Remote Command Tool for Cisco Routers/Switches

Similar Messages

• Security monitoring tool for Cisco ASA

  Please suggest a checp and best security monitoring tool for Cisco ASA devices.

  You can use ossec, open source tool installed on linux:
  http://www.ossec.net/

• Cisco tool for building router/switch configurations

  Is there a tool on Cisco website that lets you build your own configurations of Cisco routers etc prior to you purchasing them? i.e. Giving you a complete list of part IDs ?

  Hi
  Your question is not clear , if you asked about a tool which can help you to do a configuration for your purchase order for routers , switches , any solution for Cisco . You can configure your chassis , cards , SFPs, Power , and so on. Please use the below link:-
  https://cisco-apps.cisco.com/cisco/psn/commerce
  Thank you
  please rate all useful infomration

• Monitoring tool For Cisco Switches

  Hi All,
  I have installed 2 Core Switches and 9 Access Switches (4960-X,3560-X and 2960-X) in our organisation. Now we are looking for a Monitoring tool.
  To monitor the Traffic status, Link status, Quarterly Health Check, etc. for all the switches on a single page.
  Can anyone please suggest which Cisco Monitoring Tool will suite our requirement.
  Responsses will be highly appreciated.......
  Regards,
  Maazeem.

  Have you had a look at Cisco Prime Infrastructure?
  http://www.cisco.com/en/US/products/ps12239/index.html
  Are you looking only to monitor Cisco devices or other devices as well? There are other tools available also so it depends on your environment, budget etc.
  Daniel Dib
  CCIE #37149

• FC-2GB module part number for cisco 4503 switch

  Dear Sir,
  We hv a SAN switch MDS-9216 with FC-2GB ports.
  We want to connect the SAN switch to our newly installed cisco 4503 switch which modules is required in the cisco 4503 switch to connect the SAN switch FC-2GB ports.
  Regards
  Deepak

  Deepak,
  Can you explain why you want to do this?
  The Catalyst 4503 is an ethernet switch and does not support FC-2G interfaces. If you want to enable IP access to your storage, you would need an IP storage services module in your MDS 9216. This would then provide GE interfaces which you could connect to your Catalyst 4503. You could then provide IP-based hosts access to FC-connected storage using iSCSI for instance.
  Regards
  Rob.

• Can Cisco Routers, Switches, or Firewalls run AV?

  Can anyone point me to a document or official statement from Cisco stating that their routers, switches, and firewalls are not capable of running Anti-Virus/Anti-Malware to protect their IOS?  NERC CIP standards require that all devices contained within the Electronic Security Perimeter run Anti-Virus/Anti-Malware software "where technically feasible", if the devices cannot run AV/AM you have to submit a "Technical Feasibility Exception"....done that...now they want proof that Cisco devices (routers, switches, firewalls) are not capable of running AV/AM to protect their IOS.  Please don't confuse this with all of the offering that Cisco has to protect end-user devices...this applies only to the routers, switches, and firewalls.
  Any answers would be greatly appreciated, even comments from others dealing with this issue.

  A couple of years ago in a conference there was a presentation that claimed to install a rootkit to Cisco IOS devices.
  Here is the response from Cisco http://www.cisco.com/warp/public/707/cisco-sr-20080516-rootkits.shtml
  That is the closest I can think of that could help you.
  PK

• Unable to Remove Metal Casing for Cisco 1924 Switch

  Hi Guys,
  I just bought a Cisco 1924 switch and would like to check out its insides but I can't seem to work out how to remove the metal cover.
  I have removed all the visable screws and have also checked out the Cisco Support site and Internet but considering that the 1924 switch is an end of line product, I'm finding it extremely to find any support resources for the 1924 switch.
  I don't really want to force it open as I don't want to crack or snap anything.
  Thanks all
  two5om

  Hi,
  Here you are the Catalyst 1900 Series Installation and Configuration Guide, but unfortunately it doesn't contain how to remove the metal cover, please try to softly remove it, try to move it to the back before lifting it:
  http://www.cisco.com/en/US/docs/switches/lan/catalyst2900xl_3500xl/catalyst1900_2820/version9.00.00/icgf/19icinst.html
  HTH,
  Mohammed Mahmoud.

