Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Cisco IOS

JSA Risk Manager supports the Cisco Internet Operating System (IOS) adapter.

The Cisco IOS adapter collects device configurations by backing up IOS-based network switches and routers.

The following features are available with the Cisco IOS adapter:

  • Neighbor data support

  • Dynamic NAT

  • Static NAT

  • SNMP discovery

  • Static routing

  • EIGRP and OSPF dynamic routing

  • P2P Tunneling/VPN

  • Telnet and SSH connection protocols

The following table describes the integration requirements for Cisco IOS.

Table 1: Integration Requirements for Cisco IOS

Integration requirement



IOS 12.0 to 16.2 for routers and switches.

Cisco Catalyst 6500 switches with MSFC.

Use the Cisco IOS adapter to back up the configuration and state of the MSFC card services.

If a Cisco IOS 7600 series router has an FWSM, use the Cisco ASA adapter to back up the FWSM.

User Access Level

A user with command exec privilege level for each command that the adapter requires to log in and collect data. For example, you can configure a custom privilege level 10 user that uses local database authentication.

The following example sets all show ip commands, to privilege level 10.

privilege exec level 10 show ip

SNMP discovery

Matches ISO or Cisco Internet Operation System in SNMP sysDescr.

Required credential parameters

To add credentials in JSA log in as an administrator and use Configuration Source Management on the Admin tab.



Enable Username (Optional)

Use this field, if the user needs to enter a specific privilege level when logging in to the device. Use the format level-<n> where n is a privilege level [0-15]. For example, to enter privilege level 10, enter the following command:


This results in sending the enable 10 command to the Cisco device.

Enable Password (Optional)

Supported connection protocols

To add protocols in JSA, log in as an administrator and use Configuration Source Management on the Admin tab.

Use any one of the following supported connection protocols:



Commands that the adapter requires to log in and collect data

terminal length 0

show startup-config

show ip arp

show cdp neighbors detail

show mac address-table dynamic

show ip ospf neighbor

show ip eigrp neighbors

show ip bgp neighbors

show interfaces

show version

show interfaces

show access-lists

show ip route | exclude ^B'

show ip route bgp | include

show ipv6 route | exclude ^B

show ipv6 route bgp | include

show ipv6 routers

show ipv6 interface

show ipv6 access-list

show object-group

show vlan

show vlans

Try to use the show vlan command first. If the show vlan command is not available, use the show vlans command.

The show vlans command is used for Catalyst 6500 series switches and Cisco 7600 series routers.