SBR and cisco routers/switches

HI all,
i have a juniper SBR and large no  of cisco devices as RAS/NAS.
i would like to have level 1 team to have just read only profile .
and level 2 team to have read and write access . i guess to accomplish this on a non cisco aaa product  ,
1) DO i need to downlaod cisco radius attribute dictonary file . if yes where is the downlaod link ?
2) As user profiles are basic one ., their should be a standard attribute which has this feature . in case this is true which ietf attribute i can use ?
3) what aer vsa ? does cisco vsa help me in accomplishing my goals with SBR?
4) if i get above answers i can move in right direction accompleshing the same with firewall vendor a , ssl vpn vendor b , wifi controller vendor c , dslamp vendor e ....
Any response will be much appreciated .

I have a 3750X and an SG300 trunked together and they are both running RSTP.
I set my 3750X to rapid-pvst
I set my SG300 to rstp
A "show spanning" on both devices yields: "Spanning tree enabled protocol rstp".
Both seem to be communicating STP fine.

Similar Messages

  • Can Cisco Routers, Switches, or Firewalls run AV?

    Can anyone point me to a document or official statement from Cisco stating that their routers, switches, and firewalls are not capable of running Anti-Virus/Anti-Malware to protect their IOS?  NERC CIP standards require that all devices contained within the Electronic Security Perimeter run Anti-Virus/Anti-Malware software "where technically feasible", if the devices cannot run AV/AM you have to submit a "Technical Feasibility Exception"....done that...now they want proof that Cisco devices (routers, switches, firewalls) are not capable of running AV/AM to protect their IOS.  Please don't confuse this with all of the offering that Cisco has to protect end-user devices...this applies only to the routers, switches, and firewalls.
    Any answers would be greatly appreciated, even comments from others dealing with this issue.

    A couple of years ago in a conference there was a presentation that claimed to install a rootkit to Cisco IOS devices.
    Here is the response from Cisco http://www.cisco.com/warp/public/707/cisco-sr-20080516-rootkits.shtml
    That is the closest I can think of that could help you.
    PK

  • Remote Command Tool for Cisco Routers/Switches

    Is anyone aware of any tools or scripts out there which allow preconfigured commands to be remotely run again Cisco Router/Switches and display the output result?
    I'm looking for a tool which I can give our Service Desk personnel that will allow them to select from a list of commands enter a target IP Address of a router/switch and then the tool will display the vlan table or the running config of a particular switch-port so they can see if its configured on the correct data vlan or its missing its voice vlan etc.
    For example a Service Desk Operator needs to check what vlan a switch-port is on. So they open the tool, enter the switches IP address and the port number and select an option like "display a switch-ports vlan" and the tool will login into the switch in the background run a show command on the switch and then output the result.
    Thanks.

    Check out rConfig. You will be able to run multiple instances of it i.e. one instance for your standard configuration backups and another for more specific configuration downloads info like show vlan bri commands etc for service desk staff to view.
    You could also use the IOS menu function and create menus or role based access on each of your devices for your users.
    Regards
    Stephen
    ==========================
    http://www.rConfig.com 
    A free, open source network device configuration management tool, customizable to your needs!
    - Always vote on an answer if you found it helpful

  • Emergency Responder and Cisco 3850 Switches

    I'm running Cisco ER V8.5, and recently installed new Cisco 3850 Switches. All the phones connected to the 3850 switches show a "unlocated" status. I've check the hardware compatibility Matrix for ER V8.5 and the 3850 is not on it.
    What are my options for locating these phones in ER and assigning them to an ERL. Manually defining the phones? Is there a patch or update to ER V8.5 that would make a 3850 compatible?

    I haven't used the 3850's with ER yet so can't speak to that specifically, but generally speaking you have more flexibility using location by subnets vs switches.  Scalability-wise, you can add way more subnets than switches.  There's more going on under the hood if you're locating by switches so the process overhead is greater.
    The only downside with using subnets is if you need to get more granular with your locations than your deployed subnets allow (ie a single voice subnet for an entire building but you need to define and assign locations at the floor level).  As long as you've been a little forward thinking on the route/switch side, you'll be fine.
    hope that helps,
    will

  • AAA and Cisco MDS switches.........

    have configured Cisco ACS 4.0 (TACACS) with Windows AD for all Cisco MDS switches and it is working fine. But local "admin" access to the Cisco MDS switches via telnet is not working. At the same time , if I create a user with "network-admin" role locally, that works but not the default admin user.
    Could anyone help me in this regard.

