Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1855
Views
0
Helpful
4
Replies

Harden Cisco IOS Devices

Rodrigo Belo
Level 1
Level 1

‎06-14-2012 10:14 AM

I am trying to "harden" my network devices:

- Cisco Catalyst 3750 (IOS Version 12.2(52)SE)

- Cisco Catalyst 3550 (IOS Version 12.2(52)SE)

- Cisco Catalyst 2960 (IOS Version 12.2(52)SE)

- Cisco Catalyst 2950 (IOS Version 12.1(22)EA13)

I found some documents very usefull available at

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml

http://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/fcf013.html

The problem is that I don't know what values/thresholds I should use on such features as:

- memory free low-watermark processor <threshold_in_KBytes>

- memory free low-watermark io <threshold_in_KBytes>

- memory reserve critical <value>

- exception memory minimum processor <value_in_Bytes>

- exception memory minimum io <value_in_Bytes>

- exception memory fragment processor <value_in_Bytes>

- exception memory fragment io <value_in_Bytes>

How can I know/troubleshoot how much memory the devices need to work properly??

How can know when the devices reach a critical state??

I understand it will depend on what kind of features I have enabled but...what should I do to check how much memory the current configuration needs to work properly?

thanks in advance

Labels:
0 Helpful
4 Replies 4

Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-14-2012 11:43 AM

The particular commands you reference were only integrated into mainline builds like the ones you cited above in IOS 12.3 versions or later.

Personally I'd say if you did all of the other less esoteric reommended actions that you are ahead of 75% of your peers.

0 Helpful

Rodrigo Belo
Level 1
Level 1
In response to Marvin Rhoads

‎06-18-2012 04:06 AM

Hi Marvin,

I'm not sure what you mean by

"The particular commands you reference were only integrated into mainline builds like the ones you cited above in IOS 12.3 versions or later."


I'm using IOS 12.2 and I am using the comands!! I'm just trying to trim the values/thresholds...

I have experienced memory issues in the past and the alerts did me no good as they were either:

1) received too soon, and there was no problem with the switches;

2) received too late and I didn't had time to fix it before the network "crashed";

thanks

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Rodrigo Belo

‎06-18-2012 05:34 AM

Some "S" build had the commands but they weren't universally implemented until 12.3.

Interesting that you have had switches crash due to memory usage. I've personally never run across a memory use-induced crash since back in the days of Cisco 7000 routers (with token ring, FDDI, source route bridging and IOS 10.x!).

0 Helpful

Rodrigo Belo
Level 1
Level 1
In response to Marvin Rhoads

‎06-18-2012 06:02 AM

The crashes were cause by "improper" configurations.

Between others, the switches were sending SNMP informs to 3 snmp servers. On a period where those servers were disconnected for maintenance, the switches could not receive SNMP response to the informs...eventually the switch memory was exausted at it failed to allocate memory for other processes like "spanning-tree".

hint: On Layer2 topologies make sure to implement features like "loop guard"

I was not expecting this at all... From that day forward I decided to harden configurations as much as  can.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents