)# | line con 0 |
| Router(config-line)# | login |
| Router(config-line)# | password Holly |
| Set the auxiliary password Router(config)# | line aux 0 |
| Router(config-line)# | login |
| Router(config-line)# | password Holly |
| Passwords can be encrypted Routerconfig)# | service password-encryption |
| To de-encrypt the passwords Routerconfig)# | no service password-encryption |
Router Identification Commands
| Message of the day Router(config)# | banner motd # You are in… # |
| Give the router a hostname Router(config)# | hostname RouterC |
Router Auto-Install Commands
| Router broadcasts to get its own TCP/IP address using | BOOTP |
| Router broadcasts again to locate the file server IP addr using | TFTP |
| Router attempts TFTP to get the IP-to-Hostname mapping file |
|
| If above fails, fallback to 8.3 DOS compatible filename conven |
|
| Network-confg |
|
| Cisconet.cfg |
|
| Router attempts TFTP to get its specific Hostname running config |
|
| If above fails, fallback to 8.3 DOS compatibile filename conven |
|
| {Hostname}-confg |
|
| {Hostname}.cfg |
|
| Note: {Hostname}is determined by parsing network-confg file and checking all Hostnames listed against own IP address |
|
Configuring a Serial Interface | |
| Is it DCE or DTE? Router# | show controller serial 1 |
| Enter sub interface mode Router(config)# | interface serial 1 |
| Set clock rate on DCE Router(config-if)# | clock rate 64000 [or clockrate 64000] |
| Set the bandwidth Router(config-if)# | bandwidth 64 |
| Enable the interface Router(config-if)# | no shutdown |
| Check interface status Router# | show interface serial 1 |
| Router# | show ip interface brief |
