GANYMEDE configuration on a 1900
Forgive me if this question belongs on the Forum of General safety
I read the Document ID:9906 configuration GANYMEDE + on the catalyst 1900.
I have a 1924 configuration that has GANYMEDE on it. The switch is not on my network yet... I use a cable from the console to configure. I tftp config running on in NVRAM. Some how in the process, I have a level 15 password enable xxxxx left in the config.
When I log in the sw and go into enable mode... Ganymede should expire several times until I can get in.
My question has to do with enable secret password vs have enable password level 15
Right now I have both... To make my configurations correspond to what is in the rest of my network that is online, I need to remove the level 15 of the enable password xxxx (xxxx pretending is the pw) command because its pw is not encrypted.
Which leaves me with the password enable secret lonely.
My concern is when I take off the level of password enable 15... I am not able to get back into my switch!
Enable-use-Ganymede
and
password server GANYMEDE last resort
are both in my configuration
Can I take the xxxx level 15 password enable leaving the enable secret in and not locked switch?
Keep in mind that the 1924 is not on my network yet... I have to drive hundreds of miles to install it and don't want to get in trouble when I'm there with her.
Thanks for your help.
Hello
The main difference between the enable password and the enable secret password is that the encrypted enable password uses a reversible encryption function and the password plaintext can be recovered by using the encrypted password. The secret password enable, however, uses a non-reversible encryption function.
Is the only time where the enable password is used if the enable secret password is disabled (or you are using an old image that does not support the enable secret password).
Therefore, it should be perfectly safe to remove the enable password. You will not get locked switch as long as you know the enable secret password.
Hope that help - rate pls post if it does.
Paresh
Tags: Cisco Security
Similar Questions
-
Reg: Ganymede configuration
Hi all
I'm trying to configure the authentication of routers around 300 by Cisco GANYMEDE, AAA I installed acs4.2 on a windows Server 2003 and updated as a result of orders from AAA in the router, the RADIUS server host and the key on trialrouter
AAA new-model
!
!
AAA authentication login default group Ganymede + local
NO_AUTHEN AAA authentication login no
AAA authorization config-commands
AAA authorization exec default group Ganymede + authenticated if
NO_AUTHOR AAA authorization exec no
AAA authorization commands 1 default group Ganymede + authenticated if
AAA authorization commands 1 NO_AUTHOR no
AAA authorization commands 15 default group Ganymede + authenticated if
AAA authorization commands 15 NO_AUTHOR no
AAA authorization network series none
AAA accounting exec default start-stop Ganymede group.
accounting AAA commands default 15 stop only Ganymede group.
!
AAA - the id of the joint session
then I created a user and mentioned a secret key on the acs server, I added this router as an AAA client, the router no longer meets the old login name and password but did not username set to GBA, where I am a mistake? Kindly help.
Thank you.
ANU,
Are you Ganymede username-password prompt?
If you get the username-password prompt and it isn't taking Ganymede credentials, could you please connect with the local user name-password and run him debugs.
debugging Ganymede
Debug aaa authentication
term Lun
After this attempt to connect again with Ganymede username-password and send me the output.
Fix the failure of GBA attemopts > reports and activity.
HTH
JKThe rate of useful messages-
-
Hello
I am trying to build a Ganymede + config on my network devices. I have an ACS do the authentication. I want to do is to have GBA authenticate my users and allow them access. However, I would like to leave a console access using both local and local user name select the password so that I have a backdoor in case of future problems. I have everything working except the ability to go to activate the console mode using the local enable password. I get an auth error, because I think that the device tries to ACS auth password enable result:
the AAA authentication enable default group Ganymede + activate
I can get around it by applying a level 15 privlive to next line directly in the activation of the mode, but it seems less sure.
Any ideas?
