Jump to content

Cisco Noob Guide

Recommended Posts

Especially on old-school devices, you might find no one logged any of the network topology and config details. If you are lucky (depends on your outlook) there is no password for the console connection. To connect over console, you will need an ethernet cable that plugs into a serial port on your config machine. If you do have a password on console port, hopefully it's something from your list of other device passwords. Probably a Level-15 account.


We will be in the CLI, so all those nice GUI configs you are used to with newer devices, are not at your disposal. So we have this guide for logging in, going into enable mode, then showing certain configurations. This can help you map a network out, especially if you inherited it and want to document and know how it really functions.


Starting out: (Run a cable from the console port on said switch, to your machine Serial port.)

  • Use PUTTY or a similar application to connect to COM1
  • Press Enter 2x. You should then see Console of some sort
  • Login when prompted for a password (or if none)
  • type 'en' without the quotes. This will take you to config / enable mode.
  • show ? will give you a list of available commands.
  • Start with show version to get an idea what platform and version of iOS (or PiX) you are dealing with.
  • show running-config will show you the currently running device configuration. Feel free to archive this into a flat file for reference later.
  • show vlan is huge if you need to know the VLANs defined on the network.

    Note: Your core switch will have them defined, then other devices can reference those VLANs and route accordingly. IF you do not have a VLAN defined somewhere, it will be useless to use as a target.



That's my primer on dorking your way though some older cisco devices. Granted these methods will work or be very similar in current, CLI based cisco sessions. Happy explorations.

Link to comment
  • 1 year later...

Kind of hard to believe this thread is from 2016.  But just to share about ip routes.  On old Pix devices (at least) to remove a route, you need to type no ip route with the network, subnet and destination you are removing.

So in this case, ssh to your device and be like:
*enter password again*
*press enter for terminal*
no ip route

* Presuming you had a route added for an internal network of on a /24, routing to a .10 device, the no prefix will let you remove it. *

write mem

The Exit takes you our of conf mode, so you can then write those changes to device memory.  If you find yourself managing older ASA Cisco devices, I really suggest using the ASDM software.  It runs off Java and is really picky with versions and self-signed certificates, so have a dedicated machine / VM for configuring with the ASDM software.  If you want to see how a network is configured the ASDM is a nice means to survey it.  Also of help when you are checking VPN tunnels to see what are active and moot.  One of the bigger benefits I got from using the ASDM is seeing if a VPN group is disabled, it will take down ALL tunnels in that group.  So I took to making various groups to manage active and inactive tunnels.
I had some CLI cowfolks making group changes and dropping all tunnels in one fell swoop, thus came my change for multiple groups to better define what purpose a tunnel is serving.


  • Like 1
Link to comment
  • Create New...