Line Configuration Mode

Interface configuration does not include the console or auxiliary ports. These interfaces, along with settings related to telnet sessions, are configured using the line command. Again accessed via global configuration mode, these ports and settings are also configured using their names, though with a slightly different syntax.

Console. The configuration of a router’s console port is accessed using the command line console 0. Accessing the line configuration for the console port allows you to configure settings such as a password.

Auxiliary. The auxiliary port’s configuration is accessed using the command line auxiliary 0.

Virtual Terminals. Telnet ports are also known as virtual terminals. Different routers will allow varying numbers of simultaneous telnet sessions, depending upon their IOS version. Telnet connections occur over an existing hardware port, such as a correctly configured Ethernet or serial interface. However, properties relating to telnet sessions are set by configuring virtual or vty ports. The command to configure virtual terminal ports is line vty, followed by the number (or numbers) of the ports that you wish to configure.

To access a line configuration, you must already be in global configuration mode. In the example below, we are accessing the line configuration of the console port.

toronto-1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
toronto-1(config)#line console 0

Notice the prompt has changed to toronto-1(config-line)#. Again, it’s up to you to remember which line you just accessed. We’ll look at the actual configuration of line properties (and specifically setting passwords) shortly.

Interface Configuration Mode

Configuring router interfaces involves accessing their own specific configuration environments. Each interface is configured individually, according to its name and numeric identifier. To begin, you need to enter global configuration mode. Then, you’ll need to access a specific interface using the interface command. The output below demonstrates entering global configuration mode, and then attempting to determine the command to access our router’s Ethernet interface.

toronto-1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
toronto-1(config)#interface ?
Async Async interface
BVI Bridge-Group Virtual Interface
Dialer Dialer interface
Ethernet IEEE 802.3
Group-Async Async Group interface
Lex Lex interface
Loopback Loopback interface
Null Null interface
Port-channel Ethernet Channel of interfaces
Serial Serial
Tunnel Tunnel interface
Virtual-Template Virtual Template interface
Virtual-TokenRing Virtual TokenRing

Notice the option for Ethernet. To continue, enter interface ethernet ?.

toronto-1(config)#interface ethernet ?
<0-0> Ethernet interface number

The command requires that we specify the number of the Ethernet interface that we wish to configure. Remember that some routers will have more than one Ethernet interface. Our Cisco 2501 has only one Ethernet interface, nominally numbered 0. If we issue the command interface ethernet 0 and press Enter, notice how the command prompt again changes.

toronto-1(config)#interface ethernet 0

The prompt now shows toronto-1(config-if)#. This designates that we are in interface configuration mode, although you should note that the prompt doesn’t actually identify the interface – that part you’ll need to remember on your own. Accessing a serial interface would have been just as simple – the command would be interface serial, followed by the nominal interface number.

You can also use shortcuts to access interfaces. For example, we could have accessed interface Ethernet 0 using the command int e0.

toronto-1(config)#int e0

The shorthand version is a great deal quicker – I’m sure that’s ultimately what you will end up using.

Depending upon the router model, accessing interfaces can be slightly different. Some of the routers that we looked at in the Chapter 6 are modular. In these cases, interfaces are numbered according to both their slot and interface number. For example, on a Cisco 2600 router, the first Fast Ethernet interface would be known as FastEthernet0/0. The numbering designates the interface’s slot/port number, and would be accessed as shown below.

Router(config)#int fastethernet 0/0

To exit the configuration of an interface and return to global configuration mode, use the exit command. You can also exit global configuration mode completely by pressing Ctrl+Z.


We’ll explore the actual configuration of router interfaces later in the chapter. For now, we’ll continue with our look at the different configuration modes.

Global Configuration Mode

In order to make any configuration changes of substance to a Cisco router, you’ll need to access global configuration mode. Three main global configuration modes are available, and allow you to change the configuration stored in different locations. Noting the differences between the three is extremely important. The three main modes include:

Configure Terminal. This mode is by far the most common one you’ll interact with. Configure terminal allows you to make changes to the running configuration of the router, which you should recall is stored in RAM. These settings are the ones currently being used by the router.

Configure Memory. This mode provides you with access to changing the startup configuration of a router, which is stored in NVRAM. If you choose this mode, the startup configuration file will be loaded into RAM, where it can then be changed. It is generally a good idea to back up the current running configuration to a TFTP server prior to issuing this command – we’ll look at how that is accomplished later in the chapter.

Configure Network. This mode allows you to change a configuration file that is stored on a TFTP server. Again, this file would first be loaded into RAM, then allowing you to make changes. Similarly, a backup of the current running configuration should first be performed.

