Chapter 3

Cisco is generally viewed as a hardware company noted for their many networking products. Often overlooked is the software necessary to make the hardware function (the operating system). You would expect Cisco to use one or more types of operating system software (and they do), but the most commonly used one is the Cisco Internetworking Operating System, or IOS. Cisco also makes a large line of other software products for network management, router configuration, accounting, security, router functionality enhancement, and more.

In this book, we will be focusing on the software products that are either necessary (operating systems) or optional (configuration tools) for the routers described in the hardware section. The primary operating system we will discuss is Cisco IOS. IOS has many features and supports a wide variety of networking protocols, although not all of them are available on all platforms. The low end Access routers (Cisco 760 and 770 series) do not use IOS, but rather their own operating system inherited from the merger with Combinet.

The optional software from Cisco we will be focusing on will be for router configuration and management and for enhanced functionality. There are six main products for configuring and managing routers: CiscoView, CiscoWorks, CiscoWorks for Windows, Cisco Resource Manager, Cisco ConfigMaker, and Fast Step.

Cisco IOS is the operating system for the majority of Cisco routers. It is one of the core reasons for Cisco’s success, because it maintains its user interface across multiple platforms. This makes knowledge of IOS portable across most of the Cisco product line. If a user can configure a low-end router like a Cisco 2500 for Frame Relay, they can do the same on larger routers as well. It also provides excellent context-sensitive command line help.

In order for IOS to scale between the largest and smallest routers in Cisco’s product line, features must be scaleable as well. Cisco offers a wide variety of networking protocols and features in IOS, although not all are available on all platforms. Most users will take advantage of less than 10% of the features available in their version of IOS, and in most cases, that will be all they need.

IOS configuration has traditionally been through a command line interface (CLI). The CLI is a scary place for the accidental administrator and those not familiar with networking in general. Many tools exist to provide a buffer between the network administrator and CLI. These can provide basic configurations and assist in troubleshooting, but all Cisco administrators (accidental or otherwise) should familiarize themselves with the CLI. In a worse case scenario, it becomes the user interface of last resort.

The only non-IOS operating system covered in this book is the one used to run the Cisco 700 family of ISDN access routers. This operating system is very different from IOS, providing a much smaller feature set and a much less intuitive CLI. Fortunately, GUI based tools exist to configure these routers, making basic configurations easier.

This operating system supports only IP and IPX network protocols and comes in three feature sets: Small Office/Home Office (SOHO), Remote Office (RO), and Internet Ready. The SOHO software feature set supports routing of IP and IPX for up to four devices with STAC compression. The RO software feature set supports IP and IPX routing with STAC compression for up to 1,500 devices. The Internet Ready software feature set supports routing of the IP protocol for up to four devices.

Software feature packs are available for the Cisco 700 family of routers. They consist of CD-ROMs that contain software feature set images and a Windows 95 application, which loads the images onto a router. This makes updating the router OS much easier than through the CLI.

CiscoView graphically displays a physical view of Cisco devices providing dynamic status, statistics, and comprehensive configuration information for a wide variety of Cisco hardware. It also provides monitoring functions to aid in basic troubleshooting. CiscoView is bundled with CiscoWorks, CiscoWorks for Windows and CiscoWorks for Switched Internetworks, and is available as a standalone product.

CiscoWorks is a highly configurable management tool that works with many different types of Cisco equipment. It consists of four main products: CiscoWorks, CiscoWorks for Windows, CiscoWorks for Switched Internetworks, and CiscoWorks Blue series. This book is only concerned with the first two options, whose platforms availability is listed in Table 3-1.

CiscoWorks

CiscoWorks for Windows

Table 3-1. List of supported platforms for CiscoWorks and CiscoWorks for Windows.

CiscoWorks for Switched Internetworks is for managing Cisco network switches in the Catalyst and LightStream series. The CiscoWorks Blue series consists of several individual pieces, which manage IBM SNA protocols running over a variety of Cisco equipment.

Cisco Resource Manager is a network management suite that delivers an Internet-based solution for managing Cisco networks. It offers rapid, reliable device software upgrades, easy tracking of network changes, and quick isolation of error conditions for Cisco routers and switches. Its applications, together with links to CCO (Cisco Connection On-line) service and support, speed network administrative tasks to help you manage your enterprise network.

Cisco ConfigMaker is an easy-to-use Windows 95/NT network and device configuration tool for the Cisco 1000, 1600, 2500, and 3600 series routers. It is a user-friendly alternative to the existing Cisco command line interface normally used to configure the Cisco router. Using ConfigMaker, you can configure a single device (or create and configure a network of devices), automatically address those devices, and send the configuration files to them. It includes a spiffy instructional video for learning the basic steps required for using its GUI.

Although ConfigMaker’s documentation claims it will only work on certain routers, this is not exactly true: IOS configuration code is portable across all IOS-based routers

Fast Step allows ready configurations of Cisco 76x and 77x series routers from a PC running Microsoft Windows 95 or NT 4.0. It takes you through a setup wizard that quickly configures the router to connect to the Internet or your corporate network. You can configure the router over the LAN or over a serial cable connected between your PC and the router’s console port. The Fast Step wizard also saves the configuration file so that you can make changes to it later without starting from the beginning.

Cisco breaks up IOS into two main types of releases: major releases and early deployment releases. Major releases support a fixed set of features and platforms through the life of the release. Early deployment releases deliver support for new features and platforms in their regular maintenance updates. Both progress through their life cycle by moving through stages of maintenance releases and interim builds. Maintenance releases become available during regular maintenance cycles. They include all recent bug fixes and are fully tested. By comparison, Cisco has weekly releases of interim builds (which Cisco does not intend for customer use, except in unusual circumstances). This accelerated release schedule implies that the interim builds are usually not extensively tested.

Only major releases ever reach the general deployment stage. Cisco makes general deployment releases available only after extensive testing by Cisco and Cisco customers proves them functional and stable. When a major release reaches general deployment, Cisco considers it ready for unconstrained use in customer networks. A major release becomes general deployment when Cisco is satisfied that the release has been:

• Proven through extensive market exposure in diverse networks
• Quantified with metrics analyzed for stability and bug trends
• Qualified through customer satisfaction surveys

Once a maintenance update for a particular major release achieves general deployment, all subsequent maintenance updates for that release are also said to be general deployment.

Early Deployment Releases

In general, shun early deployment releases (ED) unless you have special needs that only ED releases can fill. Administrators should stick to general deployment releases for enhanced stability. In cases where you must use ED releases, make sure to keep a close watch for the latest scheduled maintenance release of your ED release. These will continue to provide you with the features you need, as well as the latest bug fixes for both the major release and the ED-unique features.

As a group, early deployment releases are based on major releases of Cisco IOS. ED releases are a vehicle to deliver new functionality quickly, and address the need for new platform support. These releases provide new technologies for customers to deploy in a limited manner on their networks. Note that similar functionality may be available on more than one ED Release. For example, a platform may be introduced initially on the 11.1AA release. Support for this platform may also be included in a ED release based on 11.2, like the 11.2P release. Since 11.2P is based on the 11.2 Major Release, the platform will support additional 11.2 features when deployed on the 11.2P release.

