Management
Notation Conventions
In the sections that follow, the notation
a / b / c
indicates that the console menu option a is chosen, then within that option b, and within that option c. For some devices it is possible to descend through all the menus in a single command:
a b c
Most of the devices allow you to abbreviate a menu option by entering only as many leading letters of the option as are required to uniquely specify an option. For example:
ip int su
rather than
ip interface summary
Often when a value is expected to be entered a default can be chosen if you press just Enter. Default values are usually shown between brackets as in [default value].
Xyplex Maxserver 1600 Terminal Server
The Xyplex Maxserver 1600 is a terminal server. It allows access to the console ports of various network devices from remote computers. In each work area there is one terminal server. Each of the two shared racks also has a terminal server. Ports of the terminal server, starting with port 3, are connected to the console ports of the other equipment in the work area. The terminal server is also connected to the private network in the lab. All the computers are also connected to the private network. From any computer it is possible to connect to the console port of any device in the lab. To do so you use telnet, specifying the IP address of the terminal server and the TCP port number associated with the device you are interested in. The TCP port number associated with port p on the terminal server is 2000 + 100 * p. For example, if the device you wish to reach is connected to port 5 of the terminal server, and the terminal server's IP address is 192.168.200.11, then you would issue the following command:
[Linux prompt] # telnet 192.168.200.11 2500Since only one connection at a time can be made to each console port, you should disconnect when you no longer need the connection. You can disconnect by closing the window in which telnet is running, or by typing the escape sequence (CTRL-]) and then typing the command to close the session.
The computers have aliases for the IP addresses of all the terminal servers. The terminal server in work area 1 is named "xyplex1", in work area 2 "xyplex2", and so on. You can use this alias instead of an IP address when telneting to a console port, but you must still specify the correct TCP port number. For example:
[Linux prompt] # telnet xyplex1 2500The IP address of each terminal server should be indicated on the front of the terminal server as part of its identification. The port number on the xyplex to which the console port of a device is connected should be indicated on the front of the device as part of the device's identification.
Port 1 of the terminal server is used as a console port to configure the terminal server itself. Port 2 of the terminal server is cabled to port 1 to allow the terminal server to be managed from a remote computer.
The terminal servers are left running and are used by everyone who uses the lab, so
you should not make changes to the configuration of the terminal servers.
The terminal server has now power switch, so it is plugged into a UPS. If
necessary you can power on the terminal server by turning on its associated
UPS. It will take a minute or two for the terminal server to load its
operating system from the itlserver.
Asante AH2072 Hub
Management from the Console
These devices require no password. If one is requested just press Enter. You should not change this. Do not add passwords to any of the devices in the lab.
There is very little useful information to be obtained from the console. It is possible to establish an IP address using the menu options:
c / i / i
and a subnet mask using the menu options:
c / i / m
The values specified using these options do not take effect until the hub is restarted.
It appears that the hubs do not permit you to telnet in using the hub's IP address in order to view the console menus from a remote location .
3COM LANplex and CoreBuilder 2500/3500
These devices require no password. If one is requested just press Enter. You should not change this. Do not add passwords to any of the devices in the lab.
From any menu you can go back to the previous menu by entering "q".
The options
ethernet / summary / all ethernet / detail / all
will show statistics, by port, on packets and bytes received and transmitted.
Management through an Interface
Usually remote access to the bridge will be done through the console port and the terminal server. However, in situations where there is no remote access to the console port it is possible to manage the bridge from a remote location using telnet connected to a management interface on the bridge. In order to do so you must define at least one management interface. A management interface is basically an IP address and netmask that is assigned to the bridge. The menu options that allow you to establish, modify, list, and remove an interface are:
ip / interface / define ip / interface / summary ip / interface / detail ip / interface / modify ip / interface / remove
When you define an interface you must specify the following:
[Linux prompt] # telnet 192.168.0.151
When you telnet to the bridge in order to manage it the console is disabled. You can only have one telnet session at a time that accesses the console menus.
You are permitted to set up more than one interface, but the network addresses of the interfaces must not conflict (e.g. you cannot set up two interfaces whose IP addresses are both on the same subnet).
