Cisco Notepad

Where is RCMD (Remote Command) documented???

Doc CD Navigation

• Cisco IOS Configuration Fundamentals Configuration Guide, Release 12.4
• Part 7: Configuring Basic File Transfer Services
• Configuring Basic File Transfer Services
• Configuring a Router to Use rsh and rcp

RMON Statistics Collection

12.24 RMON Statistics Collection

• Configure SW1 to collect RMON statistics on packets entering the interface connected to R3.
• Store historical information for the last 100 samples of packet statistics taken every 30 seconds

Configuration

Rack1SW1#sh run int fa0/3
interface FastEthernet0/3
 rmon promiscuous
 rmon collection stats 10003 owner config ! dynamically added command
 rmon collection history 1 owner monitor buckets 100 interval 30

Doc CD Navigation

Use command Reference

rmon

To enable Remote Monitoring (RMON) on an Ethernet interface, use the rmon command in interface configuration mode. To disable RMON on the interface, use the no form of this command.

rmon {native | promiscuous}

Syntax Description

RMON Alarms

Configuration

Rack1R1#sh run | in snmp|rmon

snmp-server ifindex persist ! to ensure int index does not change after reload

! Note for triggering SNMP traps via RMON, we do not need to enable trap explicitly.

snmp-server host 155.1.146.100 CISCO
rmon event 1 log trap CISCO description “VLAN146 Interface Congested” owner CISCO
rmon event 2 log trap CISCO description “VLAN146 Interface UnCongested” owner CISCO
rmon alarm 1 ifInUcastPkts.1 60 delta rising-threshold 100 1 falling-threshold 50 2 owner CISCO

Verification

Rack1R1#debug snmp packets
SNMP packet debugging is on

*Mar  1 01:58:14.871: %RMON-5-FALLINGTRAP: Falling trap is generated because the value of ifInUcastPkts.1 has fallen below the falling-threshold value 50
*Mar  1 01:58:14.875: SNMP: Queuing packet to 155.1.146.100
*Mar  1 01:58:14.875: SNMP: V1 Trap, ent rmon, addr 155.1.146.1, gentrap 6, spectrap 2
alarmEntry.1.1 = 1
alarmEntry.3.1 = ifInUcastPkts.1
alarmEntry.4.1 = 2
alarmEntry.5.1 = 0
alarmEntry.8.1 = 50
*Mar  1 01:58:15.603: SNMP: Packet sent via UDP to 155.1.146.100
*Mar  1 01:58:15.855: SNMP: Packet sent via UDP to 155.1.146.100

Rack1R6#ping 155.1.146.1 rep 10000

Type escape sequence to abort.
Sending 10000, 100-byte ICMP Echos to 155.1.146.1, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Rack1R1#
*Mar  1 01:59:15.047: %RMON-5-RISINGTRAP: Rising trap is generated because the value of ifInUcastPkts.1 exceeded the rising-threshold value 100
*Mar  1 01:59:15.051: SNMP: Queuing packet to 155.1.146.100
*Mar  1 01:59:15.051: SNMP: V1 Trap, ent rmon, addr 155.1.146.1, gentrap 6, spectrap 1
alarmEntry.1.1 = 1
alarmEntry.3.1 = ifInUcastPkts.1
alarmEntry.4.1 = 2
alarmEntry.5.1 = 3226
alarmEntry.7.1 = 100
*Mar  1 01:59:15.303: SNMP: Packet sent via UDP to 155.1.146.100

DOC CD Navigation

• Cisco IOS Network Management Configuration Guide, Release 12.4
• Configuring RMON Support

• RMON Configuration Examples

• Alarm and Event Example

SNMP Notifications of Syslog Messages

Configuration

snmp-server enable traps syslog
snmp-server host 155.1.146.100 CISCO
!
logging history debugging
logging history size 100

Usage Guidelines

When the history table is full (that is, it contains the maximum number of message entries specified with the logging history size command), the oldest message entry is deleted from the table to allow the new message entry to be stored.

