Posts tagged IOS
I’ve been meaning to post this for some time. Awhile back there was a thread on Networking Forum where someone mentioned that 2960s can route now. The 2960 is now a layer 3 switch. I was skeptical, but then I was pointed to this link. I was very, very surprised. I’m not sure why Cisco decided to add this functionality to the 2960s, but I’m definitely grateful. As of 12.2(55)SE, 2960s are layer 3 switches (with some limitations which I’ll cover later). This knowledge came in handy shortly after reading that thread. I was working on a circuit upgrade for a remote side at my previous company. The circuit was ordered incorrectly and I ended up in need of a layer 3 switch ASAP. The tech we’d sent was leaving the next day, so there was no time to ship him anything. Luckily, we had some 2960s on site.
Thought you guys would like the title. Sorry for the lack of content lately, I’ve been very busy.
Today we’re going to explore the “archive” feature in IOS with a small “archive tutorial”. This was sparked by a recent comment on one of my JUNOS posts. The commenter said that the “archive” command in IOS is the same as “rollback” in JUNOS. They are similar, but “rollback” is there by default where you need to do some tinkering with “archive”. I’ve used it in the past, but never with the intention of mimicking JUNOS’s “rollback”.
Here’s the config:
EDGE(config)#archive EDGE(config-archive)#? Archive configuration commands: default Set a command to its defaults exit Exit from archive configuration mode log Logging commands maximum maximum number of backup copies no Negate a command or set its defaults path path for backups rollback Rollback parameters time-period Period of time in minutes to automatically archive the running-config write-memory Enable automatic backup generation during write memory EDGE(config-archive)#path disk0:config-backup EDGE(config-archive)#max 14 EDGE(config-archive)#write-memory
To enter the config, we simply type “archive” in global config. There are quite a few options, as we can see. First we’ll need to set our path to store the archived configs, this is a 7200, so I’m using disk0 and a simple naming convention. Next we specify how many configs we want to backup, I’m using the maximum on my device, which is 14. Finally we set the “write-memory” command, which tells the router to archive the config anytime we save.
Awhile ago a friend asked me for a write up on IOS Firewall/CBAC. At the time I hadn’t felt like writing about it as I don’t use it much, but I recently had to configure it, so I thought I may as well take a break from Juniper posts and do the article.
The IOS Firewall uses CBAC (Context-Based Access Control) to inspect traffic flows at the upper layers. CBAC will inspect the outgoing traffic while maintaining stateful intformation for each session. It will then open pinholes in the firewall/incoming ACL to allow appropriate traffic back in. Something I forgot to point out, CBAC can be very CPU intensive, your traffic. Keep that in mind before and do some testing before deploying it on your network. Here’s the topology:
We have our router running IOS firewall, its WAN connection is on Fa0/1 out to the internet, and its LAN connection is on Fa0/0, which connects to some servers and workstations. Let’s configure the firewall:
Yesterday someone asked me how to periodically save the running config using an EEM (Embedded Event Manager) applet. I’d never used EEM before (I’m terrified of code), but I decided to do some research to see how it could be done. It was surprisingly easy. Here’s what EEM is according to Cisco:
Embedded Event Manager (EEM) is a powerful and flexible subsystem in Cisco IOS that provides real-time network event detection and onboard automation. Using EEM, customers can adapt the behavior of their network devices to align with their business needs.
This applet was needed so the work done by his helpdesk team would be written to the config. They are given very limited access and are unable to execute the “wr” command. The first thing I gave him was this:
event manager applet WR_CONFIG event syslog pattern ".*%SYS-5-CONFIG_I.*" action 1.1 cli command "enable" action 1.2 cli command "wr" action 1.3 syslog msg "Config changed by user, new config has been written"
My “Show Run Variations” post sparked an interesting thread on Networking-Forum. I thought it would be nice to make a post with as many useful/little known commands as I can find. I might make a separate page for this depending on how much I can come up with and how frequently updates would be needed. Here we go:
show ip nbar protocol-discovery stats bit-rate top-n 10
This command will show you the top 10 protocols (that NBAR can see) on your router. I use this in an alias called “traffic”. You will also need “ip nbar protocol-discovery” enabled on interfaces you want to see statistics for.
show processes cpu sort
This command will show the sorted CPU usage of all processes running on the router. You could also use “show proc cpu history” to see some ASCII graphs of CPU utilization.
reload in 5