February 20, 2013

5 Cisco IOS Configuration Mistakes You should think of !


When first becoming familiar with Cisco’s Internetwork Operating System (IOS) there are a number of different things to learn, and with this learning process there are a number of common mistakes that are made. 

The purpose of this article is to cover the largest of these misconfigurations (from my perspective). This list is of course subjective, but it should provide a good reference for those learning Cisco IOS.

Common Cisco IOS Configuration Mistakes

1. Password Verification

One easily made mistake comes with the way that passwords are configured with IOS. Unlike almost every other password configuration tool available, the password commands on IOS do not confirm the password being entered.
Imagine getting a new piece of equipment configured and put into the field, then later when remote management is required, attempting to access the device only to learn that the password was entered incorrectly. In most cases, the only way to fix this is to have you or someone else physically on-site. Take care when configuring IOS passwords to ensure the password is entered correctly.

2. Wildcard Masks

Of the many people that learn IOS, a large number don’t quite understand the concept of a wildcard mask (or a mask generally). It can be difficult enough to learn the fundamentals of a simple subnet mask; add in access lists (ACL) and Open Shortest Path First (OSPF) configurations, and throw in wildcard masks. The thing to remember about wildcard masks is, like subnet masks, they are easier to grasp when using binary. A wildcard in binary is just the inverse of the subnet mask; e.g. the subnet mask 255.255.255.0 uses an inverse mask of 0.0.0.255.

3. Clock Rate vs Bandwidth

Another topic that is often the center of confusion when learning IOS is the difference between clock rate and bandwidth. While practically these two would seem to mean the same thing, but when configuring IOS they are used for two different tasks. The clock rate command is used to set the physical speed of an interface (typically serial interfaces). The bandwidth command is used to set the bandwidth of the interface as used by a couple of system processes, including interface statistics and routing protocol metrics. This command is not used in any way to affect the physical speed of an interface.

4. Telnet vs SSH

For those new to networking, they may not know the major difference between using Telnetor SSH (Secure Shell) to manage a device. For many IOS devices, Telnet is used as the default remote management method. The problem with this is that Telnet is not a secure management method -- often IOS devices are placed into easily accessed networks and the use of Telnet makes the capture of management passwords very simple (as they are transmitted in cleartext). Always take the time to implement SSH on any production IOS device that is going to be accessed remotely.

5. Switchport Security

When configuring Switchport port-security, it is important to know that the default maximum number of hosts off of a switchport is 1. What this means is that the first host that sends traffic will be allowed and that all other hosts traffic will be dropped by default. Be sure to customize these default settings to the reader’s expectations before leaving your management session.

... Hopefully this article will help prevent young network engineers from making these same mistakes when working on production equipment.

You can see 5 more mistakes in this article from www.petri.co.il.

What about you? What kind of mistakes have you ever made while working with IOS? 
Powered by IT and Careez - Blog