Scribd
Upload
36 views40 pages

5 Managing Cisco IOS

Uploaded by

palmari.v0511
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
36 views40 pages

5 Managing Cisco IOS

Uploaded by

palmari.v0511
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 40

Chapter 5

Managing Cisco IOS


Backup and Restore
• Requirements
– TFTP Server
– Network Connection
– Adequate disk space
• What to Backup and Restore?
– Configuration
– IOS
TFTP Server
• Cisco TFTP Server 1.1
• PumpKIN TFTP
PumpKIN TFTP
Backup and Restore
Backup Configuration
R1>en
R1#copy run tftp:
Address or name of remote host []? 192.168.1.3
Destination filename [R1-confg]? backup.dat
Writing running-config...!!
[OK - 762 bytes]
762 bytes copied in 0.045 secs (16933 bytes/sec)
R1#
Restore Configuration
Router>en
Router#copy tftp: run
Address or name of remote host []? 192.168.1.3
Source filename []? backup.dat
Destination filename [running-config]? [ENTER]

Accessing tftp://192.168.1.3/backup.dat...
Loading backup.dat from 192.168.1.3: !
[OK - 762 bytes]

762 bytes copied in 0 secs


R1#
IOS Recovery
• In case of IOS erased or corrupted, the Router will be booted
into ROMMON mode.
• The user can recover the fresh copy of IOS image file from
TFTP Server
Verify IOS Boot Image
IOS Backup
R1>en
R1#copy flash: tftp:
Source filename []? c2600-advipservicesk9-mz.124-15.T1.bin
Address or name of remote host []? 192.168.1.3
Destination filename [c2600-advipservicesk9-mz.124-15.T1.bin]? [ENTER]
OK - 33591768 bytes]

R1#
IOS Recovery
rommon 1 > IP_ADDRESS=192.168.1.5
rommon 2 > IP_SUBNET_MASK=255.255.255.0
rommon 3 > DEFAULT_GATEWAY=192.168.1.5
rommon 4 > TFTP_SERVER=192.168.1.3
rommon 5 > TFTP_FILE= c2600-advipservicesk9-mz.124-15.T1.bin
rommon 6 > tftpdnld

Do you wish to continue? y/n: [n]: y

rommon 7 > reset


Router Environments
1. ROMMON (ROM Monitor)
rommon 1 >
To access ROMMON mode, press Ctrl + Break during Router boot or change
the config-register to 0x2100
Usage: IOS Recovery, Password Recovery
2. Bootstrap Mode
Router(boot)>
To access Bootstrap mode, change the config-register to 0x2101
Usage: IOS Recovery (discontinued…)
Router Environments
3. Normal Mode
Router>
To access normal mode, change the config-register to 0x2102 to 0x210F
Normal Router operation.
Password Recovery
• In case, if we forgotten the IOS Password, we can easily
remove the old password and update the new password.
• This can be done using Console port only.
• Note: Configuration Register 0x2142 will avoid loading
configuration during boot.
Step 1 – Configuration Register
• Turn the Router OFF and ON
• Press Ctrl + Break during IOS boot

rommon 1 > confreg 0x2142


rommon 2 > reset

Would you like to enter the initial configuration dialog? [yes/no]: no


Step 2 – Remove Password
Router>en
Router#copy start run
Destination filename [running-config]? [ENTER]
Cisco#conf t
Cisco(config)#no enable password
Cisco(config)#no enable secret
Cisco(config)#line con 0
Cisco(config-line)#no password
Cisco(config-line)#no login
Cisco(config-line)#exit
Cisco(config)#config-register 0x2102
Cisco(config)#exit
Cisco#
Step 3 – Save Configuration
Cisco#copy run start
Destination filename [startup-config]? [ENTER]
Building configuration...
[OK]

