Command-Line Interface Command Modes 589
Privileged Mode Command List
Privileged EXEC mode provides a detailed examination of the router and allows con-
figuration changes to be made to the router. A specific mode is entered depending upon
the configuration change that is required. From privileged EXEC mode, other modes
can be entered; privileged EXEC mode must be entered before entering these other
modes (see the next section, “Router Configuration Modes”).
To access privileged mode from user EXEC mode, type enable (or the abbreviation en):
Router>enable
Password:
Router>en
Password:
You are prompted for a password. If you type a question mark (?) at the privileged
mode prompt Router#?, the screen displays a longer list of commands than it would at
the user mode prompt. Table 12-2 provides a complete list with descriptions of privi-
leged mode commands.
Note that the list of commands varies depending on the type of router platform being
configured.
show Shows running system information
slip Starts Serial Line IP (SLIP)
systat Displays information about terminal lines
telnet Opens a Telnet connection
terminal Sets terminal line parameters
tn3270 Opens a TN3270 connection
traceroute Sets a traceroute to the destination
tunnel Opens a tunnel connection
where Lists active connections
x3 Sets X.3 parameters on PAD
xremote Enters Xremote mode
Table 12-1 User ModeCommands (Continued)
Command Description

1102.book Page 589 Tuesday, May 20, 2003 2:53 PM
590 Chapter 12: Router Configuration
Table 12-2 Privileged Mode Commands
Command Description
access-enable Creates a temporary access list entry
access-template Creates a temporary access list entry
appn Sends a command to the APPN subsystem
atmsig Executes ATM signaling commands
bfe Sets manual emergency modes
calendar Manages the hardware calendar
cd Changes the current device
clear Resets functions
clock Manages the system clock
cmt Starts or stops FDDI connection-management functions
configure Enters configuration mode
connect Opens a terminal connection
copy Copies configuration or image data
debug Uses debugging functions (see also undebug)
delete Deletes a file
dir Lists files on a given device
disable Turns off privileged commands
disconnect Disconnects an existing network connection
enable Turn on privileged commands
erase Erases Flash or configuration memory
exit Exits EXEC mode
format Formats a device
help Gets a description of the interactive help system
lat Opens a LAT connection
1102.book Page 590 Tuesday, May 20, 2003 2:53 PM
Command-Line Interface Command Modes 591

lock Locks the terminal
login Logs in as a particular user
logout Exits EXEC mode
mbranch Traces the multicast route down the tree branch
mrbranch Traces the reverse multicast up the tree branch
mrinfo Requests neighbor and version information from a multicast
router
mstat Shows statistics after multiple multicast traceroutes
mtrace Traces reverse multicast path from destination source
name-connection Names an existing network connection
ncia Starts or stops an NCIA server
pad Opens an X.29 PAD connection
ping Sends echo messages
ppp Starts the IETF Point-to-Point Protocol (PPP)
pwd Displays current device
reload Halts and performs a cold return
resume Resumes an active network connection
rlogin Opens an rlogin connection
rsh Executes a remote command
sdlc Sends SDLC test frames
send Sends a message over tty lines
setup Runs the setup command facility
show Shows running system information
slip Starts Serial Line IP (SLIP)
squeeze Squeezes a device
continues
Table 12-2 Privileged Mode Commands (Continued)
Command Description
1102.book Page 591 Tuesday, May 20, 2003 2:53 PM
592 Chapter 12: Router Configuration

Router Configuration Modes
Global configuration commands are used in a router to apply configuration statements
that affect the system as a whole. Use the privileged EXEC command configure to
enter global configuration mode. After this command is entered, a prompt asking for
the source of the configuration commands appears, at which you can specify terminal,
nvram, or network. The default selection is to type in commands from the terminal
console. Pressing the Enter key begins this configuration method.
The first configuration mode is referred to as global configuration mode, or global con-
fig, for short. Table 12-3 describes some of the configuration modes that you access
from global configuration mode.
start-chat Starts a chat script on a line
Systat Displays information about terminal lines
tarp Targets ID Resolution Process (TARP) commands
telnet Opens a Telnet connection
terminal Sets terminal-line parameters
test Tests subsystems, memory, and interfaces
tn3270 Opens a TN3270 connection
traceroute Sets a traceroute to the destination
tunnel Opens a tunnel connection
undebug Disables debugging functions (see also debug)
undelete Undeletes a file
verify Verifies the checksum of a Flash file
where Lists active connections
which-route Does an OSI route table lookup and displays results
write Writes running configuration to memory, network, or terminal
x3 Sets X.3 parameters on PAD
xremote Enters Xremote mode
Table 12-2 Privileged Mode Commands (Continued)
Command Description
1102.book Page 592 Tuesday, May 20, 2003 2:53 PM

