Thanks Nadeem,

CCO says look for "FW" in the image name, but I don't see that or "O" in the image names I've used.

Image names are often changed before being installed. Is there another way to see if the Firewall set is installed?

Hi,

FW will be in the image description but is represented by an 'o' in the image name as Nadeem said. Other than this, there isn't a real good way to see this info. Can you post the 'sh ver' from your router? Perhaps we can infer some more data from this info to help?

Scott

The problem is that this is for a lab and most images get renamed and overwritten.

Can you respond with some examples of an image description with "FW" or an image name with "O"?

OK, I understand that. I was simply saying that I may be able to infer some more info from the 'sh ver' output on your router to help but if this is the tactic you want to take, here ya go:

Router#sh ver

Cisco Internetwork Operating System Software

IOS (tm) 1600 Software (C1600-OSY56I-L), Version 12.1(11), RELEASE SOFTWARE (fc1)

Copyright (c) 1986-2001 by cisco Systems, Inc.

Compiled Tue 02-Oct-01 20:56 by kellythw

Image text-base: 0x08053488, data-base: 0x02005000

ROM: System Bootstrap, Version 11.1(10)AA, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)

ROM: 1600 Software (C1600-BOOT-R), Version 11.1(10)AA, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)

Router uptime is 9 weeks, 10 hours, 41 minutes

System returned to ROM by reload at 10:05:27 UTC Wed Apr 9 2003

System image file is "flash:/c1600-osy56i-l.121-11.bin"

cisco 1604 (68360) processor (revision C) with 4608K/1536K bytes of memory.

Processor board ID 10203127, with hardware revision 00972006

Bridging software.

X.25 software, Version 3.0.0.

Basic Rate ISDN software, Version 1.1.

1 Ethernet/IEEE 802.3 interface(s)

1 ISDN Basic Rate interface(s)

U interface with external S bus interface for ISDN Basic Rate interface.

System/IO memory with parity disabled

2048K bytes of DRAM onboard 4096K bytes of DRAM on SIMM

System running from FLASH

7K bytes of non-volatile configuration memory.

16384K bytes of processor board PCMCIA flash (Read ONLY)

Configuration register is 0x2102

Router#

Scott

Thanks Scott,

We have a whole bunch of routers in our lab, and even if I sent you a sh ver for each one, most of the image names have been renamed. I don't want to waste your time.

We have a lab full of 2500 and 2600 routers. Most are running IOS v.12+ but don't support the IOS firewall set. The main objective is to be able to identify whether any router supports CBAC (this is for a written lab exercise), not whether one router supports CBAC.

Does this router support the IOS Firewall Set? It is my understanding that you need IOS v 12.2 or better. This shows an IOS v 11.1.

If this router does support the IOS firewall set, could you please specifically identify the part of this sh ver that says that?

In the written lab, I tell the reader that they must have a router with IOS v12.2 or better with the Firewall Set. HERE'S HOW TO SEE IF YOUR ROUTER SUPPORTS CBAC_____________________________.

If you tell me how to fill in the blank, I won't bother you anymore. For example, look for "O" in the image name, for example ______ or look for "FW" in the description field, for example ________.

Thanks again.

I'm finding conflicting info on the cisco site (or I'm misunderstanding). At this link:

http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800949e4.shtml

CCO says that "o3" in the image name means it includes CBAC, and then it says that "FW" in the image name means that it supports CBAC.

Could you please help with some examples to clarify the issue? The sh ver from the 1600 you posted doesn't appear to be a IOS image that supports CBAC.

Thanks for your time.

If the image filename has been renamed, then the easiest thing to do is simply see if the router supports the "ip inspect" command. Do the following:

conf t

ip inspect ?

If you get an error then it doesn't have a FW IOS version loaded.