Network Engineer’s Guide to Linux

You know networking cold. Here’s how Linux maps to what you already know.

The Mental Shift

Cisco World Linux World Key Difference

Cisco World	Linux World	Key Difference
IOS CLI	Bash shell	No `?` help, use `man` and `--help`
`show running-config`	Config files in `/etc/`	Text files, not a running state
`copy run start`	Changes are immediate (mostly)	Some services need restart
NVRAM	`/etc/` directory	Persistent config lives here
`enable` → `conf t`	`sudo` or `su -`	Privilege escalation
Interface Gi0/1	`eth0`, `ens192`, `enp0s3`	Predictable naming (systemd)
VLAN database	`nmcli`, `/etc/sysconfig/network-scripts/`	NetworkManager or config files
ACLs on interface	`firewalld`, `nftables`, `iptables`	Host-based firewall

IOS CLI

Bash shell

No ? help, use man and --help

show running-config

Config files in /etc/

Text files, not a running state

copy run start

Changes are immediate (mostly)

Some services need restart

NVRAM

/etc/ directory

Persistent config lives here

enable → conf t

sudo or su -

Privilege escalation

Interface Gi0/1

eth0, ens192, enp0s3

Predictable naming (systemd)

VLAN database

nmcli, /etc/sysconfig/network-scripts/

NetworkManager or config files

ACLs on interface

firewalld, nftables, iptables

Host-based firewall

Command Translation

Show Commands

Cisco Linux

Cisco	Linux
`show ip interface brief`	`ip -4 addr show` or `ip -br a`
`show interfaces`	`ip link show` or `nmcli device show`
`show ip route`	`ip route show` or `ip r`
`show arp`	`ip neigh show` or `arp -n`
`show mac address-table`	`bridge fdb show` (if bridging)
`show version`	`uname -a` + `cat /etc/os-release`
`show processes cpu`	`top` or `htop`
`show logging`	`journalctl` or `tail /var/log/messages`
`show ntp status`	`chronyc tracking` or `timedatectl`
`show ip dns`	`cat /etc/resolv.conf`
`ping`	`ping` (same!)
`traceroute`	`traceroute` or `tracepath`

show ip interface brief

ip -4 addr show or ip -br a

show interfaces

ip link show or nmcli device show

show ip route

ip route show or ip r

show arp

ip neigh show or arp -n

show mac address-table

bridge fdb show (if bridging)

show version

uname -a + cat /etc/os-release

show processes cpu

top or htop

show logging

journalctl or tail /var/log/messages

show ntp status

chronyc tracking or timedatectl

show ip dns

cat /etc/resolv.conf

ping

ping (same!)

traceroute

traceroute or tracepath

Configuration Commands

Cisco Linux

Cisco	Linux
`interface Gi0/1`	`nmcli connection modify "eth0" …`
`ip address 10.1.1.1 255.255.255.0`	`nmcli con mod eth0 ipv4.addresses 10.1.1.1/24`
`ip default-gateway`	`nmcli con mod eth0 ipv4.gateway 10.1.1.254`
`ip name-server`	`nmcli con mod eth0 ipv4.dns "8.8.8.8"`
`hostname router1`	`hostnamectl set-hostname server1`
`no shutdown`	`nmcli con up eth0` or `ip link set eth0 up`
`shutdown`	`nmcli con down eth0` or `ip link set eth0 down`
`copy run start`	(usually automatic, or `nmcli con reload`)
`reload`	`reboot` or `systemctl reboot`

interface Gi0/1

nmcli connection modify "eth0" …

ip address 10.1.1.1 255.255.255.0

nmcli con mod eth0 ipv4.addresses 10.1.1.1/24

ip default-gateway

nmcli con mod eth0 ipv4.gateway 10.1.1.254

ip name-server

nmcli con mod eth0 ipv4.dns "8.8.8.8"

hostname router1

hostnamectl set-hostname server1

no shutdown

nmcli con up eth0 or ip link set eth0 up

shutdown

nmcli con down eth0 or ip link set eth0 down

copy run start

(usually automatic, or nmcli con reload)

reload

reboot or systemctl reboot

Networking Deep Dive

Interface Naming

# Old style (eth0, eth1) - unpredictable order
# New style (predictable names):
#   en  = ethernet
#   wl  = wireless
#   p   = PCI bus
#   s   = slot
#
# Examples:
#   ens192    = ethernet, slot 192 (VMware)
#   enp0s3    = ethernet, PCI bus 0, slot 3 (VirtualBox)
#   eno1      = ethernet, onboard port 1

# List all interfaces
ip link show

# Detailed info
nmcli device show ens192

IP Configuration (Your Bread and Butter)

# View current config (like "show ip int brief")
ip -4 addr show
ip -br a  # brief format

# View routing table (like "show ip route")
ip route show

# View specific route
ip route get 8.8.8.8

# Set static IP with nmcli (persistent)
sudo nmcli connection modify "Wired connection 1" \
  ipv4.addresses "192.168.1.100/24" \
  ipv4.gateway "192.168.1.1" \
  ipv4.dns "8.8.8.8 8.8.4.4" \
  ipv4.method manual

# Apply changes
sudo nmcli connection up "Wired connection 1"

# Add secondary IP (like "ip address secondary")
sudo nmcli connection modify "Wired connection 1" \
  +ipv4.addresses "192.168.1.101/24"

