Ynt: Differences between TACACS+ and Cisco ACS [7:2245]
Hi, We have been using Cisco ACS for NT for 1 year. It is very easy to configure and learn it(easier than source code I suppose), but it is not stable software, sometimes it stops. Sometimes some functions does not work well, but the source of the problem might be the operating system(NT). I did not used Solaris version of this software. Some versions of Cisco ACS has security vulnerabilities. I didn't understand what you mean with enable password(router??). But you can find on the documantations, what this software can do, what can't(the rest). http://www.cisco.com/univercd/cc/td/doc/pcat/sqasnt.htm Bulent Sahin - Vzg|n ]leti - Kimden: Sean Young Kime: Gvnderme tarihi: 27 Nisan 2001 Cuma 16:24 Konu: Differences between TACACS+ and Cisco ACS [7:2245] Hi Everyone, The company I am working for is considering purchasing Cisco ACS software. This piece of software will be running on Solaris platform. Currently, I am using TACACS+ (self-supported software with source code) on our environment running on both Solaris and linux platforms (Primary TACACS is on Solaris and backup is on Linux). We've modified the source code so that each user has his/her own privilige password so that we have a record of who is doing what on the network devices (accounting purpose). Everything is running smoothly and the company is happy with the result. In my opinion, learning CLI in Unix/linux is not an easy task to master. Because of this, I am solely responsible for the TACACS servers. Finding someone to train for this thing is NOT an easy thing (thanks to Microsoft mentality of POINT-and-CLICK attitude of new people coming into the IT field these days). I've tried to train several people for this task but it was unsuccessful. Because of this, the company is considering of migrating the TACACS server from Solaris/Linux over to Microsoft Windows platforms (YIKES) so that we can find additional support staffs. The software package that we consider is Cisco ACS. I have several questions regarding this package: 1) Is this software stable on a Windows platform? (Sorry I have to ask) 2) How long does it take to train a newbie to be efficient with Cisco ACS running on Winblows platform? 3) Does Cisco ACS support enable privilege for each individual user (i.e does each user have his/own enable password)? If anyone has done it before or have a similar experience, I would like to hear from you. Many thanks. Sean _ Get your FREE download of MSN Explorer at http://explorer.msn.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=2259t=2245 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Ynt: Network analysis of T1 [7:1057]
MRTG free. http://ee-staff.ethz.ch/~oetiker/webtools/mrtg/ Bulent - Vzg|n ]leti - Kimden: "Anthony J Crews" Kime: Gvnderme tarihi: 18 Nisan 2001 Gar~amba 09:07 Konu: Network analysis of T1 [7:1057] I would like to know the best/least expensive software on the market that will analyze my T1 links for %usage. I have all cisco routers but think the CiscoWorks RWAN is a bit expensive ($15,000)? Thanks, Anthony FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=1065t=1057 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: eigrp path [7:881]
If the bandwith and delay parameters of the links(I assume serial) are same, check if there are summary-address definitions on serial links(or auto-summary enabled), because the route x.x.x.x/y is always better then the route x.x.x.x/z for EIGRP, if y is bigger than z. If you use PPP on some of the serial interfaces, add the line "no peer neighbour-route" on this serial interfaces. - Vzg|n ]leti - Kimden: "SH Wesson" Kime: Gvnderme tarihi: 17 Nisan 2001 Sal} 01:43 Konu: eigrp path [7:837] I have a network that is running EIGRP to provide for redundancy, for some reason, for this one remote site, it is taking the long route to get to there. For instance, we have the following: RTR-A /\ / \ RTR-B---RTR-C The host we're trying to get to is on RTR-A and we are trying to get there from RTR-C. Every link has the same bandwidth. For some reason we a client on RTR-C is trying to get to a host on RTR-A, it goes from RTR-C to RTR-B then to RTR-A and finally to the host on RTR-A instead of directly from RTR-C to RTR-A and to the host. Any help would be appreciated. Thanks. _ Get your FREE download of MSN Explorer at http://explorer.msn.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=881t=881 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
