Configuration Archive & Rollback
October 26, 2008 at 11:21 pm | In System Management | Leave a CommentConfiguration
Rack1R6#sh run | s archive archive path tftp://155.1.58.100/sw1-config write-memory time-period 1440
Verification
Rack1R6(config)#access-list 100 permit udp any any eq tftp Rack1R6#debug ip packet detail 100 IP packet debugging is on (detailed) for access list 100 Rack1R6#wr Building configuration... [OK]
! See the debug output showing the router is trying to upload the config to the TFTP server 155.1.58.100
*Mar 2 1993 00:39:43.563: %SYS-5-CONFIG_I: Configured from console by console *Mar 2 00:39:54.071: IP: tableid=0, s=155.1.146.6 (local), d=155.1.58.100 (FastEthernet0/0.146), routed via FIB *Mar 2 00:39:54.071: IP: s=155.1.146.6 (local), d=155.1.58.100 (FastEthernet0/0.146), len 49, sending *Mar 2 00:39:54.071: UDP src=49452, dst=69. *Mar 2 00:39:57.071: IP: tableid=0, s=155.1.146.6 (local), d=155.1.58.100 (FastEthernet0/0.146), routed via FIB *Mar 2 00:39:57.071: IP: s=155.1.146.6 (local), d=155.1.58.100 (FastEthernet0/0.146), len 49, sending *Mar 2 00:39:57.071: UDP src=49452, dst=69. *Mar 2 00:40:01.071: IP: tableid=0, s=155.1.146.6 (local), d=155.1.58.100 (FastEthernet0/0.146), routed via FIB *Mar 2 00:40:01.071: IP: s=155.1.146.6 (local), d=155.1.58.100 (FastEthernet0/0.146), len 49, sending *Mar 2 00:40:01.071: UDP src=49452, dst=69. *Mar 2 00:40:06.071: IP: tableid=0, s=155.1.146.6 (local), d=155.1.58.100 (FastEthernet0/0.146), routed via FIB *Mar 2 00:40:06.071: IP: s=155.1.146.6 (local), d=155.1.58.100 (FastEthernet0/0.146), len 49, sending *Mar 2 00:40:06.071: UDP src=49452, dst=69. *Mar 2 00:40:12.071: IP: tableid=0, s=155.1.146.6 (local), d=155.1.58.100 (FastEthernet0/0.146), routed via FIB *Mar 2 00:40:12.071: IP: s=155.1.146.6 (local), d=155.1.58.100 (FastEthernet0/0.146), len 49, sending *Mar 2 00:40:12.071: UDP src=49452, dst=69. %Error opening tftp://155.1.58.100/sw1-config-1 (Timed out) Rack1R6#
Doc CD Navigation
- Using Master index, searching for “archive config”,
or going directly to
- archive config
Configuration Change Notification & Logging
October 26, 2008 at 10:51 pm | In System Management | 1 CommentIEWB1 Vol5 Task 12.6
This task asks us to track configuration changes (as a simple alternative to AAA). This is a best example of a topic for which we need to consult our friend in the lab – the Doc CD. So let’s start with that.
