Guest

Cisco 2000 Series Connected Grid Routers

Configuring Connected Grid Swap Drive and Cisco IOS IPS on the CGR 2010 Router

  • Viewing Options

  • PDF (229.1 KB)
  • Feedback
Cisco Connected Grid 2010 Router Software Configuration Guide, Cisco IOS Release 15.2(2)T

Table Of Contents

Cisco Connected Grid 2010 Router Software Configuration Guide, Cisco IOS Release 15.2(2)T

Tell Us What You Think

Supported Products

Connected Grid Swap Drive

Connected Grid Swap Drive Overview

Required ROM Monitor Version

Router Compact Flash Memory Cards

Using the Connected Grid Swap Drive Feature

Enable the Connected Grid Swap Drive Feature

Save Source Router Configuration to the Flash Memory Card

Transfer the Configuration to the New Router

Verify the Configuration on the New Router

Command Syntax Summary

swap-drive

Cisco IOS Intrusion Protection System (IPS)

About Cisco IOS IPS

Configuring Cisco IOS IPS

Supported IPS Signatures for the Cisco CGR 2010

Related Documents and Online Tools

Technical Assistance


Cisco Connected Grid 2010 Router Software Configuration Guide, Cisco IOS Release 15.2(2)T


Publication Date: November 15, 2011
Part Number: OL-26207-01
Cisco IOS Release: Cisco IOS Release 15.2(2)T

This guide describes how to configure the Cisco IOS Release 15.2(2)T features described in Supported Products on the Cisco Connected Grid 2010 Router (Cisco CGR 2010). Use this document in conjunction with other router software configuration documentation.


Note This document provides information about platform-specific features for Cisco IOS Release 15.2(2)T for the Cisco CGR 2010. For cross-platform information for the router, including new features, resolved caveats, and open caveats, refer to the 15.1M&T cross-platform release notes, at: http://www.cisco.com/en/US/products/ps10977/prod_release_notes_list.html


This document contains the following sections:

Tell Us What You Think

Supported Products

Connected Grid Swap Drive

Cisco IOS Intrusion Protection System (IPS)

Related Documents and Online Tools

Technical Assistance

Tell Us What You Think

Send your feedback about this document directly to the Connected Grid Documentation Team.

Connected Grid Documentation Feedback Form


Supported Products

Feature
Hardware
Minimum Software Release

Connected Grid Swap Drive

Cisco CGR 2010

Cisco IOS Release 15.2(2)T

Cisco IOS IPS

Cisco CGR 2010

Cisco IOS Release 15.2(2)T


Connected Grid Swap Drive

This section describes the Connected Grid Swap Drive feature for the router and includes the following topics:

Connected Grid Swap Drive Overview

Using the Connected Grid Swap Drive Feature

Connected Grid Swap Drive Overview

Using the Connected Grid Swap Drive feature, you can transfer system configuration information from one router to another using a compact flash memory card (or compact flash card) while the routers are operating. This functionality enables you to quickly configure new routers with a standard configuration with little or no manual configuration required.

During normal operation, the router configuration information is stored on the router internal bootflash memory. When the Connected Grid Swap Drive feature is enabled, however, configuration information is saved to the bootflash and to the router compact flash memory card. After saving the router configuration to the compact flash card, you can insert the card into another router. When the new router is rebooted, it uses the configuration from the compact flash card as the running and startup configuration.

You can use this configuration method for:

Configuring new or replacement routers

Recovering the configuration on failed routers

Required ROM Monitor Version

This feature requires that the router is using ROM monitor (ROMmon) version 15.0(1r)M13 or later. The ROMmon is sometimes referred to as the bootstrap program. For more information on using ROMmon with the router, refer to the "Using ROM Monitor" chapter in the router configuration guide at:

http://www.cisco.com/en/US/docs/routers/access/2000/CGR2010/software/configuration/guide/rommon.html

Check ROMmon Version

Enter the show rom-monitor slot privileged EXEC command to verify the version of ROMmon that is running on the router:

Router# show rom-monitor slot
System Bootstrap, Version 15.0(1r)M13, RELEASE SOFTWARE (fc1) 
Copyright (c) 2011 by Cisco Systems, Inc.

