|
The router user interface provides several different command modes. Each command mode provides a group of related commands. This chapter describes how to access and list the commands available in each command mode. It also discusses the user interface to Telnet, which you might use to connect to another router.
Entering a ? at the system prompt allows you to obtain a list of commands available for each command mode.
The command interpreter is called the EXEC. The EXEC interprets the commands you type and carries out the corresponding operations. You must log into the router before you can enter an EXEC command. For security purposes, the EXEC has two levels of access to commands: user and privileged. The EXEC commands available at the user level are a subset of the EXEC commands available at the privileged level. From the privileged level, you can also access global configuration mode and six specific configuration modes: interface, subinterface, line, router, ipx-router, and route-map configuration.
Almost every system configuration command also has a no form. In general, use the no form to disable a feature or function. Use the command without the keyword no to reenable a disabled feature or enable a feature that is disabled by default. For example, IP routing is enabled by default. Specify the command no ip routing to disable IP routing and specify ip routing to reenable it. The Router Products Command Reference publication provides the complete syntax for every command and describes what the no form of a command does.
If your router does not find a valid system image, or if its configuration file is corrupted at startup, the system may enter read-only memory (ROM) monitor mode. A brief description of the ROM monitor mode is included in this chapter.
The user interface also provides context-sensitive help on command syntax. This chapter describes how to use the help system. It also describes the command editing and command history features that enable you to recall previous command entries and easily edit command entries.
For a complete description of the commands mentioned in this chapter, refer to Chapter 2 of the Router Products Command Reference publication.
You can perform the following tasks to become familiar with the router's user interface, to configure various aspects of the user interface, and to use Telnet connections:
This section describes how to access each of the router's command modes:
Table 2-1 lists the command modes, how to access each mode, the prompt you will see while you are in that mode, and the method to exit that mode. The prompts listed assume the default router name Router
.
The preceding table might not include all of the possible ways to access or exit each command mode.
After you log into the router, you are automatically in user EXEC command mode. The EXEC commands available at the user level are a subset of those available at the privileged level. In general, the user EXEC commands allow you to connect to remote routers, change terminal settings on a temporary basis, perform basic tests, and list system information.
To list the user EXEC commands, complete the following task:
Task | Command |
---|---|
List the user EXEC commands. | ? |
The user-level prompt consists of the router's host name followed by the angle bracket (>) :
Router>
The default host name is Router, unless it has been changed during initial configuration using the setup command. (Refer to the Router Products Getting Started Guide for information on the setup facility.) You can also change the router name using the hostname global configuration command as described in Chapter 3.
To list the commands available in user EXEC mode, enter a ? as shown in the following example.
Router>
?
Exec commands:
connect Open a terminal connection
disconnect Disconnect an existing telnet session
enable Turn on privileged commands
exit Exit from the EXEC
help Description of the interactive help system
lock Lock the terminal
login Log in as a particular user
logout Exit from the EXEC
name-connection Name an existing telnet connection
ping Send echo messages
resume Resume an active telnet connection
show Show running system information
systat Display information about terminal lines
telnet Open a telnet connection
terminal Set terminal line parameters
where List active telnet connections
Router>
The list of commands may vary slightly from this example, depending upon how your router has been configured.
The user EXEC commands that set terminal parameters are shown in the section "Configure Telnet Capabilities for a Session" later in this chapter.
Because many of the privileged commands set operating parameters, privileged access should be password-protected to prevent unauthorized use. The command set includes those commands contained in user EXEC mode, as well as the configure command through which you can access the remaining command modes. Privileged EXEC mode also includes high-level testing commands, such as debug. For details on the debug command, see the Debug Command Reference publication. For details on the setup command, see the Router Products Getting Started Guide.
To access and list the privileged EXEC commands, complete the following tasks:
Task | Command |
---|---|
Step 1 Enter the privileged EXEC mode. | enable [password] |
Step 2 List privileged EXEC commands. | ? |
If the system administrator has set a password, you are prompted to enter it before being allowed access to privileged EXEC mode. The password is not displayed on the screen and is case-sensitive. The system administrator uses the enable password global configuration command to set the password that restricts access to privileged mode. This command is described in Chapter 5.
The privileged-level prompt consists of the router's host name followed by the pound sign (#). (If the router was named with the hostname command, that name would appear as the prompt instead of "Router.")
Router#
The following example shows how to access privileged EXEC mode and list privileged EXEC commands:
Router> enable
Password:
Router#
?
Exec commands:
bfe For manual emergency modes setting
clear Reset functions
clock Manage the system clock
configure Enter configuration mode
connect Open a terminal connection
copy Copy a config file to or from a tftp server
debug Debugging functions
disable Turn off privileged commands
disconnect Disconnect an existing telnet session
enable Turn on privileged commands
exit Exit from the EXEC
help Description of the interactive help system
llc2 Execute llc2 tests
lock Lock the terminal
login Log in as a particular user
logout Exit from the EXEC
name-connection Name an existing telnet connection
ping Send echo messages
reload Halt and perform a cold restart
resume Resume an active telnet connection
send Send a message to other tty lines
setup Run the SETUP command facility
show Show running system information
systat Display information about terminal lines
telnet Open a telnet connection
terminal Set terminal line parameters
test Test subsystems, memory, and interfaces
trace Trace route to destination
where List active telnet connections
which-route Do route table lookup and display results
write Write running configuration to memory, network, or terminal
Router#
The list of commands may vary slightly from this example, depending upon how your router has been configured.
From the privileged level, you can access global configuration mode. For instructions, see "Global Configuration Command Mode" which follows this section.
To return from privileged EXEC mode to user EXEC mode, perform the following task:
Task | Command |
---|---|
Move from privileged EXEC mode to user EXEC mode. | disable |
Global configuration commands apply to features that affect the system as a whole. Use the configure privileged EXEC command to enter global configuration mode. When you enter this command, the EXEC prompts you for the source of the configuration commands.
Configuring from terminal, memory, or network [terminal]?
You can then specify either the terminal, nonvolatile memory (NVRAM), or a file stored on a network server as the source of configuration commands (see Chapter 3). The default is to type in commands from the terminal console. Pressing the Return key begins this configuration method.
