How to Read a Switch Configuratin File

Cisco IOS

The Cisco device stack uses the Internetwork operating arrangement (IOS), which controls the device'southward performance and behavior. The Cisco IOS defines an interface called the Command Line Interface (CLI), which enables administrators to enter commands into a terminal emulation plan. The CLI tin be accessed through three methods: the console, Telnet and Secure Shell (SSH).

Cisco Modes

Users tin be logged in to a Cisco device using the following modes:

• Exec mode (user mode) — Allows the user to look around but not change annihilation. Accessing the CLI by whatever of the 3 methods logs the user into Exec
• Enable mode (privileged mode or privileged exec manner) — Allows the user to execute privileged commands, such as the reload control, which tells the switch to reboot the Cisco IOS. To enter this manner, the user runs the enable command mode.
• Global configuration mode — Allows users to enter nondisruptive commands and display some data. Unlike exec and enable mode, configuration fashion accepts configuration commands — commands that tell the switch the details of what to do and how to do it. Commands entered in configuration fashion update the active configuration file, but the bodily changes in configuration take place just afterward the device reboots. To enter configuration fashion, a user executes the configure terminal (conf t) command.

Configuration manner contains several sub-modes. One is interface configuration way, which tin can exist entered by running the interface FastEthernet 0/1 (int fa0/ane) configuration control.

Basic CLI Commands

Show

The prove command is i of the most helpful commands because you can find the status of almost every characteristic of the Cisco IOS. It reads the current configuration from the Cisco device's RAM and lists the requested settings in the CLI. For case, the testify version command displays information nearly the Cisco IOS version currently loaded on a device.

Debug

Like the show command, debug reveals information about the device's settings. Even so, instead of just list the current status, the debug command asks the device to proceed monitoring unlike processes in it and send messages to the user when different events occur, showing the condition of settings over time. As a outcome, the debug command takes more CPU cycles, but it lets you monitor what is happening in a switch in existent time. In short, prove is for reporting and debug is for monitoring.

Hostname

The hostname command assigns a network name to the Cisco device.

?

Use the ? command to get answers to your questions about other commands, such equally their syntax and description.

Where Configuration Files are Stored

A Cisco device needs to use the configuration file to practise its piece of work. Cisco devices accept random-access retentivity (RAM) to store data from the configuration file while Cisco IOS is using it, but the RAM loses its contents when the device loses power. In order to load all configuration information back later the device loses power, Cisco use several types of more permanent retention. The following list explains the four chief types of memory found in Cisco switches or Cisco routers, too as the most mutual use of each type:

• RAM — RAM is used by a Cisco device for working storage. The running configuration file is stored
• ROM — Read-only memory (ROM) stores a bootstrap program that is loaded when the switch first powers on. This programme finds the full Cisco IOS image and loads information technology into RAM.
• Flash memory — This memory can be either inside the device or on a removable retentivity card. Wink memory stores fully functional Cisco IOS images and is the default location where the switch gets its Cisco IOS at boot time. Wink retentiveness also can be used to store other files, including backup copies of configuration files.
• NVRAM — Nonvolatile RAM (NVRAM) stores the initial or startup configuration file that is used when the Cisco device is powered on or reloaded.

Copying, Erasing and Saving Running Config on Cisco Devices

To change the configuration of a Cisco device, y'all demand to enter configure terminal mode and then apply 1 or more of the post-obit commands.

Rename a device

Use the command hostname newname to modify the name of the device to the cord you specify.

Salve running config on Cisco device

Use the control copy running-config startup-config (re-create run start) to overwrite the current startup config file with what is currently in the running configuration file.

Re-create files

The copy command can be used to copy files on a Cisco device, such as a configuration file or a new version of the Cisco IOS. Files can exist copied between RAM, NVRAM and a TFTP server. The syntax for the copy commands is as follows:

copy {tftp | running-config | startup-config} {tftp | running-config | startup-config}

The first set of parameters in braces is the "from" location; the side by side set is the "to" location. When a file is copied into NVRAM or a TFTP server, the copy control always overwrites the existing destination file with the new file. However, when the copy command copies a configuration file into the running config file in RAM, the configuration file in RAM is not replaced; it is merged instead.

Erase the contents of NVRAM

You tin use iii unlike commands to erase NVRAM: write erase, erase startup-config and erase nvram. All of them erase the contents of the NVRAM configuration file, and then if the device is then reloaded, at that place is no initial configuration and you have to begin initial device configuration.

Note that Cisco IOS does not have a command that erases the contents of the running configuration file. To clear out the running config file, simply erase the startup config file and and so reload the device.

Securing Login to Cisco Devices

Cisco devices cosign users as they log in, but the default configuration uses but uncomplicated countersign security and the enable password command defines the password for the current login. You can help protect enable mode by using the enable secret command instead. The older enable countersign command stores the countersign equally clear text in the running configuration, and the only way to encrypt it is to use the weak service password-encryption control. The newer enable hush-hush command automatically encodes the countersign using a Message Digest five (MD5) hash.

Initial Configuration of Cisco Devices

Cisco switches leave the factory with the post-obit default settings:

• All interfaces are enabled.
• Motorcar-negotiation is enabled for ports that can use it (duplex car and speed auto).
• All interfaces are a part of VLAN i.

All you have to do with a new Cisco switch is make all the physical connections — Ethernet cables and a power cord — and information technology starts working.

To configure the switch:

1. Enter VLAN 1 configuration mode using the interface vlan 1 global configuration command.
2. Assign an IP address and mask using the ip accost ip-address mask
3. Enable the VLAN 1 interface using the no shutdown
4. Add the default gateway with ip default-gateway
5. Add together the DNS server using the ip name-server control to resolve names into IP addresses.

Afterwards the initial configuration, you lot can wait at the IP address and mask data using the prove interface vlan x command, which shows detailed status information about the VLAN interface. If you utilise DHCP, use the evidence dhcp charter control to encounter the leased IP accost.

You can run into some of the details of the interface configuration using the show running-config command or the handy bear witness interfaces status command, which lists each interface on a single line that shows the first part of the interface description and the speed and duplex settings.

The show port-security interface command lists the configuration settings for port security on an interface, forth with several important facts nigh the current performance of port security, including data about whatever security violations. The switch tin be configured to take one of three deportment when a violation occurs using the following command: switchport port-security violation {protect | restrict | shutdown}. All three options crusade the switch to discard the offending frame, but some of the options make the switch take boosted actions, such as sending syslog messages to the console, sending SNMP trap letters to the network management station, or disabling the interface.

Determination

As you tin can see, it is very piece of cake to save the running config, copy it to a tftp server and perform the initial configuration for a Cisco device. Before changing the running config, be certain to brand a fill-in.

Jeff is a former Director of Global Solutions Engineering at Netwrix. He is a long-fourth dimension Netwrix blogger, speaker, and presenter. In the Netwrix web log, Jeff shares lifehacks, tips and tricks that can dramatically amend your arrangement assistants experience.

krusesmagre.blogspot.com

Source: https://blog.netwrix.com/2019/09/10/how-to-manage-and-save-running-config-on-cisco-devices/

Share this post