Cisco IOS パイプ(|) 記法の使い方

完全な私のメモです。
INE の有名な動画コースである CCIE Routing & Switching v5.1 Advanced Technologies を視聴していてしきりに
パイプインクルード…ってよく聞こえてきたので、結構活用されているんだなって思って実験結果を書いた。

INE の動画

  1. CCIE Routing & Switching Training – INE
  2. CCIE Routing & Switching Advanced Technologies Course v5.1 – INE

Output Modifier

  1. include 今回紹介するのはこれ
  2. exclude
  3. section 今回紹介するのはこれ
  4. begin

running-config

これを加工していく。

R2#sh run
Building configuration...

Current configuration : 1226 bytes
!
! Last configuration change at 03:36:22 UTC Sat Jan 20 2018
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
dot11 syslog
ip source-route
!
!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO1841 sn FHK130826MD
!
redundancy
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 ip address 172.16.123.254 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 duplex auto
 speed auto
!
interface Serial0/0/0
 no ip address
 shutdown
 no fair-queue
 clock rate 2000000
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
!
!
!
!
!
!
control-plane
!
!
banner motd ^C
==============================================================
This is my router. Exit immediately.
===============================================================
^C
!
line con 0
 exec-timeout 0 0
 logging synchronous
line aux 0
line vty 0 4
 exec-timeout 0 0
 login
 transport input all
line vty 5 15
 exec-timeout 0 0
 login
 transport input all
!
scheduler allocate 20000 1000
end

include

指定の文字列を含む行のみを出力する。

普通の使い方

R2#sh run | inc password
no service password-encryption
 password ciscotest
 password ciscotest
 password ciscotest
 password ciscotest

正規表現も使える

R2#sh run | inc (pass|enab)
service password-encryption
enable secret 5 $1$cZtx$Z5Jhba7QXU/olmSSl37Ba0
enable password 7 030752180500204843
 password 7 121A0C0411041C0B3D2E36
 password 7 03075218050035495D1D
 password 7 13061E010803102F3830
 password 7 060506324F411D1C1603

section

line コンフィグレーションモードのセクションを見る。

R2#sh run | sec line con 0
line con 0
 exec-timeout 0 0
 logging synchronous

インターフェース名を省略すると、引っかからない。

R2#sh run | sec int f0/0

インターフェース名を省略せずに指定すると引っかかる。

R2#sh run | sec interface FastEthernet0/0
interface FastEthernet0/0
 ip address 172.16.123.254 255.255.255.0
 duplex auto
 speed auto

show running-config interface

おまけ。
show running-config 単体でこんな使い方もできる。

R2#sh run int f0/0
Building configuration...

Current configuration : 99 bytes
!
interface FastEthernet0/0
 ip address 172.16.123.254 255.255.255.0
 duplex auto
 speed auto
end

