A colleague and I have been debating over a few months the topic of troubleshooting. My initial stance on the topic was that you CAN teach troubleshooting. However, as time has passed working with particular individuals I have came to a realization that you CANNOT teach troubleshooting. My belief now is that some people simply have a mind that thinks in logical sequences to rule out options and others don’t. While I’m sure this post may cause some heat towards myself the point isn’t to say anything bad about anyone. My point is that some individuals have a very effective troubleshooting skill set, while others simply have a set rubric of tests that if exhausted, results in a complete halt in process. I’ve come up with four items that impact an individuals ability to troubleshoot effectively even after the initial checklist has been exhausted.
Category: Uncategorized
You Coach Not Teach Troubleshooting
Permanent link to this article: https://www.packetpilot.com/you-coach-not-teach-troubleshooting/
SRT: Offline type 7 decrypt
I was recently working on deploying a new device into our network infrastructure. I was working off a configuration template that had a standard arguments for AAA leveraging TACACS+. I was offsite and had asked a fellow colleague to enter the new device into our ACS deployment to allow authentication and command authorization. The long and short of it is, it was copied off of a different group of devices than what my configuration template was based of. The issue was a mismatch in TACACS server keys. The problem was I was currently offline as I was connecting to the device what would let me out to the network. So what is the stupid router trick? The stupid router trick consists of using the key chains to decrypt a type 7 TACACS (or other key) that is hidden via service password-encryption in your configuration template. The trick is pretty simple. Create a temporary key chain that won’t be applied anywhere, enter the key(s) into the key chain in their type 7 format, and then do a simple show key chains. Really! That’s all there is to it. See the output below.
R1(config)#key chain tempkeys R1(config-keychain)#key 1 R1(config-keychain-key)#key-string 7 06150A225E4B1D12000E R1(config-keychain-key)#exit R1(config-keychain)#key 2 R1(config-keychain-key)#key-st R1(config-keychain-key)#key-string 7 095F4B0A0B0003190E15 R1(config-keychain-key)#end R1# R1#show key chain Key-chain tempkeys: key 1 -- text "secretkey" accept lifetime (always valid) - (always valid) [valid now] send lifetime (always valid) - (always valid) [valid now] key 2 -- text "secretkey" accept lifetime (always valid) - (always valid) [valid now] send lifetime (always valid) - (always valid) [valid now]
Permanent link to this article: https://www.packetpilot.com/srt-offline-type-7-decrypt/
- 1
- 2