FWSM Notes

Phone numbers: Mike Ryan: 822-5474, Graham Moore 827-4289
IP Addr: 137.82.221.177

DISASTER RECOVERY

Call Mike or Graham

Useful Commands

? - Type ? at the command line for a list of all possible commands. type show ip ? to show command parameters. Also, for example, use show c? to return a list of commands that start with the letter c.
sh ru - ie, show running-configuration. shows the firewall's current configuration. The running-configuration is the config that is in the router's memory.
wr mem - ie, write memory. This command will save the configuration that is currently being modified (in RAM), also known as the running-configuration, to the nonvolatile RAM (NVRAM). If the power is lost, the NVRAM will preserve this configuration.
sh int - ie, show interface. The show interface command displays the status of the router's interfaces.
show ip interface / show ip interface brief - The show ip interface command provides tons of useful information about the configuration and status of the IP protocol and its services, on all interfaces. The show ip interface brief command provides a quick status of the interfaces on the router, including their IP address, Layer 2 status, and Layer 3 status.
no shutdown - The no shutdown command enables an interface (brings it up).
show ip route - The show ip route command is used to show the router's routing table. This is the list of all networks that the router can reach, their metric (the router's preference for them), and how to get there. This command can be abbreviated sh ipro and can have parameters after it, like sh ipro ospf for all OSPF routers. To clear the routing table of all routes, you do clear ip route *. To clear it of just one route, do clear ip route 1.1.1.1 for clearing out that particular network.
sh ver - ie, show version. The show version command gives you the router's configuration register (essentially, the router's firmware settings for booting up), the last time the router was booted, the version of the IOS, the name of the IOS file, the model of the router, and the router's amount of RAM and Flash.
show tech - to get a pile of info to send to a cisco tech.

PROCEDURES:

10-02-15: Disabed 'randomize sequence #' from the Config-->NAT rules tab for all the interfaces.

Adding a new server behind the firewall
Adding a new server behind the firewall that needs access to specific "unusual" ports (eg. cvs, protel...)

NOTE: You normally do all configuration from the GUI; the following commands are given for reference only.

rap@spyder$ ssh rparachoniak@137.82.221.177
rparachoniak@137.82.221.177's password: <enter password>
Type help or '?' for a list of available commands.
ai20fwsm/HNHB01>
ai20fwsm/HNHB01> enable
Password:
ai20fwsm/HNHB01# config t
ai20fwsm/HNHB01(config)# sh run
: Saved
:
FWSM Version 2.3(4) 
nameif vlan1591 HNHB01-EXT security0
nameif vlan13 HNHB01-PHAS-238 security80
nameif vlan381 HNHB01-PHAS-239 security80
nameif vlan11 HNHB01-PHAS-235 security80
nameif vlan14 HNHB01-PHAS-236 security80
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname HNHB01
domain-name net.ubc.ca
...
tftp-server HNHB01-EXT 137.82.6.118 fwsm.cfg
Cryptochecksum:9061d29ecda0986a41d12fde968c1e1e
: end
ai20fwsm/HNHB01(config)# exit
ai20fwsm/HNHB01# exit

Logoff

Connection to 137.82.221.177 closed.

NOTES:

latest fwsm config file is always stored in hyper:/home/ubcnmc/
you can always cut and paste groups of lines (or one line at a time) from this file into the fwsm command line window (after entering the enable, and config t mode).

For more assistance contact Ron Parachoniak, rap@phas.ubc.ca ( Sysadmin )

webmaster@phas.ubc.ca

[Dept. Home Page]

last updated: 10-02-15