Doc CD Navigation
- Cisco IOS Configuration Fundamentals Configuration Guide, Release 12.4
- Part 8: Managing Configuration Files
- Configuration Change Notification and Logging
Configuration
Rack1R4# archive log config logging enable logging size 1000 hidekeys notify syslog
Verification
Rack1R4#conf t Enter configuration commands, one per line. End with CNTL/Z. Rack1R4(config)#int e0/0 Rack1R4(config-if)#shut Rack1R4(config-if)# %PARSER-5-CFGLOG_LOGGEDCMD: User:console logged command:interface Ethernet0/0 %PARSER-5-CFGLOG_LOGGEDCMD: User:console logged command:shutdown Rack1R4(config-if)#no shut Rack1R4(config-if)# %LINK-5-CHANGED: Interface Ethernet0/0, changed state to administratively down %PARSER-5-CFGLOG_LOGGEDCMD: User:console logged command:no shutdown Rack1R4(config-if)#
Rack1R4#sh log Syslog logging: enabled (11 messages dropped, 2 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled) Console logging: level debugging, 144 messages logged, xml disabled, filtering disabled Monitor logging: level debugging, 0 messages logged, xml disabled, filtering disabled Buffer logging: level debugging, 62 messages logged, xml disabled, filtering disabled Logging Exception size (4096 bytes) Count and timestamp logging messages: enabled No active filter modules. Trap logging: level informational, 58 message lines logged Log Buffer (4096 bytes): %SYS-5-CONFIG_I: Configured from console by console %PARSER-5-CFGLOG_LOGGEDCMD: User:console logged command:interface Ethernet0/0 %PARSER-5-CFGLOG_LOGGEDCMD: User:console logged command:shutdown %LINK-5-CHANGED: Interface Ethernet0/0, changed state to administratively down %PARSER-5-CFGLOG_LOGGEDCMD: User:console logged command:no shutdown %SYS-5-CONFIG_I: Configured from console by console %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up Rack1R4#sh archive log config all idx sess user@line Logged command 1 1 console@console | logging enable 2 1 console@console | logging size 1000 3 1 console@console | hidekeys 4 1 console@console | notify syslog 5 2 console@console |archive 6 2 console@console | log config 7 2 console@console | logging enable 8 2 console@console | exit 9 2 console@console | exit 10 4 console@console |interface lo111 11 4 console@console | exit 12 4 console@console |no interface Loopback111 13 6 console@console |interface Ethernet0/0 14 6 console@console | shutdown 15 6 console@console | no shutdown Rack1R4#sh archive log config statistics Config Log Session Info: Number of sessions being tracked: 1 Memory being held: 3910 bytes Total memory allocated for session tracking: 3910 bytes Total memory freed from session tracking: 0 bytes Config Log log-queue Info: Number of entries in the log-queue: 15 Memory being held by the log-queue: 3199 bytes Total memory allocated for log entries: 3199 bytes Total memory freed from log entries: 0 bytes Rack1R4#sh archive log config all ? provisioning Display logged commands as a configlet suitable for provisioning | Output modifiers <cr> Rack1R4#sh archive log config all provisioning archive log config logging enable logging size 1000 hidekeys notify syslog archive log config logging enable exit exit interface lo111 exit no interface Loopback111 interface Ethernet0/0 shutdown no shutdown
Logging to the flash
October 26, 2008 at 10:25 pm | In System Management | Leave a CommentTo store logging to a file under a folder in the flash, we need first create folder, then configure router to log to a file under that folder. As for a lab purpose, do not forget to delete the file & folder after your task, unless you want to have your flash to serve as a rubbish bin.
Create folder
Rack1SW1#mkdir flash:/var Create directory filename [var]? Created dir flash:/var Rack1SW1#mkdir flash:/var/log Create directory filename [/var/log]? Created dir flash:/var/log
Router configuration
Rack1SW1#conf t Enter configuration commands, one per line. End with CNTL/Z. Rack1SW1(config)#logging file flash:/var/log/syslog 32768 informational Rack1SW1(config)#exit Rack1SW1#con *Mar 1 01:00:05.834: %SYS-5-CONFIG_I: Configured from console by console Rack1SW1#conf t Enter configuration commands, one per line. End with CNTL/Z. Rack1SW1(config)#exit Rack1SW1# Rack1SW1#
