Question: Can I monitorir which commands have been applied in a switch/router?
Answer is yes, always have been possible with logging commands. The problem is that you always needed a syslog server otherwise the buffer logging would be overriden.
Now, you can do this is another way:
archive
log config
logging enable
logging size 200
notify syslog
hidekeys
Check the commands by typing:
show archive log config all
Saturday, February 28, 2009
ASA Transparent Firewall Sample
: Saved
:
PIX Version 8.0(3)
!
firewall transparent
hostname pix-transp
enable password 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0
nameif outside
security-level 0
!
interface Ethernet1
nameif inside
security-level 100
!
interface Ethernet2
shutdown
no nameif
no security-level
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
access-list outside ethertype permit any
access-list inside ethertype permit any
access-list aclin_inside extended permit ip any any
access-list aclin_inside extended permit icmp any any
access-list aclin_outside extended permit ip any any
access-list aclin_outside extended permit icmp any any
pager lines 24
logging enable
logging buffered debugging
mtu inside 1500
mtu outside 1500
ip address 10.2.0.250 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
asdm image flash:/asdm
no asdm history enable
arp timeout 14400
access-group inside in interface inside
access-group aclin_inside in interface inside
access-group outside in interface outside
access-group aclin_outside in interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 10.2.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
no crypto isakmp nat-traversal
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics
username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 15
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:32b608ef458b708a14ea2858b1df25a2
: end
asdm image flash:/asdm
no asdm history enable
:
PIX Version 8.0(3)
!
firewall transparent
hostname pix-transp
enable password 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0
nameif outside
security-level 0
!
interface Ethernet1
nameif inside
security-level 100
!
interface Ethernet2
shutdown
no nameif
no security-level
!
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
access-list outside ethertype permit any
access-list inside ethertype permit any
access-list aclin_inside extended permit ip any any
access-list aclin_inside extended permit icmp any any
access-list aclin_outside extended permit ip any any
access-list aclin_outside extended permit icmp any any
pager lines 24
logging enable
logging buffered debugging
mtu inside 1500
mtu outside 1500
ip address 10.2.0.250 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
asdm image flash:/asdm
no asdm history enable
arp timeout 14400
access-group inside in interface inside
access-group aclin_inside in interface inside
access-group outside in interface outside
access-group aclin_outside in interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 10.2.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
no crypto isakmp nat-traversal
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics
username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 15
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:32b608ef458b708a14ea2858b1df25a2
: end
asdm image flash:/asdm
no asdm history enable
Format an IOS Flash
router1#
dir%Error opening disk0:/ (Invalid DOS media or no media in slot)
router1#show disk0:
Unformatted Partition, please format it.
router1#format disk0:
Format operation may take a while. Continue? [confirm]
Format operation will destroy all data in "disk0:". Continue? [confirm]
Primary Partition created...Size 64 MB
Drive communication & 1st Sector Write OK...
Writing Monlib sectors....
Monlib write complete
Format: All system sectors written. OK...
Format: Total sectors in formatted partition: 131040
Format: Total bytes in formatted partition: 67092480Format: Operation completed successfully.
Format of disk0: complete
router1#
dir%Error opening disk0:/ (Invalid DOS media or no media in slot)
router1#show disk0:
Unformatted Partition, please format it.
router1#format disk0:
Format operation may take a while. Continue? [confirm]
Format operation will destroy all data in "disk0:". Continue? [confirm]
Primary Partition created...Size 64 MB
Drive communication & 1st Sector Write OK...
Writing Monlib sectors....
Monlib write complete
Format: All system sectors written. OK...
Format: Total sectors in formatted partition: 131040
Format: Total bytes in formatted partition: 67092480Format: Operation completed successfully.
Format of disk0: complete
router1#
Get Vlan Interface Index
sh vlan ifindex
will give you the relation between the mib ifindex and the interface itself.
will give you the relation between the mib ifindex and the interface itself.
Tuesday, February 10, 2009
Check FWSM Resources
show resource allocation detail
show resource allo
sh resource usage
sh resource usage all
show np pc
show np block
show np all status
show resource allo
sh resource usage
sh resource usage all
show np pc
show np block
show np all status
Format IOS Flash
router1#dir
%Error opening disk0:/ (Invalid DOS media or no media in slot)router1#show disk0:Unformatted Partition, please format it.
router1#format disk0:
Format operation may take a while. Continue? [confirm]
Format operation will destroy all data in "disk0:". Continue? [confirm]
Primary Partition created...Size 64 MB
Drive communication & 1st Sector Write OK...
Writing Monlib sectors....
Monlib write complete
Format: All system sectors written. OK...
Format: Total sectors in formatted partition: 131040
Format: Total bytes in formatted partition: 67092480
Format: Operation completed successfully.
Format of disk0: complete
router1#
%Error opening disk0:/ (Invalid DOS media or no media in slot)router1#show disk0:Unformatted Partition, please format it.
router1#format disk0:
Format operation may take a while. Continue? [confirm]
Format operation will destroy all data in "disk0:". Continue? [confirm]
Primary Partition created...Size 64 MB
Drive communication & 1st Sector Write OK...
Writing Monlib sectors....
Monlib write complete
Format: All system sectors written. OK...
Format: Total sectors in formatted partition: 131040
Format: Total bytes in formatted partition: 67092480
Format: Operation completed successfully.
Format of disk0: complete
router1#
Subscribe to:
Posts (Atom)