Interim Builds

As part of the normal development process, Cisco creates interim builds incorporating bug fixes both for major releases and for early deployment releases. Interim builds releases occur approximately once a week between maintenance releases. Cisco usually tests each interim build in a limited manner and incorporates fixes in the interim builds into the subsequent maintenance release, which is fully regression tested.

There may be situations in which a customer needs a specific bug fix before its commercial availability on a fully regression tested release. Cisco’s Customer Advocacy (CA) Group may provide interim builds to customers on a case-by-case basis when there is an urgent need to correct a bug. Due to the limited testing performed on interim builds, Cisco strongly discourages the use of interim builds in a production environment. A customer given an interim build should deploy it in the network only as necessary to correct the bug. Moreover, any system running an interim build should migrate to the next maintenance release that properly addresses the problem (which should be the next available maintenance release.)

Release Numbering

The release number of a major release identifies the major release and its maintenance level. In table 3-2, "12.0" identifies the major release, and "7" is its maintenance level. The complete release number is 12.0(7). Occasionally, a release number may have a lowercase letter, as in 12.0(7a). The "a" indicates that there have been a very small number of bug fixes applied since the associated maintenance release (in this example, since 12.0(7)). The release is identical to a regular release in every other way. In general, Early Deployment Releases are differentiated from Major Releases by the use of capital letters in their names. For instance, 11.2 is a Major Release, whereas 11.2P and 11.2BC are Early Deployment Releases.

Table 3-2. Deployment definitions and release timing for Cisco IOS versions.

The IOS CLI is the most basic level of control over your Cisco router. No matter how many GUI based tools you use, you should always have a basic competency with the CLI. In emergencies as well as when GUI tools are not available, you will need to be able to navigate through the CLI in order to manage your routers.

First, think about how to connect to the router. The Windows 95 OS provides two basic methods: HyperTerminal and telnet. Use HyperTerminal when your router console or auxiliary connects directly to one of your PC serial ports (COM1, COM2, etc.). Use telnet when your router connects to your network via Ethernet and has a valid IP address. You will need to configure both properly to optimize their access to the CLI. To start HyperTerminal click on the windows "Start" button, then on Programs ® Accessories ® HyperTerminal, then click on the icon in Figure 3-1.

When HyperTerminal starts, it asks the administrator to choose the name icon for a new connection. The name entered should be "Direct to COM1", and any icon may be chosen. Click "OK" to complete the connection description as shown in Figure 3-2.

HyperTerminal will present the "Phone Number" screen next. No data needs to be entered here, but "Connect using:" needs to be set to "Direct to Com 1" as in Figure 3-3.

HyperTerminal will now configure the communications properties for the serial connection to the router. The default setting for the Cisco router console and auxiliary ports are 9600 bits per second (also known as baud), 8 data bits, no parity, one stop bit, and Xon/Xoff flow control. Make the "Port Settings" window on the screen match the one in Figure 3-4. When complete click "OK".

A blank HyperTerminal window connected to your PC’s COM1 port will now appear. Before starting to use HyperTerminal to manage your router, make sure the terminal properties are set correctly. Click on the "File" menu and select "Properties", then click on the "Settings" tab. Make sure your function, arrow, and control keys act as terminal keys, and your terminal emulation is set to "VT100". Your scroll back buffer lines should be set to the maximum. This lets you see what changes you have made and gives you a greater history from which to cut and paste. Your settings should look like the ones in Figure 3-5.

COM1 on your PC now connects to the router. You should be able to press Enter and see the router command prompt in the window. If this does not happen, you may have the cable incorrectly connected to the router, or you may have chosen the wrong COM port on your PC. Click on "File" ® "Save", "Connection" ® "Disconnect", and "File" ® "Exit". You should now see an icon in the HyperTerminal window for "Direct To COM1" as shown in Figure 3-6. The next time you need to manage a router through this serial port, all you need to do is double-click on this icon, and HyperTerminal will restore all your settings for your.

If you have another router connected to COM2 or any other PC COM ports, repeat these steps for each of them.

Start telnet by first clicking on the Windows "Start" button, then on "Run", then enter "telnet" in the dialog box and press the Enter key. To connect to the router, click on "Connect" ® "Remote System" and enter the host name or IP address of a router on your network. Click on "Connect" to make the connection as shown in Figure 3-7.

When connecting to an IOS router, it will ask you to enter the password to get access. Telnet connections require a password by default, and should remain password protected for security purposes. Once connected to the router for the first time, you will want to make changes to telnet’s default behavior. Unlike HyperTerminal, where terminal preferences are set per connection, telnet has only global options for all connections. To set these properly, you should click on "Terminal" ® "Preferences" and make your screen match the one in Figure 3-8.

Although extremely limited in its usefulness, the Windows telnet program deserves coverage by being ubiquitous. If you plan to manage many routers over the network, you should seriously look at acquiring another program to do the job. Many freeware and shareware programs are available on the network and several of these are available from TUCOWS, The Ultimate Collection Of Winsock Software, at http://www.tucows.com.

One fine program is NetTerm. It includes an address book for connections, better handling of backscroll buffers, and the ability to set preferences per connection. It handles both telnet and serial connections to your router, completely removing the need for Windows telnet and HyperTerminal.

Now that you have basic connectivity to the CLI, you need to understand the two default privilege levels in IOS: access and enable. The access privilege level offers only the most basic of IOS commands. Using access privileges, you can log-in and get basic information about the health of the router. With access privileges, you can look but not touch (effectively, the router is in 'read-only' mode.) If you want to see more information and make changes to the router, you must enter the enable privilege mode. This mode allows you to read and write configuration changes, as well as monitor more in-depth information about the router. This is equivalent to root access on a Unix system, administrator access on Windows NT, or supervisor on Novell NetWare. This means you have absolute control of the router, and can do anything you want to it (including dangerous things, like wiping out the configuration file.)

By default, the console port of the router puts you into the access level of the CLI without a password. The auxiliary port and all telnet connections require the access password. The router does not echo the password back to the screen as you type it. If you make a mistake, the Backspace and Delete keys will both erase the last character typed, although you won’t be able to see it. This makes it hard to make corrections, but at least gives you a chance. Remember that router passwords are case sensitive, so be aware of capital letters and the state of your Caps Lock key. You have three chances to enter the correct access password. If you fail after three attempts, the router will drop your telnet session as shown in Figure 3-9.

When you succeed and log-in to the router, you will see a prompt with the router name followed by the greater than sign (>). This is shown in figure 3-10.

This indicates you are at the access privilege level. In order to reach the enable privilege level you must enter the command "enable", press Enter, and then enter the enable password or the enable secret password. If there is an enable secret password, it takes precedence over the non-secret enable password and therefore will be the only one that will place you in enable mode. IOS does not normally encrypt either the enable password or the access password in your configuration file. However, it does encrypt the enable secret password, making it more secure. You should always configure your routers with enable secret passwords.

