Managing of Cisco IOS

Setting Up Secure Shell (SSH)

• Instead of Telnet, you can use Secure Shell,

which creates a more secure session than the
Telnet application that uses an unencrypted
data stream.
• Secure Shell (SSH) uses encrypted keys to send
data so that your username and password are
not sent in the clear.
 Steps to Setting up SSH:

• Router(config)#hostname Todd
• Todd(config)#ip domain-name Lammle.com
• Todd(config)#crypto key generate rsa general-keys modulus ?
• <360-2048> size of the key modulus [360-2048]
• Todd(config)#crypto key generate rsa general-keys modulus 1024
• Todd(config)#ip ssh time-out ?
• <1-120> SSH time-out interval (secs)
• Todd(config)#ip ssh time-out 60
• Todd(config)#ip ssh authentication-retries ?
• <0-5> Number of authentication retries
• Todd(config)#ip ssh authentication-retries 2
• Todd(config)#line vty 0 1180
• Todd(config-line)#transport input ssh telnet
 Cisco’s Security Device Manager (SDM)

• Cisco’s SDM is used to configure a router from

an HTTP or HTTPS interface.
• SDM is available on Cisco router models from
Cisco 830 Series to 7301.
• It’s preinstalled on all new 850, 870, 1800,
2800, and 3800 series routers.
 Cisco’s Security Device Manager (SDM)

• To set up your host to log in using the SDM,

make sure your router is configured first.
• For example,if the startup-config is erased
and the router is reloaded,
• Router>en
• Router#config t
• Enter configuration commands, one per line. End with CNTL/Z.
• Router(config)#int f0/0
• Router(config-if)#ip address 1.1.1.1 255.255.255.0
• Router(config-if)#no shut
• Router(config-if)#do ping 1.1.1.2
• Success rate is 100 percent (5/5),
 Cisco’s Security Device Manager (SDM)

• This would be a minimum configuration and

will allow you to connect via SDM.
• From here, just open a browser, with popups
enabled, type http://1.1.1.1, and follow the
easy prompts once connected.
• The configuration is different if you want to
set the router to use HTTPS, which allows you
access into privileged mode upon connection
 Cisco’s Security Device Manager (SDM)

• Router(config)#ip http server

• Router(config)#ip http authentication local
• Second, create a user account using privilege level 15
(the highest level):
• Router(config)#username cisco privilege ?
• <0-15> User privilege level
• Router(config)#username cisco privilege 15
password 0 cisco
 Cisco’s Security Device Manager (SDM)

• Last, configure the console, SSH, and Telnet to provide

local login authentication at privilege level access:
• Router(config)#line console 0
• Router(config-line)#login local
• Router(config-line)#exit
• Router(config)#line vty 0 1180
• Router(config-line)#privilege level 15
• Router(config-line)#login local
• Router(config-line)#transport input telnet
• Router(config-line)#transport input telnet ssh
• Router(config-line)#^Z
 Cisco Discovery Protocol

– Cisco Discovery Protocol is a proprietary utility that

provides a summary of directly connected switches,
routers, and other Cisco devices.
– Cisco Discovery Protocol discovers neighboring devices,
regardless of which protocol suite they are running.
– Physical media must support the SNAP encapsulation.
Discovering Neighbors with Cisco
Discovery Protocol
– Cisco Discovery Protocol runs on
Cisco IOS devices.
– Summary information includes:
– Device identifiers
– Address list
– Port identifier
– Capabilities list
– Platform
 Using Cisco Discovery Protocol

RouterA#show cdp ?
entry Information for specific neighbor entry
interface CDP interface status and configuration
neighbors CDP neighbors entries
traffic CDP statistics
<cr>
RouterA(config)#no cdp run
RouterA(config)#interface serial0/0/0
RouterA(config-if)#no cdp enable
 Using Cisco Discovery Protocol

RouterA#show cdp ?
entry Information for specific neighbor entry
interface CDP interface status and configuration
neighbors CDP neighbor entries
traffic CDP statistics
…
RouterA(config)#no cdp run
! Disable CDP Globally
RouterA(config)#interface serial0/0/0
RouterA(config-if)#no cdp enable
! Disable CDP on just this interface
 Using the show cdp neighbors
Command

RouterA#show cdp neighbors

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater

Device ID Local Intrfce Holdtme Capability Platform Port ID

SwitchA fa0/0 122 S I WS-C2960- fa0/2
RouterB s0/0/0 177 R S I 2811 s0/0/1
 Using the show cdp entry Command

Device ID: RouterB

Entry address(es):
IP address: 10.1.1.2
Platform: Cisco 2811, Capabilities: Router Switch IGMP
Interface: Serial0/0/0, Port ID (outgoing port): Serial0/0/1
Holdtime : 155 sec

Version :
Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version
12.4(12), RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Fri 17-Nov-06 12:02 by prod_rel_team
 Additional Cisco Discovery Protocol
Commands

