在平常進行網絡配置的時候,一般來說除了路由器設備沒有別的工具可以讓你進行網絡的排錯,下面就介紹一些路由器內置的命令來進行網絡排錯,雖然有些命令很基本,但是一些擴展項還是很好玩的。
1.Ping命令
Ping是最基本的測試連通性的命令了,先來一個標準的Ping:
Router#ping 10.123.123.7
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.123.123.7, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
再來一個擴展ping,只能在特權模式哦:
Router#ping
Protocol [ip]:
Target IP address: 10.123.123.7
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface:
Set DF bit in IP header? [no]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sending 5, 100-byte ICMP Echos to 10.123.123.7, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
然後以擴展Ping爲基礎,進行不同的選擇來Ping的更猛烈
比如使用record選項來記錄數據包路徑
Router#ping
Protocol [ip]:
Target IP address: 131.108.1.115
…
Extended commands [n]: y
…
Loose, Strict, Record, Timestamp, Verbose[none]: r
Number of hops [ 9 ]:
Sending 5, 100-byte ICMP Echos to 131.108.1.115, timeout is 2 seconds:
Packet has IP options: Total option bytes= 39, padded length=40
Record route: <*>
(0.0.0.0)
(0.0.0.0)
(0.0.0.0)
(0.0.0.0)
(0.0.0.0)
(0.0.0.0)
(0.0.0.0)
(0.0.0.0)
(0.0.0.0)
The following display is a detail of the Echo packet section:
0 in 4 ms. Received packet has options
Total option bytes= 40, padded length=40
Record route: 160.89.80.31 131.108.6.10 131.108.1.7 131.108.1.115
131.108.1.115 131.108.6.7 160.89.80.240 160.89.80.31 <*> 0.0.0.0
End of list
1 in 6 ms. Received packet has options
…
使用這個選項的時候必須在路徑上所有的路由器都打開ip source routing。
再比如指定源接口,這個最有用,因爲有時候對端有訪問列表的限制,只能某個地址可以發起Ping,比如Loopback地址等
Router#ping
Protocol [ip]:
Target IP address: 10.123.123.7
…
Extended commands [n]: y
Source address or interface: loopback0 (or an actual local IP address)
…
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.123.123.7, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
是不是對老是輸入這些選項有點厭煩了,來點捷徑吧:
Router#ping 10.123.123.7 ?
data specify data pattern
df-bit enable do not fragment bit in IP header
repeat specify repeat count
size specify datagram size
source specify source address or name
timeout specify timeout interval
validate validate reply data
<cr>
看到上面很多選項了吧,下面一個命令就實現了源地址爲以太口0/0,以480字節大小的數據包ping1000次,每次超時時間爲3秒
router# ping 10.123.123.7 repeat 1000 size 480 source ethernet 0/0 timeout 3
最後來一個使用Ping來計算網絡MTU的問題,可不要問我什麼是MTU哦
router#ping
Target IP address: 10.123.123.7
Output Omitted…
Extended commands [n]: y
Set DF bit in IP header? [no]: y
Output Omitted…
Sweep range of sizes [n]: y
Sweep min size [36]: 64
Sweep max size [18024]: 1550
Sweep interval [1]: 10
Type escape sequence to abort.
Sending 745, [64..1550]-byte ICMP Echos to 10.123.123.7, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!….
Success rate is 96 percent (96/100), round-trip min/avg/max =1/3/4 ms
最後MTU的計算公式爲MTU=(success*interval)+min sweep value=(96*10)+64=1024
2.Telnet命令
最基本的登錄命令:
router#telnet 10.123.123.254 或者
router#10.123.123.254
也可以使用多種選項:
router#telnet 10.123.123.254 ?
