From: Justin van Schaik (jagvans@xxxxxxxxx)
Date: Mon Apr 17 2000 - 08:54:55 GMT-3
Just a reminder ... I believe TACACS uses UDP, TACACS+ (Cisco's implementation)
uses TCP.
--- George Harizanov <georgehar@mindspring.com> wrote:
> According this publication TACACS is using UDP port 49
> http://cisco.com/univercd/cc/td/doc/cisintwk/ics/cs003.htm
> G
> ----- Original Message -----
> From: "Mosley, Arthur" <Arthur.Mosley@wang.com>
> To: "'Erols '" <byongkuk@erols.com>; "Mosley, Arthur"
> <Arthur.Mosley@wang.com>; <Robert_Wang@toyota.com>; "''wang xihan ' '"
> <wangxh@nts.net.edu.cn>
> Cc: <ccielab@groupstudy.com>
> Sent: Friday, April 14, 2000 10:23 AM
> Subject: RE: How to filter snmp and TACACS.
>
>
> > Sorry I pasted from the original example and modified it as an
> illustration
> > of my point. As you can see ATTENTION to DETAIL is essential. Which
> further
> > illustrates my point Yes, it should be tcp not udp. Again, when
> practicing
> > play around with the locations of filters (in-bound/out-bound/different
> > routers).
> >
> > Example should read:
> >
> > perhaps placed on an outbound interface:
> > access-list 102 permit tcp 202.205.15.224 0.0.0.255 eq tacacs
> 202.205.35.30
> >
> >
> > -----Original Message-----
> > From: Erols
> > To: Mosley, Arthur; Robert_Wang@toyota.com; 'wang xihan '
> > Cc: ccielab@groupstudy.com
> > Sent: 4/14/00 9:53 AM
> > Subject: Re: How to filter snmp and TACACS.
> >
> > I think this filter is not going to do naything and also router is not
> > going
> > to take it
> > r1(config)#access-list 101 permit udp 202.205.15.224 eq tacacs
> > 202.205.15.224
> > ^
> > % Invalid input detected at '^' marker.
> > why would I block tacacs traffic from same host . Do you recommmand to
> > use
> > loopback address ? why ?
> >
> > Just a question about tacacs should I use tcp or udp?
> >
> > regards
> >
> > byong
> >
> >
> > ----- Original Message -----
> > From: Mosley, Arthur <Arthur.Mosley@wang.com>
> > To: <Robert_Wang@toyota.com>; 'wang xihan ' <wangxh@nts.net.edu.cn>
> > Cc: <ccielab@groupstudy.com>
> > Sent: Thursday, April 13, 2000 11:22 PM
> > Subject: RE: How to filter snmp and TACACS.
> >
> >
> > > 2 cents:
> > >
> > >
> > > Make sure you "play around" with placing your filters on in-bound and
> > > out-bound interfaces. Always check your logic. It's easy to make
> > logic
> > > mistakes with source address versus destination address....
> > >
> > >
> > > Also, research TACACS filtering....
> > >
> > > access-list 101 permit udp 202.205.15.224 eq tacacs 202.205.15.224
> > >
> > > Art
> > >
> > >
> > > -----Original Message-----
> > > From: Robert_Wang@toyota.com
> > > To: wang xihan
> > > Cc: ccielab@groupstudy.com
> > > Sent: 4/13/00 11:47 AM
> > > Subject: Re: How to filter snmp and TACACS.
> > >
> > >
> > >
> > > If you want just the SNMP (202.205.15.96) and TACACS (202.205.15.224)
> > > traffic
> > > running between the two LANs 202.205.15.x and 196.14.10.0. Here is
> > what
> > > you do
> > > on the router (with two LAN interfaces),
> > >
> > > int eth 0
> > > ip address 202.205.15.254 255.255.255.0
> > > ip access-group 101 in
> > >
> > > int eth1
> > > ip address 196.14.10.254 255.255.255.0
> > >
> > > access-list 101 permit udp 202.205.15.96 any eq snmp
> > > access-list 101 permit udp 202.205.15.224 any eq tacacs
> > >
> > > Or you may replace the IP addresses within the access-list with "any"
> > to
> > > allow
> > > any SNMP and any TACACS traffic coming in to your eth0.
> > >
> > > Hope it helps.
> > >
> > > Robert
> > >
> > >
> > >
> > >
> > > "wang xihan" <wangxh@nts.net.edu.cn> on 04/12/2000 05:50:51 PM
> > >
> > > Please respond to "wang xihan" <wangxh@nts.net.edu.cn>
> > >
> > > To: ccielab@groupstudy.com
> > > cc: (bcc: Robert Wang/Vendors/Toyota)
> > >
> > > Subject: How to filter snmp and TACACS.
> > >
> > >
> > >
> > > Hi all:
> > > I have a SNMP server and TACACS server in my LAN (add 202.205.15.224
> > > and
> > > 202.205.15.96) , I would like to
> > > permit only Snmp and TACACS traffic between this and a other lan's
> > > device
> > > (subnet 196.14.10.0), how can i config in my router's in
> > interface.Does
> > > sb know
> > > how SNMP and TACACS work and how to filter it with access-list?
> > > Thanks a lot
> > > Xihan wang
> > > <<Internet HTML>>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:23:14 GMT-3