tacacs+ filter questions

From: Clifton Stewart (cliftonlstewart@xxxxxxxx)
Date: Wed Apr 26 2000 - 11:56:12 GMT-3

• Next message: Goh, Winston: "RE:"
• Previous message: Michael Needham: "IPX DDR..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Xihan,

First of all ensure that you have an access-group 1 on the interface you
want to apply the access-list. Your first line for snmp should allow a
udp host opposed to an tcp host. Without the access-group command the
access-list isn't doing anything on the router. What happened when you
issued debug ip packet? Another suggestion is to place a log at the end
of your access-list, this way you could store what the access-list is
doing. Let us know how it goes.

Clifton Stewart-CCNA, CCIE Candidate

wang xihan wrote:
>
> Hi Clifton:
> Thank you for you reply
> i am just want to permit Tacacs+ and Snmp to though my router and deny othe
r traffic,
> the access-list i do :
> access-list 101 permit tcp host 202.205.1.100 host 202.205.15.95 eq snmp
> access-list 101 permit tcp host 202.205.1.100 host 202.205.15.98 eq Tacacs
> and i apply the access-list to R1 e0 outbound, But it did not work.
> and i do not know why?
>
> ----- Original Message -----
> From: Clifton Stewart <cliftonlstewart@home.com>
> To: wang xihan <wangxh@nts.net.edu.cn>
> Sent: Tuesday, April 25, 2000 10:45 PM
> Subject: tacacs+ filter questions
>
> > Xihan,
> >
> > Wouldn't you want to block tcp port 49 for Tacacs+ and UDP port 161 for
> > SNMP? Give it a try and let us know.
> >
> > Cliff
> >
> > > wang xihan wrote:
> > >
> > > Hi all
> > > I tried access-list in my router to filter that only snmp and
> > > tacacs+ can thought my router but it did not work.
> > > (snmp management station :ip add 202.205.15.95
> > > tacacs+ server ip :202.205.15.98
> > > router be snmp managed :202.205.1.100
> > > i want filter traffic that only snmp and tacacs+ can though my router
> > >
> > > (snmp station,tacacs+
> > > server)---cat5000----(e0)R1(e1)-----(e0)r2(s0)----internet
> > > R1 e0 :202.205.15.1
> > > R1 e1:202.205.1.1
> > > By : If i use tacacs+ , is that same as Tacacs+?
> > > Thanks a lot
> > > xihan wang
> > >

• Next message: Goh, Winston: "RE:"
• Previous message: Michael Needham: "IPX DDR..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:23:15 GMT-3