Examples

In the following example, the user sets the number of messages stored in the history table to 20:

logging history size 20

SNMP MAC Address Notifications

IEWB1-Vol1-v5 Task: 12.20

Configuration SW1 to send traps when there’re new MAC address on interface connected to R1 and R5

Configuration

Rack1SW1#sh run 

interface FastEthernet0/1
 snmp trap mac-notification change added
 snmp trap mac-notification change removed

interface FastEthernet0/5
 snmp trap mac-notification change added
 snmp trap mac-notification change removed

snmp-server enable traps mac-notification change
snmp-server host 155.1.146.100 CISCO 

mac-address-table notification change interval 2
mac-address-table notification change history-size 100
mac-address-table notification change

Verification

Rack1SW1#debug snmp packets 
SNMP packet debugging is on
Rack1R1(config)#int fa0/0
Rack1R1(config-if)#mac-address 0000.6c11.1111

Rack1R1#ping 155.1.146.4

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 155.1.146.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

Rack1SW1#
*Mar  1 02:28:36.393: SNMP: Queuing packet to 155.1.146.100
*Mar  1 02:28:36.393: SNMP: V1 Trap, ent cmnMIBNotificationPrefix, addr 155.1.67.7, gentrap 6, spectrap 1
 cmnHistMacChangedMsg.1 =
01 00  92 00   00 6C  11 11    11 00  03 00   
 cmnHistTimestamp.1 = 891639

Rack1SW1#sh mac address-table notification change 
MAC Notification Feature is Enabled on the switch
Interval between Notification Traps : 2 secs
Number of MAC Addresses Added : 3
Number of MAC Addresses Removed : 3
Number of Notifications sent to NMS : 5
Maximum Number of entries configured in History Table : 100
Current History Table Length : 5
MAC Notification Traps are Enabled
History Table contents
----------------------
History Index 1, Entry Timestamp 891639, Despatch Timestamp 891639
MAC Changed Message :
Operation: Added   Vlan: 146   MAC Addr: 0000.6c11.1111 Dot1dBasePort: 3
History Index 2, Entry Timestamp 921715, Despatch Timestamp 921715
MAC Changed Message :
Operation: Deleted Vlan: 146   MAC Addr: 000b.5f76.7280 Dot1dBasePort: 3
History Index 3, Entry Timestamp 942366, Despatch Timestamp 942366
MAC Changed Message :
Operation: Added   Vlan: 146   MAC Addr: 0000.6c11.0001 Dot1dBasePort: 3
History Index 4, Entry Timestamp 944973, Despatch Timestamp 944973
MAC Changed Message :
Operation: Deleted Vlan: 146   MAC Addr: 0000.6c11.1111 Dot1dBasePort: 3
Operation: Deleted Vlan: 146   MAC Addr: 0000.6c11.0001 Dot1dBasePort: 3
History Index 5, Entry Timestamp 945174, Despatch Timestamp 945174
MAC Changed Message :
Operation: Added   Vlan: 146   MAC Addr: 0000.6c11.0001 Dot1dBasePort: 3

SNMP Traps and Informs

IEWB-vol1-v5 Task 12.17:

Configure R4 to send traps and informs about link status (except Serial interfaces) to management stations.

R4:
snmp-server enable traps snmp linkdown linkup
snmp-server host 155.1.146.101 inform version 2c CISCO
snmp-server host 155.1.146.100 CISCO
!
interface Serial0/0
no snmp trap link-status
!
interface Serial0/1
no snmp trap link-status

Verification

Rack1R4#sh snmp host
Notification host: 155.1.146.101        udp-port: 162   type: inform
user: CISCO     security model: v2c

Notification host: 155.1.146.100        udp-port: 162   type: trap
user: CISCO     security model: v1