Commands to enable a particular routing or bridging function are also global configuration commands. For information on protocol-specific global configuration commands, see the appropriate chapter in this guide.
To access and list the global configuration commands, complete the following tasks:
Task | Command |
---|---|
Step 1 At the terminal, from the privileged EXEC mode, enter configuration mode. | configure <CR> |
Step 2 List the global configuration commands. | ? |
The following example shows how to access global configuration mode and list global configuration commands:
Router#
configure
Configuring from terminal, memory, or network [terminal]? <CR>
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#
?
Configure commands:
access-list Add an access list entry
apollo Apollo global configuration commands
appletalk Appletalk global configuration commands
arp Set a static ARP entry
async-bootp Modify system bootp parameters
autonomous-system Specify local AS number to which we belong
banner Define a login banner
boot Modify system boot parameters
bridge Transparent bridging
buffers Adjust system buffer pool parameters
busy-message Display message when connection to host fails
chat-script Define a modem chat script
clns Global CLNS configuration subcommands
clock Configure time-of-day clock
decnet Global DECnet configuration subcommands
default-value Default character-bits values
dialer-list Create a dialer list entry
enable Modify enable password parameters
end Exit from configure mode
exit Exit from configure mode
frame-relay Global frame relay configuration commands
help Description of the interactive help system
hostname Set system's network name
interface Select an interface to configure
ip Global IP configuration subcommands
ipx Novell/IPX global configuration commands
line Configure a terminal line
lnm IBM Lan Manager
locaddr-priority-list Establish queueing priorities based on LU address
logging Modify message logging facilities
login-string Define a host-specific login string
mop The DEC MOP Server
netbios NETBIOS access control filtering
no Negate a command or set its defaults
ntp Configure NTP
priority-list Build a priority list
queue-list Build a custom queue list
rif Source-route RIF cache
route-map Create route-map or enter route-map command mode
router Enable a routing process
scheduler-interval Maximum interval before running lowest priority process
service Modify use of network based services
smt-queue-threshold Set the max number of unprocessed SMT frames
snmp-server Modify SNMP parameters
source-bridge Source-route bridging ring groups
stun STUN global configuration commands
tacacs-server Modify TACACS query parameters
tftp-server Provide TFTP service for netload requests
tn3270 tn3270 configuration command
username Establish User Name Authentication
vines Vines global configuration commands
x25 X.25 Level 3
xns XNS global configuration commands
Router(config)#
The list of commands may vary slightly from this example, depending upon how your router has been configured.
To exit global configuration command mode and return to privileged EXEC mode, use one of the following commands:
Task | Command |
---|---|
Exit global configuration mode. | exit end Ctrl-Z |
From global configuration mode you can access six configuration sublevels: interface, subinterface, line, router, ipx-router, and route-map configuration commands. These command modes are described in the following sections.
Many features are enabled on a per-interface basis. Interface configuration commands modify the operation of an interface such as an Ethernet, FDDI, or serial port. Interface subcommands always follow an interface command, which defines the interface type.
For details on interface configuration commands that affect general interface parameters, such as bandwidth, clock rate, and so on, see Chapter 6. For protocol-specific commands, see the appropriate chapter in this guide.
To access and list the interface configuration commands, complete the following tasks.
Task | Command |
---|---|
Step 1 From global configuration mode, enter interface configuration mode. | interface interface-type interface-number |
Step 2 List the interface configuration commands. | ? |
In the following example, serial interface 0 is about to be configured. The new prompt (config-if)#
indicates interface configuration mode. In this example, the user asks for help by requesting a list of commands.
Router(config)#
interface serial 0 <CR>
Router(config-if)#
?
Interface configuration commands:
access-expression Build a bridge boolean access expression
apollo Apollo interface subcommands
appletalk Appletalk interface subcommands
arp Set arp type (arpa, probe, snap) or timeout
backup Modify dial-backup parameters
bandwidth Set bandwidth informational parameter
bridge-group Transparent bridging interface parameters
clns CLNS interface subcommands
clockrate Configure serial interface clock speed
custom-queue-list Assign a custom queue list to an interface
decnet Interface DECnet config commands
delay Specify interface throughput delay
description Interface specific description
dialer Dial-on-demand routing (DDR) commands
dialer-group Assign interface to dialer-list
down-when-looped Force looped serial interface down
encapsulation Set encapsulation type for an interface
ethernet-transit-oui Token-ring to Ethernet OUI handling
exit Exit from interface configuration mode
frame-relay Set frame relay parameters
hdh Set HDH mode
help Description of the interactive help system
hold-queue Set hold queue depth
ip Interface Internet Protocol config commands
ipx Novell interface subcommands
isis IS-IS commands
iso-igrp ISO-IGRP interface subcommands
keepalive Enable keepalive
lapb X.25 Level 2 parameters (Link Access Procedure, Balanced)
llc2 LLC2 Interface Subcommands
lnm IBM Lan Manager
locaddr-priority Assign a priority group
loopback Configure internal loopback on an interface
mac-address Manually set interface MAC address
mop DEC MOP server commands
mtu Set the interface Maximum Transmission Unit (MTU)
netbios Use a defined NETBIOS access list or enable name-caching
no Negate a command or set its defaults
ntp Configure NTP
ppp Point-to-point protocol
priority-group Assign a priority group to an interface
pulse-time Enables pulsing of DTR during resets
pup PUP interface subcommands
sdlc SDLC commands
sdllc Configure SDLC to LLC2 translation
shutdown Shutdown the selected interface
smds Modify SMDS parameters
source-bridge Configure interface for source-route bridging
stun STUN interface subcommands
transmit-interface Assign a transmit interface to a receive-only interface
transmitter-delay Set dead-time after transmitting a datagram
tunnel protocol-over-protocol tunneling
tx-queue-limit Configure card level transmit queue limit
vines Vines interface subcommands
xns XNS interface subcommands
The list of commands may vary slightly from this example, depending upon how your router has been configured.
To exit interface configuration mode and return to global configuration mode, enter the exit command. Or, press Ctrl-Z to exit configuration mode and return to privileged EXEC mode.
