[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Cisco 1841 Router Config Question

Posted on 2012-08-12
4
Medium Priority
?
637 Views
Last Modified: 2012-10-04
Hey Guys,

Never really looked a Cisco router config before, so I've setup as much as I can but I can workout the last few things.

1. I need to be able to access the router through SNMPv2 with the  comunity name 'DefaultSuper'

2. I need netflow packets to be sent to my Netflow server (192.168.21.47).

FE 0/0  is the internal and connects to our Palo Alto Firewall (203.XX.XXX.122)
FE 0/1 is the external link.


!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname router
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$7SA2$PuylfbVxOzpo3VCckR5/21
!
no aaa new-model
ip cef
!
!
!
!
ip name-server 8.8.8.8
ip name-server 8.8.4.4
multilink bundle-name authenticated
!
!
archive
 log config
  hidekeys
!
!
!
policy-map shape-all
 class class-default
  shape average 9300000
!
!
!
!
interface FastEthernet0/0
 description $ETH-LAN$
 ip address 201.XX.XXX.121 255.255.255.252
 ip virtual-reassembly
 speed auto
 full-duplex
 no mop enabled
!
interface FastEthernet0/1
 description $ETH-LAN$
 ip address 131.XXX.21.10 255.255.255.252
 ip virtual-reassembly
 speed auto
 full-duplex
 no mop enabled
 service-policy output shape-all
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 131.XXX.21.9 permanent
!
!
no ip http server
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 no login
 transport input none
!
scheduler allocate 20000 1000
end


Thanks in advance
0
Comment
Question by:QuazzieM
  • 2
  • 2
4 Comments
 
LVL 5

Expert Comment

by:bplantier
ID: 38287124
1) It depends on what you want to achieve. If you need read only access it will be:

snmp-server community DefaultSuper RO

Open in new window


if you need read-write access.

snmp-server community DefaultSuper RW

Open in new window



2)  About configurig Netflow the basics will be:

1. Configuring the interface to capture flows into the NetFlow cache.
Router(config)# ip cef
Router(config)# interface ethernet 1/0 .

Router(config-if)# ip flow ingress
Or ( depending on the version of your ios)
Router(config-if)# ip route-cache flow

Open in new window



2. Export to the flow server.
Router(config)# ip flow-export version 9
Router(config)# ip flow-export destination 192.168.21.47 9997

Open in new window



source: http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6555/ps6601/prod_white_paper0900aecd80406232.html
0
 

Author Comment

by:QuazzieM
ID: 38290857
Hi bplantier...

That's pretty much what I was thinking, however the only issue I can see is the netflow destination..

If I set the destination to 192.168.21.47, do I need to setup a route in the config to now to send it PAN firewall, then have a rule in the PAN to forward it to netflow server (192.168.21.47)

The only reason I ask is that, if internal IP of the 1841 is on the 203.XXX.XXX.121  and the external interface of the PAN is 203.XXX.XXX.122 and its internal IP is 192.168.21.1 how does the netflow packets know how to get to the netflow server?
0
 
LVL 5

Accepted Solution

by:
bplantier earned 2000 total points
ID: 38290909
You are absolutly correct.  The netflow process on the Cisco will use the routing table to find the route to reach the netflow server.

So you must have a route (static, ospf, rip..)  for the IP 192.168.21.47 toward the firewall.


With a static route, it will be
ip route 192.168.21.47 255.255.255.255 203.XXX.XXX.122 .

Open in new window


And, of course, you must open the port (UDP) on the firewal.
0
 

Author Closing Comment

by:QuazzieM
ID: 38465447
Thanks for all you help.. Works a treat
0

Featured Post

Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question