Thursday, October 30, 2008

'Useful To Know' Commands

I have created this post to document all those ad hoc commands that can be extremely useful but can also be easily forgotten! Plus its these little tweeks that CCIE labs love to drop into the mix. Over time i hope this grows, and pls let me know if you have any suggestions of your own.

show tcp brief
Shows the status of tcp sessions on the router. Useful for troubleshooting.

ip pim spt-threshold infinity
By default PIM sparse mode will automatically move over to a source tree topology once the source has been discovered via the shared tree. This command can be used to disable this default behaviour.

ip tcp syn-timeout 5
Reduces the time the IOS will wait for a TCP SYN-ACK before timing out and returning control to the command prompt. Can be usefull if you've ever waited around for control to return after a failed telnet session attempt!

configuration mode exclusive auto
Once conf t mode is entered an exclusive lock is applied to prevent other users entering conf t.

ppp reliable-link
ppp reliable link is Cisco's implementation of RFC 1663:PPP Reliable Transmission. It enables negotiation and use Numbered Mode LAPB over a serial link. This effectively ensures retransmissions if packet loss or error is detected.

vlan dot1q tag native
By default a dot1q trunk will leave the native VLAN untagged. Use this command to ensure all VLANs are tagged with a 32 bit header

show ip bgp neighbor {address} inc Flags
Flags: higher precedence, nagle, md5
This command will denote whether BGP encryption is in use with the denoted peer.

logging trap {n}
Used to specify the severity of log messages that generate traps.

transport preferred none
The default ios behaviour when typing an ip address (or anyother name) and hitting enter assumes the user is attempting a start a telnet session. This can be changed! with this command. Once entered the user has to be explicit when trying to start a telnet session i.e. telnet {address}.

ipv6 rip {name} default-nformation originate
ipv6 rip {name} default-information only
The first command, as you might expect, injects a default route. The second command injects a default route and filters all other more specific routes.

show queue {interface}
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: Class-based queueing
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/1/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 772 kilobits/sec

This command shows the amount of available bandwidth left on an interface for allocation via a service policy.

class-map {xxxx}
match not protocol {yyyy}
Allows a class map to match all protocols except the one specified

int {x}
switchport trunk encap dot1q
switchport mode trunk
switchport nonegotiate
This config enables trunking on the specified interface. Even though 'trunking' mode has been specified the port will still issue DTP frames. The 'nonegotiate' ensures DTP frames are not issued. Conversely 'switchport mode dynamic desirable' can be used to enable DTP.

priority x y
When configuring a priority this goes hand in hand with setting the max available bandwidth x. Another option 'y' allows the burst value to be set.

router bgp x
no bgp fast-external-fallover

neighbor {a.b.c.d} timers 10 30
To ensure bgp routes are not immediately withdrawn from the table when a directly connected link to a neighbor drops the above commands can be used. In this instance the link is only declared down once an hello has not been received for 30 seconds.

service timestamps log datetime msec
adds current date and time including the milliseconds to logging messages

ignore lsa mospf
Cisco routers do not support LSA Type 6 MOSPF packets. Use this command to suppress warning messages if they are received.

ip ospf authentication null
Use this command to turn off authentication on an interface. N.B. Do not use no ip ospf authentication!! This will not work.

ip hello-interval eigrp x y
ip hold-time eigrp x z
To adjust the EIGRP timers use the above commands under the interface configuration. IMO it would have been a more congruent design to have had 'ip eigrp hello-interval/hold-time'. Take a look at 'ip ospf hello-interval' for example! But i guess its not my place to reason why, just to make a mental note for when i'm searching for the command and wondering where it has gone:-)

ip multicast rpf backoff x y
Command to alter the frequency of triggered RPF checks. Usefull when there is unstability in the unicast routing table. x = minimum in ms and y = maximum in ms.

line vty 0 4
ipv6 access-class
To apply an ipv6 access-class under the vty interface prefix with ipv6.

ip ftp username ric
ip ftp password cisco

With the commands above the router is configured to use the username "ric" and the password "cisco" for FTP connections.

show ntp ass det configured, authenticated, our_master, sane, valid, stratum 8
Usefull command to determine if the ntp connection is authenticated.

line vty 0 4
rotary 23

Enables the telnet service on port 3023 (in addition to port 23). Honest! i've tried it:-)

show ip port
I stumbled across this one by accident when trying to determine listening sockets on a router (show have use ship ip scoket). This command is fantastic if you want to list the IANA ports and the relevant protocols. Could be very usefull when building acls and class maps.

config-if#ip nbar protocol-discovery
show ip nbar protocol-discovery
Wow. Stumbled across this one on a lab. It keeps a record of all the protocols flowing through a port.

logging rate-limit n
Limit the number of syslog messages to n per second

logging rate-limit n except x
limit the number of syslog messages to n pers second except for those of priority x and higher

line vty 0 4
refuse-message @Try in 5 mins@
Configure a message when the connection is refused e.g. when all lines are busy

1 comment: