<?php include('HEADER.php'); ?>

<h1>Cisco notes</h1>

<h2>Help</h2>

<p>To get on the Cisco, use <code>?</code>.</p>

<pre>cisco# ?
Exec commands:
  &lt;1-99&ht;        Session number to resume
  access-enable    Create a temporary Access-List entry
  access-profile   Apply user-profile to interface
  access-template  Create a temporary Access-List entry
  archive          manage archive files
...
cisco# show ip ?
  access-lists            List IP access lists
  accounting              The active IP accounting database
  admission               Network Admission Control information
  aliases                 IP alias table
...
</pre>

<p>Cisco IOS also has <b>tab completion</b>.</p>

<h2>Configuration</h2>

<p>Ciscos can have multiple configurations. <code>show running-config</code> show the current operational configuration. The running-config may include unsaved changes, which will be lost on the next reboot. View the saved config with <code>show startup-config</code>. To save the running config: <code>copy running-config startup-config</code>. You can also copy the startup-config over the running-config to reverse any unsaved changes.</p>

<p>To make changes or see more sensitive info, enable administrative mode with <code>enable</code>.</p>

<p>To enter configuration mode: <code>config t</code>; leave config mode with <code>exit</code>.</p>

<p>To negate an already configured command, use <code>no</code>, like <code>no access-list 100</code> to delete access list 100.</p>

<h3>Check config changes</h3>

<p>Print a diff between the running configuration and the startup config:</p>

<pre>show archive config diff [file1] [file2]</pre>

<p>The default values for file1 and file2 are the running-config and the startup-config.</p>

<h2>Access lists</h2>

<p>To monitor allows and denies, add the <code>log</code> option to the access list (like <code>deny ip any any log</code>) and turn on monitoring (for telnet sessions) with <code>terminal monitor</code>. Turn monitoring off with <code>terminal no monitor</code>.</p>

<h2>Logging</h2>

<p>By default, IOS uses uptime at the timestamp for log entries. To change this to absolute time:</p>

<pre>cisco#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
cisco(config)#service timestamps log datetime
cisco(config)#^Z</pre>

<p>Look for an IP (or whatever) in the logs (<code>include</code> is like grep):</p>

<pre>cisco#show logging | include 207.148.219.114</pre>

<h2>Setting time against NTP</h2>

<pre>cisco#show clock
*23:16:36.229 UTC Tue Jan 28 2014
cisco#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
cisco(config)#clock timezone EST -5
cisco(config)#clock summer-time EDT recurring
cisco(config)#^Z
cisco#show clock
*18:22:34.485 EST Tue Jan 28 2014
cisco# conf t
cisco(config)#ntp server 10.0.0.1
cisco(config)#^Z
cisco#show ntp associations

      address         ref clock     st  when  poll reach  delay  offset    disp
*~10.0.0.1         198.60.22.240     2     0    64  377     0.9   -0.07     0.0
 * master (synced), # master (unsynced), + selected, - candidate, ~ configured</pre>

<?php include('../FOOTER.php'); ?>
