MediaWiki:Welcome to the Howto page/Cisco/IOS Basics

From wiki
< MediaWiki:Welcome to the Howto page‎ | Cisco
Revision as of 21:52, 25 December 2013 by Admin (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Introduction to Cisco IOS


The Cisco Inter-Network Operating System was originally based on the BSD (Berkley Software Distribution) operating system which is a form of UNIX that started its development back in 1977. The entire IOS is embedded into Cisco Catalyst switches and Cisco ISR routers since it's name change back in the mid-nineties creating all-in-one SOHO (small office/home office) and enterprise capable devices that were not just easy to maintain but also highly configurable and flexible in their field.


The IOS is essentially responsible for all network transaction and computational information that flows through the device. This can be either routing information, connecting to user database servers (RADIUS, TACACS+), packet processing, switching information, relaying layer-2 frames between switchports, etc.


Cisco has developed the IOS to be hierarchical in operation and usage which goes as far as per-user capabilities. This is handled by creating different modes of operation in which privileged users can access the full list of modes while other users maybe restricted to just the modes that allow viewing the devices' operations. The different modes can be thought of as cascading stem-and-leaf or tree diagram; different command sets are also included in the different modes, specific to system analysis or configuration.


IOS Basics


To enter the IOS configuration a connection needs to be established to the device that is going to be configured. This can be done either using the RS232, telnet, or SSH protocol. Telnet or SSH need network connectivity to be up before access can be gained, however, the terminal or console connection can be made at any time whether the device has configuration or not.

Console or Terminal

The console or terminal connection is an 'always available' connection which is created by using a 9 pin D-Sub RS232 connector to RJ45 also known as a rollover or terminal cable.

Cisco-cable.png


This is actually the same connection that used to be established to servers in the pre-90's era of computing when the micro-computer or PC had still not been developed and a dumb terminal was used to connect to servers using the DEC VT100+ line of terminals or consoles. Today, a DEC VT100+ or Wyse50+ maybe difficult to find so a terminal emulator is the current method of connecting to serial based devices. A list of highly available terminal emulator applications can be seen below:


  • Windows: Hyper Terminal
  • Linux: GTK-Term
  • Linux: Minicom (VT102 emulation)
  • BSD: CU
  • BSD: TIP
  • Solaris/OpenSolaris: TIP


For the Cisco console input these settings need to be followed:


9600 Bauds/sec or Bits/sec
8 Data Bits
No Parity
1 Stop Bit
No Flow Control


Telnet

Telnet as it is known today is a very old protocol used back in the day when Ethernet first came around and hubs operating at layer-1 where used to connect devices to each other before the digital switch had been invented. Since data is sent in 'plain text' anyone listening on a hub based environment or using port replication in a switched environment can easily see ALL data being transacted to and from the device being configured or monitored. To establish a telnet connection layer-3, IP layer needs to be fully operational before access can work. Then a telnet client can be used to connect directly over the network to the device. Due to the security limitations of telnet it is seriously recommended not to use this method of connectivity in production environments. For home or test environments it is fine however where security doesn't need to be strictly enforced.

SSH

The Secure Shell Host protocol or SSH was developed in order to overcome the telnet protocols weaknesses. This protocol also needs layer-3, the IP layer to be active and fully functional in order to establish a connection and provide secure access means. Due to the protocol using data encryption users on an hub driven ethernet LAN or point-to-point switched based network aren't able to view the data being parsed through the network infrastructure at any given point. In addition to 'terminal' style connectivity SSH also provides various methods of file transacting such as the Secure File Transfer Protocol, SFTP, and RSYNC over SSH. SSH also has the ability to non-user authenticate and can use RSA or DSA encrypted keys to lock the system to only hosts with those specific key/passphrase combinations necessary to gain access.

Other Connection Methods

There are other methods to connect to Cisco devices such as using the Auxiliary port (not available on some models). This method of connectivity uses the 'dial-in' method by connecting up a modem or null-modem to the ISP and Aux port; this is actually quite useful if the primary WAN or internet line fails to gain connectivity and either troubleshoot the device or alter settings in case the ISP account details changed.