For the most part, you will be making changes to a router’s running configuration, so you’ll probably be using the configure terminal or config t option. To access global configuration mode, simply enter configure terminal from the privileged mode command line.

toronto-1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.

Notice that the prompt has changed – the new prompt specifies that we are in global configuration mode. You should also pay attention to the instructions – the section that says End with CNTL/Z actually means that to exit global configuration mode, you should press Ctrl+Z. This command was also covered in the IOS shortcuts we looked at earlier.

While entering the complete command configure terminal isn’t too tough, you can also access global configuration mode using shorthand. In this case, try con t.

toronto-1#con t
% Ambiguous command: "con t"

Again we end up with the ambiguous command message. But why? To find out, enter con? at the prompt:

configure connect

Notice that both the commands configure and connect start with the letters CON. Let’s try going a step further, adding another letter:

toronto-1#conf t
Enter configuration commands, one per line. End with CNTL/Z.

It worked! The command conf is not ambiguous, nor is using the letter T to represent terminal. Just to confirm, take a look at the options available for conf ?.

toronto-1#conf ?
memory Configure from NV memory
network Configure from a TFTP network host
overwrite-network Overwrite NV memory from TFTP network host
terminal Configure from the terminal

Don’t worry about the overwrite-network option. It allows you to overwrite the startup configuration file stored in NVRAM with one stored on a TFTP server. Looking at the end of the output above, notice that one of the options is a carriage return . If you type conf and then press Enter, you will be asked where you want to configure from, with terminal being the default option. Pressing Enter again will automatically choose the terminal option.

Configuring from terminal, memory, or network [terminal]?
Enter configuration commands, one per line. End with CNTL/Z.

To return back to privileged mode, press Ctrl+Z. This will produce the ^Z characters shown. Ctrl commands do not require you to press Enter.


IOS Configuration Modes

One thing that you’ll definitely need to be familiar with when attempting to configure a Cisco router is the different configuration modes available. We’ve already discussed the basic idea behind user mode and privileged mode. However, when it comes down to actually configuring almost all settings, you will need to be in what is known as global configuration mode. From this mode, you will also be able to access the configuration of individual interfaces, and eventually routing protocols as well. In this section we’ll take a look at accessing the different configuration levels and some associated commands.

IOS Help Commands

The most wonderful thing about Cisco’s IOS command line interface is that help is available every step of the way. There are a few tricks to using the help system effectively. The most basic element that you’ll need to be familiar with is the help command itself – the question mark.

From the command line, you can always get information on available commands by entering ?. This command is sensitive to where you happen to be in the environment – for example, the commands that are available to you from user mode are different than those available in privileged mode, which in turn are different from those available when configuring an interface. We’ll look at configuration modes shortly. For now, we’ll start off by getting a sense of how to use the help command effectively.

Notice that when we press ? from privileged mode, we’re presented with a list of available commands.

Exec commands:
<1-99> Session number to resume
access-enable Create a temporary Access-List entry
access-profile Apply user-profile to interface
access-template Create a temporary Access-List entry
bfe For manual emergency modes setting
cd Change current directory
clear Reset functions
clock Manage the system clock
configure Enter configuration mode
connect Open a terminal connection
copy Copy from one file to another
debug Debugging functions (see also 'undebug')
delete Delete a file
dir List files on a filesystem
disable Turn off privileged commands
disconnect Disconnect an existing network connection
enable Turn on privileged commands
erase Erase a filesystem
exit Exit from the EXEC
help Description of the interactive help system
lock Lock the terminal
login Log in as a particular user

The list displayed only includes commands up to login – this is a function of my screen display size. Can you see the –More– entry at the bottom of the list? You can display the remaining commands, one screen at a time, by pressing the spacebar. You can also view additional commands one at a time by pressing the Enter key. Each command also provides a short explanation of what it is used for.

The Terminal History Command

The commands for moving back and forth on the command line are pretty self-explanatory. However, some of the commands listed in Table 1 are especially useful. For example, the up and down arrows allow you to scroll through previous commands, much like you might be familiar with from the Windows or Linux command line.

If you do choose to scroll through commands regularly, you may want to control how many commands are stored in the router’s command history. Conversely, you might feel that the command history feature represents a security threat – another user could easily view recently issued commands if you were to step away from the router momentarily without logging off. In that case, you can also turn the command history off.

Configuring terminal history settings can be accomplished from both user mode and privileged mode. By default, the command history feature is enabled, and is set to show the last 10 commands entered. To verify this, use the show terminal command. I’ve eliminated most of the command’s output in the example below to show only the data relevant to terminal history settings.

toronto-1>show terminal
History is enabled, history size is 10.

