RE: TACACs Authentication Traffic Analysis

From: Tony Schaffran (groupstudy@cconlinelabs.com)
Date: Sun Oct 05 2003 - 12:31:41 GMT-3

• Next message: k c: "Re: passive interface lo"
• Previous message: Scott Morris: "RE: CCSI"
• Maybe in reply to: Ken.Farrington@barclayscapital.com: "TACACs Authentication Traffic Analysis"
• Next in thread: Peng Zheng: "RE: TACACs Authentication Traffic Analysis"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

A router configured with AAA speaks to TACACS using destination port TCP 49.
I believe the source port is also TCP 49. It will use the interface IP
address you are communicating to the TACACS unless you specify a TACACS
source address on the router. You can specify any interface on the router.

I hope that helps a little. One source for this type of information is the
CCIE Self Study Exam Certification Guide for Security.

Tony Schaffran
Network Analyst
CCIE #11071
CCNP, CCNA, CCDA,
NNCDS, NNCSS, CNE, MCSE
 
www.cconlinelabs.com
Your #1 choice for online Cisco rack rentals.
 

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Ken.Farrington@barclayscapital.com
Sent: Sunday, October 05, 2003 8:19 AM
To: ccielab@groupstudy.com
Subject: TACACs Authentication Traffic Analysis

V.quick one

I login into a router with tacacs enabled. I type my username/password

How does the router speak to the server, is it tcp or udp on port 49? and
what are the tcp/udp source ports/ip address does it use - I take it the
dest ports are 49

be handy if anyone know where this info is.

Imany thx

------------------------------------------------------------------------
For more information about Barclays Capital, please
visit our web site at http://www.barcap.com.

Internet communications are not secure and therefore the Barclays
Group does not accept legal responsibility for the contents of this
message. Although the Barclays Group operates anti-virus programmes,
it does not accept responsibility for any damage whatsoever that is
caused by viruses being passed. Any views or opinions presented are
solely those of the author and do not necessarily represent those of the
Barclays Group. Replies to this email may be monitored by the Barclays
Group for operational or business reasons.

------------------------------------------------------------------------

***Get your CCIE and a FREE vacation: Shop.GroupStudy.com***

• Next message: k c: "Re: passive interface lo"
• Previous message: Scott Morris: "RE: CCSI"
• Maybe in reply to: Ken.Farrington@barclayscapital.com: "TACACs Authentication Traffic Analysis"
• Next in thread: Peng Zheng: "RE: TACACs Authentication Traffic Analysis"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Nov 24 2003 - 07:52:57 GMT-3