Rack1R4#debug snmp packet
SNMP packet debugging is on
Rack1R4#c
Enter configuration commands, one per line.  End with CNTL/Z.
Rack1R4(config)#int e0/0
Rack1R4(config-if)#shut
Rack1R4(config-if)#
*Apr  7 17:20:47.354: %LINK-5-CHANGED: Interface Ethernet0/0, changed state to administratively down
*Apr  7 17:20:48.354: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed state to down
*Apr  7 17:20:48.354: SNMP: Inform request, reqid 12, errstat 0, erridx 0 
 sysUpTime.0 = 1558882 
 snmpTrapOID.0 = snmpTraps.3 
 ifIndex.1 = 1 
 ifDescr.1 = Ethernet0/0 
 ifType.1 = 6 
 lifEntry.20.1 = administratively down
*Apr  7 17:20:48.442: SNMP: Packet sent via UDP to 155.1.146.101.162
*Apr  7 17:20:48.442: SNMP: Queuing packet to 155.1.146.100
*Apr  7 17:20:48.442: SNMP: V1 Trap, ent snmpTraps, addr 155.1.45.4, gentrap 2, spectrap 0 
 ifIndex.1 = 1 
 ifDescr.1 = Ethernet0/0 
 ifType.1 = 6 
 lifEntry.20.1 = administratively down
Rack1R4(config-if)#
*Apr  7 17:20:48.694: SNMP: Packet sent via UDP to 155.1.146.100

SNMP agents can send Informs or Traps

Traps are messages alerting the SNMP manager to a condition on the network
Informs are traps that require ACK from SNMP manager. Inform are more reliable than Traps

The snmp-server host command is used in conjunction with the snmp-server enable command. Use the snmp-server enable command to specify which SNMP notifications are sent globally. For a host to receive most notifications, at least one snmp-server enable command and the snmp-server host command for that host must be enabled.

Doc CD Navigation

• Cisco IOS Network Management Configuration Guide, Release 12.4
• Configuring SNMP Support
• Configuring SNMP Support

Telnet Service Options

12.12 Telnet Service Options

• Configure R3 to source all telnet sessions from its Loopback0 interface, and to use a marking of IP Precedence 3 for these packets.
• …
• Idle outgoing telnet sessions should signal the remote host to pause output.
• Display the message “Sorry, your connection failed” when a telnet connection to the above host fails.

Configuration

Rack1R3#sh run

service telnet-zeroidle
ip telnet source-interface Loopback0
ip telnet tos 60
ip telnet quiet
ip telnet hidden hostnames
ip telnet hidden addresses

ip host R4 150.1.4.4
busy-message R4 ^CSorry, your connection failed^C

Rack1R3(config)#service ?
  alignment              Control alignment correction and logging
  compress-config        Compress the nvram configuration file
  config                 TFTP load config files
  dhcp                   Enable DHCP server and relay agent
  disable-ip-fast-frag   Disable IP particle-based fast fragmentation
  exec-callback          Enable exec callback
  exec-wait              Delay EXEC startup on noisy lines
  finger                 Allow responses to finger requests
  hide-telnet-addresses  Hide destination addresses in telnet command
  linenumber             enable line number banner for each exec
  nagle                  Enable Nagle's congestion control algorithm
  old-slip-prompts       Allow old scripts to operate with slip/ppp
  pad                    Enable PAD commands
  password-encryption    Encrypt system passwords
  prompt                 Enable mode specific prompt
  pt-vty-logging         Log significant VTY-Async events
  sequence-numbers       Stamp logger messages with a sequence number
  slave-log              Enable log capability of slave IPs
  tcp-keepalives-in      Generate keepalives on idle incoming network
                         connections
  tcp-keepalives-out     Generate keepalives on idle outgoing network
                         connections
  tcp-small-servers      Enable small TCP servers (e.g., ECHO)
  telnet-zeroidle        Set TCP window 0 when connection is idle
  timestamps             Timestamp debug/log messages
  udp-small-servers      Enable small UDP servers (e.g., ECHO)

Generating Exception Core Dumps

IEWB1 Vol1 ver5 Task 12.10

• Configure R3 to save core dumps to an FTP server at 155.X.146.100 under the name “r3-core”.
• Use active FTP and the username/password values cisco/cisco.
• Configure the router to generate a memory dump and reload as soon as free memory falls below 1Mbyte.
• The router should also reload in the case that memory fragmentation prohibits a process from allocating more than 64Kbytes of memory.
• Disable the local crash information collection.

