WEBVTT 1 00:00:00.120 --> 00:00:04.160 Welcome back to the deep dive. Today, we're really getting 2 00:00:04.160 --> 00:00:07.599 our hands dirty, jumping into the practical world of Cisco 3 00:00:07.759 --> 00:00:08.839 CCNA commands. 4 00:00:08.960 --> 00:00:09.839 Yeah, exactly. 5 00:00:10.000 --> 00:00:13.000 Imagine you're setting up a network from scratch, maybe for 6 00:00:13.080 --> 00:00:16.480 a new office, a growing startup. Where do you even begin? 7 00:00:16.920 --> 00:00:17.160 Right? 8 00:00:17.440 --> 00:00:19.559 Our mission for you today is basically to pull out 9 00:00:19.600 --> 00:00:23.359 the absolute must know bits, give you a kind of shortcut, 10 00:00:23.600 --> 00:00:26.199 you know, so you feel ready to connect some dots. 11 00:00:26.320 --> 00:00:28.280 And what's really valuable here, I think, is that this 12 00:00:28.399 --> 00:00:32.240 guide we're looking at focuses on the commands you actually need. Beginner, 13 00:00:32.320 --> 00:00:36.920 intermediate level CCNA stuff, practical stuff exactly, stuff you can 14 00:00:37.000 --> 00:00:39.320 use on real gear or in the simulation labs for 15 00:00:39.320 --> 00:00:40.759 the exam. It's all about application. 16 00:00:41.039 --> 00:00:43.520 Okay, So first things first, before any configuration, you got 17 00:00:43.600 --> 00:00:44.399 to connect things right. 18 00:00:44.759 --> 00:00:46.520 Cabling the physical layer yep. 19 00:00:46.640 --> 00:00:49.679 Sounds basic maybe, but here's where it gets interesting, Like 20 00:00:50.320 --> 00:00:54.200 choosing the wrong cable that can completely sink your network 21 00:00:54.280 --> 00:00:55.679 before you type a single command. 22 00:00:55.679 --> 00:00:58.560 Oh absolutely, I've seen it happen. Hours wasted me too. 23 00:00:59.119 --> 00:01:03.119 I remember, spending age is troubleshooting once only to find YEP, 24 00:01:03.640 --> 00:01:07.079 crossover cable where a straight through should have been. Total 25 00:01:07.120 --> 00:01:09.640 face palm moment happens to the best of us. So 26 00:01:09.719 --> 00:01:13.680 the guide really stresses mastering this. Know you're streight through 27 00:01:13.799 --> 00:01:16.519 your crossover, your rollover cables. 28 00:01:16.159 --> 00:01:19.239 And the pinouts are key. It's the wiring inside, which 29 00:01:19.280 --> 00:01:23.079 pin connects to which get that wrong? No data flow, 30 00:01:23.799 --> 00:01:24.359 simple as that. 31 00:01:24.480 --> 00:01:26.280 And once it's plugged in, you need to check the 32 00:01:26.319 --> 00:01:28.439 config on the actual computers. 33 00:01:28.079 --> 00:01:30.040 Right, yeah, on the end devices, So like if you 34 00:01:30.079 --> 00:01:31.640 can FIG on Linux or Mac. 35 00:01:31.599 --> 00:01:34.319 Or IP can fig if you're on Windows, Windows two 36 00:01:34.359 --> 00:01:35.000 thousand and up. 37 00:01:35.040 --> 00:01:38.239 Basically, and this whole cabling thing, getting it right, it 38 00:01:38.280 --> 00:01:40.519 really sets the stage, doesn't it. Make sure you're not 39 00:01:40.640 --> 00:01:44.159 chasing hardware ghosts when the problem is actually software exactly. 40 00:01:44.200 --> 00:01:47.239 You don't want to be troubleshooting routing protocols. If the 41 00:01:47.239 --> 00:01:47.799 cable's just. 42 00:01:47.719 --> 00:01:49.719 Wrong, you're trying to drive a car with no wheels. 43 00:01:49.799 --> 00:01:54.079 Essentially, good analogy. Okay, so physically connected, now they need addresses. 44 00:01:54.120 --> 00:01:56.719 They need to speak the language of IP. Right, let's 45 00:01:56.719 --> 00:01:59.760 talk IP subnetting. Sounds a bit scary, maybe you can 46 00:01:59.799 --> 00:02:01.879 see in that way, but we'll break it down. Think 47 00:02:01.879 --> 00:02:04.760 about those IP address classes ABC. 48 00:02:04.719 --> 00:02:07.319 Mainly, Yeah, they're like different sizes of networks right. 49 00:02:07.719 --> 00:02:10.159 So Class A starts with a zero first number is 50 00:02:10.280 --> 00:02:12.960 zero to one twenty seven. That's your massive network like 51 00:02:12.960 --> 00:02:15.879 an ocean liner holds millions of devices. 