AAA Config question
Hi all, I'm in the process of testing out a AAA config on a router, and if successful I will be rolling this out to my network. The config seems to work very well with CiscoSecure ACS for NT 2.4. However, ther are some quircks that I'm just not sure about. The following is the config that I'm using: hostname Router1 ! aaa new-model aaa authentication login list1 local group tacacs+ aaa authentication ppp list1 local group tacacs+ aaa authorization exec list1 local group tacacs+ aaa authorization network list1 local group tacacs+ aaa accounting exec list1 start-stop group tacacs+ aaa accounting network list1 start-stop group tacacs+ enable password cisco ! username user1 password 0 cisco ! tacacs-server host 172.16.1.211 tacacs-server key 12345 ! line con 0 password cisco transport input none line aux 0 line vty 0 4 password cisco login authentication list1 Questions: 1. When I try and setup the method list (list1) for authentication with tacacs+ first then local, it does not allow local authentication, it wll only look to the tacacs+ server for validation. However, if I list local first, then tacacs+, it'll work as desired. Why is this so? Shouldn't it work the other way around also? 2. I've shosen to implement the authentication on vty sessions only by using the 'login authentication list1' command that I read on CCO. The ACS sotwre suggested that I use the combination 'aaa authen login no_tacacs enable/line con 0/ login authen no_tacas' command. However, when I tried this, it totally bombed. What did I do wrong? Thanks! Robert _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Obligatory "I passed BSCN!" post
Hi All! I took the Routing 2.0 exam this morning and suprisingly walked away with 908/1000. After completing the exam, I was fairly certain that I would be back for another shot at it in a week or two, but I guess the network gods were with me today. The following is what I used to study from: 1. Courseware from BSCN: Very good. You have top read and understand ALL the routing concepts. I skimmed through the Cisco Press BSCN book and I believe that it is comparable o the courseware. 2. Boson test #1: Good. The Boson test is actually much easier that the real thing. I had about 6 questions on the real test that I saw on Boson. Boson will test your knowledge of the subject and I thnk it is a worthwhile investment. 3. Routing TCP/IP from Jeff Doyle: Very Good. I didn't read through the whole book. I used this book to clarify points that I did not understand on the interior protocols. 4. www.cisco.com: Excellent. But you have to did a little for the info. 5. Study notes from www.routedpacket.com. Great! These are great to read the night before the exam or right before you take it. Overall, I though the exam was about the hardest one that I've ever taken. I used educated guesses on a lot of the questions. The answers are all there in front of you, I just applied the concepts that I knew and used the process of elimination. It was ALL multiple choice. WATCH OUT FOR ERRORS! I had a question that had a blatant error on it. Not that there is anything you can do about it, I chose the 'best' answer that I could. Follow the test outline that Cisco has on their website, the test follows it pretty closely. KNOW the concepts behind the routng protocols!!! I can't emphasize this enough. I had more questions that were analytical than memorization kind. Hope this helps. Robert _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VPN and NAT
Denao, Have yo tried the NONAT statement in your access lists? I am by no means an expert, but here's a link to a cisco sample configs. There are a bunch nearthe bottom about IPsec, NAT and NONAT. Denao Ruttino wrote: > I have set up a router that is doing a router-router VPN as well as VPN > clients coming in. The problem that I am having is with NAT. I need to set > up 3 or 4 machines on the inside with static NAT translations and when I do, > it translates all traffic. Is there a way to set this up where the VPN > traffic does not get translated for these address'? I have used the > following: > > ip nat inside source static 192.8.8.150 192.8.8.150 extendable > ip nat inside source static 192.8.8.100 200.150.15.22 extendable > (not real address') > > This seems to work except for when I initiate connections from the > 192.6.6.100 box. That only works 50% of the time. > > I do not have this problem on NAT pools as route map statements allow me to > deny translations by address. I only have this problem on the ones I want > to assign a specific address to. > > Any suggestions would be appreciated. > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Passed CCDA - (My after thoughts)
