Cisco LLDP for non Cisco neighbor discovery

sh cdp neighbors will show devices running CDP, but to discover non Cisco devices you need to enable Link Layer Discovery Protocol, which is multivendor.

Commands:

test(config)#lldp ?
holdtime Specify the holdtime (in sec) to be sent in packets
reinit Delay (in sec) for LLDP initialization on any interface
run Enable LLDP
timer Specify the rate at which LLDP packets are sent (in sec)
tlv-select Selection of LLDP TLVs to send

test(config)#exit
test#sh lldp ?
entry Information for specific neighbor entry
errors LLDP computational errors and overflows
interface LLDP interface status and configuration
neighbors LLDP neighbor entries
traffic LLDP statistics
| Output modifiers
<cr>

Configure SSH login with TACACS Cisco, along with username and enable password

Using a TACACS server to authenticate SSH login:  Cisco IOS

Here we have a TACACS server at 192.168.0.1, with a password called secret, and a couple of usernames.

Step 1:  Create a local user and pass, and enable password to ensure you can get in in the event of the TACACS server failing

Router(config)#username admin privilege 15 password ?
  0     Specifies an UNENCRYPTED password will follow
  7     Specifies a HIDDEN password will follow
  LINE  The UNENCRYPTED (cleartext) user password
Router(config)#username admin privilege 15 password 0 ?
  LINE  The UNENCRYPTED (cleartext) user password
Router(config)#username admin privilege 15 password 0 cisco

Enable password: (Options below)

Router(config)#
enable password ?
7 Specifies a HIDDEN password will follow
LINE The UNENCRYPTED (cleartext) ‘enable’ password
level Set exec level password
Router(config)#enable secret ?
0 Specifies an UNENCRYPTED password will follow
5 Specifies an ENCRYPTED secret will follow
LINE The UNENCRYPTED (cleartext) ‘enable’ secret
level Set exec level password

Router(config)#enable secret 0 test

Step 2 Configure the router to accept TACACS

Router(config)#aaa new-model (enables aaa on router and hence makes tacacs possible)
Router(config)#tacacs-server host 192.168.0.1
Router(config)#tacacs-server key secret (Here, secret is a password which has been set up on the TACACS server)

Step 3: Change the default name of the router to so that SSH can be enabled.

Router(config)#hostname R0

Step 4: Create an aaa authentication group (called SSH-LOGIN for clarity but you could call it ‘Ethel’ if you wish)

R0(config)#aaa authentication login SSH-LOGIN group tacacs+

Step 5: Enable SSH

(First, configure domain name, and then generate RSA key, otherwise SSH won’t work)

R0(config)#ip domain-name test.com
R0(config)#crypto key generate rsa
The name for the keys will be: R0.test.com
Choose the size of the key modulus in the range of 360 to 2048 for your
  General Purpose Keys. Choosing a key modulus greater than 512 may take
  a few minutes.

How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable…[OK]

R0(config)#line vty 0 4
R0(config-line)#transport input ssh
R0(config-line)#login authentication SSH-LOGIN
R0(config-line)#END