1 Zuran

Cisco Is Easy Lesson 18 Homework

Most Cisco devices (including routers and switches) use a CLI (Command Line Interface) to configure the network device. The CLI is an interface, based on text. You type in configuration commands and use show commands to get the output from the router or switch. There are also GUIs (Graphical User Interface) for the routers, switches and firewalls but the majority of the work is done on the CLI.

This might sound dated but with so many commands that are available to use, the CLI is much easier to work with than any of the graphical interfaces. It’s also much easier to copy entire configurations from one device to another.

In this lesson, I’ll explain how to access the CLI and the basics of how Cisco IOS works.

Access to Cisco IOS CLI

Before we can enter any commands, we need access to the CLI. There are three options:

The console is a physical port on the switch that allows access to the CLI. We typically use this the first time we configure the switch. Telnet and SSH are both options for remote access.

Console Cabling

On the switch, you will find one or two physical connectors for the console. Take a look at the picture below:

On the left side of this 2960 Catalyst switch, you see the light blue RJ45 port and a micro-USB port on the left of it. Older switches only have the RJ45 port, newer switches (and other devices) often have both options.

Even though it’s an RJ45 port, it’s not an Ethernet port. We use this connection to connect the switch to a serial port on your computer with the following cable:

This cable is called a Cisco console cable and you will need a serial port on your computer. Modern computers or laptops don’t have these serial ports anymore so you might have to use a serial-to-USB cable like this one:

This cable emulates a serial port and has a USB connection. Once you have connected your computer to the switch, we can start a terminal application to access the CLI.

Terminal Emulator

There are many terminal emulator applications. If you are new to this, the best one to start with is Putty. It’s free and allows you to connect using a serial connection, telnet and SSH. Once you have downloaded it, you will see the main screen:

Make sure you select the “Serial” option. The default speed is 9600 (baud rate). The COM port will depend on your computer, it might be COM1 but if you are unsure, check the device manager in Windows. Click on Start > Run and enter “devmgmt.msc”:

Here is the device manager:

Above you can see that on my computer, I have to use COM4. Change the COM port and click on Open to start the console:

Now is a good time to power on your switch or in case it is already powered on, pull the plug so it can reload.

First Boot

When the switch boots, you will see a lot of stuff on the console. First, it will initialize the flash memory:

Initializing the flash memory is required since it contains the IOS image (Operating System) of the switch. Its next step is to load the IOS image from the flash memory:

The IOS image is compressed so the switch uncompresses the image and loads it in RAM. You are then presented with some legal information and information about the switch:

This tells us the version of the IOS image. IOS is now up and running, it also initializes the flash memory:

IOS starts with a POST (Power on Self Test) for some of the switch components:

It then warns us about the cryptographic features:

You might be wondering what a switch has to do with cryptography. Depending on your IOS image, your switch is able to run SSH server. This allows encrypted remote access. Another feature that uses cryptography is SNMP version 3, this is used by network management software to read statistics from the switch. In certain countries, cryptography is forbidden or limited.

The final part of the boot process gives us some general information about the switch:

Above we can see the switch model, the interfaces it has, some serial numbers, etc. It ends with the following message:

Now it’s up to us to configure the switch.

Depending if your switch already has a configuration or not, you might see the following message:

If there is no configuration, the switch will ask you if you would like to follow a wizard called the initial configuration dialog. If you see this, type “no” to continue so that we can start with a blank configuration. We will configure the device ourselves.

User and Enable mode (Privileged Exec Mode)

Once the switch has booted and we have pressed the enter key, we end up in what we call the user mode or user EXEC mode. In this mode, we have permission to use some simple commands but we are restricted to configure anything or use some more advanced commands.

Right now, the command line will show you this:

The > symbol tells us that we are currently in user mode. To get full access to the switch, we have to enter privileged mode, also called enabled mode. Here is how to do this:

Above you can see that the > symbol changed to #. This tells us we are now in enabled mode, granting us full access to the switch. bliep…

The disable command lets you jump back to user mode.

Erasing the Switch Configuration

If you are using used hardware, it’s possible that the previous owner did not erase the configuration of the switch. To start with a clean slate, we’ll wipe the configuration of the switch before we continue. Here’s how to do this:

Type erase startup-config and the switch will ask you to remove all configuration files. Between the brackets, you see confirm. If you see anything between [] you only have to press enter. You don’t have to type “confirm”.

Switches also store VLAN (Virtual LAN) information in another file. What a VLAN is and what it does is something that we will cover in another lesson, for now, let’s just make sure it is deleted. Here’s how to do it:

Type delete flash:vlan.dat to delete the file. You only have to press enter to confirm what Cisco IOS tells us between the brackets. If you get an error that there is no such file, do not worry. It means someone else already deleted the VLAN information and you can continue.

Type reload and the switch will reboot:

Once the switch has reloaded, we can try something else…

Show commands

The show command is probably the most used command for Cisco IOS. We can use it to fetch any information from the switch. Let’s start with a simple example, let’s say we want to see some general information about the switch:

The show version command gives us a lot of information about the switch, including the model, IOS image, and more. What if we want to see what MAC addresses the switch has learned? There is another command for that:

The show mac address-table dynamic command tells us all MAC addresses that the switch has learned. In this example, it only learned one MAC address on interface Fa0/12 (FastEthernet port 12).

