Re: Tacacs help required [7:71818]
It seems we are getting the LCP I 00:27:39: BR0:1 LCP: I TERMREQ [Open] id 3 len 4 not very clear, in fact why is the remote sending LCP O TERM could you collect? (from remote) deb ppp neg deb ppp authen deb aaa author deb isdn q931 deb tacacs regards devvv - Original Message - From: "Shane Stockman" To: Sent: Friday, July 04, 2003 7:53 PM Subject: Tacacs help required [7:71818] > 1720 router with 128K primary link and ISDN Backup. > Problem > When primary link falls ISDN backup has authentications problems due to > tacacs on both sides (Remote and HQ). > > Here is my Remote side config and debug > > aaa new-model > aaa authentication login default group tacacs+ local > aaa authentication enable default group tacacs+ enable > aaa authentication ppp default local none > aaa authorization exec default local group tacacs+ > aaa authorization network default local none > aaa accounting exec default start-stop group tacacs+ > aaa accounting commands 15 default start-stop group tacacs+ > aaa accounting network default start-stop group tacacs+ > > > Log Buffer (4096 bytes): > CONFREQ [ACKsent] id 8 len 26 > 00:23:49: BR0:1 LCP:MagicNumber 0x0958D9C8 (0x05060958D9C8) > 00:23:49: BR0:1 LCP:EndpointDisc 1 ALBERANTE (0x131001414C424552414E5445 > 5F424D57) > 00:23:49: BR0:1 LCP: I CONFACK [ACKsent] id 8 len 26 > 00:23:49: BR0:1 LCP:MagicNumber 0x0958D9C8 (0x05060958D9C8) > 00:23:49: BR0:1 LCP:EndpointDisc 1 ALBERANTE (0x131001414C424552414E5445 > 5F424D57) > 00:23:49: BR0:1 LCP: State is Open > 00:23:49: BR0:1 PPP: Phase is AUTHENTICATING, by the peer > Jul 2 18:48:06: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to > 011654760 > 0 > 00:24:00: BR0:1 AUTH: Timeout 1 > 00:24:10: BR0:1 AUTH: Timeout 2 > 00:24:20: BR0:1 AUTH: Timeout 3 > 00:24:30: BR0:1 AUTH: Timeout 4 > 00:24:48: BR0:1 AUTH: Timeout 5 > 00:24:58: BR0:1 AUTH: Timeout 6 > 00:25:08: BR0:1 AUTH: Timeout 7 > 00:25:18: BR0:1 AUTH: Timeout 8 > 00:25:28: BR0:1 AUTH: Timeout 9 > 00:25:38: BR0:1 AUTH: Timeout 10 > 00:25:48: BR0:1 LCP: I TERMREQ [Open] id 15 len 4 > 00:25:48: BR0:1 LCP: O TERMACK [Open] id 15 len 4 > 00:25:48: BR0:1 PPP: Phase is TERMINATING > Jul 2 18:49:59: %ISDN-6-DISCONNECT: Interface BRI0:1 disconnected from > 0116547 > 600 , call lasted 119 seconds > Jul 2 18:49:59: %LINK-3-UPDOWN: Interface BRI0:1, changed state to down > Jul 2 18:49:59: %DIALER-6-UNBIND: Interface BR0:1 unbound from profile Di0 > 00:25:48: BR0:1 LCP: State is Closed > 00:25:48: BR0:1 PPP: Phase is DOWN > Jul 2 18:50:00: %LINK-3-UPDOWN: Interface BRI0:1, changed state to up > Jul 2 18:50:00: %DIALER-6-BIND: Interface BR0:1 bound to profile Di0 > 00:25:49: BR0:1 PPP: Treating connection as a callout > 00:25:49: BR0:1 PPP: Phase is ESTABLISHING, Active Open > 00:25:49: BR0:1 PPP: Authorization required > 00:25:49: BR0:1 PPP: No remote authentication for call-out > 00:25:49: BR0:1 LCP: O CONFREQ [Closed] id 9 len 30 > 00:25:49: BR0:1 LCP:MagicNumber 0x095AAF85 (0x0506095AAF85) > 00:25:49: BR0:1 LCP:MRRU 1524 (0x110405F4) > 00:25:49: BR0:1 LCP:EndpointDisc 1 ALBERANTE (0x131001414C424552414E5445 > 5F424D57) > 00:25:49: BR0:1 LCP: I CONFREQ [REQsent] id 2 