Once an interface has been established, it is possible to ping the bridge from a remote location, or to use the menu option:
ip / ping
to ping another device from the bridge.
Saving and Restoring a Configuration
The configuration of the bridge is stored in non-volatile RAM and is retained when the bridge is powered off and on again. Configuration information includes but is not limited to the following:
You can return the entire configuration to the factory defaults by issuing the comomand:
system / nvData / reset
However, this will remove all interfaces from the configuration, so you will be unable to manage the bridge through telnet until you re-install the proper interface.
You can save the current configuration on a remote computer and reload it later. To save the current configuration use the command:
system / nvData / save
The bridge uses ftp to connect to a remote computer. An ftp server is running under Linux on the local computer, so you can save the configuration to your ZIP disk. There is also an ftp server running on itlserver, but on the server you share a home directory with all other users logged in as "student". After you issue this command the bridge will prompt you for the IP address of the remote computer, the full path to the file where you want to save the configuration, a username and a password.
To reload a configuration to the bridge use the command:
system / nvData / restore
After you issue this command the bridge will prompt you for the IP address of the remote computer, the full path to the file where you want to save the configuration, a username and a password.
Generally you will make few changes to the configuration of the LANplex 2500, so it may be simpler to reset the configuration to factory defaults and re-enter the changes you want rather than saving and restoring the configuration.
Configurations are saved in binary form on the remote computer. Do not restore configurations from a file that is not a saved configuration. If you are not sure whether a file on a remote computer is a saved configuration you can use the command
system / nvData / examine
to confirm that the file is a saved configuration.
Here is a brief summary of the help available at any prompt:
Like unix, the router maintains a history of commands you enter. You can retrieve commands you have recently entered by using the up and down arrow keys.
Like unix, the router allows a command to be edited before you press RETURN to execute it. The following have the same meaning as they do under unix (not all the available editing commands are shown here):
LEFT ARROW moves the cursor one position to the left
RIGHT ARROW moves the cursor one position to the right
CTRL/A moves the cursor to the start of the command
CTRL/E moves the cursor to the end of the command
CTRL/U removes the entire command
CTRL/D removes the character at the cursor
BACKSPACE removes the character before the cursor
CTRL/K removes the command from the cursor to its end
When output fills the screen, the spacebar displays the next screenfull, and "q" terminates the display and returns you to a prompt.
A command prefixed with the word "no" negates the command. For example, to negate the effect of the command:
router# ip routing
use the command:
router# no ip routing
The commands available to you in the Cisco IOS depend on the "mode" the device is currently in. The following diagram shows what you must enter at the prompt in order to change from one mode to another.
The current mode can be determined from the prompt.
The device boots into user mode (called user EXEC mode in Cisco documentation).
In user mode there is little useful that you can do. You will almost always
switch immediately to privileged EXEC mode (usually written just EXEC).
In user mode the prompt is the name of the router with ">" apended:
router>In EXEC mode you can examine any information kept in tables in the device (e.g. the current configuration, the current routing table, etc.), but you cannot change any settings. In EXEC mode the prompt is the name of the device with a "#" appended:
router#Here is the sequence of commands that take you from user mode to EXEC mode:
router> enable router#These devices require no password in order to enter EXEC mode. However, if you intend to manage the device through a remote interface (see below) you must establish an enable password because without one it is impossible to enter EXEC mode from a telnet session. You should not change this in the startup configuration. Do not add passwords to any of the devices in the lab.
In global configuration mode you can change settings that are shared among the
various interfaces (e.g. establish whether ip is routed or not, set up a bridge
group).
In global configuration mode the prompt is the name of the device with "(config)#" appended:
router(config)#Here is the sequence of commands that take you from user mode to global configuration mode:
router> enable router# configure terminal router(config)#In sub-configuration mode you can change the settings for a particular feature of the device, such as a specific interface. There are several sub-configuration modes. In sub-configuration mode the prompt is the name of the device with "(config-xxx)#" appended. The value of xxx depends on the specific sub-configuration mode. ". In line configuration mode xxx is "line". In vlan configuation mode xxx is "vlan". In interface configuration mode xxx is "if":
router(config-if)#For devices like the Cisco 7000 in which an interface board can contain several ports and be inserted into any of several slots, the interfaces are designated by a pair of integers separated by a slash (e.g. 2/0). The first integer indicates the slot in which the interface card is located and the second the port within that card. Slots are numbered beginning with 0. In the Cisco 7000 slot 0 is on the left, the end farthest from the route processor card. Ports are numbered beginning with 0, with the topmost port on the card numbered 0. For the Cisco 2900 the non-removable fast-ethernet ports are considered slot 0, but the ports are numbered from 1 to 24 (rather than from 0 to 23).
