Re: How to filter snmp and TACACS.

From: wang xihan (wangxh@xxxxxxxxxxxxxx)
Date: Fri Apr 14 2000 - 04:55:59 GMT-3

   
Hi Mr
  Thank you for you reply. But still sth i mistake is that This access-list is
applied to in interface.that means when my two servers want to use snmp to mana
ge some devices outside my lan , My server will use the udp port snmp to answer
 the sessions, so how the sessions setup with snmp and tacacs ? My snmp server
 and Tacacs server is in my Lan port E0
with ip address 202.205.15.x and i want to manage the device connect by my anot
her lan port E1 196.14.0.0.(that is where is my routers and switches, this thin
gs are to be managed).how can i make access-list in my E0 port as out)
Thanks a lot
xihan wang

----- Original Message -----
From: Mosley, Arthur <Arthur.Mosley@wang.com>
To: <Robert_Wang@toyota.com>; 'wang xihan ' <wangxh@nts.net.edu.cn>
Cc: <ccielab@groupstudy.com>
Sent: Friday, April 14, 2000 11:22 AM
Subject: RE: How to filter snmp and TACACS.

> 2 cents:
>
>
> Make sure you "play around" with placing your filters on in-bound and
> out-bound interfaces. Always check your logic. It's easy to make logic
> mistakes with source address versus destination address....
>
>
> Also, research TACACS filtering....
>
> access-list 101 permit udp 202.205.15.224 eq tacacs 202.205.15.224
>
> Art
>
>
> -----Original Message-----
> From: Robert_Wang@toyota.com
> To: wang xihan
> Cc: ccielab@groupstudy.com
> Sent: 4/13/00 11:47 AM
> Subject: Re: How to filter snmp and TACACS.
>
>
>
> If you want just the SNMP (202.205.15.96) and TACACS (202.205.15.224)
> traffic
> running between the two LANs 202.205.15.x and 196.14.10.0. Here is what
> you do
> on the router (with two LAN interfaces),
>
> int eth 0
> ip address 202.205.15.254 255.255.255.0
> ip access-group 101 in
>
> int eth1
> ip address 196.14.10.254 255.255.255.0
>
> access-list 101 permit udp 202.205.15.96 any eq snmp
> access-list 101 permit udp 202.205.15.224 any eq tacacs
>
> Or you may replace the IP addresses within the access-list with "any" to
> allow
> any SNMP and any TACACS traffic coming in to your eth0.
>
> Hope it helps.
>
> Robert
>
>
>
>
> "wang xihan" <wangxh@nts.net.edu.cn> on 04/12/2000 05:50:51 PM
>
> Please respond to "wang xihan" <wangxh@nts.net.edu.cn>
>
> To: ccielab@groupstudy.com
> cc: (bcc: Robert Wang/Vendors/Toyota)
>
> Subject: How to filter snmp and TACACS.
>
>
>
> Hi all:
> I have a SNMP server and TACACS server in my LAN (add 202.205.15.224
> and
> 202.205.15.96) , I would like to
> permit only Snmp and TACACS traffic between this and a other lan's
> device
> (subnet 196.14.10.0), how can i config in my router's in interface.Does
> sb know
> how SNMP and TACACS work and how to filter it with access-list?
> Thanks a lot
> Xihan wang
> <<Internet HTML>>

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:23:13 GMT-3