Re: How to filter snmp and TACACS.

From: Erols (byongkuk@xxxxxxxxx)
Date: Fri Apr 14 2000 - 10:53:29 GMT-3

• Next message: Mosley, Arthur: "RE: How to filter snmp and TACACS."
• Previous message: Mosley, Arthur: "RE: How to filter snmp and TACACS."
• Maybe in reply to: wang xihan: "How to filter snmp and TACACS."
• Next in thread: Mosley, Arthur: "RE: How to filter snmp and TACACS."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
I think this filter is not going to do naything and also router is not going
to take it
r1(config)#access-list 101 permit udp 202.205.15.224 eq tacacs
202.205.15.224
                                                     ^
% Invalid input detected at '^' marker.
why would I block tacacs traffic from same host . Do you recommmand to use
loopback address ? why ?

Just a question about tacacs should I use tcp or udp?

regards

byong

----- Original Message -----
From: Mosley, Arthur <Arthur.Mosley@wang.com>
To: <Robert_Wang@toyota.com>; 'wang xihan ' <wangxh@nts.net.edu.cn>
Cc: <ccielab@groupstudy.com>
Sent: Thursday, April 13, 2000 11:22 PM
Subject: RE: How to filter snmp and TACACS.

> 2 cents:
>
>
> Make sure you "play around" with placing your filters on in-bound and
> out-bound interfaces. Always check your logic. It's easy to make logic
> mistakes with source address versus destination address....
>
>
> Also, research TACACS filtering....
>
> access-list 101 permit udp 202.205.15.224 eq tacacs 202.205.15.224
>
> Art
>
>
> -----Original Message-----
> From: Robert_Wang@toyota.com
> To: wang xihan
> Cc: ccielab@groupstudy.com
> Sent: 4/13/00 11:47 AM
> Subject: Re: How to filter snmp and TACACS.
>
>
>
> If you want just the SNMP (202.205.15.96) and TACACS (202.205.15.224)
> traffic
> running between the two LANs 202.205.15.x and 196.14.10.0. Here is what
> you do
> on the router (with two LAN interfaces),
>
> int eth 0
> ip address 202.205.15.254 255.255.255.0
> ip access-group 101 in
>
> int eth1
> ip address 196.14.10.254 255.255.255.0
>
> access-list 101 permit udp 202.205.15.96 any eq snmp
> access-list 101 permit udp 202.205.15.224 any eq tacacs
>
> Or you may replace the IP addresses within the access-list with "any" to
> allow
> any SNMP and any TACACS traffic coming in to your eth0.
>
> Hope it helps.
>
> Robert
>
>
>
>
> "wang xihan" <wangxh@nts.net.edu.cn> on 04/12/2000 05:50:51 PM
>
> Please respond to "wang xihan" <wangxh@nts.net.edu.cn>
>
> To: ccielab@groupstudy.com
> cc: (bcc: Robert Wang/Vendors/Toyota)
>
> Subject: How to filter snmp and TACACS.
>
>
>
> Hi all:
> I have a SNMP server and TACACS server in my LAN (add 202.205.15.224
> and
> 202.205.15.96) , I would like to
> permit only Snmp and TACACS traffic between this and a other lan's
> device
> (subnet 196.14.10.0), how can i config in my router's in interface.Does
> sb know
> how SNMP and TACACS work and how to filter it with access-list?
> Thanks a lot
> Xihan wang
> <<Internet HTML>>

• Next message: Mosley, Arthur: "RE: How to filter snmp and TACACS."
• Previous message: Mosley, Arthur: "RE: How to filter snmp and TACACS."
• Maybe in reply to: wang xihan: "How to filter snmp and TACACS."
• Next in thread: Mosley, Arthur: "RE: How to filter snmp and TACACS."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:23:13 GMT-3