Configurations

Have you ever found yourself troubleshooting a problem caused by a coworker or consultant mistyping a command? It happens, everyone makes mistakes, but what's frustrating is when people won't own up and admit they made the mistake. Not only is it dishonest, it can impede a fast resolution by knowing what to undo.

As a result, you might find yourself wishing there was a relatively simple way to see every command typed into every router and switch in the network... You can do this with a AAA server, but it can be cumbersome to have to scour through the logs on your ACS server. However, there is another way and it's really easy to configure.

Configuration Change Notification and Logging, or simply Configuration Logging, is Cisco's method to log every configuration command entered on your Cisco IOS routers and switches. The feature was introduced in 12.3(4)T & 12.2(25)S, so it should be available in almost any IOS device that's been upgraded in the last 5 years. It can log locally up to a specified number of lines of config, and even send the commands off to a syslog server.

The following examples are from a Cisco 3550 switch and demonstrate how to configure and monitor change logging.

If you are used to typing "wr" to backup your configs, Cisco has been working hard at making it less easy to backup your configuration to flash. For years I've heard that write memory is "going away" and that everyone should use "copy running-config startup-config". If you are working on some newer platforms (NX-OS), you might find that wr doesn't work unless you create an alias:

alias exec wr copy run start

But there are cooler ways to backup your configurations now (aside from using third party tools), such as the Archive feature.

To backup your configs using Archive, here's a script to backup your config to disk0 once a day for two weeks:

Router(config)# archive
Router(config-archive)# path disk0:backupconfig
Router(config-archive)# maximum 14
Router(config-archive)# time-period 1440

If something happens to the config and you want to roll back to yesterday, that's where  configure replace comes in:

Probably one of the coolest features of Cisco's NX-OS is the ability to create a port channel between 3 different switches. This is called a Virtual Port Channel, or vPC. This completely eliminates spanning-tree from the picture when links fail, because the two switches participating in the vPC simply work it out between themselves when links fail. 

There are several steps that are needed to configure a vPC, such as having the feature enabled in NX-OS and setting up your peer link, but aside from that the port channel configuration looks nearly identical to a typical port channel. To simplify things, we will assume there are two Nexus switches already in place with management interfaces and only the default VDC configured. Each of these Nexus switches have ethernet ports 1 and 2 connected to a single 6509 access switch.

As you I'm sure have figured out, I've been enthralled with this GNS3 product. But there's a few problems that I've hit:
First Problem: Every time I recommend GNS3 to someone, they get all excited until they find out they need a copy of the IOS to run it. The next question becomes, "So where to I get that?" At which point, I'm forced to mutter something about using someone's SmartNet contract. And I honestly feel bad! There's so many people that want to learn Cisco that can't get a copy of the IOS from somewhere.
Second Problem: Even if you DO get a copy of the IOS and get GNS3 set up, you end up in a, "what now?" scenario. Let me describe...When I teach Cisco classes, I always encourage people to get some lab equipment from Ebay...but I know a lot of people do this, get all this shiny, racked equipment in place and then don't know what to do with it.

This is a pretty specific post for me - sorry if it does not apply. I've recently purchased an Intel-based 17" MacBook Pro and have an IOGear GUC232A USB to Serial converter I use for my console connections to Cisco routers that I've had a heck of a time getting working. BUT, I've finally conquered and wanted to write the steps I performed to aleviate the time spent if I have to do this again:
1. Download the LATEST driver from Prolific (http://www.prolific.com.tw/eng/downloads.asp?ID=31 - download the file md_pl2303H_HX_X_dmg_v1.2.1.zip)
2. Run through the install, reboot
3. The Prolific is a generic driver that works with the GUC232A, so you have to tweek it:

• Plug the GUC232A into any available USB port on your Mac
• Open the System Profiler, in /Application -> Utilites
• Click USB in the Contents pane
• Select the GUC232A in the Device Tree; usually it will be listed under USB-Serial Controller

Hello everyone! I'd like to welcome you to the Cisco Blog! I don't know
about you, but there are times when I have those unanswerable questions
or just a flat out weird network configuration I'm trying to set up...Or
even those times when you're looking over someone's shoulder as they
are setting up a router, and you think, "wow! I didn't know you could do
it that way!" (but of course, never say anything for sake of your own
pride). Well, that's why I created this blog - to give a forum to all
interested in the topic of Cisco. Feel free to post about anything Cisco
related: questions, comments, configurations, tips...whatever.
Just a quick run through the few rules-of-the-blog:
1. Keep the language clean
2. Try to keep the topics centralized around Cisco technology
3. Invite a friend!

That's it! Post away!

Update: As of September 2010, Cisco Blog is now Tekcert.com