52 00:02:15.560 --> 00:02:17.159 Huge organizations ISPs. 53 00:02:17.159 --> 00:02:19.759 Maybe Class B starts one zero numbers one twenty eight 54 00:02:19.800 --> 00:02:21.639 to one ninety one. That's maybe more like a large 55 00:02:21.639 --> 00:02:24.639 cargo ship medium to large businesses makes sense. And Class 56 00:02:24.680 --> 00:02:26.960 C starts one one zero numbers one ninety two to 57 00:02:27.000 --> 00:02:29.439 two twenty three. That's your small fishing boat home networks 58 00:02:29.479 --> 00:02:32.479 small offices holds a couple hundred addresses. 59 00:02:32.039 --> 00:02:33.680 Perfect for most smaller setups. 60 00:02:33.719 --> 00:02:36.520 Then you have Class D for multicasting like video streams 61 00:02:36.520 --> 00:02:37.639 to many people at once. 62 00:02:37.479 --> 00:02:39.759 Two hundred and twenty four to two thirty nine range. 63 00:02:39.479 --> 00:02:43.080 And Class E, which is reserved experimental stuff two forty. 64 00:02:42.840 --> 00:02:45.319 In up right, And the guide shows how computer see 65 00:02:45.319 --> 00:02:47.159 these numbers converting decimal to binary. 66 00:02:47.240 --> 00:02:49.159 Yeah, like one ninety two becomes one hundred and one 67 00:02:49.199 --> 00:02:51.759 hundred thousand, or two twenty four is eleven hundred and 68 00:02:51.759 --> 00:02:52.360 fetter thousand. 69 00:02:52.439 --> 00:02:54.879 So that familiar private IP one ninety two point one 70 00:02:54.960 --> 00:02:56.840 sixty eight point two five four point twenty five four 71 00:02:56.960 --> 00:02:58.719 The router sees it as a one one hundred zero 72 00:02:58.840 --> 00:03:01.240 zero zero zero one zero one one zero zero point 73 00:03:01.240 --> 00:03:03.439 one one one on a narrow point one one one 74 00:03:03.479 --> 00:03:05.800 one one one point one one one one one one 75 00:03:05.800 --> 00:03:06.680 one one binary. 76 00:03:06.759 --> 00:03:08.240 Okay, So how does the router use that? 77 00:03:09.120 --> 00:03:12.400 That's where binary ending comes in. It sounds technical, but 78 00:03:12.479 --> 00:03:15.879 it's fundamental. It's how devices figure out the network part 79 00:03:15.919 --> 00:03:17.400 of an address versus the host part. 80 00:03:17.680 --> 00:03:21.039 Like separating the street name from the house number exactly. 81 00:03:21.319 --> 00:03:24.080 It uses the IP address and the subnet mask. Think 82 00:03:24.120 --> 00:03:25.879 of it like a filter. Only where both the IP 83 00:03:26.120 --> 00:03:28.280 and the mask have a one bit, does a one 84 00:03:28.319 --> 00:03:29.199 come through in the result. 85 00:03:29.360 --> 00:03:29.639 Okay? 86 00:03:29.840 --> 00:03:32.360 The logic is simple zero no zero one and no 87 00:03:32.560 --> 00:03:34.400 zero zero one is a one bit only one on 88 00:03:34.479 --> 00:03:36.439 one gives you one, got it? So take that one 89 00:03:36.560 --> 00:03:38.879 ninety two point one sixty eight point two five four 90 00:03:38.919 --> 00:03:41.439 point two five four Again. If your mask is two 91 00:03:41.520 --> 00:03:43.800 five five point two five five point zero point zero, 92 00:03:44.120 --> 00:03:46.000 which is all ones in the first two oct it's 93 00:03:46.479 --> 00:03:49.400 when you endy them together binary style. Get one ninety 94 00:03:49.439 --> 00:03:52.319 two point one sixty eight point zero zero. That's the 95 00:03:52.400 --> 00:03:55.439 network number. That's how your device knows if another IP 96 00:03:55.599 --> 00:03:57.680 is on the same local network or somewhere else. Right. 97 00:03:57.759 --> 00:04:01.439 Okay, that makes sense. So wired up addresses understood. Now, 98 00:04:01.479 --> 00:04:04.520 how do we talk to these Cisco devices, routers, switches. 99 00:04:04.719 --> 00:04:06.879 That's the command line interface, the CLI, your. 100 00:04:06.759 --> 00:04:10.080 Direct line in no fancy graphics, just task commands. 