You can configure multiple virtual interfaces (called subinterfaces) on a single physical interface. This feature is supported on the following interfaces:
Subinterfaces appear to be distinct physical interfaces to the various protocols. For example, Frame Relay networks provide multiple point-to-point links called permanent virtual circuits (PVCs). PVCs can be grouped under separate subinterfaces that in turn are configured on a single physical interface. From a bridging spanning tree viewpoint, each subinterface is a separate bridge port, and a frame arriving on one subinterface can be sent out on a another subinterface.
Subinterfaces also allow multiple encapsulations for a protocol on a single interface. For example, a router can receive an ARPA-framed IPX packet and forward the packet back out the same physical interface as a SNAP-framed IPX packet.
For detailed information on how to configure subinterfaces, see Chapter 6. For information on how to configure Frame Relay, bridging, IPX, and IP subinterfaces, see the appropriate chapters in this guide.
To access and list the subinterface configuration commands, complete the following tasks:
Task | Command |
---|---|
Step 1 From interface configuration mode, configure a virtual interface. | See the example that follows. For a list of all interface commands that allow subinterface implementation, see Chapter 6. |
Step 2 List the subinterface configuration commands. | ? |
In the following example, a subinterface is configured for serial line 2, which is configured for Frame Relay encapsulation. The subinterface is called 2.1 to indicate that it is subinterface 1 of serial interface 2. The new prompt (config-subif)#
indicates subinterface configuration mode. The subinterface can be configured to support one or more Frame Relay PVCs. To list the commands available in subinterface configuration mode, enter a question mark (?).
Router(config)# interface serial 2
Router(config-if)# encapsulation frame-relay
Router(config-if)# interface serial 2.1
Router(config-subif)# ?
Interface configuration commands:
apollo Apollo interface subcommands
appletalk Appletalk interface subcommands
bandwidth Set bandwidth informational parameter
bridge-group Transparent bridging interface parameters
clns CLNS interface subcommands
decnet Interface DECnet config commands
delay Specify interface throughput delay
description Interface specific description
exit Exit from interface configuration mode
frame-relay Set frame relay parameters
ip Interface Internet Protocol config commands
ipx Novell interface subcommands
isis IS-IS commands
iso-igrp ISO-IGRP interface subcommands
no Negate a command or set its defaults
ntp Configure NTP
shutdown Shutdown the selected interface
The list of commands may vary slightly from this example depending upon how your router has been configured.
To exit subinterface configuration mode and return to global configuration mode, enter the exit command. Or, press Ctrl-Z to exit configuration mode and return to privileged EXEC mode.
Line configuration commands modify the operation of a serial terminal line. Line configuration commands always follow a line command, which defines a line number. These commands are generally used to connect to remote routers, change terminal parameter settings on a line-by-line basis, and set up the auxiliary port modem configuration to support Dial-on-Demand Routing (DDR) (see Chapter 10).
To access and list the auxiliary port, console port, and virtual terminal line configuration commands, complete the following tasks:
Task | Command |
---|---|
Step 1 From global configuration mode, configure an auxiliary, console, or virtual terminal line. | line aux | con | vty line-number [ending-line-number] |
Step 2 List the line configuration commands. | ? |
The following example shows how to enter line configuration mode for virtual terminal line 3 and list the line configuration commands:
Router(config)#
line vty 3 <CR>
Router(config-line)#
?
Line configuration commands:
access-class Filter connections based on an IP access list
activation-character Define the activation character
autobaud Set line to autobaud
autocommand Automatically execute an EXEC command
autohangup Automatically hangup when last connection closes
autohost Automatically connect to a host
cts-required Require CTS on line
data-character-bits Size of characters being handled
databits Set number of data bits per character
disconnect-character Define the disconnect character
dispatch-character Define the dispatch character
dispatch-timeout Set the dispatch timer
editing Enable command line editing
escape-character Change the current line's escape character
exec Start an EXEC process
exec-banner Enable the display of the EXEC banner
exec-character-bits Size of characters to the command exec
exec-timeout Set the EXEC timeout
exit Exit from line configuration mode
flowcontrol Set the flow control
help Description of the interactive help system
history Set the size of the command history buffer
hold-character Define the hold character
length Set number of lines on a screen
location Enter terminal location description
lockable Allow users to lock a line
login Enable password checking
modem Configure the Modem Control Lines
monitor Copy debug output to the current terminal line
no Negate a command or set its defaults
notify Inform users of output from concurrent sessions
padding Set padding for a specified output character
parity Set terminal parity
password Set a password
private Configuration options that user can set will remain in effect between terminal sessions
refuse-message Define a refuse banner
rotary Add line to a rotary group
rxspeed Set the receive speed
session-limit Set maximum number of sessions
session-timeout Set interval for closing connection when there is no input traffic
special-character-bits Size of the escape (and other special) characters
speed Set the transmit and receive speeds
start-character Define the start character
stop-character Define the stop character
stopbits Set async line stop bits
telnet Telnet protocol-specific configuration
telnet-transparent Send a CR as a CR followed by a NULL instead of a CR followed by a LF
terminal-type Set the terminal type
transport Define transport protocols for line
txspeed Set the transmit speeds
vacant-message Define a vacant banner
width Set width of the display terminal
Router(config-line)#
The list of commands may vary from this example, depending upon how your router has been configured.
To exit line configuration mode and return to global configuration mode, use the exit command. To exit configuration mode and return to privileged EXEC mode, press Ctrl-Z.
Router configuration commands configure a routing protocol and always follow a router command. To access and list the router configuration commands, complete the following tasks:
Task | Command |
---|---|
Step 1 From global configuration mode, enter router configuration mode. | router [keyword] See the list in the example for keywords. |
Step 2 List the router configuration commands. | ? |
To list the available router configuration keywords, enter the router command followed by a space and a question mark (?) at the global configuration prompt:
Router(config)#
router ?
bgp Border Gateway Protocol (BGP)
egp Exterior Gateway Protocol (EGP)
igrp Interior Gateway Routing Protocol (IGRP)
isis ISO IS-IS
iso-igrp IGRP for OSI networks
ospf Open Shortest Path First (OSPF)
rip Routing Information Protocol (RIP)
static Static CLNS Routing
In the following example, the router is configured to support the routing information protocol (RIP). The new prompt is (config-router)#
.
