TechNote: Basic Cisco Router Configuration and Management
Random-Access Memory similar to the function as RAM in PCs.
This is where the IOS runs its processes. It also contains the
running configuration, routing and other tables as well as packet
This Read-Only Memory stores a older 'lite' IOS used to boot
the router for the very first time, or when the Flash memory
is erased or corrupted.
This piece of 'flash-able' memory stores the IOS image, the
operating system of the router.
In contradiction to normal RAM, Non-Volatile Random-Access Memory
is a special type of memory that doesn't lose its content when
the router's power is turned off.
It stores the startup configuration and the configuration register.
The NVRAM has a special location that contains the 16-bit configuration
register. Every time the router boots it reads this value.
The config-register value is a hexadecimal value ranging from
from 0x0000 to 0xFFFF and can be set byusing the config-register
The most important portion of the configuration register to
understand for the exam is the boot field (bit 0 through
3, hexadecimal range 0x0000-0x000F). The boot field value is
used to specify from which location the IOS image should be loaded or
bypassed even during startup.
||The router will enter ROM monitor mode
and remain at the system bootstrap prompt.
||The IOS image stored in ROM will be
||The router will boot as normal and load
the default IOS image stored in Flash and enables boot
The remaining 12 bits of the configuration register are used for various functions such as enabling/disabling
the Break function, setting the Console line speed, bypassing
NVRAM, and controlling the broadcast address.
To change the configuration register you have to enter be in
global configuration mode. Use the command configure
terminal often abbreviated to conf
t in privileged EXEC mode to enter global config mode.
You can enter privileged EXEC mode using the enable
command. When you enter the correct password the prompt will change to
Router# (where "Router" is the hostname of the router).
Once you are in global config mode use the following command
to change configuration register value:
where 0x2102 is an example of a config-register value.
You can view the current configuration setting by using the Router#show
version command. The last line of the output will display
the current value and if it is different, the value after reboot:
Configuration register is 0x2142 (will be
0x2102 at next reload)
A router boots similar to a regular computer as it first
performs a power on self test (POST) for the hardware, next loads bootstrap
code from ROM, loads the IOS image from Flash into
RAM, performs a hardware inventory, and finally the router
locates and loads a configuration file.
You can reboot a router by using the power switch or the reload
Initial router configuration
As mentioned earlier, the router configuration is stored in NVRAM. This is the place where the router will search for a configuration
file. Alternatively, you can configure the router to load a configuration
file from a TFTP server. If the router cannot locate a configuration
file (on a new router for example) it will start setup
and it will ask if you want to enter the initial configuration
dialog. If you answer with No, you'll be taken to the command
prompt and you'll be able to configure the router manually.
If you answer with Yes, you'll be taken through a list of questions
allowing you to configure the router e.g. set a hostname and enable
password and secret, configure routed and routing protocols,
and assign addresses to interfaces. You can initiate this configuration
dialog at any time by using the setup command.
Manage configuration files
A Cisco router contains two configurations: the startup
configuration (usually stored in NVRAM) and the running
configuration (stored in RAM). When you makes changes to the router configuration by entering global configuration mode by using the config terminal command, the changes are made to the running configuration.
To copy the currently running active configuration to NVRAM,
i.o.w. to save a changed running configuration to the startup configuration so it will be used the next time you reload the router, use the following command:
The following command loads the startup configuration stored
in NVRAM into RAM and makes it the active running configuration.
Router#copy startup-config running-config
You can also copy the running configuration to a TFTP server
using the following command:
running-config tftp 220.127.116.11
This can be done with the startup configuration as well:
startup-config tftp 18.104.22.168
You can view the running configuration using the command:
And view the startup config using the command:
You can use the erase command to delete
the content of NVRAM:
Load, backup, and upgrade
Instead of using the IOS stored in flash, you can load it from
a TFTP server, or you can load the limited IOS from ROM. This
can be configured in the configuration file using the following
commands in global configuration mode:
To load Cisco IOS software from Flash memory use the following command:
Router(Config)#boot system flash
Although this is default behavior, using this command can be
useful especially when you have multiple IOS images stored in FLASH. If you do not specify a filename, the first locatedimage will
To load Cisco IOS software from a TFTP server use the following command:
Router(Config)#boot system tftp
To load Cisco IOS software from ROM use the following command:
Note that this will load the limited IOS version and will likely
prevent normal operation.
You can use a combination of these commands to provide
some redundancy. You can even specify multiple TFTP servers.