Static Routes

# Add static route (temporary)
sudo ip route add 10.0.0.0/8 via 192.168.1.254

# Add static route (persistent with nmcli)
sudo nmcli connection modify "Wired connection 1" \
  +ipv4.routes "10.0.0.0/8 192.168.1.254"

# View routes
ip route show

DNS Resolution

# Check current DNS (like "show ip dns")
cat /etc/resolv.conf

# Test resolution (like "nslookup" or "dig")
dig google.com
host google.com
nslookup google.com

# Trace DNS path
dig +trace google.com

Firewall (Your ACLs)

firewalld (RHEL default)

# Check status
sudo firewall-cmd --state
sudo firewall-cmd --list-all

# List zones (like ACL groups)
sudo firewall-cmd --get-zones

# Allow service (like "permit tcp any any eq 22")
sudo firewall-cmd --add-service=ssh --permanent
sudo firewall-cmd --reload

# Allow specific port
sudo firewall-cmd --add-port=8080/tcp --permanent
sudo firewall-cmd --reload

# Allow from specific source (like "permit ip 10.1.1.0 0.0.0.255 any")
sudo firewall-cmd --add-rich-rule='rule family="ipv4" source address="10.1.1.0/24" accept' --permanent

# Block (like "deny ip any any")
sudo firewall-cmd --add-rich-rule='rule family="ipv4" source address="192.168.1.100" reject' --permanent

Comparison: Cisco ACL vs firewalld

Cisco:
  access-list 100 permit tcp 10.1.1.0 0.0.0.255 any eq 443
  access-list 100 deny ip any any log
  interface Gi0/1
    ip access-group 100 in

Linux (firewalld):
  firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="10.1.1.0/24" port port="443" protocol="tcp" accept' --permanent
  firewall-cmd --zone=public --set-target=DROP --permanent
  # Applied to zone, interfaces assigned to zones

Services (Your "Features")

# Like "show ip ssh" - check if service running
systemctl status sshd

# Like "ip ssh version 2" - enable service
sudo systemctl enable sshd
sudo systemctl start sshd

# Like "no ip http server" - disable service
sudo systemctl disable httpd
sudo systemctl stop httpd

# Like "show processes" - what's running
systemctl list-units --type=service --state=running

# Like "show logging" - service logs
journalctl -u sshd -f  # follow like "terminal monitor"

Troubleshooting Flow

Your Cisco Instincts Work

Cisco Approach Linux Equivalent

Cisco Approach	Linux Equivalent
Check physical	`ip link show` (UP/DOWN?)
Check IP config	`ip addr show` (IP assigned?)
Check gateway	`ip route show` (default route?)
Ping gateway	`ping 192.168.1.1`
Check DNS	`cat /etc/resolv.conf`
Test DNS resolution	`dig google.com`
Check ACLs	`firewall-cmd --list-all`
Check service	`systemctl status <service>`
Check logs	`journalctl -xe`

Check physical

ip link show (UP/DOWN?)

Check IP config

ip addr show (IP assigned?)

Check gateway

ip route show (default route?)

Ping gateway

ping 192.168.1.1

Check DNS

cat /etc/resolv.conf

Test DNS resolution

dig google.com

Check ACLs

firewall-cmd --list-all

Check service

systemctl status <service>

Check logs

journalctl -xe

Network Troubleshooting Script

#!/bin/bash
# network-diag.sh - Quick network health check

echo "=== Interface Status ==="
ip -br link show

echo -e "\n=== IP Addresses ==="
ip -br addr show

echo -e "\n=== Routing Table ==="
ip route show

echo -e "\n=== DNS Configuration ==="
cat /etc/resolv.conf

echo -e "\n=== Gateway Reachability ==="
gateway=$(ip route | awk '/default/{print $3}')
ping -c 2 $gateway

echo -e "\n=== DNS Resolution Test ==="
dig +short google.com

echo -e "\n=== Listening Ports ==="
ss -tuln

Things That Will Trip You Up

1. No "?" Help

# Cisco: type "?" for help
# Linux:
man <command>           # full manual
<command> --help        # quick help
apropos <keyword>       # search for commands

2. Config Files Are Text

# Cisco: all config in running-config
# Linux: config scattered in /etc/

# Network config
/etc/NetworkManager/          # NetworkManager
/etc/sysconfig/network-scripts/  # Legacy RHEL
/etc/resolv.conf              # DNS
/etc/hosts                    # Static hosts

# Service configs
/etc/ssh/sshd_config          # SSH
/etc/firewalld/               # Firewall
/etc/chrony.conf              # NTP

3. Changes Take Effect Differently

# Some changes immediate (ip commands)
# Some need service restart
sudo systemctl restart NetworkManager
sudo systemctl restart sshd

# Some need reload
sudo firewall-cmd --reload

4. Privilege Model

# Cisco: enable → conf t
# Linux:
sudo <command>          # run one command as root
sudo -i                 # become root (like "enable")
su -                    # switch to root user

Your CCNP Advantage

Your networking foundation is solid. Here’s where it helps:

TCP/IP fundamentals - You understand what Linux networking tools are doing
Troubleshooting methodology - Same OSI model, same approach
ACLs/Firewall - Same logic, different syntax
NTP/DNS/DHCP - Same protocols, Linux just runs them differently
Packet captures - tcpdump is basically CLI Wireshark

Where you’ll need to adjust:

File system - No equivalent in network gear
Package management - Installing software is new
Users/permissions - More complex than IOS privilege levels
systemd - Service management is a whole thing
SELinux - Mandatory access control (this one’s tough)