Cisco IOS (originally Internetwork Operating System) is the software used on the vast majority of Cisco Systems routers and all current Cisco network switches. IOS is a package of routing, switching, internetworking and telecommunications functions tightly integrated with a multitasking operating system. The first IOS was written by William Yeager. “Cisco” redirects here. ... This article is about a computer networking device. ... A network switch is a computer networking device that connects network segments. ... In computing, multitasking is a method by which multiple tasks, also known as processes, share common processing resources such as a CPU. In the case of a computer with a single CPU, only one task is said to be running at any point in time, meaning that the CPU is... William Bill Yeager (born June 16, 1940, San Francisco) is an American engineer. ...

Cisco IOS has a characteristic command line interface (CLI), whose style has been widely copied by other networking products. The IOS CLI provides a fixed set of multiple-word commands -- the set available is determined by the "mode" and the privilege level of the current user. "Global configuration mode" provides commands to change the system's configuration, and "interface configuration mode" provides commands to change the configuration of a specific interface. All commands are assigned a privilege level, from 0 to 15, and can only be accessed by users with the necessary privilege. Through the CLI, the commands available to each privilege level can be defined. This article or section does not adequately cite its references or sources. ...

Versioning

Cisco IOS versions are versioned using three numbers and some letters, in the general form a.b(c.d)e, where

• a is the major version number of the release
• b is the minor version number
• c is the release number, which begins at one and increments as new releases in the same a.b train are released
• d (omitted from general releases) is the interim build number
• e (zero, one or two letters) is the release train identifier, such as none (which designates the mainline, see below), T (for Technology), E (for Enterprise), S (for Service provider), XA as a special functionality train, XB as a different special functionality train etc.

For example, release 12.3(1) is the first mainline Cisco IOS release of version 12.3. 12.3(2) is the next release, and so on. 12.3(1)T is the first release of the T train, 12.3(2)T the next, and so on. Interim builds are candidates for the next release, and are frequently made available by Cisco support as a faster way to provide fixes for bugs before the next release is available. For example, 12.3(1.2)T is the 2nd interim build after release 12.3(1)T.

Rebuilds - Often a rebuild is compiled to fix a single specific problem or vulnerability for a given IOS version. For example, 12.1(8)E14 is a Rebuild, the 14 denoting the 14th rebuild of 12.1(8)E. Rebuilds are produced to either quickly repair a defect, or to satisfy customers who do not want to upgrade to a later major revision because they may be running critical infrastructure on their devices, and hence prefer to minimise change and risk.

Interim releases - Are usually produced on a weekly basis, and form a roll-up of current development effort. The Cisco advisory web site may list more than one possible interim to fix an associated issue (the reason for this is unknown to the general public).

Maintenance releases - Rigorously tested releases that are made available and include enhancements and bug fixes. Cisco recommend upgrading to Maintenance releases where possible, over Interim and Rebuild releases.

Trains

Cisco IOS releases are split into several "trains", each containing a different set of features. Trains more or less map onto distinct markets or groups of customers that Cisco is targeting.

• The mainline train is designed to be the most stable release the company can offer, and its feature set never expands during its lifetime. Updates are released only to address bugs in the product. The previous technology train becomes the source for the current mainline train--for example, the 12.1T train becomes the basis for the 12.2 mainline. Therefore, to determine the features available in a particular mainline release, look at the previous T train release.
• The T - Technology train, gets new features and bug fixes throughout its life, and is therefore less stable than the mainline. (In releases prior to Cisco IOS Release 12.0, the P train served as the Technology train.)
• The S - Service Provider train, runs only on the company's core router products and is heavily customized for Service Provider customers.
• The E - Enterprise train, is customized for implementation in enterprise environments.
• The B - broadband train, support internet based broadband features.
• The X* - The XA, Xb ... special functionality train, needs to be documented

There are other trains from time to time, designed for specific needs -- for example, the 12.0AA train contained new code required for Cisco's AS5800 product. A software bug is an error, flaw, mistake, failure, or fault in a computer program that prevents it from behaving as intended (e. ... By the mid 20th century humans had achieved a mastery of technology sufficient to leave the surface of the Earth for the first time and explore space. ... A service provider is an entity that provides services to other entities. ... A WildBlue Satellite Internet dish. ...