RouterA#show cdp traffic

CDP counters :
Total packets output: 8680, Input: 8678
Hdr syntax: 0, Chksum error: 0, Encaps failed: 5
No memory: 0, Invalid packet: 0, Fragmented: 0
CDP version 1 advertisements output: 0, Input: 0
CDP version 2 advertisements output: 8680, Input: 8678

RouterA#show cdp interface s0/0/0

Serial0/0/0 is up, line protocol is up
Encapsulation PPP
Sending CDP packets every 60 seconds
Holdtime is 180 seconds
 Using a Router as a DHCP Server
• Cisco IOS Software includes a full DHCP server
implementation:
– Assigns IP addresses from specified address pools
within the router
– Can be configured to assign the IP address of
these components:
• Domain Name System (DNS) server
• Default router
DHCP Server Using a Router
 DHCP
R1>en
R1#conf t
R1(config)# service dhcp
R1(config)#ip dhcp pool TEST
R1(config-dhcp)#network 50.0.0.0 255.0.0.0
R1(config-dhcp)#default-router 50.0.0.1
R1(config-dhcp)#dns-server 50.0.0.5 50.0.0.6
R1(config-dhcp)#lease 20
R1(config-dhcp)#exit
R1(config)#ip dhcp excluded-address 50.0.0.1 50.0.0.20
R1(config)#exit
R1#wr
Set obtain IP automatic on client computers
On router interface run IP ADDRESS DHCP
R1#sh ip dhcp binding
 DNS

 Application specified in the TCP/IP suite

 A way to translate human-readable names into IP addresses
 Assign of DNS/Name Resolution
Name Resolution

1== Host Table

R1#conf t
R1(config)#ip host Router 50.0.0.1 ----IP host <name> <IP>
R1(config)#ip host Client 50.0.0.6
R1# ping Router or Client
R1# sh hosts
----------------------------------
2== DNS as client

R1#conf t
R1(config)#ip domain-lookup
R1(config)#ip name-server 50.0.0.5 50.0.0.6 -to assign two DNS Server <ip1>
<ip2)
R1#sh hosts
R1#ping test1
Device Configuration Files
 Verifying Memory and Deciphering
Image Filenames

RouterX#sh flash
-#- --length-- -----date/time------ path
1 14951648 Feb 22 2007 21:38:56 +00:00 c2800nm-ipbase-mz.124-5a.bin
2 1823 Dec 14 2006 08:24:54 +00:00 sdmconfig-2811.cfg
3 4734464 Dec 14 2006 08:25:24 +00:00 sdm.tar
4 833024 Dec 14 2006 08:25:38 +00:00 es.tar
5 1052160 Dec 14 2006 08:25:54 +00:00 common.tar
6 1038 Dec 14 2006 08:26:08 +00:00 home.shtml
7 102400 Dec 14 2006 08:26:22 +00:00 home.tar
8 491213 Dec 14 2006 08:26:40 +00:00 128MB.sdf

41836544 bytes available (22179840 bytes used)

• Verify that flash memory has room for the

Cisco IOS image.
 BACKUP AND RESTORING
CONFIGURATIONS
Use TFTP server software, where installed takes machine ip as its own ip.
Test connectivity of router and TFTP ip.
BACKUP ---

NVRAM

R1#copy run start or wr --- first save the current configration

R1#copy start tftp
TFTP ip:
Dest. File Name:

FLASH
R1#sh flash %Verify IOS file NAME%
R1#copy flash tftp
Source File Name:
TFTP ip:
Dest. File Name:
 RESTORE
Provide ip to lan port of router

NVRAM

Router#copy tftp start

Tftp ip:
Source file name:
Dest. file name:
Router#reload

Restore or upgrade FLASH

R1#sh flash %verify space available, if less space delete old IOS%
R1#copy tftp flash
Source file:
Tftp ip:
Dest. File:
R1(config)#boot system flash <new IOS>
R1#wr and reload
 PASSWORD Breaking

Will have to change Configuration Register to enter into the router

Step 1.
Power off the router then power it on
Press ctrl+Pause/Break %doing this bill stop ios loading%
Router comes into ROMMON mode
Step2. Change register Value
If
>
>o/r 0x2142
>I
-----------
If
Rommon1>
rommon1>confreg 0x2142
rommon2>reset
Step3. Get the setting in Running Memory or RAM
 PASSWORD Breaking
Step3. Get the setting in Running Memory or RAM
Router#sh run
Router#sh start
Router #copy start run
R1#
Step4. Either change or remove the passwords
R1#conf t
R1(config)#line console 0
R1(config-line)#no password
R1(config)#no enable secret or password
 PASSWORD Breaking
Step5. Change to default registers
R1(config)#config-register 0x2102
R1(config)#exit
R1#sh ver
R1#wr and reload