3.0 Cisco IOS Software Operation Flashcards
3.1 Describe the key role of Cisco IOS, IOS-XE, IOS-XR and NX-OS software
Cisco IOS
Cisco IOS was developed using the C programming language and had several limitations indicative of when it was developed. For example, it did not support symmetric multiprocessing. As a result, one instruction had to be completed before another instruction could begin to be executed. Another huge architectural limitation was the use of a shared memory space. Since all processes used the same pool of memory, and a misbehaving OSPF process (as an example) could wreak havoc on other router processes.
Cisco IOS XE
Cisco IOS is a monolithic operating system running directly on the hardware while IOS XE is a combination of a Linux kernel and a monolithic application (IOSd) that runs on top of this kernel. On the other hand, IOS XR is based on QNX (since version 5.0 it’s also based on linux), where the IOSd application has been separated into many different applications. While IOS XE (IOSd) and IOS share a lot of the same code, IOS XR is a completely different code base. We can now use multiprocessing, this means that the workload of processes can be shared across multiple CPUs. When a single process crashes, it no longer takes down the entire OS. IOS XE is now a modular system. Instead of running everything in the same address space like IOS, everything is separated. This makes IOS XE far better scalable. The IOS XE software is no longer one “big” file that has everything…it has individual sub-packages. It’s possible to upgrade an individual sub-package instead of upgrading everything. Since IOS XE has IOSd running as an application on top of Linux, it becomes possible to also run different applications on the hardware, a good example of this is running Wireshark on a switch. Another example is the Cisco IOS XE Open Service Containers.
Cisco NX-OS
Originally named SAN-OS (where the SAN acronym stood for Storage Area Network), NX-OS offers some vast architectural improvements over traditional Cisco IOS. Although it was originally a 32-bit operating system, it has since evolved into a 64-bit OS. Unlike Cisco IOS, NX-OS doesn’t share a single memory space, and it does support symmetric multiprocessing. It also allows preemptive multitasking, which allows a high priority process to get CPU time ahead of a lower priority process. NX-OS is built on a Linux kernel, and it natively supports the Python language for creating scripts on Cisco Nexus switches. Additionally, it has multiple high availability features, and it doesn’t load all of its features at once. Instead, you can specify which features you wish to activate. Eliminating the running of unnecessary features frees up memory and processor cycles for those features you do want. However, when it comes to configuration, there are many similarities between NX-OS and Cisco IOS.
Cisco IOS-XR
Originally designed for 64-bit operation, IOS-XR offers many of the enhancements found in NX-OS (e.g. symmetric multiprocessing, separate memory spaces, and activating only services that are needed). However, while NX-OS is built on a Linux kernel, IOS-XR is built on the QNX Neutrino Microkernel. QNX is similar to UNIX and is now owned by BlackBerry. A feature IOS-XR offers that is not found in NX-OS is the ability to have a single instance of the operating system controlling multiple chassis. Also, since IOS-XR targets service provider environments, it offers support for interfaces such as DWDM and Packet over SONET. While IOS-XR configuration does bear some similarity to traditional Cisco IOS, the differences are much more noticeable, as compared to the differences found in NX-OS. As one example, when you’re finished entering configuration commands, you need to commit your changes to make them take effect and before exiting configuration mode.
Configuration Examples
When assigning IP addresses to the Loopback interfaces on the devices, notice that Cisco IOS requires the subnet mask be entered in dotted decimal notation, while NX-OS and IOS-XR support entering the subnet mask in slash notation (i.e. using /32 instead of 255.255.255.255). Also, notice that we have to issue the commit command on IOS-XR before exiting configuration mode. Also, only when we issue that command does our updated hostname configuration get applied.
3.2 Navigate between different operating modes
User EXEC Mode:
This is the default mode when you log into a Cisco device.
Identified by the “>” prompt.
Provides limited access to basic monitoring commands. It is often used to view operational parameters, such as device status and statistics.
Privileged EXEC Mode:
Accessed by entering the “enable” command from User EXEC mode.