Router(config)# router rip
Router(config-router)# ?
Router configuration commands:
default-information Control distribution of default information
default-metric Set metric of redistributed routes
distance Define an administrative distance
distribute-list Filter networks in routing updates
exit Exit from routing protocol configuration mode
help Description of the interactive help system
neighbor Specify a neighbor router
network Enable routing on an IP network
no Negate or set default values of a command
offset-list Add or subtract offset from IGRP, RIP, or HELLO metrics
passive-interface Suppress routing updates on an interface
redistribute Redistribute information from another routing protocol
timers Adjust routing timers
Router(config)#
The list of commands may vary slightly from this example, depending upon how your router has been configured.
To exit router configuration mode and return to global configuration mode, enter the exit command. Or, press Ctrl-Z to exit configuration mode and return to privileged EXEC mode.
Internet Packet Exchange (IPX) is a Novell network-layer protocol. To access and list the IPX routing configuration commands, complete the following tasks:
Task | Command |
---|---|
Step 1 From global configuration mode, enter ipx-router configuration mode. | ipx router [keyword] See the appropriate IPX chapter for keywords. |
Step 2 List the ipx-router configuration commands. | ? |
In the following example, IPX RIP routing is configured. The new prompt is (config-ipx-router)
:
Router(config)#
ipx router rip<CR>
Router(config-ipx-router)# ?
To exit IPX router configuration mode and return to global configuration mode, enter the exit command. Or, press Ctrl-Z to exit configuration mode and return to privileged EXEC mode.
The route-map command set is used to configure routing table and source and destination information. To access and list the route-map configuration commands, complete the following tasks:
Task | Command |
---|---|
Step 1 From global configuration mode, enter route-map configuration mode. | route-map [route map tag] |
Step 2 List the route-map configuration commands. | ? |
In the following example, a route map named arizona1 is configured. The new prompt is (config-route-map)
. Enter a question mark (?) to list route-map configuration commands.
Router(config)#
route-map ?
WORD Route map tag
Router(config)#
route-map arizona1 <CR>
Router(config-route-map)#
?
Route Map configuration commands:
exit Exit from route-map configuration mode
help Description of the interactive help system
match Match values from routing table
no Negate or set default values of a command
set Set values in destination routing protocol
Router(config-route-map)#
To exit route-map configuration mode and return to global configuration mode, enter the exit command. Or, press Ctrl-Z to exit configuration mode and return to privileged EXEC mode.
If your router does not find a valid system image, or if its configuration file is corrupted at startup, the system may enter read-only memory (ROM) monitor mode. From ROM monitor mode, you can boot the router or perform diagnostic tests.
From the Cisco 2000, Cisco 3000, and Cisco 4000, you can also enter ROM monitor mode by entering the reload EXEC command and then pressing the Break key during the first 60 seconds of startup. To save changes to the configuration file, use the write memory command before issuing the reload command.
To access and list the ROM monitor configuration commands, complete the following tasks:
Task | Command |
---|---|
Enter ROM monitor mode from privileged EXEC mode. | reload Press Break during the first 60 seconds while the system is booting. |
List the ROM monitor commands. | ? |
The ROM monitor prompt is the angle bracket (>):
> ?
$ state Toggle cache state (? for help)
B [filename] [TFTP Server IP address | TFTP Server Name]
Load and execute system image from ROM or from TFTP server
C [address] Continue execution [optional address]
D /S M L V Deposit value V of size S into location L with modifier M
E /S M L Examine location L with size S with modifier M
G [address] Begin execution
H Help for commands
I Initialize
K Stack trace
L [filename] [TFTP Server IP address | TFTP Server Name]
Load system image from ROM or from TFTP server, but do not
begin execution
O Show configuration register option settings
P Set the break point
S Single step next instruction
T function Test device (? for help)
Deposit and Examine sizes may be B (byte), L (long) or S (short).
Modifiers may be R (register) or S (byte swap).
Register names are: D0-D7, A0-A6, SS, US, SR, and PC
To return to user EXEC mode, enter c to continue. To boot the system image file, use the b command (see Chapter 3). For details on other ROM monitor mode commands, refer to the appropriate hardware installation guide.
The previous sections described the first level of help available with the user interface. Entering a question mark (?) at the system prompt displays a list of commands available for each command mode. You can also get a list of any command's associated keywords and arguments with the context-sensitive help feature.
To get help specific to a command mode, a command, a keyword, or arguments, perform one of the following tasks:
When using context-sensitive help, the space (or lack of a space) before the ? is significant. To obtain a list of commands that begin with a particular character sequence, type in those characters followed immediately by the ?. Do not include a space. This form of help is called word help, because it completes a word for you.
To list keywords or arguments, enter a ? in place of a keyword or argument. Include a space before the ?. This form of help is called command syntax help, because it reminds you which keywords or arguments are applicable based on the command, keywords, and arguments you already have entered.
You can abbreviate commands and keywords to the number of characters that allow a unique abbreviation. For example, you can abbreviate the show command to sh.
Enter the help command (which is available in any command mode) for a brief description of the help system:
Router#
help
Help may be requested at any point in a command by entering
a question mark '?'. If nothing matches, the help list will
be empty and you must back up until entering a '?' shows the
available options.
Two styles of help are provided:
1. Full help is available when you are ready to enter a
command argument (e.g. 'show ?') and describes each possible
argument.
2. Partial help is provided when an abbreviated argument is entered
and you want to know what arguments match the input
(e.g. 'show pr?'.)
As described in the help command output, you can enter a partial command name and a ? to obtain a list of commands beginning with a particular character set. See "Complete a Partial Command Name" later in this chapter for more detail.
The following example illustrates how the context-sensitive help feature enables you to create an access list from configuration mode. First enter the letters co at the system prompt followed by a question mark (?). Do not leave a space between the last letter and the ?. The system provides the commands that begin with co.
Router# co?
configure connect copy
Enter the configure command followed by a space and a ? to lists the command's keywords and a brief explanation.