Cisco IOS Packaging or Feature sets

Most Cisco products that run IOS also have one or more "feature sets" or "packages", typically eight packages for Cisco routers and five packages for Cisco switches. For example, Cisco IOS releases meant for use on Catalyst switches are available as "standard" versions (providing only basic IP routing), "enhanced" versions, which provide full IPv4 routing support, and "advanced IP services" versions, which provide the enhanced features as well as IPv6 support. Electrical switches. ... Internet Protocol version 4 is the fourth iteration of the Internet Protocol (IP) and it is the first version of the protocol to be widely deployed. ... Internet Protocol version 6 (IPv6) is a network layer protocol for packet-switched internetworks. ...

Each individual package corresponds to one service category, such as

• IP data
• Converged voice and data
• Security and VPN

For additional information about Cisco IOS Packaging see White Paper: Cisco IOS Reference Guide VPN redirects here. ...

Architecture

In all versions of Cisco IOS, packet routing and forwarding (switching) are distinct functions. Routing and other protocols run as Cisco IOS processes and contribute to the Routing Information Base (RIB). This is processed to generate the final IP forwarding table (FIB -- Forwarding Information Base), which is used by the forwarding function of the router. On router platforms with software-only forwarding (e.g. Cisco 7200) most traffic handling, including access control list filtering and forwarding, is done at interrupt level using Cisco Express Forwarding (CEF) or dCEF (Distributed CEF). This means IOS does not have to do a process context switch to forward a packet. Routing functions such as OSPF or BGP4 run at the process level. In routers with hardware-based forwarding, such as the Cisco 12000 series, IOS computes the FIB in software and loads it into the forwarding hardware (such as an ASIC or network processor), which performs the actual packet forwarding function. This article is about routing (or routeing) in computer networks. ... Forwarding is the relaying of packets from one network segment to another by nodes in a computer network. ... // Switching technologies are crucial to the new network design. ... In computer security, an access control list (ACL) is a list of permissions attached to an object. ... Cisco Express Forwarding (CEF) is an advanced layer 3 switching technology used mainly in large core networks or the Internet. ... The Open Shortest Path First (OSPF) protocol is a hierarchical interior gateway protocol (IGP) for routing in Internet Protocol, using a link-state in the individual areas that make up the hierarchy. ... The Border Gateway Protocol (BGP) is the core routing protocol of the Internet. ... This article does not cite any references or sources. ...

Cisco IOS has a "monolithic" architecture, which means that it runs as a single image and all processes share the same memory space. There is no memory protection between processes, which means that bugs in IOS code can potentially corrupt data used by other processes. It also has a "run to completion" scheduler, which means that the kernel does not pre-empt a running process -- the process must make a kernel call before other processes get a chance to run. For Cisco products that required very high availability, such as the Cisco CRS-1, these limitations were not acceptable. In addition, competitive router operating systems that emerged 10-20 years after IOS, such as Juniper's JunOS, were designed not to have these limitations. Cisco's response was to develop a new version of Cisco IOS called IOS-XR that offered modularity and memory protection between processes, lightweight threads, pre-emptive scheduling and the ability to independently re-start failed processes. IOS-XR uses a 3rd party real-time operating system microkernel (QNX), and a large part of the current IOS code was re-written to take advantage of the features offered by the new kernel -- a massive undertaking. But the microkernel architecture removes from the kernel all process that are not absolutely required to run in the kernel, and executes them as processes similar to the application processes. Through this method, IOS-XR is able to achieve the high availability desired for the new router platform. Thus IOS and IOS-XR are very different codebases, though related in functionality and design. In 2005, Cisco introduced IOS-XR on the Cisco 12000 series platform, extending the microkernel architecture from the CRS-1 to Cisco's widely deployed core router. Carrier Routing System is a new (as of 2004) large scale router, developed by Cisco Systems, Inc. ... Juniper Networks NASDAQ: JNPR is a telecommunications equipment company. ... IOS XR is Ciscos latest operating system, used on their high-end carrier-grade routers. ... QNX (pronounced either Q-N-X or Q-nix) is a commercial POSIX-compliant Unix-like real-time operating system, aimed primarily at the embedded systems market. ...

Recently (in 2006), Cisco has made available IOS Software Modularity which extends the QNX microkernel into a more traditional IOS environment, but still providing the software upgrade capabilities that customers are demanding. It is currently available on the Catalyst 6500 enterprise switch. Year 2006 (MMVI) was a common year starting on Sunday of the Gregorian calendar. ... IOS Software Modularity is an extension to the Cisco IOS operating system that allows ISSU of router or switch functionality. ...

Cisco Using the Command Line

To use Cisco IOS Command Line Interface you need to change modes in order to enter different commands. Here is a quick sketch on how to get from mode to mode.

