Cisco IOS

Cisco IOS (originally Internetwork Operating System) is the software used on the vast majority of Cisco Systems routers and current Cisco network switches. (Earlier switches ran CatOS.) IOS is a package of routing, switching, internetworking and telecommunications functions tightly integrated with a multitasking operating system.
The IOS CLI provides a fixed set of multiple-word commands — the set available is determined by the "mode" and the privilege level of the current user. "Global configuration mode" provides commands to change the system's configuration, and "interface configuration mode" provides commands to change the configuration of a specific interface. All commands are assigned a privilege level, from 0 to 15, and can only be accessed by users with the necessary privilege. Through the CLI, the commands available to each privilege level can be defined.
Versioning

Cisco IOS is versioned using three numbers and some letters, in the general form a.b(c.d)e, where:
a is the major version number.
b is the minor version number.
c is the release number, which begins at one and increments as new releases in the same a.b train are released.
d (omitted from general releases) is the interim build number.
e (zero, one or two letters) is the release train identifier, such as none (which designates the mainline, see below), T (for Technology), E (for Enterprise), S (for Service provider), XA as a special functionality train, XB as a different special functionality train, etc.

Rebuilds - Often a rebuild is compiled to fix a single specific problem or vulnerability for a given IOS version. For example, 12.1(8)E14 is a Rebuild, the 14 denoting the 14th rebuild of 12.1(8)E. Rebuilds are produced to either quickly repair a defect, or to satisfy customers who do not want to upgrade to a later major revision because they may be running critical infrastructure on their devices, and hence prefer to minimise change and risk.
Interim releases - Are usually produced on a weekly basis, and form a roll-up of current development effort. The Cisco advisory web site may list more than one possible interim to fix an associated issue (the reason for this is unknown to the general public).
Maintenance releases - Rigorously tested releases that are made available and include enhancements and bug fixes. Cisco recommend upgrading to Maintenance releases where possible, over Interim and Rebuild releases.
Trains

Cisco IOS releases are split into several "trains", each containing a different set of features. Trains more or less map onto distinct markets or groups of customers that Cisco is targeting.
The mainline train is designed to be the most stable release the company can offer, and its feature set never expands during its lifetime. Updates are released only to address bugs in the product. The previous technology train becomes the source for the current mainline train — for example, the 12.1T train becomes the basis for the 12.2 mainline. Therefore, to determine the features available in a particular mainline release, look at the previous T train release.
The T - Technology train, gets new features and bug fixes throughout its life, and is therefore potentially less stable than the mainline. (In releases prior to Cisco IOS Release 12.0, the P train served as the Technology train.) Cisco doesn't recommend usage of T train in production environments unless there is urgency to implement a certain T train's new IOS feature.
The S - Service Provider train, runs only on the company's core router products and is heavily customized for Service Provider customers.
The E - Enterprise train, is customized for implementation in enterprise environments.
The B - broadband train, support internet based broadband features.
The X* - The XA, XB ... special functionality train, needs to be documented
There are other trains from time to time, designed for specific needs — for example, the 12.0AA train contained new code required for Cisco's AS5800 product.

Cisco StackWise

Cisco StackWise is a technology offered by Cisco Systems that allows for up to nine Catalyst switch 3750 series switches to operate as though they were one 32-Gbit/s switch. This allows for greater resiliency, and performance.
One switch from the stack will act as the master switch. The master switch will maintain the stack and allow you to configure and monitor the whole stack as though one via a single console.
If one switch fails the remaining switches will continue to operate by looping back any information that would normally traverse the failed switch, effectively bypassing it. If the master switch fails, the next switch in the stack will automatically take over as master. This feature means greater redundancy, as one switch's failure will not bring about a failure of the entire stack.
As each switch contains the entire configuration for the stack one of the benefits of this technology is the ability to replace a down switch (any including master) with a new un-programmed switch. The stack will configure the new switch on the fly and allow for minimal downtime
StackWise effectively replaced the GigaStack found on lower-price models such as Catalyst 35xx and 29xx series.
Recently, there is a new variation of the technology, known as Cisco Stackwise Plus, offering 64Gbit/s nonblocking switching fabric speed.
Master Selection
The master switch of a stack is determined in the following order.
User specified.
The switch with the most advanced IOS, i.e. Advanced IP Services IPv6 (AIPv6), then Enhanced Multilayer Software Image (EMI) and then Standard Multilayer Software Image (SMI).
Programmed switch. A configured switch will preside over a switch with just the defaults.
Uptime. The switch that has been running the longest.
MAC address. The switch with the lowest MAC address.
Models

