PART 2:
Now that SRV is set up and running WinRadius we can configure DLS1 & DLS2 to use RADIUS on SRV for login authentication (telnet).
The configurations are straight forward and if you’d like to know more I’d suggest searching Cisco’s site.
Some of the key information we needed to take note of in Part 1 was the following:
Radius IP: 10.1.50.1
Radius Password (a.k.a NAS Secret): WinRadius
Radius auth-port: 2812
Radius acct-port: 2813
Our User: User1
& Password: CCnP
Part 1: Configuring the Radius Server
In this post we want to secure access to our devices and do so with a single authentication server. There are many reasons to do this; for example we can easily manage users and passwords without having to micromanage each device.
The topology is similar to the RSPAN post:
DLS1 VLAN 5 (MGT): 10.1.5.252
DLS2 VLAN 5 (MGT): 10.1.5.253
For this post we want to focus on capturing and analyzing traffic on DLS2 fa0/18 VLAN 10 that connects to PCC. In essence, we want to monitor the traffic to and from PCC using RSPAN (Remote Switched Port Analyzer). SRV will monitor the traffic using Wireshark. For the end test we will send a ping from PCB to PCC and see the ICMP packets on SRV running Wireshark.
Topology
I wanted to setup an external DHCP server to:
Part 1 goes over the basic DHCP Server configurations (on WinServer 2008).
Part 2 continues with the switch configurations along with PC- 1 & 2 getting their IP address from the external server….
Is not supported!
2950(config)#ip s?
security source-route sticky-arp subnet-zero
Instead, to configure two 2950s as IP SLA responders, configure them as rtr responders.
I’m shocked and appalled to have just discovered my 3550’s don’t support scripting with tcl. Actually, the 3560’s don’t either. But, thanks to a posting on CCIE Pursuit Blog a macro can be used to substitute a tcl ping script. The macro needs to be run in global configuration mode so you’ll need to include the ‘do’ statement.