In order to actually view the command history, use the show history command:

toronto-1>show history
show int e0
show int s1
show int s0
show history
show history
show sessions
sh ver
sh term
sh history

You can also set the command history to a larger or smaller size. To set the command history to buffer the last 20 commands issued, use the terminal history size command.

toronto-1>term his size 20

Notice that in the example above, I entered shorthand versions of the first two parts of the command. Instead of entering terminal history size 20, I simply truncated it to a shorter version that still provided enough information to not be considered ambiguous by the router.

Finally, if you want to turn the terminal history feature off, enter the command:

toronto-1>terminal no history

Terminal history can easily be re-enabled by issuing the command terminal history.

Cisco IOS Keyboard Shortcuts

A number of shortcuts exist within the IOS command line interface. We’ve already seen that we could simply enter y or n to represent answering yes or no from within the System Configuration Dialog setup modes.

Before getting into the various shorthand versions of commands that can be used in the IOS, let’s look at the editing commands available. Editing commands (sometimes referred to as “hot keys”) allow you to quickly navigate the command line. For example, these can be used to move the cursor forward or back a word, move the cursor to the beginning or end of a line, and so forth. There are a number of these editing commands available, and to remember them, I suggest creating associations between the shortcuts and what they do. For example, pressing CTRL+A will move your cursor to the beginning of a line. Associate the command with the fact that the letter A begins the alphabet, and it’s easier to remember. In the same way, CTRL+E will bring you to the end of a line – just associate E with “end”. The list below outlines the primary editing commands available on a Cisco router. You’ll need to be familiar with what each key or combination does, so be sure to practice using these! Of course, they’ll also come in very handy when trying to configure a router quickly in real life.

Delete: Removes the character to the right of the cursor
Backspace: Removes the character to the left of the cursor
Up Arrow: Allows you to scroll forward through previous commands
Down Arrow: Allows you to scroll backwards through previous commands
Ctrl+P (or up arrow): Displays the last command entered
Ctrl+N (or down arrow): Displays previous commands entered
Ctrl+A: Moves the cursor to the beginning of the current line
Ctrl+E: Moves the cursor to the end of the current line
Ctrl+F: Moves forward one character
Ctrl+B: Moves backwards one character
Esc+F: Moves forward one word
Esc+B: Moves backwards one word
Ctrl+R: Redisplays a line (starts a new line, with the same command shown)
Ctrl+U: Erases a line
Ctrl+W: Erases a word
Tab: Completes a partial command
Ctrl+Z: Exits configuration mode, returning you to privileged EXEC mode

One very helpful shortcut listed in Table 1 is the Tab key – instead of having to type out a complete command, you can instead type just enough of it such that the command is not ambiguous. For example, if you were to type sh and press the Tab key, you would be presented with the completed command show. However, typing s alone and pressing tab won’t do the same. Many commands start with the letter s, and the router wouldn’t be able to determine which command you were referring to. A good way to get used to entering partial commands is to hit the tab key after entering the first few letters at the command line – this will give you a feel for how much of the command needs to be entered in order for it not to be considered ambiguous.

Similarly, commands can be issued in shorthand. For example, if you grow tired of entering the complete command enable to enter privileged mode, you could simply type en and press enter, as shown below.


However, notice what happens when you only type e and press enter in the same scenario:

% Ambiguous command: "e"

My suggestion is that you first familiarize yourself with the complete commands we look at. Next, focus on using the Tab key to complete them. Finally, figure out the shorthand versions that can be used to represent them.

Router Configuration Files

In order to get a sense for what is really happening when you configure a router, you will need to understand the difference between a router’s running configuration and its startup configuration. In Chapter 6 we looked at the contents of RAM and NVRAM. A router’s running configuration is stored in RAM. When you make changes to the configuration of a router, this is almost always what you are changing. However, remember that the contents of RAM are lost when a router is powered down. As such, if you want to save any changes that you’ve made, you will need to copy them to NVRAM, where the startup configuration is stored. The startup configuration that is saved in NVRAM is the one that will be applied to the router if it is rebooted.

Before getting into the details of how to save a router’s configuration, we should first know how to view both the startup and running configurations. Both can be accessed from privileged EXEC mode using the show command. A variety of different configuration elements can be viewed using the show command, many of which we’ll look at as the chapter progresses.

To view the current running configuration of a router, use the show running-config command. To view the startup configuration, use the show startup-config command.

toronto-1#show running-config
Building configuration...