Orion, I also passed the CCDA exam today and I got the same thing on Network management... a big goose egg. I don't remember all the network mgmt questions, but I KNOW I got at least one of them right. Hmmm? Robert Orion wrote: > Hi All > > I managed to pass CCDA exam today on my 1st attempt. 755 to passgot > 844.took me 1hr 45 mins (given 2hrs 25 mins). quite surprise i got that > marks coz i thought me going to fail after doing 30 qns > > Me got 4 case studies and all of them appear in the 1st 1/3 of the qns. > Quite demoralise initially coz so many case studes and all require extensive > reading (Thought i dun have enuf time to finish the exam). > > Wondering why i got 0% for Network Manangement Thought i answer all > those qns correctly! > > But the exam really tough!! not so striaghtforward n make me thinks! > > Books Used : - > > Designing Cisco Network by Cisco Press > CCDA Exam Certification Guide > > URLs used : - > http://cramsession.brainbuzz.com/cramsession/cisco/ccda/guide.asp > > http://216.98.236.26/courses/cisco/pdt/ccdastudy/home/home.htm > > http://www.thetestpage.net/ > > http://www.networkking.net/CCDA/ > > I have gather (compile) alot of CCDA info (pratice exams, other ppl exam > after though etc). Email me if u r interested > > [EMAIL PROTECTED] > > B4 i pass that copy to u, i got a request. Tell me which country u r > frombasically i am wondering who are the ppl taking CCDA in this planet > earth :P > > Regards > Orion > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Any comments on using 2620 for VPN?
Eric, We have 2 remote offices that run VPN to our HQ over DSL. The router that we use are 2611's with 64 MB DRAM and 16 MB flash. We are using 12.1(2)T. Previous to 12.1(2)T, we used another version of IOS (I can't remember which one), but it gave us allsorts of headaches. The SF office has been up for about 1 month w/out a single problem. The NY office goes live this Thursday. I've been testing it here at home for about a week and it has been pretty good. Robert Eric Bishop wrote: > Looking to setup a customer with internet connectivity with the requirement > of VPN site to site in the scope. I was thinking about putting the > IPSEC/3DES IOS on the routers and forgo the use of any additional hardware. > > Suggestions? > > Eric > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Building Scalable Cisco Networks : Exam 640-503
I would recommend the Hutnik-Satterlee book, CCIE All-In-One Lab Study Guide. The are lab examples of BGP, EIGRP and OSPF. I took the class a few weeks ago and we didn't cover IS-IS exceptto mention it. Most of the class was on BGP (2 1/2) days. Robert kikpasa wrote: > Hello Everyone, > I am looking for a book for the new BSCN exam, the only book in amazon > is not being published till August, and I can't wait that long, any > idea. Those that have sat the exam please provide me with the list of > book/ URL, etc you used > > Cheers > Kerry > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Boson CCDA Test
I took the CCDA exam today. I used the Boson tests as part of my studies. There were many questions on Boson that were VERY similar to the real test. It is a good tool to use. The scenarios are a bit easier than the real thing. I would try and study as many different scenario sources as possible to get the feel for it. Robert "Newton, James A. (AIT)" wrote: > Has anyone used this test? Is it reflective of what you will really see on > the actual test? > > Any input would be appreciated. > > Jim Newton > Data Design Engineer > CCNA, CCNP > SBC Ameritech > Wk. 608-259-2454 > Pager 608-559-3288 > [EMAIL PROTECTED] > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ACRC and BSCN Exam
I doubt the ACRC book will be sufficient. I am taking the BSCN class right now. ALL OSPF, EIGRP, BGP! No IPX, no Appletalk. BGP is really emphasised in this class. "Doma, Tapera" wrote: > Will the ACRC Cisco Press book be sufficient to study for the new BSCN exam? > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Reverse Telnet Question