Cisco Router: Basic Configuration

R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#hostna
R2(config)#hostname BROKENR
BROKENR(config)#int f0/1
BROKENR(config-if)#no shut
BROKENR(config-if)#no shutdown
BROKENR(config-if)#
*Jan 17 00:41:47.311: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
BROKENR(config-if)#
*Jan 17 00:41:48.311: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
BROKENR(config-if)#
*Jan 17 00:41:49.695: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
BROKENR(config-if)#shut
BROKENR(config-if)#shutdown
BROKENR(config-if)#
*Jan 17 00:42:01.403: %LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down
BROKENR(config-if)#ip address 10.1.123.254 255.255.255.0
BROKENR(config-if)#description Developer-Network
BROKENR(config)#line
BROKENR(config)#line co
BROKENR(config)#line console 0
BROKENR(config-line)#logg
BROKENR(config-line)#logging sy
BROKENR(config-line)#logging synchronous
BROKENR(config-line)#no log
BROKENR(config-line)#no logg
BROKENR(config-line)#no logging sy
BROKENR(config-line)#no logging synchronous
BROKENR(config-line)#^Z
BROKENR#
*Jan 17 00:46:36.447: %SYS-5-CONFIG_I: Configured from console by console
BROKENR#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
BROKENR(config)#^Z
BROKENR#
*Jan 17 00:46:51.079: %SYS-5-CONFIG_I: Configured from console by consoleconf t
Enter configuration commands, one per line.  End with CNTL/Z.
BROKENR(config)#line conso
BROKENR(config)#line console 0
BROKENR(config-line)#log
BROKENR(config-line)#logg
BROKENR(config-line)#logging synch
BROKENR(config-line)#logging synchronous
BROKENR(config-line)#^Z
BROKENR#
*Jan 17 00:47:10.511: %SYS-5-CONFIG_I: Configured from console by console
BROKENR#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
BROKENR(config)#line con 0
BROKENR(config-line)#exe
BROKENR(config-line)#exec-ti
BROKENR(config-line)#exec-timeout 30 0
BROKENR(config-line)#^Z
BROKENR#
*Jan 17 00:50:07.587: %SYS-5-CONFIG_I: Configured from console by console
BROKENR#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
BROKENR(config)#exe
BROKENR(config)#logg
BROKENR(config)#line con 0
BROKENR(config-line)#exe
BROKENR(config-line)#exec-ti
BROKENR(config-line)#exec-timeout 0 30
BROKENR(config-line)#^Z
BROKENR#
*Jan 17 00:50:39.879: %SYS-5-CONFIG_I: Configured from console by console
BROKENR#sh run | inc exec-time
 exec-timeout 0 30
 exec-timeout 0 0
 exec-timeout 0 0
BROKENR#
BROKENR#disa
BROKENR>exit


(snip)



BROKENR con0 is now available





Press RETURN to get started.


BROKENR>en
BROKENR#sh ti
BROKENR#sh date
BROKENR#sh date
              ^
% Invalid input detected at '^' marker.

BROKENR#sh time
BROKENR#sh time-range
BROKENR#sh time-range
BROKENR#sh clock
BROKENR#sh clock
*00:54:08.427 UTC Wed Jan 17 2018
BROKENR#






(snip)



BROKENR con0 is now available





Press RETURN to get started.





BROKENR>sh clock
*00:55:04.759 UTC Wed Jan 17 2018



BROKENR>sh clock
*00:55:04.759 UTC Wed Jan 17 2018
BROKENR>en
BROKENR#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
BROKENR(config)#line con 0
BROKENR(config-line)#conf t
                     ^
% Invalid input detected at '^' marker.

BROKENR(config-line)#exec-tim
BROKENR(config-line)#exec-timeout 10 0
BROKENR(config-line)#^Z
BROKENR#
*Jan 17 00:55:38.715: %SYS-5-CONFIG_I: Configured from console by console
BROKENR#sh run | inc exec-time
 exec-timeout 0 0
 exec-timeout 0 0
BROKENR#



motd

R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#bann
R2(config)#banner mot
R2(config)#banner motd EOS
Enter TEXT message.  End with the character 'E'.
This is my router.Exit immediately.
R2(config)#^Z
R2#
*Jan 20 03:33:24.357: %SYS-5-CONFIG_I: Configured from console by console
R2#dis
% Ambiguous command:  "dis"
R2#disa
R2>exit



(snip)


R2 con0 is now available





Press RETURN to get started.

OS
This is my router.
R2>en

どうも開始を示す文字は1文字である必要があるらしい。

R2>en
R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#banner motd #
Enter TEXT message.  End with the character '#'.
==============================================================
This is my router. Exit immediately.
===============================================================
#
R2(config)#
R2(config)#^Z
R2#
*Jan 20 03:36:22.137: %SYS-5-CONFIG_I: Configured from console by console
R2#disa
R2>exit



(snip)



R2 con0 is now available





Press RETURN to get started.