An example of Cisco router modes and simple commands

Image File history File links CiscoModeModel_no_flowtext. ... Image File history File links CiscoModeModel_no_flowtext. ...

Moving from Mode to Mode

You can tell which mode you are in by the Prompt e.g Router# (Privileged Mode). Here is a table version of how you get from mode to mode.

Global Configuration Mode

This article may require cleanup to meet Wikipedia's quality standards. Please improve this article if you can. (August 2007)

Global Configuration Mode is the privilege level in Cisco Systems IOS used to configure global router and network switch parameters. The mode is entered from enable mode using the command "configure terminal", more commonly expressed as "conf t". Image File history File links Broom_icon. ... “Cisco” redirects here. ... This article is about a computer networking device. ... A network switch is a computer networking device that connects network segments. ...

router# configure terminal
router(config)#

From inside this mode, you can enter several types of commands: interface commands to enter Interface Configuration Mode, which allow you to configure physical interfaces, line commands, to configure terminal lines, and router commands to configure routing protocols. Routing protocols allow different computer networks to communicate. ...

The remainder of this article may require cleanup to meet Wikipedia's quality standards. Please improve this article if you can.

Image File history File links Broom_icon. ...

Finding out the status of the Cards

The command Router#show ip interface brief shows a table of the current interfaces available. The following information is shown.

• Name of Interface
• IP Address and Subnet mask that have been assigned to that card.
• Information showing if the card is connected physically to the router.
• if they have been enabled on the router.

Troubleshooting information for the Phyiscal and Data Link Layer (OSI) of the router can be viewed by the Router#show ip interface brief command. The Following is an example of the output of this command:

Router# show ip interface brief
Interface       IP-Address       OK?       Method      Status                   Protocol
Ethernet0       10.108.00.5      YES       NVRAM       down                     up
Ethernet1       unassigned       YES       unset       administratively down    down
Loopback0       10.108.200.5     YES       NVRAM       down                     down
Serial0         10.108.100.5     YES       NVRAM       up                       up
Serial1         10.108.40.5      YES       NVRAM       up                       up
Serial2         10.108.100.5     YES       manual      up                       up
Serial3         unassigned       YES       unset       administratively down    down

The status field indicates the status of interface. Valid values and their meanings are:

• up—Interface is up.
• down—Interface is down.
• administratively down—Interface is administratively down. The Interface was not enabled at setup.

Although rarely seen, The Interface Down and Protocol Up error has been known to occur when dealing with faulty expansion cards. Duplicate MAC address have caused the Down / Up display because of a software error in older versions of the CLI.

Getting Help in the CLI

To use Help, enter the question mark character: ?. This will print a list of all commands available in the current mode.

Changing the Name of The router

To allow administrators to identify routers they use, they can give the router a name. This can be done by using the command
Router>enable
Router#configure terminal
Router(config)#hostname "Name of router" The name of the router is shown on the command prompt.

Changing the Interface Card IP Address and Subnet Mask

Each network interface on the router can have it own IP address and Subnet Mask. You can change each individual interface card by typing

Router>enable
Router#config terminal (short for configure terminal)

syntax is: interface [Name Of Interface] e.g interface FastEthernet0/0, int FastEthernet0/1 etc

Router(config)#interface FastEthernet0/0

The name of the interface refers to the following.

• Fast Ethernet f0/0 (this allows you to plug in a switch)
• Fast Ethernet f0/1 (this allows you to plug in another switch)
• Serial s0/0 (this allows you to plug into another router)
• Serial s0/1 (this allows you to plug into another router)
  • DIFFERENT ROUTERS HAVE DIFFERENT AMOUNTS AND TYPES OF INTERFACES. **

One you have selected a card you can give that card an IP Address and subnet mask

Syntax is: IP address [ip address] [subnet] Router(config-if)#IP address 192.168.20.1 255.255.255.0

For Serial interfaces one card acts as a server and the other acts as the client. On the server machine so that the cards can synchronize messages use the command. To determine if the cable you are using is indeed a DCE cable, you would issue the following command:

Router>show controllers serial <# here> Router(config-if)#Clock rate 64000

By default, when you give a card an IP address and subnet mask the interface is disabled. Use the command Router(config-if)#no shutdown to bring the system online.

You can shut down that card by doing the above and use the command Router(config-if)#shutdown.

Add Networks to the Router

The Router can use the many different routing protocols available such as RIP to inform the router about the presence of other routers and networks.
If you are using RIP, then the following CLI commands are sufficient. This article is chiefly about the Routing Information Protocol (RIP) for the Internet Protocol, but also discusses some other routing information protocols. ...

