Monday, June 22, 2015

Configure Cisco VTY local accounts and Enable passwords

  1. From the privileged EXEC (or "enable") prompt, enter configuration mode and enter username/password combinations, one for each user for whom you want to allow access to the router: 
    router#configure terminal
 Enter configuration commands, one per line.  End with CNTL/Z.
 router(config)#username user1 privilege 5 secret california
 router(config)#username user2 privilege 10 secret texas
 router(config)#username user3 privilege 15 secret arizona
 router(config)#service password-encryption
    Note: Use "service password-encryption" to hide all passwords from the configuration view.
  2. Switch to line configuration mode, using the following commands. Notice that the prompt changes to reflect the current mode. 
    router(config)#line vty 0 4
router(config-line)#logging synchronous
router(config-line)#exec-timeout 60 0
  3. Configure password checking at login for vty line. 
    router(config-line)#login local
  4. Exit configuration mode. 
    router(config-line)#end
router#
%SYS-5-CONFIG_I: Configured from console by console

Verify the Configuration

Examine the configuration of the router to verify that the commands have been properly entered:
  • show running-config - displays the current configuration of the router. 
    router#show running-config
Building configuration...
!

!--- Lines omitted for brevity



!
username user1 privilege 15 secret 5 $1$giXN$BA4qQ61PMFH0pckB1VvNp/
username user2 ...............etc
username user3 ...............etc
!

!--- Lines omitted for brevity



!
line con 0
line 1 8
line aux 0
line vty 0 4
 password 7 13151601181B382F
 login local
!
end
    To test this configuration, a Telnet connection must be made to the router. This can be done by connecting from a different host on the network, but you can also test from the router itself by telnetting to the IP address of any interface on the router that is in an up/up state as seen in the output of the show interfaces command.
    Here is a sample output if the address of interface ethernet 0 were 10.10.10.1:
    router#telnet 10.10.10.1
Trying 10.10.10.1 ... Open


User Access Verification


Username: user2
Password:

!--- Password entered here is not displayed by the router
Posted by at No comments:

Configure cisco Local User-Specific Passwords

  1. From the privileged EXEC (or "enable") prompt, enter configuration mode and enter username/password combinations, one for each user for whom you want to allow access to the router: 
    router#configure terminal
 Enter configuration commands, one per line.  End with CNTL/Z.
 router(config)#username user1 password california
 router(config)#username user2 password texas
 router(config)#username user3 password arizona
  2. Switch to line configuration mode, using the following commands. Notice that the prompt changes to reflect the current mode. 
    router(config)#line vty 0 4
router(config-line)#logging synchronous
router(config-line)#exec-timeout 60 0
  3. Configure password checking at login. 
    router(config-line)#login local
  4. Exit configuration mode. 
    router(config-line)#end
router#
%SYS-5-CONFIG_I: Configured from console by console

Verify the Configuration

Examine the configuration of the router to verify that the commands have been properly entered:
  • show running-config - displays the current configuration of the router. 
    router#show running-config
Building configuration...
!

!--- Lines omitted for brevity



!
username user1 password 0 california
username user2 password 0 texas
username user3 password 0 arizona
!

!--- Lines omitted for brevity



!
line con 0
line 1 8
line aux 0
line vty 0 4
 login local
!
end
    To test this configuration, a Telnet connection must be made to the router. This can be done by connecting from a different host on the network, but you can also test from the router itself by telnetting to the IP address of any interface on the router that is in an up/up state as seen in the output of the show interfaces command.
    Here is a sample output if the address of interface ethernet 0 were 10.10.10.1:
    router#telnet 10.10.10.1
Trying 10.10.10.1 ... Open


User Access Verification


Username: user2
Password:

!--- Password entered here is not displayed by the router
Posted by at No comments:

Wednesday, March 25, 2015

Cisco Nexus 5548 SFP Validation Failed

During a recent Nexus deployment I came across a very small problem which was very easily solved.

When doing a sh int brief on the Nexus 5548 I saw the following
Eth1/17       1      eth  access down    SFP validation failed       10G(D) —
Eth1/18       1      eth  access down    SFP validation failed       10G(D) —

The SFP’s that are in these slots were DS-SFP-FC8G SW

The reason is that in a Nexus 5548 the ports can either run as Ethernet or Fiber Channel. The default configuration is Ethernet.  To change the mode of the port

NX5548-SW1# conf t
Enter configuration commands, one per line.  End with CNTL/Z.
NX5548-SW1(config)# slot 1
NX5548-SW1(config-slot)# port 25-32 type fc
NX5548-SW1(config-slot)# end
NX5548-SW1# copy run start
[########################################] 100%
NX5548-SW1# reload

The Cisco doc is here
http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/release/notes/Rel_5_0_3_N1_1/Nexus5000_Release_Notes_5_0_3_N1_1c.html#wp341614

Once the switch has reloaded the ports now show as FC and up!
fc1/31     1      auto   on      up               swl    F       8    —
fc1/32     1      auto   on      up               swl    F       8    —
Posted by at No comments:
Subscribe to: Comments (Atom)