Once in enable mode you will notice the prompt has changed and the greater than has been replaced by a pound sign (#). This is shown in Figure 3-11.

Access mode is restricted to 31 commands, while enable mode has 51. This is not the only difference. Options within commands are limited as well. For example, the "show" command has 78 options in enable mode and only 19 in access mode. Due to the enhanced nature of enable mode, it is always necessary to guard your enable passwords for your routers. These are the keys to your kingdom, and passing them out willy-nilly endangers your network security. On the other hand, you should still protect the access password although it is much less of a security risk. Since it is usually necessary to have this password before entering enable mode, it is your first line of defense. Take care of it, and it will help take care of you.

The CLI is probably unlike any interface you have seen before. Although cryptic to most, it does provide a wide variety of features you should know. Focusing only on basic CLI skills, a list of keystroke commands to help you navigate through the CLI as listed in table 3-3.

Table 3-3. Listing of some basic CLI navigation commands.

You should practice using the CLI, and becoming proficient in all of the above keystroke commands. By doing so, you will become more aware of your Cisco routers and their configurations. You should also become familiar with using the on-line help feature.

Cisco IOS provides context-sensitive help using the question mark (?), and Tab keys. Typing a question mark alone shows you all available commands for the current mode. Typing a question mark after typing a partial command will show you all possible commands that will complete the word you started typing. Figure 3-12 shows an example. Typing "c?" in enable mode will show you all the commands that start with "c". It will also leave the "c" on the command line so you can continue typing from the point at which you typed the question mark.

You can use the question mark to help you navigate through the CLI. This is especially useful to infrequent CLI users, who may not remember exact commands, such as how to view the status of a certain interface. If you type one or more characters of a command and end with a question mark ("s?") you will get a list of all commands starting with those characters. If you type enough letters of a command to make it unique, then type a space, and then a question mark ("show inter ?") you will get a list of all keywords that can be appended to that command. This is shown in Figure 3-13.

The Tab key will complete a word for you when no other words will fit as shown in figure 3-14. This allows you to see a whole command without having to type in lengthy words and phrases like configuration, frame-relay, payload-compression, and packet-by-packet. The following is an example of the use of the Tab key to show the whole command without typing it all. The bold characters show the characters typed. Each time the Tab key is pressed, the CLI completes the word on the next line, and you can continue typing.

This is very useful in configuration mode, because you may want to see the whole command spelled out for you, without being forced to type it in. The CLI will let you enter partial commands, as long as the characters you type are unique for one command. For example, there are seven commands in enable mode that start with the letter "s". If you enter "s?" at the command line, the system will show them to you, as seen in Figure 3-15.

Note two things of interest here: first, there is only one command starting with "sh" and it has an asterisk next to it. If you wanted to use the "show" command, all you would normally need to type would be "sh", the unique first letters of the command name. However, the asterisk indicates that the first letter alone will invoke this command. So, using either "s" or "sh" gives you the same results as typing the whole word "show". However, simply typing "s<tab>" will not fill in the command line, because there are not enough unique characters. You must type "sh<tab>" if you want the word "show" to appear automatically for you as shown in figure 3-16.

By using short cuts in the CLI, you can become more familiar with it, and more proficient at entering commands. The command line help character (the question mark) should be part of your every day router programming skills. This will help you remember which commands you want to use, if it has been a long time since you have used the CLI.

The IOS user interface provides access to several different command modes. Each command mode provides a group of related commands. The five basic CLI modes we will discuss are ROM (Read Only Memory) monitor, Initial Setup, User EXEC, Privileged EXEC or Enable, and Global Configuration mode. These are only a few of the many different modes available in IOS, but you should consider them as all you really need to know (until you get familiar with them.) Each mode has its own unique command set, giving you access to a particular portion of the operating system features. The vast majority of command modes are only available when configuring the router. These all become available to you after entering Global Configuration mode (which you can only enter from enable mode).

Within each Cisco IOS router is a bootable ROM chip with a very basic operating system on it. During normal operations, you never see this mode; in case of a catastrophe (such as a loss of enable mode password or a corrupt image of IOS), you will need to use it to recover. ROM monitor mode is the most basic fallback position for emergency router maintenance. You should learn the basics of this mode, and hope that you never really need to use it.

Entering ROM monitor mode sounds simpler than it is. All you need to do is send a break character down the serial line to the console port within 60 seconds of booting the router. However, the break key on your keyboard may not be the way to do this, depending on how you are accessing the console port. Some methods for sending the break character are listed in table 3-4. If they don't match your exact software needs, they may be able to take you in the right direction. You should practice entering ROM monitor mode and take notes. This will help you manage any future catastrophe better, because ROM monitor mode will not seem so alien to you.

Table 3-4. Various ways to send a "break" from serial devices and software.

Once in ROM monitor mode, you will see something like figure 3-17 on the screen:

As in IOS, pressing the question mark key will present you with a list of all available commands. These commands as listed in figure 3-18.

Warning! Do not play around in here! You can do really nasty things to your router that you may never be able to undo. The only time you should be working in ROM monitor mode is when you know what you are doing. How do you learn what to do? In most cases requiring recovery from a catastrophic failure (such as loss of password or corruption of an IOS image) you can get verbatim instructions from Cisco. Call phone support or access Cisco’s troubleshooting engines on the World Wide Web. You will receive a list of step-by-step instructions on how to correct your problem. Once you have completed it, the reset command will reboot the router, and move on to the next stage of recovery. ROM monitor mode will not let you fix most problems directly; rather, it allows you to make certain configuration changes that enable you to fix your problem directly in IOS.

When you first receive a router, you should connect it to a serial console device such as a PC running HyperTerminal or a dumb terminal before the first boot. If your router came from a third party, someone may configured it previously and you will not see the initial setup dialog. If the router came from Cisco directly, it should come up in initial configuration mode, which looks like figure 3-19.

This mode provides you with an easy-to-understand configuration menu. It takes you quickly and easily through the steps needed to provide basic functionality. Of course, you will need to know how you want the router configured before you begin. Among the information you should have before you start are the protocols you will use (TCP/IP, IPX, AppleTalk, etc.), the addresses for each interface, the routing protocols used, and whether or not to use SNMP.

During the initial setup mode, all you need to do is answer the questions put to you. Most are "yes" or "no" questions, and entering "y" or "n" will suffice. If the answer you wish is already on the command line in square brackets "[ ]", all you need to do is press the Enter key to choose it. A basic configuration dialog for a Cisco 2501 router might look like the one below. In this case, we are using a single direct T1 line to the Internet, a single Ethernet connection to our local network, the RIP routing protocol, and the TCP/IP protocol only. First, start by choosing to enter the configuration dialog and viewing the available interfaces as shown in figure 3-20. You should double-check the interface summary against the physical configuration of the router, and note any discrepancies.

