|
ROUTER TIPS
In hopes of making the list smaller
and more useful, I decided to list ten
tips that discuss situations I have
encountered either through my own
experience or that were sparked by other
people's questions. Some of these hints
are simple while others a little more
advanced. Whether you are a novice or an
expert, I hope you will find them
useful.
Commands take effect right away.
If you are an experienced Cisco
router user, you probably just groaned.
However, I find that this concept
escapes new users. As you type commands into the
configuration mode, they immediately
take effect. For example, if we change
the router's name, we see that the very
next line contains the new router name:
Router1#config terminal
Enter configuration commands, one per
line. End with CNTL/Z.
Router1(config)#hostname MyRouter
MyRouter(config)#^Z
MyRouter#
As you can see, we changed the
router's name to MyRouter, which was
immediately processed. This concept
applies to everything in the router's
configuration mode.
Use all the descriptions you can.
In the router's configuration, there
are certain commands that let you
document various portions of a
configuration. For example, the
interface description command, an
access-list remark command, or a banner
message. All of these commands stay
within the router configuration, which
helps greatly when you are trying to
configure or troubleshoot a router.
Here's an example of a description on
an interface:
! Here is an interface description.
! Document as much about the interface
as possible
interface Serial0
description Connection To Irvine: Wan ID
[23499]
The available banner messages are the
message of the day, or MOTD, login,
incoming, and exec. Consult the
documentation or Cisco IOS in a Nutshell
for a description of each. Here is an
example of the MOTD banner, which is the
first message a person sees when
connecting to the device:
MyRouter(config)#banner motd #
Enter TEXT message. End with the
character '#'.
Welcome to MyRouter.
Some legalese should go here about
unauthorized access.
#
The remark statement in an
access-list is a relatively new feature.
It first appeared in version 12.0(2)T of
the IOS. This handy command allows you
to make an entry in your access-list
that describes what you are trying to
accomplish. The comment can be up to 100
characters in length. statements work
for both numbered and named
access-lists.
access-list 1 remark Permit our
private network through the list
access-list 1 permit 10.1.1.0 0.0.0.255
access-list 1 remark Just deny
everything else
access-list 1 deny any
You might be wondering about commenting
a configuration with the "!" symbol.
Yes, you can comment a configuration
with a "!" as I have done in the above
examples. However, these comments do not
stay in the router configuration. They
are great when you are working on a
configuration offline in a text editor.
(Where you plan to upload the
configuration to a router.)
However, these "!" comments will get
lost when you send the configuration to
the router because the router ignores
them.
The reload command can get you out of
a jam.
Related Reading
Cisco IOS in a Nutshell
By James Boney
December 2001
Table of Contents
Index
Sample Excerpt
Full Description
No matter how well you plan an
upgrade, you are eventually going to
need to change a router configuration
remotely. If you make a mistake and can
no longer get to the router because of
the change you made, you have to make
the embarrassing call to someone to go
"hit the power." The power cycle takes
the router back to the original starting
configuration because your change was
never saved. In other words, since you
lost connection, you couldn't type "copy
run start" to save your changes.
One of the classic mistakes (I know
because I have done it myself a number
of times) is to incorrectly update an
access-list on an interface when you are
connected to the device remotely. And
suddenly, the Telnet connection is
dropped to the router because of a
forgotten list entry that would permit
your incoming connection.
There is another way. When you are
doing something tricky, you can use the
following feature of the reload command,
which causes the router to reboot in a
certain number of minutes. For example,
let's tell the router to reboot in three
minutes.
MyRouter#reload in 3
Reload scheduled in 3 minutes
Proceed with reload? [confirm]y
Now, we have three minutes to do what
we need to do. Let's say we are applying
an access-list to serial0.
MyRouter#config terminal
Enter configuration commands, one per
line. End with CNTL/Z.
MyRouter(config)#interface serial0
MyRouter(config-if)#ip access-group 110
in
MyRouter(config-if)#^Z
MyRouter#
We made the change and everything
still works. (Well, at least our
connection wasn't dropped.) Now all we
have to do cancel the impending reload
with the following command:
MyRouter#reload cancel
Or, if our access-list update did
destroy our connection to the router,
all we need to do is wait three minutes
(plus the router's reload time) before
the router is back online. After the
reload, the router uses the original
saved configuration before our
access-list change.
Don't forget to add either an enable
password or an enable secret password.
If you are planning to telnet into
your router remotely, you need to add an
enable password or enable secret
password, or the router will not allow
you to go to enable mode. Of course, it
goes without saying that adding an
enable password is always a good thing.
! Enable service password-encryption
if it isn't already.
service password-encryption
! Here is our enable password, which is
ok
! but not too secure.
enable password 7 141B171F01012325
! Here is our enable secret, much
better.
enable secret 5
$1$99Jc$dxVXUkwMM3Edvj7f0SUrL/
Don't forget that "enable secret"
overrides the "enable" password. Just be
safe and use the enable secret command.
The enable secret uses a better
encryption method to encode the
password.
Stopping the router from trying to
telnet.
This is often an annoying problem.
Mistype a command and the router thinks
you just typed a hostname. For example:
MyRouter#shwo
Translating "shwo"...domain server
(10.1.1.2)
% Unknown command or computer name, or
unable to find computer address
MyRouter#
Here, we just mistyped the word show.
We didn't want to telnet to a device
named "shwo." The way to handle this is
to change the preferred transport
method:
! Console port
line con 0
transport preferred none
! VTY Ports
line vty 0 5
transport preferred none
The output shows the lack of a failed
connection based on our mistyped
keyword:
MyRouter#shwo
^
% Invalid input detected at '^' marker.
http://www.justvb.net/it/ |