Here's my config relevent bits (and I don't have a local user name and enable defined)
AAA new-model
AAA authentication login default group Ganymede + local
AAA authentication local console connection
the AAA authentication enable default group Ganymede + activate
default AAA authorization exec group Ganymede + local no
Console exec AAA local authorization
0 default AAA authorization commands group Ganymede + local no
default 1 AAA authorization commands group Ganymede + local no
default 15 AAA authorization commands group Ganymede + local no
AAA accounting exec default start-stop Ganymede group.
orders accounting AAA 0 arrhythmic default group Ganymede +.
orders accounting AAA 1 by default start-stop Ganymede group.
orders accounting AAA 15 by default start-stop Ganymede group.
AAA - the id of the joint sessionLine con 0
password 7
console login authenticationThanks in advance
Hi Rose,
Unfortunately, there is no way to apply a specific method list for the enable authentication to apply to the console.
Named method list for enable authentication is not supported.
Regards,
~JGDo rate helpful posts
-
GANYMEDE for VTY &; Console
Hello
I am creating a GANYMEDE configuration that will make sure that when you log on to the CONSOLE or VTY you get GANYMEDE challenge and if the RADIUS server is down then switch to the user/password local and local enable password.
Please notify that I have followed Cisco best practices that will help many others to follow;
Thank you and best regards,
Cisco username secret cisco123
Enable secret cisco456
AAA authentication login network access group Ganymede + local
the AAA authentication enable default group Ganymede + activate
AAA authorization exec default group Ganymede + local is authenticated by any
AAA authorization commands 1 default group Ganymede + if authenticated by any
AAA authorization commands 15 default group Ganymede + local authenticated by if (what is the difference between this and just below command & which command to use)
or
default 15 AAA authorization commands group Ganymede + none
AAA accounting exec default start-stop Ganymede group.
orders accounting AAA 1 by default start-stop Ganymede group.
orders accounting AAA 15 by default start-stop Ganymede group.
line vty 0 15
connection of network access authentication
0 line console
connection of network access authentication
T1) your configuration should work for both types of users.
Q2) authorization and accounting at all levels will increase the volume of network traffic and increase the need for storage on the server. You must decide on the basis of your organization and your needs if the additional traffic and the increased storage is justifiable.
HTH
Rick
-
Hi Expert,
I have two switches, the switch has problem when I run the GANYMEDE configuration. I have two servers and be able to ping the server success. I have a doubt when I read the description in the Cisco docs. Please help identify the cause. Thank you and enjoy using.
switch02 #test aaa group Ganymede + btela77 Aug2011b legacy
% Failed authorization.
I run the show found Ganymede socket error:
switcho02 #show Ganymede
GANYMEDE + server: 10.52.0.158/49
Opening of socket: 4
Firm grip: 4
Write-offs of socket: 0
Socket errors: 4
Socket timeout: 0
Failed connection attempts: 0
Total packets sent: 4
Recv packets total: 4
GANYMEDE + server: 10.51.65.94/49
Opening of socket: 3
Firm grip: 3
Write-offs of socket: 0
Socket errors: 0
Socket timeout: 0
Failed connection attempts: 0
Total packets sent: 0
Recv packets total: 0
Can you try again the switch with a problem and then check on the RADIUS server and see if the server has nothing in his diary of the failed attempts in this regard?
HTH
Rick
-
AAA in switches routers vs (on Cisco IOS)
I have AAA with GANYMEDE + configured on a router in this way:
AAA login authentication default group Ganymede + local-case allow
the AAA authentication enable default group Ganymede + activate
Enter the same configuration on a switch (switches in general)?
What accounting? I have the same accounting configured on the router and switch?
for the switch I need to allow angling of the console of accounting services?
example:
Line con 0
accounting of the default commands 15
accounting exec failure
so, in the configured router Ihave accounting but not applied to interfaces for example) console, vty... as soon as the accounting is enabled on the router, it is automatically applied to all interfaces if I use the default method list? and is it true for switches?
Hi Nathan,
Whether router/Switch commands AAA for both work sense.
And you have "default" reason means that it will be applied on all interfaces on routers, as well as on the switch. You do not have to specify explicitly as:
Line con 0
accounting of the default commands 15
accounting exec failure
There is no need, as you say once again to search the accounting list 'default', which if we have already set up will look the same.
