Basic Cisco Guide
This is a basic Cisco guide. The wide and wonderful world of Cisco devices and IOS configuration can take a normal human years, decades even, to fully master. Trying to condense what you will find useful into a basic how-to guide is a tricky task, but hopefully this document will give you some handy pointers and useful things to remember. For a broader look at router troubleshooting in general, please see our guide here, or if you are having a problem with your connectivity you may find out guide here useful.
Familiarising yourself with your device
Cisco devices tend to be slightly (or in some cases vastly) more complex than most other manufacturers of kit, even down to the lights on the exterior of the unit. It is always good practice to get to know your device in a working state so that if something goes wrong, you have some good indicators of what the problem may be.
Familiarise yourself with the lights on the front and rear of your device and how they should be behaving if the device is connected and working. The CD light for example (on a Cisco DSL router) – CD stands for Carrier Detect. This light will tell you if your device is synchronised to the DSL exchange. A solid CD light indicates that everything is synced and working perfectly. A flashing CD light indicates that the device is trying to obtain sync from the connection but is unable to, possible indicating a fault with the line, or a layer 1 issue somewhere. A completely dead CD light indicates that the device is not attempting synchronisation, which normally indicates a configuration issue.
Make sure the indicators on the back of the device are also familiar to you. LAN port indicators usually have 3 states – green, amber or dead. If the lights are green and happily flashing away, this usually means the layer 1/2 side of things is as it should be. An amber light indicates that the device has detected something plugged in but there is something wrong with the connection, be it a layer 1 or cabling issue, or a configurational issue at the other end. A completely dead light means that the device is not detecting anything plugged in at the other end.
Always get to know the configuration of your device. Keep backups of the configuration and make sure you understand what each and every line means and what its function is. Troubleshooting problems and making things work is an almost impossible task if you don’t fully understand what the device is being instructed to do. Taking the time to break down the configuration line by line and really understanding each command will help you greatly further down the road.
Useful IOS Commands
The document https://www.techrepublic.com/blog/data-center/10-commands-you-should-master-when-working-with-the-cisco-ios-104071/ will be useful for you.
Command: enable mode
Common Syntax: ena
Usage: This command will take you into the elevated (EXEC) privilege of enable mode on your device. This will give you full access to the plethora of Cisco configuration commands that you wouldn’t normally be able to access in user mode. This mode is usually protected by an additional password. Most of the commands in this guide are only accessible from this mode.
Command: configure terminal
Common Syntax: conf t
Usage: Only available if you have already gone into enable mode, this command takes you into the configuration mode. The prompt will noticeably change and anything you type after this point will be treated as a command that you wish to be entered into the running configuration of the router. Any commands that are not recognised will return an error, usually giving you a handy pointer as to what you did wrong. A further mode you can go into from this mode is by typing int xxxxxx where xxxxxx is replaced by the interface you wish to configure. This will take you into the interface configuration mode and allow you to define configuration characteristics for a particular interface. To come out of global configuration mode, or interface configuration mode, to return to the previous mode – simply type exit.
Command: no shutdown
Common Syntax: no shutdown
Usage: This command is operated from within interface configuration mode and tells the interface basically not to be shutdown i.e. to be up and available for use. By default, all interfaces on a device are administratively down and will require this command to bring them up. This is an easy thing to forget and can easily catch you out, especially when dealing with the radio interfaces of an access point.
Command: show running-config OR more system:running-config
Common Syntax: show run OR more system:running-config
Usage: The typical show run command will show you the full configuration that is currently running on the device. Using the enhanced more system:running-config command (where available) will display the running configuration but will include many of the passwords and encrypted information in plain text, so you can see what access details are configured on the device.
Command: write memory
Common Syntax: wr mem
Usage: Use this command when you are happy with the current running configuration on the device and wish to write it to the flash memory. Always remember to do this when you have made configurational changes otherwise those changes will be wiped on the next reset or power off of the device. On the flipside of that, remember that once you do use this command, the configuration is saved and the old one cannot be retrieved unless you have your own backup of it, so always be 100% certain that the changes you have made are functioning as you want them to be.
Command: reload in
Common Syntax: reload in xxx
Usage: Replace the xxx with a numerical value and the device will automatically reboot itself in that number of minutes. This can be handy if you wish to schedule a reboot of a particular device sometime in the future, but is especially useful if you are making remote changes to the running configuration of a device – if your configurational tomfoolery has locked you out of the device remotely, but you set a scheduled reload beforehand, you know that you will be able to gain access to the device again when the reload kicks in. An invaluable Cisco tip that has saved this author countless times.
