Re: [Packetfence-users] Cisco 2950 Crypto Image

[Marlon Bastida]

Hello,

I trying to change this command on a Cisco 2950 SW,

snmp-server user readUser readGroup v3 auth md5 authpwdread priv aes 128
privpwdread

So I just changed:

snmp-server user readUser readGroup v3 auth md5 authpwdread priv *des
56*privpwdread

The command it is accepted, but not show on running config.

Please need help about this,

Tks Marlon

2011/3/14 Francois Gaudreault <fgaudrea...@inverse.ca>:
> Hi,
>
> I posted on that thread earlier last week :
>
> Tested on 12.1(22)EA11.
>
> snmp-server engineID local AA5ED139B81D4A328D18ACD1
> snmp-server group readonly v3 priv read readview
> snmp-server view readview internet included
> snmp-server user test readonly v3 auth md5 arightpassword priv des56
> arightpassword
>
> # snmpwalk -v 3 -u test -l authPriv -a MD5 -A arightpassword -x DES -X
> arightpassword 10.0.0.15 sysLocation.0
> SNMPv2-MIB::sysLocation.0 = STRING: Inverse
>
> Those lines are an EXAMPLE on how to configure v3 on the 2950 for MD5
> authentication and DES encryption.  Our test switch is able to do MD5 and
> SHA for the auth part, and des56 as the priv part.  No AES for us as
well.
> You will need to create the proper write view, and make sure the snmpv3
> settings in switches.conf reflects your encryption mechanisms.
>
>
> On 11-03-14 8:42 AM, Renbarger, Nate wrote:
>
> I had not tried any of the 2950 switches yet so I just tried one and it
> appears that it does not support AES. You’ll have to use des and then in
the
> switches.conf under that switch make sure you set SNMPPrivProtocolRead and
> SNMPPrivProtocolWrite to DES instead of AES. I believe that will work but
I
> have not tested that configuration. Could someone from Inverse confirm
that
> packetfence supports DES as a priv encryption protocol?
>
>
>
> NATE RENBARGER
> NETWORK ADMINISTRATOR, UNIVERSITY INFORMATION TECHNOLOGY
>
> INDIANA WESLEYAN UNIVERSITY
> 4201 S. WASHINGTON ST.
> MARION, IN 46953
>
> 765.677.2340   |   765.677.2020 FAX
> nate.renbar...@indwes.edu
>
> INDWES.EDU/IT
>
>
>
> From: Marlon Bastida [mailto:marlon.bast...@gmail.com]
> Sent: Sunday, March 13, 2011 4:03 PM
> To: packetfence-users@lists.sourceforge.net
> Subject: Re: [Packetfence-users] Cisco 2950 Crypto Image
>
>
>
> Nate,
>
>
>
> I was testing here, PF 2.1.0 commands (admin guide), and I tried putting
> priv command, now works with IOS EA14, but I got this message.
>
>
>
> Now I got a invalid command, look bellow:
>
>
>
>
>
>
>
> fence0(config)#$roup v3 auth md5 authpwdread priv aes 128 privpwdread
>
> snmp-server user readUser readGroup v3 auth md5 authpwdread priv aes 128
> privpwd
> ^read
>
>
>
> % Invalid input detected at '^' marker.
>
>
>
>
>
>
>
> Tks Marlon
>
>
>
> fence0(config)#$roup v3 auth md5 authpwdread priv aes 128 privpwdread
>
> snmp-server user readUser readGroup v3 auth md5 authpwdread p^read
>
>
>
> % Invalid input detected at '^' marker.
>
>
>
> fence0(config)#
>
>
>
>
>
> 2011/3/4 Renbarger, Nate <nate.renbar...@indwes.edu>
>
> Marlon,
>
>
>
> What’s the full version you are running? At the cli on the 2950 type “show
> ver | include System image” and post the results. If it is that it needs
> crypto (which trying to do the priv encryption it most likely does) you’ll
> have to get it from Cisco.com. To get that you’ll need a login because
> you’ll have to go through a waiver process to be able to download crypto
> software. You may also need to have a support contract or purchase the
> upgrade (I’m not sure on the edge switches if that’s the case for sure).
> Also that setup is incorrect, the documentation should be updated but the
> collowing commands:
>
> snmp-server user readUser readGroup v3 auth md5 authpwdread priv des56
