O'Reilly logo

CCIE Security Practice Labs by Fahim Hussain Yusuf Bhaiji

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Section 7.0: AAA

7.1. AAA on the Router

  1. Configure R7 router management with TACACS+ using the AAA server, as shown in Figure 7-1.

  2. Configure PIX translation and ACL accordingly:

    pixfirewall(config)# show static
    static (inside,outside) 175.1.2.3 172.16.1.3 netmask 255.255.255.255 0 0
    
    pixfirewall(config)# show access-list
    access-list 101 permit tcp host 171.7.5.1 host 175.1.2.3 eq tacacs
      (hitcnt=81)
    
  3. Hidden issue: There is ingress ACL on the R5 ATM link. You need to allow TCP/49 from R7 to the AAA server:

    r5#show access-lists 101 Extended IP access list 101 permit udp host 171.7.5.1 eq ntp host 179.7.2.2 eq ntp (1 match) deny ip any 179.7.2.0 0.0.0.7 (18 matches) deny icmp any 175.1.2.0 0.0.0.255 echo-reply (10 matches) permit icmp any any (30 matches) ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required