101 00:04:10.199 --> 00:04:12.240 Pretty much. It's the primary way you can figure and 102 00:04:12.319 --> 00:04:13.280 manage Cisco gear. 103 00:04:13.360 --> 00:04:15.280 And there are shortcuts right right to save. 104 00:04:15.159 --> 00:04:18.600 Typing Oh yeah, tons of them, big time savers like 105 00:04:18.839 --> 00:04:22.639 typing COF then hitting the TB key It autocompletes to 106 00:04:22.680 --> 00:04:26.480 configure terminal nice or just for able to get into 107 00:04:26.519 --> 00:04:27.199 privilege mode. 108 00:04:27.959 --> 00:04:29.879 Very handy, but you still need to know the full 109 00:04:29.920 --> 00:04:31.879 command for exams usually. 110 00:04:31.879 --> 00:04:35.199 Definitely good point. The shortcuts are for efficiency on the job. 111 00:04:35.439 --> 00:04:37.639 And what if you forget a command or aren't sure 112 00:04:37.680 --> 00:04:38.839 what options are available? 113 00:04:39.040 --> 00:04:42.319 The question mark your best friend on the CLI? Yeah yep. 114 00:04:42.800 --> 00:04:45.800 Just type bought on its own shows you all commands 115 00:04:45.839 --> 00:04:49.480 in that mode. Type C or N shows commands starting 116 00:04:49.600 --> 00:04:53.639 C or N or type of command like clock, then 117 00:04:53.680 --> 00:04:56.560 a space then and it shows you what words or 118 00:04:56.600 --> 00:04:59.879 parameters can come next. Super helpful, like a built in. 119 00:05:00.720 --> 00:05:03.680 What about the setup mode? The guide mentions is that useful? 120 00:05:04.839 --> 00:05:07.360 Not really for most people. It kicks in automatically if 121 00:05:07.399 --> 00:05:09.360 a device has zero configuration. 122 00:05:09.079 --> 00:05:11.360 Like brand new out of the box exactly, or you. 123 00:05:11.399 --> 00:05:13.959 Can type set up. It's like a basic wizard, ask 124 00:05:14.040 --> 00:05:15.879 you questions, but it's very limited. 125 00:05:15.959 --> 00:05:16.720 Can't do much with it. 126 00:05:17.079 --> 00:05:22.160 Nope, basic IP stuff maybe a password, no ACLS, no NAT. 127 00:05:23.439 --> 00:05:27.680 Serious configuration requires the CLI. Most engineers skip. 128 00:05:27.519 --> 00:05:30.040 It, gotcha, stick to the CLI definitely. 129 00:05:30.399 --> 00:05:33.079 And speaking of the CLI, there are even more shortcuts, 130 00:05:33.120 --> 00:05:37.360 like keyboard shortcuts that really boost productivity. Oh like what well, 131 00:05:37.480 --> 00:05:40.480 Ctrl plus z is amazing, jumpt you right back to 132 00:05:40.519 --> 00:05:43.639 privileged mode from anywhere, and configu mode saves typing end 133 00:05:43.800 --> 00:05:46.839 or exit multiple times. Oh I like that. Ctrl plus 134 00:05:47.079 --> 00:05:49.959 F moves forward a character, ec plus b moves back 135 00:05:50.000 --> 00:05:52.680 a whole word. Ctrl plus e takes you to the 136 00:05:52.759 --> 00:05:53.680 end of the line you're typing. 137 00:05:53.800 --> 00:05:55.480 Handy for fixing typos totally. 138 00:05:55.720 --> 00:05:59.120 And then there's command history. Ctrl plus P recalls previous 139 00:05:59.120 --> 00:06:01.800 commands ctr we'll plug and recalls newer ones if you 140 00:06:01.879 --> 00:06:02.399 went back too. 141 00:06:02.360 --> 00:06:04.959 Far, so you don't have to retype everything exactly. 142 00:06:05.199 --> 00:06:07.519 And you can even control how many commands get remembered 143 00:06:08.079 --> 00:06:10.639 with terminal history size. And then a number. Default is 144 00:06:10.680 --> 00:06:12.519 often just ten, but you can bump it up maybe 145 00:06:12.560 --> 00:06:15.000 to fifty or one hundred max is two fifty six? 146 00:06:15.240 --> 00:06:16.519 Why not? I always set it to max. 147 00:06:16.800 --> 00:06:19.399 It uses a bit of router memory, probably not noticeable 148 00:06:19.439 --> 00:06:22.319 on modern gear, but something to be aware of. There's 149 00:06:22.319 --> 00:06:24.319 always a trade off. You can reset it with no 150 00:06:24.519 --> 00:06:26.279 terminal history size. Okay. Cool. 151 00:06:26.399 --> 00:06:28.279 Now, once you're configuring things, you need to see what's 152 00:06:28.279 --> 00:06:29.000 going on right. 153 00:06:29.399 --> 00:06:31.879 Verify stuff absolutely. That's where the show commands come in. 154 00:06:32.000 --> 00:06:36.279 They are indispensable your eyes and ears inside the device. 