From: George Harizanov (georgehar@xxxxxxxxxxxxxx)
Date: Sat Apr 15 2000 - 02:32:11 GMT-3
According this publication TACACS is using UDP port 49
http://cisco.com/univercd/cc/td/doc/cisintwk/ics/cs003.htm
G
----- Original Message -----
From: "Mosley, Arthur" <Arthur.Mosley@wang.com>
To: "'Erols '" <byongkuk@erols.com>; "Mosley, Arthur"
<Arthur.Mosley@wang.com>; <Robert_Wang@toyota.com>; "''wang xihan ' '"
<wangxh@nts.net.edu.cn>
Cc: <ccielab@groupstudy.com>
Sent: Friday, April 14, 2000 10:23 AM
Subject: RE: How to filter snmp and TACACS.
> Sorry I pasted from the original example and modified it as an
illustration
> of my point. As you can see ATTENTION to DETAIL is essential. Which
further
> illustrates my point Yes, it should be tcp not udp. Again, when
practicing
> play around with the locations of filters (in-bound/out-bound/different
> routers).
>
> Example should read:
>
> perhaps placed on an outbound interface:
> access-list 102 permit tcp 202.205.15.224 0.0.0.255 eq tacacs
202.205.35.30
>
>
> -----Original Message-----
> From: Erols
> To: Mosley, Arthur; Robert_Wang@toyota.com; 'wang xihan '
> Cc: ccielab@groupstudy.com
> Sent: 4/14/00 9:53 AM
> Subject: Re: How to filter snmp and TACACS.
>
> I think this filter is not going to do naything and also router is not
> going
> to take it
> r1(config)#access-list 101 permit udp 202.205.15.224 eq tacacs
> 202.205.15.224
> ^
> % Invalid input detected at '^' marker.
> why would I block tacacs traffic from same host . Do you recommmand to
> use
> loopback address ? why ?
>
> Just a question about tacacs should I use tcp or udp?
>
> regards
>
> byong
>
>
> ----- Original Message -----
> From: Mosley, Arthur <Arthur.Mosley@wang.com>
> To: <Robert_Wang@toyota.com>; 'wang xihan ' <wangxh@nts.net.edu.cn>
> Cc: <ccielab@groupstudy.com>
> Sent: Thursday, April 13, 2000 11:22 PM
> Subject: RE: How to filter snmp and TACACS.
>
>
> > 2 cents:
> >
> >
> > Make sure you "play around" with placing your filters on in-bound and
> > out-bound interfaces. Always check your logic. It's easy to make
> logic
> > mistakes with source address versus destination address....
> >
> >
> > Also, research TACACS filtering....
> >
> > access-list 101 permit udp 202.205.15.224 eq tacacs 202.205.15.224
> >
> > Art
> >
> >
> > -----Original Message-----
> > From: Robert_Wang@toyota.com
> > To: wang xihan
> > Cc: ccielab@groupstudy.com
> > Sent: 4/13/00 11:47 AM
> > Subject: Re: How to filter snmp and TACACS.
> >
> >
> >
> > If you want just the SNMP (202.205.15.96) and TACACS (202.205.15.224)
> > traffic
> > running between the two LANs 202.205.15.x and 196.14.10.0. Here is
> what
> > you do
> > on the router (with two LAN interfaces),
> >
> > int eth 0
> > ip address 202.205.15.254 255.255.255.0
> > ip access-group 101 in
> >
> > int eth1
> > ip address 196.14.10.254 255.255.255.0
> >
> > access-list 101 permit udp 202.205.15.96 any eq snmp
> > access-list 101 permit udp 202.205.15.224 any eq tacacs
> >
> > Or you may replace the IP addresses within the access-list with "any"
> to
> > allow
> > any SNMP and any TACACS traffic coming in to your eth0.
> >
> > Hope it helps.
> >
> > Robert
> >
> >
> >
> >
> > "wang xihan" <wangxh@nts.net.edu.cn> on 04/12/2000 05:50:51 PM
> >
> > Please respond to "wang xihan" <wangxh@nts.net.edu.cn>
> >
> > To: ccielab@groupstudy.com
> > cc: (bcc: Robert Wang/Vendors/Toyota)
> >
> > Subject: How to filter snmp and TACACS.
> >
> >
> >
> > Hi all:
> > I have a SNMP server and TACACS server in my LAN (add 202.205.15.224
> > and
> > 202.205.15.96) , I would like to
> > permit only Snmp and TACACS traffic between this and a other lan's
> > device
> > (subnet 196.14.10.0), how can i config in my router's in
> interface.Does
> > sb know
> > how SNMP and TACACS work and how to filter it with access-list?
> > Thanks a lot
> > Xihan wang
> > <<Internet HTML>>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:23:14 GMT-3