Difference between revisions of "Cisco IOS Firewall"

From Ever changing code
Jump to navigation Jump to search
Line 15: Line 15:


  r1(config)#license boot module c1900 technology-package securityk9
  r1(config)#license boot module c1900 technology-package securityk9
Then <code>write</code> configuration and reload the router. Verify the license features.  
Then <code>write</code> configuration and reload the router.
;Verify the license features.  
  '''show license feature'''
  '''show license feature'''
  Feature name            Enforcement  Evaluation  Subscription  Enabled  RightToUse
  Feature name            Enforcement  Evaluation  Subscription  Enabled  RightToUse
Line 39: Line 40:
         Store Index: 0
         Store Index: 0
         Store Name: Built-In License Storage
         Store Name: Built-In License Storage
== Disable security9 feature ==
== Disable security9 feature ==
  r1(config)#<span style="color: red">no</span> license boot module c1900 technology-package securityk9
  r1(config)#<span style="color: red">no</span> license boot module c1900 technology-package securityk9

Revision as of 12:58, 8 December 2013

This is about configuring firewall on Cisco IOS - not ASA. Base line router here is Cisco 1941/K9 platform with following softwre vesion: (C1900-UNIVERSALK9-M), Version 15.2(4)M4, RELEASE SOFTWARE (fc2).

License

Cisco1941/K9 arrives with universal image but CBAC and firewall features require securityk9 feature to be enabled to make it work.

Enable security9 feature

show license feature
Feature name             Enforcement  Evaluation  Subscription   Enabled  RightToUse
ipbasek9                 no           no          no             yes      no
securityk9               yes          yes         no             no       yes
datak9                   yes          yes         no             no       yes
SSL_VPN                  yes          yes         no             no       yes
ios-ips-update           yes          yes         yes            no       yes
hseck9                   yes          no          no             no       no
WAAS_Express             yes          yes         no             no       yes

r1(config)#license boot module c1900 technology-package securityk9

Then write configuration and reload the router.

Verify the license features.
show license feature
Feature name             Enforcement  Evaluation  Subscription   Enabled  RightToUse
ipbasek9                 no           no          no             yes      no
securityk9               yes          yes         no             yes      yes
datak9                   yes          yes         no             no       yes
SSL_VPN                  yes          yes         no             no       yes
ios-ips-update           yes          yes         yes            no       yes
hseck9                   yes          no          no             no       no
WAAS_Express             yes          yes         no             no       yes

show license detail securityk9
Feature: securityk9                      Period left: 8  weeks 3  days
Index: 1        Feature: securityk9                        Version: 1.0
        License Type: EvalRightToUse
        License State: Active, In Use
            Evaluation total period: 8  weeks 4  days
            Evaluation period left: 8  weeks 3  days
            Period used: 10 minutes 48 seconds
            Transition date: Feb 06 2014 11:34:49
        License Count: Non-Counted
        License Priority: Low
        Store Index: 0
        Store Name: Built-In License Storage

Disable security9 feature

r1(config)#no license boot module c1900 technology-package securityk9

Then write configuration and reload the router. Verify the license features using show commands from the previous point.

CBAC - BAC - Context Based Access Control

CBAC

Retrieved from ‘http://wiki.ciscolinux.co.uk/index.php?title=Cisco_IOS_Firewall&oldid=755