CISCO-IOS - Base Commands: Difference between revisions

From Wiki.IT-Arts.net
imported>Z
No edit summary
imported>Z
No edit summary
 
Line 68: Line 68:




== Channels and SSH ==
=== Channels and SSH ===


Setup virtual channels security :
Setup virtual channels security :
Line 233: Line 233:
=== Display All Interfaces Status Informations ===
=== Display All Interfaces Status Informations ===


<nowiki>
<nowiki>
show interface status</nowiki>
show interface status</nowiki>


Shows :
Shows :


<nowiki>
<nowiki>
cisco#show interfaces status
cisco#show interfaces status



Latest revision as of 12:16, 1 May 2024


CISCO IOS BASE COMMANDS


Hostname Definition

Define a hostname :

hostname <hostname>


Domain Name =

Define a domain name :

ip domain-name <domain.tld>


SSH

RSA key generation

!!! Require defined hostname AND domain name !!!

crypto key generate rsa modulus <1024-4096>


SSH Version

Define used SSH version :

ip ssh version 2


Creating Users Accounts

By default, there are three privilege levels on the router:

  • privilege level 0 = seldom used, but includes 5 commands: disable, enable, exit, help, and logout
  • privilege level 1 = non-privileged (prompt is router>), the default level for logging in
  • privilege level 15 = privileged (prompt is router#), the level after going into enable mode


Levels 2-14 are not used in a default configuration, but commands that are normally at level 15 can be moved down to one of those levels and commands that are normally at level 1 can be moved up to one of those levels. Obviously, this security model involves some administration on the router. To determine the privilege level as a logged-in user, type the show privilege command. To determine what commands are available at a particular privilege level for the version of Cisco IOS® software that you are using, type a ? at the command line when logged in at that privilege level.


Privileges levels:

  • username support privilege 5 secret cisco5
  • username junior-admin privilege 10 secret cisco10
  • username full-admin privilege 15 secret cisco10


User creation with cleartext password to encrypt:

username <USER> privilege 15 secret 0 <PASSWORD>


Channels and SSH

Setup virtual channels security :

line vty 0 15
transport input ssh


Authentications Activation

New authentication model :

aaa new-model
!
aaa authentication login default local

Auto authenticate desactivation on console port :

aaa authentication login noauth none

Renforced authentication local server:

aaa authentication enable default group tacacs+ enable none


@IP management

IP Mgmt

Management interface configuration :

interface mgmt 0
ip address 192.168.13.48 255.255.255.0


Static Route

Define a default route :

ip route vrf management 0.0.0.0 0.0.0.0 192.168.50.1

!!! OR !!!

ip default-gateway 192.168.50.1


DNS

Define DNS (max 6) :

ip name-server 80.67.169.12 80.67.169.40


Firmware Update

Set up a TFTP local server with the desirated firmware.


TFTP

Launch the download of the firmware on the router :

copy tftp: bootdisk:/
[Answer the questions]


Boot on new the firmware

Configure the startup boot option :

boot system bootdisk:/<IMAGE-NAME>

Then :

reload


Verifications

Firmware Version

Display IOS version :

show version

Shows :

Cisco IOS Software, c6880x Software (c6880x-ADVENTERPRISEK9-M), Version 15.1(2)SY10, RELEASE SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2017 by Cisco Systems, Inc.
Compiled Tue 21-Feb-17 01:34 by prod_rel_team

ROM: System Bootstrap, Version 15.1(02)SY01 [ Rel 1.1], RELEASE SOFTWARE
BOOTLDR: 
 cisco uptime is 31 minutes
Uptime for this control processor is 31 minutes
System returned to ROM by reload at 13:36:56 UTC Tue May 16 2017
System image file is "bootdisk:/c6880x-adventerprisek9-mz.SPA.151-2.SY10.bin"
Last reload reason: Reload Command



This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco C6880-X ( Intel(R) Core(TM) i3- CPU @ 2.00GHz ) processor (revision ) with 3144703K/262144K bytes of memory.
Processor board ID SAL204305C5
Processor signature 0xA7060200
Last reset from s/w reset
1 Virtual Ethernet interface
1 Gigabit Ethernet interface
16 Ten Gigabit Ethernet interfaces
1966064K bytes of USB Flash bootdisk (Read/Write)

Configuration register is 0x2102


Interfaces Verification

show interfaces <INTERFACE-NAME> <STATUS | STATS >


Global Interfaces Configuration Verification

show running-config | section interface


Display All Interfaces Status Informations

show interface status

Shows :

cisco#show interfaces status

Port          Name               Status       Vlan       Duplex  Speed Type
Te5/1                            disabled     routed       auto   auto No Connector
Te5/2                            disabled     routed       auto   auto No Connector
Te5/3                            disabled     routed       auto   auto No Connector
Te5/4                            disabled     routed       auto   auto No Connector
Te5/5                            disabled     routed       auto   auto No Connector
Te5/6                            disabled     routed       auto   auto No Connector
Te5/7                            disabled     routed       auto   auto No Connector
Te5/8                            disabled     routed       auto   auto No Connector
Te5/9                            disabled     routed       auto   auto No Connector
Te5/10                           disabled     routed       auto   auto No Connector
Te5/11                           disabled     routed       auto   auto No Connector
Te5/12                           disabled     routed       auto   auto No Connector
Te5/13                           disabled     routed       auto   auto No Connector
Te5/14                           disabled     routed       auto   auto No Connector
Te5/15                           disabled     routed       auto   auto No Connector
Te5/16                           disabled     routed       auto   auto No Connector
mgmt0                            connected    routed     a-full  a-100 10/100/1000BaseT