Make sure you place them in the correct order, flash first,
tftp as backup, and rom as last resort. The configuration register's
boot field must be set to 0x2 through 0xF, in order for the
router to check the configuration file in NVRAM for boot system
To backup the IOS stored in Flash to an TFTP server use the
Router#copy flash tftp 22.214.171.124
To upgrade the IOS stored in Flash use the following command:
You will be prompted for an IP address of the TFTP server (defaults
to the broadcast address 255.255.255.255) and a filename.
To delete the content stored in Flash use the command:
CONNECTING TO A ROUTER
There are multiple ways to establish connectivity to a router
to perform configuration tasks:
- Console port
Cisco routers are equipped with a Console port, which is an RJ-45 port on most routers but on some high-end routers
it's a DB-25 connector. You can connect a terminal (a notebook
or a PC for example) to the console port using a RJ-45 roll-over
cable with RJ-45, DB-9, or DB-25 connectors on the ends. A common
example is a cable with a RJ-45 connector connecting
to the router's console port and a DB-9 connector on the other
end connecting to the PC's COM port. When you connect a PC to
the router's console port you can use a terminal emulator to
configure the router. When you start a session the following
Router con0 is now
Press RETURN to get started
- Auxilary port
Many Cisco routers are also equipped with
an Auxilary port, which can be used to connect a modem and allow for remote adminstration of the router.
Managing a router using the ports mentioned above is called
For more information about how to physically connect to the
Console and Auxilary port check the Cabling
Guide for Console and AUX Ports and Configuring
a Modem on the AUX Port for EXEC Dialin Connectivity at
Once your router is configured with an IP address, a Telnet connection
is the most common way to connect to a
router to manually configure and monitor it. Cisco IOS, the router's
operating system, has a build-in Telnet server and a Telnet
client. This allows you to connect to a router using a telnet
client from a PC but from another Cisco router as well. This
type of connection using the same network the router operates
in is also known as in-band management. Telnet sends username and password credentials in clear text and should be replaced with SSH connections if supported.
User EXEC mode
This is the mode you enter once you are connected, and if required, logged on to the router.
In this mode you can perform non-disruptive troubleshooting,
for example, view the routing table and status of components. You can NOT
view or modify the configuration in User EXEC mode.
When you connect to the router and press the <Enter> key
(Press RETURN to get started) you'll
be prompted for a password:
When you enter the correct console, telnet or AUX password password
(depending on how you connect to the router) and press <Enter> the User EXEC mode command prompt will appear.
"Router" is the default hostname for all Cisco
routers. The > indicates you are
in User EXEC mode.
To exit User EXEC mode and quit the session with the command-line
executive use one of the following commands:
Privileged EXEC mode
This is similar to logging on as an adminstrator in Windows
2000 for example. When you are in this mode, you can view and modify the configuration.
After submitting the correct enable password (or enable secret, which we'll discuss later on)
and pressing the <Enter> key the command prompt will change
The # indicates you are in Privileged
To exit Privileged EXEC mode and return to User EXEC mode use
the following command:
To exit Privileged EXEC mode and quit the session with the router, use one of the following commands:
Global Configuration mode
To actually change the running configuration,
you'll have to enter global configuration mode by using the commandconfigure
terminal (to configure the running configuration), or
the command configure memory (to configure
the startup config) in Privileged EXEC mode. Global configuration
mode allows you to configure settings that affect the entire
router, hence its name 'global'. To show you how this works
we are going to change the hostname of the router as an example:
Router#configure terminal (usually
abbreviated to conf t)
configuration commands, one per line. End with CNTL/Z.
As you can see the change immediately takes effect by looking
at the prompt, which now reflects the new name.
To exit global configuration mode and return to User EXEC mode
use one of the following commands:
Or use the key combination CTRL-Z
You can use the following command to save the configuration
to NVRAM so it will be used next time the router starts:
Rnewyork1#copy running-config startup
Interface Configuration mode
You need to enter interface configuration mode when you want
to configure settings specific to an interface, such as assigning
an IP address.
To enter interface configuration mode you must use the interface
command and provide the name and number of an existing interface. Following are some examples:
Router(config)#interface serial 2
As you can see in the first example, the first possible interface
is 0, the second Ethernet interface
on a router would be Ethernet 1, also
noticable is the change in the prompt.
These commands are usually abbreviated, for example to int
e1 or int s0
To exit interface configuration mode and return to global configuration
mode, enter the following command:
To exit interface configuration mode and return to Privileged
EXEC mode, use the key combination CTRL-Z
Other configuration modes include:
Sub-interface configuration mode Router(config-subif)
Router configuration mode Router(config-router)
Line configuration mode Router(config-line)
CONFIGURING ROUTER PASSWORDS
This section decribes the four main passwords that are directly
related to managing and configuring the router.