155 00:06:37.199 --> 00:06:39.759 So if something's broken, where do you start? What are 156 00:06:39.800 --> 00:06:40.839 the key show commands? 157 00:06:41.040 --> 00:06:44.600 Great question, It's less about memorizing a list and more 158 00:06:44.639 --> 00:06:47.480 about thinking what do I need to check? I tend 159 00:06:47.519 --> 00:06:52.040 to group them. Okay. First, basic connectivity and interfaces. Show 160 00:06:52.120 --> 00:06:54.800 interfaces status gives you a quick look at all ports 161 00:06:54.839 --> 00:06:58.199 of they up, down, connected, show interface fast Internet oh 162 00:06:58.240 --> 00:07:00.360 one or whatever. It gives you detailed staff for that 163 00:07:00.480 --> 00:07:02.439 specific port, error speed. 164 00:07:02.279 --> 00:07:04.079 Duplex all right, checking the physical connection. 165 00:07:04.439 --> 00:07:07.839 Then ipaddressing DOT show interface brief is fantastic, quick summary 166 00:07:07.879 --> 00:07:11.399 dot interface, IP address is that up status protocol dot 167 00:07:12.160 --> 00:07:15.399 super useful, And show ARP shows the mapping between IP 168 00:07:15.519 --> 00:07:18.759 addresses and MC addresses the device has learned. Crucial for 169 00:07:18.879 --> 00:07:20.759 Layer two troubleshooting makes sense. 170 00:07:21.079 --> 00:07:22.639 What about the actual configuration. 171 00:07:23.000 --> 00:07:25.279 That's where show running config comes in. Shows you the 172 00:07:25.360 --> 00:07:27.879 active configuration what the device is using right now from 173 00:07:27.959 --> 00:07:31.639 ramp absolutely vibe and you compare that to show startup 174 00:07:31.639 --> 00:07:34.160 canfig that's the config saved and NVRMP the one the 175 00:07:34.240 --> 00:07:36.879 loads on boot. If they're different, you know you haven't 176 00:07:36.920 --> 00:07:40.279 saved your changes. Ah, the classic mistake happens all the time. 177 00:07:40.800 --> 00:07:44.279 Then for routing, show ip rout that's your routing table. 178 00:07:44.800 --> 00:07:47.160 How does this router know how to reach different networks? 179 00:07:47.600 --> 00:07:49.920 It's all in there. And show protocols tells you about 180 00:07:49.920 --> 00:07:51.279 the Layer three protocols. 181 00:07:50.879 --> 00:07:52.680 Configured, got it any others? 182 00:07:52.800 --> 00:07:55.959 Show version is good for checking the iOS software version, uptime, 183 00:07:56.040 --> 00:07:59.920 hardware info. Show history dumps your command history buffer. Show 184 00:08:00.120 --> 00:08:03.040 flash shows you the flash memory contents, Show clock for 185 00:08:03.120 --> 00:08:05.959 the time, Show hosts for any local host named it 186 00:08:06.279 --> 00:08:07.240 mappings you've set up. 187 00:08:07.319 --> 00:08:10.399 Wow. Okay, so show commands are really your window into 188 00:08:10.439 --> 00:08:10.879 the device. 189 00:08:11.040 --> 00:08:14.560 Absolutely you live and breathe Show commands when managing Cisco gear. 190 00:08:14.600 --> 00:08:17.720 Okay, let's zoom in on router. Specifically, they're the traffic 191 00:08:17.800 --> 00:08:20.560 cops directing packets between. 192 00:08:20.319 --> 00:08:21.639 Networks, directing the traffic. 193 00:08:21.720 --> 00:08:24.920 Yeah, and configuring them means understanding those different modes you 194 00:08:24.959 --> 00:08:25.600 mentioned earlier. 195 00:08:25.759 --> 00:08:29.399 Right, you start in user mode usually just router prelimited. 196 00:08:29.519 --> 00:08:33.720 Then enable gets you to privileged mode rater hashtag. Here 197 00:08:33.840 --> 00:08:37.639 you can run show commands, debugs, save can figs, but 198 00:08:38.159 --> 00:08:42.000 still can't make changes. For changes, you need configure terminal 199 00:08:42.240 --> 00:08:45.120 or can fig for short. That takes you into global 200 00:08:45.200 --> 00:08:48.840 configuration mode router can fig hashtag. This is where the 201 00:08:48.879 --> 00:08:51.440 real work happens, and from there you can go deeper. YEP, 202 00:08:51.919 --> 00:08:54.879 interface faster at a zero zero takes you to interface 203 00:08:54.960 --> 00:08:59.039 mode router configure hashtag or router ospe f one takes 204 00:08:59.080 --> 00:09:03.240 you to router configure mode reader figure outer hashtag. There 205 00:09:03.279 --> 00:09:06.279 are also modes for lines, can fig line the sub interfaces, 206 00:09:06.360 --> 00:09:07.919 config soubif key thing. 