More IOS help please!

Discussion in 'Networking' started by GobBluth, Nov 29, 2012.

  1. GobBluth

    GobBluth Senior member

    Joined:
    Sep 18, 2012
    Messages:
    494
    Likes Received:
    1
    Took a new job as a NA/SA only to find out that they want me to do most of the core networking. Short story long, it has been years (since the 3650s were the big thing) since I've done IOS anything. The previous infrastructure guy was fired and I have 20 switches I have to change passwords on. So far I've done this.

    >enable
    #conf term
    #enable password ******
    #line console 0 (also did line vty 0 4 here)
    #login
    #password *******

    Am I forgetting anything? I need to make sure the ex-employee can't access this switch via telnet or ssh.

    Thanks,

    GB
     
  2. drebo

    drebo Diamond Member

    Joined:
    Feb 24, 2006
    Messages:
    7,043
    Likes Received:
    0
    Better to use local database auth and secrets:

    username admin priv 15 secret *****
    crypto key generate rsa general-keys mod 2048
    enable secret *****
    line con 0
    login local
    line vty 0 15
    transport input ssh
    login local

    Then, when you connected via console or ssh, you'd be prompted for both username and password.
     
  3. imagoon

    imagoon Diamond Member

    Joined:
    Feb 19, 2003
    Messages:
    5,199
    Likes Received:
    0
    Normally you change the admin / enable and then "no username OldAdmin..."
     
  4. GobBluth

    GobBluth Senior member

    Joined:
    Sep 18, 2012
    Messages:
    494
    Likes Received:
    1
    TY. Exactly what I was looking for. cheers!
     
  5. GobBluth

    GobBluth Senior member

    Joined:
    Sep 18, 2012
    Messages:
    494
    Likes Received:
    1
    Hey guys,

    So, here is today's situation. Google is failing me this morning.

    I'm looking for the physical location of a wireless AP in my hospital. I'm con'd into the switch and ping'd the AP. I ran trace route and just get empty hops.

    Rather then consoling into every switch and using sh cdp neighbor is there any other method I can use to locate what switch/port this AP is on?:hmm:


    Cheers!

    GB
     
  6. GobBluth

    GobBluth Senior member

    Joined:
    Sep 18, 2012
    Messages:
    494
    Likes Received:
    1
    Wrong forum, I know, but I need a quick response.


    I'm looking for the physical location of a wireless AP in my hospital. I'm con'd into the switch and ping'd the AP. I ran trace route and just got empty hops.

    Rather then consoling into every switch and using sh cdp neighbor is there any other method I can use to locate what switch/port this AP is on?


    Cheers!

    GB

    FYI: I'm a IOS noob so try and keep the flames to a minimum folks, thanks.
     
    #6 GobBluth, Nov 30, 2012
    Last edited by a moderator: Nov 30, 2012
  7. HN

    HN Diamond Member

    Joined:
    Jan 19, 2001
    Messages:
    8,187
    Likes Received:
    0
    Classic bash.org

     
  8. jlazzaro

    jlazzaro Golden Member

    Joined:
    May 6, 2004
    Messages:
    1,743
    Likes Received:
    0
    not really...instead of looking at random switches for CDP neighborships, searching based on the MAC address should be more methodical and narrow. from your core switch, ping the AP then find the MAC address of the AP in your arp table. then look in the MAC address table for the outgoing interface and trace it down to the access switch.

    core-switch# sho arp | i <ip address of AP>
    core-switch# show mac address-table address abcd.efgh.ijkl

    use CDP neighborship to find the switch connected to that trunk and run the same command until you find the access layer port.

    there are tools out there that will do this "scouring" for you, but I can't recommend any free solutions.
     
    #8 jlazzaro, Nov 30, 2012
    Last edited: Nov 30, 2012
  9. spidey07

    spidey07 No Lifer

    Joined:
    Aug 4, 2000
    Messages:
    65,476
    Likes Received:
    0
    Solar winds or what's UP gold should be able to do it. If they are controller based the CDP neighbor information is on the controller.

    Also, you should be able to telnet into the AP and find CDP neighbor
     
  10. gsaldivar

    gsaldivar Diamond Member

    Joined:
    Apr 30, 2001
    Messages:
    8,691
    Likes Received:
    0
    Take your phone into the switching room and just make note of which spots are empty or occupied (whichever is the smaller number is faster). For this purpose, in large server rooms I will just take a few seconds of video of the activity lights with my smartphone. Then go unplug the mystery device from the LAN and go back into the server room and look for the single activity light that has changed. Even with hundreds of ports, this shouldn't take more than a few minutes. Good luck!
     
    #10 gsaldivar, Nov 30, 2012
    Last edited: Nov 30, 2012
  11. GobBluth

    GobBluth Senior member

    Joined:
    Sep 18, 2012
    Messages:
    494
    Likes Received:
    1
    Thanks, this is the method I wound up using. I was doing it from a border switch at first rather then the core. o_O I'm trying to bring Solarwinds/OpenView/Cisco Works solution online here so we don't have to deal with this kind of anything.

    It was a tedious process but I found all of the APs I was looking for. Thanks again!!
     
  12. amdTJL0

    amdTJL0 Member

    Joined:
    Dec 17, 2006
    Messages:
    40
    Likes Received:
    0
    I just brought up our LMS server and while it was kind of a pain it has helped us so much. Glad you found it