From: Mosley, Arthur (Arthur.Mosley@xxxxxxxx)
Date: Fri Apr 14 2000 - 00:22:12 GMT-3
2 cents:
Make sure you "play around" with placing your filters on in-bound and
out-bound interfaces. Always check your logic. It's easy to make logic
mistakes with source address versus destination address....
Also, research TACACS filtering....
access-list 101 permit udp 202.205.15.224 eq tacacs 202.205.15.224
Art
-----Original Message-----
From: Robert_Wang@toyota.com
To: wang xihan
Cc: ccielab@groupstudy.com
Sent: 4/13/00 11:47 AM
Subject: Re: How to filter snmp and TACACS.
If you want just the SNMP (202.205.15.96) and TACACS (202.205.15.224)
traffic
running between the two LANs 202.205.15.x and 196.14.10.0. Here is what
you do
on the router (with two LAN interfaces),
int eth 0
ip address 202.205.15.254 255.255.255.0
ip access-group 101 in
int eth1
ip address 196.14.10.254 255.255.255.0
access-list 101 permit udp 202.205.15.96 any eq snmp
access-list 101 permit udp 202.205.15.224 any eq tacacs
Or you may replace the IP addresses within the access-list with "any" to
allow
any SNMP and any TACACS traffic coming in to your eth0.
Hope it helps.
Robert
"wang xihan" <wangxh@nts.net.edu.cn> on 04/12/2000 05:50:51 PM
Please respond to "wang xihan" <wangxh@nts.net.edu.cn>
To: ccielab@groupstudy.com
cc: (bcc: Robert Wang/Vendors/Toyota)
Subject: How to filter snmp and TACACS.
Hi all:
I have a SNMP server and TACACS server in my LAN (add 202.205.15.224
and
202.205.15.96) , I would like to
permit only Snmp and TACACS traffic between this and a other lan's
device
(subnet 196.14.10.0), how can i config in my router's in interface.Does
sb know
how SNMP and TACACS work and how to filter it with access-list?
Thanks a lot
Xihan wang
<<Internet HTML>>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:23:13 GMT-3