207 00:09:07.960 --> 00:09:10.360 Is different commands work in different modes. 208 00:09:10.200 --> 00:09:12.519 Exactly, And first thing you usually do in global config 209 00:09:12.799 --> 00:09:13.480 get the writer or a. 210 00:09:13.559 --> 00:09:15.840 Name post name R one or whatever post name name Yeah. 211 00:09:15.879 --> 00:09:17.960 Yeah. Good practice for identification. 212 00:09:17.480 --> 00:09:21.279 And security is paramount right passwords, oh absolute foundational. 213 00:09:21.559 --> 00:09:24.120 You've got two main enabled passwords. 214 00:09:23.679 --> 00:09:25.159 The ones to get into privileged mode. 215 00:09:25.440 --> 00:09:28.440 Right enable password password is the old way stores in 216 00:09:28.600 --> 00:09:32.320 plaintext and the config bad idea to so avoid that one, yes, 217 00:09:32.799 --> 00:09:35.799 always use enable secret password. This one uses stronger encryption 218 00:09:36.000 --> 00:09:39.000 MT five hashing usually much more secure, and if you 219 00:09:39.039 --> 00:09:42.759 can figure both the enabled secret wins, it always overrides 220 00:09:42.799 --> 00:09:43.639 the enabled password. 221 00:09:43.759 --> 00:09:46.799 Good to know. What about passwords for actually logging in, 222 00:09:47.080 --> 00:09:49.080 like over the console cable or remotely? 223 00:09:49.240 --> 00:09:52.120 Yep, you secure those lines too, Line console zero for 224 00:09:52.200 --> 00:09:56.039 the console port line VTIO four typically covers the five 225 00:09:56.159 --> 00:10:01.399 virtual terminal lines for Telnet or SSH, LINEO zero for 226 00:10:01.519 --> 00:10:04.639 the auxiliary report. In the commands inside the line config mode, 227 00:10:05.039 --> 00:10:08.159 use password to set it, and then critically you must 228 00:10:08.200 --> 00:10:10.440 type log in to tell a router to actually check 229 00:10:10.519 --> 00:10:11.840 for that password on login. 230 00:10:11.639 --> 00:10:13.919 Attempts okay password, then log in right. 231 00:10:14.200 --> 00:10:17.440 And there's also service password encryption. This command applies a 232 00:10:17.519 --> 00:10:19.960 very weak encryption to all plaintext passwords in the config 233 00:10:20.360 --> 00:10:24.080 like the line passwords or if you foolishly used enable password. 234 00:10:23.799 --> 00:10:24.759 Is it actually secure? 235 00:10:25.000 --> 00:10:28.200 Not really, it's easily breakable. It just stops casual shoulder surfing. 236 00:10:28.879 --> 00:10:30.919 Enable secret is the only strong one built in for 237 00:10:30.960 --> 00:10:34.440 the enabled password. If you turn off service password encryption later, 238 00:10:35.000 --> 00:10:37.320 any passwords that weakly encrypted stay that way. 239 00:10:38.000 --> 00:10:41.159 So just to be clear. Why is an able password 240 00:10:41.440 --> 00:10:43.759 such a bad idea? How quickly could that bite you? 241 00:10:44.000 --> 00:10:46.840 Instantly? If anyone gets a copy of your config file, 242 00:10:47.080 --> 00:10:49.159 maybe a backup, maybe through some other access, they just 243 00:10:49.200 --> 00:10:52.559 read the password. It's right there, no guessing, no cracking required, 244 00:10:53.320 --> 00:10:56.320 enable secret hashes it so even seeing the config doesn't 245 00:10:56.320 --> 00:11:00.559 give away the password directly. It's a basic essential secure step. 246 00:11:00.799 --> 00:11:05.240 Okay, message received, use an able secret. Now interfaces, the 247 00:11:05.360 --> 00:11:07.480 actual connections, how do we configure those? 248 00:11:07.679 --> 00:11:10.399 Right? So you navigate using interface followed by the type 249 00:11:10.440 --> 00:11:14.000 in number like interface cereal zero zero zero, interface faceter 250 00:11:14.000 --> 00:11:14.840 and at zero zero. 251 00:11:15.080 --> 00:11:17.039 And you warned the prompt doesn't always change. 