Router>enable
Router#configure terminal
Router(config)#router rip
Router(config-router)#network [network id]

If you want to use RIPv2, you must tell the router this. You can do this by adding the following line to the above code: Router(config-router)#version 2

Security and vulnerabilities

Cisco IOS has proven vulnerable to buffer overflows and other problems that have afflicted other operating systems and applications. Cisco usually responds very quickly to all bugs in its maintained software^{[verification needed]}. In computer programming, a buffer overflow is an anomalous condition where a program somehow writes data beyond the allocated end of a buffer in memory. ...

A legacy CLI issue, retained for compatibility reasons, is that passwords encrypted on the CLI as 'Type 7' hash values, such as "Router(config)#username jdoe password 7 0832585B1910010713181F", are easily decrypted using software called "getpass" available since 1995; the above example decrypts to "stupidpass". Although this is old news, use of these weak hashes continues due to ignorance of the problem (see Insecure.org Cisco password decryption).However, the program will not decrypt passwords set with the enable secret command. The unexpected concern that this program has caused among Cisco customers has led Cisco to suspect that many customers are relying on Cisco password encryption for more security than it was designed to provide.

Note: Cisco recommends that all Cisco IOS devices implement the authentication, authorization, and accounting (AAA) security model. AAA can use local, RADIUS, and TACACS+ databases.

Other useful commands

To display the current routing table stored in DRAM Dram can mean several things: Dram (unit), an imperial unit of volume Dram, an imperial unit of weight or mass, see avoirdupois and apothecaries system Ottoman dram, a unit of weight, see dirhem Armenian dram, a monetary unit DRAM, a type of RAM Category: ...

Router# show ip route

To telnet into another device

Router> telnet <IP address> An IP address (Internet Protocol address) is a unique address that certain electronic devices use in order to identify and communicate with each other on a computer network utilizing the Internet Protocol standard (IP)—in simpler terms, a computer address. ...

To telnet into another device using hostnames (must have hostnames resolved by DNS or locally)

Router> telnet <hostname>

To display current IOS version, config register, and basic hardware information including CPU and installed devices

Router> show version

To display the current running configuration being used by the router

Router# show running-configuration

To display the configuration stored in NVRAM It has been suggested that this article or section be merged with Non-volatile memory. ...

Router# show startup-configuration

To ping another device using ICMP echo request

Router> ping <IP address> An IP address (Internet Protocol address) is a unique address that certain electronic devices use in order to identify and communicate with each other on a computer network utilizing the Internet Protocol standard (IP)—in simpler terms, a computer address. ...

To cause passwords to be obfuscated in the config using basic type 7 encryption (weak protection)

Router(config)# service password-encryption

To set a hashed password using the MD5 algorithm In cryptography, MD5 (Message-Digest algorithm 5) is a widely used cryptographic hash function with a 128-bit hash value. ...

Router(config)# enable secret <password>

Allow the command you were typing to be generated in a new line, when interrupted by a router state change. This prevents debugging or other information from disrupting your typing, otherwise messages will be printed directly after your typing which can become very annoying.

Router(config)# line console 0
Router(config-line)# logging-synchronous

To insert a question mark into a literal string, such as an interface description, type CTRL-V immediately prior. This acts as an escape character and prevents the question mark from summoning the help display.

Router(config-if)# description Where does this go<CTRL-V>?

Perform a router test crash on memory, bus, cpu

Router# test crash

See also

• SAN-OS
• Network operating system
• Catalyst switch
• RANCID (Really Awesome New Cisco confIg Differ)

Network operating system (NOS): Software that (a) controls a network and its message (e. ... The Cisco Catalyst 6500 series switches Catalyst is the brand name for a variety of network switches sold by Cisco Systems. ... Rancid is a punk rock band formed in 1991 in Berkeley, California, by Matt Freeman and Tim Armstrong (former members of Operation Ivy). ...

External links

• Cisco IOS Software: Support Resources (Versions 12.0 through 12.4)
• Cisco IOS Software Release Reference Guide; comprehensive guide to IOS versioning information
• Cisco Security Advisories; Complete History
• Cisco IOS Security Configuration Guide, Release 12.4
• Cisco IOS Security Command Reference, Release 12.4

• Cisco IOS Commands
• Cisco-centric Open Source Community
• NMIS - Network Management Information System
• Cisco IOS commands to prevent flooding/congestion.
• Cisco 7200/3600 Simulator using IOS Images
• Cisco Simulator
• Cisco IOS Packaging
• Cisco IOS Internals