==============================================================
This is my router. Exit immediately.
===============================================================

R2>en
R2#

good

ちなみに running-config は以下のようになる。

R2#sh run | begin motd
banner motd ^C
==============================================================
This is my router. Exit immediately.
===============================================================
^C
!
line con 0
 exec-timeout 0 0
 logging synchronous
line aux 0
line vty 0 4
 exec-timeout 0 0
 login
 transport input all
line vty 5 15
 exec-timeout 0 0
 login
 transport input all
!
scheduler allocate 20000 1000
end

CCNA 等の試験でもあったような気がしないでもないが、 バナーメッセージには必要以上の情報は載せないことが肝要であるとのこと。

References

  1. Ciscoルータ – 基本設定

Cisco Router: show interfaces

インターフェース指定なし
全部だらーっと出る。

R2#sh int
FastEthernet0/0 is up, line protocol is up 
  Hardware is Gt96k FE, address is 0024.c431.126e (bia 0024.c431.126e)
  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec, 
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:07, output 00:00:05, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 2000 bits/sec, 2 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     120 packets input, 19792 bytes
     Received 70 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     1 input errors, 0 CRC, 0 frame, 0 overrun, 1 ignored
     0 watchdog
     0 input packets with dribble condition detected
     4 packets output, 1081 bytes, 0 underruns
     0 output errors, 0 collisions, 4 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
FastEthernet0/1 is administratively down, line protocol is down 
  Hardware is Gt96k FE, address is 0024.c431.126f (bia 0024.c431.126f)
  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec, 
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Auto-duplex, Auto Speed, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output never, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
(snip)

インターフェース指定あり。

R2#sh int f0/0
FastEthernet0/0 is up, line protocol is up 
  Hardware is Gt96k FE, address is 0024.c431.126e (bia 0024.c431.126e)
  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec, 
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:46, output 00:00:08, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 2000 bits/sec, 1 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     185 packets input, 35778 bytes
     Received 70 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     1 input errors, 0 CRC, 0 frame, 0 overrun, 1 ignored
     0 watchdog
     0 input packets with dribble condition detected
     8 packets output, 1321 bytes, 0 underruns
     0 output errors, 0 collisions, 4 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
R2#sh int f0/0
FastEthernet0/0 is administratively down, line protocol is down
  Hardware is Gt96k FE, address is 0024.c431.126e (bia 0024.c431.126e)
  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
     reliability 254/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Auto-duplex, Auto Speed, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:41, output never, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     68 packets input, 12088 bytes
     Received 67 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     1 input errors, 0 CRC, 0 frame, 0 overrun, 1 ignored
     0 watchdog
     0 input packets with dribble condition detected
     0 packets output, 0 bytes, 0 underruns
     0 output errors, 0 collisions, 2 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#int f0/0
R2(config-if)#no shut
R2(config-if)#^Z
R2#
*Jan 18 23:41:07.419: %SYS-5-CONFIG_I: Configured from console by console
R2#
*Jan 18 23:41:11.519: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
R2#sh int f0/0
FastEthernet0/0 is up, line protocol is up
  Hardware is Gt96k FE, address is 0024.c431.126e (bia 0024.c431.126e)
  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:13, output 00:00:05, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 4000 bits/sec, 2 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     125 packets input, 22068 bytes
     Received 71 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     1 input errors, 0 CRC, 0 frame, 0 overrun, 1 ignored
     0 watchdog
     0 input packets with dribble condition detected
     7 packets output, 1538 bytes, 0 underruns
     0 output errors, 0 collisions, 4 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out

ip アドレス振る

R2#sh int f0/0 | inc Inter
R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#int f0/0
R2(config-if)#ip addr 172.16.123.254 255.255.255.0
R2(config-if)#^Z
R2#
*Jan 18 23:44:07.055: %SYS-5-CONFIG_I: Configured from console by console
R2#sh int f0/0 | inc Inter
  Internet address is 172.16.123.254/24
R2#sh int f0/0
FastEthernet0/0 is up, line protocol is up
  Hardware is Gt96k FE, address is 0024.c431.126e (bia 0024.c431.126e)
  Internet address is 172.16.123.254/24
  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 2000 bits/sec, 1 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     333 packets input, 82074 bytes
     Received 95 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     1 input errors, 0 CRC, 0 frame, 0 overrun, 1 ignored
     0 watchdog
     0 input packets with dribble condition detected
     30 packets output, 3764 bytes, 0 underruns
     0 output errors, 0 collisions, 4 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out

