Go Back   AnandTech Forums > Hardware and Technology > Networking

Forums
· Hardware and Technology
· CPUs and Overclocking
· Motherboards
· Video Cards and Graphics
· Memory and Storage
· Power Supplies
· Cases & Cooling
· SFF, Notebooks, Pre-Built/Barebones PCs
· Networking
· Peripherals
· General Hardware
· Highly Technical
· Computer Help
· Home Theater PCs
· Consumer Electronics
· Digital and Video Cameras
· Mobile Devices & Gadgets
· Audio/Video & Home Theater
· Software
· Software for Windows
· All Things Apple
· *nix Software
· Operating Systems
· Programming
· PC Gaming
· Console Gaming
· Distributed Computing
· Security
· Social
· Off Topic
· Politics and News
· Discussion Club
· Love and Relationships
· The Garage
· Health and Fitness
· Merchandise and Shopping
· For Sale/Trade
· Hot Deals
· Free Stuff
· Contests and Sweepstakes
· Black Friday 2013
· Forum Issues
· Technical Forum Issues
· Personal Forum Issues
· Suggestion Box
· Moderator Resources
· Moderator Discussions
   

Reply
 
Thread Tools
Old 11-29-2012, 01:07 PM   #1
GobBluth
Senior Member
 
GobBluth's Avatar
 
Join Date: Sep 2012
Posts: 372
Default IOS NOOB!!! Help please...

Took a new job as a NA/SA only to find out that they want me to do most of the core networking. Short story long, it has been years (since the 3650s were the big thing) since I've done IOS anything. The previous infrastructure guy was fired and I have 20 switches I have to change passwords on. So far I've done this.

>enable
#conf term
#enable password ******
#line console 0 (also did line vty 0 4 here)
#login
#password *******

Am I forgetting anything? I need to make sure the ex-employee can't access this switch via telnet or ssh.

Thanks,

GB
__________________
"The last time a Russian hit a Brother that hard,
Ivan Drago killed Apollo Creed!" Fedor v. Rogers
GobBluth is offline   Reply With Quote
Old 11-29-2012, 01:18 PM   #2
drebo
Diamond Member
 
Join Date: Feb 2006
Posts: 6,456
Default

Better to use local database auth and secrets:

username admin priv 15 secret *****
crypto key generate rsa general-keys mod 2048
enable secret *****
line con 0
login local
line vty 0 15
transport input ssh
login local

Then, when you connected via console or ssh, you'd be prompted for both username and password.
__________________
"All men are not created equal, and if you believe they are, there's something seriously wrong with you. Some men are destined for greatness. Most aren't. End of story." - Jose Canseco
drebo is offline   Reply With Quote
Old 11-29-2012, 01:23 PM   #3
imagoon
Diamond Member
 
imagoon's Avatar
 
Join Date: Feb 2003
Location: Chicagoland, IL
Posts: 4,494
Default

Normally you change the admin / enable and then "no username OldAdmin..."
imagoon is online now   Reply With Quote
Old 11-29-2012, 01:27 PM   #4
GobBluth
Senior Member
 
GobBluth's Avatar
 
Join Date: Sep 2012
Posts: 372
Default

Quote:
Originally Posted by drebo View Post
Better to use local database auth and secrets:

username admin priv 15 secret *****
crypto key generate rsa general-keys mod 2048
enable secret *****
line con 0
login local
line vty 0 15
transport input ssh
login local

Then, when you connected via console or ssh, you'd be prompted for both username and password.
TY. Exactly what I was looking for. cheers!
__________________
"The last time a Russian hit a Brother that hard,
Ivan Drago killed Apollo Creed!" Fedor v. Rogers
GobBluth is offline   Reply With Quote
Old 11-30-2012, 10:45 AM   #5
GobBluth
Senior Member
 
GobBluth's Avatar
 
Join Date: Sep 2012
Posts: 372
Default More IOS help please!

Hey guys,

So, here is today's situation. Google is failing me this morning.

I'm looking for the physical location of a wireless AP in my hospital. I'm con'd into the switch and ping'd the AP. I ran trace route and just get empty hops.

Rather then consoling into every switch and using sh cdp neighbor is there any other method I can use to locate what switch/port this AP is on?


Cheers!

GB
__________________
"The last time a Russian hit a Brother that hard,
Ivan Drago killed Apollo Creed!" Fedor v. Rogers
GobBluth is offline   Reply With Quote
Old 11-30-2012, 11:12 AM   #6
GobBluth
Senior Member
 
GobBluth's Avatar
 
Join Date: Sep 2012
Posts: 372
Default IOS help please!!

Wrong forum, I know, but I need a quick response.


I'm looking for the physical location of a wireless AP in my hospital. I'm con'd into the switch and ping'd the AP. I ran trace route and just got empty hops.

Rather then consoling into every switch and using sh cdp neighbor is there any other method I can use to locate what switch/port this AP is on?


Cheers!

