I need to attack a Cisco switch on my network
Hi all
I came in a new acquisition of site. The site bought a Cisco 2960 switch from a contractor and paid him to install a few years ago. When the site came under our ownership, I asked them to get the login information from the contractor for the switch. His response has been more or less, "its configuration is fine, you don't need access." See you, we OWN the switch and the work he was hired to do was completed years ago.
In any case, I'm tired of the back and just so I would just brute force. I'm sitting in the USA, and the switch is in India. My infrastructure is as follows for this connection.
My PC - ASA 5520 - VPN - ASA 5505 - Cisco 2960 Switch
There access connection configured for regular HTTP on port 80 only, so erase the text. My subnet is allowed after the two firewalls. Is it possible that I can make this happen from a remote site, or what I need to be on the local network?
The easiest thing is to have someone on the site connected to the console with a terminal session port and share their screen with you. They may need to use a mobile hotspot if the switch is the only connectivity they have on-site.
Then power cycle the switch and follow the password recovery procedure.
Tags: Cisco Security
Similar Questions
-
To apply a Cisco 3560 Switch in my network
Can someone help me to solve my problem?
I have a Cisco switch catalyst 3560 that I need to implement in my network and I want to do is to have 3 different VLANS created and use them to separate and test.
Is it possible to do only a single switch?
Hello
It is a community of user to user of Toshiba.
I put t know how your problem is connected to a Toshiba laptop, but if you have problems with the Cisco product, I recommend you visit the support page for Cisco to get support for this device.
-
Why I can't command show running on cisco switch
On a single switch, I found that some commands because they show execution or copy running-config tftp: on cisco switch WS-C2960X-24TS-L does not work it see more below. How I can use the command then show generally. Thank you.
Building1_FAA_6F_SW3 #sh run
Building configuration...Current configuration: 100 bytes
!
! No change since the last restart configuration
!
boot-start-marker
boot-end-marker
!
!
!
!
!
!
end---------------------------------------------------
Building1_FAA_6F_SW3 #copy running-config tftp:
^
Invalid entry % detected at ' ^' marker.OK, so the information you provided in your latest messages confirm that the privilege level you get via telnet/vty is different from the one you get via the console. This is due to the configuration of AAA which applies to the vty ports but not on the console port.
So if you want the same rules apply to the console port, then you must configure the port console for AAA as well.
If you don't want these rules then you need to remove the AAA configurations. The best way to remove these is by typing 'no new aaa - model' However, careful not to lock you out of the unit. Make sure you have local accounts with the privilege level 15 and you also know the active password/secret.
I hope this helps!
Thank you for evaluating useful messages!
-
Configuration Wireless 3G as online backup with cisco switch layer 3?
Hi all
We have an existing GPRS modems for data transfer between 2 different sites, this connection is a bit slow to no more than approximately 114 Kbps, the idea is to add a 3G modem, so the solution will be based on a two-way communication lines which are 3G network and the GPRS network.
The line GPRS will be the main and 3G will be secondary, this redundancy offers a high level of availability of communication between the two sites.
is it possible to configure this redundancy with a cisco switch layer 3? If this is the case do you have a tutorial or a link which explain how to do this work with a layer switch 3 ciso?
all information will be useful for me, thanks
Hello
The config is one provided by anisaini, but you need to change your NAT like this:
IP nat inside source MAIN interface map route x/x main interface
IP nat inside source route-map interface o/o interface secondary SCHOOL
Interior int z/z interface
IP nat inside
int x/x
NAT outside IP
int y/y
NAT outside IP
access-list 99
permit x.x.x.x y.y.y.y where x.x.x.x is your home subnet addresses and y.y.y.y is the corresponding generic mask
PRIMARY route map
match ip add 99
match interface x/x
SECONDARY route map
match ip add 99
game interface y/y
Concerning
Alain
Remember messages useful rate.
-
Need help to check the switch VMNIC and VNIC DVS mapping...
Need help to check the switch VMNIC and VNIC DVS mapping...
I checked the command net-dvs, but it was not useful.
Thank you
Ravinder Singh...
You do not have access on the interfaces between itself or this info is not visible in vCenter? Probably, you should talk to one who is in charge of your nexus dvSwitch.
I don't know how it works on the nexus 1000v switch, but the output of the net-dvs provides information on balancing policy for all ports (note that he understands the uplink ports that may still occur as "port id of virtual source"):
# net-dvs. "grep EI ' (Balancing | port)"
port 320:
source port = load balancing virtual id
port 321:
source port = load balancing virtual id
port 177:
source port = load balancing virtual id
You should also be able to enter this info from esxcli, but I don't know if there is a hook to esxcli for the link. Perhaps, you can branch off with cisco of dvs esxcli vswitch network or something. On the dVS of vmware, you could do:
# esxcli dvs lacp vmware vswitch network status
LACP is disabled on DVSwitch.
