paulgorman.org

Cisco notes

Help

To get on the Cisco, use ?.

cisco# ?
Exec commands:
  <1-99&ht;        Session number to resume
  access-enable    Create a temporary Access-List entry
  access-profile   Apply user-profile to interface
  access-template  Create a temporary Access-List entry
  archive          manage archive files
...
cisco# show ip ?
  access-lists            List IP access lists
  accounting              The active IP accounting database
  admission               Network Admission Control information
  aliases                 IP alias table
...

Cisco IOS also has tab completion.

Configuration

Ciscos can have multiple configurations. show running-config show the current operational configuration. The running-config may include unsaved changes, which will be lost on the next reboot. View the saved config with show startup-config. To save the running config: copy running-config startup-config. You can also copy the startup-config over the running-config to reverse any unsaved changes.

To make changes or see more sensitive info, enable administrative mode with enable.

To enter configuration mode: config t; leave config mode with exit.

To negate an already configured command, use no, like no access-list 100 to delete access list 100.

Check config changes

Print a diff between the running configuration and the startup config:

show archive config diff [file1] [file2]

The default values for file1 and file2 are the running-config and the startup-config.

Access lists

To monitor allows and denies, add the log option to the access list (like deny ip any any log) and turn on monitoring (for telnet sessions) with terminal monitor. Turn monitoring off with terminal no monitor.

Logging

By default, IOS uses uptime at the timestamp for log entries. To change this to absolute time:

cisco#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
cisco(config)#service timestamps log datetime
cisco(config)#^Z

Look for an IP (or whatever) in the logs (include is like grep):

cisco#show logging | include 207.148.219.114

Setting time against NTP

cisco#show clock
*23:16:36.229 UTC Tue Jan 28 2014
cisco#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
cisco(config)#clock timezone EST -5
cisco(config)#clock summer-time EDT recurring
cisco(config)#^Z
cisco#show clock
*18:22:34.485 EST Tue Jan 28 2014
cisco# conf t
cisco(config)#ntp server 10.0.0.1
cisco(config)#^Z
cisco#show ntp associations

      address         ref clock     st  when  poll reach  delay  offset    disp
*~10.0.0.1         198.60.22.240     2     0    64  377     0.9   -0.07     0.0
 * master (synced), # master (unsynced), + selected, - candidate, ~ configured

© Paul Gorman