Setup will then ask you to give the router a name and enter all three of its passwords. The first is the enable secret password. This password gets you into enable mode, if it exists. It is encrypted so that no one seeing the configuration file for the router will know what it is. The next password is the enable password. This is stored in plain text and should be different from the enable secret password. It seems silly for Cisco to force you to enter both, since you will never use the enable password if an enable secret password exists. Finally, the virtual terminal password is entered. This is also stored in plain text. It is the password used to enter user exec mode when logging into the router over the network. This is shown in figure 3-21.

Here we choose to use SNMP network management and set the community to gwy-ro-pass. It is extremely important not to use the default community of 'public' for your routers. Most SNMP capable devices use public as the default community string. Hackers trying to attack your network devices via SNMP will always try a community string of "public" first. This community string acts as the password for reading and writing SNMP data to your router. If you choose the default, you could open your router up to severe problems.

Next, choose not to use the Novell IPX protocol, use TCP/IP, not use the IGRP (Interior Gateway Routing Protocol) routing protocol, and use the RIP routing protocol. This is shown in figure 3-22.

Finally, configure each interface with an IP address and the number of bits in the subnet field. If you are part of a larger network, such as a corporate WAN or the Internet, you will receive the IP address numbers and subnet information from the manager of that network. In the case of the Internet, that will always be your ISP. The interface configurations are listed in Figure 3-23.

Once complete, Setup will show you the default configuration file. This is shown in figure 3-24. If it is acceptable, enter yes, and Setup will write it to NVRAM (Non-Volatile RAM). The configuration will take effect immediately, and if all else is correct, the router will start doing its job.

User exec mode is the most basic connection to the router. By default, it asks only for a password when you connect to the router over the network. You know you are in user exec mode when your router prompt is the router name followed by a greater than character (>). This is shown in figure 3-25.

In this mode, a user can investigate the network and get basic information on the router only. In order for them to perform configuration changes, they must be able to get into enable mode.

Regardless of how safe this seems, you do not want common users to have access to your router, even in user exec mode. Protect this password as you would protect the enable mode password. Without it, users cannot get any information about the router except from the console or aux (auxiliary) ports. You can remedy this by placing the same user exec mode password on the console and aux ports, then no one can get information about your router, even if they have the enable mode password.

This mode holds ultimate sway over your router. It is the highest level of security, equal to the root user in Unix, the system user in Novell, and the administrator user in NT. With it, you can do anything you want to the router (including thoroughly trashing it!) Be careful in this mode, and always have a clear idea about what you are trying to do before entering it. This will help to keep you focused and out of trouble.

To get into enable mode, you must first enter user exec mode. Once there, simply enter "enable" at the CLI and the router will prompt you for the enable secret password if there is one, or the enable password if there is not. Once in enable mode, you can do anything to the router: check and reset ports, alter the configuration, and even alter the revision of IOS running on the router.

Global configuration mode allows you to make changes to the router’s configuration information. You know you are in global configuration mode when your prompt is the router name followed by the word config in parentheses and a pound sign. This is shown in figure 3-27.

You get into global configuration mode by using the "configure" command (or "conf", for short.) There are four possible sources of configuration updates, and you can see them by entering "conf ?" at the CLI. This is shown in figure 3-28.

If you enter "conf" only, the router will prompt you to provide a source for the updates. Only three of the four are listed, but you can access the fourth by entering "ov". This is shown in Figure 3-29.

Configuring the router from the CLI directly is done using the "configure terminal" or "conf t" command, commonly used for general router maintenance and small configuration changes. This is the only way to get direct access to global configuration mode.

The other three options are memory, network, and overwrite-network and are all automated. You cannot make changes by hand. "Configure memory" or "conf m" copies the configuration file stored in NVRAM back into the running router configuration. This is useful when you have made mistakes configuring the router with "conf t". It allows you to reset the state of the router to the last saved configuration, but may not delete added lines. To insure a complete restoration to the previous configuration, you must also reboot the router.

"Configure network" or "conf n" allows you to read a text configuration file from a TFTP (Trivial File Transfer Protocol) server on the network and copy it into the running router configuration. This copies the file into the running configuration as if you were typing it in line for line through the CLI. This can cause problems, because lines that already exist in the running configuration (but have been removed from the text file) will not be removed from the running configuration. Also, certain types of configurations (for example, access lists) must be completely cleared from the running configuration before they can be changed. If left uncleared, any new lines will append themselves to the bottom of the existing ones. This is useful when making major changes to a router (and needing a better editor than the CLI), but not when removing lines. When removing lines, you can use "configure overwrite-network" or "conf o". This erases the current running configuration before loading the new one into memory.

Always take care when updating the router configuration. A good way to manage router configurations is with a TFTP server on the network. You can store your router configurations on the server as text files. This allows you to copy them to other files before making changes, and keep a revision history of router changes. It also allows you to use a more familiar text editor to make your configuration changes.

Most of the other command modes are only visible under global configuration mode. For example, when you want to configure an interface, you enter the interface configuration mode by entering the interface name at the global configuration prompt. This is shown in figure 3-30.

To exit a configuration mode under global configuration mode, use the exit or end command. The exit command returns you to global configuration mode. The end command (or Ctrl-z) returns you to enable mode. This is shown in figure 3-31.

Go back and read that last line again. Now once more. Ponder it for a few seconds. This means that lines typed into the running configuration take effect as soon as you hit enter or a complete line is read from the file. Therefore, if you are loading a large configuration change, the order of the configuration lines may be extremely important. Think about what might happen if you logged into a remote router and began changing an interface definition. You could possibly execute a command into the running configuration that would lock you out of the router. Fortunately, this command would not be saved into NVRAM, but you would still need someone physically present to cycle the router power to get it back on the network.

You must always keep this in mind when you are making configuration changes. Some commands may take a while to execute on a router, so don't panic if the command prompt doesn't return immediately. If it seems to be taking too long, try to make another telnet connection to the router, or ping it. If there is a danger of the router going off the network during a configuration change, make sure you have a backup plan to get the router back on-line. This might be a person on-site, the pager or home phone of someone who lives near by and has access to the router, or a modem on the auxiliary port for you to dial into.

The Table 3-5 contains a more complete list of IOS CLI modes.

Table 3-5. Some of the many modes available in IOS.

Saving the configuration

Possibly, the most important part of making configuration changes to your router is making sure that they stick around after you make them. Simply editing the configuration does not make it permanent the next time the router starts up. When the router boots, it reads a copy of the configuration file from NVRAM into main memory and then runs it. The configuration changes you make in global configuration mode only affect the running configuration in main memory. You must save the configuration in NVRAM in order for it to be permanent. You should also copy the configuration file to a network server, so you can track changes and revert to an earlier (working) version, if necessary.

There are two commands for saving the configuration file: "write" and "copy". "Write" or "wr" is the older of the two. It is simpler to use and has fewer options as seen in figure 3-32.

