ICND2 – NetFlow

Question 1

Explanation

NetFlow traditionally enables several key customer applications including:

+ Network Monitoring – NetFlow data enables extensive near real time network monitoring capabilities. Flow-based analysis techniques may be utilized to visualize traffic patterns associated with individual routers and switches as well as on a network-wide basis (providing aggregate traffic or application based views) to provide proactive problem detection, efficient troubleshooting, and rapid problem resolution.

+ Application Monitoring and Profiling – NetFlow data enables network managers to gain a detailed, time-based, view of application usage over the network. This information is used to plan, understand new services, and allocate network and application resources (e.g. Web server sizing and VoIP deployment) to responsively meet customer demands.

+ User Monitoring and Profiling – NetFlow data enables network engineers to gain detailed understanding of customer/user utilization of network and application resources. This information may then be utilized to efficiently plan and allocate access, backbone and application resources as well as to detect and resolve potential security and policy violations.

+ Network Planning – NetFlow can be used to capture data over a long period of time producing the opportunity to track and anticipate network growth and plan upgrades to increase the number of routing devices, ports, or higher- bandwidth interfaces. NetFlow services data optimizes network planning including peering, backbone upgrade planning, and routing policy planning. NetFlow helps to minimize the total cost of network operations while maximizing network performance, capacity, and reliability. NetFlow detects unwanted WAN traffic, validates bandwidth and Quality of Service (QOS) and allows the analysis of new network applications. NetFlow will give you valuable information to reduce the cost of operating your network.

+ Security Analysis – NetFlow identifies and classifies DDOS attacks, viruses and worms in real-time. Changes in network behavior indicate anomalies that are clearly demonstrated in NetFlow data. The data is also a valuable forensic tool to understand and replay the history of security incidents.

+ Accounting/Billing – NetFlow data provides fine-grained metering (e.g. flow data includes details such as IP addresses, packet and byte counts, timestamps, type-of-service and application ports, etc.) for highly flexible and detailed resource utilization accounting. Service providers may utilize the information for billing based on time-of-day, bandwidth usage, application usage, quality of service, etc. Enterprise customers may utilize the information for departmental charge-back or cost allocation for resource utilization.

(Reference: http://www.cisco.com/en/US/products/sw/netmgtsw/ps1964/products_implementation_design_guide09186a00800d6a11.html#wp1030045)

Question 2

Explanation

What is an IP Flow?

Each packet that is forwarded within a router or switch is examined for a set of IP packet attributes. These attributes are the IP packet identity or fingerprint of the packet and determine if the packet is unique or similar to other packets.

Traditionally, an IP Flow is based on a set of 5 and up to 7 IP packet attributes.

IP Packet attributes used by NetFlow:

+ IP source address

+ IP destination address

+ Source port

+ Destination port

+ Layer 3 protocol type

+ Class of Service

+ Router or switch interface

(Reference: http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-netflow/prod_white_paper0900aecd80406232.html)

Question 3

Explanation

Flow monitors are the Flexible NetFlow component that is applied to interfaces to perform network traffic monitoring. Flow monitors consist of a record and a cache. You add the record to the flow monitor after you create the flow monitor. The flow monitor cache is automatically created at the time the flow monitor is applied to the first interface. Flow data is collected from the network traffic during the monitoring process based on the key and nonkey fields in the record, which is configured for the flow monitor and stored in the flow monitor cache.

For example, the following example creates a flow monitor named FLOW-MONITOR-1 and enters Flexible NetFlow flow monitor configuration mode:

Router(config)# flow monitor FLOW-MONITOR-1

Router(config-flow-monitor)#

(Reference: http://www.cisco.com/c/en/us/td/docs/ios/fnetflow/command/reference/fnf_book/fnf_01.html#wp1314030)

Question 4

Explanation

The “show ip cache flow” command displays a summary of the NetFlow accounting statistics.