Terefore only commands that you specify is:
Accouting AAA commands default 0 arrhythmic group Ganymede +.
AAA accouting orders 1 by default start-stop Ganymede group.
AAA accouting orders 15 by default start-stop Ganymede group.
As a default we orders on three levels of privilege on IOS devices. Level of 0.1 and 15.
It can be useful :)
-
Out-of-band access (modem) to IDSM2 blade
We will soon have a few strands of IDSM2 distributed geographically. My company security group does not control the Cat 650 x switch as such, and I would like to know if there is some way we could get access to consoles (modem) to the IDSM2 blade only (without getting to the switch).
If this is not possible, is there a common console connection that must be shared between the infrastructure group and the security group? is it possible for us to share access modem/console as well as the separation of privileges?
Your help is appreciated. Thank you
The JOINT-2 itself is not a port of the console.
Options to access the JOINT-2:
(1) a user can access console switch and the switch CLI, the user can JOINT-2 session. This would require a physical connection to the switch via a console port (or terminal server) and passwords to access the switch and the JOINT-2.
(2) a user could connect to the switch via a modem and the switch CLI user can sesion at the JOINT-2. This would imply a connection by modem to the switch and the passwords to access the switch and the JOINT-2.
(3) a user could telnet or ssh to the switch and the switch CLI user can JOINT-2 session. This would require network connectivity to the ip address of the switch itself and passwords for the switch and JOINT-2.
(4) a user could SSH directly to the JOINT-2 command and control the IP address. This would require network connectivity to the command and control of the IDSM2 ip address and require only passwords for JOINT-2 itself.
(5) similar to the number 4 above, the user could telnet directly to the JOINT-2.
(6) a user could browse the Web (HTTPS) to the JOINT-2 command and control IP address to access the IDS Device Manager. This would require network connectivity to the command and control of the IDSM2 ip address and require only passwords for JOINT-2 itself.
-------------
During the initial installation of the JOINT-2, options 4,5 and 6 cannot be used. This is because the JOINT-2 comes with a standard default ip address that is not likely available. For the initial Setup, the user must session from a CLI switch.
However, once that the "setup" command was run on the JOINT-2 and the configuration of the JOINT-2 switch to place in the vlan correct for the IP JOINT-2 command and control, then the JOINT-2 accessible directly on the network via options 4,5 and 6.
Once the initial Setup is complete, the day-to-day management of the JOINT-2 can be made through direct network access, so there is no need to access the switch.
The only time wherever the switch will have to be consulted again is to configure the sending of packets to the JOINT-2 (usually done with the initial setup and rarely changes) and reset the module or reload a new image on the module in case of major problems. (Note that the standard upgrades can be performed via direct access to the network without access to the switch).
If some users choose to work in collaboration with the team of the switch during initial setup and during periods of trouble shootin.
And will just use the direct access via ssh or telnet to the JOINT-2 for the activity on the day the day.
Other groups have used GANYMEDE + to provide a userid on the switch to the security team. Via GANYMEDE + configuration entries, the Userid for the security team may be limited to the execution of only the commands that are required to maintain the JOINT-2.
The user ID could be used to connect through the network to the switch, or connect on the console switch or a modem connected to the switch.
If you fear that repeatedly when the network connectivity between your main site and the remote site is down, so have you considered adding a PC on the remote site, which would be on the same network as the command and control of JOINT-2 address?
You could put a modem in the PC and then when you need to dial in the PC and the PC would be able to telnet or ssh to the IP address of the JOINT-2.
-
ACS 5.1 integration with WLC
Hello
can someone help me find a document for ACS 5.1 appliance, integration GANYMEDE + (configuration) with my WLC. configuration of RADIUS also for clients.
all configuration of wireless controller shows only acs 4.x integration.
Thanks in advance
Hello
There is unfortunately no official configuration example for this right now.
Haowever, you can view these screenshots I took an example of laboratory, to set up the profile of shell and pass it back due to the authorization rule.Hope this helps,
Fede
--
If this helps you or answers to your question if it you please mark it as 'responded' or write it down, if other users can easily find it. -
in PIX with SSH connection issues
Hello
I have a PIX 506 running OS 6.2 (2) which is located in a demilitarized zone known as the PIX from the outside. It's behind an another PIX506 (PIX inside). The two PIX have Ganymede + configured for authentication of the connection.