省略せずに全部書いた場合

R2#show interfaces FastEthernet 0/0
FastEthernet0/0 is up, line protocol is up
  Hardware is Gt96k FE, address is 0024.c431.126e (bia 0024.c431.126e)
  Internet address is 172.16.123.254/24
  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:08, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 2000 bits/sec, 1 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     100843 packets input, 30261373 bytes
     Received 96827 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     1 input errors, 0 CRC, 0 frame, 0 overrun, 1 ignored
     0 watchdog
     0 input packets with dribble condition detected
     11642 packets output, 1224140 bytes, 0 underruns
     0 output errors, 0 collisions, 6 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out

show interfaces の各情報はすべて重要で、全て知っている必要があるとのこと。
やばい。。。

R2#sh int serial 0/0/0
Serial0/0/0 is administratively down, line protocol is down
R2#show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            172.16.123.254  YES manual up                    up
FastEthernet0/1            unassigned      YES NVRAM  administratively down down
Serial0/0/0                unassigned      YES NVRAM  administratively down down

no shut したらルータの場合ケーブルが接続されていない場合は up/down となり

R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#int f0/1
R2(config-if)#no shut
R2(config-if)#
*Jan 20 02:42:37.409: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
R2(config-if)#^Z
R2#
*Jan 20 02:42:39.969: %SYS-5-CONFIG_I: Configured from console by console
R2#sh ip int b
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            172.16.123.254  YES manual up                    up
FastEthernet0/1            unassigned      YES NVRAM  up                    down
Serial0/0/0                unassigned      YES NVRAM  administratively down down
R2#sh int f0/1
FastEthernet0/1 is up, line protocol is down
  Hardware is Gt96k FE, address is 0024.c431.126f (bia 0024.c431.126f)
  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Auto-duplex, Auto Speed, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output never, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes
     Received 0 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog
     0 input packets with dribble condition detected
     30 packets output, 2112 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out

Catalyst スイッチの場合は

ASW2#sh int f0/1
FastEthernet0/1 is down, line protocol is down (notconnect)
  Hardware is Fast Ethernet, address is 0026.ca6b.e981 (bia 0026.ca6b.e981)
  MTU 1500 bytes, BW 10000 Kbit/sec, DLY 1000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Auto-duplex, Auto-speed, media type is 10/100BaseTX
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output never, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts (0 multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 0 multicast, 0 pause input
     0 input packets with dribble condition detected
     0 packets output, 0 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 pause output
     0 output buffer failures, 0 output buffers swapped out

ほんとうだ。

References

  1. Ciscoルータ – show interfacesの見方

Cisco Router: show version, show running-config

show version

R2#show version
Cisco IOS Software, 1841 Software (C1841-ADVENTERPRISEK9-M), Version 15.1(4)M10, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2015 by Cisco Systems, Inc.
Compiled Tue 24-Mar-15 08:30 by prod_rel_team

ROM: System Bootstrap, Version 12.4(13r)T5, RELEASE SOFTWARE (fc1)

R2 uptime is 6 minutes
System returned to ROM by power-on
System image file is "flash:c1841-adventerprisek9-mz.151-4.M10.bin"
Last reload type: Normal Reload


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco 1841 (revision 7.0) with 352256K/40960K bytes of memory.
Processor board ID FHK123456MD
2 FastEthernet interfaces
1 Serial(sync/async) interface
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
62720K bytes of ATA CompactFlash (Read/Write)


License Info:

License UDI:

-------------------------------------------------
Device#   PID                   SN
-------------------------------------------------
*0        CISCO1841             FHK123456MD



Configuration register is 0x2102

352256K/40960K

(352256+40960)/1024 = 384 MiB

62720K bytes of ATA CompactFlash (Read/Write)

CFメモリのサイズは 62720/1024 ≒ 61 MB

Configuration register is 0x2102

↑コンフィグレーションレジスタの値

GNS3 では

R1#sh ver
Cisco IOS Software, 3700 Software (C3725-ADVENTERPRISEK9-M), Version 12.4(15)T14, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Tue 17-Aug-10 12:08 by prod_rel_team