Identified by the “#” prompt.
Provides full access to all configuration commands and is used for performing configuration changes, troubleshooting, and device management.
Global Configuration Mode:
Accessed by entering the “configure terminal” or “conf t” command from Privileged EXEC mode.
Identified by the “(config)” prompt.
Allows configuration of global parameters that affect the entire device, such as interface settings, routing protocols, and device-wide settings.
Interface Configuration Mode:
Accessed by entering the “interface [interface_type] [interface_number]” command from Global Configuration Mode.
Identified by the “(config-if)” prompt.
Allows configuration of settings specific to individual interfaces, such as IP address assignment, encapsulation, and interface-specific parameters.
Line Configuration Mode:
Accessed by entering the “line [line_type] [line_number]” command from Global Configuration Mode.
Identified by the “(config-line)” prompt.
Allows configuration of settings specific to console, auxiliary, SSH, Telnet, or other line types.
Router Configuration Mode (for routers):
Accessed by entering the “router [protocol]” command from Global Configuration Mode.
Identified by the “(config-router)” prompt.
Allows configuration of routing protocol parameters, such as OSPF, EIGRP, or BGP.
VLAN Configuration Mode (for switches):
Accessed by entering the “vlan [vlan_number]” command from Global Configuration Mode.
Identified by the “(config-vlan)” prompt.
Allows configuration of Virtual LAN (VLAN) parameters, such as VLAN membership and VLAN interfaces.
3.3 Determine the current mode of a device
User EXEC Mode:
Identified by the “>” prompt.
Privileged EXEC Mode:
Identified by the “#” prompt.
Global Configuration Mode:
Identified by the “(config)” prompt.
Interface Configuration Mode:
Identified by the “(config-if)” prompt.
Line Configuration Mode:
Identified by the “(config-line)” prompt.
Router Configuration Mode (for routers):
Identified by the “(config-router)” prompt.
VLAN Configuration Mode (for switches):
Identified by the “(config-vlan)” prompt.
3.4 Copy and paste a configuration file from/to a router or switch
can copy to tftp server or use Notepad++
3.5 Use and interpret the basic Cisco IOS Software commands
Show Commands:
- show running-config (priviledged EXEC mode): Displays the current running configuration.
- show startup-config (priviledged EXEC mode): Displays the configuration saved in NVRAM.
- show interfaces (user EXEC mode): Displays status and statistics for all interfaces.
- show ip interface brief (user EXEC mode): Provides a brief overview of interface IP addresses and status.
- show version (user EXEC mode): Shows the system hardware and software information.
- show ip route (router): Displays the routing table.
- show cdp neighbors (user EXEC mode): Lists directly connected Cisco devices discovered using Cisco Discovery Protocol (CDP).
- show vlan (user EXEC mode): Displays VLAN information.
- show access-lists (user EXEC mode): Displays configured access control lists (ACLs).
- show arp (priviledged EXEC mode): Displays the Address Resolution Protocol (ARP) cache.
Configuration Commands:
(global config mode)
- configure terminal: Enters global configuration mode.
- interface interface_type interface_number: Enters interface configuration mode for the specified interface.
- interface range interface_range: Enters interface configuration mode for a range of interfaces.
- hostname name: Sets the device hostname.
- ip address ip_address subnet_mask: Configures the IP address and subnet mask on an interface.
- ip default-gateway gateway_address: Sets the default gateway.
- ip route destination_network subnet_mask next-hop_address: Configures a static route.
- banner motd delimiter message delimiter: Configures a message of the day (MOTD) banner.
- enable password password: Sets the enable mode password.
- enable secret password: Sets the secret password for privileged EXEC mode.
- line console 0: Enters console line configuration mode.
- line vty 0 4: Enters virtual terminal (Telnet/SSH) line configuration mode.
Other Useful Commands:
- ping {destination_address | hostname}: Sends ICMP Echo Request packets to test network connectivity.
- traceroute {destination_address | hostname}: Traces the route taken by packets to reach the destination.
- copy {source} {destination}: Copies files between different locations (e.g., flash, TFTP server).
- reload: Reloads the device.
- erase startup-config: Erases the startup configuration.
- boot: This command initiates a manual boot process. It’s useful if you need to reboot the device and want to manually specify which image to boot from, overriding the configured boot variables temporarily.
3.6 Describe the location and process to change the configuration register parameter
Location:
The configuration register parameter is stored in non-volatile random-access memory (NVRAM) on the device. It can be viewed and modified from the device’s command-line interface (CLI) using the privileged EXEC mode.
Process:
Access Privileged EXEC Mode:
View Current Configuration Register Value:
Before making any changes, it’s a good practice to view the current configuration register value. You can do this by using the show version command. Look for the line that starts with “Configuration register is” in the output. Note down the current value.
Change Configuration Register Value:
To change the configuration register value, use the configure terminal command to enter global configuration mode. Then, use the config-register command followed by the new value you want to set. For example:
Router(config)# config-register 0x2102
Replace 0x2102 with the desired configuration register value. The most commonly used value for normal bootup is 0x2102.
Save Configuration Changes:
After changing the configuration register value, exit global configuration mode by typing exit. Make sure to save the configuration changes by typing write memory or copy running-config startup-config. This step ensures that the new configuration register value is saved to the device’s NVRAM and persists across reboots.
Verify Changes:
You can verify that the configuration register value has been successfully changed by using the show version command again. Ensure that the new value is displayed in the output.
Reload the Device:
To apply the new configuration register value, you need to reload the device. You can do this by entering the reload command and confirming the reload when prompted.
3.7 Identify a configuration file from a Cisco device
Location: The running-config file resides in the device’s volatile memory (RAM) and is dynamically updated as configuration changes are made and saved.
Access: You can view the contents of the running-config file using the “show running-config” command in the device’s command-line interface (CLI).
3.8 Describe the licensing process on different platforms
-
Product Activation:
- Upon purchasing a Cisco product, customers typically receive a license key or product authorization key (PAK) associated with the product.
- The first step in the licensing process is to activate this license key. This can be done through Cisco’s online licensing portal or through a Cisco representative.
- Activation converts the PAK into a license file that is specific to the device or software feature.
-
License Types:
- Cisco offers various types of licenses, including perpetual licenses, subscription licenses, and term licenses.
- Perpetual licenses provide indefinite use of the product or feature, while subscription and term licenses grant access for a specified period.
- Some Cisco products and features may require separate licenses for different functionalities, such as advanced security features or additional performance capabilities.
-
License Management:
- Once licenses are activated and associated with specific devices or software instances, they need to be managed.
- Cisco provides tools such as Cisco Smart Software Manager (CSSM) for managing licenses centrally. This allows administrators to view license entitlements, track usage, and allocate licenses to devices as needed.
- Additionally, Cisco devices often have built-in license management capabilities accessible through the command-line interface (CLI) or graphical user interface (GUI).
-
Compliance and Enforcement:
- Cisco’s licensing process includes mechanisms for ensuring compliance with license terms and conditions.
- Devices may periodically check for valid licenses, and unauthorized usage may result in warnings or restricted functionality.
- Cisco also offers options for license transferability between devices or for upgrading licenses to accommodate changing business needs.
-
Support and Renewals:
- Cisco provides technical support and software updates for licensed products through its support services.
- Customers typically need to renew their licenses periodically to maintain access to support and software updates.
- Renewal processes may vary depending on the type of license and support contract in place.
3.9 Describe Bundle Mode/Install Mode IOS-XE
In Cisco IOS-XE software, “Bundle Mode” and “Install Mode” refer to two different methods of software package management and deployment. These modes determine how the software images and packages are handled and installed on the device.
-
Bundle Mode:
- In Bundle Mode, the software is deployed as a single monolithic image file. This means that all the necessary components, including the operating system and various features or applications, are bundled together into a single package.
- Bundle Mode simplifies the deployment process because you only need to manage and install one software image file. It’s particularly useful in environments where there’s less need for frequent updates or where stability and predictability are paramount.