Last week the outdoor PIX crushed physically and I replaced it with a spare PIX part and he completely reconfigured.
Now I can't connect to this outside PIX using SSH, despite the list of access inside PIX is correct and can SSH and Ganymede +. However, I can telnet to it.
I use Putty to connect and when I start the session SSH from the PIX, the login window appears and disappears immediately without having the time to do anything myself.
Any help would be greatly appreciated. Thanks in advance.
A.G.
##################################################
Inside PIX config:
access-list inside allow TCP Company-Interior-Net 255.255.255.0 host outsidepix-Interior-interface eq ssh
list Company-Interior-Net 255.255.255.0 access inside permit tcp host eq telnet interface-inside-outsidepix
access-list inside allow the ICMP messages to echo DMZNet 255.255.255.192 Company-Interior-Net 255.255.255.0
access-list inside allow Company-Interior-Net icmp 255.255.255.0 DMZNet 255.255.255.192 - response to echo
dmzacl list of access allowed icmp echo host outsidepix-Interior-interface company-Interior-Net 255.255.255.0
dmzacl list of access allowed icmp host outsidepix-Interior-interface company-Interior-Net 255.255.255.0 - response to echo
access-list permits dmzacl tcp host outsidepix-Interior-interface host Ganymede-server1 eq Ganymede
access-list permits dmzacl tcp host outsidepix-Interior-interface host Ganymede-server2 eq Ganymede
The outdoor PIX config:
GANYMEDE + Protocol Ganymede + AAA-server
AAA-server GANYMEDE + (inside) host Ganymede-server1 1234 timeout 10
AAA-server GANYMEDE + (inside) host Ganymede-server2 1234 timeout 10
RADIUS Protocol RADIUS AAA server
AAA-server local LOCAL Protocol
Console telnet authentication GANYMEDE AAA +.
the AAA console ssh GANYMEDE authentication +.
AAA authentication enable console GANYMEDE +.
Telnet Company-Interior-Net 255.255.255.0 inside
Telnet timeout 5
SSH-company-Interior-Net 255.255.255.0 inside
SSH DMZNet 255.255.255.192 inside
SSH timeout 5
did you follow the steps to configure ssh? the domain name and host name is defined on it? CA has generated you any rsa... to create the encryption keys?
-
How the device select radius-server
Hi guys,.
We have the existing Ganymede configuration to form our devices and server ACS 2 did. the acs server are managed with other suppliers that the acs server is on their site. Now intended to manage the acs server. We installed a new server CSA of our location, we have thousand of the devices, if we move to the new server we just add the acs unit 2 Server? the new acs server will be are able to connect to the device? How a device chooses which acs primary or secondary server? Please notify.
Old configuration
AAA new-model
AAA authentication login vtymethod group Ganymede + local
AAA authorization config-commands
AAA authorization exec default group Ganymede + local authenticated by FIS
AAA authorization commands 0 default group Ganymede + local authenticated by FIS
15 AAA authorization commands default group Ganymede + local authenticated by FIS
AAA accounting send stop-record an authentication failure
AAA accounting exec default start-stop Ganymede group.
orders accounting AAA 0 arrhythmic default group Ganymede +.
orders accounting AAA 15 by default start-stop Ganymede group.
Default connection accounting AAA power Ganymede group.
AAA accounting system default start-stop Ganymede group.
Ganymede IP source-interface Loopback0
RADIUS-server host 10.x.x.x
RADIUS-server host 10.x.x.x
New config
AAA new-model
AAA authentication login vtymethod group Ganymede + local
AAA authorization config-commands
AAA authorization exec default group Ganymede + local authenticated by FIS
AAA authorization commands 0 default group Ganymede + local authenticated by FIS
15 AAA authorization commands default group Ganymede + local authenticated by FIS
AAA accounting send stop-record an authentication failure
AAA accounting exec default start-stop Ganymede group.
orders accounting AAA 0 arrhythmic default group Ganymede +.
orders accounting AAA 15 by default start-stop Ganymede group.
