सिस्को tips

1. Commands take effect right away.
If you are an experienced Cisco router user, you probably just groaned. However, I find that this concept escapes new users.
As you type commands into the configuration mode, they immediately take effect. For example, if we change the router's name, we see that the very next line contains the new router name:

Router1#config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#hostname MyRouter
MyRouter(config)#^Z
MyRouter#
As you can see, we changed the router's name to MyRouter, which was immediately processed. This concept applies to everything in the router's configuration mode.
2. Use all the descriptions you can.
In the router's configuration, there are certain commands that let you document various portions of a configuration. For example, the interface description command, an access-list remark command, or a banner message. All of these commands stay within the router configuration, which helps greatly when you are trying to configure or troubleshoot a router.
Here's an example of a description on an interface:

! Here is an interface description.
! Document as much about the interface as possible
interface Serial0
description Connection To Irvine: Wan ID [23499]
The available banner messages are the message of the day, or MOTD, login, incoming, and exec. Here is an example of the MOTD banner, which is the first message a person sees when connecting to the device:

MyRouter(config)#banner motd #
Enter TEXT message. End with the character '#'.
Welcome to MyRouter.
Some legalese should go here about unauthorized access.
#
The remark statement in an access-list is a relatively new feature. It first appeared in version 12.0(2)T of the IOS. This handy command allows you to make an entry in your access-list that describes what you are trying to accomplish. The comment can be up to 100 characters in length.

access-list 1 remark Permit our private network through the list
access-list 1 permit 10.1.1.0 0.0.0.255
access-list 1 remark Just deny everything else
access-list 1 deny any
You might be wondering about commenting a configuration with the "!" symbol.
Yes, you can comment a configuration with a "!" as I have done in the above examples. However, these comments do not stay in the router configuration. They are great when you are working on a configuration offline in a text editor. (Where you plan to upload the configuration to a router.)
However, these "!" comments will get lost when you send the configuration to the router because the router ignores them.
3. The reload command can get you out of a jam.
4. No matter how well you plan an upgrade, you are eventually going to need to change a router configuration remotely. If you make a mistake and can no longer get to the router because of the change you made, you have to make the embarrassing call to someone to go "hit the power." The power cycle takes the router back to the original starting configuration because your change was never saved. In other words, since you lost connection, you couldn't type "copy run start" to save your changes.
5. One of the classic mistakes (I know because I have done it myself a number of times) is to incorrectly update an access-list on an interface when you are connected to the device remotely. And suddenly, the Telnet connection is dropped to the router because of a forgotten list entry that would permit your incoming connection.
6. There is another way. When you are doing something tricky, you can use the following feature of the reload command, which causes the router to reboot in a certain number of minutes. For example, let's tell the router to reboot in three minutes.
7.
8. MyRouter#reload in 3
9. Reload scheduled in 3 minutes
10. Proceed with reload? [confirm]y
11. Now, we have three minutes to do what we need to do. Let's say we are applying an access-list to serial0.
12.
13. MyRouter#config terminal
14. Enter configuration commands, one per line. End with CNTL/Z.
15. MyRouter(config)#interface serial0
16. MyRouter(config-if)#ip access-group 110 in
17. MyRouter(config-if)#^Z
18. MyRouter#
19. We made the change and everything still works. (Well, at least our connection wasn't dropped.) Now all we have to do cancel the impending reload with the following command:
20.
21. MyRouter#reload cancel
22. Or, if our access-list update did destroy our connection to the router, all we need to do is wait three minutes (plus the router's reload time) before the router is back online. After the reload, the router uses the original saved configuration before our access-list change.
23. Don't forget to add either an enable password or an enable secret password.
If you are planning to telnet into your router remotely, you need to add an enable password or enable secret password, or the router will not allow you to go to enable mode. Of course, it goes without saying that adding an enable password is always a good thing.

! Enable service password-encryption if it isn't already.
service password-encryption
! Here is our enable password, which is ok
! but not too secure.
enable password 7 141B171F01012325
! Here is our enable secret, much better.
enable secret 5 $1$99Jc$dxVXUkwMM3Edvj7f0SUrL/
Don't forget that "enable secret" overrides the "enable" password. Just be safe and use the enable secret command. The enable secret uses a better encryption method to encode the password.
24. Stopping the router from trying to telnet.
This is often an annoying problem. Mistype a command and the router thinks you just typed a hostname. For example:

MyRouter#shwo
Translating "shwo"...domain server (10.1.1.2)
% Unknown command or computer name, or unable to find computer address
MyRouter#
Here, we just mistyped the word show. We didn't want to telnet to a device named "shwo." The way to handle this is to change the preferred transport method:

! Console port
line con 0
transport preferred none
! VTY Ports
line vty 0 5
transport preferred none
The output shows the lack of a failed connection based on our mistyped keyword:

MyRouter#shwo
^
% Invalid input detected at '^' marker.