Router# configure ?
memory Configure from NV memory
network Configure from a TFTP network host
terminal Configure from the terminal
<cr>
Enter the terminal keyword to enter configuration mode from the terminal:
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#
Enter the access-list command followed by a space and a ? to list the command's keywords:
Router(config)# access-list ?
<1-99> IP standard access list
<100-199> IP extended access list
<1000-1099> IPX SAP access list
<1100-1199> Extended 48-bit MAC address access list
<200-299> Protocol type-code access list
<300-399> DECnet access list
<400-499> XNS standard access list
<500-599> XNS extended access list
<600-699> Appletalk access list
<700-799> 48-bit MAC address access list
<800-899> IPX standard access list
<900-999> IPX extended access list
Enter the access list number 99 and then enter another ? to see the arguments that apply to the keyword and brief explanations:
Router(config)# access-list 99 ?
deny Specify packets to reject
permit Specify packets to forward
Enter the deny argument followed by a ? to list additional options:
Router(config)# access-list 99 deny ?
A.B.C.D Address to match
Enter the IP address followed by a ? to list additional options:
Router(config)# access-list 99 deny 131.108.134.0 ?
A.B.C.D Mask of bits to ignore
<cr>
The <cr>
symbol appears in the list, indicating that one of your options is to press Return to execute the command. The other option is to add a wild-card mask. Enter the wild-card mask followed by a ? to list further options.
Router(config)# access-list 99 deny 131.108.134.0 0.0.0.255 ?
<cr>
Router(config)# access-list 99 deny 131.108.134.0 0.0.0.255
The <cr>
symbol by itself indicates there are no more keywords or arguments. Press Return to execute the command. The system adds an entry to access list 99 that denies access to all hosts on subnet 131.108.134.0.
The user interface provides syntax checking in the form of an error location indicator (^). The ^ character appears at the point in the command string where you have entered an incorrect command, keyword, or argument. The error location indicator and interactive help system allow you to easily find and correct syntax errors.
In the following example, suppose you want to set the router clock. First, use context-sensitive help to check the syntax for setting the clock.
Router# clock ?
set Set the time and date
Router# clock
The help output shows that the set keyword is required. Next, check the syntax for entering the time:
Router# clock
set ?
hh:mm:ss Current time
Router# clock set
Enter the current time:
Router# clock set 13:32:00
% Incomplete command.
The system indicates that you need to provide additional arguments to complete the command. Press Ctrl-P (see the next section,"Use the Command History Features" ) to automatically repeat the previous command entry. Then add a space and question mark (?) to reveal the additional arguments:
Router# clock set 13:32:00 ?
<1-31> Day of the month
January Month of the year
February
March
April
May
June
July
August
September
October
November
December
Now you can complete the command entry:
Router# clock set 13:32:00 23 February 93
^
% Invalid input detected at '^' marker.
The caret symbol (^) and help response indicate an error at 93. To list the correct syntax, enter the command up to the point where the error occurred and then enter a question mark (?):
Router# clock set 13:32:00 23 February ?
<1993-2035> Year
Router# clock set 13:32:00 23 February
Enter the year using the correct syntax and press Return to execute the command.
Router# clock set 13:32:00 23 February 1993
With the current software release, the user interface provides a history or record of commands you have entered. This feature is particularly useful for recalling long or complex commands or entries, including access lists. With the command history feature, you can complete the following tasks:
By default, the system records 10 command lines in its history buffer. To set the number of command lines the system will record during the current terminal session, complete the following task in EXEC mode:
Task | Command |
---|---|
Enable the command history feature for the current terminal session. | terminal history size number of lines |
To configure the number of command lines the system will record, complete the following task in line configuration mode:
Task | Command |
---|---|
Enable the command history feature. | history size number of lines |
To recall commands from the history buffer, perform one of the following tasks:
Task | Key Sequence/Command |
---|---|
Recall commands in the history buffer, beginning with the most recent command. Repeat the key sequence to recall successively older commands. | Press Ctrl-P or the Up Arrow.1 |
Return to more recent commands in the history buffer after recalling commands with Ctrl-P or the Up Arrow. Repeat the key sequence to recall successively more recent commands. | Press Ctrl-N or the Down Arrow.1 |
While in EXEC mode, list the commands you have just entered. | show history |
As mentioned, this feature is particularly useful when you are entering long, complex commands, such as access lists.To create several access lists with minor variations, use Ctrl-P or the Up Arrow to recall a previous access list; then use the line editing feature to modify it.
The command history feature is automatically enabled. To disable it during the current terminal session, complete the following task in EXEC mode:
Task | Command |
---|---|
Disable the command history feature for the current session. | no terminal history size |
To configure the line with the command history feature disabled, complete the following task in line configuration mode:
Task | Command |
---|---|
Configure the line so that the command history feature is disabled. | no history size |
The current software release includes an enhanced editing mode that provides a set of editing key functions similar to those of the Emacs editor.
You can enter commands in uppercase, lowercase, or a mix of both. Only passwords are case-sensitive. You can abbreviate commands and keywords to the number of characters that allow a unique abbreviation. For example, you can abbreviate the show command to sh. After entering the command line at the system prompt, press the Return key to execute the command.
The following tasks are described in this section:
Although enhanced editing mode is automatically enabled with the current software release, you can disable it and revert to the editing mode of previous software releases. See the section "Disable Enhanced Editing Mode" later in this chapter.
To reenable the enhanced editing mode for the current terminal session, complete the following task in EXEC mode:
Task | Command |
---|---|
Enable the enhanced editing features for the current terminal session. | terminal editing |
To reconfigure the line to have enhanced editing mode, complete the following task in line configuration mode:
Task | Command |
---|---|
Enable the enhanced editing features. | editing |
Perform the following tasks to move the cursor around on the command line for corrections or changes:
Task | Keystrokes |
Move the cursor back one character. | Press Ctrl-B or press the left arrow key.1 |
Move the cursor forward one character. | Press Ctrl-F or press the right arrow key.1 |
Move the cursor to the beginning of the command line. | Press Ctrl-A. |
Move the cursor to the end of the command line. | Press Ctrl-E. |
Move the cursor back one word. | Press Esc-B. |
Move the cursor forward one word. | Press Esc-F. |
If you cannot remember a complete command name, you can use the Tab key to allow the system to complete a partial entry. To do so, perform the following task:
Task | Keystrokes |
---|---|
Recall a complete command name. | Enter the first few letters and press the Tab key. |
If your keyboard does not have a Tab key, press Ctrl-I instead.
