Configuring Cisco IOS
General Information
Routers come with different memory sets:
ROM
Shared RAM
RAM (routing tables and data structures)
Flash (IOS)
NVRAM (Configuration files)
Commands
To select boot source: boot system flash/rom/filname IP-address
To erase router configuration: write erase
To display current configuration: sh conf (from NVRAM) or wri term (from RAM)
To configure router: conf term (or mem, or net) Remember to type CTRL-Z to leave configuration mode
To configure interface:
int e0
ip address 10.0.0.1 255.255.255.0
no shutdown
To show interface status: sh int e0
To save configuration: wri mem
enable password = password is shown in clear text when displaying configuration
enable secret = password is shown encrypted when displaying configuration
To set number of virtual terminals and password:
line vty 0 4
password access
To disable name lookup: no ip domain-lookup
To avoid assigning IP address to ethernet port for P-2-P connection:
int s0
ip unnumbered e0
To configure route: ip route 120.0.0.0 255.255.255.0 150.1.1.1
When connecting two routers with a cross-over cable, "clockrate 64000" is only needed on the router acting as DCE
Password Recovery Procedure for the Cisco 2500 router: http://www.cisco.com/warp/public/474/pswdrec_2500.html
Password Recovery Procedure for the Cisco 1600 router: http://www.cisco.com/warp/public/474/pswdrec_1600.shtml
Do not use Hyperterminal to connect to Cisco routers through the Console plug
Configuration register is 0x2102 for Cisco 2500 models, 0x102 for Cisco 1600 models
To save the flash/NVRAM image on a remote TFTP server: #copy tftp flash
To download a new IOS image into the router from a remote TFTP server: #copy flash tftp
To update IOS:
Install Cisco's TFTP Server
Copy the new image with extension .bin into the TFTP Server's directory
Launch the TFTP Server
Connect to the Cisco router through the Console port, switch to admin mode, and type copy flash tftp. Follow the on-screen instructions to
Note: under W2K, you might to add an extra ".bin" as file extension in addition to the default .bin extension
Instead of "copy tftp flash", try "copy tftp: flash"
To list images availables in flash memory, run "dir"
To disable source-routing: no ip source-route
Domain name and DNS server: ip domain-name example.com ip name-server 192.168.55.132 ip name-server 192.168.27.32
To configure AAA user authentication. aaa new-model aaa authentication login lista tacacs+ enable
ALCs
Note: (CHECK) You cannot remove just one line from an existing ACL instruction, as this removes the entire section from IOS. You must type the entire section to add or remove one instruction.
Note: Watch out for the order of instructions in ACLs, as they are processed from top to bottom, ie."deny ip any any" followed by "allow tcp any any" means that a user will not be able to connect using a TCP-based application since the first line is interpreted first.
access-list 110 permit tcp 172.16.120.0 0.0.0.255 any eq smtp
access-list 110 permit tcp 172.16.120.0 0.0.0.255 any eq pop3
access-list 110 permit tcp 172.16.120.0 0.0.0.255 any eq 110
access-list 110 permit udp any any eq 137
access-list 110 permit udp any any eq 138
access-list 110 permit udp any any eq 139
access-list 110 permit icmp any any
access-list 110 deny ip any any!
Logging
IOS debugging messages use the same "facilities" for identification. They are, however, formatted differently than error messages, beginning with a timestamp followed only by the "facility" and the debug message output. IOS error and debug messages follow the Unix syslog severity format (0 emerg to 7 debug). Messages appear in the IOS reporting output action depending on the severity level defined.
The IOS provides four output actions for viewing system event and error data. Console logging is activated by default. In its default configuration, all (severity level 7, debugging) message data is sent to the router's console port (line con0). This approach is similar to Unix, where error and event data is sent to /dev/console or /dev/tty0. To disable console logging, use the configuration mode command. Sending logging data only to the console port may seem odd, since most interaction is done using vty sessions, but the console port can be connected to a terminal server, which buffers the message data or a serial line printer (just like Unix) that can print out event messages. While esoteric, these two methods of data collection were quite acceptable for many years and they are secure from a networking perspective since the data is sent via serial to a locally attached display device (just remember to lock the door).