Command: show version
Common Syntax: show ver
Usage: Displays the version of IOS and version of firmware the device is running, along with other useful bits of information about the hardware of the device. Especially useful if you are trying to clarify compatibility issues or known bugs that might need patching.
Command: show interfaces OR show ip interface brief
Common Syntax: show int OR show ip int brief
Usage: We are moving into the slightly more complex commands now that will give you complex output requiring networking knowledge to understand properly. show int will give you a readout of the status and statistics of all of the interfaces on the device. You can specify a particularly interface to view by adding the interface name after the command. The readout displayed will give you handy information such as whether the interface is up or down, any errors that have incremented and been logged, the MTU size of the interface. The show ip interface command will bolster the information with details about the configuration and status of the IP protocol on each interface.
Take a look at our YouTube video on the Cisco Show Interfaces command for an in-depth explanation on this: https://activereach.net/support/technical-videos/cisco-show-interfaces-command/
Command: show ip route
Common Syntax: show ip route
Usage: This command will show you the current routing table of the device you are operating on. This is the list of all networks that the router can reach, their metric (the router’s preference for them), and how to get there. To clear the current routing table and making the device discover its available routes again, simply type clear ip route and to clear a particular entry from the route table use clear ip route x.x.x.x which will clear the route for that particular network.
Command: show cdp neighbors
Common Syntax: show cdp neighbors
Usage: A handy little command that lists and give details of all fellow Cisco devices that the current Cisco device is connected to on the network. CDP stands for Cisco Discovery Protocol. For more information on this, see this article: https://en.wikipedia.org/wiki/Cisco_Discovery_Protocol
Devices from some other vendors have implemented CDP, such as Mitel phone handsets, and some Dell switches.
Command: show dot11 associations
Common Syntax: show dot11 associations
Usage: This command is only usable on wireless devices and will give you details of what devices are connected to the current device via wireless connectivity.
Command: ?
Common Syntax: any command followed by ?
Usage: A very handy supplement to any Cisco IOS command, placing a ? after a partial command will show you what available parameters there are for the next portion of the command. Get used to using this regularly and you will find that the Cisco IOS can be very intuitive and steer you in the right direction if you are having problems with a particular command or portion of your configuration.
Terminal Window Length
If you are dealing with a very complicated configuration, or a configuration that has lots of long access lists and NAT statements, it can be tricky to read the config output when the statements carry over to the next line on your terminal window.
If you are using a client that allows you to expand the output window (such as Putty), then do so and type:
term pager 0 on an ASA
term length 0 on an IOS device
Now when you enter commands, the output will display filling all the available space with no breaks.
If using the Windows command prompt, you may need to go into the Properties of the prompt window, and change the buffer and window width.
You can reverse these commands with term pager 24 or term length 24 respectively.
Checking Number of Host Licenses
Always check the show version output on a device to see how many hosts your device is licensed for as this can cause severe networking problems, to the point where devices will fail to function completely.
For example, an ASA which is licensed for 10 Inside Hosts will only allow 10 hosts to connect to it, and the manner in which they connect and attempt data transfer is not clear and concise – you will see intermittent drops and other issues relating to network access and arp/DHCP.
Disable ESMTP on ASA
To disable ESMTP on an ASA device, this is done under the default inspection policy. The commands are:
conf t
policy-map global_policy
class inspection_default
no inspect esmtp
Saving a Cisco Config effectively
When you have completed command and code work on a Cisco device and you are are happy that the configuration is complete (and done a write mem of course), it is always good practice to take a text copy of the configuration. These guidelines should be followed to make this process most effective:
Use more system:running-config
Using this command rather than a simple show run will avoid passwords being asterisked out
Include a show version output
This is always required for the IOS version and serial number
Include any other useful show outputs
Sometimes a record of the show int, show crypto isa sa or show vlan can be useful for future troubleshooting
If the config contains lines that break onto another line, expand your window and horizontal buffer. Some config lines go beyond the terminal window’s horizontal length – it is far better to expand the window to make sure lines do not break – in Putty, expanding the window automatically expands the buffer – in Windows command prompt, you have to also edit the terminal buffer settings.
Typing term pager 0 will output the entire commands in one go – rather than a page at a time – this will quicken the process.