ROM: ROMMON Emulation Microcode
ROM: 3700 Software (C3725-ADVENTERPRISEK9-M), Version 12.4(15)T14, RELEASE SOFTWARE (fc2)

R1 uptime is 3 minutes
System returned to ROM by unknown reload cause - suspect boot_data[BOOT_COUNT] 0x0, BOOT_COUNT 0, BOOTDATA 19
System image file is "tftp://255.255.255.255/unknown"


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco 3725 (R7000) processor (revision 0.1) with 249856K/12288K bytes of memory.
Processor board ID FTX123456MY
R7000 CPU at 240MHz, Implementation 39, Rev 2.1, 256KB L2, 512KB L3 Cache
3 FastEthernet interfaces
4 Serial interfaces
2 Serial(sync/async) interfaces
DRAM configuration is 64 bits wide with parity enabled.
55K bytes of NVRAM.

Configuration register is 0x2102

show running-config

R2#sh run
Building configuration...

Current configuration : 980 bytes
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
dot11 syslog
ip source-route
!
!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO1841 sn FHK130826MD
!
redundancy
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/0/0
 no ip address
 shutdown
 no fair-queue
 clock rate 2000000
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
!
!
!
!
!
!
control-plane
!
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
line aux 0
line vty 0 4
 exec-timeout 0 0
 login
 transport input all
line vty 5 15
 exec-timeout 0 0
 login
 transport input all
!
scheduler allocate 20000 1000
end

インターフェースに関する設定

interface FastEthernet0/0
 ip address 10.1.2.3 255.255.255.0
 speed 100
 full-duplex
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/0/0
 no ip address
 shutdown
 no fair-queue
 clock rate 2000000
!

http サーバの設定

no ip http server
no ip http secure-server

Cisco Router: startup auto secure

AutoSecure

auto secure

推奨セキュリティ設定機能。
ネットワークエンジニアは普通使わないとのこと。

R1#auto secure
                --- AutoSecure Configuration ---

*** AutoSecure configuration enhances the security of
the router, but it will not make it absolutely resistant
to all security attacks ***

AutoSecure will modify the configuration of your device.
All configuration changes will be shown. For a detailed
explanation of how the configuration changes enhance security
and any possible side effects, please refer to Cisco.com for
Autosecure documentation.
At any prompt you may enter '?' for help.
Use ctrl-c to abort this session at any prompt.

Gathering information about the router for AutoSecure

Is this router connected to internet? [no]:

Securing Management plane services...

Disabling service finger
Disabling service pad
Disabling udp & tcp small servers
Enabling service password encryption
Enabling service tcp-keepalives-in
Enabling service tcp-keepalives-out
Disabling the cdp protocol

Disabling the bootp server
Disabling the http server
Disabling the finger service
Disabling source routing
Disabling gratuitous arp

Here is a sample Security Banner to be shown
at every access to device. Modify it to suit your
enterprise requirements.

Authorized Access only
  This system is the property of So-&-So-Enterprise.
  UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED.
  You must have explicit permission to access this
  device. All activities performed on this device
  are logged. Any violations of access policy will result
  in disciplinary action.

Enter the security banner {Put the banner between
k and k, where k is any character}:

k
k
Enable secret is either not configured or
 is the same as enable password
Enter the new enable secret:
Confirm the enable secret :
Enter the new enable password:
Choose a password that's different from secret
Enter the new enable password:
Choose a password that's different from secret
Enter the new enable password:
Confirm the enable password:

Configuration of local user database
Enter the username: wataru
Enter the password:
Confirm the password:
Configuring AAA local authentication
Configuring Console, Aux and VTY lines for
local authentication, exec-timeout, and transport
Securing device against Login Attacks
Configure the following parameters

Blocking Period when Login Attack detected: 1

Maximum Login failures with the device:
Device not secured against 'login attacks'.