Default connection accounting AAA power Ganymede group.
AAA accounting system default start-stop Ganymede group.
Ganymede IP source-interface Loopback0
RADIUS-server host 10.x.x.x
RADIUS-server host 10.x.x.x
RADIUS-server host 100.x.x.x<-->-->
RADIUS-server host 100.x.x.x<-->-->
Hi m.,.
N ° not round robin.
It checks the first IP address. It checks only the following IP address if one has failed.
I hope it's clearer now
Rating of useful answers is more useful to say "thank you".
-
GANYMEDE + configured on the router and the router is in ACS. I can ping from the ACS, but the router cannot establish a connection to authenticate users.
AAA server Ganymede group + hq_acs-1
Server 10.20.17.2
Ganymede IP source-interface GigabitEthernet0/0
!
AAA authentication login default group Ganymede + local
AAA authorization config-commands
AAA authorization exec default group Ganymede + local
AAA authorization commands by default group Ganymede + local 10
AAA authorization commands 15 default group Ganymede + local
nested AAA accounting
AAA accounting newinfo periodic update 60
AAA accounting auth-proxy default start-stop Ganymede group.
AAA accounting exec default start-stop Ganymede group.
orders accounting AAA 15 by default start-stop Ganymede group.
AAA accounting network default start-stop Ganymede group.
Default connection accounting AAA power Ganymede group.
AAA accounting system default start-stop Ganymede group.
AAA accounting resource by default start-stop Ganymede group.
BigTree_3945 #sh ip int br
Interface IP-Address OK? Method State Protocol
GigabitEthernet0/0 10.4.3.1 YES NVRAM low low
GigabitEthernet0/1 10.12.10.26 YES NVRAM up up
Serial0/2/0 unassigned YES NVRAM low low
Serial0/2/0.602 10.12.15.10 YES NVRAM low low
11:08:13.673 Apr 13: MORE: Queuing AAA request authentication 79 for the treatment
11:08:13.673 Apr 13: MORE: treatment demand beginning 79 authentication id
11:08:13.675 Apr 13: MORE: authentication start package created for 79 (cisscdb)
11:08:13.675 Apr 13: MORE: using the 10.20.17.2 Server
11:08:13.675 Apr 13: HIGHER (0000004F) / 1BDD9C34/NB_WAIT/0: started 5 sec timeout
11:08:18.676 Apr 13: HIGHER (0000004F) / 0/NB_WAIT/1BDD9C34: expired
11:08:18.676 Apr 13: HIGHER (0000004F) / 1BDD9C34/NB_WAIT/0: expired, cleaning
11:08:18.676 Apr 13: HIGHER (0000004F) / 0/1BDD9C34: the package of treatment response
11:08:25.834 Apr 13: MORE: Queuing AAA request authentication 79 for the treatment
11:08:25.834 Apr 13: MORE: treatment demand beginning 79 authentication id
11:08:25.834 Apr 13: MORE: authentication start package created for 79 (cisscdb)
11:08:25.834 Apr 13: MORE: using the 10.20.17.2 Server
11:08:25.834 Apr 13: HIGHER (0000004F) / 1BDD9C34/NB_WAIT/0: started 5 sec timeout
11:08:30.836 Apr 13: HIGHER (0000004F) / 0/NB_WAIT/1BDD9C34: expired
11:08:30.836 Apr 13: HIGHER (0000004F) / 1BDD9C34/NB_WAIT/0: expired, cleaning
11:08:30.836 Apr 13: HIGHER (0000004F) / 0/1BDD9C34: the package of treatment response
11:08:43.689 Apr 13: TAC: using default Ganymede groups ' Ganymede"list."