Current configuration:
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service tcp-small-servers
hostname toronto-1
enable secret 5 $1$RATF$Rr5XuMrPDNBHSqnvJLVwI/
enable password cisco2
ip subnet-zero
process-max-time 200
interface Ethernet0
ip address
toronto-1#show startup-config
Using 739 out of 32762 bytes
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service tcp-small-servers
hostname toronto-1
enable secret 5 $1$RATF$Rr5XuMrPDNBHSqnvJLVwI/
enable password cisco2
ip subnet-zero
process-max-time 200
interface Ethernet0
ip address

Since we haven’t really configured any major settings yet, I cut the output of both commands to save space. You may have noticed that the output from both commands looks fairly similar. That’s because we haven’t made any configuration changes yet. If we had, the running configuration would include settings not yet saved to the startup configuration.

In order to save the running configuration to the startup configuration, use the copy running-config startup-config command.

toronto-1#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...


Notice the format of the command – it is telling the router to copy the settings found in the running configuration to the startup configuration. In other words, the format of the copy command is:

copy from to

But why is this important to remember? Because if you issue the command in the reverse order – copy startup-config running-config – you are actually telling the router to overwrite the current running configuration with the settings found in the startup configuration! Take time to think before issuing these commands, and be sure to remember that you are always specifying the source first, followed by the destination. We’ll look at the configuration files in much more detail later in the chapter. For now, just remember that in order to save configuration changes, you’ll need to copy them to the startup configuration stored in NVRAM.

Logging In and Logging Out with a Cisco Router

For the time being, we’re going to continue to access the router via a console connection. We’ll get into the details of connecting via a telnet session a little later in the chapter. After connecting, you’ll be presented with the message below.

toronto-1 con0 is now available
Press RETURN to get started!

The message makes us aware that we are connected to the console port, also known as con0. After pressing Enter, we’ll be in what is known as user EXEC mode. You can always identify the mode you are in by the prompt you are presented with. In this case, the prompt appears as:


Notice that the prompt displays the hostname that we configured when walking through the extended setup. In this case, it ends with a > sign, which designates that we’re in user EXEC mode (or just “user mode” for short). Your capabilities in user mode are fairly limited, allowing you to view information such as statistics, issue pings, show system hardware and software status, and so forth. In order to get at the configuration of the router, we’ll need to be in what is known as privileged EXEC mode (also known as “privileged mode”). To access privileged mode, you need to issue the enable command.


Because we set the enable secret password to cisco, this is the password that we enter to access privileged mode. The password does not appear on the screen while you are typing, nor are characters designated with asterisks – this is for security purposes. Notice how the prompt has changed. Instead of the > character, the privileged mode prompt is designation by the # sign.

Tip: Don’t forget that the > prompt signifies user EXEC mode, while the # prompt signifies privileged EXEC mode.

Once you have finished configuring your router, you will want to exit privileged mode. Doing this is quite intuitive; the command you need to enter is simply disable.


Notice that issuing the disable command returns us to user mode, as shown by the > prompt. In order to log out of the router completely, you have the choice of issuing either the logout or exit command. These commands can also be issued directly from privileged mode, allowing you to log out of the router in a single step.

toronto-1 con0 is now available
Press RETURN to get started!

Using the logout or exit command brings us right back to where we started.

Cisco Router System Configuration Dialog

After the IOS loads, it looks for a valid startup configuration file in NVRAM. In cases where this file is not found, the router will enter what is known as the System Configuration Dialog. This environment is almost like a wizard, in that it will prompt you with questions relating to the configuration of the router. It can be used to configure basic settings only, or more advanced parameters, depending on your requirements. For the most part, the configuration that can be accomplished from this environment is somewhat limited, and not nearly as extensive as what can be done directly from the command line.

To begin our configuration, we’ll need to connect a rollover cable between the console port on the router and the COM port on a PC. Use a program such as Windows HyperTerminal (or your preferred terminal emulation program) to create a terminal session with the router, as outlined in Chapter 6. Once the router boots, you’ll notice a range of messages that relate to the bootstrap program, the router’s IOS version, interfaces, memory, and more. When the messages are done, you are presented with the System Configuration Dialog Utility, as shown below.

--- System Configuration Dialog ---
Continue with configuration dialog? [yes/no]: y
At any point you may enter a question mark '?' for help.
Use ctrl-c to abort configuration dialog at any prompt.
Default settings are in square brackets '[]'.
Basic management setup configures only enough connectivity
for management of the system, extended setup will ask you
to configure each interface on the system
Would you like to enter basic management setup? [yes/no]:

Notice the structure of the questions. You are first asked if you are interested in continuing with the initial configuration dialog. I chose “yes” by typing the letter “y” (you could also fully type “yes”) and then pressing Enter. Doing so provides you with information about obtaining help, aborting the configuration (pressing CTRL+C), and default settings.