Upgrade ROMmon Version

Use the upgrade rom-monitor privileged EXEC command to upgrade router ROMmon as needed to use the Connected Grid Swap Drive feature.

Refer to the Cisco IOS Configuration Fundamentals Command Reference for detailed information about using this command:

http://www.cisco.com/en/US/docs/ios/fundamentals/command/reference/cf_t1.html#wp1060450

Router Compact Flash Memory Cards

The router supports a maximum of two compact flash memory cards. The router ships with one compact flash card installed and supports a second, optional flash card that you can order with the router or supply separately. Figure 1 illustrates the location of the compact flash card slots on the router.

Figure 1 Cisco Connected Grid 2010 Router—Compact Flash Memory Card Slot Locations

Item
Label on Router
Description
Cisco IOS Interface Name

1

CF1

This slot supports an optional compact flash card that you can order with the router or supply separately. The Connected Grid Swap Drive feature is not supported on this slot.

flash1:

2

CF0

This is the required slot for use with the Connected Grid Swap Drive feature. The router comes with a compact flash card already installed in this slot.

The Connected Grid Swap Drive feature is supported on this CF slot only.

flash or
flash0:


For additional information about the router compact flash memory support, refer to the router hardware installation guide at:

http://www.cisco.com/en/US/products/ps10977/prod_installation_guides_list.html

Using the Connected Grid Swap Drive Feature


Note In this section, the existing router, from which the configuration information is copied, is referred to as the source router, and the router to which the configuration information is transferred is referred to as the new router. The new router can be a new router, a replacement router, or a router that has failed.


These are the major steps, described in more detail in this section:

1. Enable the Connected Grid Swap Drive Feature

2. Save Source Router Configuration to the Flash Memory Card

3. Transfer the Configuration to the New Router

4. Verify the Configuration on the New Router

Enable the Connected Grid Swap Drive Feature

The Connected Grid Swap Drive feature is disabled by default on the router. When this feature is disabled, the write memory command saves the router running configuration to the router system bootflash only (default write memory behavior). When the Connected Grid Swap Drive feature is enabled, the write memory command saves the router running configuration to both the router system bootflash and to the router compact flash card installed in slot CF0 (see Figure 1).

Enable the feature with the swap-drive global configuration command:

CGR2010(config)# swap-drive

Note The feature is not supported for compact flash cards installed in slot CF1.


Disable the feature using the no form of the command:

CGR2010(config)# no swap-drive

Save Source Router Configuration to the Flash Memory Card

Follow these steps while the source router is operating normally to save the running configuration to the compact flash card.


Step 1 Enter the write memory EXEC command to save the router running configuration and boot parameters to the compact flash card installed in slot CF0 (see Figure 1):

CGR2010> write memory
 
   

This command creates two text files on the compact flash card:

swap_drive_config.txt—Router running configuration

system_boot_config.txt—Router boot parameters, including boot path, configuration register, and checksum.


Note If the compact flash card already contains files with these names, Step 1 will overwrite the existing files with new files. You will not be asked if you wish to overwrite the existing files.


