HostedDB - Dedicated UNIX Servers
index_122
Router Security Configuration Guide UNCLASSIFIED 122 UNCLASSIFIED Version 1.0g variable.  All monitored objects must include an instance number of the monitored variable.  Variables included in the SNMP table format will have an instance number equivalent to the entry number of the table.  All other elementary data variables should have an instance number of ‘0’.  For example, the following command defines an alarm configured on a member of the MIB II interfaces table, ifTable: Central# config t Enter configuration commands, one per line.  End with CNTL/Z. Central(config)# rmon alarm 1 ifEntry.13.1 30 delta                rising-threshold 40 1 falling-threshold 0 owner rscg Central(config)# exit Central# show rmon alarms Alarm 1 is active, owned by rscg Monitors ifEntry.13.1 every 30 second(s) Taking delta samples, last value was 3 Rising threshold is 40, assigned to event 1 Falling threshold is 0, assigned to event 0 On startup enable rising or falling alarm Alarm 2 is active, owned by config       .    .       Central#   The interface entry, ifEntry.13.1, identifies variable ifInDiscards, the number of inbound packets discarded.  Alarm number 1 defines a sampling period of every 30 seconds for the number of discarded packets inbound to the Ethernet interface stored at table entry 1 or instance 1.  The agent monitors increases of forty discarded packets or more starting from the last value sampled.   A router’s RMON agent can be very useful for monitoring the number of checksum, input and output errors, input and output discarded packets, unknown or unsupported protocols, etc.  RMON may be very data intensive depending on the number of monitored variables and the length of the sampling period.  If the amount of traffic generated by RMON seems to be too high, then change the sampling period to a longer time (e.g. 30 seconds to 60 seconds). 4.5.5.     Performing Cisco IOS Software Updates This sub-section outlines the motivations and procedures for upgrading the system software on a Cisco router.  An upgrade can be beneficial for security, but if done improperly it can leave a router vulnerable.  It is important to note that most Cisco updates can only be accomplished by replacing the IOS software running on the router; there is no facility for amending or patching installed IOS software.  This section also presents information about backing out of an upgrade. To determine the current software release running on a router, use the command show version, and identify the version and memory size as shown in the transcript below.