GB

FYI: I'm a IOS noob so try and keep the flames to a minimum folks, thanks.
__________________
"The last time a Russian hit a Brother that hard,
Ivan Drago killed Apollo Creed!" Fedor v. Rogers

Last edited by allisolm; 11-30-2012 at 11:37 AM. Reason: moved from OT
GobBluth is offline   Reply With Quote
Old 11-30-2012, 11:17 AM   #7
HN
Diamond Member
 
Join Date: Jan 2001
Posts: 7,130
Default

Classic bash.org

Quote:
#5273 +(30077)- [X]
<erno> hm. I've lost a machine.. literally _lost_. it responds to ping, it works completely, I just can't figure out where in my apartment it is.
HN is offline   Reply With Quote
Old 11-30-2012, 11:21 AM   #8
jlazzaro
Golden Member
 
jlazzaro's Avatar
 
Join Date: May 2004
Location: MD
Posts: 1,741
Default

not really...instead of looking at random switches for CDP neighborships, searching based on the MAC address should be more methodical and narrow. from your core switch, ping the AP then find the MAC address of the AP in your arp table. then look in the MAC address table for the outgoing interface and trace it down to the access switch.

core-switch# sho arp | i <ip address of AP>
core-switch# show mac address-table address abcd.efgh.ijkl

use CDP neighborship to find the switch connected to that trunk and run the same command until you find the access layer port.

there are tools out there that will do this "scouring" for you, but I can't recommend any free solutions.
__________________
"There is nothing constant in this world but inconsistency."

Main Rig
Intel i7 930 @ 4.0GHz | eVGA X58 E758 | OCZ Platinum 12GB | Gigabyte GTX 670
CM 690 II Advanced | Corsair 850HX | Intel X25-M SSD + 3x1TB R5 | W7 64 Pro

Last edited by jlazzaro; 11-30-2012 at 11:31 AM.
jlazzaro is offline   Reply With Quote
Old 11-30-2012, 01:09 PM   #9
spidey07
No Lifer
 
spidey07's Avatar
 
Join Date: Aug 2000
Posts: 65,361
Default

Solar winds or what's UP gold should be able to do it. If they are controller based the CDP neighbor information is on the controller.

Also, you should be able to telnet into the AP and find CDP neighbor
__________________
___
(\__/)
(='.'=)
(")_(")
spidey07 is offline   Reply With Quote
Old 11-30-2012, 01:28 PM   #10
gsaldivar
Diamond Member
 
gsaldivar's Avatar
 
Join Date: Apr 2001
Posts: 8,629
Default

Take your phone into the switching room and just make note of which spots are empty or occupied (whichever is the smaller number is faster). For this purpose, in large server rooms I will just take a few seconds of video of the activity lights with my smartphone. Then go unplug the mystery device from the LAN and go back into the server room and look for the single activity light that has changed. Even with hundreds of ports, this shouldn't take more than a few minutes. Good luck!
__________________
150,000 people are imprisoned in North Korea's brutal prison camps. From birth to death, entire generations are kept in absolute misery behind an electric fence. Please take a few minutes of your day to hear their story, and use your own voice to speak out for those who don't have one.

Last edited by gsaldivar; 11-30-2012 at 02:51 PM.
gsaldivar is offline   Reply With Quote
Old 11-30-2012, 04:01 PM   #11
GobBluth
Senior Member
 
GobBluth's Avatar
 
Join Date: Sep 2012
Posts: 372
Default

Quote:
Originally Posted by jlazzaro View Post
not really...instead of looking at random switches for CDP neighborships, searching based on the MAC address should be more methodical and narrow. from your core switch, ping the AP then find the MAC address of the AP in your arp table. then look in the MAC address table for the outgoing interface and trace it down to the access switch.

core-switch# sho arp | i <ip address of AP>
core-switch# show mac address-table address abcd.efgh.ijkl

use CDP neighborship to find the switch connected to that trunk and run the same command until you find the access layer port.

there are tools out there that will do this "scouring" for you, but I can't recommend any free solutions.
Thanks, this is the method I wound up using. I was doing it from a border switch at first rather then the core. I'm trying to bring Solarwinds/OpenView/Cisco Works solution online here so we don't have to deal with this kind of anything.

It was a tedious process but I found all of the APs I was looking for. Thanks again!!
__________________
"The last time a Russian hit a Brother that hard,
Ivan Drago killed Apollo Creed!" Fedor v. Rogers
GobBluth is offline   Reply With Quote
Old 11-30-2012, 05:07 PM   #12
amdTJL0
Member
 
amdTJL0's Avatar
 
Join Date: Dec 2006
Location: Hampton, VA
Posts: 40
Default

Quote:
Originally Posted by GobBluth View Post
Thanks, this is the method I wound up using. I was doing it from a border switch at first rather then the core. I'm trying to bring Solarwinds/OpenView/Cisco Works solution online here so we don't have to deal with this kind of anything.

It was a tedious process but I found all of the APs I was looking for. Thanks again!!
I just brought up our LMS server and while it was kind of a pain it has helped us so much. Glad you found it
amdTJL0 is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 09:14 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.