Question 5

Explanation

NetFlow facilitates solutions to many common problems encountered by IT professionals.

+ Analyze new applications and their network impact

Identify new application network loads such as VoIP or remote site additions.

+ Reduction in peak WAN traffic

Use NetFlow statistics to measure WAN traffic improvement from application-policy changes; understand who is utilizing the network and the network top talkers.

+ Troubleshooting and understanding network pain points

Diagnose slow network performance, bandwidth hogs and bandwidth utilization quickly with command line interface or reporting tools. -> D is correct.

+ Detection of unauthorized WAN traffic

Avoid costly upgrades by identifying the applications causing congestion. -> A is correct.

+ Security and anomaly detection

NetFlow can be used for anomaly detection and worm diagnosis along with applications such as Cisco CS-Mars.

+ Validation of QoS parameters

Confirm that appropriate bandwidth has been allocated to each Class of Service (CoS) and that no CoS is over- or under-subscribed.-> F is correct.

(Reference: http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-netflow/prod_white_paper0900aecd80406232.html)

ICND2 – HSRP VRRP GLBP

Question 1

Explanation

With HSRP, two or more devices support a virtual router with a fictitious MAC address and unique IP address. There are two version of HSRP.

+ With HSRP version 1, the virtual router’s MAC address is 0000.0c07.ACxx , in which xx is the HSRP group.
+ With HSRP version 2, the virtual MAC address if 0000.0C9F.Fxxx, in which xxx is the HSRP group.

Note: Another case is HSRP for IPv6, in which the MAC address range from 0005.73A0.0000 through 0005.73A0.0FFF.

-> A is correct.

(Good resource for HSRP: http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/unicast/configuration/guide/l3_hsrp.html)

Question 2

Explanation

The virtual MAC address of HSRP version 1 is 0000.0C07.ACxx, where xx is the HSRP group number in hexadecimal based on the respective interface. For example, HSRP group 10 uses the HSRP virtual MAC address of 0000.0C07.AC0A. HSRP version 2 uses a virtual MAC address of 0000.0C9F.FXXX (XXX: HSRP group in hexadecimal)

For more information about HSRP operation, please read our HSRP tutorial.

Question 3

Explanation

Object tracking is the process of tracking the state of a configured object and uses that state to determine the priority of the VRRP router in a VRRP group -> B is correct.

(Reference: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/nx-os/unicast/configuration/guide/l3_cli_nxos/l3_vrrp.html#wp1074871)

Note: Unlike HSRP which can track interface status directly, VRRP can only track interface status through a tracked object.

Question 4

Explanation

One disadvantage of HSRP and VRRP is that only one router is in use, other routers must wait for the primary to fail because they can be used. However, Gateway Load Balancing Protocol (GLBP) can use of up to four routers simultaneously. In GLBP, there is still only one virtual IP address but each router has a different virtual MAC address. First a GLBP group must elect an Active Virtual Gateway (AVG). The AVG is responsible for replying ARP requests from hosts/clients. It replies with different virtual MAC addresses that correspond to different routers (known as Active Virtual Forwarders – AVFs) so that clients can send traffic to different routers in that GLBP group (load sharing).

Question 5

Question 6

Frame Relay Sim

Question

Enter IOS commands on the Dubai router to verify network operation and answer four multiple-choice questions. THIS TASK DOES NOT REQUIRE DEVICE CONFIGURATION.

Note: If you are not sure about Frame-Relay, please read my Frame Relay tutorial.

To answer 4 questions below, you have to type show frame-relay map and show running-config to get its configuration. You can use the outputs of these commands to answer all 4 multiple-choice questions.

