Blue Flower

rConfg is a great management tool (free of charge) that can be use to manage and backup your Cisco switches and routers, you'd love once you start using it. Needless to say that you need to have some kind of backup in place for the configuration of your Cisco switches, that is actually a requirement for any Network Audit of your systems

This is what we'll do in this article:

  1. Get the rConfig VM ready
  2. Installing rConfig
  3. Configure the rConfig web interface
  4. Add your Cisco devices

 And finally, and insight for some useful Cisco Tips of general use

1. Get the VM rConfig ready

Set up on your environment a VM and install on it CentOS7 (64-bit,) I was very generous and gave it 30GB of storage so that it can save as many config files from your Cisco switches as you like (don't forget obviously to backup the VM itself). I used these settings:

 

For the installation type, choose "Infrastructure Server" only. Set the root password and DO NOT create any user

Once you are up and running, edit the following files if needed:

#vi /etc/sysconfig/network-scripts/ifcfg-ens192

Set the following:

  • BOOTPROTO=none
  • ONBOOT=yes
  • IPADDR=192.168.0.x
  • NETMASK=255.255.255.0
  • GATEWAY=192.168.0.x
  • NM_CONTROLLED=no

Edit also your DNS servers and add them to your VM box:

#vi /etc/resolv.conf

Set the following, for your Primary and Secondary DNS server respectively:

  • nameserver 192.168.0.x1
  • nameserver 192.168.0.x2

Edit the hostname of the system and just call it "rconfig"

#vi /etc/hostname

#systemctl restart network   ;run this after you have changed the name

2. Installing rConfig

Before continue any further, do a yum -y update on your system and ensure it is up to date, then visit the rconfig official website here: http://help.rconfig.com/gettingstarted/installation from where you can get this script to be run on your VM:

cd /home
curl -O http://files.rconfig.com/downloads/scripts/install_rConfig.sh -A "Mozilla"
chmod +x install_rConfig.sh
./install_rConfig.sh

 

All the required packages will be installed for you, thank you rConfig! :) Answer the questions that follow with a yes, yes

  • Do you want to allow root access to FTP....? yes
  • Do you want to enter your own NTP server...? yes

At the time of MySQL installation, enter the root password to be blank, in other words: none, then set a new password for MySQL

  • Remove anonymous user..? yes
  • Disallow root login remotely...? no
  • Remove test database and access to it...? yes
  • Reload privilege tables now...? yes

Once the installation is completed, give a fine reboot to your VM, then run:

home# ./centos_postReboot.sh

3 Configure the rConfig web interface

Almost there! Now visit https://rconfig/install to understand what is happening. Follow the wizard after, accepting the license. In the "Database Setup" window, enter these details, with the MySQL password for the root included

After you click on "Check Setting" and have all green light, click on "Install Database". Any issues go and verify your settings again (there should be no other 'rconfig' MySQL on your network)

Do the final checks and take note of the initial logon details for rConfig

 

 

4. Add your Cisco devices

Visit the "Settings" web section and do the following:

  • Set your correct timezone
  • Set the username/password for your Cisco devices, as well as the "enable" password
  • Set your e-mail settings (do a test after your have configured the e-mail)
  • Add a 2nd admin user, just in case

Visit the section Devices > Commands and under the category of "Switches" add these two commands:

  • show running-config
  • show interface status
  • show ehterchannel summary
  • show ip route
  • show cdp neigh
  • show ip access-list
  • show spanning-tree active

Then, feel free to add your first Cisco switch to the list (be mindful of the 'device name', once you chose it you'll have to delete the device if you want to update it):

Create a "Schedule Task" to download the configuration of the "Switches" category on the 1st and the 15th of every month, so you'll have piece of mind knowing that your running-config are all being backup on regular basis; you just will need to ensure that (of course) the rConfig VM is backup too!

 

 

Thank you for reading!

Please click and explore on any of the adverts if you would like to contribute supporting this page

London, 25 February 2019

References

Thank you Jim Jones for you great article! https://www.koolaid.info/getting-started-with-rconfig-on-centos-7/ 

 

Cisco Tips

These are some handy commands and tips to make your work easier when managing Cisco switches

Set a specific switch (normally a layer 3) as the root for Spanning-tree

To set a switch as the primary spanning-tree root for a number of specific VLANs, do as follows:

(config)#show spanning-tree root ;this will display the distance of the switch to the root

(config)#spanning-tree mode pvst
(config)#spanning-tree extend system-id
(config)#spanning-tree vlan 1,10-15,28,30,33,50 priority 16384

By setting this switch to a priority of 16384, we'll force it to be the root switch, as its priority would be lower than the default of 32768

Check the warranty of your device

Make sure your Cisco device is still under cover by entering its serial number on this link: https://cway.cisco.com/sncheck/

Find out an IP address by its MAC address

Imagine you see through PRTG that a device in a particular Cisco access switch port is taking all the juice, who is that guy? To find out who is that nasty fellow, first do this on the switch where the device is connected:

SWITCH#show mac address-table
This will show you the MAC address that is connected to that port

Then visit the router or the layer 3 device that route traffic to that switch, and issue this command:

ROUTER#show ip arp | inc 0023.2492.9425
And that will list the IP address of the above MAC :)

Your friend Telnet

We all know telnet is insecure and uses the well-know port 23, but you can actually use this tool to test the Network Layer of any host, and see if any TCP port is open on that host, SMTP, FTP, HTTP, etc

#telnet 192.168.0.1 25
      trying 192.168.0.1,25...Open

The above tells you that port 25 is open in host 192.168.0.1; if you get 'connnection refused' that means the port is closed 

 In Windows OS, use the command route print to quickly discover its gateway

 

 

Print Friendly, PDF & Email