"Write erase" or "wr e" erases NV RAM and allows you to start over with a clean configuration. If you reboot a router after erasing the NVRAM, it will boot directly into the initial setup mode. "Write memory" or simply "wr" writes the running configuration to NVRAM. This is the easiest way to save the configuration file, but Cisco prefers the use of the newer "copy" command, probably because it has more options. "Write network" or "wr n" will copy the running configuration file to a TFTP server on the network. TFTP usually requires a file exist before you can write to it. This means you may have to create an empty file on the server before you can successfully "copy" the file. By default, IOS will name the file routername-confg. If you have saved the file previously, it will overwrite it without asking you first. Copy the old file to a new one, and add the date of the change to the file name beforehand. This will make it easier to track the changes you make to configuration files. "Write terminal" or "wr t" displays the running configuration to the screen.

The "copy" command is much more complex, because it works on more than just the running configuration in main memory. It can manipulate the start-up configuration in NVRAM, the flash memory where IOS is stored, and it gives you access to two additional network protocols: MOP (Maintenance Operation Protocol) and RCP (Remote Copy Protocol). "Copy running-config startup-config" or "cop ru s" does the same thing as the "write" command, copying the running configuration file in main memory to the startup configuration file in NVRAM. You can also copy the running configuration to a TFTP server (same as "write network") or to an RCP server using the commands: "copy running-config tftp" and "copy running-config rcp".

The "copy" command is very versatile, allowing you to copy the running configuration, the startup configuration, and the IOS images in flash memory to and from anywhere that makes sense using the TFTP or RCP protocols. The MOP protocol, in this instance, is only useful for copying an IOS image into flash memory.

A good method for managing router configurations is by TFTP server on your network. It will allow you store configuration files and IOS images on a system you trust. You should make sure it is a secure system, because you may be storing passwords in plain text and you wouldn't want just anyone reading your configuration files. Any system can be a TFTP server, including Unix, Windows NT, or Windows 95. Remember, the danger of a Windows 95 system is that it has no local file security, so think twice about using it.

You should also know that TFTP security is weak. In order to download a file, you must know its name, and in order to upload one, it must already exist and be writeable. Since there is no way to get a directory of files, you may consider it somewhat secure. However, IOS names router configuration files ROUTERNAME-confg by default, where ROUTERNAME is the hostname of the router. This makes it easy for people to guess configuration file names.

All Unix systems ship with TFTP servers built-in, but usually not enabled. Configuring one is usually as easy as uncommenting it from the file /etc/inetd.conf and then sending a hang up signal to inetd using the "kill -1 PID" command, where PID is the process id of inetd. You should read the manual entry on tftpd or in.tftpd to make sure you configure it correctly. To shore up security on TFTP (and any other network daemons), you may want to download and install TCP Wrappers from CERT/CC (The Computer Emergency Response Team / Coordination Center ) at . This will give you control over which machines may communicate with the TFTP daemon, eliminating the threat of unauthorized connections to the server.

For Windows NT and 95, Cisco has a free TFTP daemon that you can download from . It allows you to pick the directory TFTP will use to store files and very little else. However, it shores up security because you can start and stop it as needed. Best of all, it's free!

Once you have a TFTP server setup and basically secure, you should copy your router configuration files and your IOS images to it. The TFTP directory on your server will become the staging area for your IOS upgrades and router configuration changes. You should also keep backup copies of your router configuration files here. Before making changes to a router, back the file up to ROUTERNAME-confg.MMDDYY, where MM is the two-digit month, DD is the two-digit day, and YY is the two-digit year. If you are making many updates in a single day, you can add a two-digit revision number to the end. With that done, you can edit the file using your favorite text editor (just make sure to save it as plain text {.txt] if you are using a word processor.) You can then use the command "copy tftp running-config" to update the router configuration and "write" to save it to NVRAM.

If you make changes to the router configuration at the CLI, connect to your TFTP server first and backup the configuration file stored there before saving your changes to the network. Next, use the "write" command to write to NVRAM and "write network" to copy it to your TFTP server.

Using this method will let you track changes to your network and always give you a fallback position in case of a catastrophe.

There are essentially two configuration files in a Cisco router at any given time: the running configuration file and the startup configuration file. When you used the command "show configuration", you see only the startup configuration file. To avoid confusion, you should be explicit about which configuration file you want to view, and use the commands "show running-configuration" and "show startup-configuration.

IOS supports the concept of hidden commands, meaning that not all commands in the router configuration are visible. These commands are the IOS default for a particular setting or are considered extraneous. One example is the "no shutdown" command. "Shutdown" disables an interface in the configuration file and indicates this condition on a port with the word "shutdown" in the configuration file as seen in figure 3-33.

When the "no shutdown" command is entered for the same interface, the interface enters an operational state and the "shutdown" flag is removed from the configuration. This is shown in figure 3-34.

This does not work universally the same in IOS, and you need to get used to it. For example, the commands "service udp-small-servers" and "service tcp-small-servers" are on by default if you use the initial setup dialog. If you enter the command "no service udp-small-servers" in global configuration mode, your running configuration will show the whole command instead of hiding it like it does with "no shutdown". This is seen in figure 3-35.

The user interface provides error isolation in the form of an error indicator, shown as a caret symbol (^). It appears at the point in the command line where you have entered an incorrect command, keyword, or argument. The error location indicator and interactive help system allow you to find and correct syntax errors.

Suppose you want to set the clock on your router. You can use context-sensitive help to check the syntax for setting the clock as in figure 3-36.

The help output shows that the keyword "set" is required. Next, check the syntax for entering the time as in figure 3-37.

Enter the current time in HH:MM:SS format as shown below in figure 3-38.

The error message indicates that you need to provide additional arguments to the CLI to complete the command. Press Ctrl-P or the up arrow key to automatically repeat the previous command. Next, add a space and question mark to see the additional arguments needed to complete the command properly as in figure 3-39.

Continue the command by appending the day and month. End with a question mark again to see if any more keywords or arguments are required as in figure 3-40.

Finish by entering the year after the date as in figure 3-41.

The caret symbol and error message indicates an error at "98". To list the correct syntax, enter the command up to the point where the error occurred and then enter a question mark as in figure 3-42.

From the help information, you can see that you must enter the year as a four-digit number, not a two-digit number. To complete the command, type the year properly and press the Enter key. This is shown in figure 3-43.

The Cisco IOS software is packaged into "feature sets" (also called "software images"). There are many different feature sets available; each feature set contains a specific subset of Cisco IOS features and protocols. Not all feature sets are available with all platforms. Also, some feature sets support different features when run on different platforms.

There is a very large list of feature sets, and it is not always clear what is included in each one. To select the one that is right for you, you may need to do some research. The proper place for this is Cisco's web site, Cisco Connection Online (CCO). You can connect to it at and then follow these steps to reach the IOS documentation section:

• Documentation
• Cisco Product Documentation
• Cisco IOS Software Configuration

From there, you need to select the IOS version you wish to use; after that, you are looking for release notes and the IOS packaging information.

