Cisco – Cracking and Decrypting Passwords (Type 7 and Type 5)
KB ID 0000940 Problem Decrypt Type 7 Cisco Passwords The Internet is full of sites that have something like the tool below, tap your ‘encrypted’ password in and it will reveal the Cisco password. Input Type 7 Obfuscated Password: Output Plain Text Password: As you can see I’ve specifically written ‘obfuscated’ above, because the password isn’t actually encrypted at all. All that happens is the...
Securing Network Device Access With Cisco ACS (and Active Directory)
KB ID 0000942 Problem For network identification I have tended to use RADIUS (in a Windows NPS or IAS flavour), in the past. I turned my back on Cisco TACACS+ back in my ‘Studying for CCNA’ days, because back then it was clunky and awful. I have a client that will be installing ACS in the near future, so I thought I would take a look at it again, and was surprised at how much more polished it is. As Cisco plans to roll ACS...
Cisco IOS – Enrolling for Certificates with NDES
KB ID 0000948 Problem To get your Cisco Router or Switch to enroll, and obtain a certificate from a Windows Server running NDES, this is the procedure you need to follow. Solution When dealing with certificates, it’s important that your device is maintaining the correct time. You can set this manually, but I’d recommend setting up NTP. Setting IOS Time (Manually and via NTP) 1. Choose either of the options below, (as...
Cisco IOS – Return an Interface to Default (Remove all Settings)
KB ID 0001010 Problem The configuration for a particular interface can get quite long, you could go to interface configuration mode, and prefix all the commands with a ‘no’. But this can be a bit repetitive and time consuming. Solution To remove the configuration for interfaces use the ‘default’ command. for example take a look at the following config for FastEthernet1/0/5. Petes-Switch>enable...
Cisco CDA (Context Directory Agent) – Applying Patches
KB ID 0001024 Problem Having a button that you could upload patches from, that would crazy eh? Cheers Cisco! I deployed a CDA appliance recently, and it needs (eventually) to be able to talk to Cisco ISE so I knew it had to be up to patch 2. At time of writing we are at patch 4, so I thought I’d put them all on. I don’t know if the patches are cumulative, and patch 3 looks a little smaller than patch 2 so I thought I...