Like most Cisco product lines, the Catalyst Switch series evolves fairly rapidly. There are two general types of Catalyst switches: fixed configuration models that are usually one or two rack units in size, with 12 to 80 ports; and modular switches in which virtually every component, from the CPU card to power supplies to switch cards, are individually installed in a chassis.
As of 2011, the most popular fixed configuration switches are the WS-C2960, the WS-C3560 and WS-C3750 series at the high end, an entry level managed "express" series - with models beginning WS-CE (configurable by web interface only, no command line interface), the "ME" metroline series of switches, and a new "Small Business" series coming from Cisco's acquisition of Linksys. In addition, there are many excellent legacy switches suitable for most business and service provider needs no longer offered directly through Cisco (WS-C2950, WS-C3550 for example). Cisco fixed configuration switches come with a bewildering assortment of features (10/100 ports versus 10/100/1000 ports, some with power over Ethernet, some with varying types of gigabit and 10gig uplink ports, some with standard or enhanced software, varying power supplies) and it is difficult to tell what features a switch has (aside from the number of ports) from a visual inspection, and similar-appearing switches can have dramatically different features.
[edit]Cisco model names and switch features
In general, switch names start with WS-C, followed by the model line (2960). A letter at the end of this number signifies a special feature, followed by the number of ports (usually 24 or 48) and additional nomenclature indicating other features.
Cisco modular switches are much larger and are entirely configurable, beginning with a chassis, power supplies, the choice of supervisory engines (CPU mainboards), and switch modules. Among Cisco's modular series are:
The Cisco Catalyst 6500 Series is a chassis-based switch family. This series can support interfaces up to 10 Gigabit Ethernet in speed and redundant Supervisor modules.
The Cisco Catalyst 5500 Series and Cisco Catalyst 5000 Series is a chassis-based switch family. The Cisco Catalyst 5000 Series is acquired from another company. This entire series has now reached end-of-sale.
The Cisco Catalyst 4900 series is a fixed-configuration switch. Uplink interfaces are either SFP ports or 10 gigabit Ethernet, with 48 copper ports of 10/100/1000 Ethernet.
The Cisco Catalyst 4500 Series is a mid-range modular chassis based Switch manufactured by Cisco System.
The Cisco Catalyst 3000 and 3100 series switches are switches for use in blade-enclosures: the Catalyst 3032 is a Layer2 switch and the Catalyst 3130x and 3130G are blade-switches for the Dell M1000e enclosure.
The 1000 switch family is considered an edge device, having many functionalities that can be built as the device is very modular.


The inside of a Cisco 1900-series switch
1700: 24 10BaseT ports, 1 switchable MDI/MDIX uplink 10baseT/AUI/BNC port, and 2 Fast Ethernet ports. Runs neither CatOS nor IOS. Is a first-generation carryover from Cisco's acquisition of Grand Junction Networks.
19xx: 12 or 24 10BaseT ports and 2 Fast Ethernet ports. ISL trunking on the 100 Mbit/s ports. Runs neither CatOS nor IOS. It is in End-of-Life today.

Cisco Operating systems

Operating systems

In most cases, the technology for the Catalyst Switch was developed separately from Cisco's router technology. The Catalyst switches traditionally ran software called CatOS rather than the more widely known Cisco IOS software used by routers. However, this has changed as the product lines have merged closer together. In some cases, particularly in the modular chassis switches, a configuration called 'Hybrid' has emerged - this is where the layer 2 functions are configured using CatOS, and the layer 3 elements are configured using IOS. 'Native IOS' can also be found with newer software versions that have eliminated CatOS entirely in favor of IOS, even on hardware that originally required CatOS.
The latest version of IOS for the Catalyst 6500 series is 12.2(33)SXI which enables In-Service Software Upgrade (ISSU) via IOS Software Modularity.
Some newer Catalyst switch models (with recent versions of the Cisco IOS) also allow configuration via web-based graphical interface module which is hosted on a HTTP server located on the switch. The IOS config-mode command 'ip http-server' will enable this style of configuration. In series 12.x IOS, 'ip http-server' is always on as a factory default. The Catalyst 3750-series of switches is an example of a Cisco Catalyst switch that allows this style of GUI configuration via HTTP.
Some newer models of Catalyst switches (called Catalyst Express) no longer allow access to IOS or CatOS at all - these switches can only be configured by using a Graphical User Interface (GUI).
Interfaces

As Catalyst devices are primarily Ethernet switches, all modern Catalyst models have Ethernet interfaces, ranging from 10 Mbit/s to 10 Gbit/s depending on the model. Some models can accommodate Asynchronous Transfer Mode interfaces which can be used to bridge Ethernet traffic across wide area networks. Other models can support T1, E1, and ISDN PRI interfaces to provide connections to the PSTN. Legacy models supported a variety of interfaces, such as token ring, FDDI, and 100BaseVG, but are no longer sold by Cisco Systems.
Most models have basic layer 2 functions and are capable of switching Ethernet frames between ports. Commonly found additional features are VLANs, trunking (Cisco proprietary ISL or IEEE 802.1Q) and QoS or CoS. The switches, whether IOS or CatOS, are fully manageable.
Many Catalysts that run IOS are also capable of functioning as a router, making them layer 3 devices; when coupled with TCP and UDP filtering, these switches are capable of layer 2-4 operation. Depending on the exact software image, a Catalyst that runs IOS may be able to tackle large-scale enterprise routing tasks, using router technologies like OSPF or BGP.
Most chassis-based Catalyst models have the concept of field-replaceable "supervisor" cards. These work by separating the line cards, chassis, and processing engine (mirroring most Cisco router designs). The chassis provides power and a high-speed backplane, the line cards provide interfaces to the network, and the processing engine moves packets, participates in routing protocols, etc. This gives several advantages:
If a failure occurs, only the failed component needs to be replaced (typically a line card or supervisor). This means faster turnaround than having to uncable, unbolt, pull out, replace, re-bolt, and re-cable an entire switch, which may be as large as a quarter-rack, weigh over 150 pounds, and service over 500 cables.
A redundant supervisor engine may be installed to rapidly recover from supervisor failures. This is subject to restrictions (as some switches don't support redundant supervisors), but typically results in restoration times under 90 seconds.
A supervisor engine may be upgraded after purchase, increasing performance and adding features without losing any investment in the rest of the switch.
Additionally, most high-end switches off-load processing away from the supervisors, allowing line cards to switch traffic directly between ports on the same card without using any processing power or even touching the backplane. Naturally, this can't be done for all traffic, but basic layer-2 switching can usually be handled exclusively by the line card, and in many cases also more complex operations can be handled as well.
Management

Cisco switches are very popular for a number of reasons, including advanced customization and manageability. The switches can be configured using a serial console or a telnet session (or ssh if the correct OS is loaded along with the ssh keys generated). SNMP allows monitoring of many states, and measurement of traffic flows. Many devices can also run an HTTP server, but this is often disabled because of the security problems it creates - either because it's not encrypted, or because of the relatively frequent security vulnerabilities in the Cisco http daemon itself. Some Cisco switches focused on smaller organizations forego a command line interface and offer ONLY a web/html interface for configuration and management.
Configuration of the switch is done in plain text and is thus easy to audit - no special tools are required to generate a useful configuration. For sites with more than a few devices it is useful to set up a TFTP server for storing the configuration files and any IOS images for updating. Complex configurations are best created using a text editor (using a site standard template), putting the file on the TFTP server and copying it to the Cisco device. However, it can be noted that a TFTP server can present security problems.

Cisco Switch

Catalyst is the brand name for a variety of network switches sold by Cisco Systems. While commonly associated with Ethernet switches, a number of different interfaces have been available throughout the history of the brand. Cisco acquired several different companies and rebranded their products as different versions of the Catalyst product line. The original Catalyst 5000 and 6000 series were based on products originally developed by Crescendo Communications. The 1700, 1900, and 2800 -series Catalysts came from Grand Junction Networks, and the Catalyst 3000 came from Kalpana in 1994.[1]
In addition, Cisco increasingly offers routers with switching capabilities, and indeed Cisco's 7600 router line and 6500 switch line have interchangeable parts. Even Cisco's smaller routers, including their newest "ISR" series, can have switch modules installed in them - basically making Cisco's smaller switches fully integrated devices.