• AAA for Cisco MDS Switches

  I have configured Cisco ACS 4.0 (TACACS) with Windows AD for all Cisco MDS switches and it is working fine. But local "admin" access to the Cisco MDS switches via telnet is not working. At the same time , if I create a user with "network-admin" role locally, that works but not the default admin user.
  Could anyone help me in this regard.

  You have two options.
  1. Configure an "admin" user in AD. (note that you don't have to use the account named admin, you can just as easily assign a local user with the network-admin role).One thing to note, is that you normally use this local account in case the tacacs+ or radius authentication server goes down.
  You can have users configured locally and AD at the same time. If you are running AAA the default config is to check your AAA servers first, if they are not available, then to default to a local account
  2. Configure your local network-admin role user and then specify that say console access is authenticated locally, while ssh and telnet is authenticated through tacacs. This will allow you to always get in with a local account through the console, while it will force SSH and Telnet connections to authenticate through the AAA servers.
  You can find this option in Device Manager > Security > AAA > Applications
  If you found this helpful, please give it a rating.

• GUI Tool for Cisco 6500 Chassis

  Hi
  We have a requirement to allow our Service Desk to amend vlans on switchports on a range of 6509 chassis.
  Is there a tool, (like SDM for routers) which would allow them to do this using a GUI? We need to keep it as simple as possible as the Service Desk users have no experience of configuringCisco kit.
  We have Cisco Prime, however, I can't see anything which shows a graphical representation of the actual switchports on a chassis?
  If there isn't a Cisco product which supports this, does anyone know of a third party app which would do the job?
  Thanks
  J

  Hi datamodule, i see that you are looking for a 24 ports 1/10G SFP module for the Catalyst 6509E. From what i am looking at it's either 1G or 10G. Please check this link for further assistance: http://cs.co/9000YTBE. Feel free to message me for further assistance.
  Thanks,
  Angela ([email protected])

• Remote control Tool for non-IT staff

  Hi
  We currently run ZENworks for Desktops v7 and have a requirement to
  offer our financial systems team the ability to remote control users'
  workstation without the need to use Console 1. All workstations are
  currently Windows XP SP2 or SP3.
  1. Are there any 3rd party/Cool tools that can be used to offer remote
  control instead of using Console 1?
  2. Do these tools require additional roles/rights?
  Thank you.

  You can use our DSRAZOR for eDirectory/NDS and NetWare product for this.
  See the applets called "ZEN Remote Control / Remote View by User" and "ZEN
  Remote Control / Remote View by Workstation" in the HelpDesk Examples
  section of the DSRAZOR Console. The applets can be customized to your
  needs - such as limiting which containers and/or which workstations are
  shown, and allowing only remote control or only remote view (instead of
  both). After any necessary modifications are made (we can show you how or
  make the changes for you), save the applet as an EXE to distribute to the
  people who will use it. Having the applet as an EXE means they will not
  need ConsoleOne and they will not need the full DSRAZOR product either.
  The example applet in the DSRAZOR Console is based on the user's own
  privileges. If you do not want to grant these users their own privileges
  for remote control / remote view, the applet can be modified to use our
  optional Zero Privilege Helpdesk NLM. You would need one NetWare server to
  run the Zero Privilege Helpdesk NLM. When you load the NLM you will specify
  the name of a group (such as financial systems group). Then only the
  members of that group will be able to successfully use the applet, which
  they will have as a stand-alone EXE.
  An evaluation of DSRAZOR is available from:
  http://www.visualclick.com/?source=NVsupZen7r
  "Donald Sparko" <[email protected]> wrote in message
  news:eaK4m.1481$[email protected]..
  > Hi
  >
  > We currently run ZENworks for Desktops v7 and have a requirement to
  > offer our financial systems team the ability to remote control users'
  > workstation without the need to use Console 1. All workstations are
  > currently Windows XP SP2 or SP3.
  >
  > 1. Are there any 3rd party/Cool tools that can be used to offer remote
  > control instead of using Console 1?
  >
  > 2. Do these tools require additional roles/rights?
  >
  > Thank you.
  >
  > --
  >