Configuration

Rack1R3#
exception core-file r3-core
exception protocol ftp
exception dump 155.1.146.100
exception memory fragment 64000
exception memory minimum 1000000
!
no ip ftp passive
ip ftp username cisco
ip ftp password cisco
!
no exception crashinfo

Note with entering the last command:

Rack1R3(config)#no exception crashinfo
% Incomplete command.

Rack1R3(config)#no exception crashinfo file flash:

Rack1R3(config)#do sh run | in crashinfo
no exception crashinfo

Configuration Archive & Rollback

Configuration

Rack1R6#sh run | s archive
archive
 path tftp://155.1.58.100/sw1-config
 write-memory
 time-period 1440

Verification

Rack1R6(config)#access-list 100 permit udp any any eq tftp 

Rack1R6#debug ip packet detail 100
IP packet debugging is on (detailed) for access list 100

Rack1R6#wr
Building configuration...
[OK]

! See the debug output showing the router is trying to upload the config to the TFTP server 155.1.58.100

*Mar  2 1993 00:39:43.563: %SYS-5-CONFIG_I: Configured from console by console
*Mar  2 00:39:54.071: IP: tableid=0, s=155.1.146.6 (local), d=155.1.58.100 (FastEthernet0/0.146), routed via FIB
*Mar  2 00:39:54.071: IP: s=155.1.146.6 (local), d=155.1.58.100 (FastEthernet0/0.146), len 49, sending
*Mar  2 00:39:54.071:     UDP src=49452, dst=69.
*Mar  2 00:39:57.071: IP: tableid=0, s=155.1.146.6 (local), d=155.1.58.100 (FastEthernet0/0.146), routed via FIB
*Mar  2 00:39:57.071: IP: s=155.1.146.6 (local), d=155.1.58.100 (FastEthernet0/0.146), len 49, sending
*Mar  2 00:39:57.071:     UDP src=49452, dst=69.
*Mar  2 00:40:01.071: IP: tableid=0, s=155.1.146.6 (local), d=155.1.58.100 (FastEthernet0/0.146), routed via FIB
*Mar  2 00:40:01.071: IP: s=155.1.146.6 (local), d=155.1.58.100 (FastEthernet0/0.146), len 49, sending
*Mar  2 00:40:01.071:     UDP src=49452, dst=69.
*Mar  2 00:40:06.071: IP: tableid=0, s=155.1.146.6 (local), d=155.1.58.100 (FastEthernet0/0.146), routed via FIB
*Mar  2 00:40:06.071: IP: s=155.1.146.6 (local), d=155.1.58.100 (FastEthernet0/0.146), len 49, sending
*Mar  2 00:40:06.071:     UDP src=49452, dst=69.
*Mar  2 00:40:12.071: IP: tableid=0, s=155.1.146.6 (local), d=155.1.58.100 (FastEthernet0/0.146), routed via FIB
*Mar  2 00:40:12.071: IP: s=155.1.146.6 (local), d=155.1.58.100 (FastEthernet0/0.146), len 49, sending
*Mar  2 00:40:12.071:     UDP src=49452, dst=69.
%Error opening tftp://155.1.58.100/sw1-config-1 (Timed out)
Rack1R6#

Doc CD Navigation

• Using Master index, searching for “archive config”,

or going directly to

• Cisco IOS Configuration Fundamentals Command Reference
• archive config

Configuration Change Notification & Logging

IEWB1 Vol5 Task 12.6

This task asks us to track configuration changes (as a simple alternative to AAA). This is a best example of a topic for which we need to consult our friend in the lab – the Doc CD. So let’s start with that.