Use the following commands to configure the console password. The first command is used to enter Line configuration mode. The second configures the password "cisco123", and the third command configures the console line to require a login.
Use the following commands to configure a password for Telnet
Router(config)#line vty 0 4
Use the following commands to configure the auxilary port password:
Router(config)#line aux 1
Enable password and enable
The enable password and enable secret are
local passwords used to control access to Privileged EXEC mode.
The difference between these two is that the enable password
is stored in clear-text in the configuration file, and the enable
secret is encrypted using irreversible MD5 encryption.
For example, in the configuration file an enable password could
enable password cisco123
and and enable secret could be:
secret 5 $1$iSuI$i7TiENAn69392tYvh5wwZ1
The enable secret password overrides the regular enable password,
except when and old IOS image is used that doesn't support the
encrypted enable secret.
To configure an enable password, go to global config mode and
issue the following command:
where cisco123 is just an example for a password.
To configure an enable secret, go to global config mode and
issue the following command:
where cisco456 is just an example for a password.
If you do not set an enable password or enable secret, you don't
have to enter a password when you type the enable
command, but you will end up having problems connecting to the
router using telnet for example, you won't be able to enter
Privileged EXEC mode.
By default all password except the enable secret are stored
as clear-text in the configuration file. When you have backups
on TFTP servers or floppy disks even, this might be an important
issue. This can be solved using the following command to provide
some encryption the passwords:
The irreversible MD5 encryption used to encrypt the enable secret
is much stronger than the rather simple encryption used by the
service password-encryption, which
can be decrypted by publicly available tools.
Context-sensitive help facility
An IOS feature that helps with using the correct command syntax.
For example, when you type a command but you do not know the
full syntax, you can type a ? behind
it and a list with possible options (in that particular mode)
access-expression List access expression
access-lists List access lists
accounting Accounting data for active sessions
aliases Display alias commands
appletalk AppleTalk information
arap Show Appletalk Remote Access statistics
arp ARP table
async Information on terminal lines used as router interfaces
backup Backup status
bridge Bridge Forwarding/Filtering Database [verbose]
buffers Buffer pool statistics
cdp CDP information
clock Display the system clock
compress Show compression statistics
configuration Contents of Non-Volatile memory
controllers Interface controller status
debugging State of each debugging option
decnet DECnet information
dhcp Dynamic Host Configuration Protocol status
dialer Dialer parameters and statistics
dnsix Shows Dnsix/DMDP information
dxi atm-dxi information
entry Queued terminal entries
You don't need to press the <Enter> key after
the ?, and when the end of the list
is reached the command will be after the prompt again without
the ? so you can continue typing the
correct option. (When a list like this does not fit in the maximum
allowed lines, --More-- will be displayed
on the last line, press the <Enter> key to scroll down
per line or the <Spacebar> to scroll down to the next
When you type a single ? or just the
command help a list with all possible
commands will be displayed.
and editing features
This refers to another set of useful features which are meant
to make working with the command line interface a little bit
By default the 10 previously issued commands are remembered.
These commands can be retrieved to use them again by pressing
CTRL-P or the up arrow key. You can modify the command- lines
history buffer size using the following command:
history size 25
This will set the amount to 25.
You can view the history using the following command:
Some other useful key combinations:
CTRL-P (or UP arrow key) Displays the previous command in the
CTRL-N (or DOWN arrow key) Displays the next command in the
CTRL-A Jumps to the beginning of the command line.
CTRL-E Jumps to the end of the command line.
CTRL-B (or LEFT arrow key) Moves the cursor back one character.
CTRL-F (or RIGHT arrow key) Moves the cursor forward one character.
Ctrl-W Deletes the last word typed.
The arrow keys function only on ANSI-compatible terminals such
as VT100s. You can configure your terminal emulator to use VT100
Another useful feature to assist with the command syntax is
auto-complete. For example, when you type a command partly but
you don't know how to spell a particular option, you can let
IOS complete it by pressing the TAB key:
Router#show cdp neighbors
This only works when the given part is enough to determine a single
particular option. For example, the command Router#show
access does not result in Router#show
access-expression because it could be Router#show
access-lists as well.
These enhanced editing features are enabled by default. If you
wish to disable them, use the following command:
exam objectives for the CCNA exam:
Implementation & Operation
• Configure a router for additional administrative
• Manage system
image and device configuration files
• Perform an initial configuration on a router
Discuss this TechNote here
Back to the list of CCNA TechNotes
MCSE NT4 MCSA 2000 MCSA 2003
Security+, CWNA, CCNA, CCDA, CNA