Many times I came across one issue… how to grant access to CLI (Command Line Interface) on Cisco devices without creating separate username and password for each user on each device? In order to resolve that I did use AAA features of Cisco IOS and built-in Windows Server 2008 R2 component – NPS (Network Policy Server).

Those two mixed together can create very nice environment which allows flexible management who, when and how can access network devices. Same time, Active Directory will be central place to grant or deny access to devices as well as enforce specific privilege level.

Below is simple diagram of the whole process and steps which take place when accessing Cisco device integrated with NPS/RADIUS.

(more…)

Recently submitted to BlackBerry AppWorld new application. This time small app which allows to decrypt enc_GroupPwd parameter from Cisco VPN Profile (PCF file).

Awaiting for application approval.. once approved I will add button with link to BlackBerry AppWorld store.

New application will be available for free 🙂

UPDATE: Unfortunatelly application has not been approved to be published in AppWorld without any reasonable explanation.

(more…)

Another small app written in Adobe Flex. This time to decrypt passwords stored in Cisco VPN PCF file. Just simply copy enc_GroupPwd or enc_UserPassword to decryptor and click Decrypt button 🙂

Using this small app you can decode:

• enc_GroupPwd – VPN group password from PCF file
• enc_UserPassword – VPN user password from PCF file

For that small webapp to work Adobe Flash Player is required.

(more…)

Finally it happened that I commited my first application for BlackBerry PlayBook. Application I’ve created decodes Type 7 password which is stored in Cisco devices configuration. It is not complicated application and has splash screen and one application screen, but it does what I expected this piece of software to do 🙂

Using this small app you can decode:

• wireless keys fro Cisco access points,
• RADIUS/TACACS shared secrets
• NTP authentication keys
• Enable passwords (NOT enable secrets, which are stored using MD5).

I hope to develop this application and add some more decryption abilities for Cisco devices (like group password from PCF file for example).

Here are screenshots of my first app 🙂

(more…)

As the effect of my attempts to produce some small applications in Adobe Flex, I commited decryptor for type 7 passwords stored on Cisco devices.

Using this small app you can decode:

• wireless keys fro Cisco access points,
• RADIUS/TACACS shared secrets
• NTP authentication keys
• Enable passwords (NOT enable secrets, which are stored using MD5).

(more…)

So, I’m doing my first attempts to write some simple apps in Adobe Flex using Flash Builder 4.6. One of funny things I came across was how to generate open file dialog windows and get name of the file which user picked from dialog windows. I guess still have to get used to specific way Flex applications are developed.

Here is quick code snippet of the tiny application which allows to open file dialog box and pick file. File dialog window will be OS specific.

(more…)

So, finally I got 6 brand new Cisco 1142n wireless access points. They all are lightweight access points, which means that more less Wireless Controller is required to get them to work. Unfortunatelly due to many circumstances I have purchase of Wireless Controller delayed, so for now have to turn all of those into autonomus wireless devices. That means that IOS has to be replaced on those devices to allow 1142n be fully configured.

• Original software which came on devices was: c1140-rcvk9w8-mx.
• New software I had to deploy on all of them to make them autonomus is: c1140-k9w7-tar.124-25d.JA1.

But how the whole process happenes? Here are all steps I took to make lightweight AP become autonomus wireless access point:

(more…)

When I got cisco 881w first time it was interesting experience. This device presented new concept which was different to model I knew so far, which is 871w. In 881w router module and wireless module are separated. With that being said, router configuration and access point configuration is separated as well. Also, each module (router and access point) has own IOS:

• c880data-universalk9-mz.152-1.T1 – router IOS
• ap801-k9w7-mx.124-21a.JA1 – access point IOS

As usual, first I connected device to console cable and attempted to configure it. Not being familiar with new concept it was a bit of a failure 🙂 So, eventually had to refer to documentation to find out what’s going on. Problem which came up was, how to access wireless module to configure it or even check if it’s there 🙂

So, finally after I did apply reading ability and spent few minutes with Cisco documentation I was able to access wireless module and configure it to provide wireless services in the air. Here is how that happend:

(more…)

Recently was migrating RADIUS server on Windows from one machien to another. Once new serer was ready had to reconfigure Cisco router to authenticate remote users against new RADIUS. After pointing Cisco to new RADIUS machine made a quick test to check if router can authenticate without any issues. Here is how ot do it quickly:

(more…)

Recently I was wondering how to list all available drives in Windows 7 PE Command Prompt. That happened to me when stuck in PXE boot command prompt window trying to find out what letter is assigned to USB stick I just plugged in. It looks like it’s not quite straightforward activity 🙂

(more…)