What if we want to see the entire configuration of the switch? There’s a show command for that:

The show running-config command gives us the entire active configuration of the switch. Even though we haven’t configured anything yet, there is a basic configuration.

In all these Cisco lessons, you will see a LOT of show commands that I use to explain things. There are also debug commands. These show commands only produce “static” information. If you want to see changes, you have to use the same show command a couple of times. Debug commands allow us to see things in real-time. You will see some examples of debug commands in other lessons.


When you take a new switch out of the box, it will work right away with its default (empty) configuration. It will behave just like any other unmanaged switch, it will start learning MAC addresses and forwards Ethernet frames.

However, you probably want to make some changes to the configuration of your switch. Change its default hostname, perhaps add an IP address so you can manage it remotely, etc.

To do this, we have to use configuration mode. In this mode, we can make changes to the configuration of the switch. Here’s how you enter configuration mode:

First, you need to make sure you are in enable mode. Now you can use the following command:

With the configure terminal command, we enter configuration mode. Now we can make changes to the switch.

Let’s start with something simple, let’s change the name of our switch with the hostname command:

You can see this is applied immediately. Our switch is now called SW1.

The command above was executed in “global” configuration mode. When we want to make changes to interfaces or console settings, we have to dive into one of the configuration sub modes. Let me give you an example, let’s say we want to add a password to the console:

First, we use the line console 0 command to dive into the line configuration. You can recognize this because it shows (config-line). I used the password command to specify a password (cisco) and the login command to tell the switch to ask for this password. Next time you access the console, it will ask for this password.

If I want to get back to global configuration, I have to type exit or press CTRL+Z:

I’m now back in the global configuration mode.

Let me give you one more example, let’s say we want to make changes to one of our interfaces:

First, I use the interface command and specify the interface that I want to make changes to. You can see we are now in the interface sub-mode as it shows (config-if) to us.

Once you enter the interface configuration, the switch does not show you which interface you selected. Only that you are in the sub-mode configuration.

I can now make some changes to this interface, let’s try a few commands:

Above you can see I added a description and changed the duplex/speed settings of this interface. If I want to get back, I can use the exit command or CTRL-Z:

The first time, it jumps back to global configuration mode. The second time I do it, we jump back to enable mode and exit the configuration mode:

Here is a picture to help you visualize the different modes and how to move from one to another:


Saving the configuration

We entered a couple of commands but once we pull the power plug, everything is gone…

Why? Everything we configure on our switch is applied to the running configuration. This configuration is only active in RAM, pull the plug and it’s gone.

If we want to save our configuration, we have to save it as the startup configuration which is saved in NVRAM. Next time we boot our switch, it will look for the startup configuration and use that.

Here’s how to copy our running configuration to the startup configuration:

Use the copy command to copy the running configuration to the startup configuration.

Here’s a simple illustration to help you visualize the two configuration files:

Another popular command to save your configuration is “wr”. This is short for write and the old command to save your configuration. It does the exact same thing as copy running-config startup-config which is why it’s still very popular.

Help Features

You have now seen the basics of Cisco IOS. We used some show commands and a few configuration commands. The CLI has some tricks up its sleeve to make your life easier. Let’s discuss these…

Question Mark

Not sure what the command was again or how to type it? The question mark is your friend. If you use it, it will tell you all possible commands:

The question mark works in user, enable and configuration mode so go ahead and try it everywhere. It also helps you finding out which commands are possible. For example:

If I type cl? then the CLI tells me there are two possible commands:

Let’s take a closer look at the clock command as it’s a great example to explain the question mark a bit more. If I want to set the time, what format should it be? It could be 18:00, 6PM, 6:00PM or anything else. the question mark will help us figure out what the command requires:

First, it tells us that we need to use clock set. Let’s try that:

Clock set tells us that time should be in hh:mm:ss format so let’s enter that:

Now it tell us that it needs a day and month. Let’s try the month first:

We still have to enter the day, let’s do that:

Finally, we have to enter the year. Let’s do this:

Now we only see <cr> which means that the clock command has everything it needs. Remove the question mark and hit enter:

The clock is now configured.


There is no need to type the exact command for CLI to accept it. You can also shorten commands. For example, I just used copy running-config startup config but I don’t have to type the entire thing. This will also work:

After the copy command, there is only one parameter that starts with “run” which is running-config. The only parameter that starts with “st” is startup-config. Once you get more experience with the CLI and become familiar with the different commands, you will automatically use this more often.

Errors and incomplete commands

In a perfect world, we would remember everything and make no spelling errors. In real life, this happens all the time. Luckily for us, the CLI has something to help. Let’s try the clock command again:

The switch tells us that the command is incomplete. This is because I didn’t add a month or year, when this happens…use the question mark to figure out what the command requires.

What if I make a typing error?