# esxcli dvs lacp get config vmware vswitch network
DVS name LAG ID cards active network Mode
------------ ------ ------------- ------- ----
Vmnic1 Some_DVSwitch 0, vmnic3 false
-
Turn on the mtu on cisco switch and cisco user server
Hi all
someone got bad luck turning on the mtu on their cisco switch? I guess I need to turn it on for all because the command is for all ports on cisco catalyst and my server switch is nearby to my user of switches and a broadband bandwidth 6 G or 6 ports, I need to turn it on for all user ports?
Thanks for any comments, that you can add.
I assume you mean Jumbo frame support! You shouldn't have any problems with that. Please take a look at for example http://www.cisco.com/en/US/products/hw/switches/ps700/products_configuration_example09186a008010edab.shtml for more details and the configuration of the different switches. According to the model, the parameters are for dedicated ports only or the entire switch. In the case of the switch everything you will need to reload (reboot) switch, so be careful.
André
-
I would like to know if the compatibility for the storage matrix Dell is updated regularly, especially for cisco switches.
We seek to deploy a few PS6210 with 10G connectiivity and here for use with switches Cisco 4500 X series. However these are not included in the doc. There are a few cisco switches that are the end of life (4948 and some nexus switches).Hello
Yes the guide is updated regularly, usually monthly or updates are available.
Since the x 4500 is not a Nexus series switch, you looking for correct DCB support?
In this case these Dell 'Level 3' offers better support for resonable effort. I'll make sure that use you the latest firmware IOS and EQL. There are other switches catalyst IOS in the guide. Configure it in this sense would be a great place to start. Ideally, the switch dedicated for iSCSI use, not VLANd with other types of traffic.
If you can first test before production, then support can see table diagnosis and SANHQ archive for any signs of network related issues. (retransmit rate and types for example)
Kind regards
-
To the main unit Infrastructure Cisco switch port
Hello.
I had a doubt as to the Port of the Switch in my Cisco Switch for a camera of the first Infrastructure.
This port must be a Switchport to access or a Switchport Trunk?
What is your recommendation on this subject? What is best practice?
Thank you very much.
Access port should work fine. You do not configure a VLAN on the device itself, just the IP address / subnet and default gateway.
Thank you
Ric
-
Circuits on Cisco Switch SG200-50
Hi all
I'm trying to inter vlan routing using Cisco Switch SG200-50 with router Cisco 1941. The router I created three subinterface for VLAN1, 2, 3 and VLAN1 is vlan native. I have a LWAP with Cisco WLC connected to the same switch. I have activated assignemnet vlan dynamic using Windows /NPS. RADIUS Wireless successfully user can authenticate as well the vlan is assigned, but unable to ping the router subinterface.
On the switch, you must activate the trunk port connected to the router ports and AP, tried all means, what makes the trunk port and General, nothing worked. users are unable to ping the gateway.
If you have worked on this switch, pls help how to on this subject.
If the Cisco technical support team can help me, that would be great
Thanks in advance
Concerning
Joe
Hi Joseph, creating a general port and disable the input filter and label properly login vlan. Also make sure your sub interface are dot1q.
-Tom
Please mark replied messages useful -
C300 Cisco switches when Cisco is considering additional CDP?
Dear all,
When Cisco plans to support CDP on C300 switches?
I have it configured with LLDP based on the document "Adding a Cisco Switch series of 300 Business from small to SBCS 2.0", but this isn't the perfect according to me
Kind regards
Vellum Tsekov
Vellum,
We are very close. We anticipate releasing the firmware supporting CDP, CLI and several other new features this month - June 2011.
Ivor
-
Web authentication with RSA SecureID on a Cisco Switch
Hello
I recently searched by linking in our Cisco Switch of GB 2960 S with RSA SecureID via Radius
I already managed to tie in to ssh access
but I failed to make it work for http / web access to the switch
I think it's because we use 'single use' maximum security with RSA SecureID tokens
the web interface tries to authenticate several times against the Radius server RSA SecureID part
(agreement on the first authentication, but every time after that he's going to want a different code in token)
I was wondering if anyone knew a way around this? (if there is a way to get the right switch authenticate once instead of multiple times the radius server)
FYI, the switch is a WS-C2960S-24TS-L with IOS 15.0 (1) SE2
Hello Chris,
You can test the following configuration?
AAA webtac_grp radius server group
Server
expiration of cache 1
authorization cache profile httpauth
hiding authentication profile httpauth
!
