hikingguy

Members
  • Content count

    15
  • Joined

  • Last visited

Community Reputation

0 Neutral

About hikingguy

  • Rank
    Newbie
  1. I'm needing some help understanding the configuration of privilege levels under the vty lines. When I log into the router with the following config, I am placed into priv level 1 (not 12, which is configured under the vty lines). From testing I've done, I know that if you don't specifically set the priv level of a user in the local database, it defaults to priv level 1. From other testing I did (on real equipment), I've determined that the priv level associated with a username always overrides the priv level configured under the vty lines. So, my question is, when would the privilege level x command under the vty lines ever be used)??? no aaa new-model username buck password 0 rogers ! line vty 0 4 privilege level 12 Thanks, Andy
  2. I've been playing around with aaa method lists, as well as privilege levels and have a question about the following config. I know by default that the "default" method list is applied to all lines and interfaces. With the config below, aaa is enabled, but no method list is defined. When I telnet to the router that has the config shown below, I am prompted for a Username. I enter buck for the username and rogers for the password. I get logged in, but I'm placed at priv level 1 (not 4 as I had expected to be). So, a couple of questions: Since I did not create a default method list (e.g. aaa authentication login default group tacacs+ local enable), why did it default to using the local database? Is there a "default" default method list (a bit redundant, but I hope you know what I mean) that the router will use if one isn't configured? If so, which methods does it try, and in what sequence? For example, does it try tacacs+ first, then local, then enable? Why did I get placed into priv lvl 1, when the username was assigned to priv lvl 4? enable password cisco aaa new-model username buck privilege 4 password 0 rogers ! line vty 0 4 I'm doing my testing using GNS3.
  3. I've spent a lot of time searching on this one. That link explains the basics, but not the answer to my question. There seems to be no explanation as to the difference between hardcoding the MAC, and hardcoding it by entering the MAC after the word STICKY. That's what I'm trying to figure out.
  4. Can someone explain how these two commands are different? switchport port-security mac-address 485b.3943.0a2d switchport port-security mac-address sticky 485b.3943.0a2d Both of these commands put the specified mac into the running config, so I see no real difference between the two.
  5. Hello, I'm studying for the second part of the CCNA exam (ICND2) and need a little help with VPN and IPsec. I really just need to know the basics. I have some info, but I'm looking to fill in some gaps. I was wondering if anyone has a cheatsheet on these two topics (that would be applicable to the ICND2 exam). thanks!
  6. Hello, I'm trying to reinforce my knowledge of ACLs and have been looking for a website with a series of Q&As on ACLs where I could practice my skills. Does anyone know of any such website?
  7. I'm studying to pass the ICND1 (CCENT) exam and according to Cisco's website, SDM is part of that exam. However, on their website, it says "this product is no longer being sold and might not be supported". http://www.cisco.com/en/US/products/sw/secursw/ps5318/ So, I have two questions: Why would Cisco have SDM on this exam if it's no longer supported? Where can I download this software so I can get some experience with it? Thanks,
  8. Can anyone tell me where I can download a copy of Cisco's SDM software? I have a Cisco account, but I can't find it on their website.
  9. I built a Frame Relay lab (using a 3640 router as the frame relay switch) and would like to share them with everyone one, but when I try to upload the .net or .cfg files, I get a message saying You aren't permitted to upload this kind of file. Is there a workaround for this? Thanks, Andy
  10. So, I understand how to configure ssh (I've got it working using GNS3). What I'm not real clear on is what is happening behind the scenes. In particular, where the crypto key comes into play. My understanding is the crypto key is generated from a combination of the domain-name and hostname. How/where is that crypto used in the ssh process? For example, on the remote router names scotland, I have the username set to buck and the password to rogers. Here's the command I'm using from the other router: ssh -l buck 192.168.1.2 When prompted, I enter the password rogers. So, when is that crypto key used?????? Thanks, Andy
  11. Is there any difference at all between the command "ip domain name" and "ip domain-name"? They're both available in packet tracer, and I don't really see a distinction.
  12. Well, I answered my own question. There might be an easier way of doing this, but this will work for sure: Start ZOC Start GNS3 Drag the icons you want to use (in this example, I'm using the c3600 series icons). Right-click each router icon and select "Change console port". I started numbering each one, staring at 2000. You do this step for each of the routers in your lab (e.g. the second router will be port 2001, the next 2002, etc.). Go the ZOC program and select File | Host directory. Click New... In the Title field, enter a name (I used R01 to keep it simple). In Connect to field, enter 127.0.0.1 (this is the loopback address for any IP-enabled device). For port, enter the port you set up for R01 in the GNS3 program (for this example, I entered 2000). Make sure the Device dropdown shows Telnet. For the Emulation dropdown, I'm using VT220. Click OK. Click Save. You should now be back at the main ZOC window. Click on File | Host directory and select the entry you just created (you can either double-click it or highlight it, then click Connect). You should now have access to the router (you may have to enter Enter a couple of times to get the prompt).
  13. Hello, has anyone ever used ZOC within GNS3? I'm wanting to use it because it's an app I'm familiar with, and it allows tabbed sessions. Any advice would be appreciated. Thanks, Andy
  14. Got a question about tunneling (using the following config example). I understand the theory behind it, but I'm a bit confused by when the tunnel is used. What's got me hung up is this: "What traffic will be sent across the tunnel"? In this example, is it saying that any traffic in the subnet 1.1.1.x will be sent across the tunnel? Is it also saying that all traffic for subnet 1.1.1.x will be encapsulated within an IP packet who's source address is 192.168.4.1 (if sent from Router A? Router A: interface Ethernet0/1 ip address 10.2.2.1 255.255.255.0 interface Serial0/0 ip address 192.168.4.1 255.255.255.0 ! interface Tunnel0 ip address 1.1.1.2 255.255.255.0 tunnel source Serial0/0 tunnel destination 192.168.4.2 Router B: interface FastEthernet0/1 ip address 10.1.1.1 255.255.255.0 interface Serial0/0 ip address 192.168.4.2 255.255.255.0 ! interface Tunnel0 ip address 1.1.1.1 255.255.255.0 tunnel source Serial0/0tunnel destination 192.168.4.1