    local. Below is the script I used to configure TACACS (Cisco ACS 4.0) on Cisco MDS switches.
    config t
    # Enable TACACS+
    tacacs+ enable
    tacacs-server host nnn.nnn.nnn.nnn key 0 xxxxxx
    tacacs-server host mmm.mmm.mmm.mmm key 0 xxxxx
    # Specify TACACS+ Server groups
    aaa group server tacacs+ tacgrp
    server nnn.nnn.nnn.nnn
    server mmm.mmm.mmm.mmm
    aaa authentication login default group tacgrp
    aaa authentication login console local
    # Enable TACACS+ Accounting
    aaa accounting default group tacgrp local
    end
    copy running-config startup-config
    Thanks
    MOhan

  • Difference between setting up a vpn with windows 7 and cisco routers

    Hi.I was wondering what the main difference Is between setting up a vpn with windows 7 or configuring It on cisco routers.
      When you setup the vpn on windows 7 or xp do the client and server pc's take care of the encryption and decryption whereas configuring vpn on routers , the encryption and decryption Is done solely by the routers?
    If I want to setup a connection where an IP In the same Internal lan Is assigned to the client pc I'm guessing I'd have to use a router configuration.
      Thanks

    Thank you for the response, lucky for me there was another option. Threatened to cancel with the ISP on the NAT side unless they assigned us a public static ip/gateway/subnet. They ended up doing that and the VPN connected as soon as the changes were made in the Linksys.

  • Ericsson MD110 and Cisco routers ISDN PRI Q-Sig

    Anybody has experience with MD110 and Cisco integration using ISDN PRI Q-Sig... Have problems with "idle-busy" channels on MD110. It looks like PBX does not recognize disconnect signal coming from the router.
    Tks
    Brani

    MC,
    Ericsson MD110, BC12 SP7
    ROUTE CATEGORY DATA
    ROU SEL TRM SERV NODG DIST DISL TRAF SIG BCAP
    175 0110017500000010 5 3110000000 0 30 128 00080812 511110120031 111111
    157 0110017500000010 5 3110000000 0 30 128 00080812 511110120031 111111
    END
    ROUTE DATA
    ROU TYPE VARC VARI VARO FILTER
    175 SL60 H'00000310 H'15420000 H'46300000 NO
    157 SL60 H'00000310 H'15420000 H'46300000 NO
    END
    EXTERNAL DESTINATION ROUTE DATA
    DEST DRN ROU CHO CUST ADC TRC SRT NUMACK PRE
    175 175 1606100000000250006000000 0 1 0
    157 1 2606100000000250006000000 0 1 0
    END
    Cisco IOS 12.3-3 (c2600-jsx-mz.123-3.bin)
    Cisco config attached.....
    Our serial links are satellite based so min delay is about 500ms
    Tks
    Brani

  • Having a problem with PEAP and Cisco 2960 Switch

    Hi All,
        I am attempting to use PEAP with a LDAP backend on FreeRadius witht he MS Supplicant.  I have it all working, in debug on the Radius server I see it sending all the information, the tunnel, medium etc. but with PEAP the Cisco switch is not changing VLANS.  If I install the Cisco or Juniper client it works just fine if I use eap-mschapv2 but peap-mschapv2 does not switch the port to the right vlan.  Is there something extra on the switch I need to do to allows PEAP or is there something on the FreeRadius? 
        The only difference between the PEAP and EAP versions that I can tell is that the PEAP authenticates ands the information is sent once(according to the debug on the Radius server) where as with the EAP the connection information is sent several times, that is I will see the Tunnell and medium info sent more then once in the Radius log for just one login.
    Any ideas?

