Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

need a help from the Proz

can any one explain Pls, ( line by line if possible ), I figured out that is the only way I can learn @ work. well @ least it will make a sense when I am looking @ the config.. Thanks a Lot

!

aaa group server radius Radius

server x.x.x.x auth-port xxxx acct-port xxxx

server x.x.x.x auth-port xxxx acct-port xxxx

!

aaa authentication login Remote group radius enable

!

clock timezone EST -5

clock summer-time EDST recurring 2 Sun Mar 2:00 1 Sun Nov 2:00

ip subnet-zero

ip routing

!

ip name-server x.x.x.x

!

spanning-tree mode pvst

spanning-tree extend system-id

!

!

interface Loopback0

ip address x.x.x.x 255.255.255.255

!

interface GigabitEthernet0/1

description GI0/1-xx-xx-GI0/1

no switchport

ip address x.x.x.x 255.255.255.128

no ip redirects

ip ospf cost 50

standby 1 ip x.x.x.x

standby 1 preempt

!

!

router ospf 1

router-id x.x.x.x

log-adjacency-changes

passive-interface GigabitEthernet0/3

network 0.0.0.0 255.255.255.255 area x.x.x.x

!

ip classless

no ip http server

ip radius source-interface Loopback0

!

logging source-interface Loopback0

logging x.x.x.x

access-list 99 permit x.x.x.x

access-list 99 permit x.x.x.x x.x.x.x

snmp-server community xx RO 99

radius-server host x.x.x.x auth-port xxx acct-port xxx key x.x.x.x

radius-server retransmit 3

!

!

ntp clock-period xxxxx

ntp server x.x.x.x

!

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Re: need a help from the Proz

Hello ocporbust,

let's go on this :

aaa group server radius Radius

server x.x.x.x auth-port xxxx acct-port xxxx

server x.x.x.x auth-port xxxx acct-port xxxx

!

aaa authentication login Remote group radius enable

the last explained in the other post instructs the router to use an authentication method called Remote that uses Radius server group that is defined in the lines above and contains two servers : the first is used if not available the router will contact the second one.

! clock explained in other thread

! usage of first subnet when subnetting

ip subnet-zero

! enable ipv4 routing

ip routing

! define DNS server

ip name-server x.x.x.x

!

! enables STP in mode PVST+

spanning-tree mode pvst

! usage of a modified priority in each Vlan

spanning-tree extend system-id

!

Interface g0/1 is a routed port not a switching port.

standby = HSRP

the ip ospf cost is modified from 1 to 50

an OSPF process is configured

all interfaces are in area x.x.x.x

int gi0/3 cannot build OSPF adjacencies = passive

ip classless

! ip routing will use a default route

! for unknown subnets of net 10/8

Then:

the http server is disabled

packets sent to the radius server(s) use a source = Loop0's ip address

the same for the messages to the syslog

then access-list 99 is defined and used to define the source ip addresses that can send SNMP queries if they use the right community xx but only with read only rights RO.

other radius commands similar to the ones at the beginning

then ntp commands that are used to sync the clock with an external source

Hope to help

Giuseppe

2 REPLIES
Hall of Fame Super Silver

Re: need a help from the Proz

Hello ocporbust,

let's go on this :

aaa group server radius Radius

server x.x.x.x auth-port xxxx acct-port xxxx

server x.x.x.x auth-port xxxx acct-port xxxx

!

aaa authentication login Remote group radius enable

the last explained in the other post instructs the router to use an authentication method called Remote that uses Radius server group that is defined in the lines above and contains two servers : the first is used if not available the router will contact the second one.

! clock explained in other thread

! usage of first subnet when subnetting

ip subnet-zero

! enable ipv4 routing

ip routing

! define DNS server

ip name-server x.x.x.x

!

! enables STP in mode PVST+

spanning-tree mode pvst

! usage of a modified priority in each Vlan

spanning-tree extend system-id

!

Interface g0/1 is a routed port not a switching port.

standby = HSRP

the ip ospf cost is modified from 1 to 50

an OSPF process is configured

all interfaces are in area x.x.x.x

int gi0/3 cannot build OSPF adjacencies = passive

ip classless

! ip routing will use a default route

! for unknown subnets of net 10/8

Then:

the http server is disabled

packets sent to the radius server(s) use a source = Loop0's ip address

the same for the messages to the syslog

then access-list 99 is defined and used to define the source ip addresses that can send SNMP queries if they use the right community xx but only with read only rights RO.

other radius commands similar to the ones at the beginning

then ntp commands that are used to sync the clock with an external source

Hope to help

Giuseppe

New Member

Re: need a help from the Proz

Giuseppe

Thanks for taking the time to explain this. I am slow learner , but this help a lot. Thanks

122
Views
0
Helpful
2
Replies