We were dictated to use SSH for vty access to our routers and switches. This is a problem for the CiscoWorks (RME 3.5). I can change my vty access-list from plain IP to extended IP so I can permit telnet from the CiscoWorks box and SSH from all other sources. I have exported my CiscoWorks inventory to a CSV file. Because of the AAA required for SSH, the vty lines must use AAA for access now. Would I put my new telnet password in the Telnet Password field or should I populate the RADIUS username and password in the local user and local password fields?
It all depends on what prompts RME will see when it logs into a device. If it sees a Username: prompt, then you will need to populate either the local username field or the TACACS username field. If RME just sees a Password: prompt, then just put in the correct value in the Telnet password field.
Note: believe it or not, it's better to populate the TACACS username and password fields instead of the local username and password fields as some device types ignore the values in the local fields. Don't worry about using RADIUS instead of TACACS. As I said, RME really only cares about the prompts.
This document gives several answers on frequently asked questions for PFRv3 channel state behavior.
Q1: What are all the channel operational states from a BR (border role) perspective and what are the rules/conditions to be in each st...
The need was to reach an host inside a LAN through a VPN connection managed by the LAN gateway (Cisco 1921).
The LAN gateway performs NAT and there was a dedicate nat rule for the host i wanted to reach through VPN.
I couldn't connect to the hos...