    Thought I mentioned the client in the first post, I am using the 3 different types of clients with a goal of getting the MS client to work.  I am using the Juniper Odyssey client, Cisco CSSC client and the MS built-in client.  I mentioned the EAP-MSChanpV2 because I tested that login so I could compare the Radius output with that of PEAP-MSChapV2.  I did not release logs from the Radius server because it seems to be centered with something on the switch changing Vlans but if you want output I can give that..
    CSSC Client pops out:
    14:25:08.453  Network Connection requested from user  context.
    14:25:08.468  Connection authentication started using the logged in  user's credentials.
    14:25:08.468  Port state transition to  AC_PORT_STATE_CONNECTING(AC_PORT_STATUS_STARTED)
    14:25:08.796  Port state  transition to  AC_PORT_STATE_UNAUTHENTICATED(AC_PORT_STATUS_8021x_FORCED_UNAUTH)
    14:25:09.828   Port state transition to  AC_PORT_STATE_AUTHENTICATING(AC_PORT_STATUS_8021x_ACQUIRED)
    14:25:09.843   Identity has been requested from the network.
    14:25:09.875  Identity has been  sent to the network.
    14:25:09.890  Authentication started using method type  EAP-PEAP, level 0
    14:25:09.890  The server has requested using authentication  type: EAP-PEAP
    14:25:09.890  The client has requested using authentication  type:  EAP-PEAP
    14:25:09.968  Profile does not require server  validation.
    14:25:10.031  Identity has been requested from the  network.
    14:25:10.031  Identity has been sent to the  network.
    14:25:10.046  Authentication started using method type  EAP-MSCHAP-V2, level 1
    14:25:10.046  The server has requested using  authentication type: EAP-MSCHAP-V2
    14:25:10.046  The client has requested  using authentication type:  EAP-MSCHAP-V2
    14:25:10.078  Port state transition  to AC_PORT_STATE_AUTHENTICATED(AC_PORT_STATUS_EAP_SUCCESS)
    14:25:10.078  The  authentication process has succeeded.
    *************************Raidus Ouptut for PEAP:**************************
    [ldap] user RadiusUser authorized to use remote access
    rlm_ldap: ldap_release_conn: Release Id: 0
    Waking up in 0.7 seconds.
    Waking up in 0.7 seconds.
    Waking up in 0.1 seconds.
    Waking up in 3.7 seconds.
    Waking up in 0.1 seconds.
    Ready to process requests.
    Waking up in 0.9 seconds.
    Ready to process requests.
    Waking up in 0.9 seconds.
    [ldap] performing user authorization for anonymous
    rlm_ldap: ldap_get_conn: Checking Id: 0
    rlm_ldap: ldap_get_conn: Got Id: 0
    rlm_ldap: object not found or got ambiguous search result
    [ldap] search failed
    rlm_ldap: ldap_release_conn: Release Id: 0
    [pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.
    Waking up in 0.9 seconds.
    Waking up in 0.9 seconds.
    Waking up in 0.9 seconds.
    Waking up in 0.8 seconds.
    Waking up in 0.8 seconds.
    Waking up in 0.8 seconds.
    [ldap] performing user authorization for RadiusUser
    rlm_ldap: ldap_get_conn: Checking Id: 0
    rlm_ldap: ldap_get_conn: Got Id: 0
    [ldap] Added the eDirectory password Whatever in check items as Cleartext-Password
    [ldap] No default NMAS login sequence
    [ldap] looking for check items in directory...
    rlm_ldap: radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 == "SomeVlan"
    rlm_ldap: radiusTunnelMediumType -> Tunnel-Medium-Type:0 == IEEE-802
    rlm_ldap: radiusTunnelType -> Tunnel-Type:0 == VLAN
    [ldap] looking for reply items in directory...
    rlm_ldap: radiusServiceType -> Service-Type = Authenticate-Only
    rlm_ldap: radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 = "SomeVlan"
    rlm_ldap: radiusTunnelMediumType -> Tunnel-Medium-Type:0 = IEEE-802
    rlm_ldap: radiusTunnelType -> Tunnel-Type:0 = VLAN
    [ldap] user RadiusUser authorized to use remote access
    rlm_ldap: ldap_release_conn: Release Id: 0
    Waking up in 0.8 seconds.
    [ldap] performing user authorization for RadiusUser
    rlm_ldap: ldap_get_conn: Checking Id: 0
    rlm_ldap: ldap_get_conn: Got Id: 0
    [ldap] Added the eDirectory password Whatever in check items as Cleartext-Password
    [ldap] No default NMAS login sequence
    [ldap] looking for check items in directory...
    rlm_ldap: radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 == "SomeVlan"
    rlm_ldap: radiusTunnelMediumType -> Tunnel-Medium-Type:0 == IEEE-802
    rlm_ldap: radiusTunnelType -> Tunnel-Type:0 == VLAN
    [ldap] looking for reply items in directory...
    rlm_ldap: radiusServiceType -> Service-Type = Authenticate-Only
    rlm_ldap: radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 = "SomeVlan"
    rlm_ldap: radiusTunnelMediumType -> Tunnel-Medium-Type:0 = IEEE-802
    rlm_ldap: radiusTunnelType -> Tunnel-Type:0 = VLAN
    [ldap] user RadiusUser authorized to use remote access
    rlm_ldap: ldap_release_conn: Release Id: 0
    Waking up in 0.8 seconds.
    [ldap] performing user authorization for RadiusUser
    rlm_ldap: ldap_get_conn: Checking Id: 0
    rlm_ldap: ldap_get_conn: Got Id: 0
    [ldap] Added the eDirectory password Whatever in check items as Cleartext-Password
    [ldap] No default NMAS login sequence
    [ldap] looking for check items in directory...
    rlm_ldap: radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 == "SomeVlan"
