[c-nsp] cisco 2950 + rsh

Horvath Szabolcs hsz at sth.sze.hu
Sun Oct 2 17:33:26 EDT 2005 

Hello!

This configuration works in 4006 sup3 switches:

no ip rcmd domain-lookup
ip rcmd rsh-enable
ip rcmd remote-host diag 193.224.129.226 root enable 2
ip rcmd source-interface Vlan25

193.224.129.226:~# rsh -l diag 192.168.111.9 show version | head -2
Cisco Internetwork Operating System Software 
IOS (tm) Catalyst 4000 L3 Switch Software (cat4000-IS-M), Version
12.1(13)EW, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)


But *exactly* these settings don't work in 2950s: 

193.224.129.226:~# rsh -l diag 192.168.111.39 show version 
Access denied.

The configuration are same, "diag" user comes from tacacs.
The relevant aaa config:

aaa new-model
aaa authentication login default group tacacs+ enable
aaa authentication login no_tacacs enable
aaa authentication enable default group tacacs+ enable
aaa authentication ppp default group tacacs+
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization network default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+

I can telnet with diag user to 2950:

# telnet 192.168.111.39
Trying 192.168.111.39...
Connected to 192.168.111.39.
Escape character is '^]'.

Username: diag
Password: 

wsc2900-B1>ena 2
Password: 

wsc2900-B1#

debug ip tcp rcmd shows:

Oct  2 19:43:55: RCMD: [514 <- 193.224.129.226:1023] recv 1022\0
Oct  2 19:43:55: RCMD: [514 <- 193.224.129.226:1023] recv root\0diag\0show version\0
Oct  2 19:43:55: RCMD: [514 -> 193.224.129.226:1023] send <OK>
Oct  2 19:43:55: RCMD: [514 -> 193.224.129.226:1023] send <BAD,Access denied.>\n

What is the difference? How can I debug more precisely?


The 2950 switches "sh ver" output:

wsc2900-B1#sh ver
Cisco Internetwork Operating System Software 
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(20)EA1a, RELEASE
SOFTWARE (fc1)
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Mon 19-Apr-04 20:58 by yenanh
Image text-base: 0x80010000, data-base: 0x805A8000

ROM: Bootstrap program is C2950 boot loader

wsc2900-B1 uptime is 18 weeks, 1 day, 15 hours, 16 minutes
System returned to ROM by power-on
System restarted at 08:06:34 MET-DST Sat May 28 2005
System image file is "flash:/c2950-i6q4l2-mz.121-20.EA1a.bin"

cisco WS-C2950T-24 (RC32300) processor (revision J0) with 20713K bytes
of memory.
Processor board ID FHK0728Z2LN
Last reset from system-reset
Running Enhanced Image
24 FastEthernet/IEEE 802.3 interface(s)
2 Gigabit Ethernet/IEEE 802.3 interface(s)

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:0D:65:89:DC:80
Motherboard assembly number: 73-6114-08
Power supply part number: 34-0965-01
Motherboard serial number: FOC072825ZC
Power supply serial number: DAB07278D9A
Model revision number: J0
Motherboard revision number: A0
Model number: WS-C2950T-24
System serial number: FHK0728Z2LN
Configuration register is 0xF


Thanks for your reply,
Szabolcs Horvath

More information about the cisco-nsp mailing list