• Video/Voice Conference -8 Error Explained for Cisco Routers

  I cannot tell you how long I have spent trying to figure out this problem. We have a bunch of macs sitting behind a NATed Cisco 2811 router, and iChat will just never work, throwing the good ole' -8 error.
  Having a good understanding of SIP, I decided to get down an dirty with the investigation of why iChat doesn't work behind some routers, while it does on others.
  iChat uses SIP, but as I have found, Apple's implementation of it does not completely honor the RFC. This is the root cause of iChat not working behind enterprise grade routers that have SIP ALG activated (details later).
  Apple uses its own flavor of NAT traversal: SNATMAP. This is an Apple service that is utilized every time a video/voice conference is created from iChat. For those of you familiar with SIP, SNATMAP essentially performs the same function as a STUN server. This service abstracts the port specifications necessary to get around NATs to a server on the public Internet.
  With some routers, this SNATMAP seems to work fine. With others, not so much. I honestly don't have too deep of an understanding of SNATMAP so I cannot get into too much detail as to why it doesn't work with some routers. If anyone knows, please chime in!
  I can, however, clearly indicate why it doesn't work behind routers that have a SIP ALG, which essentially has the intelligence to pick apart to SIP packet to make them NAT friendly. Basically, there is a portion of SIP packets called the SDP (Session Description Protocol) that provides all of the information necessary to set up the voice and video stream. The SIP RFC calls for this section to include information like the connection IP address, port, video codec, audio codec, etc. HOWEVER, Apple's implementation of iChat DOES NOT INCLUDE THE PORT IN THE SDP. Therefore, when a SIP ALG tries to intelligently convert the port, it isn't there to change. Even if it does manage to insert a port number into the SDP, the iChat client receiving the SIP packet doesn't respect that port number and just dumbly sends the request back to the default SIP port (5060).
  Here is a little flow of the process:
  1. A SIP packet is sent out from iChat to the cisco router
  2. Cisco intercepts the packet, changes the private IP address of my computer to the public IP address of the interface, and changes the port to one that it assigns on the public interface. So, basically the SIP packet enters the cisco with the SDP info like 192.168.100.137:5060 and leaves the Cisco like <public IP>:1877.
  3. On the receiving end, the SIP packet and SDP section is read with our DSL connection's public IP address, so when it tries to make contact back, requests are sent to the DSL public IP address and not an unrouteable private IP. Also, it sends to the port specified in the SDP section.
  4. When a packet comes in from the peer, the destination is something like <public IP>:1877. The cisco NAT translation table remembers that things destined to port 1877 should be converted to 192.168.100.137 on port 5060. The SDP section of the SIP packet is modified and things are peachy.
  5. This happens back and forth for all SIP messages that traverse the NAT.
  iChat is not SIP RFC compliant which is why we are having these natting issues. iChat does not specify a port in the SDP portion of the SIP messages it is sending out: a big no-no. Therefore, when the recipient iChat is sending back its requests to 207.182.233.32, it is sending it to port 5060 instead of assigned port 1877. The public port 5060 is blocked, and is not routed to any specific computer, resulting in a timeout. Here is the Cisco output 'debug ip nat sip'
  001892: .Oct 2 22:53:04.108 PCTime: NAT: SIP: [0] processing INVITE message
  001893: .Oct 2 22:53:04.108 PCTime: NAT: SIP: [0] register:0 door_created:0
  001894: .Oct 2 22:53:04.108 PCTime: NAT: SIP: [0] translated embedded address 192.168.100.138-><public IP>
  001895: .Oct 2 22:53:04.108 PCTime: NAT: SIP: [0] No port present. Use new port 5060->1210
  As you can see, it is processing the INVITE request and translating the internal IP address to the public one.
  However, it reports no port present, meaning that the port specification in the SDP section of the SIP packet is not present. It does a port translation because it feels obligated to, but iChat doesn't respect that on the other end and sends to 5060 anyway which is not mapped to any specific internal IP addess, so, alas, it doesn't work.
  Now, that being, said, this explains why iChat doesn't work behind SIP ALGs. However, if you are able to disable the SIP ALG (on cisco: 'no ip nat service sip udp 5060'), it still doesn't work. With the ALG turned off, the SDP translations don't occur, but for some reason SNATMAP still doesn't work either. I am thinking that could be due to a nat issue, but I haven't figured that out yet. Anyone's insight would be appreciated!
  Hope this helps anyone out there seeking help / console with iChat Error -8 issues behind an enterprise grade router.
  Hopefully we can figure out why iChat's SNATMAP implementation doesn't work with a Cisco NAT next...

