- Execute “wr” command before implementing AAA.
- Take running-configuration backup after that.
- Open 3 sessions of the same device on which you want to implement AAA.
- Then start executing all AAA commands as per the template made.
- Then open one more session of the same device and test Authentication & Authorization.
- If everything goes fine, then again execute “wr” command to save the running-configuration.
Wednesday, November 25, 2009
Important Instruction while deploying AAA
Important Instruction while deploying AAA
Essential Cisco Load balancer configuration commands
Generating configuration....
boot system image:c6ace-t1k9-mz.3.0.0_A1_2.bin
shared-vlan-hostid 1
access-list out_in line 10 extended permit ip any any
access-list out_in line 20 extended permit icmp any any
interface vlan 700
ip address 7.7.7.8 255.255.255.0
no shutdown
ft interface vlan 100
ip address 1.1.1.1 255.255.255.252
peer ip address 1.1.1.2 255.255.255.252
no shutdown
ft peer 1
heartbeat interval 300
heartbeat count 20
ft-interface vlan 100
ft group 2
peer 1
priority 150
associate-context Admin
inservice
ip route 0.0.0.0 0.0.0.0 5.5.5.10
context test
allocate-interface vlan 200
allocate-interface vlan 300
context c1
context c2
context c3
context c4
context c5
context c6
context c77
ft group 1
peer 1
priority 210
associate-context test
inservice
username admin password 5 $1$faXJEFBj$TJR1Nx7sLPTi5BZ97v08c/ role Admin domain default-domain
username www password 5 $1$UZIiwUk7$QMVYN1JASaycabrHkhGcS/ role Admin domain default-domain
switch/Admin# ### END LOG - DATE: 070306, TIME: 150510 ###
boot system image:c6ace-t1k9-mz.3.0.0_A1_2.bin
shared-vlan-hostid 1
access-list out_in line 10 extended permit ip any any
access-list out_in line 20 extended permit icmp any any
interface vlan 700
ip address 7.7.7.8 255.255.255.0
no shutdown
ft interface vlan 100
ip address 1.1.1.1 255.255.255.252
peer ip address 1.1.1.2 255.255.255.252
no shutdown
ft peer 1
heartbeat interval 300
heartbeat count 20
ft-interface vlan 100
ft group 2
peer 1
priority 150
associate-context Admin
inservice
ip route 0.0.0.0 0.0.0.0 5.5.5.10
context test
allocate-interface vlan 200
allocate-interface vlan 300
context c1
context c2
context c3
context c4
context c5
context c6
context c77
ft group 1
peer 1
priority 210
associate-context test
inservice
username admin password 5 $1$faXJEFBj$TJR1Nx7sLPTi5BZ97v08c/ role Admin domain default-domain
username www password 5 $1$UZIiwUk7$QMVYN1JASaycabrHkhGcS/ role Admin domain default-domain
switch/Admin# ### END LOG - DATE: 070306, TIME: 150510 ###
Air is Single Collision and Broadcast domain.
The set of computers where no two computers can send data simultaneously are said to be in same collision domain. As in the above paragraph explained air acts as the medium of single collision domain. We can say “that air acts like single collision domain for sound waves.”
One more interesting property of single collision domain is that an intentional unicast is made broadcast by the medium, as we see in the case discussed.
When we say “Gentlemen, may I have the attention please”, by prefixing gentlemen we make our speech a broadcast sound traffic. Sound wave reaches every person in same fashion. Conclusion is that Air is a single broadcast and single collision domain for sound waves.
Monday, November 23, 2009
SNMP V3 configuration
SSHv3 ( Devices with advance services image)
snmp-server view testview interfaces included
snmp-server view testview chassis included
snmp-server view testview internet included
snmp-server view testview system included
snmp-server group test v3 auth read testview
snmp-server user testuser test v3 auth md5 testkey priv des56 testdeskey access 20
Telnetv3 ( Devices with IP base image)
snmp-server view testview interfaces included
snmp-server view testview chassis included
snmp-server view testview system included
snmp-server view testview internet included
snmp-server group test v3 auth read testview
snmp-server user testuser test v3 auth md5 testkey access 20
snmp-server view testview interfaces included
snmp-server view testview chassis included
snmp-server view testview internet included
snmp-server view testview system included
snmp-server group test v3 auth read testview
snmp-server user testuser test v3 auth md5 testkey priv des56 testdeskey access 20
Telnetv3 ( Devices with IP base image)
snmp-server view testview interfaces included
snmp-server view testview chassis included
snmp-server view testview system included
snmp-server view testview internet included
snmp-server group test v3 auth read testview
snmp-server user testuser test v3 auth md5 testkey access 20
SSH error due to RSA key corruption
1. Check mapping of key with host name(if problem is coming after changing host name.)
rashid#sh crypto key mypubkey rsa
% Key pair was generated at: 12:09:33 GMT May 22 2008
Key name: test.rashid.com
Usage: General Purpose Key
Key is not exportable.
Key Data:
305C300D 06092A86 4886F70D 01010105 00034B00 30480241 00CD2B16 8FEFDD6A
B24D0C25 854195B3 296B153A 6EE8D003 2247E99D CF552355 70FC4C19 EE3A4116
D0B812F6 4DA6EC7A D58B3D97 EE08AC7C 6D319202 5ECB32F4 C3020301 0001
% Key pair was generated at: 12:09:33 GMT May 22 2008
Key name: test.rashid.com
Usage: Encryption Key
Key is not exportable.
Key Data:
307C300D 06092A86 4886F70D 01010105 00036B00 30680261 00C53C94 A3A0F4E0
35F5922B 8440B5FC D5809A67 F57A1C36 1F39060B 46A22DF0 0A9B3CD4 7A859AE1
F2A5E67A 5245F9F0 3920EAE5 9C1B74A5 2F40C596 54E4C461 BC8494E8 04B88A96
4A49BC7C 5A1B19ED 8413F6B3 3136BAF8 9316350A 4D54B6E8 C5020301 0001
rashid#
2. Deleting the existing rsa key with following command.
(config)#no crypto key zeroize rsa
3. Re-generate the crypto key and login with SSH.
rashid#sh crypto key mypubkey rsa
% Key pair was generated at: 12:09:33 GMT May 22 2008
Key name: test.rashid.com
Usage: General Purpose Key
Key is not exportable.
Key Data:
305C300D 06092A86 4886F70D 01010105 00034B00 30480241 00CD2B16 8FEFDD6A
B24D0C25 854195B3 296B153A 6EE8D003 2247E99D CF552355 70FC4C19 EE3A4116
D0B812F6 4DA6EC7A D58B3D97 EE08AC7C 6D319202 5ECB32F4 C3020301 0001
% Key pair was generated at: 12:09:33 GMT May 22 2008
Key name: test.rashid.com
Usage: Encryption Key
Key is not exportable.
Key Data:
307C300D 06092A86 4886F70D 01010105 00036B00 30680261 00C53C94 A3A0F4E0
35F5922B 8440B5FC D5809A67 F57A1C36 1F39060B 46A22DF0 0A9B3CD4 7A859AE1
F2A5E67A 5245F9F0 3920EAE5 9C1B74A5 2F40C596 54E4C461 BC8494E8 04B88A96
4A49BC7C 5A1B19ED 8413F6B3 3136BAF8 9316350A 4D54B6E8 C5020301 0001
rashid#
2. Deleting the existing rsa key with following command.
(config)#no crypto key zeroize rsa
3. Re-generate the crypto key and login with SSH.
Subscribe to:
Posts (Atom)