Doc CD Navigation

• Cisco IOS Configuration Fundamentals Configuration Guide, Release 12.4
• Part 8: Managing Configuration Files
• Configuration Change Notification and Logging

Configuration

Rack1R4#
archive
 log config
 logging enable
 logging size 1000
 hidekeys
 notify syslog

Verification

Rack1R4#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Rack1R4(config)#int e0/0
Rack1R4(config-if)#shut
Rack1R4(config-if)#
%PARSER-5-CFGLOG_LOGGEDCMD: User:console  logged command:interface Ethernet0/0
%PARSER-5-CFGLOG_LOGGEDCMD: User:console  logged command:shutdown
Rack1R4(config-if)#no shut
Rack1R4(config-if)#
%LINK-5-CHANGED: Interface Ethernet0/0, changed state to administratively down
%PARSER-5-CFGLOG_LOGGEDCMD: User:console  logged command:no shutdown
Rack1R4(config-if)#

Rack1R4#sh log
Syslog logging: enabled (11 messages dropped, 2 messages rate-limited,
                0 flushes, 0 overruns, xml disabled, filtering disabled)
    Console logging: level debugging, 144 messages logged, xml disabled,
                     filtering disabled
    Monitor logging: level debugging, 0 messages logged, xml disabled,
                     filtering disabled
    Buffer logging: level debugging, 62 messages logged, xml disabled,
                    filtering disabled
    Logging Exception size (4096 bytes)
    Count and timestamp logging messages: enabled

No active filter modules.

    Trap logging: level informational, 58 message lines logged

Log Buffer (4096 bytes):

%SYS-5-CONFIG_I: Configured from console by console
%PARSER-5-CFGLOG_LOGGEDCMD: User:console  logged command:interface Ethernet0/0
%PARSER-5-CFGLOG_LOGGEDCMD: User:console  logged command:shutdown
%LINK-5-CHANGED: Interface Ethernet0/0, changed state to administratively down
%PARSER-5-CFGLOG_LOGGEDCMD: User:console  logged command:no shutdown
%SYS-5-CONFIG_I: Configured from console by console
%LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up

Rack1R4#sh archive log config all
 idx   sess           user@line      Logged command
    1     1        console@console  |  logging enable
    2     1        console@console  |  logging size 1000
    3     1        console@console  |  hidekeys
    4     1        console@console  |  notify syslog
    5     2        console@console  |archive
    6     2        console@console  | log config
    7     2        console@console  |  logging enable
    8     2        console@console  |  exit
    9     2        console@console  |   exit
   10     4        console@console  |interface lo111
   11     4        console@console  | exit
   12     4        console@console  |no interface Loopback111
   13     6        console@console  |interface Ethernet0/0
   14     6        console@console  | shutdown
   15     6        console@console  | no shutdown 

Rack1R4#sh archive log config statistics 
Config Log Session Info:
        Number of sessions being tracked: 1
        Memory being held: 3910 bytes
        Total memory allocated for session tracking: 3910 bytes
        Total memory freed from session tracking: 0 bytes

Config Log log-queue Info:
        Number of entries in the log-queue: 15
        Memory being held by the log-queue: 3199 bytes
        Total memory allocated for log entries: 3199 bytes
        Total memory freed from log entries: 0 bytes

Rack1R4#sh archive log config all ?
  provisioning  Display logged commands as a configlet suitable for
                provisioning
  |             Output modifiers
  <cr>

Rack1R4#sh archive log config all provisioning 
archive
 log config
  logging enable
  logging size 1000
  hidekeys
notify syslog
archive
 log config
  logging enable
  exit
exit
interface lo111
exit
no interface Loopback111
interface Ethernet0/0
 shutdown
 no shutdown