Dubai#sh frame-relay map
Serial1/0 (up): ip 10.60.0.2 dlci 704 (0x7B,0x1CB0), dynamic,
                    broadcast,, status defined, active
Serial1/0 (up): ip 10.60.0.3 dlci 196 (0xEA,0x38A0), dynamic,
                    broadcast,, status defined, active
Serial1/0 (up): ip 10.60.0.4 dlci 702 (0x159,0x5490), dynamic,
                    broadcast,, status defined, active
Serial1/0 (up): ip 10.60.0.5 dlci 344 (0x1CB,0x7080), dynamic,
                    broadcast,, status defined, active 
---------------------------------------------------------------------------
Dubai#sh run
interface Serial1/0
 ip address 10.60.0.1 255.255.255.240
 encapsulation frame-relay
!
interface Serial1/1
 ip address 192.168.0.1 255.255.255.252
!
interface Serial1/2
 ip address 192.168.0.5 255.255.255.252
 encapsulation ppp
!
interface Serial1/3
 ip address 192.168.0.9 255.255.255.252
 encapsulation ppp
 ppp authentication chap
!
router rip
 version 2
 network 10.60.0.0
 network 192.168.0.0
 no auto-summary
!
line con 0
 exec-timeout 0 0
line aux 0
line vty 0 4
 password T1net
 login
!

Question 1

Explanation

To see what DLCI is used for the destination 10.60.0.4 we can check the output of “show frame-relay map” command:
Serial1/0 (up): ip 10.60.0.4 dlci 702 … -> The DLCI in this case is 702.

Question 2

Explanation

From the output of “show frame-relay map” command, we learn the IP address of S-AMER is 10.60.0.3 and the DLCI used to reach there is 196 so B is the correct answer.

Question 3

Explanation

From the output of “show running-config” command we learn that interface S1/1 (connected to MidEast) does not declare any encapsulation -> It uses the default encapsulation HDLC.

Note: High-Level Data Link Protocol (HDLC) is the default WAN encapsulation for Cisco routers.

Question 4

Explanation

This question is not clear for a long time but now maybe the trick was solved. What Cisco wants to ask is the word used as password, not the type of connection, so in the exam you might see some strange words for answers like “En8ble”, “T1net”, “C0nsole”. All you have to do is to use the command “show running-config” as wx4 mentioned below to find the answer.

wx4 commented:

Q4: if password required which?
in my example it was connection to North!

How to figure out which pw is required?

#show running-config

1. check the interface to the router you need connection to. If there is “ppp authentication” you need a password!

2. you will find the password on the top of your running-config output

check the area:

username North password c0nsole
username xxxxx yyyyy
username…

in my case it was c0nsole, in your case it can be no password needed or a different password.

If you are still not clear, please read anton‘s comment:

A big question I noticed here was about the FR Lab regarding the password. You have to perform a show running-config and look for USERNAME and PASSWORD.
i.e.
username South_Router password c0nsol3
username North_Router password t31net

Obviously this has to be en PPP encapsulation, if asked for a posible password for SOUTH_ROUTER you pick c0nsol3, and for NORTH_ROUTER you pick t31net. If you’re running HDLC, i would pick “no password is required”.

VTP Configuration Sim

Question

Answer and Explanation

If you are not sure about VTP, please read my VTP tutorial

The question states we can’t access the router so we can only get required information from switch building_1. Click on the PC connected with switch building_1 (through a console line) to access switch building_1’s CLI. On this switch use the show running-config command:

building_1#show running-config

Next use the show vtp status command to learn about the vtp domain on this switch

building_1#show vtp status

(Notice: the IP address, IP default-gateway and VTP domain name might be different!!!)

You should write down these 3 parameters carefully.

Configuring the new switch
+ Determine and configure the IP host address of the new switch

The question requires “for the switch host address, you should use the last available IP address on the management subnet”. The building_1 switch’s IP address, which is 192.168.22.50 255.255.255.224, belongs to the management subnet.

Increment: 32 (because 224 = 1110 0000)
Network address: 192.168.22.32
Broadcast address: 192.168.22.63

->The last available IP address on the management subnet is 192.168.22.62 and it hasn’t been used (notice that the IP address of Fa0/1 interface of the router is also the default gateway address 192.168.22.35).

