Scribd
Upload
79 views

Router Configuration Management .

This document shows the configuration commands entered on a firewall device and the logging of those commands. It demonstrates using the "show archive" and "whatsnew" commands to view differences between configurations and detect configuration changes.

Uploaded by

csystems
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
79 views

Router Configuration Management .

This document shows the configuration commands entered on a firewall device and the logging of those commands. It demonstrates using the "show archive" and "whatsnew" commands to view differences between configurations and detect configuration changes.

Uploaded by

csystems
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 16




archive

log config

logging enable

logging size 200

notify syslog

hidekeys
fw#show archive log config all

idx sess user@line Logged command

1 1 console@console | logging enable

2 1 console@console | logging size 200

3 1 console@console | notify syslog

4 2 console@console |archive

5 2 console@console | log config

6 2 console@console | hidekeys

fw#conf t

Enter configuration commands, one per line. End with CNTL/Z.

fw(config)#user x password y
01:43:06: %PARSER-5-
CFGLOG_LOGGEDCMD: User:console logged command:username x password *****

01:43:06: %PARSER-5-
CFGLOG_LOGGEDCMD: User:console logged command:!config: USER TABLE MODIFIED
fw#copy system:running-config tftp://10.0.0.2/fw-test

!!

2009 bytes copied in 0.592 secs (3394 bytes/sec)

fw#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

fw(config)#no access-list 100

fw(config)#access-list 120 permit ip any any

fw(config)#^Z

fw#show archive config differences tftp://10.0.0.2/fw-test system:running-


config

Loading fw-test from 10.0.0.2 (via FastEthernet0/0): !

[OK - 2087 bytes]

Contextual Config Diffs:

+access-list 120 permit ip any any

-access-list 100 permit tcp any any eq www

-access-list 100 permit tcp any any eq telnet

-access-list 100 permit tcp any any eq smtp


fw#show archive config differences nvram:startup-config system:running-
config

Contextual Config Diffs:

interface Loopback0

+description New loopback interface

+ip address 10.1.0.3 255.255.255.255

interface Loopback0

-ip address 10.1.0.1 255.255.255.255


fw#show archive config differences nvram:startup-config system:running-
config

Contextual Config Diffs:

-router ospf 101

-log-adjacency-changes

-network 10.1.0.0 0.0.1.255 area 2

-network 0.0.0.0 255.255.255.255 area 0


fw#whatsnew

Contextual Config Diffs:

+access-list 101 deny tcp host 10.0.0.2 host 192.168.0.2 eq www

+access-list 101 permit icmp any any echo

-access-list 101 permit icmp any any

fw#whatsnew

Contextual Config Diffs:

ip access-list extended Test

+deny tcp host 10.0.0.3 host 192.168.0.2 eq www

+permit tcp any any eq ftp


+permit icmp any any echo

+deny icmp any any

ip access-list extended Test

-deny tcp host 10.0.0.2 host 192.168.0.2 eq www

-permit icmp any any

fw#whatsnew

Contextual Config Diffs:

ip access-list extended Test

+deny tcp host 10.0.0.3 host 192.168.0.2 eq www

+permit tcp any any eq www

!
!The following order-dependent line(s) were re-ordered

!ip access-list extended Test

! permit tcp any any eq ftp


fw#whatsnew

Contextual Config Diffs:

+class-map match-all ServerMail

+match protocol smtp

+match access-group 101

+class-map match-all ServerWeb

+match protocol http

+match access-group 101

policy-map WAN

+class ServerMail

+priority 64

+class ServerWeb

+bandwidth percent 30
+set precedence 3

+access-list 101 permit ip host 10.0.0.2 host 192.168.0.2

+access-list 101 permit ip host 192.168.0.2 host 10.0.0.2

fw#whatsnew
Contextual Config Diffs:

!No changes were found



You might also like