SSH and HTTPS use AAA with RADIUS (Network Policy Server Role @ Windows Server 2008 R2).
The device is switching packets correctly and it even replies ping requests. After scanning the IP and I see only port 443 open, but the last technician who upgraded the switch IOS didn't upload the TAR image containing the web UI files, instead he uploaded the just the BIN, so HTTPS is a no-no. SNMP is also working fine (only RO community configured).
While I was trying to figure out what had happened, I found 16 failed login attempts on Windows Event Viewer:
My first guess was that after 16 failed attempts the switch entered some kind of lock down mode for its own protection. I didn't configured the switch to behave like that so I'm guessing it's a by-default behavior (btw, no changes after power-cycling). The thing is, I can't find any default commands regarding the lock down, so I can't know if it will come back by itself or console is mandatory. The switch is 900 miles away from me, so console is always last resort.
About the login attempts, the switch isn't accesible through the public network, so they came from the corporate network. One way to come around with the switch IP address is guessing the name ("sw-xxxxxx.yyyyyyy.zz") and resolving it against the corporate name server *OR* capturing a CDP packet. Curious George tried to login with CISCO, Cisco, cisco, Admin and ADMIN, and, since I haven't configured a syslog server plus a technician power-cycled because of the lock down, I can't know for sure who tried to access the device (yes, I'm now setting up a syslog server, ACLs and that sort of stuff).
This lock down is actually how Cisco IOS behaves by default? Is it possible to disable it?
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.