Also notice that the management IP address of a switch should be configured in Vlan1 interface. After it is configured, we can connect to it via telnet or SSH to manage it.

Switch2#configure terminal
Switch2(config)#interface Vlan1
Switch2(config-if)#ip address 192.168.22.62 255.255.255.224Switch2(config-if)#no shutdown

+ Determine and configure the default gateway of the new switch

The default gateway of this new switch is same as that of building_1 switch, which is 192.168.22.35

Switch2(config-if)#exit
Switch2(config)#ip default-gateway 192.168.22.35

+ Determine and configure the correct VTP domain name for the new switch

The VTP domain name shown on building_1 switch is 9tut so we have to use it in the new switch (notice: the VTP domain name will be different in the exam and it is case sensitive so be careful)

Switch2(config)# vtp domain 9tut

+ Configure the new switch as a VTP client

Switch2(config)#vtp mode client

We should check the new configuration with the “show running-config” & “show vtp status”; also try pinging from the new switch to the the default gateway to make sure it works well.

Finally save the configuration

Switch2(config)#exit
Switch2#copy running-config startup-config

Nat Sim

Question

A network associate is configuring a router for the TUT company to provide internet access. The ISP has provided the company six public IP addresses of 198.18.184.105 198.18.184.110. The company has 14 hosts that need to access the internet simultaneously. The hosts in the company LAN have been assigned private space addresses in the range of 192.168.100.17 – 192.168.100.30.

The following have already been configured on the router： – The basic router configuration – The appropriate interfaces have been configured for NAT inside and NAT outside – The appropriate static routes have also been configured (since the company will be a stub network, no routing protocol will be required.) – All passwords have been temporarily set to “cisco”

Tasks:
+ Use NAT to provide Internet access to all hosts in the company LAN.
+ Name the router TUT
+ Inside global addresses: 198.18.184.105 198.18.184.110/29
+ Inside local addresses: 192.168.100.17 – 192.168.100.30/28
+ Numer of inside hosts: 14

Solution:

The company has 14 hosts that need to access the internet simultaneously but we just have 6 public IP addresses from 198.18.184.105 to 198.18.184.110/29. Therefore we have to use NAT overload (or PAT) Double click on the Weaver router to open it

Router>enable 
Router#configure terminal

First you should change the router’s name to TUT

Router(config)#hostname TUT

Create a NAT pool of global addresses to be allocated with their subnet mask.

TUT(config)#ip nat pool mypool 198.18.184.105 198.18.184.110 netmask 255.255.255.248

Create a standard access control list that permits the addresses that are to be translated

TUT(config)#access-list 1 permit 192.168.100.16 0.0.0.15

Establish dynamic source translation, specifying the access list that was defined in the prior step

TUT(config)#ip nat inside source list 1 pool mypool overload

This command translates all source addresses that pass access list 1, which means a source address from 192.168.100.17 to 192.168.100.30, into an address from the pool named mypool (the pool contains addresses from 198.18.184.105 to 198.18.184.110).

Overload keyword allows to map multiple IP addresses to a single registered IP address (many-to-one) by using different ports.

The question said that appropriate interfaces have been configured for NAT inside and NAT outside statements. This is how to configure the NAT inside and NAT outside, just for your understanding:

TUT(config)#interface fa0/0 
TUT(config-if)#ip nat inside 
TUT(config-if)#exit 
TUT(config)#interface s0/0 
TUT(config-if)#ip nat outside 
TUT(config-if)#end

Finally, we should save all your work with the following command:

TUT#copy running-config startup-config

Check your configuration by going to “Host for testing” and type:

C:\>ping 192.0.2.114

The ping should work well and you will be replied from 192.0.2.114

You can download this sim and practice with Packet Tracer here: CCNA_NAT_sim_question.zip

OSPF Sim

Question

9tut.net company has decided to network three locations to improve efficiency in inventory control. The routers have been named to reflect the location: Boston, Frankfurt, Lancaster.

