[c-nsp] cisco 2950 + rsh

Bruce Pinsky bep at whack.org
Mon Oct 3 16:02:40 EDT 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Horvath Szabolcs wrote:
> Hello!
> 
> This configuration works in 4006 sup3 switches:
> 
> no ip rcmd domain-lookup
> ip rcmd rsh-enable
> ip rcmd remote-host diag 193.224.129.226 root enable 2
> ip rcmd source-interface Vlan25
> 
> 193.224.129.226:~# rsh -l diag 192.168.111.9 show version | head -2
> Cisco Internetwork Operating System Software 
> IOS (tm) Catalyst 4000 L3 Switch Software (cat4000-IS-M), Version
> 12.1(13)EW, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
> 
> 
> But *exactly* these settings don't work in 2950s: 
> 
> 193.224.129.226:~# rsh -l diag 192.168.111.39 show version 
> Access denied.
> 
> The configuration are same, "diag" user comes from tacacs.
> The relevant aaa config:
> 
> aaa new-model
> aaa authentication login default group tacacs+ enable
> aaa authentication login no_tacacs enable
> aaa authentication enable default group tacacs+ enable
> aaa authentication ppp default group tacacs+
> aaa authorization exec default group tacacs+ if-authenticated
> aaa authorization network default group tacacs+ if-authenticated
> aaa accounting exec default start-stop group tacacs+
> aaa accounting commands 0 default start-stop group tacacs+
> aaa accounting commands 15 default start-stop group tacacs+
> aaa accounting network default start-stop group tacacs+
> 
> I can telnet with diag user to 2950:
> 
> # telnet 192.168.111.39
> Trying 192.168.111.39...
> Connected to 192.168.111.39.
> Escape character is '^]'.
> 
> Username: diag
> Password: 
> 
> wsc2900-B1>ena 2
> Password: 
> 
> wsc2900-B1#
> 
> debug ip tcp rcmd shows:
> 
> Oct  2 19:43:55: RCMD: [514 <- 193.224.129.226:1023] recv 1022\0
> Oct  2 19:43:55: RCMD: [514 <- 193.224.129.226:1023] recv root\0diag\0show version\0
> Oct  2 19:43:55: RCMD: [514 -> 193.224.129.226:1023] send <OK>
> Oct  2 19:43:55: RCMD: [514 -> 193.224.129.226:1023] send <BAD,Access denied.>\n
> 
> What is the difference? How can I debug more precisely?
> 
> 
> The 2950 switches "sh ver" output:
> 
> wsc2900-B1#sh ver
> Cisco Internetwork Operating System Software 
> IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(20)EA1a, RELEASE
> SOFTWARE (fc1)
> Copyright (c) 1986-2004 by cisco Systems, Inc.
> Compiled Mon 19-Apr-04 20:58 by yenanh
> Image text-base: 0x80010000, data-base: 0x805A8000
> 
> ROM: Bootstrap program is C2950 boot loader
> 
> wsc2900-B1 uptime is 18 weeks, 1 day, 15 hours, 16 minutes
> System returned to ROM by power-on
> System restarted at 08:06:34 MET-DST Sat May 28 2005
> System image file is "flash:/c2950-i6q4l2-mz.121-20.EA1a.bin"
> 
> cisco WS-C2950T-24 (RC32300) processor (revision J0) with 20713K bytes
> of memory.
> Processor board ID FHK0728Z2LN
> Last reset from system-reset
> Running Enhanced Image
> 24 FastEthernet/IEEE 802.3 interface(s)
> 2 Gigabit Ethernet/IEEE 802.3 interface(s)
> 
> 32K bytes of flash-simulated non-volatile configuration memory.
> Base ethernet MAC Address: 00:0D:65:89:DC:80
> Motherboard assembly number: 73-6114-08
> Power supply part number: 34-0965-01
> Motherboard serial number: FOC072825ZC
> Power supply serial number: DAB07278D9A
> Model revision number: J0
> Motherboard revision number: A0
> Model number: WS-C2950T-24
> System serial number: FHK0728Z2LN
> Configuration register is 0xF
> 
> 

Try debugging aaa authen and aaa author.

- --
=========
bep

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)

iD8DBQFDQY5gE1XcgMgrtyYRArtNAKCHGBZ0q5mXL1jV23k5wNpciIVn3wCghjHg
IKFRneSpFJyA12BGRjWcpbQ=
=S4r2
-----END PGP SIGNATURE-----

More information about the cisco-nsp mailing list