Missing (top 10 useful commands not included in the CCNA course)
The CCNA course contains a great many commands for configuring and debugging a wide variety of network protocols and technologies. All the necessary tools are in our hands, but these are far from all the tools with the help of which we can work with network equipment. We have compiled a list of the 10 most useful teams that should have been aware of CCNA , but for some mysterious reasons have disappeared somewhere.
The default console port speed is 9600 bps, and you can change it with the speed command. What for? In case of disasters. First, some routers and switches have non-recoverable flash, and IOS recovery is possible only from monitor mode using the console. Secondly, some useful debugging commands (debug or show tech-support) generate such output volume that the standard speed is not enough. And the more information you collect, the easier and faster you will identify and fix the problem, and the fewer complaints about the lack of communication you receive from management and users.
By the way, there is one more reason to change the speed of the console port - this is foolproof. You will not stop a serious hacker with this, but an intern who suddenly decided to try to change something is completely.
Suppose you have connected another device to the interface, and you need to significantly change the configuration. You can execute all existing commands with the no prefix. Or you can execute the default interface type type from the configuration mode, which will reset the interface settings to the default values, i.e. to an empty configuration. Saving time is obvious, plus you will not forget anything.
')
Surely you had to look at the long show output for something in search of a particular record. Well, if you know where to look. Even better, if this record is there. What to do if you need to make sure that there is no specific command in the configuration? This is where output modifiers come in. So, we enter the command I include a substring and get only those lines from the output of the command that contain the specified substring (case sensitive). Let's say typing show run | include dhcp, we will get all the settings related to DHCP. Simple and convenient. The following modifier is no less useful: the command I section is a substring . In this case, not separate terms will be displayed, but whole sections corresponding to the given substring. For example, typing show run | section router rip, we will see all the current routing settings using RIP.
Have you heard of the password recovery procedure? The problem is that not only you have heard about it, but also the attackers. And if they suddenly get to the equipment, they can thus learn the unencrypted passwords stored in your configuration (service password-encryption does not help in this case, since this encryption has already been cracked). In this case, the configuration command no service password-recovery command is useful, which prohibits password recovery while preserving the configuration (that is, when the password is restored, the configuration will be deleted). It is worth considering one thing: a backup copy of the configuration will now have to be stored somewhere else, from where it can also be safely stolen. So it is still better to hang on the server large granary lock.
The show interfaces command provides extensive statistics on a wide variety of packet types. What if you are not interested in general, but instant statistics? In this case, it is worth running the clear counters privileged mode command, which will reset all packet counters to zero. Now you will immediately see which packets are passing through the interface at the moment, and which ones are safely missing. Interestingly, this command is present in the output of the show interfaces command, but despite this, it is never mentioned in the course text.
Is your router suffering from high CPU usage? Most likely, he has to pass through the CPU a significant proportion of packets. To check if this is the case, use the show interfaces stats command, which shows the number of packets used by each of the available switching methods for each interface in each direction. At the same time and localize the problem.
The copy startup-running-config command is pretty cunning. The fact is that it does not replace the current configuration, but only executes all the commands recorded in the startup-config. And this is not the same! For example, the shutdown command was executed on the interface, and the interface was turned on in the starting configuration — copying the configuration in this case would result in the interface being still administratively down, since no shutdown command was issued (because not saved in configuration). To avoid wasting time on rebooting and not catching fleas manually, you should run configure privilege nvram: startup-config in privileged mode, which will lead to fair copying with full replacement of current settings.
Did you have to painfully search for the port into which a particular node is stuck in a large switched network, sorting through all the MAC tables? If so, meet with an ovation the traceroute mac command MAC_address_resource MAC_address_resource , which performs tracing at the second level of the OSI model. The only "but" - for the operation of this service requires the inclusion of CDP.
The main commandment when setting up remote equipment - do not turn off yourself. Otherwise, you have to grab a laptop and urgently run somewhere. Well, if the server around the corner, and if it was a branch in another city, where their own administrators are missing? You have to talk for a long time on the phone with a cleaner, explain to her what to insert where and by what end, it is painful to ask what she sees, to dictate by letter what to dial ... And then you should arrange the trip all the same to correct the consequences of such repairs.
Rejoice, because there is a privileged mode command reload in time , which will reboot the device after a specified period of time. If you disable yourself, then after the expiration of the timer will restart with the restoration of the original configuration. And you can try again. And if everything went well, then using the reload cancel command, you will cancel the impending reboot.
We give an unconditional victory to the auto configure command, after the introduction of which absolutely all the settings that are necessary in your particular situation are automatically performed. Moreover, if the company's policy changes, the settings will also be changed, and without the need for any action on your part. One problem - they forgot to include this command not only in the CCNA course , but also in the IOS itself.
