1. Password Verification
One easily made mistake comes with the way that passwords are configured with IOS. Unlike almost every other password configuration tool available, the password commands on IOS do not confirm the password being entered. Imagine getting a new piece of equipment configured and put into the field, then later when remote management is required, attempting to access the device only to learn that the password was entered incorrectly. In most cases, the only way to fix this is to have you or someone else physically on-site. Take care when configuring IOS passwords to ensure the password is entered correctly.
2. Wildcard Masks
Of the many people that learn IOS, a large number don’t quite understand the concept of a wildcard mask (or a mask generally). It can be difficult enough to learn the fundamentals of a simple subnet mask; add in access lists (ACL) and Open Shortest Path First (OSPF) configurations, and throw in wildcard masks. The thing to remember about wildcard masks is, like subnet masks, they are easier to grasp when using binary. A wildcard in binary is just the inverse of the subnet mask; e.g. the subnet mask 255.255.255.0 uses an inverse mask of 0.0.0.255.
3. Clock Rate vs Bandwidth
Another topic that is often the center of confusion when learning IOS is the difference between clock rate and bandwidth. While practically these two would seem to mean the same thing, but when configuring IOS they are used for two different tasks. The clock rate command is used to set the physical speed of an interface (typically serial interfaces). Thebandwidth command is used to set the bandwidth of the interface as used by a couple of system processes, including interface statistics and routing protocol metrics. This command is not used in any way to affect the physical speed of an interface.
4. Telnet vs SSH
For those new to networking, they may not know the major difference between using Telnetor SSH (Secure Shell) to manage a device. For many IOS devices, Telnet is used as the default remote management method. The problem with this is that Telnet is not a secure management method -- often IOS devices are placed into easily accessed networks and the use of Telnet makes the capture of management passwords very simple (as they are transmitted in cleartext). Always take the time to implement SSH on any production IOS device that is going to be accessed remotely.
5. Ethernet Duplex
It can be easy to overlook the Ethernet duplex setting since on many devices it is configured to be automatically selected. But when using devices that have been statically configured it is important to note that half and full duplex Ethernet connections are not compatible.
6. Process-ID vs Autonomous System Number
When learning about dynamic routing protocols, there is a common mistake that is made between the configuration of OSPF and EIGRP. When configuring OSPF, a process-id is used to identify the routing process. This process-id is only locally significant. When configuringEIGRP, an autonomous system number (ASN) is used to identify the routing process. This ASN is globally significant and must match between configured EIGRP devices.
7. EIGRP Auto-Summary
When configuring EIGRP on IOS pre-15 it was the default for EIGRP auto-summary to be enabled. This can cause routing problems in networks where the IP addressing is not contiguous and/or hieratical. With the release of IOS 15 the default changed so that EIGRP auto-summary was disabled. If implementing EIGRP on IOS pre-15; ensure that the auto-summary is configured as expected on all devices.
No comments:
Post a Comment