AAA authentication login httpauth cache webtac_grp group webtac_grp
AAA authorization exec httpauth cache webtac_grp group webtac_grp
AAA authorization network httpauth cache webtac_grp group webtac_grp
AAA cache profile httpauth
all the
IP http server
IP http authentication aaa - authentication of the connection httpauth
IP http authentication aaa exec-authorization httpauth
RADIUS server host key *.
I know for sure the above configuration works when you use GANYMEDE + instead of RADIUS in order to avoid multiple guests due to the authentication of JAVA Applets to access the GUI of the IOS. I him have not tested against RSA acting as an authentication server.
NOTE: As "aaa authorization exec" is configured the RSA should send Service-Type attribute with administrative value for it to work as expected.
If this was helpful please note.
Kind regards.
-
MacBook as Cisco Switch profiles in 2.1
I'm experimenting with trying to Mac to the profile to the ISE. 2.1. I tried installing AnyConnect, and for some reason he sees it as a Nexus 7000 switch.
Here's the debug info
Attribute: AAA-server value: ise-2
Attribute: Airespace-Wlan-Id value: 5
Attribute: AllowedProtocolMatchedRule value: EAP_Chaining_Wireless
Attribute: AuthenticationMethod value: MSCHAPV2
Attribute: AuthorizationPolicyMatchedRule value: default
Attribute: BYODRegistration value: unknown
Attribute: CacheUpdateTime value: 1465417705907
Attribute: Called-Station-ID value:20-3a-07-66-96-20
Attribute: Calling-Station-ID value:a4-5e-60-cf-81-83
Attribute: CreateTime value: 1464896196500
Attribute: DestinationIPAddress value: 10.10.207.156
Attribute: Value DestinationPort: 1812
Attribute value: DetailedInfo: authentication succeed
Attribute value: IP address: 10.10.204.114
Value of the attribute identifier: Device:
Attribute value: device Port: 32772
Attribute: Value Type Device: Device Type #All Types of devices
Attribute: DeviceCompliance value: unknown
Attribute: DeviceRegistrationStatus value: NotRegistered
Attribute: value:A4-5E-60-CF-81-83 EndPointMACAddress
Attribute: EndPointPolicy value: Cisco-switch
Attribute value: EndPointPolicyID: 4afc4ae0-6d8e-11e5-978e-005056bf2f0a
Attribute: EndPointProfilerServer value: ise-2
Attribute: EndPointSource value: RADIUS probe
Attribute: FailureReason value: 5440 abandoned Endpoint EAP session and began again
Attribute: FirstCollection value: 1464896196418
Attribute: value Framed-IP-Address:
Attribute: value Framed-IPv6-Address:
Attribute: IdentityAccessRestricted value: false
Attribute value: IdentityGroup: profile
Attribute value: IdentityGroupID: b132c920-6d8d-11e5-978e-005056bf2f0a
Attribute: IsThirdPartyDeviceFlow value: false
Attribute: LastActivity value: 1465417705904
Attribute: LastNmapScanTime value: 1465245395228
Attribute: value: a place #All locations
Attribute: LogicalProfile value: infrastructure network devices
Attribute: MACAddress value: A4:5E:60:CF:81:83
Attribute value: MDMServerID:
Attribute: MatchedPolicy value: Cisco-switch
Attribute value: MatchedPolicyID: 4afc4ae0-6d8e-11e5-978e-005056bf2f0a
Attribute: Value MessageCode: 5440
Attribute: NAS-IP-address value: 10.10.204.114
Attribute: NAS-identifier value: WLC-3
Attribute: NAS-Port value: 1
Attribute: NAS-Port-Type value: Wireless - IEEE 802.11
Attribute value: Network Device Profile: Cisco
Attribute: NetworkDeviceGroups value: location #All locations, Types of devices Device Type #All
Attribute: NetworkDeviceName value: WLC-3
Attribute value: NetworkDeviceProfileId: 8ade1f15-aef1-4a9a-8158-d02e835179db
Attribute: NetworkDeviceProfileName value: Cisco
Attribute: NmapScanCount value: 1
Attribute: NmapSubnetScanID value: 0
Attribute: YES value: Apple, Inc.
