Archief voor januari 2009

24
Jan
09

One-time passwords on Cisco routers

Door glazenbakje Leave a Comment
Categorieën : Cisco, Inter-networking ( Routers ) en Zonder categorie
Tags: , , , ,

One-time passwords on Cisco routers

Cisco routers preconfigured for SDM have default username/password cisco/cisco. As many users forget to disable or change the default username after configuring their router with SDM, they could end up with an exposed router.

Cisco has patched this vulnerability in IOS release 12.4(11)T that includes the one-time password/secret option of the username command, allowing you to define a username/password combination that can be used only once.
For example, the username cisco one-time secret cisco would define the default username that can be used only for single access to the router. After the first login, the username disappears from the running configuration and thus cannot be reused.

There are, however, two caveats associated with this feature:

* If you log into the router using any other username, the one-time username remains valid (it’s not removed on the first successful login to the box, which would make more sense in the SDM context);
* The one-time username is removed only from the running configuration, if you don’t save the new configuration to the NVRAM, the username will reappear after the router reload.

18
Jan
09

Your Cisco Router as DHCP / DNS Server

Door glazenbakje Leave a Comment
Categorieën : Cisco en Inter-networking ( Routers )
Tags: , , , ,

If you want to use your router as a DHCP server. Than should you do the following thing.

no ip dhcp use vrf connected
ip dhcp excluded-address 1
!
ip dhcp pool CLIENT
import all
network
default-router
dns-server
domain-name .local
lease 32
!
ip domain name .local
ip domain-lookup
ip name-server 208.67.222.222 ( or your provider dns addresses )
ip name-server 208.67.220.220 ( or your provider dns addresses )
!
ip inspect name dns
!
ip dns server

End result could be done with a ping.
example i did a ping to www.google.com

Banaan-877#ping www.google.com
Translating “www.google.com”…domain server (208.67.222.222)

Translating “www.google.com”…domain server (208.67.222.222) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 208.69.34.231, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/26/28 ms

Blog Stats

  • 14,563 hits

Categories