вторник, 18 декабря 2012 г.

Static route Cisco to Juniper

Есть два статических маршрута в конфиге IOS:


ip route 10.44.254.254 255.255.255.255 10.200.34.29 
ip route 10.44.254.254 255.255.255.255 10.200.34.201 250

Нужно отразить эти маршруты в конфигурации JunOS. Первое, что пришло на ум:


set route 10.44.254.254/32 next-hop 10.200.34.29 metric 1
set route 10.44.254.254/32 next-hop 10.200.34.201 metric 250

Получилось:


route 10.44.254.254/32 { 
    next-hop [ 10.200.34.29 10.200.34.201 ]; 
    metric 250; 
}

Что-то не так :)

Есть у Juniper инструмент " I2J translator". Заливаем ему часть конфига IOS, он выдает ей в синтаксисе JunOS. Результат:


* I2J Version:       10.1R2 / 7/19/2011 
 * Parse Date:        Tue Dec 18 05:19:13 PST 2012 
 * Error Lines:       0 
 * Warning Lines:     0 
 * Information Lines: 0 
 * 
 * NOTE: This config is NOT PERFECT.  It must be carefully 
 *       examined to ensure correctness. 
 * 
 * Jump to JUNOS section: 
 *  routing-options 
 * 
 * Jump to IOS configuration file with conversion messages 
  
routing-options { 
    static { 
        route 10.44.254.254/32 { 
            next-hop 10.200.34.29; 
            qualified-next-hop 10.200.34.201 { 
                preference 250; 
            } 
            resolve; 
        } 
    } 
}

Спасибо, Espen, за хороший вопрос :)

понедельник, 10 декабря 2012 г.

Cisco IOS password recovery

Оригинал тут http://www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/810-cisco-router-password-recovery.html


Introduction

Password recovery is a fairly frequently used procedure for administrators and engineers. Even though we usually stack our passwords in some word, excel or text file, it's very easy to forget to update them when changes occur. The end result is you find yourself locked out of the device, wondering what on earth could be the password.
Accessing a Cisco router requires certain privileges. Depending on the router's configuration, you might be required to firstly log into the router and then enter the popular 'enable' password to elevate your access to privileged mode, from where you can issue configuration commands.
This article will show you how you can gain full administrator access to a Cisco router, bypassing all security passwords. The password recovery process, however, can be rendered useless if the administrator has previously configured the router not to allow this process to take place. In this case, the router will warn the user and, if he proceeds, all configuration will be erased, so there will be nothing to recover!