In the following example, when you enter the letters conf and press the Tab key, the system provides the complete command:
Router# conf<Tab>
Router#
configure
If you enter a set of characters that could indicate more than one command, the system beeps to indicate an error. Enter a question mark (?) to obtain a list of commands that begin with that set of characters. Do not leave a space between the last letter and the question mark (?).
For example, there are three commands in privileged mode that start with co. To see what they are, type co? at the privileged EXEC prompt:
Router# co?
configure connect copy
Router# co
The system provides a buffer that contains the last ten items you deleted. You can recall these items and paste them in the command line by performing the following task:
Task | Keystrokes |
---|---|
Step 1 Recall the most recent entry in the buffer. | Press Ctrl-Y. |
Step 2 Recall the next buffer entry. | Press Esc-Y. |
The buffer contains only the last ten items you have deleted or cut. If you press Esc-Y more than ten times, you will cycle back to the first buffer entry.
The new editing command set a provides a wraparound feature for commands that extend beyond a single line on the screen. When the cursor reaches the right margin, the command line shifts ten spaces to the left. You cannot see the first ten characters of the line, but you can scroll back and check the syntax at the beginning of the command. To scroll back, perform the following task:
Task | Keystrokes |
---|---|
Return to the beginning of a command line to verify that you have entered a lengthy command correctly. | Press Ctrl-B or the left arrow key repeatedly until you scroll back to the beginning of the command entry, or press Ctrl-A to return directly to the beginning of the line. (The arrow keys function only on ANSI-compatible terminals such as VT100s.) |
In the following example, the access-list command entry extends beyond one line. When the cursor first reaches the end of the line, the line is shifted ten spaces to the left and redisplayed The $ indicates that the line has been scrolled to the left. Each time the cursor reaches the end of the line, the line is again shifted ten spaces to the left.
Router(config)# access-list 101 permit tcp 131.108.2.5 255.255.255.0 131.108.1
Router(config)# $ 101 permit tcp 131.108.2.5 255.255.255.0 131.108.1.20 255.25
Router(config)# $t tcp 131.108.2.5 255.255.255.0 131.108.1.20 255.255.255.0 eq
Router(config)# $108.2.5 255.255.255.0 131.108.1.20 255.255.255.0 eq 45
When you have completed the entry, press Ctrl-A to check the complete syntax before pressing the Return key to execute the command. The $ appears at the end of the line to indicate that the line has been scrolled to the right:
Router(config)# access-list 101 permit tcp 131.108.2.5 255.255.255.0 131.108.1$
The router assumes you have a terminal screen 80 columns wide. If you have a width other than that, use the terminal width command to tell the router the correct width of your terminal.
Use line wrapping in conjunction with the command history feature to recall and modify previous complex command entries. See "Recall Commands" earlier in this chapter for information about recalling previous command entries.
Perform any of the following tasks to delete command entries if you make a mistake or change your mind:
Task | Keystrokes |
---|---|
Erase the character to the left of the cursor. | Press the Delete or Backspace key. |
Delete the character at the cursor. | Press Ctrl-D. |
Delete all characters from the cursor to the end of the command line. | Press Ctrl-K. |
Delete all characters from the cursor to the beginning of the command line. | Press Ctrl-U or Ctrl-X. |
Delete the word to the left of the cursor. | Press Ctrl-W. |
Delete from the cursor to the end of the word. | Press Esc-D. |
When you use the help facility to list the commands available in a particular mode, the list is often longer than the terminal screen can display. In such cases, a ---More---
prompt is displayed at the bottom of the screen. To view the next line or screen, complete the following tasks:
Task | Keystrokes |
---|---|
Scroll down one line. | Press the Return key. |
Scroll down one screen. | Press the Space bar. |
---More---
prompt is used for any output that has more lines than can be displayed on the terminal screen, including show command output. You can use the keystrokes listed above whenever you see the ---More---
prompt.
If you are entering a command and the system suddenly sends a message to your screen, you can easily recall your current command line entry. To do so, perform the following task:
Task | Keystrokes |
---|---|
Redisplay the current command line. | Press Ctrl-L or Ctrl-R. |
If you have mistyped a command entry, you can transpose the mistyped characters by performing the following task:
Task | Keystrokes |
---|---|
Transpose the character to the left of the cursor with the character located at the cursor. | Press Ctrl-T. |
You can capitalize or lowercase words or capitalize a set of letters with simple keystroke sequences. To do so, perform the following task:
Task | Keystrokes |
---|---|
Capitalize the word at the cursor. | Press Esc-C. |
Change the word at the cursor to lowercase. | Press Esc-L. |
Capitalize letters from the cursor to the end of the word. | Press Esc-U. |
Sometimes you may want to use a particular keystroke as an executable command, perhaps as a shortcut. Complete the following task to insert a system code for this purpose:
Task | Keystrokes |
---|---|
Insert a code to indicate to the system that the keystroke immediately following should be treated as a command entry, not an editing key. | Press Ctrl-V or Esc-Q. |
To disable enhanced editing mode and revert to the editing mode of previous software releases, perform the following task in EXEC mode:
Task | Command |
---|---|
Disable the enhanced editing features for the local line. | no terminal editing |
You might want to disable enhanced editing if you have prebuilt scripts; for example, scripts that do not interact well when enhanced editing is enabled. You can reenable enhanced editing mode with the terminal editing command.
The editing keys and functions of previous software releases are listed in Table 2-2.