Here is the sequence of commands that take you from user mode to interface configuration mode for the first port on the ethernet interface in the first slot:
router> enable router# configure terminal router(config)# interface ethernet 0/0 router(config-if)#You can change from one interface to another without returning to global configuration mode. Here is the sequence of commands that take you from user mode to interface configuration mode for the ethernet interface above, adds that interface to a bridge group, and takes you to interface configuration mode for the second port on the fast serial interface in the fourth slot:
router> enable router# configure terminal router(config)# interface ethernet 0/0 router(config-if)# bridge-group 1 router(config-if)# interface serial 3/1 router(config-if)#The mode you must be in depends on the task you wish to accomplish. Each mode allows certain tasks and disallows others. You will generally find it unnecessary to remain in user mode, but will switch among the other modes for different tasks.
Management through an Interface
Usually remote access to the device will be done through the console port and the terminal server. However, in situations where there is no remote access to the console port it is possible to manage the device from a remote location using telnet connected to a management interface. For a switch you must assign an IP address to the switch. For a router you must assign an IP address to one of the ethernet ports. To do so you must:
router> enable router# configure terminal router(config)# enable password cisco router(config)# interface ethernet 0/0 router(config-if)# ip address 192.168.0.n 255.255.255.0 router(config-if)# exit router(config)# line vty 0 router(config-line)# password 0 cisco router(config-line)# CTRL/Z
If you choose the IP address and subnet mask to be on the same subnet as the computers (e.g. if eth2 is also 192.168.0.n and 255.255.255.0), and if a private network port of the computer is connected to the device, then you can telnet to that IP address and manage the device as if your were at the console. From the computer type:
telnet 192.168.0.n
where n is the number specified for the router's IP address. When you telnet to the device in order to manage it the console is not disabled.
Saving and Restoring a Configuration
The device maintains two configurations - a startup configuration and a running configuration. The running configuration determines the behavior of the device. The startup configuration is a stored configuration that is used as the initial running configuration when the device is started. Changes made to the running configuration affect the behavior of the device but are not automatically saved in the startup configuration, so if you change the running configuration and restart the device your changes will be lost. Although there is a command to save the current running configuration as the startup configuration, you should not do this. The devices should start with exactly the same configuration every time they are powered on. If you have built a complicated configuration and don't want to lose your work, you should copy the running configuration to your ZIP disk and later when you return to the lab you should copy the configuration from your ZIP disk to the running configuration of the device.
To view the running configuration, from EXEC mode use the command:
router# show running-configuration
The devices use tftp for copying configurations. Linux on all the computers is already running a tftp server. Unlike ftp, tftp does not request a username and password and is therefore much less secure. Since you are using tftp only in the lab and primarily on a private network, security is not much of an issue. In a less academic environment you would only enable the tftp server on your computer when you need to transfer a configuration.
The following are the steps to copy the running configuration from the device to your ZIP disk:
[Linux prompt]# mkdir /tftpboot/cisco_configs [Linux prompt]# chmod 777 /tftpboot/cisco_configs [Linux prompt]# touch /tftpboot/cisco_configs/config1 [Linux prompt]# chmod 666 /tftpboot/cisco_configs/config1
router# copy running-config tftp
Here is an example dialog:
router# copy running-config tftp Remote host [] 192.168.0.1 Name of configuration file to write [cisco_7000_ssu-confg]? cisco_configs/config1 Write file cisco_configs/config1 on host 192.168.0.1 [confirm]?The file on the remote computer that contains the saved configuration is a text file and you can examine it with an editor. If you are careful you can edit it.