252 00:11:17.120 --> 00:11:20.399 Yeah, it might just say rote or configu hashagg regardless 253 00:11:20.399 --> 00:11:23.080 of whether you're in serial zero zero, fascinated at zero zero, 254 00:11:23.639 --> 00:11:25.639 keep track, exit moves you back up one level. 255 00:11:25.759 --> 00:11:28.519 Okay. Let's say we're configuring a serial interface like for 256 00:11:28.639 --> 00:11:29.360 a WAN link. 257 00:11:29.679 --> 00:11:35.039 Okay, so interface serial zero zero zero zero. Good practice 258 00:11:35.039 --> 00:11:37.840 to add a description like description link to main office 259 00:11:38.279 --> 00:11:42.200 helps document things and the IP address, app dress, subnetmask, 260 00:11:42.440 --> 00:11:43.480 standard stuff. 261 00:11:43.360 --> 00:11:45.799 And the special thing for cereal the clock rate. 262 00:11:46.399 --> 00:11:48.559 If you have the DCE cable, the one providing the 263 00:11:48.600 --> 00:11:51.120 timing signal for the link You must set the clock 264 00:11:51.240 --> 00:11:54.080 rate speed command on that interface only needed on the 265 00:11:54.159 --> 00:11:54.919 DCE side. 266 00:11:54.960 --> 00:11:55.720 How do you know the speed? 267 00:11:56.000 --> 00:11:58.840 Usually determined by the service provider or the capabilities of 268 00:11:58.840 --> 00:12:02.639 the link fin no shutdown to actually turn the interface on, 269 00:12:02.879 --> 00:12:05.080 They're off by default? No shutdown? Got it? 270 00:12:05.279 --> 00:12:07.679 And for fast Ethernet like connecting to a land switch. 271 00:12:07.600 --> 00:12:11.759 Simpler interface fast Ethernet zero zero maybe a description then 272 00:12:12.120 --> 00:12:15.600 IP address, IP address, subnet mask and no shutdown. No 273 00:12:15.759 --> 00:12:16.679 clock rate needed there? 274 00:12:16.759 --> 00:12:19.399 Okay? What about those messages you sometimes see when you 275 00:12:19.519 --> 00:12:22.519 log into a device, like warnings or welcome messages. 276 00:12:22.240 --> 00:12:25.120 Ah banners? Yeah, you could set those banner mot hashtag, 277 00:12:25.200 --> 00:12:27.919 message here, hashtag attag. The hashtag is a deliminter. You 278 00:12:27.960 --> 00:12:30.600 can use any character not nut in your message. MOTD 279 00:12:30.759 --> 00:12:32.879 stands for Message of the day. When does that show 280 00:12:33.000 --> 00:12:36.240 up after successful log in? Usually there's also banner log 281 00:12:36.320 --> 00:12:40.120 in hashtag message hashtag which shows up before the login prompt. 282 00:12:40.720 --> 00:12:43.320 MOOTD usually takes precedence if both are set. Good for 283 00:12:43.399 --> 00:12:44.639 legal disclaimers or warnings? 284 00:12:44.759 --> 00:12:47.799 Cool? You mentioned show hosts earlier? Can you manually set those? 285 00:12:48.000 --> 00:12:51.159 You can use IPPO host name, IP address so you 286 00:12:51.200 --> 00:12:53.879 could do IIP post server one one nine two point 287 00:12:53.919 --> 00:12:55.720 one sixty eight point one one one on a zero. 288 00:12:56.559 --> 00:13:00.240 Then on that router you could potentially ping server one 289 00:13:00.480 --> 00:13:03.000 instead of the IP. It's just a local mapping on 290 00:13:03.120 --> 00:13:03.600 that device. 291 00:13:03.759 --> 00:13:05.679 Handy for remembering key servers. 292 00:13:05.919 --> 00:13:08.320 Yeah, and related to look ups. By default, if you 293 00:13:08.360 --> 00:13:10.720 type something the router doesn't recognize as a command, it 294 00:13:10.879 --> 00:13:13.440 tries to resolve it via DNS, thinking it's a host 295 00:13:13.519 --> 00:13:14.600 name you want to connect. 296 00:13:14.320 --> 00:13:16.039 To, and that can be slow. If you just made 297 00:13:16.039 --> 00:13:16.799 a typo. 298 00:13:16.799 --> 00:13:18.919 Exactly, it hangs for a bit. Try to contact a 299 00:13:19.000 --> 00:13:21.200 DNS server. You can turn that off with no IP 300 00:13:21.279 --> 00:13:23.840 domain lookup. Saves a lot of frustration from typos. 301 00:13:24.000 --> 00:13:26.879 Good tip. All right, any other really useful general commands 302 00:13:26.919 --> 00:13:27.279 we should know? 303 00:13:27.480 --> 00:13:30.759 Yeah, a few life savers. No logging synchronous ever. Typing 304 00:13:30.799 --> 00:13:33.320 a command and a console message like percent link fine 305 00:13:33.320 --> 00:13:35.120 you be down? Yeah, pops up right in the middle 306 00:13:35.120 --> 00:13:35.519 of your line. 307 00:13:35.720 --> 00:13:37.679 Yes, so annoying. 308 00:13:38.080 --> 00:13:41.879 No logging synchronous stops that. It ensures your command prompt 309 00:13:42.200 --> 00:13:45.440 reappears cleanly below the message, so you don't lose your place. 310 00:13:46.240 --> 00:13:48.120 Essential Okay, definitely using that one. 311 00:13:48.279 --> 00:13:51.559 Then exact timeout sets how long a console or vty 312 00:13:51.679 --> 00:13:53.919 session can be idle before it logs you out. Yeah, 313 00:13:54.080 --> 00:13:57.360 exact time out one hundred zero means ten minutes, zero seconds, 314 00:13:57.679 --> 00:14:01.600 good security practice. What about zero zero means never time out? 315 00:14:02.159 --> 00:14:04.679 Big security hole. Don't do that on production. 316 00:14:04.399 --> 00:14:06.799 Gear right, and saving your work crucial. 317 00:14:07.159 --> 00:14:10.000 Copy running config, startup config, or copyrun start for short 318 00:14:10.279 --> 00:14:12.679 saves the act of config from RAM to envy RAM. 319 00:14:12.879 --> 00:14:17.080 If you don't do this and the router reboots, all gone, yep, mistake, 320 00:14:17.159 --> 00:14:19.759 you only make ones. You can also erase startup config 321 00:14:19.879 --> 00:14:22.759 to wipe the save config for starting fresh and copy 322 00:14:22.879 --> 00:14:25.519 running config. TFTP lets you back up your config to 323 00:14:25.559 --> 00:14:28.799 a TFTP serve on the network. Good for disaster recovery. 324 00:14:28.919 --> 00:14:30.720 And that do command you mentioned right do. 325 00:14:31.080 --> 00:14:34.399 Let's say you're deep in interface configuration mode. Router can 326 00:14:34.440 --> 00:14:37.840 fig ashtag ETI. Normally to see the running config, you'd 327 00:14:37.879 --> 00:14:40.080 have to type end then show running config. 328 00:14:40.200 --> 00:14:41.480 Yeah, jump back out with do. 329 00:14:41.879 --> 00:14:44.720 You can just type do show running config right there 330 00:14:44.759 --> 00:14:47.960 in interface mode. It executes the show command without making 331 00:14:48.000 --> 00:14:51.120 you leave config mode. Huge time saver, but it doesn't 332 00:14:51.159 --> 00:14:53.919 work for everything. Doesn't work for commands that change your mode, 333 00:14:54.000 --> 00:14:56.879 like configure terminal itself, but for most show commands, ping 334 00:14:57.320 --> 00:14:57.799 trace for it. 335 00:14:58.200 --> 00:15:02.120 That's pert awesome, Okay configured. How do they learn about 336 00:15:02.200 --> 00:15:04.759 networks beyond the ones directly plugged into them? 337 00:15:05.080 --> 00:15:07.919 Ah, Now we get into routing. How riders build their 338 00:15:07.960 --> 00:15:09.639 maps of the internetwork. 339 00:15:09.159 --> 00:15:11.240 Starts with static routes the manual way. 340 00:15:11.440 --> 00:15:14.679 Often yeah, simple scenarios. The command is that brot, then 341 00:15:14.679 --> 00:15:17.879 the destination network, then the subnet mask of that destination, 342 00:15:18.120 --> 00:15:19.720 than how to get there. How to get there could 343 00:15:19.720 --> 00:15:22.039 be either the IP address of the next router in 344 00:15:22.120 --> 00:15:25.440 the path, next hopyup, or the router's own exit interface 345 00:15:25.480 --> 00:15:28.080 that leads toward that network. Example, it proved ten point 346 00:15:28.120 --> 00:15:31.000 one point two point zero two five five point two 347 00:15:31.039 --> 00:15:33.279 five five point two five five point zero one ninety 348 00:15:33.279 --> 00:15:35.679 two point one sixty eight point one point one that 349 00:15:35.919 --> 00:15:38.440 tells the router to reach the ten point one point 350 00:15:38.480 --> 00:15:40.960 two point zero network. Send packets to the router at 351 00:15:41.000 --> 00:15:43.480 one ninety two point one sixty eight point one point one. 352 00:15:43.600 --> 00:15:45.679 Simple enough, but they're temporary by default. 