Cisco Supervisor Engine

The Cisco Supervisor Engine is the heart of many of Cisco's switches. The Supervisor Engine has evolved several times. While it is the management segment of many routers the power of the switch is often much greater than that of the Supervisor Engine because one of features of many switches is that dozens of the functions are accelerated by ASIC.
Abridged list of features:
802.11q VLAN
Spanning Tree Protocol
Ether Channel
Jumbo Frames
(E)IGRP, OSPF, RIP (2), Static Routing
BGP, IS-IS
QOS
Some have Layer 3 & 4 Switching

Details
Supervisor Engine I
68EC040
Chassis: 2900, 2948G, 2980G, 4000, 4500, 5000, 5500, 6000, 6500, 7600
Supervisor Engine II
MIPS R4700
Chassis: 2926, 4000, 4500, 5000, 5500, 6000, 6500, 7600
Supervisor Engine II+
MIPS R4700
Cisco Express Forwarding
Chassis: 2926, 4000, 4500, 5000, 5500, 6000, 6500, 7600
Supervisor Engine III
Cisco Express Forwarding
Max DRAM: 256MB SD
Redundant Capable
Netflow accelerator card
Supervisor Engine IV
Cisco Express Forwarding
Max Flash: 64MB (supplemental Compact Flash optional)
Supervisor Engine V
Cisco Express Forwarding
Chassis: 4500
Supervisor Engine 6
Cisco Express Forwarding
Chassis: 4500 "E" Series
Supervisor Engine 32
Cisco Express Forwarding
Chassis: 6000, 6500
A low cost, reduced version of the 720
Policy Feature Card 3b
MSFC 2A?
Supervisor Engine 720
Cisco Express Forwarding
Policy Feature Card 3A, 3B, 3BXL
Chassis: 6500, 7600
MSFC1-3
Multi-Layer Switch Feature Card

Cisco products

Most Cisco products that run IOS also have one or more "feature sets" or "packages", typically eight packages for Cisco routers and five packages for Cisco network switches. For example, Cisco IOS releases meant for use on Catalyst switches are available as "standard" versions (providing only basic IP routing), "enhanced" versions, which provide full IPv4 routing support, and "advanced IP services" versions, which provide the enhanced features as well as IPv6 support.
Each individual package corresponds to one service category, such as
IP data
Converged voice and data
Security and VPN
For additional information about Cisco IOS Packaging see White Paper: Cisco IOS Reference Guide
The exact feature set required for a particular function can be determined using the Cisco Feature Set Browser.
Beginning with the 1900, 2900 and 3900 series of ISR Routers, Cisco has revised the licensing model of IOS. Routers come with IP Base installed, and additional feature pack licenses can be installed as bolt-on additions to expand the feature set of the device. The available feature packs are:
Data adds features like BFD, IP SLAs, IPX, L2TPv3, Mobile IP, MPLS.
Security adds features like VPN, Firewall, IP SLAs, NAC.
Unified Comms adds features like CallManager Express, Gatekeeper, H.323, IP SLAs, MGCP, SIP, VoIP.
Architecture