Step 2 (Optional) Enter the dir flash: privileged EXEC command to verify the two text files are on the compact flash card. In the example output shown below, the lines 2 and 5 list the text files:

CGR2010# dir flash:
Directory of flash0:
 
   
1	-rw-		63822856			Oct 13 2011 21:22:58						cgr2010-universalk9-mz.SPA.152-1.14.T0.2
2	-rw-			1181		Oct 26 2011 17:26:50 						system_swap_drive_config.txt
3	-rw-		50865812			Jul 18 2011 18:34:28						cgr2010-universalk9-mz.SPA.151-3.T1.bin
4	-rw-		57747592			Aug 24 2011 21:01:32						cgr2010-universalk0-mz.SSA-swapdr5-2
5	-rw-				87	Oct 26 2011 17:26:50						system_boot_config_txt
 
   

Step 3 Remove the compact flash card from the slot labeled CF0 on the source router according to the "Removing and Installing Compact Flash Memory Cards" instructions in the router hardware installation guide at:

http://www.cisco.com/en/US/docs/routers/access/2000/CGR2010/hardware/installation/guide/Internal_Modules.html


Transfer the Configuration to the New Router

Follow these steps to transfer the saved configuration files to the new router. This procedure can be performed when the router is off or while the router is operating normally.


Step 1 Install the compact flash card in the slot labeled CF0 on the new router according to the "Removing and Installing Compact Flash Memory Cards" instructions in the router hardware installation guide at:

http://www.cisco.com/en/US/docs/routers/access/2000/CGR2010/hardware/installation/guide/Internal_Modules.html

Step 2 If the router is off, power on the router. If the router is already running, enter the reload privileged EXEC command to reboot the router.

When the router boots up, the ROM monitor software verifies that:

A compact flash card is installed in the router CF0 slot (flash0)

The swap_drive_config.txt file exists on the flash card

When the router detects the swap_drive_config.txt file on flash0, the following steps take place:

The router boots up using the configuration contained in the file.

The router saves the configuration contained in the file as new the startup config.


Additional Information

If the new router system boot flash parameters are different than the parameters in the system_boot_config.txt file, the router ROM monitor saves the parameters contained in the system_boot_config.txt file to the new router system boot flash. The system software starts up using the new parameters from the system_boot_config.txt file.

When the new router boots up, the Connected Grid Swap Drive feature is enabled.

Verify the Configuration on the New Router

Follow these steps to verify that the configuration from the source router has been successfully transferred to the new router:


Step 1 Use the show running-config privileged EXEC command to display the new router running configuration and verify that the new router is using the configuration from the source router:

CGR2010# show running-config
 
   

Step 2 Use the show startup-config privileged EXEC command to display the configuration that is stored in the new router NVRAM and verify that it is the configuration from the source router:

CGR2010# show startup-config

Command Syntax Summary

This section summarizes the command syntax used with the Connected Grid Swap Drive feature.

swap-drive

The swap-drive global configuration command enables the Connected Grid Swap Drive feature.

Use the no form of the command to disable the Connected Grid Swap Drive feature.

Command Syntax
Description

swap-drive

The swap-drive global configuration command enables the Connected Grid Swap Drive feature on the router. The default setting is disabled.

When this feature is enabled, enter the write memory command to save the router running configuration to both the router system boot flash and the router compact flash card installed in slot CF0 (see Figure 1). This enables you to transfer configuration between routers using the compact flash card.


Cisco IOS Intrusion Protection System (IPS)

This section describes the Cisco IOS IPS feature for the router and includes the following topics:

About Cisco IOS IPS

Configuring Cisco IOS IPS

About Cisco IOS IPS

Cisco IOS IPS technology enhances perimeter firewall protection by taking appropriate action on packets and flows that violate the security policy or represent malicious network activity.

Cisco IOS IPS identifies attacks using "signatures" to detect patterns of misuse in network traffic. Cisco IOS IPS acts as an in-line intrusion detection sensor, watching packets and sessions as they flow through the router, scanning each to match currently active (loaded) attack signatures. When Cisco IOS IPS detects suspicious activity, it responds before network security can be compromised, it logs the event, and, depending on the action(s) configured to be taken for the detected signature(s), it does one of the following:

Sends an alarm in syslog format or logs an alarm in Secure Device Event Exchange (SDEE) format

Drops suspicious packets

Resets the connection

Denies traffic from the source IP address of the attacker for a specified amount of time

Denies traffic for a specified amount of time on the connection on which the signature was seen

