Host and IOS Commands
IP Configuration on a Windows Host
If you have used any of the tools in the previous topic to verify connectivity and found that some part of your network is not working as it should, now is the time to use some commands to troubleshoot your devices. Host and IOS commands can help you determine if the problem is with the IP addressing of your devices, which is a common network problem.
Checking the IP addressing on host devices is a common practice in networking for verifying and troubleshooting end-to-end connectivity. In Windows 10, you can access the IP address details from the Network and Sharing Center, as shown in the figure, to quickly view the four important settings: address, mask, router, and DNS.
However, network administrators typically view the IP addressing information on a Windows host by issuing the ipconfig command at the command line of a Windows computer, as shown in the sample output.
C:\Users\PC-A> ipconfig Windows IP Configuration (Output omitted) Wireless LAN adapter Wi-Fi: Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::a4aa:2dd1:ae2d:a75e%16 IPv4 Address. . . . . . . . . . . : 192.168.10.10 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.10.1 (Output omitted)
Use the ipconfig /all command to view the MAC address, as well as a number of details regarding the Layer 3 addressing of the device, as shown in the example output.
C:\Users\PC-A> ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : PC-A-00H20 Primary Dns Suffix . . . . . . . : cisco.com Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : cisco.com (Output omitted) Wireless LAN adapter Wi-Fi: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) Dual Band Wireless-AC 8265 Physical Address. . . . . . . . . : F8-94-C2-E4-C5-0A DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::a4aa:2dd1:ae2d:a75e%16(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.10.10(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : August 17, 2019 1:20:17 PM Lease Expires . . . . . . . . . . : August 18, 2019 1:20:18 PM Default Gateway . . . . . . . . . : 192.168.10.1 DHCP Server . . . . . . . . . . . : 192.168.10.1 DHCPv6 IAID . . . . . . . . . . . : 100177090 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-21-F3-76-75-54-E1-AD-DE-DA-9A DNS Servers . . . . . . . . . . . : 192.168.10.1 NetBIOS over Tcpip. . . . . . . . : Enabled
If a host is configured as a DHCP client, the IP address configuration can be renewed using the ipconfig /release and ipconfig /renew commands, as shown in the sample output.
C:\Users\PC-A> ipconfig /release (Output omitted) Wireless LAN adapter Wi-Fi: Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::a4aa:2dd1:ae2d:a75e%16 Default Gateway . . . . . . . . . : (Output omitted) C:\Users\PC-A> ipconfig /renew (Output omitted) Wireless LAN adapter Wi-Fi: Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::a4aa:2dd1:ae2d:a75e%16 IPv4 Address. . . . . . . . . . . : 192.168.1.124 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 (Output omitted) C:\Users\PC-A>
The DNS Client service on Windows PCs also optimizes the performance of DNS name resolution by storing previously resolved names in memory. The ipconfig /displaydns command displays all of the cached DNS entries on a Windows computer system, as shown in the example output.
C:\Users\PC-A> ipconfig /displaydns Windows IP Configuration (Output omitted) netacad.com ---------------------------------------- Record Name . . . . . : netacad.com Record Type . . . . . : 1 Time To Live . . . . : 602 Data Length . . . . . : 4 Section . . . . . . . : Answer A (Host) Record . . . : 188.8.131.52 (Output omitted)
IP Configuration on a Linux Host
Verifying IP settings using the GUI on a Linux machine will differ depending on the Linux distribution (distro) and desktop interface. The figure shows the Connection Information dialog box on the Ubuntu distro running the Gnome desktop.
On the command line, network administrators use the ifconfig command to display the status of the currently active interfaces and their IP configuration, as shown in the output.
[analyst@secOps ~]$ ifconfig enp0s3 Link encap:Ethernet HWaddr 08:00:27:b5:d6:cb inet addr: 10.0.2.15 Bcast:10.0.2.255 Mask: 255.255.255.0 inet6 addr: fe80::57c6:ed95:b3c9:2951/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1332239 errors:0 dropped:0 overruns:0 frame:0 TX packets:105910 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1855455014 (1.8 GB) TX bytes:13140139 (13.1 MB) lo: flags=73<up,loopback,running> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10 loop txqueuelen 1000 (Local Loopback) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0</up,loopback,running>
The Linux ip address command is used to display addresses and their properties. It can also be used to add or delete IP addresses.
Note: The output displayed may vary depending on the Linux distribution.
IP Configuration on a macOS Host
In the GUI of a Mac host, open Network Preferences > Advanced to get the IP addressing information, as shown in the figure.
However, the ifconfig command can also be used to verify the interface IP configuration a shown in the output.
