Most often than not, you will be required to reverse
engineer different environments that are undocumented. I have been tasked with
swapping out another 6509 for a 6509E and adding a secondary 6509E for redundancy.
One of the items I discovered that was unique to this environment
was the DHCP configurations someone put in but never documented them and some
NetFlow that was running but never being exported. It also was against policy for this environment.
You will learn a lot
while reverse engineering. Take for example this DHCP configuration; I have
always implemented what was shown to me in Cisco books and never to the extent
of what I found. Another important
lesson is to know what dependencies one configuration has to another, this is how
things break if you don't over analyze. I obviously masqueraded some of the items due to security
concerns and these two configurations have no dependency on each other.
DHCP CONFIG:
ip dhcp pool AP
host 10.200.10.58 255.255.255.0
client-identifier 0100.c0b7.2d38.07
bootfile config.ini
default-router 10.200.10.254
domain-name joel.com
option 150 ip 10.200.10.102
lease 7
ip dhcp pool AP
host 10.200.10.59 255.255.255.0
client-identifier 0100.c0b7.2d37.c3
bootfile config.ini
default-router 10.200.10.254
domain-name joel.com
option 150 ip 10.200.10.102
lease 7
Document I used to figure out what was going with this configuration:
http://www.cisco.com/en/US/docs/ios/12_1/iproute/command/reference/1rddhcp.html#wp1018363
Verfication:
6509E#show ip dhcp binding
IP address Client-ID/ Lease expiration Type
Hardware address
10.200.10.58 0100.c0b7.2d38.07 Infinite Manual
10.200.10.59 0100.c0b7.2d37.c3 Infinite Manual
NetFlow Config:
6509E#show running-config | include netflow
mls netflow interface
6509E#show run int vlan 30
Building configuration...
Current configuration : 174 bytes
!
interface Vlan30
description AP
ip address 10.200.10.254 255.255.255.0
ip flow ingress
end
Document I used to figure out what was going with this configuration:
http://www.cisco.com/en/US/docs/ios/netflow/command/reference/nf_02.html#wp1012875
Verification:
6509E#show ip cache flow
-------------------------------------------------------------------------------
Displaying software-switched flow entries on the MSFC in Module 6:
IP packet size distribution (98171M total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .174 .019 .012 .007 .013 .054 .007 .002 .003 .004 .001 .016 .000 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .080 .073 .523 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 278544 bytes
534 active, 3562 inactive, 2284418974 added
2945144932 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 33992 bytes
0 active, 1024 inactive, 0 added, 0 added to flow
0 alloc failures, 0 force free
1 chunk, 1 chunk added
last clearing of statistics never
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-Telnet 1685390 0.3 1 47 0.7 0.8 14.3
TCP-FTP 1258810 0.2 1 51 0.5 0.5 12.0
TCP-FTPD 282755 0.0 1 48 0.0 0.0 14.4
No comments:
Post a Comment