policy-map type inspect esmtp tls-esmtp
parameters
allow-tls
no mask-banner !! may only be required if you notice issues related to the banner
policy-map global_policy
class inspection_default
no inspect esmtp
inspect esmtp tls-esmtp
!! Enable the performance monitoring
asdm history enable
!! View data
show asdm history feature <all|blocks|cpu|failover|ids|interface|memory|perfmon|sas|tunnels|xlates>
show asdm history view <10m|60m|12h|5d|all> feature <all|blocks|cpu|failover|ids|interface|memory|perfmon|sas|tunnels|xlates>
Notes:
- You can leave off the feature command to view ALL performance data
show eigrp topology
show eigrp neighbors
debug eigrp neighbor
debug eigrp fsm
router eigrp <as-num> !! as number must match on neighbors
no auto-summary
eigrp router-id 10.0.150.3 !! Name for defining the eigrp, name after interface IP
redistribute static !! redistribute static routes, can use policy map instead so not ALL statics are distributed
network 10.0.150.0 255.255.255.0 !! Directly connected network
network 4.2.2.128 255.255.255.248 !! Directly connected network
exit
!! configure static routes to point to the interface/IP that you want to monitor and stop advertising the routes when the interface goes down
route <int-to-watch> <network-to-advertise> <subnet> <ip-of-int-to-watch>
access-list no_inspect_ESMTP deny tcp <source> <destination> eq 25
access-list no_inspect_ESMTP permit tcp any any eq 25
class-map no_inspect_ESMTP
match access-list no_inspect_ESMTP
exit
policy-map global_policy
class no_inspect_ESMTP
inspect ESMTP
exit
class inspection_default
no inspect esmtp
exit
Notes:
- It's important that the last ACL is specific for port 25 and not all IP. Traffic will break if left as 'ip'
prompt hostname state
cphastop
mount -t iso9660 -o loop <iso_image> /mnt/cdrom
cd /mnt/cdrom
patch add cd
Notes:
- It's best to verify these steps from Release Notes
- After install, modify CP object in policy to reflect new version and push policy
- HFAs will use ./UnixInstallScript instead of 'patch add cd'
useradd -u 0 -o -g 0 -m <username> -s /bin/rbash
clish
add user <username> uid <uid#> homedir /var/<username>
set user <username> shell /bin/csh
add rba user <username> role monitorRole
save config
Notes:
- UID should be above 120. If you give a UID of 0, that will give the user read/write access
- The 'RBA' line assigns the default readonly Voyager role, monitorRole, to the user. If the user does not need Voyager access, this can be ignored.