Configure SSH server? [yes]:
Enter the domain-name:
% No defaulting allowed
Enter the domain-name:
だるくなってきたので ^C で中断
R1#

auto secure no-interact

フルオートで running-config に設定が反映されていくとのこと。
稼働環境で使うのは禁忌らしい。

R1#terminal length 0
R1#sh run
Building configuration...

Current configuration : 1398 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
 log config
  hidekeys
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/0
 no ip address
 shutdown
 clock rate 2000000
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/1
 no ip address
 shutdown
 clock rate 2000000
!
interface FastEthernet1/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial2/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/3
 no ip address
 shutdown
 serial restart-delay 0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end
R1#auto secure no-interact
                --- AutoSecure Configuration ---

*** AutoSecure configuration enhances the security of
the router, but it will not make it absolutely resistant
to all security attacks ***

AutoSecure will modify the configuration of your device.
All configuration changes will be shown. For a detailed
explanation of how the configuration changes enhance security
and any possible side effects, please refer to Cisco.com for
Autosecure documentation.

Securing Management plane services...

Disabling service finger
Disabling service pad
Disabling udp & tcp small servers
Enabling service password encryption
Enabling service tcp-keepalives-in
Enabling service tcp-keepalives-out
Disabling the cdp protocol

Disabling the bootp server
Disabling the http server
Disabling the finger service
Disabling source routing
Disabling gratuitous arp

Configuring interface specific AutoSecure services
Disabling the following ip services on all interfaces:

 no ip redirects
 no ip proxy-arp
 no ip unreachables
 no ip directed-broadcast
 no ip mask-reply
Disabling mop on Ethernet interfaces

Securing Forwarding plane services...

Enabling CEF (This might impact the memory requirements for your platform)

This is the configuration generated:

no service finger
no service pad
no service udp-small-servers
no service tcp-small-servers
service password-encryption
service tcp-keepalives-in
service tcp-keepalives-out
no cdp run
no ip bootp server
no ip http server
no ip finger
no ip source-route
no ip gratuitous-arps
no ip identd
security passwords min-length 6
security authentication failure rate 10 log
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
logging facility local2
logging trap debugging
service sequence-numbers
logging console critical
logging buffered
interface FastEthernet0/0
 no ip redirects
 no ip proxy-arp
 no ip unreachables
 no ip directed-broadcast
 no ip mask-reply
 no mop enabled
interface Serial0/0
 no ip redirects
 no ip proxy-arp
 no ip unreachables
 no ip directed-broadcast
 no ip mask-reply
interface FastEthernet0/1
 no ip redirects
 no ip proxy-arp
 no ip unreachables
 no ip directed-broadcast
 no ip mask-reply
 no mop enabled
interface Serial0/1
 no ip redirects
 no ip proxy-arp
 no ip unreachables
 no ip directed-broadcast
 no ip mask-reply
interface FastEthernet1/0
 no ip redirects
 no ip proxy-arp
 no ip unreachables
 no ip directed-broadcast
 no ip mask-reply
 no mop enabled
interface Serial2/0
 no ip redirects
 no ip proxy-arp
 no ip unreachables
 no ip directed-broadcast
 no ip mask-reply
interface Serial2/1
 no ip redirects
 no ip proxy-arp
 no ip unreachables
 no ip directed-broadcast
 no ip mask-reply
interface Serial2/2
 no ip redirects
 no ip proxy-arp
 no ip unreachables
 no ip directed-broadcast
 no ip mask-reply
interface Serial2/3
 no ip redirects
 no ip proxy-arp
 no ip unreachables
 no ip directed-broadcast
 no ip mask-reply
ip cef
!
end


Applying the config generated to running-config

R1#sh run
Building configuration...