/debug Enable telnet debugging mode
/ipv4 Force use of IP version 4
/ipv6 Force use of IP version 6
/line Enable telnet line mode
/noecho Disable local echo
/quiet Suppress login/logout messages
/route: Enable telnet source route mode
/source-interface Specify source interface
/stream Enable stream processing
/terminal-type Set terminal type
<0-65535> Port number
來一個組合Telnet:
router#telnet 10.123.123.254 /source-interface ethernet 0/0 80
3.Debug命令
Debug信息由於是IOS產生的,所以相應的CPU佔用就比較大,因此在使用上要倍加小心,輸命令之前你要請求你到底在做什麼。這條service timestamps debug datetime localtime給debug輸出增加時間戳的命令一定要首先配上,一般不要在console或者aux口連接時使用debug命令,建議在telnet時使用,不過要增加下面命令:
router(config)#logging console 6
router#term mon
最後一點,儘可能的使用過濾,下面介紹兩個例子:
第一 使用ACL進行過濾
router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
router(config)#access-list 10 permit 10.123.123.7
router(config)#^Z
router#debug ip packet detail ?
<1-199> Access list
<1300-2699> Access list (expanded range)
<cr>
router#debug ip packet detail 10
IP packet debugging is on (detailed) for access list 10
router#ping 10.123.123.7
03:16:57: IP: s=10.123.123.7 (Ethernet0/0), d=10.123.123.254 (Ethernet0/0), len 100, rcvd 3
03:16:57: ICMP type=0, code=0
第二 接口過濾
router#debug list ?
<0-2699> access list
Dialer Dialer interface
Ethernet IEEE 802.3
Multilink Multilink-group interface
…
<cr>
router#debug list ethernet 0/0
router#debug ip packet detail
IP packet debugging is on
for interface: Ethernet0/0
(detailed)
03:19:32: IP: s=10.123.123.7 (Ethernet0/0), d=10.123.123.254 (Ethernet0/0), len 100, rcvd 3
03:19:32: ICMP type=0, code=0
最後合二爲一
router#debug list ethernet 0/0 ?
<0-2699> access list
<cr>
router#debug list ethernet 0/0 10
router#debug ip packet detail
IP packet debugging is on
for interface: Ethernet0/0 and access list: 10
(detailed)
03:21:38: IP: s=10.123.123.7 (Ethernet0/0), d=10.123.123.254 (Ethernet0/0), len 100, rcvd 3
03:21:38: ICMP type=0, code=0
1.Ping命令
Ping是最基本的測試連通性的命令了,先來一個標準的Ping:
Router#ping 10.123.123.7
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.123.123.7, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
再來一個擴展ping,只能在特權模式哦:
Router#ping
Protocol [ip]:
Target IP address: 10.123.123.7
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface:
Set DF bit in IP header? [no]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sending 5, 100-byte ICMP Echos to 10.123.123.7, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
然後以擴展Ping爲基礎,進行不同的選擇來Ping的更猛烈
比如使用record選項來記錄數據包路徑
Router#ping
Protocol [ip]:
Target IP address: 131.108.1.115
…
Extended commands [n]: y
…
Loose, Strict, Record, Timestamp, Verbose[none]: r
Number of hops [ 9 ]:
Sending 5, 100-byte ICMP Echos to 131.108.1.115, timeout is 2 seconds:
Packet has IP options: Total option bytes= 39, padded length=40
Record route: <*>
(0.0.0.0)
(0.0.0.0)
(0.0.0.0)
(0.0.0.0)
(0.0.0.0)
(0.0.0.0)
(0.0.0.0)
(0.0.0.0)
(0.0.0.0)
The following display is a detail of the Echo packet section:
0 in 4 ms. Received packet has options
Total option bytes= 40, padded length=40
Record route: 160.89.80.31 131.108.6.10 131.108.1.7 131.108.1.115
131.108.1.115 131.108.6.7 160.89.80.240 160.89.80.31 <*> 0.0.0.0
End of list
1 in 6 ms. Received packet has options
…
使用這個選項的時候必須在路徑上所有的路由器都打開ip source routing。
再比如指定源接口,這個最有用,因爲有時候對端有訪問列表的限制,只能某個地址可以發起Ping,比如Loopback地址等
Router#ping
Protocol [ip]:
Target IP address: 10.123.123.7
…
Extended commands [n]: y
Source address or interface: loopback0 (or an actual local IP address)
…
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.123.123.7, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
是不是對老是輸入這些選項有點厭煩了,來點捷徑吧:
Router#ping 10.123.123.7 ?
