How to use Tacacs+ on Cisco ASA for Shell and Web Authentication Assume the Tacacs+ Servers are: Cisco ACS Server 1 10.120.10.11 Cisco ACS Server 2 10.120.10.12 If you have allready configured aaa for the ssh you might see something like Then you must first disable the aaa authentication and than add the new settings. …
Cisco ASA and SMTP
We recently bought so new Firewalls to replace to aged Cisco PIX515e with some new Gear. We decided to use Ciscos new Firewall flagship the Cisco ASA Devices. Everything was fine after the replacement, we transfered the configuration from the old boxes to the new with the help of the Cisco Security Manager. Later that …
Access-based Enumeration (ABE) and Cisco WAAS
Access-based Enumeration (ABE) is a smart feature to let users see only the folders they have access to. But if you have Cisco WAAS deployed in your network please be aware you have to add a Dynamic share to the waas configuration so the waas knows about this. ----- EDIT BEGIN ----- 2010-09-17 We found …
Continue reading "Access-based Enumeration (ABE) and Cisco WAAS"
Cisco MDS 9222i with ACS
If you want to configure tacacs+ on the Cisoc MDS9222i Series you have to enable first the feature. After this the commands to configure the Tacacs+ are available. On the ACS side you have to configure the shell profile with the following role: If you feel this helps a bit or may be not ? …
Cisco WAAS and Tacacs+
How To use Tacacs+ with Cisco WAAS for Authentication. Configuration with the Central Manager Tacacs+ is configured in the Device Context at Configure > Security > AAA > TACACS+ Go to Configure > Security > AAA > Authentication Methods Go to Configure > Security > AAA > Command Authorization On the Accelerator CLI tacacs key …
WAVE-276 and the second Virtuale Blade
So finally with WAAS-4.1.3.55 cames out and you can conifigure a second virtual Blade. Nice;-)
DMVPN with Linux
I know since i discovered the DMVPN in 2004/5 this is a very intelligent combination of IPsec, GRE and NHRP. Many Thanks to the Guys at Cisco, Christoph, Frederick and all other. This week i discovered "opennhrp" on sourceforge. It took me a minute or two to have a VM with debian up and the …
Cisco Visio Icons
Recently i have been asked to hold a presentation about the network design we had developed for our key project. My Company had decided to unify the computing infrastucture and client enviroment for all relateted companies. So i will do a presentation on Cisco WAAS Platform on Tuesday next week, and i needed uptodate visio stencils …
Cisco IOS CLI Modes
 Cisco IOS CLI Modes EXEC Prompt Router> enable Privileged EXEC Prompt Router# configure terminal Gobal Configuration Mode Router(config)# interface FastEthernet0/0  Configuration Modes Interface Configuration Mode Router(config-if)#interface FastEthernet 0/0.1 SubInterface Configuration Mode Router(config-subif)# line console 0 Line Configuration Mode Router(config-line)# Controller Configuration Mode Router(config-controller)# router rip Router Configuration Mode Router(config-router)#end
Packetcapture auf der WAAS
Kürzlich hab ich entdeckt das man auf der WAAS Packete mit schneiden kann. Auf der WAE ist tcpdump installiert, den kann man in der gewohnten weise zum sniffern gebrauchen. # tcpdump -s 0 -w /local1/out.pcap # copy disk ftp a.x.y.z / out.pcap /local1/out.pcap # delfile /local1/out.pcap Der Rest ist dann ganz normale Arbeit für wireshark.
Ich wuste es doch meine Router sind Telephone
So So ich wuste es doch meine Router sind Telephone oder doch nicht. Nach dem wir auf unseren Zentralen DMVPN Routern das 12.4.15T7 IOS Release eingespielt hatten, sahen wir einen massiven Anstieg im Memory duch den CDP Process. Ein Debug der cdp events ergab folgende Log Meldungen: Jan 19 12:12:51.513 UTC: CDP-EV: Lookup for ip …
Continue reading "Ich wuste es doch meine Router sind Telephone"
Patrick Marc's Networks 