AAA ( Radius vs TACACS+ )

January 23rd, 2015 Comments off

Radius

-Transport : UDP 1645/1646(legacy) or 1812/1813

-Encryption : Credential and services are sent in clear

-Protocol Design : Combines Authen: & Author

-Standardization : Industry Standard

 

TACACS+

-Transport: TCP 49

-Encryption  : Entire body ( credential ). Only  the header is sent in clear

Protocol Design : Separates all AAA function. Support command authorization

-Standardization : Crisco proprietary

Categories: AAA Tags:

how to reset cisco ise setting to default

January 19th, 2015 Comments off
ise/admin# application reset-config ise
Initialize your identity policy database to factory defaults? (y/n): y
Categories: CISCO, ISE Tags:

Installing Certificate in ISE ( v1.2 )

January 3rd, 2015 Comments off

1) Import CA certificate ( Internal ) into ISE

-Download a CA certificate ( Base64 ) > Import it to ISE ( Administration>System>Certificate>Certificate Store )

2)

-Generate Certificate Signing Request ( Administration>System>Certificate>LocalCertificates ) with ( Key Length 2048, Sign With SHA-1 )

-Export from Certificate Signing Requests and copy the contents

3)

On Server, Request a Certificate > Advanced Certificate Request (Base-64) past contents, select the Template as web server

4) Download the Cert and install to ISE’s Local Certificates.

Categories: Certificate, ISE Tags:

Default Credential for Cisco AP 1131/1141

December 28th, 2014 Comments off

Default Login
Login: Cisco
Password: Cisco
Enable password Cisco

http://kasperk.it/cisco/configure-cisco-ap-11311141 Read more…

Categories: AP, CISCO, Network, Wireless Tags:

Routing Protocol Authentication on ASA

December 25th, 2014 Comments off

interface Ethernet0/0
nameif Outside
security-level 0
ip address 192.1.20.10 255.255.255.0
ospf message-digest-key 1 md5 cciesec
ospf authentication message-digest
!
interface Ethernet0/1
nameif Inside
security-level 100
ip address 10.11.11.10 255.255.255.0
authentication key eigrp 100 cciesec key-id 1
authentication mode eigrp 100 md5
!
interface Ethernet0/2
nameif DMZ3
security-level 50
ip address 192.168.3.10 255.255.255.0
rip authentication mode md5
rip authentication key cciesec key_id 1

Categories: ACS, CISCO, Firewall, Network Tags:

The trust relationship between this workstation and the primary domain failed

December 20th, 2014 Comments off

http://ngncore.net/blog/?p=412


 

We power off some servers windows 2008 for more then one month and as we powerd on its started giving error while login in to the domain .”The trust relationship between this workstation and the primary domain failed ”

I got the articles and tested and used one which worked for mehttp://support.microsoft.com/kb/325850

Steps :-1 login local with administrator and password (.\Administrator)

Step :-2 run CMD with Run as Administrator

netdom.exe resetpwd /s:<server> /ud:<user> /pd:*

<server> = a domain controller in the joined domain

< user> = DOMAIN\User format with rights to change the computer password

For Example :- My Domain name :- DC.gkhan.in Username gkhanadmin

>netdom.exe resetpwd /s:DC.gkhan.in /ud:gkhan\gkhanadmin /pd:*

Step :-3 Reboot the machine

So I added this article for me to remmember for the next time .

Categories: AD, Microsoft, Windows Server Tags:

shrink vmdk in esxcli

December 1st, 2014 Comments off

Shutdown VM

vmkfstools -K /vmfs/volumes/volumename/vmname/vmname.vmdk

Categories: 5.x, esxcli, Esxi, VMware Tags:

How to enable traffic logs in Juniper SRX

November 9th, 2014 Comments off

KB19490

root@srx#set security log mode event
root@srx#commit

OR

Logon to the GUI/J-web, go to Monitor > Events and alarms > Security events, and click Create log configuration: Read more…

Categories: Juniper, SRX Tags:

Error adding datastores to ESXi resolved using partedUtil in ESXi5.x

September 27th, 2014 Comments off

partedUtil mklabel /dev/disks/<your-identifier> msdos

Categories: 5.x, Esxi, VMware Tags:

Cisco ACS 5.3 with AD Integration

September 2nd, 2014 Comments off

1) DNS point to DC

#ip name-server <your-dc>

2) Check the time zone and Time ( make sure same with DC )

#show clock

#clock timezone Asia/Singapore <— for my case

#nslookup <your-internal-domain>

3) Recommend to use NTP

4) Join AD

Users and Identity Stores > External Identity Stores > Active Directory

5) Configure Access Service

Access Policies > Access Services > Default Device Admin > Identity>Single result selection > Select Your AD.

 

Read more…