In all versions of Cisco IOS, packet routing and forwarding (switching) are distinct functions. Routing and other protocols run as Cisco IOS processes and contribute to the Routing Information Base (RIB). This is processed to generate the final IP forwarding table (FIB, Forwarding Information Base), which is used by the forwarding function of the router. On router platforms with software-only forwarding (e.g., Cisco 7200) most traffic handling, including access control list filtering and forwarding, is done at interrupt level using Cisco Express Forwarding (CEF) or dCEF (Distributed CEF). This means IOS does not have to do a process context switch to forward a packet. Routing functions such as OSPF or BGP run at the process level. In routers with hardware-based forwarding, such as the Cisco 12000 series, IOS computes the FIB in software and loads it into the forwarding hardware (such as an ASIC or network processor), which performs the actual packet forwarding function.
Cisco IOS has a "monolithic" architecture, which means that it runs as a single image and all processes share the same memory space. There is no memory protection between processes, which means that bugs in IOS code can potentially corrupt data used by other processes. It also has a run to completion scheduler, which means that the kernel does not pre-empt a running process — the process must make a kernel call before other processes get a chance to run. For Cisco products that required very high availability, such as the Cisco CRS-1, these limitations were not acceptable. In addition, competitive router operating systems that emerged 10–20 years after IOS, such as Juniper's JUNOS, were designed not to have these limitations.[2] Cisco's response was to develop a new version of Cisco IOS called IOS XR that offered modularity and memory protection between processes, lightweight threads, pre-emptive scheduling and the ability to independently re-start failed processes. IOS XR uses a 3rd party real-time operating system microkernel (QNX), and a large part of the current IOS code was re-written to take advantage of the features offered by the new kernel — a massive undertaking. But the microkernel architecture removes from the kernel all processes that are not absolutely required to run in the kernel, and executes them as processes similar to the application processes. Through this method, IOS XR is able to achieve the high availability desired for the new router platform. Thus IOS and IOS XR are very different codebases, though related in functionality and design. In 2005, Cisco introduced IOS XR on the Cisco 12000 series platform, extending the microkernel architecture from the CRS-1 to Cisco's widely deployed core router.
In 2006, Cisco has made available IOS Software Modularity which extends the QNX microkernel into a more traditional IOS environment, but still providing the software upgrade capabilities that customers are demanding. It is currently available on the Catalyst 6500 enterprise switch.
Security and vulnerabilities

Cisco IOS has proven vulnerable to buffer overflows and other problems that have afflicted other operating systems and applications.
Because the IOS needs to know the cleartext password for certain uses, (e.g., CHAP authentication) passwords entered into the CLI by default are weakly hashed as 'Type 7' hash values, such as "Router(config)#username jdoe password 7 0832585B1910010713181F". This is designed to prevent "shoulder-surfing" attacks when viewing router configurations and is not secure - they are easily decrypted using software called "getpass" available since 1995, although the passwords can be decoded by the router using the "key chain" command and entering the type 7 password as the key, and then issuing a "show key" command; the above example decrypts to "stupidpass".[3] However, the program will not decrypt 'Type 5' passwords or passwords set with the enable secret command, which uses salted MD5 hashes.
Note: Cisco recommends that all Cisco IOS devices implement the authentication, authorization, and accounting (AAA) security model. AAA can use local, RADIUS, and TACACS+ databases. However, a local account is usually still required for emergency situations.

Cisco IOS

Cisco IOS (originally Internetwork Operating System) is the software used on the vast majority of Cisco Systems routers and current Cisco network switches. (Earlier switches ran CatOS.) IOS is a package of routing, switching, internetworking and telecommunications functions tightly integrated with a multitasking operating system.
The IOS CLI provides a fixed set of multiple-word commands — the set available is determined by the "mode" and the privilege level of the current user. "Global configuration mode" provides commands to change the system's configuration, and "interface configuration mode" provides commands to change the configuration of a specific interface. All commands are assigned a privilege level, from 0 to 15, and can only be accessed by users with the necessary privilege. Through the CLI, the commands available to each privilege level can be defined.
Versioning

Cisco IOS is versioned using three numbers and some letters, in the general form a.b(c.d)e, where:
a is the major version number.
b is the minor version number.
c is the release number, which begins at one and increments as new releases in the same a.b train are released.
d (omitted from general releases) is the interim build number.
e (zero, one or two letters) is the release train identifier, such as none (which designates the mainline, see below), T (for Technology), E (for Enterprise), S (for Service provider), XA as a special functionality train, XB as a different special functionality train, etc.

Rebuilds - Often a rebuild is compiled to fix a single specific problem or vulnerability for a given IOS version. For example, 12.1(8)E14 is a Rebuild, the 14 denoting the 14th rebuild of 12.1(8)E. Rebuilds are produced to either quickly repair a defect, or to satisfy customers who do not want to upgrade to a later major revision because they may be running critical infrastructure on their devices, and hence prefer to minimise change and risk.
Interim releases - Are usually produced on a weekly basis, and form a roll-up of current development effort. The Cisco advisory web site may list more than one possible interim to fix an associated issue (the reason for this is unknown to the general public).
Maintenance releases - Rigorously tested releases that are made available and include enhancements and bug fixes. Cisco recommend upgrading to Maintenance releases where possible, over Interim and Rebuild releases.