data specify data pattern
df-bit enable do not fragment bit in IP header
repeat specify repeat count
size specify datagram size
source specify source address or name
timeout specify timeout interval
validate validate reply data
<cr>
看到上面很多選項了吧,下面一個命令就實現了源地址爲以太口0/0,以480字節大小的數據包ping1000次,每次超時時間爲3秒
router# ping 10.123.123.7 repeat 1000 size 480 source ethernet 0/0 timeout 3
最後來一個使用Ping來計算網絡MTU的問題,可不要問我什麼是MTU哦
router#ping
Target IP address: 10.123.123.7
Output Omitted…
Extended commands [n]: y
Set DF bit in IP header? [no]: y
Output Omitted…
Sweep range of sizes [n]: y
Sweep min size [36]: 64
Sweep max size [18024]: 1550
Sweep interval [1]: 10
Type escape sequence to abort.
Sending 745, [64..1550]-byte ICMP Echos to 10.123.123.7, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!….
Success rate is 96 percent (96/100), round-trip min/avg/max =
最後MTU的計算公式爲MTU=(success*interval)+min sweep value=(96*10)+64=1024
2.Telnet命令
最基本的登錄命令:
router#telnet 10.123.123.254 或者
router#10.123.123.254
也可以使用多種選項:
router#telnet 10.123.123.254 ?
/debug Enable telnet debugging mode
/ipv4 Force use of IP version 4
/ipv6 Force use of IP version 6
/line Enable telnet line mode
/noecho Disable local echo
/quiet Suppress login/logout messages
/route: Enable telnet source route mode
/source-interface Specify source interface
/stream Enable stream processing
/terminal-type Set terminal type
<0-65535> Port number
來一個組合Telnet:
router#telnet 10.123.123.254 /source-interface ethernet 0/0 80
3.Debug命令
Debug信息由於是IOS產生的,所以相應的CPU佔用就比較大,因此在使用上要倍加小心,輸命令之前你要請求你到底在做什麼。這條service timestamps debug datetime localtime給debug輸出增加時間戳的命令一定要首先配上,一般不要在console或者aux口連接時使用debug命令,建議在telnet時使用,不過要增加下面命令:
router(config)#logging console 6
router#term mon
最後一點,儘可能的使用過濾,下面介紹兩個例子:
第一 使用ACL進行過濾
router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
router(config)#access-list 10 permit 10.123.123.7
router(config)#^Z
router#debug ip packet detail ?
<1-199> Access list
<1300-2699> Access list (expanded range)
<cr>
router#debug ip packet detail 10
IP packet debugging is on (detailed) for access list 10
router#ping 10.123.123.7
03:16:57: IP: s=10.123.123.7 (Ethernet0/0), d=10.123.123.254 (Ethernet0/0), len 100, rcvd 3
03:16:57: ICMP type=0, code=0
第二 接口過濾
router#debug list ?
<0-2699> access list
Dialer Dialer interface
Ethernet IEEE 802.3
Multilink Multilink-group interface
…
<cr>
router#debug list ethernet 0/0
router#debug ip packet detail
IP packet debugging is on
for interface: Ethernet0/0
(detailed)
03:19:32: IP: s=10.123.123.7 (Ethernet0/0), d=10.123.123.254 (Ethernet0/0), len 100, rcvd 3
03:19:32: ICMP type=0, code=0
最後合二爲一
router#debug list ethernet 0/0 ?
