Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
687
Views
5
Helpful
3
Replies

Generic firewall route and interface reporting

Go to solution
erik.morillo
Level 1
Level 1

‎01-21-2018 02:23 PM - edited ‎02-21-2020 07:10 AM

The forum is not displaying my replies and after editing the original post, the thread has disappeared so I am reposting this without any potential characters in the code snippet that may cause a problem.

 

I have several Cisco based firewalls all with different firmware versions for which I am asked to develop an application to report on all the interfaces and the firewalls routes. A technician has stated that each device requires 1000's of commands to enumerate this information. The question I have is whether the technician is correct in that assertion. I can imagine it may vary from device to device, and even by firmware version (though not frequently I am sure) however I am skeptical of the magnitude of commands suggested.

 

For example, in FreeBSD, I can obtain all the interfaces with ifconfig and known routes with netstat producing information such as:

vmx0: inet x.y.z.255 netmask 0xfffffc00 broadcast 255.255.255.255
vmx1: inet 172.18.0.1 netmask 0xffffff00 broadcast 172.18.0.255
vmx2: inet 172.17.0.1 netmask 0xffffff00 broadcast 172.17.0.255
vmx3: inet 172.16.0.1 netmask 0xffffff00 broadcast 172.16.0.255
vmx4: inet 172.15.0.1 netmask 0xffffff00 broadcast 172.15.0.255
vmx5: inet a.b.c.165 netmask 0xfffffc00 broadcast 255.255.255.255
lo0: inet 127.0.0.1 netmask 0xff000000

Internet:
Destination        Gateway            Flags     Netif Expire
default            x.y.z.1            UGS        vmx0
a.b.c.0/22         link#6             U          vmx5
a.b.c.165          link#6             UHS         lo0
x.y.z.0/22         link#1             U          vmx0
x.y.z.255          link#1             UHS         lo0
127.0.0.1          link#7             UH          lo0
172.15.0.0/24      link#5             U          vmx4
172.15.0.1         link#5             UHS         lo0
172.16.0.0/24      link#4             U          vmx3
172.16.0.1         link#4             UHS         lo0
172.17.0.0/24      link#3             U          vmx2
172.17.0.1         link#3             UHS         lo0
172.18.0.0/24      link#2             U          vmx1
172.18.0.1         link#2             UHS         lo0

Does a similar convention of reasonable command length exist for Cisco based firewalls?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎01-21-2018 03:03 PM

Hi

What command are you looking for?

For getting all interfaces and their IPs, you can use "show int ip brief" and for routes use "show route"

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎01-21-2018 03:03 PM

Hi

What command are you looking for?

For getting all interfaces and their IPs, you can use "show int ip brief" and for routes use "show route"

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
erik.morillo
Level 1
Level 1
In response to Francesco Molino

‎01-21-2018 03:55 PM

Hi Francesco,
So if I was to extrapolate the technicians reaction, it may take a combined total of 1000 or more commands to create and manage all the potential route types on a given firewall, but in the case where I need to simply enumerate the interfaces and all known routes at a given point in time on the device, the commands you provided are sufficient. To be honest, those look pretty basic and likely to be present on most firewall OS's and firmware versions. I'll revisit the concern with the guy but it looks like I can accomplish what I need.

Thanks a lot.

0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to erik.morillo

‎01-21-2018 04:24 PM

1000 commands is a bit exaggerated.
With show route you'll get all routes the firewall knows (static and dynamic) like netstat -rn on a Linux. Show int ip brief gives you the interface name and the ip address. If this is the only thing you're interested in then those 2 command are enough.

If you want to go deeper in the routing then you'll have a set of command for each protocol, the same applies to interfaces, if you want to see the name zone of the interface or checking interfaces counters

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card