Verify the Current Router Configuration

You must verify that the current configuration of the router will not conflict with the new items that you want to add. You can use three commands to display the current router configuration:

• show running-configuration This command displays the current configuration that is running on the router. The show configuration command shows the last configuration that was saved to memory but does not display any changes that took place but were not saved. This command is the same as the show startup configuration because it displays the configuration the router will have when it startsany unsaved configuration changes are lost during a reboot.

• show crypto isakmp policy This command displays the current ISAKMP policy that is configured on the router. You can then verify that your planned configuration will not conflict with the current configuration.

• show crypto map This command can include the interface or the map name and displays any crypto map entries configured on the router. The crypto map includes the name, interface, and local address of the router; peer address; crypto access list; SA lifetime; and transform set name. The show crypto map command also tells you whether Perfect Forward Secrecy has been enabled for that connection. Perfect Forward Secrecy is a key-establishment protocol that generates a new public/private key pair with each session. The result is a dynamic key exchange that prevents an eavesdropper from decrypting messages using keys derived from previously captured data.

0 0

Post a comment