- However, one drawback of Bundle Mode is that when updates or patches are needed, the entire software image must be replaced, which can be time-consuming and may require a device reboot.
-
Install Mode:
- Install Mode, on the other hand, allows for more granular control over software packages and components. Instead of a single monolithic image, the software is broken down into individual packages or modules.
- This modular approach enables administrators to install only the required features or updates, rather than the entire software package. It offers flexibility and scalability, allowing for easier customization and management of the software environment.
- With Install Mode, updates and patches can be applied more efficiently since only the affected components need to be replaced. This can lead to shorter maintenance windows and less disruption to network services.
- However, managing multiple packages and dependencies in Install Mode can be more complex compared to Bundle Mode, requiring careful planning and coordination to ensure compatibility and system stability.
To determine if the device is running in bundle mode, look for the presence of the “System image file” line in the output of the “show version” command.
Router# show version
System image file is “flash:c3560-ipbasek9-mz.150-2.SE11.bin”
To determine if the device is running in install mode, look for the presence of the “Install image file” line in the output of the “show version” command.
Router# show version
System image file is “flash:c3560-ipbasek9-mz.150-2.SE11.bin”
Install image file is “flash:/packages.conf”
copy startup config to tftp server
copy startup config tftp
<IP>
<filename>
</filename></IP>
go from global configuration mode to exec mode
end
tracert
The tracert command, short for “Trace Route,” is a network diagnostic tool used to trace the route that an Internet Protocol (IP) packet takes from your computer to a destination IP address or hostname. It is available on Windows operating systems, while on Unix-like systems such as Linux or macOS, a similar tool called traceroute is used.
Command Syntax:
On Windows, the syntax for the tracert command is:
tracert [options] target
Output:
The tracert command displays the route taken by the packets as they travel from your computer to the destination. It lists the IP addresses (or hostnames, if available) of the routers along the path, along with the round-trip time (RTT) for each hop. Additionally, it shows the total number of hops (routers) taken to reach the destination.
Usage:
The tracert command is commonly used for troubleshooting network connectivity issues, identifying network congestion points, and diagnosing routing problems. By analyzing the output, you can identify where delays or packet loss occur, helping to pinpoint network problems.
loopback address
IPv4 Loopback Address:
IPv4 loopback address is 127.0.0.1.
It is also known as localhost or the loopback interface.
Any traffic sent to the IPv4 loopback address is looped back within the device itself and is not transmitted on the network.
IPv6 Loopback Address:
IPv6 loopback address is ::1.
Similar to the IPv4 loopback address, it is used for internal testing and communication within the device.
Like the IPv4 loopback address, traffic sent to the IPv6 loopback address remains within the device and is not transmitted over the network.
Uses:
In network configuration, the loopback interface is typically assigned the loopback address. The loopback interface is always up and running, and it is used by the device to communicate with itself.
nslookup
nslookup is a command-line administrative tool used for querying Domain Name System (DNS) servers to obtain information about domain names, IP addresses, and other DNS records. It stands for “Name Server Lookup.”
Open a command prompt or terminal window on your computer.
Type nslookup followed by the domain name or IP address you want to look up.
Upon executing the command, nslookup displays the results of the query, including the IP address(es) associated with the domain name and the corresponding DNS server that provided the information.
It may also display additional information such as the authoritative DNS servers for the domain.
You can also use nslookup in interactive mode by simply typing nslookup without any arguments and pressing Enter. This opens the nslookup prompt.
Once in interactive mode, you can enter subsequent commands to perform multiple DNS lookups without having to exit and re-enter the command.
By default, nslookup performs an Address (A) record query to find the IP address associated with a domain name. You can specify different types of DNS records to query by appending the record type to the domain name. For example:
nslookup -type=mx example.com
This command queries for Mail Exchange (MX) records for the domain
You can perform reverse DNS lookups by querying the IP address to find the corresponding domain name. For example:
nslookup 8.8.8.8
This command queries the DNS server for the domain name associated with the IP address 8.8.8.8