Key | Function |
---|---|
Delete or Backspace | Erases the character to the left of the cursor. |
Ctrl-W | Erases a word. |
Ctrl-U | Erases a line. |
Ctrl-R | Redisplays a line. |
Ctrl-Z | Ends configuration mode and returns to the EXEC prompt. |
Return | Executes single-line commands. |
The router supplies default serial communication parameters for terminal and other serial device operation. You can change these parameters as necessary to meet the requirements of the terminal or host to which you are attached. Use these commands during an EXEC session while you are using a device connected to the auxiliary port. The local settings temporarily override those configured by the system administrator, remaining in effect only until you exit the system. (To configure terminal parameters on a more permanent basis, use the commands provided in Chapter 4.)
You can define the following terminal operation characteristics:
To change the following parameters for the duration of your session only, perform the appropriate tasks in EXEC mode:
On the aux port, you can set both hardware and software flow control between the router and devices attached to it. Both types of flow control are bidirectional. When you specify software flow control, an additional keyword specifies the direction: in causes the router to listen to flow control from the attached device, and out causes the router to send flow control information to the attached device. If you do not specify a direction, the router enables software flow control in both directions.
For software flow control, the default stop and start characters are Ctrl-S and Ctrl-Q (XOFF and XON) respectively. However, you can define characters or character sequences that signal the start and end of data transmission when software flow control is in effect. This capability is useful for providing control of data over the serial line.
The keyword hardware sets hardware flow control. For information about setting up the RS-232 line, see the hardware installation and maintenance manual for your product.
Use these commands during an EXEC session while you are using a device connected to the auxiliary port. These commands temporarily override the configured flow control parameters. (If you want to configure terminal parameters on a more permanent basis, use the flow control commands provided in Chapter 4.)
To set temporary flow control parameters for the current session, perform one or more of the following tasks in EXEC mode:
The router supports configuration of dispatch sequences. You can set up dispatch characters that allow packets to be buffered, then transmitted upon receipt of a character. These characters are useful on an aux port only, and then only if you have some special-purpose device hooked up.
Use these commands during an EXEC session while you are using a device connected to the auxiliary port. These commands temporarily override the configured parameters. (If you want to configure terminal parameters on a more permanent basis, use the commands provided in Chapter 4.)
Perform the following tasks in EXEC mode, as needed for your particular system needs:
You can specify the type of terminal connected to a line. This feature has two benefits: it provides a record of the type of terminal attached to a line, and it can be used in Telnet terminal negotiations to inform the remote host of the terminal type for display management.
To specify the terminal type for the current session, perform the following task in EXEC mode:
Task | Command |
---|---|
Specify the terminal type for the current terminal line. | terminal terminal-type terminal-name |
By default, the router provides a screen display of 24 lines by 80 characters. You can reset these values if they do not meet the needs of your terminal. To set the terminal length or width for the current session, perform the following tasks in EXEC mode:
Task | Command |
---|---|
Set the screen length for the current terminal line. | terminal length screen-length |
Set the screen width for the current terminal line. | terminal width characters |
The values set can be learned by some host systems that use this type of information in terminal negotiation. Set a value of zero for the screen length to disable pausing between screens of output.
You can modify the default key sequences to execute functions such as system escape or terminal pause. To modify the system escape character or hold character for the current terminal session, perform the following task in EXEC mode:
You can use a 7-bit character set (such as ASCII) or you can enable a full 8-bit international character set (such as ISO 8859) to allow special graphical and international characters for use in banners and prompts. To change the various character sets, perform the following tasks in EXEC mode:
Setting the EXEC character width to eight bits can cause failures. For example, if a user on a terminal that is sending parity enters the command help, an "unrecognized command" message appears because the system is reading all eight bits, although the eighth bit is not needed for the help
command.
You can change the character padding on a specific output character. Character padding adds a number of null bytes to the end of the string and can be used to make a string an expected length for conformity. To set the padding for the current terminal session, perform the following task in EXEC mode:
Task | Command |
---|---|
Set padding on a specific output character for the current line. | terminal padding ASCII-number count |
If you have enabled a terminal-locking mechanism by using the lockable line configuration command, you can perform the following task in EXEC mode to lock the keyboard:
Task | Command |
---|---|
Lock the keyboard. Doing so prevents access to your session while keeping your connection open. | lock |
When the terminal-locking mechanism is set and you enter the lock EXEC command, you are prompted for a password. You must enter this password before you can use the terminal. This allows you to leave a terminal unattended without concern about unauthorized access. The lock EXEC command remains in effect until you execute the clear line privileged EXEC command.
You can set up a line to inform a user who has multiple, concurrent Telnet connections when output is pending on a connection other than the current one. To do so, perform the following task in EXEC mode:
Task | Command |
---|---|
Enable the current terminal line to notify a user of pending output. | terminal notify |
The system accepts a host name entry at the EXEC system prompt as a Telnet command. If you mistype the hostname, the system interprets the entry as an incorrect Telnet command and provides an error message indicating that the host does not exist. You can disable this option by specifying terminal transport none. In this case, if you mistype a command at the EXEC prompt, the system will not attempt to make a Telnet connection.
To specify the preferred method of transport, perform the following task in EXEC mode:
Task | Command |
---|---|
Define which protocol can be used to connect to the current line. | terminal transport {telnet | none} |
Telnet, a virtual terminal protocol that is part of the TCP/IP protocol suite, allows for connections to hosts. You can set a connection between the router and a connected device to support the following Telnet capabilities for the duration of a session:
Each item is described in a following section. If you want to configure these capabilities on a more permanent basis, use the corresponding telnet commands provided in Chapter 4.
A hardware Break signal is generated when a Telnet Break command is received. You can configure the router to also generate a Break on Interrupt Process. To enable the system to generate a hardware Break signal on the RS-232 line that is associated with a reverse Telnet connection, complete the following task in EXEC mode:
Task | Command |
---|---|
Set the system to generate a hardware Break signal. | terminal telnet break-on-ip |
This capability is useful because several user Telnet programs can send an Interrupt Process command but cannot send a Telnet break signal, while other programs implement a Break signal that sends an Interrupt-Process command. RS-232 devices use the hardware Break signal for various purposes.