MacBook-Air:~ Admin$ ifconfig en0 en0: flags=8863 mtu 1500 ether c4:b3:01:a0:64:98 inet6 fe80::c0f:1bf4:60b1:3adb%en0 prefixlen 64 secured scopeid 0x5 inet 10.10.10.113 netmask 0xffffff00 broadcast 10.10.10.255 nd6 options=201 media: autoselect status: active MacBook-Air:~ Admin$
Other useful macOS commands to verify the host IP settings include networksetup -listallnetworkservices and the networksetup -getinfo <network service>, as shown in the following output.
MacBook-Air:~ Admin$ networksetup -listallnetworkservices An asterisk (*) denotes that a network service is disabled. iPhone USB Wi-Fi Bluetooth PAN Thunderbolt Bridge MacBook-Air:~ Admin$ MacBook-Air:~ Admin$ networksetup -getinfo Wi-Fi DHCP Configuration IP address: 10.10.10.113 Subnet mask: 255.255.255.0 Router: 10.10.10.1 Client ID: IPv6: Automatic IPv6 IP address: none IPv6 Router: none Wi-Fi ID: c4:b3:01:a0:64:98 MacBook-Air:~ Admin$
The arp Command
The arp command is executed from the Windows, Linux, or Mac command prompt. The command lists all devices currently in the ARP cache of the host, which includes the IPv4 address, physical address, and the type of addressing (static/dynamic), for each device.
For instance, refer to the topology in the figure.
The output of the arp -a command on the Windows PC-A host is displayed.
C:\Users\PC-A> arp -a Interface: 192.168.93.175 --- 0xc Internet Address Physical Address Type 10.0.0.2 d0-67-e5-b6-56-4b dynamic 10.0.0.3 78-48-59-e3-b4-01 dynamic 10.0.0.4 00-21-b6-00-16-97 dynamic 10.0.0.254 00-15-99-cd-38-d9 dynamic
The arp -a command displays the known IP address and MAC address binding. Notice how IP address 10.0.0.5 is not included in the list. This is because the ARP cache only displays information from devices that have been recently accessed.
To ensure that the ARP cache is populated, ping a device so that it will have an entry in the ARP table. For instance, if PC-A pinged 10.0.0.5, then the ARP cache would contain an entry for that IP address.
The cache can be cleared by using the netsh interface ip delete arpcache command in the event the network administrator wants to repopulate the cache with updated information.
Note: You may need administrator access on the host to be able to use the netsh interface ip delete arpcache command.
Common show Commands Revisited
In the same way that commands and utilities are used to verify a host configuration, commands can be used to verify the interfaces of intermediary devices. The Cisco IOS provides commands to verify the operation of router and switch interfaces.
The Cisco IOS CLI show commands display relevant information about the configuration and operation of the device. Network technicians use show commands extensively for viewing configuration files, checking the status of device interfaces and processes, and verifying the device operational status. The status of nearly every process or function of the router can be displayed using a show command.
Commonly used show commands and when to use them are listed in the table.
|Command||Useful for …|
|show running-config||To verify the current configuration and settings|
|show interfaces||To verify the interface status and see if there are any error messages|
|show ip interface||To verify the Layer 3 information of an interface|
|show arp||To verify the list of known hosts on the local Ethernet LANs|
|show ip route||To verify the Layer 3 routing information|
|show protocols||To verify which protocols are operational|
|show version||To verify the memory, interfaces, and licences of the device|
Verifies the current configuration and settings
R1# show running-config
! version 15.5 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname R1 ! interface GigabitEthernet0/0/0 description Link to R2 ip address 184.108.40.206 255.255.255.252 negotiation auto ! interface GigabitEthernet0/0/1 description Link to LAN ip address 192.168.10.1 255.255.255.0 negotiation auto ! router ospf 10 network 192.168.10.0 0.0.0.255 area 0 network 220.127.116.11 0.0.0.3 area 0 ! banner motd ^C Authorized access only! ^C ! line con 0 password 7 14141B180F0B login line vty 0 4 password 7 00071A150754 login transport input telnet ssh ! end R1#
Verifies the interface status and displays any error messages
R1# show interfaces GigabitEthernet0/0/0 is up, line protocol is up Hardware is ISR4321-2x1GE, address is a0e0.af0d.e140 (bia a0e0.af0d.e140) Description: Link to R2 Internet address is 18.104.22.168/30 MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive not supported Full Duplex, 100Mbps, link type is auto, media type is RJ45 output flow-control is off, input flow-control is off ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:01, output 00:00:21, output hang never Last clearing of "show interface" counters never Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 5127 packets input, 590285 bytes, 0 no buffer Received 29 broadcasts (0 IP multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 5043 multicast, 0 pause input 1150 packets output, 153999 bytes, 0 underruns 0 output errors, 0 collisions, 2 interface resets 0 unknown protocol drops 0 babbles, 0 late collision, 0 deferred 1 lost carrier, 0 no carrier, 0 pause output 0 output buffer failures, 0 output buffers swapped out GigabitEthernet0/0/1 is up, line protocol is up