IGX log files [7:330]
Hi, I want to get the log files of IGX switches to process them with a program. I haven't seen any option in WAN Manager to get the log files and "telnet" is not a good way. SNMP or TFTP are possible options, but I couldn't find any documentation. Help! Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=330t=330 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Clearing show buffer counters
Hi,=20 I want to clear "show buffer" counters, but i couldn't find a command. = The command "clear counters" doesn't effect "show buffer" output. Thanks. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: IP accounting
When you configure IP accounting on an interface, you can get information about how many bytes of data is coming from a mail server or a file server. With a small program you can get this information periodically from the router and then you can process this data according to your needs. Allright this is what we have. I'm looking for a better software which has some additional features and a good GUI .(not Cisco Secure ACS ) Even this better software has to get data from the router and the router has to generate this data. This means "slow down"; No difference. Bulent Sahin - Özgün Ýleti - Kimden: "Nick Payton" [EMAIL PROTECTED] Kime: "Kevin Wigle" [EMAIL PROTECTED]; "'Cisco@Groupstudy. Com'" [EMAIL PROTECTED] Gönderme tarihi: 29 Ocak 2001 Pazartesi 07:52 Konu: RE: IP accounting I agree with that statement in that sense of accounting. I was under the impression he was looking for traffic accounting either out of curiousity, troubleshooting, or for SLA issues. Good point though - so Elmer what type of "accounting" are you reffering to ? Nick Payton -Original Message- From: Kevin Wigle [mailto:[EMAIL PROTECTED]] Sent: Sunday, January 28, 2001 9:01 PM To: Nick Payton; suaveguru; 'Cisco@Groupstudy. Com' Subject: Re: IP accounting A poster pointed the list to NTTacPlus just a few weeks ago. It all depends on what is meant by "ip accounting". Tacacs+ and Radius are used within the aaa implementation. Authentication Authorization Accounting I am experimenting with the above program now and I can: see when you logged in/off see if you tried to start an exec see what commands you gave while in exec if dialin - how many bytes were transferred and I'm just getting started there is lots more.. Unfortunately as far as I can tell - the data is raw. i.e. you'll have to suck it into a spreadsheet and massage it as you will. However, it can also log to an obdc/sql database - then you could do queries. I think the Cisco tacacs server has canned reports but I have not looked at it yet. Kevin Wigle - Original Message - From: "Nick Payton" [EMAIL PROTECTED] To: "suaveguru" [EMAIL PROTECTED]; "'Cisco@Groupstudy. Com'" [EMAIL PROTECTED] Sent: Monday, 29 January, 2001 00:15 Subject: RE: IP accounting TACACS or Radius ? I am under the belief that those are both authentication tools, not accounting tools. Try using Netflow if your interested in accounting - IP accounting would be difficult to use for accounting purposes, but is usefull for getting a quick synopsis of the traffic coming across a particular interface. Nick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of suaveguru Sent: Sunday, January 28, 2001 6:49 PM To: Bulent Sahin; ; Tony van Ree Subject: Re: IP accounting try tacacas or radius servers they are both reputable products in the market --- Bulent Sahin [EMAIL PROTECTED] wrote: Hi, Where can I find such tools? Thanks. Bulent Sahin - Özgün Ýleti - Kimden: "Tony van Ree" [EMAIL PROTECTED] Kime: "Deloso. Elmer G (WPNSTA Yorktown)" [EMAIL PROTECTED]; [EMAIL PROTECTED] Gönderme tarihi: 24 Ocak 2001 Çarþamba 00:22 Konu: Re: IP accounting Hi, IP accounting will slow down your router. I would tend to use it as a tool for trouble shooting or finding specific stuff on your network but not much chop for anything else. For billing etc there are better tools available. I feel routers should route (and switch too) and accounting packages should get the data from the router and account. Just my feelings. Teunis, Hobart, Tasmania Australia On Tuesday, January 23, 2001 at 08:45:39 AM, Deloso. Elmer G (WPNSTA Yorktown) wrote: Hello, group. Can someone give me feedback on implementing IP Accounting on the gateway router? I'd like to know it's plus / minus sides, cpu/memory load issues, etc. CCO doesn't seem to have much info on it. Thanks in advance. Elmer Deloso _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] -- www.tasmail.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _
Re: IP accounting
Hi, Where can I find such tools? Thanks. Bulent Sahin - Özgün Ýleti - Kimden: "Tony van Ree" [EMAIL PROTECTED] Kime: "Deloso. Elmer G (WPNSTA Yorktown)" [EMAIL PROTECTED]; [EMAIL PROTECTED] Gönderme tarihi: 24 Ocak 2001 Çarþamba 00:22 Konu: Re: IP accounting Hi, IP accounting will slow down your router. I would tend to use it as a tool for trouble shooting or finding specific stuff on your network but not much chop for anything else. For billing etc there are better tools available. I feel routers should route (and switch too) and accounting packages should get the data from the router and account. Just my feelings. Teunis, Hobart, Tasmania Australia On Tuesday, January 23, 2001 at 08:45:39 AM, Deloso. Elmer G (WPNSTA Yorktown) wrote: Hello, group. Can someone give me feedback on implementing IP Accounting on the gateway router? I'd like to know it's plus / minus sides, cpu/memory load issues, etc. CCO doesn't seem to have much info on it. Thanks in advance. Elmer Deloso _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] -- www.tasmail.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Ynt: Disabling American Online Instant-messenger(AIM) and Yahoo IM
If you are using a router to do this, such a access-list will work. access-list 102 deny tcp any any eq 5050 access-list 102 permit ip any any int ethernet 0 ip access-group 102 in Note: I supposed that, users' packets are coming from ethernet 0 interface. - Özgün Ýleti - Kimden: "Frank Kim" [EMAIL PROTECTED] Kime: [EMAIL PROTECTED] Gönderme tarihi: 23 Ocak 2001 Salý 19:21 Konu: Disabling American Online Instant-messenger(AIM) and Yahoo IM Has anyone implemented port filtering to disable AOL instant messenger and Yahoo instant messenger? If you have, could you send me the ports they use on those? Could you also tell me what techniques you used, doing it at the firellwall(pix) or the router? Thanks for any input. -Frank _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Ynt: solid amber light on 3640
Table A-1: System LED Color Description Off Router is not receiving power. Blinking green Router is running the ROM monitor. No errors detected. Solid green Router is operating normally. No errors detected. Amber Router is receiving power but not functioning properly. Possible power-on self-test error or over-temperature condition detected. Alternating amber and green Power-on self-test detected. The router is attempting to reload the ROM monitor. - Özgün Ýleti - Kimden: "Priss" [EMAIL PROTECTED] Kime: [EMAIL PROTECTED] Gönderme tarihi: 16 Ocak 2001 Salý 01:17 Konu: solid amber light on 3640 Hi group, I have a Cisco 3640 showing a solid amber light on the system LED all the time, the router is functioning but the traffic going through seems abit slow sometimes even though there is not much traffic. What are list of things that I should check to see whats wrong? Thanks in advance. testysl _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Cisco Secure ACS v2.4 for Windows NT question
Hi How can i create a new group on Cisco Secure ACS? Thanks,
ICQ ports
Hi, Which ports(TCP, UDP) does ICQ use? Thanks.
Re: ICQ ports
I have seen that ICQ also uses ports 23647, 13492 and 18838. -Original Message-From: Chuck Larrieu [EMAIL PROTECTED]To: Bulent Sahin [EMAIL PROTECTED]; [EMAIL PROTECTED] [EMAIL PROTECTED]Date: 26 Eyll 2000 Sal 19:04Subject: RE: ICQ ports Part of every networking person's repertoire should be: http://www.iana.org/numbers.htm contains the most recent port assignments and a whole lot more. in another mail you were told ports 5190 and 4000. 5190 is registered to AOL ( whom I believe owns ICQ? ) port 4000 is registered to Terabase. I am not sure if there is a relationship, but if not then ICQ may be mis-behaving. The page does note that ICQ also uses port 4000. I suppose there is potential conflict here in some situations. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Bulent SahinSent: Tuesday, September 26, 2000 8:38 AMTo: [EMAIL PROTECTED]Subject: ICQ ports Hi, Which ports(TCP, UDP) does ICQ use? Thanks.