11:08:43.689 Apr 13: TAC +: opening TCP/IP 10.20.17.2/49 Timeout = 5
11:08:51.057 Apr 13: MORE: Queuing AAA request authentication 79 for the treatment
11:08:51.057 Apr 13: MORE: treatment demand beginning 79 authentication id
11:08:51.057 Apr 13: MORE: authentication start package created for 79 (cisscdb)
11:08:51.057 Apr 13: MORE: using the 10.20.17.2 Server
11:08:51.057 Apr 13: HIGHER (0000004F) / 1BDD9C34/NB_WAIT/0: started 5 sec timeout
11:08:54.692 Apr 13: TAC +: TCP/IP open to 10.20.17.2/49 failed - connection has expired; remote host does not
11:08:54.692 Apr 13: MORE: Queuing AAA accounting request treatment 76
11:08:54.692 Apr 13: MORE: treatment of the accounting application id 76
11:08:54.692 Apr 13: MORE: sending AV task_id = 332
11:08:54.692 Apr 13: MORE: sending AV timezone = EDT
11:08:54.692 Apr 13: MORE: AV = shell shipping service
11:08:54.692 Apr 13: MORE: sending AV start_time = 1334329734
11:08:54.692 Apr 13: MORE: sending AV priv-lvl = 15
11:08:54.692 Apr 13: MORE: sending AV cmd = show logging
11:08:54.692 Apr 13: MORE: request for accounts created for 76 (n20j03t)
11:08:54.692 Apr 13: MORE: using the 10.20.17.2 Server
11:08:54.692 Apr 13: HIGHER (0000004C) / NB_WAIT/1/20FD90EC: started 5 sec timeout
11:08:56.058 Apr 13: HIGHER (0000004F) / 0/NB_WAIT/1BDD9C34: expired
11:08:56.058 Apr 13: HIGHER (0000004F) / 1BDD9C34/NB_WAIT/0: expired, cleaning
11:08:56.058 Apr 13: HIGHER (0000004F) / 0/1BDD9C34: the package of treatment response
11:08:59.693 Apr 13: HIGHER (0000004C) / NB_WAIT/1/20FD90EC: expired
11:08:59.693 Apr 13: HIGHER (0000004C) / NB_WAIT/1/20FD90EC: expired, cleaning
11:08:59.693 Apr 13: 1/HIGHER (0000004C) / 20FD90EC: the package of treatment response
BigTree_3945 #.
The AAA Client IP address
10.4.3. * 10.12.15.10
Key
Group of network devices
Test
NJT
AccessLink
(Not assigned)
Authenticate using
GANYMEDE + (Cisco IOS)
RADIUS (Cisco Aironet)
RADIUS (Cisco BBSM)
RADIUS (Cisco IOS/PIX)
RADIUS (Cisco VPN 3000)
RADIUS (Cisco VPN 5000)
RADIUS (IETF)
RADIUS (Mount)
RADIUS (Juniper)
RADIUS (Nortel)
RADIUS (Sepi)
Connect GANYMEDE + single AAA Client (stop recording in accounting in case of failure).
The 10.12.10. range * is listed under the HQ site.
Your help is greatly appreciated.
You said that you can ping the router ACS, have you tried the GigabitEthernet 0/0 interface packages (that is those THAT GANYMEDE + will attempt to use, given the configuration you have posted) supply?
What is the network path between the router and look like ACS (IE, a firewall, NAT, etc.)?
Can you connect to port 49 to the IP address of the router GBA, GigabitEthernet 0/0 of supply packages?
Using VRF?
Which version of IOS?
-
Satellite 1900-303: 2 location is configurable?
I have a satellite 1900-303 and I ask someone to tell me, please, if the memory expansion slot 2 is configurable. If this is the case, for what? To share the video memory?
I saw on a site that is configurable, but on the users manual is not mentioned that and I need to be sure before you buy another memory module.[Edited by: admin on 8 January 06 19:16]
Hello
Your device has no shared memory option and all of the memory is identified as system memory. Adding a new module of memory is very good idea due to the performance of the system.
Good bye
-
GANYMEDE + with 3560 cisco switch configuration issue
Hi Forum,
Here's my setup GANYMEDE + on my cisco 3560 switch and my question is, how can I configure the switch, if I would not type enable after I put the user name and password? with configs below, users will need to type activate whenever they connect to the switch in order to enter the user exec mode. Please let me know if there is something missing in my configs to help me avoid typing 'enable '.