    rlm_ldap: radiusTunnelMediumType -> Tunnel-Medium-Type:0 == IEEE-802
    rlm_ldap: radiusTunnelType -> Tunnel-Type:0 == VLAN
    [ldap] looking for reply items in directory...
    rlm_ldap: radiusServiceType -> Service-Type = Authenticate-Only
    rlm_ldap: radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 = "SomeVlan"
    rlm_ldap: radiusTunnelMediumType -> Tunnel-Medium-Type:0 = IEEE-802
    rlm_ldap: radiusTunnelType -> Tunnel-Type:0 = VLAN
    [ldap] user RadiusUser authorized to use remote access
    rlm_ldap: ldap_release_conn: Release Id: 0
    Waking up in 0.8 seconds.
    Waking up in 0.7 seconds.
    Waking up in 3.7 seconds.
    Ready to process requests.
    Waking up in 0.9 seconds.
    Ready to process requests.
    **************************Radius ouput for EAP******************************
    [ldap] user Radiususer authorized to use remote access
    rlm_ldap: ldap_release_conn: Release Id: 0
    Waking up in 0.7 seconds.
    Waking up in 0.7 seconds.
    Waking up in 0.1 seconds.
    Waking up in 3.7 seconds.
    Waking up in 0.1 seconds.
    Ready to process requests.
    Waking up in 0.9 seconds.
    Ready to process requests.
    Waking up in 0.9 seconds.
    [ldap] performing user authorization for Radiususer
    rlm_ldap: ldap_get_conn: Checking Id: 0
    rlm_ldap: ldap_get_conn: Got Id: 0
    [ldap] Added the eDirectory password Whatever in check items as Cleartext-Password
    [ldap] No default NMAS login sequence
    [ldap] looking for check items in directory...
    rlm_ldap: radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 == "SomeVlan"
    rlm_ldap: radiusTunnelMediumType -> Tunnel-Medium-Type:0 == IEEE-802
    rlm_ldap: radiusTunnelType -> Tunnel-Type:0 == VLAN
    [ldap] looking for reply items in directory...
    rlm_ldap: radiusServiceType -> Service-Type = Authenticate-Only
    rlm_ldap: radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 = "SomeVlan"
    rlm_ldap: radiusTunnelMediumType -> Tunnel-Medium-Type:0 = IEEE-802
    rlm_ldap: radiusTunnelType -> Tunnel-Type:0 = VLAN
    [ldap] user Radiususer authorized to use remote access
    rlm_ldap: ldap_release_conn: Release Id: 0
    Waking up in 0.9 seconds.
    [ldap] performing user authorization for Radiususer
    rlm_ldap: ldap_get_conn: Checking Id: 0
    rlm_ldap: ldap_get_conn: Got Id: 0
    [ldap] Added the eDirectory password Whatever in check items as Cleartext-Password
    [ldap] No default NMAS login sequence
    [ldap] looking for check items in directory...
    rlm_ldap: radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 == "SomeVlan"
    rlm_ldap: radiusTunnelMediumType -> Tunnel-Medium-Type:0 == IEEE-802
    rlm_ldap: radiusTunnelType -> Tunnel-Type:0 == VLAN
    [ldap] looking for reply items in directory...
    rlm_ldap: radiusServiceType -> Service-Type = Authenticate-Only
    rlm_ldap: radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 = "SomeVlan"
    rlm_ldap: radiusTunnelMediumType -> Tunnel-Medium-Type:0 = IEEE-802
    rlm_ldap: radiusTunnelType -> Tunnel-Type:0 = VLAN
    [ldap] user Radiususer authorized to use remote access
    rlm_ldap: ldap_release_conn: Release Id: 0
    Waking up in 0.9 seconds.
    [ldap] performing user authorization for Radiususer
    rlm_ldap: ldap_get_conn: Checking Id: 0
    rlm_ldap: ldap_get_conn: Got Id: 0
    [ldap] Added the eDirectory password Whatever in check items as Cleartext-Password
    [ldap] No default NMAS login sequence
    [ldap] looking for check items in directory...
    rlm_ldap: radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 == "SomeVlan"
    rlm_ldap: radiusTunnelMediumType -> Tunnel-Medium-Type:0 == IEEE-802
    rlm_ldap: radiusTunnelType -> Tunnel-Type:0 == VLAN
    [ldap] looking for reply items in directory...
    rlm_ldap: radiusServiceType -> Service-Type = Authenticate-Only
    rlm_ldap: radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 = "SomeVlan"
    rlm_ldap: radiusTunnelMediumType -> Tunnel-Medium-Type:0 = IEEE-802
    rlm_ldap: radiusTunnelType -> Tunnel-Type:0 = VLAN
    [ldap] user Radiususer authorized to use remote access
    rlm_ldap: ldap_release_conn: Release Id: 0
    Waking up in 0.9 seconds.
    [ldap] performing user authorization for Radiususer
    rlm_ldap: ldap_get_conn: Checking Id: 0
    rlm_ldap: ldap_get_conn: Got Id: 0
    [ldap] Added the eDirectory password Whatever in check items as Cleartext-Password
    [ldap] No default NMAS login sequence
    [ldap] looking for check items in directory...
    rlm_ldap: radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 == "SomeVlan"
    rlm_ldap: radiusTunnelMediumType -> Tunnel-Medium-Type:0 == IEEE-802
    rlm_ldap: radiusTunnelType -> Tunnel-Type:0 == VLAN
    [ldap] looking for reply items in directory...
    rlm_ldap: radiusServiceType -> Service-Type = Authenticate-Only
    rlm_ldap: radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 = "SomeVlan"
    rlm_ldap: radiusTunnelMediumType -> Tunnel-Medium-Type:0 = IEEE-802
    rlm_ldap: radiusTunnelType -> Tunnel-Type:0 = VLAN
    [ldap] user Radiususer authorized to use remote access
    rlm_ldap: ldap_release_conn: Release Id: 0
    Waking up in 0.9 seconds.
    Waking up in 3.9 seconds.
    Ready to process requests.
    Hope that Helps.