The necessary networking has been completed at each location, and the routers have been configured with single area OSPF as the routing protocol. The Boston router was recently installed but connectivity is not complete because of incomplete routing tables. Identify and correct any problem you see in the configuration.

Note: The OSPF process must be configured to allow interfaces in specific subnets to participate in the routing process.

You can download this lab and open with Packet Tracer here: OSPF_Sim_with_Solution.zip. Please say thanks to Renan who shared the files with us!

Answer and Explanation:

The question mentioned Boston router was not configured correctly or incomplete so we should check this router first. Click on PC-B to access the command line interface (CLI) of Boston router.

Boston>enable (type cisco as its password here)

Boston#show running-config

First, remember that the current OSPF Process ID is 2 because we will need it for later configuration. Next notice that in the second “network” command the network and wildcard mask are 192.168.155.0 and 0.0.0.3 which is equivalent to 192.168.155.0 255.255.255.252 in term of subnet mask. Therefore this subnetwork’s range is from 192.168.155.0 to 192.168.155.3 but the ip address of s0/0 interface of Boston router is 192.168.155.5which don’t belong to this range -> this is the reason why OSPF did not recognize s0 interface of Boston router as a part of area 0. So we need to find a subnetwork that s0 interface belongs to.

IP address of S0 interface: 192.168.155.5/30

Subnet mask: /30 = 1111 1111.1111 1111.1111 1111.1111 1100

Increment: 4

Network address (which IP address of s0 interface belongs to): 192.168.155.4 (because 4 * 1 = 4 < 5)

Therefore we must use this network instead of 192.168.155.0 network

Boston#configure terminal

Boston(config)#router ospf 2

Boston(config-router)#no network 192.168.155.0 0.0.0.3 area 0

Boston(config-router)#network 192.168.155.4 0.0.0.3 area 0

Boston(config-router)#end

Boston#copy running-config startup-config

Finally, you should issue a ping command from Boston router to Lancaster router to make sure it works well.

Boston#ping 192.168.43.1

Other lab-sims might appear in the real ICND 2 exam, read and understand them if you have enough time.

EIGRP Troubleshooting Sim

We don’t have enough information about this sim to make a complete solution but here is some information from the candidates about this sim so far:

Topology:

“NEW EIGRP non-config sim with 6 routers had 4 questions:
1. Why loopback interfaces’ networks from one router do not come to another one via eigrp? weren’t advertised by network command on the 1st router (sh run).
2. Why two routers cannot establish neighbor relationship? weren’t advertised by network command on the 1st router (sh run).
3. Which route will be used for packets to get to R1 from R5? R1 -> R2 (i didn’t have load balancing)
4. Why R1 cannot ping loopback interface IP address 10.5.5.55 on R5? address was not advertised on R5 by network subcommand (sh run).
———————————————————————————————————-
The EIGRP non-config sim with 6 routers had 4 questions:
1. Why loopback interfaces’ networks from one router do not come to another one via eigrp? In my case an answer was because they weren’t advertised by network command on the 1st router (sh run).
2. Why two routers cannot establish neighbour relationship? The answer was mismatched K-values (sh ip protocols).
3. Which route will be used for packets to get to R1 from R5? The answer was that the packets will go R1->R2->R5 AND R1->R3->R5 with equal-cost balancing (sh ip route and you’ll see two possible routes to R5 with equal eigrp metric).
4. Why R1 cannot ping loopback interface IP address 10.5.5.55 on R5? The answer was that this address was not advertised on R5 by network subcommand (sh run).
———————————————————————————————————-
EIGRP Sim 4 questions embedded.(6 routers and 2 switches). Know your show commands to troubleshoot EIGRP. K-Values, AS, Routing Table etc. Frame-Relay Sim was same concept as Dubai Sim but different locations. Again show commands and frame-relay show commands to troubleshoot
———————————————————————————————————-
 the new EIGRP SIM has similar topology to OSPF SIM with 6 Routers the one which is usually asked in ICND1.