You can cause Telnet to refuse to negotiate full-duplex, remote echo options on incoming connections. Doing so suppresses negotiation of the Telnet Remote Echo and Suppress Go Ahead options. Perform the following task in EXEC mode on a reverse Telnet connection to allow the router to refuse these requests from the other end:
Task | Command |
---|---|
Set a line to refuse to negotiate full duplex, remote echo options. | terminal telnet refuse-negotiations |
To allow the line to negotiate a bit rate on an incoming connection for the duration of a session, perform the following task in EXEC mode:
Task | Command |
---|---|
Set the line to negotiate speeds on incoming connections. | terminal telnet speed default-speed maximum-speed |
The router uses default-speed if the connected device does not specify a speed. The argument maximum-speed is the highest speed the router will use during the session.
To cause an incoming connection to send a Telnet synchronize signal when it receives a Telnet Break signal during the session, complete the following task in EXEC mode:
Task | Command |
---|---|
Cause an incoming connection to send a Telnet synchronize signal when it receives a Telnet Break signal. | terminal telnet sync-on-break |
This capability is used very rarely to ensure the ordering of Break reception with respect to data characters sent after the Break signal.
To cause the router to send a carriage return (CR) as a CR followed by a NULL instead of a CR followed by a line feed (LF) during a session, complete the following task in EXEC mode:
Task | Command |
---|---|
Send a CR followed by a NULL instead of a LF. | terminal telnet transparent |
This capability is useful for coping with different interpretations of end-of-line handling in the Telnet protocol specification.
Using Telnet involves connecting to remote routers, switching between Telnet connections, and executing special Telnet sequences.This section includes the telnet EXEC command, which is used to connect to other routers for remote configuration or to connect to local systems that might need configuration or setup changes.
Using Telnet, you can accomplish the following:
To log into a server, enter the EXEC command login at the system prompt. Specify your username and optionally a TACACs server by name or IP address.
Task | Command |
---|---|
Log into a server. | login [user@tacacs-server] |
To open a new Telnet connection, exit out of the current connection by typing the escape sequence, which by default is Ctrl ^ X (press the Ctrl, Shift, and ^ keys simultaneously, let go, then press the X key) to return to the system command prompt, then open a new connection.
Perform the following tasks in EXEC mode, as necessary, to connect to a remote host using Telnet.
Task | Command |
---|---|
Make a Telnet connection. | [connect | telnet] host [port] [keyword] |
Escape out of the current connection and return to the EXEC prompt to make another connection. | Ctrl ^ X |
With our implementation of TCP/IP, you are not required to enter the command connect or telnet to establish a Telnet connection. If you prefer, you can just enter the learned host name. You can disable the ability of the system to interpret a host name as a Telnet command (see the section "Prevent Errant Connection Attempts" earlier in this chapter).
You can switch between connections by escaping out of one connection and resuming a previously opened connection. To do so, perform the following steps:
You can also resume the previous connection by pressing the Return key at the EXEC prompt.
The Telnet software supports special Telnet commands in the form of Telnet sequences that map generic terminal control functions to operating system-specific functions.
To issue a special Telnet command, type the escape sequence (usually Ctrl ^) and then a command character. You can type the command character as you hold down Ctrl or with Ctrl released, and you can type either uppercase or lowercase letters. Table 2-3 lists the special Telnet commands.
Task | Key Sequence |
---|---|
Break | Ctrl ^ B |
Interrupt Process (IP) | Ctrl ^ C |
Erase Character (EC) | Ctrl ^ H |
Abort Output (AO) | Ctrl ^ O |
Are You There? (AYT) | Ctrl ^ T |
Erase Line (EL) | Ctrl ^ U |
At any time during an active Telnet session, you can list the Telnet commands by typing this command at the system prompt:
Ctrl ^ ?
To execute this command, type the escape sequence followed by a question mark. It displays an online table of the special Telnet commands for quick reference.
A sample of this list follows (the Ctrl key is represented by the first ^ character).
[Special telnet escape help]
^^B sends telnet BREAK
^^C sends telnet IP
^^H sends telnet EC
^^O sends telnet AO
^^T sends telnet AYT
^^U sends telnet EL
You can reset a terminal line to idle state by performing the following task in EXEC mode:
Task | Command |
---|---|
Reset a terminal line. | clear line line-number |
The router EXEC provides two ways for you to terminate an active terminal session. To do so, use one of the commands in Step 1 that follows. Perform Step 2 if you also want to disconnect the line.
Task | Command |
---|---|
Step 1 End an active session; use either command. | exit logout |
Step 2 Disconnect a session. | disconnect [connection] |
Do not disconnect a session merely to end it. Instead, log off the host, thus allowing the host to initiate the disconnect and then end the session. If you cannot gracefully end an active session, then disconnect the line.
The router supports the following connection activities:
Each activity is described in a following section.
You can display information about all open Telnet connections associated with the current terminal line by using one of the following commands. The information displayed includes the host name, address, number of characters waiting to be sent to the terminal, idle time, and connection name. To display the connection information, perform the following task in EXEC mode:
Task | Command |
---|---|
Display connection information. | where show sessions |
You can assign a logical name to a connection by performing the following task in EXEC mode. This function can be useful for keeping track of multiple connections.
Task | Command |
---|---|
Rename a connection. | name-connection |
You are prompted for the connection number and name to assign when you enter this command. The where command displays a list of the assigned logical connection names.
You can display TCP statistics on open Telnet connections by performing the following task in EXEC mode:
Display status of all Telnet connections. | show tcp [line-number] |
You can display a comprehensive report about the settings in effect on the current terminal line, including information such as the line number, line status, modem state, special characters set, and preferred transport protocol. This information can be useful for changing lines to match expected settings using the local terminal parameter-setting tasks described in the section " Set Terminal Parameters" earlier in this chapter.
To show the current terminal parameters, perform the following task in EXEC mode:
Task | Command |
---|---|
Display local terminal settings. | show terminal |
You can display information about the active lines on the router by using one of the following EXEC commands:
Task | Command |
---|---|
Display information about a line. | show users [all] systat [all] show line [line-number] |
You can enable the Finger protocol so that people throughout the network can get a list of the users on the router. The information displayed includes the processes running on the system, the line number, connection name, idle time, and terminal location. To enable the Finger protocol, perform the following task in global configuration mode:
Task | Command |
---|---|
Enable the Finger protocol requests. | service finger |
|