CISCO-IOS - Base Commands
CISCO IOS BASE COMMANDS
Hostname Definition
Define a hostname :
hostname <hostname>
Domain Name =
Define a domain name :
ip domain-name <domain.tld>
SSH
RSA key generation
!!! Require defined hostname AND domain name !!!
crypto key generate rsa modulus <1024-4096>
SSH Version
Define used SSH version :
ip ssh version 2
Creating Users Accounts
By default, there are three privilege levels on the router:
- privilege level 0 = seldom used, but includes 5 commands: disable, enable, exit, help, and logout
- privilege level 1 = non-privileged (prompt is router>), the default level for logging in
- privilege level 15 = privileged (prompt is router#), the level after going into enable mode
Levels 2-14 are not used in a default configuration, but commands that are normally at level 15 can be moved down to one of those levels and commands that are normally at level 1 can be moved up to one of those levels. Obviously, this security model involves some administration on the router.
To determine the privilege level as a logged-in user, type the show privilege command. To determine what commands are available at a particular privilege level for the version of Cisco IOS® software that you are using, type a ? at the command line when logged in at that privilege level.
Privileges levels:
- username support privilege 5 secret cisco5
- username junior-admin privilege 10 secret cisco10
- username full-admin privilege 15 secret cisco10
User creation with cleartext password to encrypt:
username <USER> privilege 15 secret 0 <PASSWORD>
Channels and SSH
Setup virtual channels security :
line vty 0 15 transport input ssh
Authentications Activation
New authentication model :
aaa new-model ! aaa authentication login default local
Auto authenticate desactivation on console port :
aaa authentication login noauth none
Renforced authentication local server:
aaa authentication enable default group tacacs+ enable none
@IP management
IP Mgmt
Management interface configuration :
interface mgmt 0 ip address 192.168.13.48 255.255.255.0
Static Route
Define a default route :
ip route vrf management 0.0.0.0 0.0.0.0 192.168.50.1
!!! OR !!!
ip default-gateway 192.168.50.1
DNS
Define DNS (max 6) :
ip name-server 80.67.169.12 80.67.169.40
Firmware Update
Set up a TFTP local server with the desirated firmware.
TFTP
Launch the download of the firmware on the router :
copy tftp: bootdisk:/ [Answer the questions]
Boot on new the firmware
Configure the startup boot option :
boot system bootdisk:/<IMAGE-NAME>
Then :
reload
Verifications
Firmware Version
Display IOS version :
show version
Shows :
Cisco IOS Software, c6880x Software (c6880x-ADVENTERPRISEK9-M), Version 15.1(2)SY10, RELEASE SOFTWARE (fc4) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2017 by Cisco Systems, Inc. Compiled Tue 21-Feb-17 01:34 by prod_rel_team ROM: System Bootstrap, Version 15.1(02)SY01 [ Rel 1.1], RELEASE SOFTWARE BOOTLDR: cisco uptime is 31 minutes Uptime for this control processor is 31 minutes System returned to ROM by reload at 13:36:56 UTC Tue May 16 2017 System image file is "bootdisk:/c6880x-adventerprisek9-mz.SPA.151-2.SY10.bin" Last reload reason: Reload Command This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com. Cisco C6880-X ( Intel(R) Core(TM) i3- CPU @ 2.00GHz ) processor (revision ) with 3144703K/262144K bytes of memory. Processor board ID SAL204305C5 Processor signature 0xA7060200 Last reset from s/w reset 1 Virtual Ethernet interface 1 Gigabit Ethernet interface 16 Ten Gigabit Ethernet interfaces 1966064K bytes of USB Flash bootdisk (Read/Write) Configuration register is 0x2102
Interfaces Verification
show interfaces <INTERFACE-NAME> <STATUS | STATS >
Global Interfaces Configuration Verification
show running-config | section interface
Display All Interfaces Status Informations
show interface status
Shows :
cisco#show interfaces status Port Name Status Vlan Duplex Speed Type Te5/1 disabled routed auto auto No Connector Te5/2 disabled routed auto auto No Connector Te5/3 disabled routed auto auto No Connector Te5/4 disabled routed auto auto No Connector Te5/5 disabled routed auto auto No Connector Te5/6 disabled routed auto auto No Connector Te5/7 disabled routed auto auto No Connector Te5/8 disabled routed auto auto No Connector Te5/9 disabled routed auto auto No Connector Te5/10 disabled routed auto auto No Connector Te5/11 disabled routed auto auto No Connector Te5/12 disabled routed auto auto No Connector Te5/13 disabled routed auto auto No Connector Te5/14 disabled routed auto auto No Connector Te5/15 disabled routed auto auto No Connector Te5/16 disabled routed auto auto No Connector mgmt0 connected routed a-full a-100 10/100/1000BaseT