1) R4 has loopback routes and these routes are not displayed in R6 — Summary was on
2) R1 cannot ping R5 x.x.x.x address — interface shutdown
3) Which path would R1 take to reach R5 — equal Successor routes
4) R4 and R5 cannot form neighbor relationship — R5 has passive interface enabled.”

3-2 Using the Command-Line Interface (CLI)

Once IOS has finished loading up, it will ask you to press Return to continue. While waiting for you to press return, it will display the status of every interface as shown below.

 

Press RETURN to get started!
*Mar  1 00:09:01.271: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down
*Mar  1 00:09:01.583: %LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down
*Mar  1 00:09:02.271: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down
*Mar  1 00:09:02.583: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down

Once you press enter, you will arrive at the Router> prompt. If the router has a startup config with authentication configured, such as in the case of most brand new ISRs, you will be prompted for a username and/or password before you will arrive at the prompt. For new ISRs cisco is the username and password. We will cover authentication later in the chapter. For now consider the prompt that you will see. The text before the greater-than sign (>) is the hostname of the device. By default Router or Switch is the default name depending on the device.

IOS modes

The CLI of the IOS is divided into different modes or levels. Each mode serves a different purpose and has different sets of commands. It is important to be familiar with different modes that you will encounter in this book. Covering all the modes is out of the scope of CCNA.

The character after the hostname of the device tells you which mode you are in. When you first start a router and press enter, you are at theRouter> prompt. The greater-than sign (>) tells you that you are in the user exec mode or level 1. This mode is mostly used to view statistics. You cannot view or edit configuration of the device from this mode. This mode also serves as the stepping-stone to the next mode, the privileged exec mode or level 15. At this level the prompt changes to the dollar sign (#). To go to the privileged exec mode from the user exec mode, type enable command on the prompt and press enter as shown below. Notice the change in prompt after the command is entered.

Router>enable
Router#

Congratulations! You just entered your first command on an IOS device.

To go back to the user exec mode, you can use the disable command as shown below:

Router#disable
Router>

To close the CLI session, use the logout command in any mode.

At the privileged exec mode you can view the configuration and statistics related to every component and process of the device but cannot make changes to the configuration. To be able to make changes to the configuration of the device, you will need to go to the global configuration mode using the configure terminal command in the privileged exec mode as shown below. Notice that the prompt changes toRouter(config)# after you enter the command. (config)# tells you that you are in the global configuration mode.

Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#

In this mode, you can make changes to the configuration of the device. You must remember three things about the global configuration mode:

1. All changes affect the running config. These changes are not persistent after a reboot unless running config is saved to the startup config.
2. All changes have an immediate effect on the device.
3. The global configuration mode has sub-modes. While some changes can be made in the global configuration mode, changes to specific components, such as interfaces, must be done in dedicated sub-modes.

From the global configuration mode you can go to different sub modes to configure specific components. While most of the sub modes are beyond the scope of CCNA, a few of the modes that you will come across in the book are discussed in Table 3-4.

Table 3-4 IOS Sub-modes

Sub-mode name	Purpose	Sub-mode prompt	Command to enter sub-mode
Interface Configuration	In this mode you can configure individual interfaces of the device. You can configure protocol, layer 3 addressing etc. in this mode.	Router(config-if)#	interface <interface-name> Example: Router(config)#interface fastEthernet 0/0 Router(config-if)#
Line configuration	In this mode you can configure the console, telnet and auxillary lines, which are used for exec sessions.	Router(config-line)#	line {con | vty | aux}number Example: Router(config)#line console 0 Router(config-line)#
Routing Configuration	In this mode you can configure the routing protocols.	Router(config-router)#	router protocol [number] Example: Router(config)#router rip Router(config-router)#

IOS Editing and Help Features

While configuring a device running IOS, using the CLI is mostly about remembering the different commands and options. Cisco makes it easier to do this by providing various editing and help features. The help feature is a lifesaver. You can use a question mark (?) at any place to see a list of available commands or options, as shown below.

