More IOS help please!

[GobBluth]

Took a new job as a NA/SA only to find out that they want me to do most of the core networking. Short story long, it has been years (since the 3650s were the big thing) since I've done IOS anything. The previous infrastructure guy was fired and I have 20 switches I have to change passwords on. So far I've done this.

>enable
#conf term
#enable password ******
#line console 0 (also did line vty 0 4 here)
#login
#password *******

Am I forgetting anything? I need to make sure the ex-employee can't access this switch via telnet or ssh.

Thanks,

GB

[drebo]

Better to use local database auth and secrets:

username admin priv 15 secret *****
crypto key generate rsa general-keys mod 2048
enable secret *****
line con 0
login local
line vty 0 15
transport input ssh
login local

Then, when you connected via console or ssh, you'd be prompted for both username and password.

[imagoon]

Normally you change the admin / enable and then "no username OldAdmin..."

[GobBluth]

Quote:

Originally Posted by drebo

Better to use local database auth and secrets:

username admin priv 15 secret *****
crypto key generate rsa general-keys mod 2048
enable secret *****
line con 0
login local
line vty 0 15
transport input ssh
login local

Then, when you connected via console or ssh, you'd be prompted for both username and password.

TY. Exactly what I was looking for. cheers!

[GobBluth]

Hey guys,

So, here is today's situation. Google is failing me this morning.

I'm looking for the physical location of a wireless AP in my hospital. I'm con'd into the switch and ping'd the AP. I ran trace route and just get empty hops.

Rather then consoling into every switch and using sh cdp neighbor is there any other method I can use to locate what switch/port this AP is on?


Cheers!

GB

[GobBluth]

Wrong forum, I know, but I need a quick response.


I'm looking for the physical location of a wireless AP in my hospital. I'm con'd into the switch and ping'd the AP. I ran trace route and just got empty hops.

Rather then consoling into every switch and using sh cdp neighbor is there any other method I can use to locate what switch/port this AP is on?


Cheers!

GB

FYI: I'm a IOS noob so try and keep the flames to a minimum folks, thanks.

[HN]

Classic bash.org

Quote:

#5273 +(30077)- [X]
<erno> hm. I've lost a machine.. literally _lost_. it responds to ping, it works completely, I just can't figure out where in my apartment it is.

[jlazzaro]

not really...instead of looking at random switches for CDP neighborships, searching based on the MAC address should be more methodical and narrow. from your core switch, ping the AP then find the MAC address of the AP in your arp table. then look in the MAC address table for the outgoing interface and trace it down to the access switch.

core-switch# sho arp | i <ip address of AP>
core-switch# show mac address-table address abcd.efgh.ijkl

use CDP neighborship to find the switch connected to that trunk and run the same command until you find the access layer port.

there are tools out there that will do this "scouring" for you, but I can't recommend any free solutions.

[spidey07]

Solar winds or what's UP gold should be able to do it. If they are controller based the CDP neighbor information is on the controller.

Also, you should be able to telnet into the AP and find CDP neighbor

[gsaldivar]

Take your phone into the switching room and just make note of which spots are empty or occupied (whichever is the smaller number is faster). For this purpose, in large server rooms I will just take a few seconds of video of the activity lights with my smartphone. Then go unplug the mystery device from the LAN and go back into the server room and look for the single activity light that has changed. Even with hundreds of ports, this shouldn't take more than a few minutes. Good luck!

[GobBluth]

Quote:

Originally Posted by jlazzaro

not really...instead of looking at random switches for CDP neighborships, searching based on the MAC address should be more methodical and narrow. from your core switch, ping the AP then find the MAC address of the AP in your arp table. then look in the MAC address table for the outgoing interface and trace it down to the access switch.

core-switch# sho arp | i <ip address of AP>
core-switch# show mac address-table address abcd.efgh.ijkl

use CDP neighborship to find the switch connected to that trunk and run the same command until you find the access layer port.

there are tools out there that will do this "scouring" for you, but I can't recommend any free solutions.

Thanks, this is the method I wound up using. I was doing it from a border switch at first rather then the core. I'm trying to bring Solarwinds/OpenView/Cisco Works solution online here so we don't have to deal with this kind of anything.

It was a tedious process but I found all of the APs I was looking for. Thanks again!!

[amdTJL0]

Quote:

Originally Posted by GobBluth

Thanks, this is the method I wound up using. I was doing it from a border switch at first rather then the core. I'm trying to bring Solarwinds/OpenView/Cisco Works solution online here so we don't have to deal with this kind of anything.

It was a tedious process but I found all of the APs I was looking for. Thanks again!!

I just brought up our LMS server and while it was kind of a pain it has helped us so much. Glad you found it