Number 10
The default console port speed is 9600 bps, and you can change it with the speed command. What for? In case of disasters. First, some routers and switches have non-recoverable flash, and IOS recovery is possible only from monitor mode using the console. Secondly, some useful debugging commands (debug or show tech-support) generate such output volume that the standard speed is not enough. And the more information you collect, the easier and faster you will identify and fix the problem, and the fewer complaints about the lack of communication you receive from management and users.
By the way, there is one more reason to change the speed of the console port - this is foolproof. You will not stop a serious hacker with this, but an intern who suddenly decided to try to change something is completely.
Number 9
Suppose you have connected another device to the interface, and you need to significantly change the configuration. You can execute all existing commands with the no prefix. Or you can execute the default interface type type from the configuration mode, which will reset the interface settings to the default values, i.e. to an empty configuration. Saving time is obvious, plus you will not forget anything.
')
№ 8
Surely you had to look at the long show output for something in search of a particular record. Well, if you know where to look. Even better, if this record is there. What to do if you need to make sure that there is no specific command in the configuration? This is where output modifiers come in. So, we enter the command I include a substring and get only those lines from the output of the command that contain the specified substring (case sensitive). Let's say typing show run | include dhcp, we will get all the settings related to DHCP. Simple and convenient. The following modifier is no less useful: the command I section is a substring . In this case, not separate terms will be displayed, but whole sections corresponding to the given substring. For example, typing show run | section router rip, we will see all the current routing settings using RIP.
№ 7
Have you heard of the password recovery procedure? The problem is that not only you have heard about it, but also the attackers. And if they suddenly get to the equipment, they can thus learn the unencrypted passwords stored in your configuration (service password-encryption does not help in this case, since this encryption has already been cracked). In this case, the configuration command no service password-recovery command is useful, which prohibits password recovery while preserving the configuration (that is, when the password is restored, the configuration will be deleted). It is worth considering one thing: a backup copy of the configuration will now have to be stored somewhere else, from where it can also be safely stolen. So it is still better to hang on the server large granary lock.
№ 6
The show interfaces command provides extensive statistics on a wide variety of packet types. What if you are not interested in general, but instant statistics? In this case, it is worth running the clear counters privileged mode command, which will reset all packet counters to zero. Now you will immediately see which packets are passing through the interface at the moment, and which ones are safely missing. Interestingly, this command is present in the output of the show interfaces command, but despite this, it is never mentioned in the course text.
№ 5
Is your router suffering from high CPU usage? Most likely, he has to pass through the CPU a significant proportion of packets. To check if this is the case, use the show interfaces stats command, which shows the number of packets used by each of the available switching methods for each interface in each direction. At the same time and localize the problem.
№ 4
The copy startup-running-config command is pretty cunning. The fact is that it does not replace the current configuration, but only executes all the commands recorded in the startup-config. And this is not the same! For example, the shutdown command was executed on the interface, and the interface was turned on in the starting configuration — copying the configuration in this case would result in the interface being still administratively down, since no shutdown command was issued (because not saved in configuration). To avoid wasting time on rebooting and not catching fleas manually, you should run configure privilege nvram: startup-config in privileged mode, which will lead to fair copying with full replacement of current settings.
Number 3
Did you have to painfully search for the port into which a particular node is stuck in a large switched network, sorting through all the MAC tables? If so, meet with an ovation the traceroute mac command MAC_address_resource MAC_address_resource , which performs tracing at the second level of the OSI model. The only "but" - for the operation of this service requires the inclusion of CDP.
№ 2
The main commandment when setting up remote equipment - do not turn off yourself. Otherwise, you have to grab a laptop and urgently run somewhere. Well, if the server around the corner, and if it was a branch in another city, where their own administrators are missing? You have to talk for a long time on the phone with a cleaner, explain to her what to insert where and by what end, it is painful to ask what she sees, to dictate by letter what to dial ... And then you should arrange the trip all the same to correct the consequences of such repairs.
Rejoice, because there is a privileged mode command reload in time , which will reboot the device after a specified period of time. If you disable yourself, then after the expiration of the timer will restart with the restoration of the original configuration. And you can try again. And if everything went well, then using the reload cancel command, you will cancel the impending reboot.
№ 1
We give an unconditional victory to the auto configure command, after the introduction of which absolutely all the settings that are necessary in your particular situation are automatically performed. Moreover, if the company's policy changes, the settings will also be changed, and without the need for any action on your part. One problem - they forgot to include this command not only in the CCNA course , but also in the IOS itself.
Source: https://habr.com/ru/post/129542/
All Articles