Thanks in advance,
MacBookAir: ~ MacBook$ ssh [email protected]/ * /.
Password:
Switch > en
Switch #show run | include the aaa
AAA new-model
AAA server Ganymede group + mpcc
AAA authentication login default group Ganymede + local
activate the default AAA authentication no
AAA authorization exec default group Ganymede + authenticated if
AAA authorization commands 1 default group Ganymede + authenticated if
AAA authorization commands 15 default group Ganymede + authenticated if
start-stop radius group AAA accounting dot1x default
AAA accounting exec default start-stop Ganymede group.
orders accounting AAA 1 by default start-stop Ganymede group.
orders accounting AAA 15 by default start-stop Ganymede group.
AAA accounting system default start-stop Ganymede group.
AAA server RADIUS Dynamics-author
AAA - the id of the joint session
Switch #.
Hello
Add the level of privilege 15 control VTY line configuration.
line vty 0 4 [..] privilege level 15 !
Concerning
-
A configuration user ACS - GANYMEDE + activate password
When a user logs on for the first time that I need to go in the change and configuration of the user the GANYMEDE + activate password of "password separate use" for 'use password database external' - how can I do this by default?
Once this change has been made, everything works fine but I want this piece to be automatic.
Thank you very much!
It is certainly a change that would be useful - which is a group of installation command option that allows global configuration of the enable command to use the same password as external DB password. Unfortunately at the moment, this option is not available.
Jeff
-
PIX configuration as a blocking device w / GANYMEDE + authentication
Hello
I have a PIX running version 6.3 (1). The PIX is configured to use a Server 3.1 CSACS AAA authentication and authorization more GANYMEDE +. The sensor is 2.0000 Sig46 running.
Before adding AAA for the PIX, the sensor has been able to connect and set up to Shun correctly. Since the addition of the configuration of the AAA for the PIX, I was unable to get the sensor to connect to the PIX for fleeing.
I created a login and password with rights admin for the IDS sensor connect to create leaks. I could authenticate and build manually fled via a Telnet and SSH connection using this connection. I tried to remove and re-add lock several times.
When I configure the PIX as a blocking Telnet device, I see the State of the Net as "initializing" device when you look at the statistics of the IDM. When I configure the PIX as a SSH blocking device-, I consider the State as "inactive".
Please let me know if you have any suggestions - if not I guess I will open a case with TAC. Thanks in advance for the help!
Kind regards
Chad
Make sure the PIX is in the list of allowed hosts. From the cli, type
end of config
SSH - key host (ip interface pix)
Check that you have associated the pix of polarity
logical device. The logical device record contains the username,
password password and activate. Using IDM, it is selected in a
drop-down list on the page of blocking devices.
Maybe you are looking for
-
I tried to tap three fingers on the trackpad to find the definition of a word in an article. It did not work. How can I put a definition of the word in an article published in El Capitan? I googled this question and he said to three fingers on the
-
HP laptop: unable to identify the lan cable connection
Microsoft Windows [Version 6.3.9600](c) Microsoft Corporation, 2013. All rights reserved. Rodriguez C:\Users\anshu > ipconfig/all Windows IP configuration Name of the host...: fadigaPrimary Dns suffix...:Node... type: mixedActive... IP routing: No.Ac
-
Vista wants to be restalled after SP2 has tried and has no automatic installation
I'm currently running Vista and I was getting the auto update SP2, when the installation failed and my machine came with a window indicating that it was returning about to restore. Then it didn't and now being asked to reinstall Vista. Is there a fix
-
Can my MG6320 to connect wired and wireless at the same time?
I have a MG6320 on a wired / wireless internal - can he connect both at the same time, or what I have to choose one or the other?
-
my 11.4r402 of flash player from adobe has stopped working
It indicates a problem caused blocking the program works correctly, so windows closed the program and will warn me if a solution is available. He never has. Also 8 updates will not update. What should I do?