Many times I came across one issue… how to grant access to CLI (Command Line Interface) on Cisco devices without creating separate username and password for each user on each device? In order to resolve that I did use AAA features of Cisco IOS and built-in Windows Server 2008 R2 component – NPS (Network Policy Server).

Those two mixed together can create very nice environment which allows flexible management who, when and how can access network devices. Same time, Active Directory will be central place to grant or deny access to devices as well as enforce specific privilege level.

Below is simple diagram of the whole process and steps which take place when accessing Cisco device integrated with NPS/RADIUS.

(more…)

Another small app written in Adobe Flex. This time to decrypt passwords stored in Cisco VPN PCF file. Just simply copy enc_GroupPwd or enc_UserPassword to decryptor and click Decrypt button 🙂

Using this small app you can decode:

• enc_GroupPwd – VPN group password from PCF file
• enc_UserPassword – VPN user password from PCF file

For that small webapp to work Adobe Flash Player is required.

(more…)

As the effect of my attempts to produce some small applications in Adobe Flex, I commited decryptor for type 7 passwords stored on Cisco devices.

Using this small app you can decode:

• wireless keys fro Cisco access points,
• RADIUS/TACACS shared secrets
• NTP authentication keys
• Enable passwords (NOT enable secrets, which are stored using MD5).

(more…)

So, finally I got 6 brand new Cisco 1142n wireless access points. They all are lightweight access points, which means that more less Wireless Controller is required to get them to work. Unfortunatelly due to many circumstances I have purchase of Wireless Controller delayed, so for now have to turn all of those into autonomus wireless devices. That means that IOS has to be replaced on those devices to allow 1142n be fully configured.

• Original software which came on devices was: c1140-rcvk9w8-mx.
• New software I had to deploy on all of them to make them autonomus is: c1140-k9w7-tar.124-25d.JA1.

But how the whole process happenes? Here are all steps I took to make lightweight AP become autonomus wireless access point:

(more…)

When I got cisco 881w first time it was interesting experience. This device presented new concept which was different to model I knew so far, which is 871w. In 881w router module and wireless module are separated. With that being said, router configuration and access point configuration is separated as well. Also, each module (router and access point) has own IOS:

• c880data-universalk9-mz.152-1.T1 – router IOS
• ap801-k9w7-mx.124-21a.JA1 – access point IOS

As usual, first I connected device to console cable and attempted to configure it. Not being familiar with new concept it was a bit of a failure 🙂 So, eventually had to refer to documentation to find out what’s going on. Problem which came up was, how to access wireless module to configure it or even check if it’s there 🙂

So, finally after I did apply reading ability and spent few minutes with Cisco documentation I was able to access wireless module and configure it to provide wireless services in the air. Here is how that happend:

(more…)