Command-Line Interface Command Modes 593
Typing exit at one of these specific configuration modes returns the router to global
configuration mode. Pressing Ctrl-Z leaves the configuration modes completely and
returns the router to privileged EXEC mode.
Example 12-1 demonstrates this sequence of transitioning between configuration
modes.
Table 12-3 Router Configuration Modes
Configuration Mode Prompt
Interface Router(config-if)#
Subinterface Router(config-subif)#
Controller Router(config-controller)#
Map-list Router(config-map-list)#
Map-class Router(config-map-class)#
Line Router(config-line)#
Router Router(config-router)#
IPX-router Router(config-ipx-router)#
Route-map Router(config-route-map)#
Example 12-1 Navigating Privileged EXEC, Global Config, and Specific Configuration Modes
Router# configure terminal
Router(config)#(commands)
Router(config)# exit
Router#
Router#configure terminal
Router(config)# router protocol
Router(config-router)#(commands)
Router(config-router)# exit
Router(config)#interface type port
Router(config-if)#(commands)
Router(config-if)# exit
Router(config)# exit

Router#
1102.book Page 593 Tuesday, May 20, 2003 2:53 PM
594 Chapter 12: Router Configuration
Router Startup Modes
Whether it is accessed from the console or by a Telnet session through a vty port,
a router can be placed in several modes. Each mode provides different functions:
■ ROM monitor mode is generally a recovery mode. It allows certain configuration
tasks, such as recovering a lost password or downloading software (IOS). The
router boots into ROM monitor mode if the router does not find a valid system
image or if the boot sequence is interrupted during startup. In many routers,
Rommon> is the default prompt for ROM monitor mode.
■ Setup mode is a prompted dialog that helps users create a first-time basic config-
uration. Setup mode consists of a series of questions with default answers in
brackets. Setup mode does not have a defining default prompt. The router
prompts the user to enter setup mode if a valid startup configuration file is not
found. Setup can also be entered by typing setup from privileged mode. Note that
setup mode also can be invoked manually if the user erased the NVRAM and
rebooted the router.
■ RXBoot mode is a special mode that the router can enter by changing the set-
tings of the configuration register and rebooting the router. RXBoot mode pro-
vides the router with a subset of Cisco IOS Software and enters a streamlined
setup mode. The streamlined setup mode differs from the standard setup mode
because streamlined setup does not configure global router parameters. There are
prompts only to configure interface parameters, which permit the router to boot.
This allows the router to boot when it cannot find a valid Cisco IOS Software
image in Flash memory. The default prompt is the host name followed by
<boot>.
Table 12-4 briefly describes some of the commonly used configuration commands.
Table 12-4 Selection of Router Configuration Commands
Command Description

configure terminal Configures manually from the console termi-
nal
configure memory Loads configuration information from
NVRAM
copy tftp running-config Loads configuration information from a net-
work TFTP server into RAM
show running-config Displays the current configuration in RAM
1102.book Page 594 Tuesday, May 20, 2003 2:53 PM
Configuring a Router Name 595
Use the commands shown in Figure 12-1 for routers running Cisco IOS Software
Release 11.0 or later.
Figure 12-1 Configuration File Commands
Configuring a Router Name
One of the first basic configuration tasks is to name the router, as shown in Example 12-2.
Naming a router helps to better manage the network by uniquely identifying each
router within the network. The router is named in global configuration mode. The
name of the router is called the host name and is displayed as the system prompt. If a
router is not named, the system default is Router.
copy running-config startup-config Stores the current configuration from RAM
into NVRAM
copy running-config tftp Stores the current configuration from RAM on
a network TFTP server
show startup-config Displays the saved configuration, which is the
contents of NVRAM
erase startup-config Erases the contents of NVRAM
Table 12-4 Selection of Router Configuration Commands (Continued)
Command Description
1102.book Page 595 Tuesday, May 20, 2003 2:53 PM
596 Chapter 12: Router Configuration
Configuring and Protecting Router Passwords