I'm in the process of setting up a reverse telnet on my home lab. I recently got a 2509 and am in the process of hooking it up to my other routers. When I try to telnet to the other router from the terminal server, it either says, "Connection refused by remote host", or it just hangs. Am I missing something in my config? ***Term_Svr Current configuration: ! version 11.2 no service password-encryption no service udp-small-servers no service tcp-small-servers ! hostname TERM_SVR ! ! no ip domain-lookup ip host R1 2001 10.1.1.1 ! interface Loopback1 ip address 10.1.1.1 255.255.255.0 no logging event subif-link-status ! interface Ethernet0 no ip address no logging event subif-link-status shutdown ! interface Serial0 no ip address no logging event subif-link-status shutdown ! interface Serial1 no ip address no logging event subif-link-status shutdown ! no ip classless ! ! line con 0 line 1 8 no exec transport input all line aux 0 line vty 0 4 login ! end **R1* Current configuration: ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname R1 ! enable password cisco ! ip subnet-zero no ip domain-lookup ! ! ! interface Serial0 no ip address no ip directed-broadcast no ip mroute-cache shutdown ! interface Serial1 no ip address no ip directed-broadcast shutdown ! interface TokenRing0 no ip address no ip directed-broadcast shutdown ! interface BRI0 no ip address no ip directed-broadcast shutdown ! ip classless ! ! line con 0 transport input none line aux 0 line vty 0 4 password cisco ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: questions about CLSC
Sophie, IMHO, I think you should try for the switching 2.0 exam. It is a much more realistic reflection of what administering switches is all about. Robert Sophie DONG wrote: > Hello all, > > I'm preparing for the CLSC exam and want to pass it in June. I have 3 > questions about this exam. > 1. There are 85 exam objectives for CLSC 1.0. Should I well understand all > of them? In the exam, are there questions about FDDI, LANE, Catalyst > 1900/2820 and Catalyst 3000? > 2. Does someone know any URLs for CCDP or CLSC sample questions? > 3. How many questions for how much time in this exam? What is the passing > score? > > Thanks in advance. > > Sophie > > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: BSCN Update
I can tell you that I called MacMillan Press (publishing company for Cisco Press) and they said that the Cisco Press BSCN book has been delayed until September. Go figure? "Z. Hassan" wrote: > Hi everyone. > > Has anyone got any update about BSCN ? > I have searched Amazon and Cisco Press and haven't found anything. > Is it really true that Cisco is not going to publish the objectives of > the exam ? > > A request to anyone to who has already has taken the exam "Please > outline the topic of the exam". I guess that by doing this no one will > break the non disclosure agreement. > Can anyone also recommend some books for this exam ? > > Any help would be highly appreciated. > > Z. > ___ UPDATED Posting Guidelines: > http://www.groupstudy.com/list/guide.html FAQ, list archives, and > subscription info: http://www.groupstudy.com Report misconduct and > Nondisclosure violations to [EMAIL PROTECTED] --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Exam objectives for BCMSN test
Spanning Tree Trunking Etherchannel VLANs VTP MLS Command line (Crescendo and IOS) Trust me. Robert Yee Jeff Walzer wrote: > Does anyone have or know where to find the exam objectives for the upcoming > BCMSN test (640-504)? > > Thanks, > Jeff > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CLSC and BCMSN
I took the BSMSN test. However, I originally studied for the CLSC test. I would say that there is about 15-20% crossover material. But this is the material that you REALLY should know: STP, VLANs, VTP, Trunking... I didn't get any architecture questions that I can remember. I HIGHLY suggest the BCMSN test. Get Cisco LAN Switching by Kennedy Clark. This is the only book I used for the BCMSN test. Robert Jeff Walzer wrote: > Does anyone know much crossover from the CLSC will be in the BCMSN test? > Will the CLSC books still be worth buying? > > Thanks, > Jeff > > ___ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]