  • Configuring rcp on ciscoworks LMS 2.5 and cisco 3560 switch

    Dear All,
    i am having LMS 2.5 and nearly 50 cisco 3560 in my network. And I want to configure rcp. How can I do it. Kindly help
    regards,
    RAHIL KHAN

    Have a look at this link for the server:
    http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_resource_manager_essentials/4.0/user/guide/swmgt.html#wp1328314
    For the device you'll need something like:
    username cwuser password 7 000C1C0A05
    ip rcmd rcp-enable
    ip rcmd remote-host cwuser 172.17.246.221 cwuser enable
    ip rcmd remote-username cwuser

  • ACE 4700 and Cisco ACS aaa authentication

    ACE version Software
    loader: Version 0.95
    system: Version A1(7b) [build 3.0(0)A1(7b)
    Cisco ACS version 4.0.1
    I am trying to authenticate admin users with AAA authentication for ACE management.
    This is what I've done:
    ACE-lab/Admin(config)# tacacs-server host 192.168.3.10 key 123456 port 49
    warning: numeric key will not be encrypted
    ACE-lab/Admin(config)# aaa group server tacacs+ cciesec
    ACE-lab/Admin(config-tacacs+)# server ?
    <A.B.C.D> TACACS+ server name
    ACE-lab/Admin(config-tacacs+)# server 192.168.3.10
    can not find the TACACS+ server
    specified TACACS+ server not found, please configure it using tacacs-server host ... and then retry
    ACE-lab/Admin(config-tacacs+)#
    Why am I getting this error? I have full
    connectivity between the ACE and the ACS
    server. Furthermore, the ACS server
    works fine with other Cisco IOS devices.
    Please help. Thanks.