<0-2699> access list
<cr>
router#debug list ethernet 0/0 10
router#debug ip packet detail
IP packet debugging is on
for interface: Ethernet0/0 and access list: 10
(detailed)
03:21:38: IP: s=10.123.123.7 (Ethernet0/0), d=10.123.123.254 (Ethernet0/0), len 100, rcvd 3
03:21:38: ICMP type=0, code=0
4.NBAR命令
NBAR是Network Based Application Recognition的縮寫就是基於網絡的應用識別,雖然從12.1.5(T)就是開始支持了,但是使用的很少,在2500,2600,3600等設備上NBAR的功能比較有限,而對於新的1800,2800,3800等路由器則是NBAR的全面支持,利用這個特性可以瞭解網絡現狀,檢測網絡應用和進行網絡保護等。
使用NBAR的前提是必須啓用CEF,配置示例如下:
router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
router(config)#ip cef
router(config)#int e 0/0
router(config-if)#ip nbar protocol-discovery
router(config-if)#^Z
router#sh ip nbar protocol-discovery
用下面示例來查看當前網絡現狀
outer#sh ip nbar protocol-discovery
Ethernet0/0 Input Output
Protocol Packet Count Packet Count
Byte Count Byte Count
5 minute bit rate (bps) 5 minute bit rate (bps)
------------------------ ------------------------ ------------------------
http 2892 3487
427198 2930628
0 0
secure-http 2462 2064
854207 706349
0 0
檢測特定的應用
router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
router(config)#class-map nbar-detect
router(config-cmap)#match prot gnutella file-transfer “*”
router(config)#policy-map gnutella-detect
router(config-pmap)#class nbar-detect
router(config)#int e 2/0
router(config-if)#service-policy input gnutella-detect
router(config-if)#service-policy output gnutella-detect
router(config-if)#^Z
router#sh policy-map interface ethernet 2/0
限制特定的應用
router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
router(config)#class-map nbar-detect
router(config-cmap)#match prot gnutella file-transfer “*”
router(config)#policy-map gnutella-detect
router(config-pmap)#class nbar-detect
router(config-pmap)#set ip dscp 1
router(config)#access-list 101 deny ip any any dscp 1 log
router(config)#access-list 101 permit ip any any
router(config-if)#ip access-group 101 in
router(config-if)#ip access-group 101 out
router(config-if)#^Z
router#sh access-list 101
5.Test命令
IOS內置了很多測試命令,幫助下看看
router#test ?
aaa AAA Authentication, Authorization and Accounting
interfaces Network interfaces
memory Non-volatile and/or multibus memory
pas Port Adaptor Tests
sgbp
cac test the l2 cac functionality
call Call test commands
crypto Test crypto functions
…
各取所需
6.SAA和RTR Responders
這個特性在10.3就有了,當時是爲了SNA網絡,後來增加了對TCP/UDP/IP測試的支持,最近又增加了對Voice的抖動,延遲等的支持,改成一個新名字叫IPSLA Monitors了。
先看個幫助
router(config)#ip sla monitor ?
<1-2147483647> Entry Number
key-chain Use MD5 authentication for RTR control message
low-memory Configure low water memory mark
reaction-configuration RTR Reaction Configuration
reaction-trigger RTR Trigger Assignment
reset RTR Reset
responder Enable RTR Responder
restart Restart an Active Entry
schedule RTR Entry Scheduling
繼續幫助,看看都支持那些類型的監控
router(config)#ip sla monitor 1
router(config-rtr)#type ?
dhcp Perform DHCP Operation
dlsw Perform DLSw Keepalive Operation
dns Perform DNS Query
echo Perform Point to Point Echo Operations
frame-relay Perform frame relay operation
ftp Perform ftp operation
http Perform HTTP Operations
jitter Perform Jitter Operation
pathEcho Perform Path Discovered Echo Operations
pathJitter Perform Path Jitter Operation using ICMP
tcpConnect Perform TCP Connect Operations
udpEcho Perform UDP Echo Operations
使用ICMP來對××× SAA
router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
router(config)#ip sla monitor 1
router(config)#type pathEcho protocol ipIcmpEcho REMOTE source-ipaddr LOCAL
router(config-rtr)#frequency 60
router(config)#ip sla monitor schedule 1 ?