Router#configure ?
confirm            Confirm replacement of running-config with a new config
file
memory             Configure from NV memory
network            Configure from a TFTP network host
overwrite-network  Overwrite NV memory from TFTP network host
replace            Replace the running-config with a new config file
terminal           Configure from the terminal
<cr>

In the above output when a question mark (?) is entered after the configure command, a list of available options is displayed. Notice thatterminal is one of the options. Another example is given below.

Router#?
Exec commands:
access-enable        Create a temporary Access-List entry
access-profile       Apply user-profile to interface
access-template      Create a temporary Access-List entry
alps                 ALPS exec commands
archive              manage archive files
audio-prompt         load ivr prompt
auto                 Exec level Automation
beep                 Blocks Extensible Exchange Protocol commands
bfe                  For manual emergency modes setting
call                 Voice call
ccm-manager          Call Manager Application exec commands
cd                   Change current directory
clear                Reset functions
clock                Manage the system clock
cns                  CNS agents
configure            Enter configuration mode
connect              Open a terminal connection
copy                 Copy from one file to another
credential           load the credential info from file system
crypto               Encryption related commands.
ct-isdn              Run an ISDN component test command
–More–

In the above output, the numbers of options are more than the available screen size, hence the output pauses and you see the –More– text. At this point you can press space to see the rest of the output or press q to quit back to the prompt. A final example of the help feature is given below.

Router(config)#i?
identity      interface  ip   ipc
iphc-profile  ipv6       ipx  irec-agent
isis          iua        ivr  ixi

In the above output notice that a question mark was entered after a single character. This causes IOS to display a list of options starting with that character. You can enter a question mark after multiple characters to see a list of options starting with those characters. For example, type in? at the above prompt will show a list consisting of interface option only. This brings up an interesting feature of the CLI. If you type a few characters which are unique to a command and press the tab key, the IOS will complete the command for you. In fact if you type the first few unique characters of the command, you need not press tab or complete the command. IOS will understand which command you want. For example if you type int and press tab then IOS will complete the command. Another example is shown below.

Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#

Notice that the configure terminal command is executed at conf t. The IOS sees that the only command which starts with conf is configure,while terminal is the only option which starts with t.

Apart from these help features, the IOS provides some meaningful messages when you enter an incomplete or wrong command. Take a look at few of these messages shown below.

Router#confguire terminal
^
% Invalid input detected at ‘^’ marker. 

The above message tells that there is an error in the command marked by the caret sign (^). Because of the sign, it is easy to see that there is a typing mistake in the command.

Router(config)#interface
% Incomplete command.

The above message tells that you have entered and incomplete command. More options are needed with the command. In such a situation, you can use the question mark after the command to see available options.

Router(config)#s
% Ambiguous command:  “s”

The above message shows that you have not typed enough unique characters. There are multiple commands that start with the characters that you have entered.

While using the CLI, these help features and messages are immensely useful, but you also need to know about a few key combinations that you can use while typing commands. Table 3-5 shows a list of these key combinations.

Table 3-5 IOS editing key combinations

Key or Combination	Purpose
Left Arrow or Ctrl+b	Move cursor one character back
Right Arrow or Ctrl+f	Move cursor one character forward
Esc+b	Move cursor one word back
Esc+f	Move cursor one word forward
Ctrl+a	Move cursor to the start of line
Ctrl+e	Move cursor to end of line
Ctrl+d or Backspace	Delete one character before the cursor
Ctrl+w	Delete one word before the cursor
Ctrl+u	Deletes the entire line
Ctrl+z	Leave configuration mode and go back to privileged exec mode
Ctrl+p or Up arrow	Shows the previous command entered
Ctrl+n or Down arrow	Shows the next command entered after up arrow/Ctrl+p has been used.

