Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
303
Views
0
Helpful
2
Replies

need a help from the Proz

Go to solution
cisco steps
Level 1
Level 1

‎10-20-2008 03:04 PM - edited ‎03-04-2019 12:00 AM

can any one explain Pls, ( line by line if possible ), I figured out that is the only way I can learn @ work. well @ least it will make a sense when I am looking @ the config.. Thanks a Lot

!

aaa group server radius Radius

server x.x.x.x auth-port xxxx acct-port xxxx

server x.x.x.x auth-port xxxx acct-port xxxx

!

aaa authentication login Remote group radius enable

!

clock timezone EST -5

clock summer-time EDST recurring 2 Sun Mar 2:00 1 Sun Nov 2:00

ip subnet-zero

ip routing

!

ip name-server x.x.x.x

!

spanning-tree mode pvst

spanning-tree extend system-id

!

!

interface Loopback0

ip address x.x.x.x 255.255.255.255

!

interface GigabitEthernet0/1

description GI0/1-xx-xx-GI0/1

no switchport

ip address x.x.x.x 255.255.255.128

no ip redirects

ip ospf cost 50

standby 1 ip x.x.x.x

standby 1 preempt

!

!

router ospf 1

router-id x.x.x.x

log-adjacency-changes

passive-interface GigabitEthernet0/3

network 0.0.0.0 255.255.255.255 area x.x.x.x

!

ip classless

no ip http server

ip radius source-interface Loopback0

!

logging source-interface Loopback0

logging x.x.x.x

access-list 99 permit x.x.x.x

access-list 99 permit x.x.x.x x.x.x.x

snmp-server community xx RO 99

radius-server host x.x.x.x auth-port xxx acct-port xxx key x.x.x.x

radius-server retransmit 3

!

!

ntp clock-period xxxxx

ntp server x.x.x.x

!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎10-21-2008 12:23 PM

Hello ocporbust,

let's go on this :

aaa group server radius Radius

server x.x.x.x auth-port xxxx acct-port xxxx

server x.x.x.x auth-port xxxx acct-port xxxx

!

aaa authentication login Remote group radius enable

the last explained in the other post instructs the router to use an authentication method called Remote that uses Radius server group that is defined in the lines above and contains two servers : the first is used if not available the router will contact the second one.

! clock explained in other thread

! usage of first subnet when subnetting

ip subnet-zero

! enable ipv4 routing

ip routing

! define DNS server

ip name-server x.x.x.x

!

! enables STP in mode PVST+

spanning-tree mode pvst

! usage of a modified priority in each Vlan

spanning-tree extend system-id

!

Interface g0/1 is a routed port not a switching port.

standby = HSRP

the ip ospf cost is modified from 1 to 50

an OSPF process is configured

all interfaces are in area x.x.x.x

int gi0/3 cannot build OSPF adjacencies = passive

ip classless

! ip routing will use a default route

! for unknown subnets of net 10/8

Then:

the http server is disabled

packets sent to the radius server(s) use a source = Loop0's ip address

the same for the messages to the syslog

then access-list 99 is defined and used to define the source ip addresses that can send SNMP queries if they use the right community xx but only with read only rights RO.

other radius commands similar to the ones at the beginning

then ntp commands that are used to sync the clock with an external source

Hope to help

Giuseppe

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎10-21-2008 12:23 PM

Hello ocporbust,

let's go on this :

aaa group server radius Radius

server x.x.x.x auth-port xxxx acct-port xxxx

server x.x.x.x auth-port xxxx acct-port xxxx

!

aaa authentication login Remote group radius enable

the last explained in the other post instructs the router to use an authentication method called Remote that uses Radius server group that is defined in the lines above and contains two servers : the first is used if not available the router will contact the second one.

! clock explained in other thread

! usage of first subnet when subnetting

ip subnet-zero

! enable ipv4 routing

ip routing

! define DNS server

ip name-server x.x.x.x

!

! enables STP in mode PVST+

spanning-tree mode pvst

! usage of a modified priority in each Vlan

spanning-tree extend system-id

!

Interface g0/1 is a routed port not a switching port.

standby = HSRP

the ip ospf cost is modified from 1 to 50

an OSPF process is configured

all interfaces are in area x.x.x.x

int gi0/3 cannot build OSPF adjacencies = passive

ip classless

! ip routing will use a default route

! for unknown subnets of net 10/8

Then:

the http server is disabled

packets sent to the radius server(s) use a source = Loop0's ip address

the same for the messages to the syslog

then access-list 99 is defined and used to define the source ip addresses that can send SNMP queries if they use the right community xx but only with read only rights RO.

other radius commands similar to the ones at the beginning

then ntp commands that are used to sync the clock with an external source

Hope to help

Giuseppe

0 Helpful

Go to solution
cisco steps
Level 1
Level 1
In response to Giuseppe Larosa

‎10-23-2008 08:48 AM

Giuseppe

Thanks for taking the time to explain this. I am slow learner , but this help a lot. Thanks

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card