06-12-2006 02:03 AM
Hello,
All switch in Ciscoworks use TACACS+ authentication with username and passcode (RSA SecurID).
I have configure the switch to used RCP but vlan database failed to fetch.
Below the configuration used:
aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication login console local
enable password xxxxxxxxxxxxxxxxxxxxxx
!
username Manager privilege 15 password xxxxxxxxxxxxxxxxxxxxxx
username cwuser password xxxxxxxxxxxxxxxxxxxxxxxx
clock timezone UTC+1 1
clock summer-time UTC+1 recurring last Sun Mar 2:00 last Sun Oct 3:00
ip subnet-zero
ip rcmd rcp-enable
ip rcmd remote-host cwuser 40.206.50.115 cwuser enable
ip rcmd remote-username cwuser
When I Synchronize the configuration I cannot get the VLAN database ? Why ?
Is RCP not good configure ?
How can I used Ciscoworks successfull with TACACAS+ and PASSCODE to used RME correctly ? (Netconfig; config-editor; etc...)
Can you help me please about TACACS+ ?
How can I configure Telnet for Ciscoworks wihtout use TACACS+ ?
Any answer about this ?
Thanks
Herv?
06-12-2006 02:49 AM
I recall something that said that ciscoworks dynamicly creates a rcp username an password.
Is it mentioned anywhere that you should configure this rcp stuff?
Cheers
Michel
06-12-2006 04:16 AM
Your RCP configuration looks fine.
What version of RME are you running? What type of device is this?
RME will not work if you are using SecurID or a random token. It needs to be a standard password entered into the credentials.
You can configure telnet on the device to work with RME, but if you have AAA then it will look at AAA for authentication.
06-12-2006 07:20 AM
RME Version is 4.0.4.
Device Type is: WS-C2950-24
06-12-2006 07:58 AM
Do you see a vlan.dat on the switch itself if you view the output of show flash: ?
06-12-2006 09:17 AM
When I check the flash with: show flash, i see vlan.dat file
06-12-2006 09:33 AM
vlan.dat is handled differently from the standard configuration. For vlan.dat fetching to work, RME must be able to login interactively to the switch (i.e. either using telnet or SSH). From there, RME will issue a copy flash:vlan.dat tftp: from the switch's command line.
As for PASSCODE support in TACACS+, if you mean the PASSCODE: prompt, this is a supported prompt in RME 4.0.4. However, if you need custom prompt support, you can edit NMSROOT/objects/cmf/data/TacacsPrompts.ini, and add your customer username and password prompts there.
If, however, you're referring to SecureID support, this can only work using the job-based password feature of RME. You will not be able to schedule automated recurring jobs that make use of this feature.
As for configuring a device not to use TACACS+, just remove "aaa new-model" and configure a password under "line vty 0 15" (or "line vty 0 4") as well as an enable and/or enable secret password (enable secret password is more secure). This information is described in more detail in the various configuration guides for IOS.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: