How to NOT fuck up a cisco router


Enable access to a cisco router.

A few commands that will help you not only log problems but will also keep you from killing your own access.

reload at (00:00 hh:mm)
Set this to tell the router to reboot after a certain period of time.
Do NOT get in the habit of doing a "write mem" or "copy ru star" after every command you do!
When you make changes to the router if you happen to lock yourself out and you havn't saved your config it will boot the last config you did save. If you make the "oh crap this command will lock me out!" and then save, when you reboot you will still be locked out, because you saved it.

file verify auto
This automagicly verifies the md5 checksum/hash associated with the IOS image you put on the router.
Sort of checks the checksum to make sure the thing hasn't been re-compacted with bad code, and that you downloaded all and not just part of the image file. If this doesn't check correctly then the IOS probably won't boot.

file prompt noisy
This is the what we call the "vista command" also known as the "are you sure?" command.
The reasoning for this is to make sure that you want the command you typed in to be executed, making you think twice about it before pressing enter/return.

username myusername privelege 15 password mypassword
This is for putting a local account on the router with which to login to the router with.
Great for if you are setting up either Cisco TACACS or a Radius server.
Because, if the authentication server goes down or craps out you can still login! (using the local account you create with the above command that is)

service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localstime show-timezone
clock timezone (your time zone, example: CST -6)
clock summer-time CDT recurring (again this is whatever timezone you are in/ what time of the year)
clock save interval 24
This is all for keeping track of log files, knowing exactly what happened at exactly what time.

logging buffered 4096 (you may want to increase or decrease this number)
logging console critical
logging trap debugging
no logging monitor
More of the same logging, sets how much space is set aside for logs, states that you only want to log critical stuff, log any and all debugging statements that you do and their output, and that you don't want it showing up on your screen while you are typing but rather just throwing it in the log for you to look at later.

log config
logging enable
logging size 500
notify syslog contenttype plaintext
This only applies if you have a centralized syslog server setup, you can log your config and keystrokes if you want, but as of right now they are hidden with the hidekeys command.

You should want to assign a syslog server to handle logs so use the following command to do so:
logging (ip of syslog server)


cisc0ninja's cranium