Verification
Rack1SW1#sh log Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled) No Active Message Discriminator. No Inactive Message Discriminator. Console logging: level debugging, 123 messages logged, xml disabled, filtering disabled Monitor logging: level debugging, 0 messages logged, xml disabled, filtering disabled Buffer logging: level debugging, 123 messages logged, xml disabled, filtering disabled Exception Logging: size (4096 bytes) Count and timestamp logging messages: disabled File logging: file flash:/var/log/syslog, max size 32768, min size 0, level informational, 7 messages logged Persistent logging: disabled Trap logging: level informational, 126 message lines logged Log Buffer (4096 bytes): *Mar 1 01:00:05.834: %SYS-5-CONFIG_I: Configured from console by console *Mar 1 01:00:09.383: %SYS-5-CONFIG_I: Configured from console by console Rack1SW1#more flash:/var/log/syslog *Mar 1 01:00:05.834: %SYS-5-CONFIG_I: Configured from console by console *Mar 1 01:00:09.383: %SYS-5-CONFIG_I: Configured from console by console Rack1SW1#dir flash:/var/log Directory of flash:/var/log/ 17 -rwx 148 Mar 1 1993 01:00:10 +00:00 syslog 15998976 bytes total (5516288 bytes free) Rack1SW1#dir flash: Directory of flash:/ 2 -rwx 2969 Mar 1 1993 00:57:36 +00:00 vol1-v5-ipservices 3 -rwx 10410401 Mar 1 1993 01:46:49 +00:00 c3560-advipservicesk9-mz.122-44.SE1.bin 4 -rwx 1931 Mar 1 1993 01:35:16 +00:00 initial-cfg 5 -rwx 1216 Mar 1 1993 00:00:42 +00:00 vlan.dat 6 -rwx 1048 Mar 1 1993 14:23:22 +00:00 multiple-fs 7 -rwx 2054 Mar 1 1993 00:31:09 +00:00 vol1-v4-nat-common 8 -rwx 3473 Mar 1 1993 00:01:34 +00:00 vol2-lab13 9 -rwx 40815 Mar 1 1993 00:03:14 +00:00 log.txt 10 -rwx 2987 Mar 1 1993 14:20:59 +00:00 config.text 11 -rwx 2800 Mar 1 1993 00:38:28 +00:00 vol1-v5-ospf 12 -rwx 2687 Mar 1 1993 00:02:25 +00:00 vol2-lab14 13 -rwx 1934 Mar 1 1993 14:20:59 +00:00 private-config.text 14 -rwx 2987 Mar 1 1993 14:25:43 +00:00 vol1-v5-system-management 15 drwx 64 Mar 1 1993 00:59:30 +00:00 var 15998976 bytes total (5516288 bytes free)
Delete files & folders on flash
Rack1SW1#delete flash:/var Delete filename [var]? Delete flash:/var? [confirm] %Error deleting flash:/var (Is a directory) Rack1SW1#delete /recursive flash:/var Delete filename [var]? Examine files in directory flash:/var? [confirm] Examine files in directory flash:/var/log? [confirm] Delete flash:/var/log/syslog? [confirm] Delete flash:/var/log? [confirm] Delete flash:/var? [confirm] Rack1SW1#
Syslog Logging
October 26, 2008 at 12:14 pm | In System Management | Leave a CommentIEWB1 Vol5 12.3 Syslog Logging
Configure R6 to log messages to syslog as follows:
o R6 should log to the server 192.168.0.5.
o Log all messages up to notifications.
o R6 should use reliable transport at port 5000.
o Use ID ROUTER6 and the UNIX facility LOCAL1.
o Messages should be sourced off of the routers’ Loopback0 interfaces.
o Set the message queue depth to 256.
Configuration
Rack1R6#sh run logging queue-limit 256 logging trap notifications logging origin-id string ROUTER6 logging facility local1 logging source-interface Loopback0 logging host 192.168.0.5 transport tcp port 5000
Note that, when you specify a server IP after “logging server_IP“, then we wont be able to specify transport protocol option. Instead, “logging host server_IP” allow extended options
Rack1R6#sh log
Logging to 192.168.0.5 (tcp port 5000, audit disabled, link down), 9 message lines logged, xml disabled, filtering disabled
Compared if we leave the transport as default UDP 514
Logging to 192.168.0.5 (udp port 514, audit disabled, link up), 9 message lines logged, xml disabled, filtering disabled
There’re cases where some commands are actually supported by IOS but they are not shown in the online help. E.g.
Rack1R6(config)#logging ? ... host Set syslog server IP address and parameters monitor Set terminal line (monitor) logging parameters on Enable logging to all enabled destinations origin-id Add origin ID to syslog messages ! Note there's not online help for "logging queue-limit" command rate-limit Set messages per second limit reload Set reload logging level server-arp Enable sending ARP requests for syslog servers when first configured ...