The CLI complains but does show the ^ symbol to tell me where I made an error. When this happens, remove whatever you typed in above the ^ symbol and use the question mark:

This tells me that I should have typed November, not 11.

Keyboard Shortcuts

There are a couple of useful keyboard shortcuts that you can use for the CLI.

Cisco IOS keeps a history of previously entered commands. All you need to do is press the up and down arrow keys to browse through your previous commands.

With the left and right arrow keys, you can move the cursor one character in either direction. If you want to make some changes to a very long command that you are trying to enter, it might be a bit annoying to keep one of the arrow keys pressed. Instead, try the CTRL+A or CTRL+E combinations. This will make the cursor jump to the start or end of the line.

No idea how to spell a certain command? The TAB button will auto-complete commands for you. For example, try typing this:

And then hit the TAB button. The CLI will auto-complete it to:

This saves some typing and you don’t have to think about silly things like remembering if the command has a space or dash in between.

If you hit the TAB button a couple of times and nothing happens, try the question mark. There will be more than one command that starts with the same letters.

Do command

If you are in the configuration mode, you will face the following issue if you try a show command:

Why? The command is typed correctly but the problem here is that this is a command for the enable mode, not the configuration mode.

You could exit the configuration mode but instead, you can add do in front of the show command:

Problem solved!

Output Modifiers

What if you want to get the output of a show command but you don’t have to see everything? For example, look at the following show command:

This produces quite some output. What if I only want to see the IOS version that this switch has? We can use some output modifiers:

At the end of your show command, add the | symbol. Let’s look at our options:

The two I personally use most often are begin and include. Let’s try both:

Include will only show me the line that have “IOS” in them.

Begin will start the output with the word you are looking for. For example, let’s say I am only interested in the interface configuration from the running configuration. Here’s how to do this:

Instead of seeing the entire running configuration, it will skip the first part of the output and starts with the interfaces instead.


You have now learned the basics of Cisco IOS and how to connect to the CLI. Here are some of the things we discussed:

  • How to connect to a Cisco Catalyst switch with a console cable.

I was disheartened to read about the 22 September arrest of alleged LulzSec/Anonymous member Cody Kretsinger (known by the handle ‘recursion’) by the FBI as a suspect in the SQL injection attacks on multiple Sony websites. Note that I was not sad to see the good guys bust a cybercriminal, but I was sad to see a nice guy I had met and talked to briefly at BlackHat Las Vegas 2011 turn out to be a suspect wanted by the FBI.

Cody Kretsinger, second from right, at BlackHat 2011

One of the things we at Cisco try to do is reach out to those studying infosec and wanting to make a career in security. At BlackHat Cisco had a contest where the winner got a Pwnie Express PWN Phone, effectively a modified Nokia N900 with some pentesting software loaded. A group of guys, volunteers with the show from an IT school, were fascinated by the PWN Phone – possibly because in their circle a couple of them had Nokia N900s, a device relatively unknown in North America but somewhat popular in certain hacking circles due to the fact that its OS is Linux-based and thus can be made to run things like metasploit (like the PWN Phone does).

These guys came over and took our quiz, which is what we were using for the contest. Nice guys: polite, friendly, interested in security, networking and IT in general. They all seemed like the type that you might want to have at your company doing IT.

Except that at least one of them seems to have found himself on the dark side, a mistake that may cost him 15 years.

When you are young, it is easy to fall off the true path. Many are fortunate; their transgressions are of the sort that don’t generate logs, never cause too much harm and don’t get them caught. Most find their way back to the path and carry on, paying taxes, raising families, going to soccer games and the like.

One thing that could lead to a belief in ‘hackish’ invincibility, and which could greatly enhance the pull of the dark side, would be a truly untraceable proxy. There are a number of pseudo-anonymous (note the fact that I am not using the term anonymous) proxy services. Recursion used ‘HMA’ (warning: URL contains salty language). In the end, ‘HMA’ didn’t do what its domain name purported, but there are many others. While these services may in fact mask your IP in outbound connections, they do see your IP on inbound connections.

As HMA, the proxy/VPN service that recursion used, states in their blog:

As stated in our terms of service and privacy policy our service is not to be used for illegal activity, and as a legitimate company we will cooperate with law enforcement if we receive a court order (equivalent of a subpoena in the US).

Completely reasonable and exactly the same thing your ISP or mobile operator or anyone else in telecommunications might state. When the feds come knocking with the right papers, the kimono opens right up. Logs and in some cases actual traffic may be captured and forwarded.

If you spend time on forums or IRC, you know that folks on the net can be petty and vindictive. However, if you get in the way of big money or count coup on the feds or law enforcement, the petty noise of IRC will be like a burnt match next to the sun when compared to the great vengeance and furious anger governments and corporations will bring upon you. Governments and large corporations have little sense of humor when threatened and have considerable time, money and other resources. Normally the infosec scales are balanced in the favor of the attacker, who needs to be right only once. However, once you have the full attention of the FBI and others, the tide has turned. All you have to do is make one mistake and let them find it, and it is game over.


Leave a Comment


Your email address will not be published. Required fields are marked *