Cisco IOS Packaging information contains cross referencing describing which feature sets are available on which platforms and what features they support. This is required reading for any site with specific needs. For example, IOS version 11.1 only support the AppleTalk protocol on Cisco 7500 routers with feature sets: Desktop/IBM, Enterprise, Enterprise/APPN, Desktop/IBM/VIP, Enterprise/VIP, and Enterprise/APPN/VIP.

The URL's shown in table 3-6 will take you directly to the proper web pages for all recent versions of Cisco IOS version 10 and 11.

Table 3-6. URLs for IOS major versions.

Some feature sets have special designations such as PLUS, PLUS 40, PLUS 56, and FW (firewall). These add additional features to those specified by the base feature set. For example, you could have three feature sets: IP/IPX/AT/DEC, IP/IPX/AT/DEC PLUS, and IP/IPX/AT/DEC/FW PLUS. The base feature set is IP/IPX/AT/DEC. The additional feature sets add the PLUS feature set to both sets and the firewall features to the last set. The Plus feature set contains a variable set of additional features depending on the hardware platform selected. PLUS 40 and PLUS 56 include additional 40-bit and 56-bit DES data encryption, respectively.

The variable set of additional features contained in the Plus feature sets can contain features such as network address translation (NAT), data encryption, RADIUS, OSPF, PIM, AppleTalk SMRP, and Network Time Protocol (NTP). VPDN (L2F tunneling) and RADIUS are available on the Plus feature sets starting with Cisco IOS Release 11.2(10)P and 11.3. Cisco IOS firewall feature sets are available in Releases 11.2(11)P, 11.3(3)T, and up.

The 40-bit DES data encryption may legally be distributed to any party eligible to receive Cisco IOS software; however, it is not a cryptographically strong solution. You should carefully evaluate 40-bit DES before using it. Cisco IOS images with 56-bit DES may be subject to export and/or import controls and may have a limited distribution. For more information, contact your sales representative or distributor, or visit CCO at , or send e-mail to export@cisco.com.

Several concerns must be factored into choosing a feature set: operational necessities, cost, RAM usage, and flash memory usage. The primary concern is always making sure that you meet your minimal protocol and feature needs. For example, a site that needs only TCP/IP may also need RADIUS authentication, which is usually part of a PLUS feature set. In order to get PLUS, you may need a feature set that supports more than just the TCP/IP protocol (such as IP/IPX/AT/DEC PLUS or Desktop PLUS) because there may not be an IP PLUS feature set available on your platform.

Other concerns are RAM and flash memory usage. As feature sets add functionality, they usually grow in size and memory requirements. A good example is the Service Provider feature set for the Cisco 2501 router. In version 10.3, the image required 4 MB of flash memory and 4 MB of RAM. In version 11.2, the same feature set requires 8 MB of flash memory. Obviously if your router has 4 MB of flash memory, you could not upgrade from 10.3 to 11.2 without upgrading your memory configuration. If you are purchasing a new router, you should make sure to buy as much flash memory and RAM as you can afford. This will save you time and expense if you should need to upgrade to a substantially larger IOS image later.

Finally, there is the cost of the IOS license itself to consider. While it might be nifty to have an Enterprise feature set license, which includes everything you could possibly use, it may be cost prohibitive. The Enterprise feature set license cost can be more than twice that of an IP/IPX feature set. If you can get along fine with IP/IPX, why not purchase it instead?. It will save you money on RAM, flash memory, and the license as well. You can always upgrade your license later and usually with little additional cost than if you had purchased it to begin with.

The non-IOS based routers we will be discussing are the Cisco 760 and 770 routers. As previously mentioned, this product line was obtained through the purchase of Combinet, which designed the original router and OS. These series of routers are ISDN-to-Ethernet access routers designed for small, home, and remote office situations. Through enhancements to the OS, Cisco has added an amazing amount of functionality for such an inexpensive product. Advanced features such as DHCP, NAT, automatic SPID and ISDN switch sensing, compression, and support for multiple connections are only a few of the highly advanced features available in these routers.

Three feature sets are available for the 760 and 770 series routers: Internet Ready (IR), Small Office / Home Office (SOHO), and Remote Office (RO). The IR feature set contains support for the TCP/IP protocol and four network devices only. SOHO adds support for the IPX protocol, and RO adds on-the-fly data compression and support for 1,500 network devices.

IR supersedes the SOHO feature set. Customers with a SOHO license can still find older versions of the OS on Cisco's web site, but should plan changing to either the IR or RO feature sets, depending on their needs. Those only needing IP and four network devices can continue to upgrade their router OS using the IR feature set. However, if you have need for IPX, and one of the other features in RO (compression or 1,500 network devices) you must upgrade your SOHO license to RO. Only then can you legally download and install this OS on your router.

Each of these feature sets is available in several languages. These languages, listed by country, contain more than just different linguistic command syntax. ISDN standards vary from country to country, and you need to make sure you get the proper version of the OS for your location.

Navigating through the CLI in this OS is not nearly as nice as in IOS. There are no special editing keys to fill in commands for you, or allow you to move through the history of previously entered commands. In fact, the CLI for this OS is rather basic. The only really outstanding feature in the CLI is the on-line help, which is accessible by typing "help" or a question mark. This on-line help system is only context sensitive in the commands you type. It shows all possible keywords to complete the command if you enter a partial command and a question mark. It will even show you commands that are not valid for your current CLI mode.

The on-line help shows you all possible commands and the general syntax on how to use them. Unlike IOS, which only shows you the next keyword or option, the 700 series router gives you the whole command. For example, if you wanted to see all possible options for the "show" command, you would enter "show ?". Unlike IOS, you must press "Enter" after typing the question mark. This is shown in figure 3-44.

You will notice that only the first two or three characters are capitalized. For most commands, you only need to enter the capitalized letters. For example, to view a list of all TCP/IP routes, you could enter "show ip route" or "sh ip ro". As you become more proficient with the CLI, you will learn more about commands and their associated shorthand.

This OS does not have the concept of command modes, per se. Instead, it has a single global command mode, and a user profile command mode. The global command mode allows you to configure parameters for the router as a whole. This includes the ISDN connection to the local telco, DHCP setup, the router system name, and the configuration of the POTS ports if any exist. User profiles contain the necessary information for each data connection.

There are four user profiles you will see: LAN, Internal, Standard, and user-defined. The first three are permanent, unerasable profiles. The individual user defines the rest, up to a maximum of 17 profiles. The LAN user profile holds the configuration information for the Ethernet port on the router. Its configuration information includes TCP/IP and IPX/SPX protocol addresses and routing configurations, as well as frame type information. The internal user profile contains the information used to communicate between the LAN and WAN ports. The standard user profile contains the default configuration for the ISDN WAN port.