Current configuration : 2328 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname R1
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 10 log
security passwords min-length 6
logging buffered 4096
logging console critical
!
no aaa new-model
memory-size iomem 5
no ip source-route
no ip gratuitous-arps
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip bootp server
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
 log config
  logging enable
  hidekeys
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
interface FastEthernet0/0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 shutdown
 duplex auto
 speed auto
 no mop enabled
!
interface Serial0/0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 shutdown
 clock rate 2000000
!
interface FastEthernet0/1
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 shutdown
 duplex auto
 speed auto
 no mop enabled
!
interface Serial0/1
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 shutdown
 clock rate 2000000
!
interface FastEthernet1/0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 shutdown
 duplex auto
 speed auto
 no mop enabled
!
interface Serial2/0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 shutdown
 serial restart-delay 0
!
interface Serial2/1
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 shutdown
 serial restart-delay 0
!
interface Serial2/2
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 shutdown
 serial restart-delay 0
!
interface Serial2/3
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 shutdown
 serial restart-delay 0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
logging trap debugging
logging facility local2
no cdp log mismatch duplex
no cdp run
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
!
end

差分を比較するとこうなる。

--- D:/junk/startup-config-a.txt    Sat Jan 06 09:58:24 2018
+++ D:/junk/startup-config-b.txt    Sat Jan 06 09:58:32 2018
@@ -1,27 +1,38 @@
 R1#sh run
 Building configuration...

-Current configuration : 1398 bytes
+Current configuration : 2328 bytes
 !
 version 12.4
-service timestamps debug datetime msec
-service timestamps log datetime msec
-no service password-encryption
+no service pad
+service tcp-keepalives-in
+service tcp-keepalives-out
+service timestamps debug datetime msec localtime show-timezone
+service timestamps log datetime msec localtime show-timezone
+service password-encryption
+service sequence-numbers
 !
 hostname R1
 !
 boot-start-marker
 boot-end-marker
 !
+security authentication failure rate 10 log
+security passwords min-length 6
+logging buffered 4096
+logging console critical
 !
 no aaa new-model
 memory-size iomem 5
+no ip source-route
+no ip gratuitous-arps
 no ip icmp rate-limit unreachable
 ip cef
 !
 !
 !
 !
+no ip bootp server
 no ip domain lookup
 !
 multilink bundle-name authenticated
@@ -48,6 +59,7 @@
 !
 archive
  log config
+  logging enable
   hidekeys
 !
 !
@@ -60,49 +72,79 @@
 !
 interface FastEthernet0/0
  no ip address
+ no ip redirects
+ no ip unreachables
+ no ip proxy-arp
  shutdown
  duplex auto
  speed auto
+ no mop enabled
 !
 interface Serial0/0
  no ip address
+ no ip redirects
+ no ip unreachables
+ no ip proxy-arp
  shutdown
  clock rate 2000000
 !
 interface FastEthernet0/1
  no ip address
+ no ip redirects
+ no ip unreachables
+ no ip proxy-arp
  shutdown
  duplex auto
  speed auto
+ no mop enabled
 !
 interface Serial0/1
  no ip address
+ no ip redirects
+ no ip unreachables
+ no ip proxy-arp
  shutdown
  clock rate 2000000
 !
 interface FastEthernet1/0
  no ip address
+ no ip redirects
+ no ip unreachables
+ no ip proxy-arp
  shutdown
  duplex auto
  speed auto
+ no mop enabled
 !
 interface Serial2/0
  no ip address
+ no ip redirects
+ no ip unreachables
+ no ip proxy-arp
  shutdown
  serial restart-delay 0
 !
 interface Serial2/1
  no ip address
+ no ip redirects
+ no ip unreachables
+ no ip proxy-arp
  shutdown
  serial restart-delay 0
 !
 interface Serial2/2
  no ip address
+ no ip redirects
+ no ip unreachables
+ no ip proxy-arp
  shutdown
  serial restart-delay 0
 !
 interface Serial2/3
  no ip address
+ no ip redirects
+ no ip unreachables
+ no ip proxy-arp
  shutdown
  serial restart-delay 0
 !
@@ -112,7 +154,10 @@
 no ip http server
 no ip http secure-server
 !
+logging trap debugging
+logging facility local2
 no cdp log mismatch duplex
+no cdp run
 !
 !
 !
@@ -143,3 +188,4 @@
 !
 !
 end
+

References

  1. Ciscoルータ – はじめての起動