From: Mosley, Arthur (Arthur.Mosley@xxxxxxxx)
Date: Fri Apr 14 2000 - 10:11:36 GMT-3
I did not fully understand your question. However, my point is that it is
very useful to understand how your filter/access-list changes depending on
where you will/must apply your filter and where certain resources might be
located.
art
please resubmit your question
-----Original Message-----
From: wang xihan
To: Mosley, Arthur
Cc: ccielab@groupstudy.com
Sent: 4/14/00 3:55 AM
Subject: Re: How to filter snmp and TACACS.
Hi Mr
Thank you for you reply. But still sth i mistake is that This
access-list is applied to in interface.that means when my two servers
want to use snmp to manage some devices outside my lan , My server will
use the udp port snmp to answer the sessions, so how the sessions setup
with snmp and tacacs ? My snmp server and Tacacs server is in my Lan
port E0
with ip address 202.205.15.x and i want to manage the device connect by
my another lan port E1 196.14.0.0.(that is where is my routers and
switches, this things are to be managed).how can i make access-list in
my E0 port as out)
Thanks a lot
xihan wang
----- Original Message -----
From: Mosley, Arthur <Arthur.Mosley@wang.com>
To: <Robert_Wang@toyota.com>; 'wang xihan ' <wangxh@nts.net.edu.cn>
Cc: <ccielab@groupstudy.com>
Sent: Friday, April 14, 2000 11:22 AM
Subject: RE: How to filter snmp and TACACS.
> 2 cents:
>
>
> Make sure you "play around" with placing your filters on in-bound and
> out-bound interfaces. Always check your logic. It's easy to make
logic
> mistakes with source address versus destination address....
>
>
> Also, research TACACS filtering....
>
> access-list 101 permit udp 202.205.15.224 eq tacacs 202.205.15.224
>
> Art
>
>
> -----Original Message-----
> From: Robert_Wang@toyota.com
> To: wang xihan
> Cc: ccielab@groupstudy.com
> Sent: 4/13/00 11:47 AM
> Subject: Re: How to filter snmp and TACACS.
>
>
>
> If you want just the SNMP (202.205.15.96) and TACACS (202.205.15.224)
> traffic
> running between the two LANs 202.205.15.x and 196.14.10.0. Here is
what
> you do
> on the router (with two LAN interfaces),
>
> int eth 0
> ip address 202.205.15.254 255.255.255.0
> ip access-group 101 in
>
> int eth1
> ip address 196.14.10.254 255.255.255.0
>
> access-list 101 permit udp 202.205.15.96 any eq snmp
> access-list 101 permit udp 202.205.15.224 any eq tacacs
>
> Or you may replace the IP addresses within the access-list with "any"
to
> allow
> any SNMP and any TACACS traffic coming in to your eth0.
>
> Hope it helps.
>
> Robert
>
>
>
>
> "wang xihan" <wangxh@nts.net.edu.cn> on 04/12/2000 05:50:51 PM
>
> Please respond to "wang xihan" <wangxh@nts.net.edu.cn>
>
> To: ccielab@groupstudy.com
> cc: (bcc: Robert Wang/Vendors/Toyota)
>
> Subject: How to filter snmp and TACACS.
>
>
>
> Hi all:
> I have a SNMP server and TACACS server in my LAN (add 202.205.15.224
> and
> 202.205.15.96) , I would like to
> permit only Snmp and TACACS traffic between this and a other lan's
> device
> (subnet 196.14.10.0), how can i config in my router's in
interface.Does
> sb know
> how SNMP and TACACS work and how to filter it with access-list?
> Thanks a lot
> Xihan wang
> <<Internet HTML>>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:23:13 GMT-3