Glad you got access to the switch again, I know that it's frustrating to
get locked out. Yes, you'll probably need the crypto version. The crypto
version will have a k2 in the name like this:
flash:c2950-i6k2l2q4-mz.121-22.EA13.bin. That will let you configure all
of the encryption portions of the config. Also, to keep yourself from
getting locked out again you can set it up with a local username and
password. The command would be 'username admin privilege 15 password
mypassword' where admin is your username and mypassword is the password.
Then you can use that as the username and password at the prompt and it
will authenticate locally.
NATE RENBARGER
NETWORK ADMINISTRATOR, UNIVERSITY INFORMATION TECHNOLOGY
INDIANA WESLEYAN UNIVERSITY
4201 S. WASHINGTON ST.
MARION, IN 46953
765.677.2340 | 765.677.2020 FAX
[email protected] <mailto:[email protected]>
INDWES.EDU/IT
From: Marlon Bastida [mailto:[email protected]]
Sent: Friday, March 04, 2011 6:23 PM
To: [email protected]
Subject: Re: [Packetfence-users] Cisco 2950 Crypto Image
Nate,
Doing the show version command, bring me this:
fence0>show ver | include System image
System image file is "flash:/c2950-i6q4l2-mz.121-22.EA2.bin"
fence0>
Tks Marlon
2011/3/4 Renbarger, Nate <[email protected]>
If you didn't save the config then you can just reboot the switch and it
will roll back the changed and you should have access again. If the
config is saved and you got all of the switch config done you will have
to either get the radius piece working in PF so you can authenticate
against it or run through the password recovery procedure with the
switch. Here is a link to the password recovery documentation.
http://www.cisco.com/en/US/products/hw/switches/ps628/products_password_
recovery09186a0080094184.shtml
NATE RENBARGER
NETWORK ADMINISTRATOR, UNIVERSITY INFORMATION TECHNOLOGY
INDIANA WESLEYAN UNIVERSITY
4201 S. WASHINGTON ST.
MARION, IN 46953
765.677.2340 | 765.677.2020 FAX
[email protected] <mailto:[email protected]>
INDWES.EDU/IT
From: Marlon Bastida [mailto:[email protected]]
Sent: Friday, March 04, 2011 4:41 PM
To: [email protected]
Subject: Re: [Packetfence-users] Cisco 2950 Crypto Image
Nate,
Well I did an update on PF, now I'm using PF 2.1.0.
I'm using Cisco IOS 12.1(22)EA2, but I can't enter now with show
version.
I was trying to update my switch configs on my Cisco 2950 (WS-C2950-24)
and I did until radius server config. (PF Admin guide 2.1.0)
I put the RADIUS server on the same IP address (192.168.50.120) of PF
VM (CentOS 5.5) and when I tried to enter on console need a username and
password but can't enter on switch now...
Tks
2011/3/4 Renbarger, Nate <[email protected]>
Marlon,
What's the full version you are running? At the cli on the 2950 type
"show ver | include System image" and post the results. If it is that it
needs crypto (which trying to do the priv encryption it most likely
does) you'll have to get it from Cisco.com. To get that you'll need a
login because you'll have to go through a waiver process to be able to
download crypto software. You may also need to have a support contract
or purchase the upgrade (I'm not sure on the edge switches if that's the
case for sure). Also that setup is incorrect, the documentation should
be updated but the collowing commands:
snmp-server user readUser readGroup v3 auth md5 authpwdread priv des56
privpwdread
snmp-server user writeUser writeGroup v3 auth md5 authpwdwrite priv
des56
privpwdwrite
need to be:
snmp-server user readUser readGroup v3 auth md5 authpwdread priv aes 128
privpwdread
snmp-server user writeUser writeGroup v3 auth md5 authpwdwrite priv aes
128
privpwdwrite
otherwise it won't work.
NATE RENBARGER
NETWORK ADMINISTRATOR, UNIVERSITY INFORMATION TECHNOLOGY
INDIANA WESLEYAN UNIVERSITY
4201 S. WASHINGTON ST.
MARION, IN 46953
765.677.2340 | 765.677.2020 FAX
[email protected] <mailto:[email protected]>
INDWES.EDU/IT
From: Marlon Bastida [mailto:[email protected]]
Sent: Friday, March 04, 2011 12:48 PM
To: PacketFence Lista
Subject: [Packetfence-users] Cisco 2950 Crypto Image
Hi,
I'm doing the steps about SNMP config. on a Cisco 2950 - (WS-C2950-24).
So I did basic reseach on the software guide and tell me about download
a Software Image for enable priv (needs to use a crypto image).
Can u point me a download link to the a right image software of this
swtich model, please?
priv commands need a software image to work...
snmp-server engineID local AA5ED139B81D4A328D18ACD1
snmp-server group readGroup v3 priv
snmp-server group writeGroup v3 priv read v1default write v1default
snmp-server user readUser readGroup v3 auth md5 authpwdread priv des56
privpwdread
snmp-server user writeUser writeGroup v3 auth md5 authpwdwrite priv
des56
privpwdwrite
snmp-server enable traps port-security
snmp-server enable traps port-security trap-rate 1
Tks,
Marlon
------------------------------------------------------------------------
------
What You Don't Know About Data Connectivity CAN Hurt You
This paper provides an overview of data connectivity, details
its effect on application quality, and explores various alternative
solutions. http://p.sf.net/sfu/progress-d2d
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------
------
What You Don't Know About Data Connectivity CAN Hurt You
This paper provides an overview of data connectivity, details
its effect on application quality, and explores various alternative
solutions. http://p.sf.net/sfu/progress-d2d
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
What You Don't Know About Data Connectivity CAN Hurt You
This paper provides an overview of data connectivity, details
its effect on application quality, and explores various alternative
solutions. http://p.sf.net/sfu/progress-d2d
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