User-defined profiles create virtual connections to the remote devices with which they are associated. A virtual connection has no physical ISDN channels allocated to it. After its creation, an on-demand call can be made to the remote device to establish a data connection by allocating one or both physical ISDN channels. Virtual and physical connections behave similarly; the difference is that physical connections forward packets to the WAN. Virtual connections monitor packet traffic on the LAN until they identify a packet that is destined for the WAN and initiate a call to the remote device, opening the physical connection. Once the call is established, the virtual connection becomes an active physical connection and the packets move through it.

System mode parameters are modifiable in system mode only. A Profile's parameters are modifiable in that profile only. Figure 3-45 shows the prompt indicates you are in system mode by displaying nothing, or the router name followed by the greater than ">" symbol.

If you are in profile mode, the profile name appears as part of the prompt, separated from the system name by a colon (:). The LAN profile prompt is shown in figure 3-46.

System mode parameters affect the router as a whole. Table 3-7 shows the list of system parameters:

Table 3-7. The list of system parameters.

User-profile mode parameters affect connections made through that user-profile only. However, an area of the global configuration stores profile parameters. This area is the profile template. Changes made to profile mode parameters in system mode affect the profile template. When you create a new profile, it inherits the matching system mode parameters from the profile template. Any changes to profile parameters while in profile mode apply to that profile only. When you use the "set profile" command to create a user-defined profile, the default parameters for the new profile are taken from system mode profile template. Table 3-8 shows the list of profile mode parameters:

Table 3-8. User profile command list.

There are two programs available for configuring Cisco 760 and 770 series routers from the Microsoft Windows GUI: ClickStart and FastStep. Cisco ClickStart is the older GUI tool. If you acquired your router some time ago, it might have come with the router on floppy diskettes. You should ignore it in favor of the newer FastStep program. Unlike ClickStart, FastStep is current with the latest releases of the OS, and therefore better able to help you configure the router. Those without FastStep can download it free from Cisco at . It is available in English, German, French, and Japanese.

Both programs let you set up basic router functionality, including LAN and WAN profile definitions. However, FastStep give you the ability to configure enhanced functionality in your router. Both programs will configure the router via a serial port, but only FastStep allows you to configure it over the Ethernet network. With the arrival of FastStep version 1.2, you can now use it to set up network address translation. It will even attempt to determine automatically the switch type and SPIDs of your ISDN line.

You can configure your router with FastStep via the network by changing the network settings of the PC running FastStep. Two items should concern you any time you let someone else make changes to your networking configuration. First, you will need to return to your original network settings in order to continue using your PC for its daily tasks. In order to make sure that return trip is possible, run "winipcfg" (or "ipconfig /all" under NT) from a DOS prompt. It will bring up your networking information for your default network adapter. Record this information so that you can re-enter it into the system if there is a problem after FastStep completes. Figure 3-47 shows the "winipcfg" configuration window:

The second problem you may have is the limit on network stations the router can see on the network. If you are using the Internet Ready or SOHO feature set, you are limited to only four devices on the network. If you try to configure a router on a network with more than four nodes, it is anyone’s guess as to whether or not the router will see the PC running FastStep. To insure you don’t get lost in the crowd, isolate the router and the configuring PC from the rest of your network. Place both on a separate hub with nothing else connected to it.

If the router is destined for another network, you should configure your PC for that network. FastStep reads your PC's configuration file and will only let you select an IP address for the router that matches it. This happens even if you are configuring the router via the serial cable. Once the configuration of the router is complete, you can send it to its final destination and place your PC back on the network.

Another method of avoiding these problems is to use the serial port for configuration. This is slower, but presents fewer entanglements in a complex network environment. Unfortunately, FastStep has a tendency to lose the ability to communicate with the router. If this happens, try a few more times. If it still can not talk to the router, exit FastStep and launch HyperTerminal. Press <Enter> a few times until you see the router prompt, then exit and try FastStep again.

Should the configuration not work on the first try, you may need to run FastStep again and change some options. One hard to find problem might be in the channel configuration. Some ISPs only allow certain customers to connect with a single B channel. If your configuration does not work, you should try entering only one phone number to dial and choosing to use only one B channel.

After running FastStep multiple times, your router configuration might become hopelessly tangled. If this happens, exit FastStep and connect to the router with HyperTerminal. Enter the command "set defaults". This will return the router to its default configuration and cause it to reboot. Once it has rebooted, you can try configuring it again.

CiscoWorks is a series of SNMP-based network management software applications. Some of the applications included in CiscoWorks are CiscoView, Configuration File Management, Contacts, Device Management, Global Command Facility, and Software Manager. Configuration File Management provides an audit trail indicating who made changes and when. It can also detect unauthorized configuration changes on your network. Contacts allows you to obtain information about the contact person for a specific device, providing complete name, phone number, e-mail address, title, location, and address. Device Management creates and maintains a database that holds a complete inventory of your network hardware, software, release levels of operational components, responsible individuals, and locations. Global Command Facility allows you to create configuration Snap-Ins that you can apply automatically to groups of routers. Software Manager minimizes upgrade costs by enabling administrators to centrally distribute and manage router software throughout the network. It includes three applications:

• Software Library Manager - Provides a central repository for all Cisco IOS software
• Software Inventory Manager – Quickly finds the routers you want to upgrade. It automatically tracks software versions running on your network.
• Device Software Manager - Builds on the flash memory capabilities of Cisco routers, guiding users through a safe and simple upgrade process.

CiscoWorks Windows is a suite of integrated PC-based network configuration and diagnostic tools for small-to-medium-sized networks. It includes the Configuration Builder, Show Commands, Health Monitor, and CiscoView applications. It comes bundled with CastleRock SNMPc, a complete network management platform for mapping networks, graphing device statistics, and handling alarms. You can also integrate it with HP OpenView Professional Suite and HP OpenView Network Node Manger for Windows NT. Configuration Builder and CiscoView can run as stand-alone applications.

Configuration Builder allows you to create configuration files for multiple Cisco routers, access servers, and hubs without requiring you to remember complicated command line language or syntax for the devices. Using Configuration Builder, you can configure a wide variety of Cisco routers, switches, and hubs, including all those listed in the hardware section. Configuration of advanced features must still be done by hand. An Add Commands window allows you to configure features in the router not supported by Configuration Builder.

Other features of Configuration Builder include:

• Simultaneous configuration of multiple devices
• Configuration snap-ins
• Duplicate address and configuration checking for IP, IPX, AppleTalk, and DECnet protocols
• Guided router configuration through a sequence of relevant dialog boxes
• Auto detection of hardware information including model type, software version, image type, and number and type of interfaces installed
• Remote configuration capability

Show Commands allow you to quickly display detailed system and protocol information about Cisco routers without requiring you to remember complicated command line language or syntax. Health Monitor is a dynamic fault and performance management tool that provides real-time statistics on device characteristics, interface status, errors, and protocol utilization. It also provides CPU and environmental card status and indicates changes in conditions through color. This application uses SNMP to monitor and control the Cisco devices.