The following are the steps to copy a saved configuration from a file on your ZIP disk to the device:
router# copy tftp running-config
router# copy tftp running-config Host or network configuration file [host]? Address of remote host [] 192.168.0.1 ...
By default, management sessions, whether the connections is through a console or through telnet, will automatically log you out if there is no activity for some period of time. You can change the timeout interval or set it so that you never time out throught inactivity (set the timeout to 0). To set the timeout for the console, from global configuration mode issue the commands "line console 0" and exec-timeout s" where "s" is the timeout interval in seconds (set to 0 for no timeout at all). For example
router(config)# line console 0 router(config-line)# exec-timeout 0To do the same for a telnet session use the commands "line vty n" where "n" is 0 for the first telnet session, 1 for a second concurrent session, and so on, and then the command "exec timeout s" where "s" is the timeout interval in seconds. For example:
router(config)# line vty 0 router(config-line)# exec-timeout 0
router# debug arpFor some protocols debugging can be limited to specific aspects of the protocol. For example, within the spanning-tree protocol (STP) you can debug events or protocol data units (or both as shown here):
router# debug spanning events router# debug spanning treeTo see what features can be debugged use contextual help:
router# debug ?To see what features are currently being debugged use the command "show debug":
router# show debugTo turn off debugging for a specific features use the "no" form of the debug command:
router# no debug spanning events router# no debug spanning treeAlthough you can turn on debugging for all features with the command "debug all", you should not do this. You will be overwhelmed with debugging messages. The "no debug all" command, however, is useful for turning off debugging for all features that are currently being debugged.
By default debugging messages are displayed on the console. Most of the time this is where you want them. However, the capability exists to send debugging messages to a buffer in memory, to a file, or to a remote device on the network. Debugging messages have an associated priority, and you can restrict the level of messages that is displayed. For more information about these options examine the "logging: command which is available from global configuration mode.
The alternative to console logging you are most likely to use in the lab is the ability to log to a remote device. With this approach the device being logged sends packets across the network to the device which is doing the logging. The remote device must be running a "syslog" application. This is an application that logs messages. In the lab syslog is running in the background on every computer. It has been configured to accept messages from Cisco devices and append them to the log file /home/student/debug.log. If that file does not exist it will be created by syslog when linux is booted.
To log messages from a Cisco device to a remote computer you must perform the following steps:
switch#configure terminal switch(config)#logging 192.168.1.1 switch(config)#logging trap debug switch(config)#exit switch#debug arpWhen you want to disable this form of logging use the "no" form of the "logging" command. For example:
switch#configure terminal switch(config)#no logging 192.168.1.1Logging using syslog will eventually result in a lot of log messages accumulating in /home/student/debug.log. You can delete the file, but syslog will keep the file open and continue to log to it. In order to start with an empty log file you must tell syslog to restart itself. If you are root you can do so with the linux command:
[root]#/etc/init.d/syslog restartIf you are not root you must instead reboot linux.
Cisco 2900 Web Interface
The Cisco 2900 can act as a web server and can be managed through a web
interface. However, the only web browser in the lab that will work
properly with the Cisco 2900 is Internet Explorer under Windows. Therefore
in order to use the web interface you will have to perform the following
steps:
In order to use eth1 you must physically connect the switch to the private network. To do this you will have to borrow one of the connections from the rack to the private network. Disconnect one of the computers from the private network (remove the short green patch cord from the patch panel) and connect the switch to be managed to the network jack. If you want to keep the computer connected to the network also connect it to one of the ports on the switch.
In order to use eth2 or eth3 simply connect the appropriate jack on the rack to a port on the switch.
If you are using eth1 you must give the switch an address that is not otherwise in use in the lab. Choose an address from the range allocated for student use (192.168.200.201-254) and be sure that nobody else in the lab is using that address.
If you are using eth2 or eth3 you can choose any address in the same network as the interface (e.g. for eth2 an address in 192.168.0.*/24 and for eth3 an address in 192.168.1.*/24).
The following example shows how to give the switch the address 192.168.0.11:
switch# configure terminal switch(config)# interface vlan 1 switch(config-if)# ip address 192.168.1.21 255.255.255.0