Thursday, November 20, 2008

Setting the Clock and Timezone

Given the last tip this one goes without saying. Set it as close to real time as possible and use GMT if you have multiple timezones for devices you manage or use the local timezone otherwise.

Very helpful.

Darby# clock set 1:18:00 November 18 2008
Darby# conf t
Darby# clock timezone EST -5
Darby# clock summer-time EDT recurring

Use show clock to verify.

Display an Interface Config

sh run int f0/0

Now you can do even more:

sh run section router

Erasing an Interface Config

Simple one but that may not be known about or easily forgotten in a pinch:

default interface f0/0

Works great it just wiped all configuration from that interace. Ready to start again. Kinda like Play-Do or Silly Putty but in a Router or Switch.

Setting the Terminal Length of a Router, Switch, or Firewall.

24 lines ain't enough sometimes.

I backup configs a lot before and after I am doing things so... I don't like the page breaks that are arbitrarily assumed.


term length 0 works on a router or switch and pager length 0 works on a PIX/ASA.

The default is 24, so...

"term len 24" sets it back to normal on a router/switch or pager length 24 on a PIX/ASA.

I find that a full screen is about 36 lines... but it may vary based on your screen's resolution.

Filtering the Output of commands

This is cool but gets even cooler once you begin to master regular expressions.

Here's some simple examples:

sh run begin route eigrp

sh run include ip route

sh ip interface brief exclude Down

I also use it alot when I'm hunting down a mac or ip address... Kewl stuff.

You can use regular expressions to get make if more grep-like...

Also remember show run section XXX works great too.

Do Command

This command allows us to "execute" commands while we are in configuration mode.

Darby(config-if) do sh run interface f0/0

We can use aliases and emulate the "Do Command's" functionality as well.

Alias Commands

We can use this command feature to create our own commands.

alias exec s sh ip interface brief
alias configure s sh ip int brief (note this is so the same shortcuts will work in other modes on the device as well).

Only cause I find myself typing do out of context after I've been using it for a while.

Privilege Levels

This is a very useful tool for network management. By default all commands are either privilege level 0 or 15.

You are either poor or rich...

The privilege level command allows us the ability to create a few middle classes....

privilege level <0-15>

Darby(config)# privilege exec level 2 show
Darby(config)# privilege exec level 2 show ip route

line vty 0 15
privilege level 2

Assigns the default privilege level of 2 to vty sessions 0-15 for an example.

username Darby privilege level 2 password Darby

line vty 0 15
login local

Assigns the user Darby with a privilege level of 2 for another example. We also ensure that vty logins use the local database in this case.

Stopping "The Runaway Debug"

Plenty of ways to help solve this issue.

1. undebug all - make an alias for it like this

alias exec u undebug all

2. Use conditional debugging

debug interface f0/0

3. Filter the debug

access-list 1 permit ip

debug ip packet 1

Editing Access-lists

Alway try to document when possible - use descriptions and remarks and names that are self-documenting.

Extended Access-lists permit us to edit the acl by line number.

No Service Configuration

Speaks for itself.

Sometimes you'll find a device that is booting really slow and later find it is trying to boot from tftp somewhere...

Maybe you don't want your device to do this.

This can slow you down a lot. Really. A whole lot.

Hope these tips help you a bit.

Design by Blogger Buster | Distributed by Blogging Tips