show ip interface
Verifies the Layer 3 information of an interface
R1# show ip interface GigabitEthernet0/0/0 is up, line protocol is up Internet address is 22.214.171.124/30 Broadcast address is 255.255.255.255 Address determined by setup command MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is disabled Multicast reserved groups joined: 126.96.36.199 188.8.131.52 Outgoing Common access list is not set Outgoing access list is not set Inbound Common access list is not set Inbound access list is not set Proxy ARP is enabled Local Proxy ARP is disabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP Flow switching is disabled IP CEF switching is enabled IP CEF switching turbo vector IP Null turbo vector Associated unicast routing topologies: Topology "base", operation state is UP IP multicast fast switching is enabled IP multicast distributed fast switching is disabled IP route-cache flags are Fast, CEF Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP header compression is disabled RTP/IP header compression is disabled Probe proxy name replies are disabled Policy routing is disabled Network address translation is disabled BGP Policy Mapping is disabled Input features: MCI Check IPv4 WCCP Redirect outbound is disabled IPv4 WCCP Redirect inbound is disabled IPv4 WCCP Redirect exclude is disabled GigabitEthernet0/0/1 is up, line protocol is up
Verifies the list of known hosts on the local Ethernet LANs
R1# show arp Protocol Address Age (min) Hardware Addr Type Interface Internet 192.168.10.1 - a0e0.af0d.e141 ARPA GigabitEthernet0/0/1 Internet 192.168.10.10 95 c07b.bcc4.a9c0 ARPA GigabitEthernet0/0/1 Internet 184.108.40.206 - a0e0.af0d.e140 ARPA GigabitEthernet0/0/0 Internet 220.127.116.11 138 a03d.6fe1.9d90 ARPA GigabitEthernet0/0/0 R1#
show ip route
Verifies the Layer 3 routing information
R1# show ip route Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP a - application route + - replicated route, % - next hop override, p - overrides from PfR Gateway of last resort is 18.104.22.168 to network 0.0.0.0 O*E2 0.0.0.0/0 [110/1] via 22.214.171.124, 02:19:50, GigabitEthernet0/0/0 10.0.0.0/24 is subnetted, 1 subnets O 10.1.1.0 [110/3] via 126.96.36.199, 02:05:42, GigabitEthernet0/0/0 192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks C 192.168.10.0/24 is directly connected, GigabitEthernet0/0/1 L 192.168.10.1/32 is directly connected, GigabitEthernet0/0/1 188.8.131.52/24 is variably subnetted, 3 subnets, 2 masks C 184.108.40.206/30 is directly connected, GigabitEthernet0/0/0 L 220.127.116.11/32 is directly connected, GigabitEthernet0/0/0 O 18.104.22.168/30 [110/2] via 22.214.171.124, 02:07:19, GigabitEthernet0/0/0 R1#
Verifies which protocols are operational
R1# show protocols Global values: Internet Protocol routing is enabled GigabitEthernet0/0/0 is up, line protocol is up Internet address is 126.96.36.199/30 GigabitEthernet0/0/1 is up, line protocol is up Internet address is 192.168.10.1/24 Serial0/1/0 is down, line protocol is down Serial0/1/1 is down, line protocol is down GigabitEthernet0 is administratively down, line protocol is down R1#
Verifies the memory, interfaces, and licences of the device
R1# show version Cisco IOS XE Software, Version 03.16.08.S - Extended Support Release Cisco IOS Software, ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.5(3)S8, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2018 by Cisco Systems, Inc. Compiled Wed 08-Aug-18 10:48 by mcpre
ROM: IOS-XE ROMMON R1 uptime is 2 hours, 25 minutes Uptime for this control processor is 2 hours, 27 minutes System returned to ROM by reload System image file is "bootflash:/isr4300-universalk9.03.16.08.S.155-3.S8-ext.SPA.bin" Last reload reason: LocalSoft
Technology Package License Information: ----------------------------------------------------------------- Technology Technology-package Technology-package Current Type Next reboot ------------------------------------------------------------------ appxk9 appxk9 RightToUse appxk9 uck9 None None None securityk9 securityk9 Permanent securityk9 ipbase ipbasek9 Permanent ipbasek9 cisco ISR4321/K9 (1RU) processor with 1647778K/6147K bytes of memory. Processor board ID FLM2044W0LT 2 Gigabit Ethernet interfaces 2 Serial interfaces 32768K bytes of non-volatile configuration memory. 4194304K bytes of physical memory. 3207167K bytes of flash memory at bootflash:. 978928K bytes of USB flash at usb0:. Configuration register is 0x2102 R1#
The show cdp neighbors Command
There are several other IOS commands that are useful. The Cisco Discovery Protocol (CDP) is a Cisco proprietary protocol that runs at the data link layer. Because CDP operates at the data link layer, two or more Cisco network devices, such as routers that support different network layer protocols, can learn about each other even if Layer 3 connectivity has not been established.