To view system messages over a vty session (line vty 0 - 4), monitor logging must be configured. To view logging data, the enable exec command is run to activate logging output to the vty. To enable monitor logging, use the configuration command . The monitor logging option is the most practical method for viewing logging events in real time. It is highly recommended that you establish two vty sessions, one for displaying event reporting data, and the other for command execution. Often, when troubleshooting or running a debugging sequence, a large amount of logging data is generated. This obscures the vty with logging output, making command entry quite difficult at times. Once terminal monitoring is enables on a vty, it cannot be disabled (unless the logging monitor service is disabled using the configuration command ).
Local storage of logging messages on the router is also available via buffer logging. Since most routers do not have a hard disk, messages are saved in a DRAM buffer. While buffer logging does not directly affect the router's performance, it does consume memory. However, if your router is short on memory, you may see performance issues with processes that need memory if your logging buffer allocation is too large. To verify your router's memory configuration, use the enable exec command which will provide a variety of operational facts about your router, including the amount of DRAM allocated for packet buffers and the amount allocated for operational processes (i.e., routing tables, CEF tables, etc.) To see if you are having memory allocation issues, use the enable exec command . A reasonable buffer allocation is 64k; the "history" logfile is a rotating one, which overwrites the last log entry when the size limit has been reached. To configure buffered logging use the following configuration commands:
Godzilla-ABR(config)#logging buffered notice
Godzilla-ABR(config)#logging buffered 64000
Godzilla-ABR(config)#logging history size 250
The above configuration sets the buffer size at 64k and sets the history count at 250 messages. To view the buffered logging data, use the exec command. This command performs two functions; it reports on the configuration of the router's various reporting display actions, and outputs the logging buffer history (if buffer logging is configured).
To send system messages to a remote syslog host, ;TRAP logging needs to be configured as a reporting output action. Remote reporting has two big advantages over local reporting.
History and archiving: Storing logs remotely shifts the burden of storing log output to a device with an actual file system and cheap ample storage. This provides the option to keep large-sized log files and/or the ability to archive and store log files.
Data Manipulation: Once the log data is on a system with tools that can manipulate it, log data can be used to generate and syndicate some very interesting and valuable reports, as you will see later with the SNMP scanner report script.
Configuring TRAP logging is a four step process:
Define a syslog host using the configuration command.
Define the logging severity of the messages to be sent using the configuration command.
Define the IP address that will be associated as the origin address of the logging messages. This is set using the configuration command.
The final step defines the syslog "facility" that the messages are sent to on the remote syslog server. Use the configuration command. Here is a trap reporting configuration example that uses the Loopback interface as the report origin address:
Godzilla-ABR(config)#logging 64.128.20.12
Godzilla-ABR(config)#logging trap informational
Godzilla-ABR(config)#logging source-interface Loopback 0
Godzilla-ABR(config)#logging facility local2
General Information
Routers come with different memory sets:
ROM
Shared RAM
RAM (routing tables and data structures)
Flash (IOS)
NVRAM (Configuration files)
Commands
To select boot source: boot system flash/rom/filname IP-address
To erase router configuration: write erase
To display current configuration: sh conf (from NVRAM) or wri term (from RAM)
To configure router: conf term (or mem, or net) Remember to type CTRL-Z to leave configuration mode
To configure interface:
int e0
ip address 10.0.0.1 255.255.255.0
no shutdown
To show interface status: sh int e0
To save configuration: wri mem
enable password = password is shown in clear text when displaying configuration
enable secret = password is shown encrypted when displaying configuration
To set number of virtual terminals and password:
line vty 0 4
password access
To disable name lookup: no ip domain-lookup
To avoid assigning IP address to ethernet port for P-2-P connection:
int s0
ip unnumbered e0
To configure route: ip route 120.0.0.0 255.255.255.0 150.1.1.1
When connecting two routers with a cross-over cable, "clockrate 64000" is only needed on the router acting as DCE
Password Recovery Procedure for the Cisco 2500 router: http://www.cisco.com/warp/public/474/pswdrec_2500.html
Password Recovery Procedure for the Cisco 1600 router: http://www.cisco.com/warp/public/474/pswdrec_1600.shtml
Do not use Hyperterminal to connect to Cisco routers through the Console plug
Configuration register is 0x2102 for Cisco 2500 models, 0x102 for Cisco 1600 models
To save the flash/NVRAM image on a remote TFTP server: #copy tftp flash
To download a new IOS image into the router from a remote TFTP server: #copy flash tftp
To update IOS:
Install Cisco's TFTP Server
Copy the new image with extension .bin into the TFTP Server's directory
Launch the TFTP Server
Connect to the Cisco router through the Console port, switch to admin mode, and type copy flash tftp. Follow the on-screen instructions to
Note: under W2K, you might to add an extra ".bin" as file extension in addition to the default .bin extension
Instead of "copy tftp flash", try "copy tftp: flash"
To list images availables in flash memory, run "dir"
To disable source-routing: no ip source-route
Domain name and DNS server: ip domain-name example.com ip name-server 192.168.55.132 ip name-server 192.168.27.32
To configure AAA user authentication. aaa new-model aaa authentication login lista tacacs+ enable
ALCs
Note: (CHECK) You cannot remove just one line from an existing ACL instruction, as this removes the entire section from IOS. You must type the entire section to add or remove one instruction.
