CCIE Pursuit Blog

December 23, 2008

Question Of The Day: 23 December, 2008

Your boss wants the following information displayed whenever someone connects to router r1 via telnet:

“This device belongs to cciepursuit.com  It is most likely poorly protected and congfigured.  Hack away!!!”

Telnet users must login to r1 with a username of ‘TELNET’ password of ‘CISCO’.  Your boss then wants the following message displayed:

“Congratulations on hacking into r1.cciepursuit.com via line X!!!” where X = the line number that the user is connected to r1 on.

Furthermore he wants users logging into r1 via the console line to automatically be in privileged exec mode and to only see the line:

“Congratulations on hacking into r1.cciepursuit.com via line X!!!” where X = the line number that the user is connected to r1 on.

Just to make your life extra difficult, he is considering changing the domain name from ‘cciepursuit.com’ to ‘cciepursuitsucks.net’ as well are renaming all of the devices in the format of ‘RouterX’.  He wants your configuration to dynamically adapt to these stupid changes.

————

Previous Question of the Day:

Given the following output:

R1#show backup
Primary Interface   Secondary Interface   Status
—————–   ——————-   ——
Serial1/0.1         Serial1/1             waiting to revert (292 more seconds)

Which of the following is configured on R1?

A)
interface Serial1/0.1
backup delay 60 300
backup interface Serial1/1

B)
interface Serial1/0.1
backup delay 300 0
backup interface Serial1/1

C)
interface Serial1/1
backup delay 60 300
backup interface Serial1/1

D)
interface Serial1/1
backup delay 300 0
backup interface Serial1

Answer %
A 56%
B 26%
C 6%
D 9%

The answer:

A)
interface Serial1/0.1
backup delay 60 300
backup interface Serial1/1

From the output of the ‘show backup’ command we can see that the primary interface is Serial1/0.1 and the secondary(backup) interface is Serial1/1.  When configuring the ‘backup interface’ command, you configure the secondary interface under the primary interface.  We can throw out answers B and C at this point.

The output of the ‘show backup’ command shows the status as ‘waiting to revert (292 more seconds)’.  From this information we can tell that there has been a ‘backup delay’ value configured.

The sucky thing about the ‘backup delay’ command is that the IOS help is pretty worthless.  You need to know that the first value that you configure is the delay between the time that the primary interface goes down and the secondary interface comes up.  The second value is just the opposite: the delay between the time that the secondary interface goes down and the interface comes up.  Cisco refers to these values as the enable-delay-period and the disable-delay-period :

backup delay {enable-delay-period | never} {disable-delay-period | never}
no backup delay {enable-delay-period | never} {disable-delay-period | never}

Syntax Description
enable-delay-period – Number of seconds that elapse after the primary line goes down before the Cisco IOS software activates the secondary line.
disable-delay-period – Number of seconds that elapse after the primary line comes up before the Cisco IOS software deactivates the secondary line.
never – Secondary line is never activated or deactivated.

The default values are 0.  You can also chose a value of never…for whatever reason.

R1(config)#int s1/0.1
R1(config-subif)#backup ?
active     Configure an interface as an active backup
delay      Delays before backup line up or down transitions
interface  Configure an interface as a backup

R1(config-subif)#backup delay ?
<0-4294967294>  Seconds

R1(config-subif)#backup delay 60 ?
<0-4294967294>  Seconds

R1(config-subif)#backup delay 60 300 ?
<cr>

R1(config-subif)#backup delay 60 300

In our example we know that the disable-delay-period must be greater than 292 seconds.  The enable-delay-period can be anything (other than ‘never’).  This means that our answer must be A (‘backup delay 60 300’).

Here are status values based on the interface states:

Primary interface up:

R1#sh backup
Primary Interface   Secondary Interface   Status
—————–   ——————-   ——
Serial1/0.1         Serial1/1             normal operation

Primary interface down (enable-delay-period configured):

R1#sh backup
Primary Interface   Secondary Interface   Status
—————–   ——————-   ——
Serial1/0.1         Serial1/1             waiting to backup (57 more seconds)

Primary interface down – secondary interface up:

R1#sh backup
Primary Interface   Secondary Interface   Status
—————–   ——————-   ——
Serial1/0.1         Serial1/1             backup mode

Primary interface down (disable-delay-period configured):

R1#sh backup
Primary Interface   Secondary Interface   Status
—————–   ——————-   ——
Serial1/0.1         Serial1/1             waiting to revert (289 more seconds

backup interface

backup delay

Advertisements

3 Comments »

  1. I can’t think of the dynamic hostname one, but it seems the boss loves banner tokens

    banner login ^CThis device belongs to cciepursuit.com It is most likely poorly protected and congfigured. Hack away!!!^C

    banner exec ^C Congratulations on hacking into r1.cciepursuit.com via line $(line)!!! ^C

    line vty 0 4
    exec-timeout 5 0
    privilege level 0
    login local

    line con 0
    exec-timeout 0 0
    privilege level 15
    logging synchronous

    Verifications

    BB3 con0 is now available

    Press RETURN to get started.

    Congratulations on hacking into r1.cciepursuit.com via line 0!!!
    BB3#

    BB2#telnet 3.3.3.3
    Trying 3.3.3.3 … Open
    This device belongs to cciepursuit.com It is most likely poorly protected and congfigured. Hack away!!!

    User Access Verification

    Username: TELNET
    Password: Congratulations on hacking into r1.cciepursuit.com via line 130!!!

    Comment by Luis Garcia — December 24, 2008 @ 11:52 am | Reply

  2. R1 Configuration
    —————-

    username TELNET password CISCO
    banner motd #
    This device belongs to cciepursuit.com It is most likely poorly protected and congfigured. Hack away!!!
    #
    !
    !
    banner exec #
    Congratulations on hacking into $(hostname).$(domain) via line $(line)!!!
    #
    !
    !
    line con 0
    exec-banner
    no motd-banner
    privilege level 15
    !
    line vty 0 4
    exec-banner
    login local

    Comment by Joe A — December 24, 2008 @ 1:57 pm | Reply

  3. oh the variable hostname and domain was supposed to be in the banner? Ok, i get it now. more banner tokens

    Comment by Luis Garcia — December 25, 2008 @ 11:25 am | Reply


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: