Category: Network Management

Have you ever wanted to be notified when your router loses a specific route (for example, the default route toward the Internet)? In IOS release 12.4T you can do it with a combination of Enhanced Object Tracking and Embedded Event Manager 2.2.

While you wouldn't usually want non-privileged user to reload a Cisco IOS-based router, you might also not appreciate the need to give the network operator level-15 access (which includes configuration privileges) just to reload the box. The solution is the privilege configuration command. To lower the privilege level of the reload command, configure privilege exec level desired-level reload.

The ability to replace router uptime with date and time in the logging messages with the service timestamps log datetime command was present in IOS for a long time, but I was always annoyed at timestamps when collecting syslog messages for demonstration purposes. The command to turn them off has also been available "forever", but was too obvious for me to try out ... the no service timestamps log command.

The Configuration Rollback feature (first available in IOS release 12.3(7)T) fails completely when handling configurations containing active IP SLA probes.

The Configuration Change Notification and Logging feature is supposed to log changes to the router's configuration. While it does a great job of logging commands entered in the router configuration mode, it completely ignores configuration changes due to configuration download (for example, with configure network or copy tftp running-config command).

As part of Configuraton Change Notification and Logging feature, Cisco IOS stores the most recent configuration commands in a circular buffer and (optionally) sends them to syslog streams.

This feature is configured under the archive configuration mode with the log config command, which brings you to yet another configuration mode where you can fine-tune the parameters (they are obvious, on-router help is sufficient), for example:

archive
 log config
  logging enable 100
  notify syslog
  hidekeys

After you've enabled configuration command logging, you can use the show archive log config all command to inspect the logging buffer. You can also display commands entered in a particular session or by a selected user.

Cisco IOS has the ability to define command aliases - short words that substitute a whole exec-mode or configuration command. These aliases can also be used in command execution URLs. For example, if you define alias exec showdefault show ip route 0.0.0.0 0.0.0.0, you can view the status of the default route with the http://router/exec/showdefault/CR URL.

Cisco IOS supports the Unix tar format with the archive command. For example, to inspect the contents of the Secure Device Manager (SDM) that is present in Flash memory on most routers, use the archive tar /table flash:sdm.tar command.

You can also use the archive tar /xtract command to extract a tar file (local or external) into a directory (yet again local or external). For example, with the command archive tar /xtract flash:sdm.tar tftp://10.0.0.10 you'd extract the SDM tar archive to a TFTP server.

If you give your users guest access to a router, you might want to disable some web-based applications the router usually offers (for example, command execution). To do this, use the following steps (first supported in IOS release 12.3(14)T, integrated in 12.4):

If you have HTTP enabled on your router, you can use it to automate router reloads through web requests. To enable HTTP on the router, use the following commands:

ip http server
ip http access-class 90
access-list 90 permit network-management-ip-address

The ip http access-class configuration command is vital - it limits the access to the web server on your router to well-defined IP addresses.

The Visual Basic script to reload the router is extremely simple (just save the following lines into a file called reload.vbs):