Another useful feature of the CLI is the show history command. This command lists the last 20 commands that you have entered in the session. An example is shown below:

Router#show history
enable
configure terminal
exit
show version
show run
show history

The number of commands that can be stored by the router in the history can be changed using the terminal history size command. You use the command to change the size of history from 0 to 256. An example is shown below:

Router#terminal history size ?
<0-256> Size of history buffer
Router#terminal history size 25

The configured size of the history can be confirmed by using the show terminal command as shown below:

myRouter#show terminal
Line 194, Location: “”, Type: “XTERM-COLOR”
Length: 45 lines, Width: 202 columns
Baud rate (TX/RX) is 9600/9600
Status: PSI Enabled, Ready, Active, No Exit Banner, Automore On
Capabilities: none
Modem state: Ready
Special Chars: Escape  Hold  Stop  Start  Disconnect  Activation
^^x    none   –     –       none
Timeouts:      Idle EXEC    Idle Session   Modem Answer  Session   Dispatch
00:10:00        never                        none     not set
Idle Session Disconnect Warning
never
Login-sequence User Response
00:00:30
Autoselect Initial Wait
not set
Modem type is unknown.
Session limit is not set.
Time since activation: 00:00:31
Editing is enabled.
History is enabled, history size is 50.DNS resolution in show commands is enabled
Full user help is disabled
Allowed input transports are pad telnet rlogin lapb-ta mop v120 ssh.
Allowed output transports are pad telnet rlogin lapb-ta mop v120 ssh.
Preferred transport is telnet.
No output characters are padded
No special data dispatching characters

In the above output, you can see that history is enabled and the history size is 50.

The last feature of CLI that you need to know about before proceeding is the do command. As you already know, commands can only be entered in particular modes. For example, show terminal command can be executed only in the user privilege mode and not in the configuration mode. If you are in the configuration mode or one of the sub-configuration modes, you will need to exit out of that mode and get back to the user privilege mode to execute that command. This can be inconvenient at times when you want to quickly verify something while configuring the device. To get around the need to exit back to the user privilege mode, you can use the do command followed by any privilege exec mode command to execute it from any mode you are. For example, the do show terminal command at the configuration mode will execute the show terminal command as if you were in the privilege exec mode. The example below shows what happens when the command is executed with and without do:

Router(config)#show terminal                   ^
% Invalid input detected at ‘^’ marker.

Router(config)#do show terminalLine 194, Location: “”, Type: “XTERM-COLOR”
Length: 45 lines, Width: 202 columns
Baud rate (TX/RX) is 9600/9600
Status: PSI Enabled, Ready, Active, No Exit Banner, Automore On
Capabilities: none
Modem state: Ready
Special Chars: Escape  Hold  Stop  Start  Disconnect  Activation
^^x    none   –     –       none
Timeouts:      Idle EXEC    Idle Session   Modem Answer  Session   Dispatch
00:10:00        never                        none     not set
Idle Session Disconnect Warning
never
Login-sequence User Response
00:00:30
Autoselect Initial Wait
not set
Modem type is unknown.
Session limit is not set.
Time since activation: 00:00:14
Editing is enabled.
History is enabled, history size is 20.
DNS resolution in show commands is enabled
Full user help is disabled
Allowed input transports are pad telnet rlogin lapb-ta mop v120 ssh.
Allowed output transports are pad telnet rlogin lapb-ta mop v120 ssh.
Preferred transport is telnet.
No output characters are padded
No special data dispatching characters

In the above output, notice that the first command generated an error.  But when it was executed with a preceding do command, it was executed.