Tag Archives: Cisco IOS

Cisco IOS Packages and Licenses

Cisco,
Feature Sets/Technology Package
  1. IP Base (ipbasek9) – Entry level Cisco IOS functionality. Some of the key feature are AAA BGP, OSPF, EIGRP, ISIS, RIP, PBR, IGMP, Multicast, DHCP, HSRP, GLBP, NHRP, HTTP, HQF QoS ACL, NBAR GRE CDP, ARP NTP PPP PPPoA PPPoE RADIUS TACACS, RSVP, NTP, Flexible Netflow etc.
  2. DATA  (datak9) – Data features found in SP Services and Enterprise Services IOS image on ISR Routers. It support MPLS, ATM, and Multiprotocol support.
  3. Security (securityk9) – It support Cisco IOS Firewall , IPS , IPsec , 3DES, VPN etc.
  4. Unified Communications (uck9) – It support VOIP & IP Telephony

 

Universal IOS Packaging Overview

ISR Integrated Service Router comes with IPbase feature set and we need to get the license package to  run the other three technology packages.

License Types Available on ISR Routers
Permanent Licenses

Permanent licenses are valid for the life of the device on which it is installed. Some examples of permanent licenses are IOS Technology Packages (IPBase, UC, SEC, DATA), Feature Licenses such as SSL VPN etc.

Temporary Licenses

Temporary licenses are used for evaluating new capabilities or in emergency situations. A temporary license allows a feature set to be used for 60 days of actual usage. When the 60-day period expires, the device will continue to operate normally until reloaded. After the reload, the device will default to the original functionality before the temporary license was enabled. Only actual time that the temporary license is enabled counts towards the 60 day limit. The Cisco Technical Assistance Center (TAC) can provide an extension license for longer trials or other circumstances.

 

Test AAA Server on Cisco ASA and IOS Devices

AAA, Cisco, Cisco ASA, Security, ,

When We configure AAA on Cisco ASA or any IOS device (Router/Switch), it is always a good practice to confirm that the configuration is good and the server is available and responding correctly.

Cisco IOS:

Radius Server IP Address: 10.1.2.3
Username: amolak
Password: password123

ROUTER-1#test aaa group radius server 10.1.2.3 amolak password123 legacy
Attempting authentication test to server-group radius using radius
User was successfully authenticated.

ROUTER-1#test aaa group radius server 10.1.2.3 amolak wrongpassword legacy  
Attempting authentication test to server-group radius using radius
User authentication request was rejected by server.

Cisco ASA:

Radius Servers Group Name: RADIUS-SERVERS
Radius Server IP Address: 10.1.2.3
Username: amolak
Password: password123

ASA-1# test aaa-server authentication RADIUS-SERVERS
Server IP Address or name: 10.1.2.3
Username: amolak
Password: password123
INFO: Attempting Authentication test to IP address <10.1.2.3> (timeout: 12 seconds)
INFO: Authentication Successful

ASA-1# test aaa-server authentication RADIUS-SERVERS
Server IP Address or name: 10.1.2.3
Username: amolak
Password: wrongpassword
INFO: Attempting Authentication test to IP address <10.1.2.3> (timeout: 12 seconds)
ERROR: Authentication Rejected: AAA failure

Note that you can choose the group, or specific server in the group. This makes it possible to check all servers in the group are working.