ageout How long to keep this Entry when inactive
life Length of time to execute in seconds
start-time When to start this entry
<cr>
router(config)#ip sla monitor schedule 1 life forever start-time now
router#sh ip sla monitor operational-state
Entry number: 1
Modification time: 16:48:53.060 mst Thu May 7 2007
Number of Octets Used by this Entry: 53808
Number of operations attempted: 434
Number of operations skipped: 0
Current seconds left in Life: Forever
Operational state of entry: Active
Last time this entry was reset: Never
Connection loss occurred: FALSE
Timeout occurred: FALSE
Over thresholds occurred: FALSE
Latest RTT (milliseconds): 2
Latest operation start time: 16:48:53.072 mst Thu May 7 2007
Latest operation return code: OK
7.配置小技巧
對show命令輸出的有效過濾我就不提了,以前寫過文檔。另外記得有個do的命令,可以在任何模式下輸入全局配置模式下的命令,這樣就不用來回的exit來切換不同的模式了,不過使用do的話就不支持上下文類型的幫助了。另外在我翻譯的IOS Cookbook中提到了對於配置的存檔和回滾,這樣幫助你備份配置文件,在出現問題的情況下快速倒回。最後一個default命令也很有用,可以快速的幫助你把清除配置,比如default interface ethernet 2/0命令就可以幫助你清除掉以太口2/0下的所有配置。
8.IOS出問題的解決
路由器也有POST自檢信息,不過缺省情況下這些都不顯示的,這些自檢信息可以幫助你瞭解啓動不了時的具體硬件問題,開啓POST消息需要修改寄存器值爲0xA102.
IOS出問題時有時會產生traceback通過show stacks命令的輸出,然後通過思科網站的命令輸出解釋器找出具體原因
[url]https://www.cisco.com/cgi-bin/Support/OutputInterpreter/home.pl[/url]
如果你配置了類似exception dump 10.123.123.7 這樣的命令,在IOS崩潰的情況下可以產生core dump文件在TFTP服務器上。
最後說一個parser config cache interface命令,對於很大的配置文件可以通過緩存的方法來加快show run類似命令的輸出
NBAR是Network Based Application Recognition的縮寫就是基於網絡的應用識別,雖然從12.1.5(T)就是開始支持了,但是使用的很少,在2500,2600,3600等設備上NBAR的功能比較有限,而對於新的1800,2800,3800等路由器則是NBAR的全面支持,利用這個特性可以瞭解網絡現狀,檢測網絡應用和進行網絡保護等。
使用NBAR的前提是必須啓用CEF,配置示例如下:
router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
router(config)#ip cef
router(config)#int e 0/0
router(config-if)#ip nbar protocol-discovery
router(config-if)#^Z
router#sh ip nbar protocol-discovery
用下面示例來查看當前網絡現狀
outer#sh ip nbar protocol-discovery
Ethernet0/0 Input Output
Protocol Packet Count Packet Count
Byte Count Byte Count
5 minute bit rate (bps) 5 minute bit rate (bps)
------------------------ ------------------------ ------------------------
http 2892 3487
427198 2930628
0 0
secure-http 2462 2064
854207 706349
0 0
檢測特定的應用
router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
router(config)#class-map nbar-detect
router(config-cmap)#match prot gnutella file-transfer “*”
router(config)#policy-map gnutella-detect
router(config-pmap)#class nbar-detect
router(config)#int e 2/0
router(config-if)#service-policy input gnutella-detect
router(config-if)#service-policy output gnutella-detect
router(config-if)#^Z
router#sh policy-map interface ethernet 2/0
限制特定的應用
router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
router(config)#class-map nbar-detect
router(config-cmap)#match prot gnutella file-transfer “*”
router(config)#policy-map gnutella-detect
router(config-pmap)#class nbar-detect
router(config-pmap)#set ip dscp 1
router(config)#access-list 101 deny ip any any dscp 1 log
router(config)#access-list 101 permit ip any any
router(config-if)#ip access-group 101 in
router(config-if)#ip access-group 101 out
router(config-if)#^Z
router#sh access-list 101
5.Test命令
IOS內置了很多測試命令,幫助下看看
router#test ?