    Thanks. Now I have another problem. I CAN
    log into the ACE via tacacs+ account(s).
    However, I get error when I try going into
    configuration mode:
    ACE-lab login: ngx1
    Password:
    Cisco Application Control Software (ACSW)
    TAC support: http://www.cisco.com/tac
    Copyright (c) 1985-2007 by Cisco Systems, Inc. All rights reserved.
    The copyrights to certain works contained herein are owned by
    other third parties and are used and distributed under license.
    Some parts of this software are covered under the GNU Public
    License. A copy of the license is available at
    http://www.gnu.org/licenses/gpl.html.
    ACE-lab/Admin# conf t
    ^
    % invalid command detected at '^' marker.
    ACE-lab/Admin#
    The ngx1 account can access other Cisco
    routers/switches just fine and can go into
    enable mode just fine. Only issue on the ACE.
    Any ideas? Thanks.

  • Access Server 2511 can't access Routers & Switch

    Hi,
    i recently bought Cisco Routers, Switch, Access Server and Frame-relay for my CCNP home lab, but problem is that my Access Server 2511 can't connect to any other devices like router or switch, i have configure "loopback 200.1.1.1" than setup "ip host Router1 2001 200.1.1.1" command for all of my other devices, when i try to connect to other devices it give me this message but do not show prompt for that device...
    (Router#f2
    Translating "f2"
    Trying f2 (200.1.1.1, 2001)... Open)
    i leave this message for a long time but Prompt never come....
    i also use CLEAR line command to clear but problem still exist.
    Please help me to resolve this problem...
    Regards,
    ABDUL

    Hi
    Thank you for your guidance, i have done changes which you were suggested, but problem still exit ..this is my fifth day battling with this issue..i can connect and work on all devices through network using # telnet  (ip address of any device) ..i am using the right cable (72-0845-01) Cisco Cab-Octal-Async 8 Lead Octal Cable (68 pin to 8 Male RJ-45s)... now i am thinking that there is a problem with cable or Access Server 2511 physically not with configuration..any way i am waiting for your reply...
    tserver#sh run
    Building configuration...
    Current configuration : 1054 bytes
    version 12.3
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    hostname tserver
    boot-start-marker
    boot-end-marker
    enable secret 5 $1$sWZ2$iNhMYtvWsbwBSGLnYtphr/
    enable password cisco
    no aaa new-model
    ip subnet-zero
    no ip domain lookup
    ip host f1 2001 172.168.1.1
    ip host s1 2002 172.168.1.1
    ip host r1 2007 172.168.1.1
    ip host f2 2009 172.168.1.1
    ip host s2 2010 172.168.1.1
    ip host r2 2016 172.168.1.1
    interface Loopback0
    ip address 172.168.1.1 255.255.255.0
    interface Ethernet0
    no ip address
    shutdown
    interface Serial0
    no ip address
    shutdown
    no fair-queue
    interface Serial1
    no ip address
    shutdown
    ip http server
    ip classless
    dialer-list 1 protocol ip permit
    line con 0
    password cisco
    login
    transport output telnet
    telnet speed 9600 38400
    line 1 16
    transport input telnet
    transport output telnet
    flowcontrol hardware
    line aux 0
    line vty 0 4
    password cisco
    login
    transport input telnet
    transport output telnet
    telnet speed 9600 38400
    end 

  • Securing Telnet access on Cisco routers (access class)

    Dear All,
    In all my network i have cisco catalyst switch and cisco routers deployed in my WAN. In cisco routers, it was activated an ACL to secure telnet access to WAN devices. only 3 hosts (remote) were autorized to access these devises. I need to modify this secuirty to have access from the LAN (locally).
    The ACL was implmented in all routers, and activated using access class in.
    in there any idea without changing more the configuration and only tell the router to apply this ACL for WAN and not access for the LAN ?
    Thanks for your help,
    Best regards,

    Hi,
    here is the ip int brief.
    thanks
    CISCO1841#show ip int brief
    Interface IP-Address OK? Method Status Protocol
    FastEthernet0/0 192.168.1.1 YES NVRAM up up
    FastEthernet0/1 192.168.2.1 YES NVRAM up up
    ATM0/0/0 unassigned YES NVRAM up up
    Dot11Radio0/1/0 unassigned YES NVRAM up up
    Dot11Radio0/1/0.1 192.168.2.129 YES NVRAM up up
    Dot11Radio0/1/0.2 192.168.3.1 YES NVRAM up up
    NVI0 unassigned NO unset up up
    Virtual-Access1 unassigned YES unset up up
    Dialer1 151.16.203.203 YES IPCP up up

