Category: Uncategorized

You Coach Not Teach Troubleshooting

Reading Time: 4 minutes

A colleague and I have been debating over a few months the topic of troubleshooting. My initial stance on the topic was that you CAN teach troubleshooting. However, as time has passed working with particular individuals I have came to a realization that you CANNOT teach troubleshooting. My belief now is that some people simply have a mind that thinks in logical sequences to rule out options and others don’t. While I’m sure this post may cause some heat towards myself the point isn’t to say anything bad about anyone. My point is that some individuals have a very effective troubleshooting skill set, while others simply have a set rubric of tests that if exhausted, results in a complete halt in process. I’ve come up with four items that impact an individuals ability to troubleshoot effectively even after the initial checklist has been exhausted.

Continue reading

Share this article:

Permanent link to this article: https://www.packetpilot.com/you-coach-not-teach-troubleshooting/

SRT: Offline type 7 decrypt

Reading Time: < 1 minutes

I was recently working on deploying a new device into our network infrastructure. I was working off a configuration template that had a standard arguments for AAA leveraging TACACS+. I was offsite and had asked a fellow colleague to enter the new device into our ACS deployment to allow authentication and command authorization. The long and short of it is, it was copied off of a different group of devices than what my configuration template was based of. The issue was a mismatch in TACACS server keys. The problem was I was currently offline as I was connecting to the device what would let me out to the network. So what is the stupid router trick? The stupid router trick consists of using the key chains to decrypt a type 7 TACACS (or other key) that is hidden via service password-encryption in your configuration template. The trick is pretty simple. Create a temporary key chain that won’t be applied anywhere, enter the key(s) into the key chain in their type 7 format, and then do a simple show key chains. Really! That’s all there is to it. See the output below.

 

R1(config)#key chain tempkeys
R1(config-keychain)#key 1
R1(config-keychain-key)#key-string 7 06150A225E4B1D12000E
R1(config-keychain-key)#exit
R1(config-keychain)#key 2
R1(config-keychain-key)#key-st
R1(config-keychain-key)#key-string 7 095F4B0A0B0003190E15
R1(config-keychain-key)#end
R1#
R1#show key chain
Key-chain tempkeys:
key 1 -- text "secretkey"
accept lifetime (always valid) - (always valid) [valid now]
send lifetime (always valid) - (always valid) [valid now]
key 2 -- text "secretkey"
accept lifetime (always valid) - (always valid) [valid now]
send lifetime (always valid) - (always valid) [valid now]
Share this article:

Permanent link to this article: https://www.packetpilot.com/srt-offline-type-7-decrypt/

Load more