A router can be secured to restrict access by using passwords. Passwords can be estab-
lished for virtual terminal lines and the console line. Privileged mode EXEC also can
have a password.
From global configuration mode, use the enable password command to restrict access
to privileged mode. This password, however, will be visible from the router’s configu-
ration files. To enter an encrypted password in privileged mode, use the command
enable secret. If an enable secret password is configured, it is used instead of the enable
password. From the configuration files, a person can view only the encryption, not the
actual password.
Enable secret passwords cannot be read; another user might be able to break into the
configuration, but the only thing that can be done is to overwrite the password
because it is one-way encrypted and cannot be converted back to clear text.
Passwords can be further protected from display through the use of the service
password-encryption command. This command is entered from global configuration
mode.
The line console 0 configuration mode can be used to establish a login password on the
console terminal. This is useful on a network on which multiple people have access to
the router. This prevents anyone not authorized from accessing the router.
Telnet requires a password check. Different hardware platforms have different num-
bers of vty lines defined. The range 0 through 4 is used to specify five vty lines. These
five incoming Telnet sessions can be simultaneous. The same password can be used for
Example 12-2 Naming a Router
Router(config)#hostname Cougars
Cougars(config)#
Lab Activity CLI Modes and Router Identification
In this lab, you identify the basic router modes of user and privilege. You also
use several commands that will enter specific modes to become familiar with
the router prompt for each mode. In addition, you name the router.
1102.book Page 596 Tuesday, May 20, 2003 2:53 PM
Examining the show Commands 597

all lines, or one line can be set uniquely. This often is used in large networks with many
network administrators. If a catastrophic problem occurs on a network and all com-
mon vty lines are used, the one unique line can be reserved for recovery.
Use the command line vty 0 4 to establish a login password on incoming Telnet
sessions. Example 12-3 demonstrates the different ways to configure and protect
passwords.
Examining the show Commands
Many show commands exist, which help examine the contents of files in the router
and are useful in troubleshooting. From each mode in the router, the show ? command
can be used to see all the available options. Table 12-5 lists some of the show com-
mand options.
Example 12-3 Configuring/Protecting Passwords
! Console Password
Router(config)# line console 0
Router(config-line)# login
Router(config-line)# password cisco
! Virtual Terminal Password
Router(config)# line vty 0 4
Router(config-line)# login
Router(config-line)# password cisco
! Enable Password
Router(config)# enable password san-fran
!Perform Password Encryption
Router(config)# service password encryption
set password here
Router(config)# no service password encryption
Lab Activity Configuring Router Passwords
In this lab, you configure passwords for the console, virtual terminals, and a
secret password.
chpt_12.fm Page 597 Tuesday, May 27, 2003 2:34 PM

598 Chapter 12: Router Configuration
Examples 12-4, 12-5, and 12-6 display sample output from the show protocols, show
version, and show interfaces commands, respectively.
Table 12-5 show Commands
Command Description
show interfaces Displays all the statistics for all the interfaces on the
router. If a user wants to view the statistics for a spe-
cific interface, he can enter the show interfaces com-
mand followed by the specific interface and port
number. For example:
Router# show interfaces serial 1
show controllers serial Displays information specific to the interface hard-
ware.
show clock Displays the time set in the router.
show hosts Displays a cached list of host names and addresses.
show users Displays all users who are connected to the router.
show history Displays a history of commands that have been
entered.
show flash Displays information about Flash memory and what
Cisco IOS Software files are stored there.
show version Displays information about the Cisco IOS Software
image that is running in RAM.
show arp Displays the router’s address resolution (ARP) table.
show protocol Displays the global and interface-specific status of
any configured Layer 3 protocols.
show startup-configuration Displays the saved configuration located in NVRAM.
show running-configuration Displays the configuration currently running in
RAM.
Example 12-4 show protocols Command Output
Router# show protocols

Global values:
Internet Protocol routing is enabled
DECnet routing is enabled
1102.book Page 598 Tuesday, May 20, 2003 2:53 PM