When a Cisco device boots, CDP starts by default. CDP automatically discovers neighboring Cisco devices running CDP, regardless of which Layer 3 protocol or suites are running. CDP exchanges hardware and software device information with its directly connected CDP neighbors.
CDP provides the following information about each CDP neighbor device:
- Device identifiers – The configured host name of a switch, router, or other device
- Address list – Up to one network layer address for each protocol supported
- Port identifier – The name of the local and remote port in the form of an ASCII character string, such as FastEthernet 0/0
- Capabilities list – For example, whether a specific device is a Layer 2 switch or a Layer 3 switch
- Platform – The hardware platform of the device–for example, a Cisco 1841 series router.
Refer to the topology and the show cdp neighbor command output.
R3# show cdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone, D - Remote, C - CVTA, M - Two-port Mac Relay Device ID Local Intrfce Holdtme Capability Platform Port ID S3 Gig 0/0/1 122 S I WS-C2960+ Fas 0/5 Total cdp entries displayed : 1 R3#
The output displays that the R3 GigabitEthernet 0/0/1 interface is connected to the FastEthernet 0/5 interface of S3, which is a Cisco Catalyst 2960+ switch. Notice that R3 has not gathered information about S4. This is because CDP can only discover directly connected Cisco devices. S4 is not directly connected to R3 and therefore is not listed in the output.
The show cdp neighbors detail command reveals the IP address of a neighboring device, as shown in the output. CDP will reveal the IP address of the neighbor regardless of whether or not you can ping that neighbor. This command is very helpful when two Cisco routers cannot route across their shared data link. The show cdp neighbors detail command will help determine if one of the CDP neighbors has an IP configuration error.
As helpful as CDP is, it can also be a security risk because it can provide useful network infrastructure information to threat actors. For example, by default many IOS versions send CDP advertisements out all enabled ports. However, best practices suggest that CDP should be enabled only on interfaces that are connecting to other infrastructure Cisco devices. CDP advertisements should be disabled on user-facing ports.
Because some IOS versions send out CDP advertisements by default, it is important to know how to disable CDP. To disable CDP globally, use the global configuration command no cdp run. To disable CDP on an interface, use the interface command no cdp enable.
The show ip interface brief Command
One of the most frequently used commands is the show ip interface brief command. This command provides a more abbreviated output than the show ip interface command. It provides a summary of the key information for all the network interfaces on a router.
For example, the show ip interface brief output displays all interfaces on the router, the IP address assigned to each interface, if any, and the operational status of the interface.
R1# show ip interface brief Interface IP-Address OK? Method Status Protocol GigabitEthernet0/0/0 188.8.131.52 YES manual up up GigabitEthernet0/0/1 192.168.10.1 YES manual up up Serial0/1/0 unassigned NO unset down down Serial0/1/1 unassigned NO unset down down GigabitEthernet0 unassigned YES unset administratively down down R1#
Verify Switch Interfaces
The show ip interface brief command can also be used to verify the status of the switch interfaces, as shown in the output.
S1# show ip interface brief Interface IP-Address OK? Method Status Protocol Vlanl 192.168.254.250 YES manual up up FastEthernet0/l unassigned YES unset down down FastEthernet0/2 unassigned YES unset up up FastEthernet0/3 unassigned YES unset up up
The VLAN1 interface is assigned an IPv4 address of 192.168.254.250, has been enabled, and is operational.
The output also shows that the FastEthernet0/1 interface is down. This indicates that either no device is connected to the interface or the device that is connected has a network interface that is not operational.
In contrast, the output shows that the FastEthernet0/2 and FastEthernet0/3 interfaces are operational. This is indicated by both the status and protocol being shown as up.