aaa AAA Authentication, Authorization and Accounting
interfaces Network interfaces
memory Non-volatile and/or multibus memory
pas Port Adaptor Tests
sgbp
cac test the l2 cac functionality
call Call test commands
crypto Test crypto functions
…
各取所需
6.SAA和RTR Responders
這個特性在10.3就有了,當時是爲了SNA網絡,後來增加了對TCP/UDP/IP測試的支持,最近又增加了對Voice的抖動,延遲等的支持,改成一個新名字叫IP
先看個幫助
router(config)#ip sla monitor ?
<1-2147483647> Entry Number
key-chain Use MD5 authentication for RTR control message
low-memory Configure low water memory mark
reaction-configuration RTR Reaction Configuration
reaction-trigger RTR Trigger Assignment
reset RTR Reset
responder Enable RTR Responder
restart Restart an Active Entry
schedule RTR Entry Scheduling
繼續幫助,看看都支持那些類型的監控
router(config)#ip sla monitor 1
router(config-rtr)#type ?
dhcp Perform DHCP Operation
dlsw Perform DLSw Keepalive Operation
dns Perform DNS Query
echo Perform Point to Point Echo Operations
frame-relay Perform frame relay operation
ftp Perform ftp operation
http Perform HTTP Operations
jitter Perform Jitter Operation
pathEcho Perform Path Discovered Echo Operations
pathJitter Perform Path Jitter Operation using ICMP
tcpConnect Perform TCP Connect Operations
udpEcho Perform UDP Echo Operations
使用ICMP來對××× SAA
router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
router(config)#ip sla monitor 1
router(config)#type pathEcho protocol ipIcmpEcho REMOTE source-ipaddr LOCAL
router(config-rtr)#frequency 60
router(config)#ip sla monitor schedule 1 ?
ageout How long to keep this Entry when inactive
life Length of time to execute in seconds
start-time When to start this entry
<cr>
router(config)#ip sla monitor schedule 1 life forever start-time now
router#sh ip sla monitor operational-state
Entry number: 1
Modification time: 16:48:53.060 mst Thu May 7 2007
Number of Octets Used by this Entry: 53808
Number of operations attempted: 434
Number of operations skipped: 0
Current seconds left in Life: Forever
Operational state of entry: Active
Last time this entry was reset: Never
Connection loss occurred: FALSE
Timeout occurred: FALSE
Over thresholds occurred: FALSE
Latest RTT (milliseconds): 2
Latest operation start time: 16:48:53.072 mst Thu May 7 2007
Latest operation return code: OK
7.配置小技巧
對show命令輸出的有效過濾我就不提了,以前寫過文檔。另外記得有個do的命令,可以在任何模式下輸入全局配置模式下的命令,這樣就不用來回的exit來切換不同的模式了,不過使用do的話就不支持上下文類型的幫助了。另外在我翻譯的IOS Cookbook中提到了對於配置的存檔和回滾,這樣幫助你備份配置文件,在出現問題的情況下快速倒回。最後一個default命令也很有用,可以快速的幫助你把清除配置,比如default interface ethernet 2/0命令就可以幫助你清除掉以太口2/0下的所有配置。
8.IOS出問題的解決
路由器也有POST自檢信息,不過缺省情況下這些都不顯示的,這些自檢信息可以幫助你瞭解啓動不了時的具體硬件問題,開啓POST消息需要修改寄存器值爲0xA102.
IOS出問題時有時會產生traceback通過show stacks命令的輸出,然後通過思科網站的命令輸出解釋器找出具體原因
[url]https://www.cisco.com/cgi-bin/Support/OutputInterpreter/home.pl[/url]
如果你配置了類似exception dump 10.123.123.7 這樣的命令,在IOS崩潰的情況下可以產生core dump文件在TFTP服務器上。
最後說一個parser config cache interface命令,對於很大的配置文件可以通過緩存的方法來加快show run類似命令的輸出