Cisco Resource Manager, based on web server architecture, takes advantage of today's Internet technology. Its applications are accessible using a standard browser, which simplifies access to information from anywhere in the network. It is composed of Inventory Manager, Software Image Manager, Availability Manager, and Syslog Analyzer applications. It is available as a stand-alone solution and does not require a management platform or CiscoWorks. It can coexist on the same system with HP OpenView, CiscoWorks, or CiscoWorks for Switched Internetworks and is available for either Solaris or Windows NT.

Inventory Manager quickly collects, displays, and updates router and switch hardware and software inventory information. It can create change reports by automatically detecting hardware and software changes, and allows users to view past reports. Inventory reports are highly detailed, showing hardware, software, and firmware versions, image type, and physical chassis and interface card information. The inventory information updates automatically each time a device restarts. Custom reports show the Year 2000 certification status of each IOS router image running in your network. These reports are Internet linked to CCO to provide up-to-date information.

Software Manager reduces the time needed to deploy new software images by automating many of the steps associated with scheduling, downloading, and monitoring software upgrades. It can distribute software images to groups of routers and it supports all the devices in the hardware section of this book. To reduce software upgrade errors, Software Manager validates the proposed image for each target device by checking Cisco IOS release, flash device size, and available RAM requirements. It allows you to schedule a single or multiple upgrade jobs verifying that each job has completed successfully and providing detailed audit reports on upgrade failures. Software images can be retrieved from the CCO website, from another router, or from a local file and stored in the software library for future deployment

Availability Manager allows quick monitoring of device availability and response time, and reports on off-line devices and device reloads. Users can view trend graphs and interface availability information for easier troubleshooting based on historical information. It also reports device reloads, cause of reload, and off-line device status to ensure timely response to network outages

Syslog Analyzer provides flexible filtering of syslog message reporting that you can use to isolate error conditions on Cisco routers. It provides custom and standard reports that are viewable by device, message type, and severity. These can alert you to configuration changes, high CPU utilization, duplicate IP addresses, flash memory errors, memory allocation failures, environmental warning, and severity level 0, 1, and 2 syslog errors. Custom filters enable users to select the device and syslog messages displayed along with links to probable cause, recommended action, and user-customized information. A utility to launch a customized script or web page enables you to extend syslog messages to internal policies and procedures.

When connected to CCO, Cisco Resource Manager provides a dynamic link between your network and CCO service and support. From the Resource Manager desktop, you have access to CCO web pages, simplifying the task of finding the latest product enhancements, the appropriate software image, Year 2000 certification, diagnostic information, and debugging tools.

ConfigMaker requires no knowledge of IOS, and can be used for basic configuration of IP, IPX, and AppleTalk network protocols. It supports network connections over Ethernet, Fast Ethernet, ISDN BRI, ISDN PRI, Frame Relay, PPP, HDLC, and asynchronous lines. It will even configure dial-up connections over modems and ISDN lines.

It works by connecting to a router over a serial line connected to your PC. You can either tell it the type of router or let it discover it on its own. This is handy for modular routers like the 1600 and 3600 series. With those routers, you might spend some time manually adding all the interface cards. Auto configuration saves time and prevents errors by determining this information for you.

Basic testing shows ConfigMaker extremely capable of creating the configurations necessary for getting your network up and running. You can even provide it a range of network addresses you have available and it will apportion them in an efficient way. Its major drawback is the need to have the router directly connected to a PC for auto discovery and configuration. Getting this information over a network would make the product much more flexible for network administrators with routers already in place. Do not let this deter you, since it is quite possible to use ConfigMaker to create new configurations and then use existing method to update router configurations.

Best of all, it’s free. Simply connect to , click on software and support, then on network management products, then on Cisco ConfigMaker Software. You can also go directly to

Those with Cisco Access Servers should be aware of Cisco Dial-Out Utility Software. This program allows you to connect to an access server and use one of its modems as if it were connected to your computer. It is available free from Cisco's web site at . You must have a login and password to access the secure area of Cisco's web site to get this software. If you have a maintenance contract with Cisco and do not have an account, they will be happy to set you up with one. All you need to do is call technical support and ask for a Cisco Connection On-Line (CCO) account.

This software can turn a typical dial-in server into a dial-in/dial-out access server. This can give your network additional capabilities, such as outbound fax from the desktop and a modem pool from which users can dial-out to text based bulletin board systems (BBS).

Users with maintenance contracts for their Cisco routers can get an account on Cisco Connection On-Line (CCO). Here, Cisco offers all its latest software updates for you to download, including current and previous versions of IOS, Cisco 760 and 770 series OS, and many of the programs described above. You must know your licensing status for each piece of equipment you upgrade with code from this site. If your license only covers the desktop feature set, it is illegal to install an upgraded feature set (such as Enterprise.) However, if a new version of Desktop for your router is too large for either flash or main memory, you can freely use a feature set with fewer capabilities than Desktop, such as IP/IPX.

As always, you should check with your Cisco sales rep. if there are any questions of legality. Your sales rep can also keep your maintenance up-to-date, so your CCO account does not expire at an inopportune time.

Software updates reside under the Software Center heading (look under Software & Support.) If you do not have a CCO account, you can still gets a great deal of useful software packages like FastStep, TACACS (authorization, authentication, and accounting software for dial-in users), RSL (Router Software Loader), and 56K modem firmware updates. Users with CCO accounts will see all this and more. The area you are most likely to download from is the IOS software area. This area has an extremely helpful program that asks you for your router type, desired IOS version and desired feature set, and then tells you how much RAM and flash you will need to install the image. If your router is capable, you can then download that IOS image directly to your hard drive.

Cisco IOS based routers use a configuration register to determine how the router loads its IOS operating system. The full version of IOS is usually stored in flash memory, but there is also a crippled version stored in a boot ROM or in a separate flash memory device known as boot flash. The router can also boot into ROM monitor mode, or download its IOS version off the network. The configuration register setting determines which of these the router boots from.

To check the status of your configuration register, use the "show version" command. At the bottom of the output, you will see the status of all the programmable memory in the router. In figure 3-48, you can see this router has 128 KB of NVRAM, 8 MB of system flash memory, and 4 MB of boot flash. You will also see the current value of the configuration register (in this case 0x2102.)

Normally, you only use two configuration register settings: 0x2101 and 0x2102. 0x2101 is used to boot from the boot ROM or boot flash. 0x2102 is used for normal operations where you boot off an IOS image in flash memory.

If you wish to upgrade your IOS version in flash memory, you need to make sure that flash is writeable. Run-from-flash routers such as the AS5200 or any of the 2500 series require you to change the configuration register to 0x2101 in order to make the flash writeable. Run-from-RAM routers such as the 4x00 series have flash memory in read/write mode all the time.

Enter global configuration mode to change the configuration register. All you need to do is enter "config-register NUMBER" where NUMBER is the desired value for the register (normally either 0x2101 or 0x2102). Next, press "Ctrl-z" to exit global configuration mode. Finally, enter "reload", choose not to save the configuration, and press <Enter> to confirm the reload. This is shown in figure 3-49.