Configuring Cisco IOS IPS

For detailed instruction on configuring Cisco IOS IPS on the router, refer to the chapter "Configuring Cisco IOS Intrusion Prevention System (IPS)" in the Security Configuration Guide: Securing the Data Plane, Cisco IOS Release 15.1M&T at:

http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_cfg_ips_ps10592_TSD_Products_Configuration_Guide_Chapter.html

Supported IPS Signatures for the Cisco CGR 2010

This section lists the SCADA signatures that the router supports in Cisco IOS Release 15.2(2)T and later. Click the signature name in the Name column to go to the detailed entry for the signature on the Cisco Security Intelligence Operations web site.

Table 1 Supported SCADA Signatures — Cisco CGR 2010 

SCADA Signature ID
Signature Sub-ID
Name

5612/0

DNP3

Unsolicited Response Storm

5613/0

DNP3

Cold Start Request

5614/0

DNP3

Disable Unsolicited Response

5615/0

DNP3

Read a Request to a PLC

5616/0

DNP3

Stop Application

5617/0

DNP3

Warm Restart

5618/0

DNP3

Broadcast Request

5619/0

Non-DNP3

Communication on a DNP3 Port

5619/1

Non-DNP3

Communication on a DNP3 Port

5620/0

DNP3

Write Request to a PLC

5621/0

DNP3

Miscellaneous Request to a PLC

5622/0

Modbus TCP

Force Listen Only Mode

5623/0

Modbus TCP

Restart Communication Option

5624/0

Modbus TCP

Clear Counters and Diagnostic Registers

5625/0

Modbus TCP

Read Device Identification

5626/0

Modbus TCP

Report Server Information

5627/0

Modbus TCP

Illegal Packet Size

5627/1

Modbus TCP

Illegal Packet Size

5628/0

Modbus

Slave Device Busy Exception Code Delay

5629/0

Modbus

Acknowledge Exception Code Delay

5630/0

Modbus TCP

Read Request to a PLC

5631/0

Modbus TCP

Write Request to a PLC

5632/0

Non-Modbus TCP

Non-Modbus Communication

5632/1

Non-Modbus TCP

Non-Modbus Communication

5779/0

ICCP

COTP Connection Request

5780/0

ICCP

COTP Connection Established

5781/0

ICCP

Client Association

5782/0

ICCP

MMS Write Request Attempt

5783/0

ICCP

MMS Write Request Succeeded

5784/0

ICCP

COTP Address Unknown Disconnect

5785/0

ICCP

COTP Protocol Error Disconnect

5786/0

ICCP

Invalid OSI SSEL

5787/0

ICCP

Invalid OSI PSEL

5788/0

ICCP

Invalid TPKT Protocol


Related Documents and Online Tools

These documents contains additional software configuration information for the Cisco Connected Grid 2010 Router:

Cisco Connected Grid 2010 Router Hardware Installation Guide

http://www.cisco.com/en/US/products/ps10977/prod_installation_guides_list.html

Cisco Connected Grid 2010 Router Software Configuration Guides

http://www.cisco.com/en/US/products/ps10977/products_installation_and_configuration_guides_list.html

Cisco IOS Configuration Fundamentals Command Reference

http://www.cisco.com/en/US/docs/ios/fundamentals/command/reference/cf_book.html

Cisco Connected Grid 2010 Router Release Notes

http://www.cisco.com/en/US/products/ps10977/prod_release_notes_list.html

Cisco Intrusion Prevention System Signature Search

http://tools.cisco.com/security/center/search.x?search=Signature

Technical Assistance

Finding Support Information for Platforms and Cisco IOS Software Images

Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.

Technical Assistance Center Home Page

The Technical Assistance Center (TAC) home page contains 30,000 pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.

http://www.cisco.com/public/support/tac/home.shtml


This document is to be used in conjunction with the documents listed in the "Related Documents and Online Tools" section.