  • Facing issue in using SNMPV3 on Cisco Routers

    Hi,
    Actually, i am trying to implement SNMPV3 on Cisco Routers & Switches to manage & monitor these devices in a more secure manner using NMS called Orion (NPM) Network Performance Monitor.
    When i am going to add the node on Orion (NPM), it is showing me an error that the device does not support the interfaces MIB.
    The Routers IOS Version and its feature set is as under:
    Cisco 3800 & 2800 (IOS version 12.4(20)T2 Advance IP Services).
    Configuration as under:
    snmp-server DEPT_GRP V3 auth context DEPT_CTX read DEPT_VIEW
    snmp-server view DEPT_VIEW iso included
    snmp-server view DEPT_VIEW internet included
    snmp-server view DEPT_VIEW interfaces included
    snmp-server view DEPT_VIEW system  included
    snmp-server view DEPT_VIEW chassis included
    snmp-server context DEPT_CTX
    snmp-server user SNMPADMIN DEPT_GRP v3 auth sha cisco123 priv des cisco123
    snmp-server host 213.42.48.158 version 3 auth SNMPADMIN
    At Orion parameters are given as under:
    username :- SNMPADMIN
    SNMPV3 context :- DEPT_CTX
    SNMPV3 Authentication :- SHA1
    SNMPV3 Privacy/Encryption :- DES56
    Password Key :- cisco123 (All the places)
    Kindly help me out and advise me where i am going wrong. Kindly check the configuration above is anything missing in it regarding the SNMPV3 configuration.
    Rgds,
    Ayaz Ali

    Hi Joe,
    Thanks for your response. As per your reply, i had removed the context and views which were configured earlier on the router and followed the same instructions as you mentioned in your reply, but i would like to tell you one thing about the configuration that i had done for snmp v3.
    Your configuration is :-
    snmp-server group DEPT_GRP v3 auth read v1default
    snmp-server user SNMPADMIN DEPT_GRP v3 auth sha cisco123 priv des cisco123
    My Configuration is :-
    snmp-server group DEPT_GRP v3 priv read v1default
    snmp-server user SNMPADMIN DEPT_GRP v3 auth sha cisco123 priv des cisco123
    In your configuration, you are using Authentication (Auth) for the SNMP v3 group and if u select auth (Keyword) then you have to only provide authentication method (SHA,MD5) no privacy keys for encryption (DES,AES) in snmp user configuration, otherwise it will give you an error that credential not matched on the host when you try to poll the device.
    In my configuration, I am using privacy (priv) for the SNMP v3 group, thats why i had given both authentication and encryption keys under SNMP user configuration.
    In short, user settings are dependent on the group settings if you are using auth then it only support authentication but no privacy and if you are using priv then it allow both authentication and encryption (privacy).
    Thanks for your support, it really helped me out in solving the issue. Now, i am able to poll my all routers using snmp v3.
    Rgds,
    Ayaz Ali

  • Communication problem between Cisco 3560 and Cisco SG300.

    Dear Support,
    I have a Cisco SG300 and Cisco 3560 switches.
    3560 is my Core Switch and SG300 is access switch.
    From 3560 VLAN information is not passed to SG300.
    3560 Configuration:
    interface GigabitEthernet0/23
    switchport trunk encapsulation dot1q
    switchport trunk allowed vlan 1,2,10,11
    switchport mode trunk
    SG300 Configuration:
    interface gigabitethernet49
    spanning-tree link-type point-to-point
    switchport mode general
    switchport general allowed vlan add 2,10-11 tagged
    macro description switch
    Please suggest how this issue is resolve.
    Regards,
    JItesh Mahajan.

    Dear Aleksandra,
    Below Configuration is right or wrong for 3560 and SG300.
    3560 Configuration:
    interface GigabitEthernet0/23
    switchport trunk encapsulation dot1q
    switchport trunk allowed vlan remove VLAN 1
    switchport native vlan 1
    switchport trunk allowed vlan 1,2,10,11
    switchport mode trunk
    SG300 Configuration:
    interface gigabitethernet49
    spanning-tree link-type point-to-point
    switchport mode general
    switchport general allowed vlan add 2,10-11 tagged
    macro description switch
    Regards,
    JItesh Mahajan.

  • Configuration of Routers/SWitches

    I would like to know what is the best configuration to connect 2 Routers 7206 to 2 Switches 3750 . The best configuration between Routers , between Switches and between Routers/switches . Thanks .

    wrong forum.
    Try "LAN, Switching and Routing"
    Gilles.

Maybe you are looking for