Cisco#reload
Proceed with reload? [confirm] [ENTER]
Password Encryption
• By default, enable password, console password and username
password will not encrypts.
• The command service password-encryption will encrypt the
password using Level-7 Algorithm.
• Level 7 Algorithm = Very weak encryption system
Password Encryption
Router>en
Router#conf t
Router(config)#service password-encryption
– Encrypts current and future passwords using Level 7 Algorithm
– Does not encrypt secret password
Router(config)#no service password-encryption
– Does not encrypts future passwords.
• Router(config)#end
Router#
Verify
Router#show run
«output omitted»
enable secret 5 $1$mERr$y/Ce7lzaUL0HOujQUgwuB/
enable password 7 08701E1D5D4C
«output omitted»
line con 0
password 7 08204E4D0D1C03
login
«output omitted»
end
Level-7 Password Decryption
Name Resolutions
• Translating Name to IP Address
• Types
– IP Host Entry (Manual)
– DNS Lookup (Automatic)
• Verify
– Router#show hosts
Name Resolutions
1. IP Host Entry
Router>en
Router#conf t
Router(config)#no ip domain-lookup
Router(config)#ip host Device_Name IP_Address
Router(config)#end
Router#
IP Host Entry
R1>en
R1#conf t
R1(config)#no ip domain-lookup
R1(config)#ip host c1 10.0.0.1
R1(config)#ip host c2 10.0.0.2
R1(config)#ip host c3 10.0.0.3
R1(config)#ip host s1 10.0.0.4
R1(config)#ip host r1 10.0.0.5
R1(config)#end
R1#
Verify
R1#show hosts
Default Domain is not set
Name/address lookup uses domain service
Name servers are 255.255.255.255
Host Port Flags Age Type Address(es)

c1 None (perm, OK) 0 IP 10.0.0.1


c2 None (perm, OK) 0 IP 10.0.0.2
c3 None (perm, OK) 0 IP 10.0.0.3
r1 None (perm, OK) 0 IP 10.0.0.5
s1 None (perm, OK) 0 IP 10.0.0.4
2. DNS Lookup

Type A – IPv4 Address


Type AAAA – IPv6 Address
DNS Lookup
R1>en
R1#conf t
R1(config)#ip domain-lookup
R1(config)#ip domain-name acme.com
R1(config)#ip name-server 10.0.0.4
R1(config)#end
R1#
Verify
R1#show hosts
Default Domain is acme.com
Name/address lookup uses domain service
Name servers are 10.0.0.4
Host Port Flags Age Type Address(es)

c1.acme.com None (temp, OK) 0 IP 10.0.0.1


c2.acme.com None (temp, OK) 0 IP 10.0.0.2
c3.acme.com None (temp, OK) 0 IP 10.0.0.3
r1.acme.com None (temp, OK) 0 IP 10.0.0.5
s1.acme.com None (temp, OK) 0 IP 10.0.0.4
Remove IP Host Entry
R1>en
R1#conf t
R1(config)#no ip host c1
R1(config)#no ip host c2
R1(config)#no ip host c3
R1(config)#no ip host s1
R1(config)#no ip host r1
R1(config)#end
R1#
DHCP Configuration
DHCP Configuration
R1>en
R1#conf t
R1(config)#ip dhcp excluded-address 192.168.1.1 192.168.1.10
R1(config)#ip dhcp pool localDHCP
R1(dhcp-config)#network 192.168.1.0 255.255.255.0
R1(dhcp-config)#default-router 192.168.1.1
R1(dhcp-config)#dns-server 8.8.8.8
R1(dhcp-config)#end
R1#
Obtain IP from DHCP
Verify
R1>en
R1#show ip dhcp binding
IP address Client-ID/ Lease expiration Type
Hardware address
192.168.1.11 0010.1117.5A65 -- Automatic
192.168.1.12 0040.0B79.E066 -- Automatic
192.168.1.13 00D0.BAC9.799D -- Automatic
APIPA
• Automatic Private IP Address (APIPA)
– Uses when the network doesn’t have DHCP Server, but
Client has set to obtain IP address from DHCP Server
– Default Address: 169.254.x.x
Router as DHCP Client
DHCP Client
Router>en
Router#conf t
Router(config)#int fa0/0
Router(config-if)#no shutdown
Router(config-if)#ip add dhcp
Router(config-if)#end
Router#
Telnet Session
List Active Sessions
R1#show session
Conn Host Address Byte Idle Conn Name
1 11.0.0.2 11.0.0.2 0 8 11.0.0.2
* 2 12.0.0.2 12.0.0.2 0 7 12.0.0.2
R1#
Resume or Disconnect Session
R1#resume 1
[Resuming connection 1 to 11.0.0.2 ... ]
R2>

R1#disconnect 1
Closing connection to 11.0.0.2 [confirm]
R1#

You might also like