Note: Watch out for the order of instructions in ACLs, as they are processed from top to bottom, ie."deny ip any any" followed by "allow tcp any any" means that a user will not be able to connect using a TCP-based application since the first line is interpreted first.
access-list 110 permit tcp 172.16.120.0 0.0.0.255 any eq smtp
access-list 110 permit tcp 172.16.120.0 0.0.0.255 any eq pop3
access-list 110 permit tcp 172.16.120.0 0.0.0.255 any eq 110
access-list 110 permit udp any any eq 137
access-list 110 permit udp any any eq 138
access-list 110 permit udp any any eq 139
access-list 110 permit icmp any any
access-list 110 deny ip any any!
Logging
IOS debugging messages use the same "facilities" for identification. They are, however, formatted differently than error messages, beginning with a timestamp followed only by the "facility" and the debug message output. IOS error and debug messages follow the Unix syslog severity format (0 emerg to 7 debug). Messages appear in the IOS reporting output action depending on the severity level defined.
The IOS provides four output actions for viewing system event and error data. Console logging is activated by default. In its default configuration, all (severity level 7, debugging) message data is sent to the router's console port (line con0). This approach is similar to Unix, where error and event data is sent to /dev/console or /dev/tty0. To disable console logging, use the configuration mode command
To view system messages over a vty session (line vty 0 - 4), monitor logging must be configured. To view logging data, the enable exec command
Local storage of logging messages on the router is also available via buffer logging. Since most routers do not have a hard disk, messages are saved in a DRAM buffer. While buffer logging does not directly affect the router's performance, it does consume memory. However, if your router is short on memory, you may see performance issues with processes that need memory if your logging buffer allocation is too large. To verify your router's memory configuration, use the enable exec command
Godzilla-ABR(config)#logging buffered notice
Godzilla-ABR(config)#logging buffered 64000
Godzilla-ABR(config)#logging history size 250
The above configuration sets the buffer size at 64k and sets the history count at 250 messages. To view the buffered logging data, use the exec command
To send system messages to a remote syslog host, ;TRAP logging needs to be configured as a reporting output action. Remote reporting has two big advantages over local reporting.
History and archiving: Storing logs remotely shifts the burden of storing log output to a device with an actual file system and cheap ample storage. This provides the option to keep large-sized log files and/or the ability to archive and store log files.
Data Manipulation: Once the log data is on a system with tools that can manipulate it, log data can be used to generate and syndicate some very interesting and valuable reports, as you will see later with the SNMP scanner report script.
Configuring TRAP logging is a four step process:
Define a syslog host using the configuration command
Define the logging severity of the messages to be sent using the configuration command
Define the IP address that will be associated as the origin address of the logging messages. This is set using the configuration command
The final step defines the syslog "facility" that the messages are sent to on the remote syslog server. Use the configuration command
Godzilla-ABR(config)#logging 64.128.20.12
Godzilla-ABR(config)#logging trap informational
Godzilla-ABR(config)#logging source-interface Loopback 0
Godzilla-ABR(config)#logging facility local2
No comments:
Post a Comment