Attribute value: PhoneID:
Attribute: PolicyVersion value: 32
Attribute value: PortalUser:
Attribute: PostureApplicable value: Yes
Attribute: PostureAssessmentStatus value: NotApplicable
Attribute value: PostureExpiry:
Attribute: PostureStatus value: unknown
Attribute: RadiusFlowType value: Wireless802_1x
Attribute: RadiusPacketType value: AccessRequest
Attribute: RegistrationTimeStamp value: 0
Attribute value: response: {RadiusPacketType = drop ;}
Attribute: SSID value:20-3a-07-66-96-20
Attribute: SelectedAccessService value: lack of access to the network
Attribute value: SelectedAuthenticationIdentityStores: the internal users, ise-2, All_AD_Join_Points
Attribute: SelectedAuthorizationProfiles value: DenyAccess
Attribute: Service-Type value: box
Attribute: StaticAssignment value: false
Attribute: StaticGroupAssignment value: false
Attribute: StepData value: 4 = standardized Radius.RadiusFlowType, 5 = EAP_Chaining_Wireless
Attribute value: TLSCipher: ECDHE-RSA-AES256-SHA
Attribute: TLSVersion value: TLSv1
Attribute: TimeToProfile value: 44
Factor of certainty attribute value: Total: 30
Attribute value: UniqueSubjectID:
Attribute: UpdateTime value: 1465245396597
Attribute: allowEasyWiredSession value: false
Attribute: Host-name value:
Value of the attribute: ip:
Attribute: value operating system switch: Cisco Nexus 7000 (NX - OS 4.2.6) (99% accuracy)
Attribute: result of operating-system value: Cisco Nexus 7000 switch (NX - OS 4.2.6) (99% accuracy)
Attribute: SkipProfiling value: falseYes you must add the ISE server in your help-dhcp (dhcp relay) in order to obtain information about the DHCP request to profile correctly the devices.
Even after setting correctly ISE in your DHCP relay, you aren't able to profile?
-
need to run windows in safe mode with network to have browserws working properly. using IE and Firefox. Web site fisting comes in following correctly sites just waiting for the website tab help
If it works in Windows safe mode, then you have a problem with other software, maybe a security software or a system driver that runs on your computer.
It is possible that your security (firewall, antivirus) software blocks or limit Firefox or the process of plugin-container without you inform, possibly after the detection of changes (update) for the Firefox program.
Delete all rules for Firefox and the plugin-container in the permissions list in the firewall and leave your firewall again ask permission to get full unlimited access to the internet for Firefox and the plugin-container and the update process.
See:
-
I have a laptop to this computer. I lost the internet connection after taking in another room & change a connection network, or something else, accidetally. I: need to know the name of my prefrred network.
Try a system restore to a Date before the problem began:
Restore point:
http://www.howtogeek.com/HOWTO/Windows-Vista/using-Windows-Vista-system-restore/
Do Safe Mode system restore, if it is impossible to do in Normal Mode.
Try typing F8 at startup and in the list of Boot selections, select Mode safe using ARROW top to go there > and then press ENTER.
Try a restore of the system once, to choose a Restore Point prior to your problem...
Click Start > programs > Accessories > system tools > system restore > choose another time > next > etc.
http://www.windowsvistauserguide.com/system_restore.htm
Read the above for a very good graph shows how backward more than 5 days in the System Restore Points by checking the correct box.
See you soon.
Mick Murphy - Microsoft partner
-
What book to review Cisco Secure Virtual Private Networks?
Hello
I want to prepare for the Cisco Secure Virtual Private Networks (642-511) exam.
Can someone tell me what is the book of CiscoPress recommended to pass this test?
Thank you.
Hello
Well, Cisco offers a good game that allow you to a tour of the fast configuration of the VPN 3000 Concentrator, logon to:
Cisco certifications-> games community-> Cisco Secure volunteer
Sound of running a tour so that your actions are limited, but this will give you an overview of GUI.
I hope this will help
Maybe you are looking for
-
the settings does not appear on my iphone 5, it has already been
Settings does not appear on my phone, it has already been
-
How to upgrade Safari is a Web browser supported?
How to upgrade Safari is a Web browser supported? My main browser is Yahoo. After the update to my OS X 10.6.3 to 10.6.8 I tried to access my email through Yahoo. Before the upgrade, my Yahoo mail had to be basic messaging. I was hoping once I upgrad
-
HP Pavilion DV7 Wont turn on.
Sorry if this is the wrong place for this post, I'm in a hurry. My laptop does not light, whenever I press the power button all the lights come on for about a second, I have here the fans turn on and then it turns off. When I plug in the charger the
-
Image filter is not applied during playback of AVI file
I've written a VI that read images from a camera Camera Link, filtered them (edge detection applied) and displays them. This works well. I then wrote a VI that plays back images in the same unit and it records in an AVI file. This works well. I the
-
The Pixma iP8720 print on paper of lb 61 230 g /?
Can Pixma iP8720 printer power supply & print paper 8.5 x 11 230gsm/61 lbs without rejection or interference? Use this paper for photo printing photo soft cover on an Epson WF 30 book covers. I need a printer better, and I am committed to buy this Ca