>
> privpwdread
>
> snmp-server user writeUser writeGroup v3 auth md5 authpwdwrite priv des56
>
> privpwdwrite
>
>
>
> need to be:
>
> snmp-server user readUser readGroup v3 auth md5 authpwdread priv aes 128
>
> privpwdread
>
> snmp-server user writeUser writeGroup v3 auth md5 authpwdwrite priv aes
128
>
> privpwdwrite
>
>
>
> otherwise it won’t work.
>
>
>
> NATE RENBARGER
> NETWORK ADMINISTRATOR, UNIVERSITY INFORMATION TECHNOLOGY
>
> INDIANA WESLEYAN UNIVERSITY
> 4201 S. WASHINGTON ST.
> MARION, IN 46953
>
> 765.677.2340   |   765.677.2020 FAX
> nate.renbar...@indwes.edu
>
> INDWES.EDU/IT
>
>
>
> From: Marlon Bastida [mailto:marlon.bast...@gmail.com]
> Sent: Friday, March 04, 2011 12:48 PM
> To: PacketFence Lista
> Subject: [Packetfence-users] Cisco 2950 Crypto Image
>
>
>
> Hi,
>
>
>
> I'm doing the steps about SNMP config. on a Cisco 2950 - (WS-C2950-24). So
I
> did basic reseach on the software guide and tell me about download a
> Software Image for enable priv (needs to use a crypto image).
>
> Can u point me a download link to the a right image software of this
swtich
> model, please?
>
>
>
> priv commands need a software image to work...
>
>
>
>
>
> snmp-server engineID local AA5ED139B81D4A328D18ACD1
>
> snmp-server group readGroup v3 priv
>
> snmp-server group writeGroup v3 priv read v1default write v1default
>
> snmp-server user readUser readGroup v3 auth md5 authpwdread priv des56
>
> privpwdread
>
> snmp-server user writeUser writeGroup v3 auth md5 authpwdwrite priv des56
>
> privpwdwrite
>
> snmp-server enable traps port-security
>
> snmp-server enable traps port-security trap-rate 1
>
>
>
>
>
> Tks,
>
> Marlon
>
>
------------------------------------------------------------------------------
> What You Don't Know About Data Connectivity CAN Hurt You
> This paper provides an overview of data connectivity, details
> its effect on application quality, and explores various alternative
> solutions. http://p.sf.net/sfu/progress-d2d
> _______________________________________________
> Packetfence-users mailing list
> Packetfence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
>
>
------------------------------------------------------------------------------
> Colocation vs. Managed Hosting
> A question and answer guide to determining the best fit
> for your organization - today and in the future.
> http://p.sf.net/sfu/internap-sfd2d
>
> _______________________________________________
> Packetfence-users mailing list
> Packetfence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>
> --
> Francois Gaudreault, ing. jr
> fgaudrea...@inverse.ca  ::  +1.514.447.4918 (x130) ::  www.inverse.ca
> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
> (www.packetfence.org)
>
>
------------------------------------------------------------------------------
> Colocation vs. Managed Hosting
> A question and answer guide to determining the best fit
> for your organization - today and in the future.
> http://p.sf.net/sfu/internap-sfd2d
> _______________________________________________
> Packetfence-users mailing list
> Packetfence-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
>
>

------------------------------------------------------------------------------
Enable your software for Intel(R) Active Management Technology to meet the
growing manageability and security demands of your customers. Businesses
are taking advantage of Intel(R) vPro (TM) technology - will your software 
be a part of the solution? Download the Intel(R) Manageability Checker 
today! http://p.sf.net/sfu/intel-dev2devmar
_______________________________________________
Packetfence-users mailing list
Packetfence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users