Tag Archives: cisco

Configuration Logger pe routere Cisco

Uneori e bine să ai la îndemână istoricul instrucțiunilor ce au fost aplicate pentru modificarea configurației pe un router Cisco. Comanda show history poate să afișeze un așa istoric dar are neajunsul că e legat de sesiunea de consola/linie VTY așa că odată ieșit din terminal se pierde și istoricul. Începând cu Cisco IOS 12.3 .. se introduce funcționalitatea Configuration Change Notification and Logging, care configurată poate înregistra istoricul modificărilor de configurație independent de sesiunile in care au fost executate. Pe deasupra, aceasta poate fi configurat în așa fel încât istoricul să reziste la reload-ul de echipament. Funcția de logger de configurație poate fi utilă în troubleshooting atunci când ai de exemplu nevoie să identifici ultimele modificări de configurație ce au dus la o problemă sau să urmărești comenzile executate de mai mulți administratori în diferite sesiuni ș.a.m.d. Până la configuration logger identificarea schimbărilor de configurație era posibilă doar prin a compara linie cu linie running-config-ul curent cu o copie din trecut a configurației – incomod și fără detalii legate de ordinea instrucțiunilor și autorul lor.

Informațiile reținute de configuration logger includ:

  • comandă IOS executată
  • modul de configurație specific in care a fost executată comanda
  • numele utilizatorului (autentificat in sesiunea terminal) ce a executat comanda
  • un număr de secvență consecutiv a comenzii 

Logger-ul înregistrează doar comenzile ce au dus la modificarea configurației nu și cele de afișare sau comenzi incomplete/eronate. Comenzile sunt înregistrate într-un log circular a cărui lungime poate fi setată din timp.

Să încercăm acum o configurație, cu un simplu router Cisco cu logger de configurație setat. Vom executa câteva comenzi din contexte de utilizatori diferite (în sesiuni de consolă), după care vom afișa istoricul instrucțiunilor stocat de configuration logger. Testele de mai jos sunt executate în GNS3 pe un router 3700 cu IOS 12.4(15)T7 (C3725-ADVENTERPRISEK9-M).


Așadar, pe routerul din schemă aplicăm următoarele configurații:

  1. utilizatori definiți local (mark.smith/jane.doe) și autentificare pentru linia de consola (line con 0)

  1. activare configuration logger, executată în modul de configurare archive – log config prin logging enable. Mai jos, logging size pentru lungime log și hidekeys pentru a ascunde (sub asterisc) password-urile in log.

Continue reading

How to find if Cisco supports specific command or feature

Hello all,

This is my first post in the blog and first article published in English. It is going to be interesting experience smiley

I decided to write this article to share my experience which could be interesting for some of you. One of the very common issue with Cisco IOS is that I found a command which doesn't work for me but this command is working for other people. Why so and how to solve this issue? I will try to give you some advice below.

Few time ago my task was to configure qinq vlan tagging on the Cisco switch. Let's start with what means qinq. Here you can find article from Cisco http://www.cisco.com/en/US/docs/ios/lanswitch/configuration/guide/lsw_ieee_802.1q.html which show us that qinq suppose to tag one frame twice. What is the reason to use qinq? Let's suppose that you have in the network one specific VLAN, for example 30. The same vlan 30 with the same pool of ip address you have on another part of your network. This situation is typical for ISP and his clients. Your task is to keep traffic from those VLANs separate and transport traffic through your network. So the solution for that is IEEE 802.1q tunneling or qinq tunnel in other words.

If you have some experience with Cisco you will try to enter on the Google how to configure IEEE 802.1q tunneling and will find article like this http://networklessons.com/switching/802-1q-tunneling-q-q-configuration-example/. By the way very good explained how to configure this specific feature. Not all people like to read official cisco docs (this was also my mistake). Let's say that Cisco provide information in not so interactive way like Rene did. I read Rene's article and said that is very easy to configure qinq and I need one switch and some minutes to do this task. I got C2960G switch, installed him and was starting to configure. I went to the interface:

Switch(config-if)#switchport mode ?
  access   Set trunking mode to ACCESS unconditionally
  dynamic  Set trunking mode to dynamically negotiate access or trunk mode
  trunk    Set trunking mode to TRUNK unconditionally

It seems to be that I will need more than couple of minutes to configure qinq. Command switchport mode qot1q-tunnel is missed from my IOS. So I need new version of IOS. But the question is which exactly one? One more problem could be that model of switch doesn't support this feature. So let's try to see what Google says about qinq on C2960. The result is confusing. In some links we could find that C2960 doesn't support this feature in other we see that feature is working (common situation). We need to know the answer. Let's go to the Cisco Feature Navigator http://www.cisco.com/web/go/fn. Feature navigator is very powerful tool which could show us if specific feature is supported on particular IOS. The most difficult thing here is to find the right name of the feature. Try to enter for example IPv6 on the feature field and you will see a lot of options. Which options is mine and command which I have to enter in configuration is covered? Try to search with some assumptions and using description of feature to do it faster. I supposed that my feature must contain 802.1q in his name. I supposed that name of my feature is IEEE 802.1Q tunneling. Description showed that it could be.


I searched on the Cisco's site and I found that is exactly the thing which I looked for. Now I have feature name and I see that this feature is supported on list of IOS-es. The great news I have one of this version on another switch. I repeated my configuration:

Switch(config-if)#switchport mode ?
  access   Set trunking mode to ACCESS unconditionally
  dynamic  Set trunking mode to dynamically negotiate access or trunk mode
  trunk    Set trunking mode to TRUNK unconditionally

Hey.. What is wrong? Feature name? License? It could be.. Let's go back to the internet..

License on this switch doesn't have any limitation and feature name seems to be right. Where to look ? Let's try Cisco Configuration guide http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/15-0_2_se/configuration/guide/scg2960.html. Configuration guide contain list of commands which are supported by the switch in specific version of IOS. I didn't find anything about qinq in configuration guide..

Conclusion: Cisco Feature Navigator is great tool but the results of searching must be verified with Cisco configuration guide to assure that your model of equipment is supported. It very useful to check before to upgrade switch with new IOS and find that command or feature which you are look for isn't working. My switch doesn't support IEEE 802.1q tunneling. This feature is supported by C2960X series of switches sad.