But this command is available in the Command Reference.
logging queue-limit
To control how much system memory may be used for queued log messages, use the logging queue-limit command in global configuration mode. To permit unlimited use of memory for queued log messages, use the no form of this command.
Although it does not show in the online help, the router (with IOS 12.4) still support this feature. Simply just type the command in.
Rack1R6(config)#logging queue-limit 256 Rack1R6(config)# Rack1R6#sh run | in queue-limit logging queue-limit 256
Syslog server screen shot
System message logging
October 26, 2008 at 10:41 am | In System Management | Leave a CommentIEWB1 Vol5 Task12.2
Enable system message logging on R6 as follows:
o Both routers should save debugging messages to their internal buffers up to 8192 bytes.
o Debugging messages should be sent to the router consoles, but limited to 1 message per second.
o Console log messages should not interrupt other command output.
o Users logged via telnet should only see informational level messages and above.
Configuration
logging on ! on by default logging buffered 8192 debugging logging console debugging logging rate-limit console all 1 logging monitor informational
! this command specifies the default logging level for all destinations, unless otherwise specified e.g. logging console debugging.
line con 0 logging synchronous
line vty 0 4 logging synchronous
Switchport operational mode on a port with an IP Phone connected
October 26, 2008 at 1:36 am | In QoS, Switching | Leave a CommentWhat is the default switchport mode when you connect an IP Phone to a Cisco switch? It should be trunk, isn’t it. Otherwise, how it can carry two VLAN, one for Voice, and one for Data.
The “show interface switchport” output seems to show the contrary.
SW2 (fa0/1) -------- IP Phone --------- BB1 (simulating a PC) Rack1SW2#sh cdp nei | in Phone S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone SEP0002B9BBCCF9 Fas 0/1 160 H P IP Phone 7Port 1 BB1#sh cdp nei | in Phone SEP0002B9BBCCF9 Eth 0 173 H IP Phone Port 2 Rack1SW2#sh arp Protocol Address Age (min) Hardware Addr Type Interface Internet 10.0.0.2 0 00e0.1e67.f6fe ARPA Vlan10 Internet 10.0.0.1 - 0014.a86b.df46 ARPA Vlan10 Internet 20.0.0.1 - 0014.a86b.df47 ARPA Vlan20 Internet 20.0.0.2 0 0002.b9ac.1af9 ARPA Vlan20 Rack1SW2#sh run int fa0/1 Building configuration... Current configuration : 86 bytes ! interface FastEthernet0/1 switchport access vlan 10 switchport voice vlan 20 end Rack1SW2#sb Interface IP-Address OK? Method Status Protocol Vlan8 155.1.8.8 YES NVRAM up up Vlan10 10.0.0.1 YES manual up up Vlan20 20.0.0.1 YES manual up up Rack1SW2#ping 10.0.0.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/9 ms Rack1SW2#ping 20.0.0.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 20.0.0.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms Rack1SW2#sh int fa0/1 switchport Name: Fa0/1 Switchport: Enabled Administrative Mode: dynamic auto Operational Mode: static access Administrative Trunking Encapsulation: negotiate Operational Trunking Encapsulation: native Negotiation of Trunking: On Access Mode VLAN: 10 (VLAN0010) Trunking Native Mode VLAN: 1 (default) Administrative Native VLAN tagging: enabled Voice VLAN: 20 (VLAN0020) Administrative private-vlan host-association: none Administrative private-vlan mapping: none Administrative private-vlan trunk native VLAN: none Administrative private-vlan trunk Native VLAN tagging: enabled Administrative private-vlan trunk encapsulation: dot1q Administrative private-vlan trunk normal VLANs: none Administrative private-vlan trunk private VLANs: none Operational private-vlan: none Trunking VLANs Enabled: ALL Pruning VLANs Enabled: 2-1001 Capture Mode Disabled Capture VLANs Allowed: ALL Protected: false Unknown unicast blocked: disabled Unknown multicast blocked: disabled Appliance trust: none
Blog at WordPress.com. | Theme: Pool by Borja Fernandez.
Entries and comments feeds.