353 00:15:45.799 --> 00:15:48.279 Yeah. If the interface used to reach the next hop 354 00:15:48.360 --> 00:15:51.720 goes down, the static route disappears. From the routing table. 355 00:15:51.919 --> 00:15:54.080 You can add the permanent keyword at the end if 356 00:15:54.120 --> 00:15:56.279 you want it to stay even if the interface is down. 357 00:15:56.399 --> 00:15:57.919 But that's less common. 358 00:15:58.440 --> 00:16:00.919 Okay, But what if a router learn multiple ways to 359 00:16:00.960 --> 00:16:03.200 get to the same place, maybe a static route and 360 00:16:03.360 --> 00:16:05.120 also a dynamic protocol. 361 00:16:05.320 --> 00:16:09.200 Excellent question. That's where administrative distance or AD comes in. 362 00:16:09.360 --> 00:16:11.159 AD sounds important. It is. 363 00:16:11.240 --> 00:16:13.120 It's a number from zero to two fifty five that 364 00:16:13.240 --> 00:16:17.159 represents how trustworthy a routing source is. Lower number means 365 00:16:17.240 --> 00:16:18.559 more trustworthy, So the. 366 00:16:18.639 --> 00:16:21.080 Router picks the path with the lowest AD. 367 00:16:21.399 --> 00:16:23.519 Exactly if it learns about the same network from two 368 00:16:23.559 --> 00:16:26.200 different sources, it installs the route with the lower AD 369 00:16:26.480 --> 00:16:27.360 into the routing table. 370 00:16:27.679 --> 00:16:29.399 What are some typical AD values. 371 00:16:29.519 --> 00:16:32.279 A directly connected network has an AD of zero. Can't 372 00:16:32.320 --> 00:16:34.679 be that it's plugged right in, makes sense. A static 373 00:16:34.799 --> 00:16:38.320 route has a default AD of one, very trustworthy because 374 00:16:38.360 --> 00:16:41.799 you manually configured it. Okay, Then the dynamic protocols EIGRP 375 00:16:41.960 --> 00:16:45.279 is ninety, OSPF is one ten, RIP is one twenty. 376 00:16:45.320 --> 00:16:49.320 So EIGRP is preferred over OSPF, which is preferred over RIP. 377 00:16:49.559 --> 00:16:50.919 If they all offer a route. 378 00:16:50.879 --> 00:16:54.440 By default, yes, and two fifty five means totally untrusted, 379 00:16:54.759 --> 00:16:55.840 the route won't be used. 380 00:16:56.080 --> 00:16:57.799 Can you use this AD cleverly. 381 00:16:58.240 --> 00:17:01.639 Absolutely, that's the idea behind and floating static routes. Imagine 382 00:17:01.639 --> 00:17:04.599 you're running EI g RP eighty ninety as your main 383 00:17:04.720 --> 00:17:07.599 routing protocol. You could configure a static route for the 384 00:17:07.640 --> 00:17:10.680 same destination, but manually give it a higher AD, say 385 00:17:10.799 --> 00:17:11.279 one hundred. 386 00:17:11.519 --> 00:17:13.559 So normally the EIGRP route. 387 00:17:13.359 --> 00:17:16.400 Is used, right, but if the e I goop route disappears, 388 00:17:17.200 --> 00:17:19.960 maybe the link fails, the router sees the static route 389 00:17:20.000 --> 00:17:22.119 with eighty one hundred is now the best path, and 390 00:17:22.240 --> 00:17:24.039 it floats into the routing table as a backup. 391 00:17:24.240 --> 00:17:26.279 Ah cool, automatic backup. 392 00:17:26.079 --> 00:17:29.400 Exactly intelligent failover using AD. And then there are default 393 00:17:29.480 --> 00:17:32.400 routes the route of last resource decisely ap route one 394 00:17:32.480 --> 00:17:35.200 ozero point zero point zero point zero point zero point zero, 395 00:17:35.519 --> 00:17:38.319 followed by the next hop or exit interface. It basically means, 396 00:17:38.480 --> 00:17:40.680 if you don't have a specific route for this destination 397 00:17:40.759 --> 00:17:43.279 at your table, send it here, usually points towards your 398 00:17:43.319 --> 00:17:45.160 ISP or core network, and you check all this one 399 00:17:45.240 --> 00:17:47.640 shoe iproot your main command for viewing the routing table 400 00:17:47.680 --> 00:17:50.000 and seeing which routes are active. They're ad metric and 401 00:17:50.079 --> 00:17:50.680