Re: [Packetfence-users] Cisco 2950 Crypto Image

[Renbarger, Nate]

I had not tried any of the 2950 switches yet so I just tried one and it
appears that it does not support AES. You'll have to use des and then in
the switches.conf under that switch make sure you set
SNMPPrivProtocolRead and SNMPPrivProtocolWrite to DES instead of AES. I
believe that will work but I have not tested that configuration. Could
someone from Inverse confirm that packetfence supports DES as a priv
encryption protocol? 

 

NATE RENBARGER 
NETWORK ADMINISTRATOR, UNIVERSITY INFORMATION TECHNOLOGY

INDIANA WESLEYAN UNIVERSITY
4201 S. WASHINGTON ST.
MARION, IN 46953

765.677.2340   |   765.677.2020 FAX 
nate.renbar...@indwes.edu <mailto:nate.renbar...@indwes.edu> 


INDWES.EDU/IT

 

From: Marlon Bastida [mailto:marlon.bast...@gmail.com] 
Sent: Sunday, March 13, 2011 4:03 PM
To: packetfence-users@lists.sourceforge.net
Subject: Re: [Packetfence-users] Cisco 2950 Crypto Image

 

Nate,

 

I was testing here, PF 2.1.0 commands (admin guide), and I tried putting
priv command, now works with IOS EA14, but I got this message.

 

Now I got a invalid command, look bellow:

 

 

 

fence0(config)#$roup v3 auth md5 authpwdread priv aes 128 privpwdread

snmp-server user readUser readGroup v3 auth md5 authpwdread priv aes 128
privpwd
^read

 

% Invalid input detected at '^' marker.

 

 

 

Tks Marlon

 

fence0(config)#$roup v3 auth md5 authpwdread priv aes 128 privpwdread

snmp-server user readUser readGroup v3 auth md5 authpwdread p^read

 

% Invalid input detected at '^' marker.

 

fence0(config)#

 

 

2011/3/4 Renbarger, Nate <nate.renbar...@indwes.edu>

Marlon,

 

What's the full version you are running? At the cli on the 2950 type
"show ver | include System image" and post the results. If it is that it
needs crypto (which trying to do the priv encryption it most likely
does) you'll have to get it from Cisco.com. To get that you'll need a
login because you'll have to go through a waiver process to be able to
download crypto software. You may also need to have a support contract
or purchase the upgrade (I'm not sure on the edge switches if that's the
case for sure). Also that setup is incorrect, the documentation should
be updated but the collowing commands: 

snmp-server user readUser readGroup v3 auth md5 authpwdread priv des56

privpwdread

snmp-server user writeUser writeGroup v3 auth md5 authpwdwrite priv
des56

privpwdwrite

 

need to be:

snmp-server user readUser readGroup v3 auth md5 authpwdread priv aes 128

privpwdread

snmp-server user writeUser writeGroup v3 auth md5 authpwdwrite priv aes
128

privpwdwrite

 

otherwise it won't work. 

 

NATE RENBARGER 
NETWORK ADMINISTRATOR, UNIVERSITY INFORMATION TECHNOLOGY

INDIANA WESLEYAN UNIVERSITY
4201 S. WASHINGTON ST.
MARION, IN 46953

765.677.2340   |   765.677.2020 FAX 
nate.renbar...@indwes.edu <mailto:nate.renbar...@indwes.edu> 


INDWES.EDU/IT

 

From: Marlon Bastida [mailto:marlon.bast...@gmail.com] 
Sent: Friday, March 04, 2011 12:48 PM
To: PacketFence Lista
Subject: [Packetfence-users] Cisco 2950 Crypto Image

 

Hi,

 

I'm doing the steps about SNMP config. on a Cisco 2950 - (WS-C2950-24).
So I did basic reseach on the software guide and tell me about download
a Software Image for enable priv (needs to use a crypto image). 

Can u point me a download link to the a right image software of this
swtich model, please?

 

priv commands need a software image to work...

 

 

snmp-server engineID local AA5ED139B81D4A328D18ACD1

snmp-server group readGroup v3 priv

snmp-server group writeGroup v3 priv read v1default write v1default

snmp-server user readUser readGroup v3 auth md5 authpwdread priv des56

privpwdread

snmp-server user writeUser writeGroup v3 auth md5 authpwdwrite priv
des56

privpwdwrite

snmp-server enable traps port-security

snmp-server enable traps port-security trap-rate 1

 

 

Tks,

Marlon


------------------------------------------------------------------------
------
What You Don't Know About Data Connectivity CAN Hurt You
This paper provides an overview of data connectivity, details
its effect on application quality, and explores various alternative
solutions. http://p.sf.net/sfu/progress-d2d
_______________________________________________
Packetfence-users mailing list
Packetfence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users

 


------------------------------------------------------------------------------
Colocation vs. Managed Hosting
A question and answer guide to determining the best fit
for your organization - today and in the future.
http://p.sf.net/sfu/internap-sfd2d
_______________________________________________
Packetfence-users mailing list
Packetfence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users