  Hi
  Ok for the Homehub's.
  UPnP should be enabled.
  Set the Quicktime streaming setting, goto sys prefs/quicktime/streaming/streaming speed, set to 1.5mbps(dont use automatic)
  In ichats prefs click on video and change bandwidth limit to NONE.
  Goto to sys prefs/sharing/firewall and turn on(dont add any ports for ichat, leave anything that is ticked ticked).
  Restart ichat.
  And try connecting to me defcom1 .mac account.
  Tony

• Dedicated supervisor engine slot numbers for cisco core switches

  I want to know why there is  Dedicated supervisor engine slot numbers in core switch.
  Feature
  Cisco Catalyst WS-C4503-E Chassis
  Cisco Catalyst WS-C4506-E Chassis
  Cisco Catalyst WS-C4507R+E Chassis
  Cisco Catalyst WS-C4510R+E Chassis
  Dedicated supervisor engine slot numbers
  1
  1
  3 and 4
  5 and 6 
  Please make it clear why its dedicated slot alocate for supervisor engine slot

  Hi,
  I think the reason behind a dedicated slots for Supervisors of 4500/6500 chasis is due to the architectural constraints.
  For example the Sup 720 in 6500 has 18 fabric channel (18 connections to the fabric), the line cards have only 1/2 fabric channels depending on their version. So if you have to make a supervisor independent of the slot you need to have 18 backplane  fabric channels in each slot of the chassis for the SUP to work in all slots as compared to 1/2 backplane fabric channels per slot as we have right now for the line cards. Almost same should go for the 4500. And this might come across as an architectural constraint. This is the best explanation i can think of.
  Thanks
  "Please rate the post if found useful"

• Launch date for Cisco SB Switches

  Hi,
  I need the launch date for the following products:
  Cisco SB SG200
  Cisco SB SG300
  Can anyone provide such information? 
  Thanks,
  Tiziana
  p.s. I am opening a new discussion as I marked my previous one as correct answer by mistake and I cannot edit it.

  The earliest firmware version available for these switches were released 21-SEP-2010 for the SG300-28 and 25-JAN-2011 for the SG200-26 so these should be close to their release date one would think.  Why do you want to know when they were released?

• Where is PSIRT lookup tool for cisco IOS?

  Can someone give me the link to a tool that will allow me to paste my version of IOS into and then get a listing of all known advisories/responses?
  thanks,

  I think the following link is what you may be looking for:
  http://tools.cisco.com/security/center/selectIOSVersion.x

• Privilege mode authentication using Tacacs for Cisco Routers

  I am trying to set up a test environment where I need to be able to be asked for both a username and password while entering enable mode from exec mode on a cisco IOS router. I was told the only way to do that is through Tacacs. But I've not seen any such configuration options on Tacacs in order to set it up right. Has someone ever did a setup like this before. I would appreciate any help on this. Thanks. 

  version 12.3
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  service compress-config
  hostname 2621-3
  boot-start-marker
  boot system flash c2600-i-mz.123-26.bin
  boot-end-marker
  logging buffered 5001 debugging
  no logging console
  no logging monitor
  enable password cisco
  memory-size iomem 10
  clock timezone CST -7
  clock summer-time CST recurring
  aaa new-model
  aaa authentication login default local
  aaa authentication enable default group tacacs+
  aaa authorization exec default group tacacs+ local
  aaa session-id common
  ip subnet-zero
  ip cef
  no ip domain lookup
  ip domain name int.voyence.com
  ip name-server 192.168.21.5
  !key chain jetef
  key 10
    key-string c1sco
  modemcap entry ZOOM
  modemcap entry ZOOM
  username jeff password 0 jeff
  tacacs-server host 192.168.21.230 key cisco
  tacacs-server host 10.6.230.32
  tacacs-server directed-request
  tacacs-server key dakey
  line con 0
  exec-timeout 15 0
  logging synchronous
  speed 115200
  line aux 0
  exec-timeout 15 0
  password 7 104D000A0618
  logging synchronous
  modem InOut
  modem autoconfigure discovery
  terminal-type monitor
  transport input all
  stopbits 1
  flowcontrol hardware
  line vty 0 4
  exec-timeout 15 0
  password cisco
  private
  logging synchronous