len 14 > 00:25:49: BR0:1 LCP:AuthProto PAP (0x0304C023) > 00:25:49: BR0:1 LCP:MagicNumber 0x3375A3CD (0x05063375A3CD) > 00:25:49: BR0:1 LCP: O CONFACK [REQsent] id 2 len 14 > 00:25:49: BR0:1 LCP:AuthProto PAP (0x0304C023) > 00:25:49: BR0:1 LCP:MagicNumber 0x3375A3CD (0x05063375A3CD) > 00:25:49: BR0:1 LCP: I CONFREJ [ACKsent] id 9 len 8 > 00:25:49: BR0:1 LCP:MRRU 1524 (0x110405F4) > 00:25:49: BR0:1 LCP: O CONFREQ [ACKsent] id 10 len 26 > 00:25:49: BR0:1 LCP:MagicNumber 0x095AAF85 (0x0506095AAF85) > 00:25:49: BR0:1 LCP:EndpointDisc 1 ALBERANTE (0x131001414C424552414E5445 > 5F424D57) > 00:25:49: BR0:1 LCP: I CONFACK [ACKsent] id 10 len 26 > 00:25:49: BR0:1 LCP:MagicNumber 0x095AAF85 (0x0506095AAF85) > 00:25:49: BR0:1 LCP:EndpointDisc 1 ALBERANTE (0x131001414C424552414E5445 > 5F424D57) > 00:25:49: BR0:1 LCP: State is Open > 00:25:49: BR0:1 PPP: Phase is AUTHENTICATING, by the peer > Jul 2 18:50:06: %ISDN-6-CONNECT: Interface BRI0:1 is now connected to > 0112345678 > 0 > 00:25:59: BR0:1 AUTH: Timeout 1 > 00:26:09: BR0:1 AUTH: Timeout 2 > 00:26:19: BR0:1 AUTH: Timeout 3 > 00:26:29: BR0:1 AUTH: Timeout 4 > 00:26:39: BR0:1 AUTH: Timeout 5 > Jul 2 18:50:57: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, > change > d state to up > 00:26:49: BR0:1 AUTH: Timeout 6 > 00:26:59: BR0:1 AUTH: Timeout 7 > Jul 2 18:51:13: %SYS-5-CONFIG_I: Configured from console by vty1 > (172.16.54.69) > 00:27:10: BR0:1 AUTH: Timeout 8 > Jul 2 18:51:29: %LINK-5-CHANGED: Interface Dialer0, changed state to > standby mo > de > 00:27:18: Di0 LCP: Not allowed on a Dialer Profile > 00:27:20: BR0:1 AUTH: Timeout 9 > 00:27:30: BR0:1 AUTH: Timeout 10 > 00:27:39: BR0:1 LCP: I TERMREQ [Open] id 3 len 4 > 00:27:39: BR0:1 LCP: O TERMACK [Open] id 3 len 4 > 00:27:3
RE: TACACS - Cheap or Free [7:70764]
Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70784&t=70764 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TACACS - Cheap or Free [7:70764]
how about tac_plus from Cisco, also found on several other places around the 'net? It's free, and open source. -Original Message- From: Vance Krier [mailto:[EMAIL PROTECTED] Sent: Monday, June 16, 2003 9:23 PM To: [EMAIL PROTECTED] Subject: TACACS - Cheap or Free [7:70764] Hey Group, I'm just looking for a cheap or free TACACS+ server. This doesn't need to be real powerful, just something I can use for playing around and possibly to put on customer sites for real quick and easy outbound http auth authentication purposes off a PIX. Thanks, Vance Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=70770&t=70764 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TACACS password encryption [7:60886]
I just ran a trace showing a telnet session from a desktop to the terminal server which uses TACACS to provide authentication. The telnet session where I typed in the password is plain text.. this is in response to the terminal server prompt. The actual username/password between the terminal server and the TACACS server is encrypted. MikeS Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60932&t=60886 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: TACACS+ & AS5300 [7:58977]
On Wed, 11 Dec 2002, Mamoon Dawood wrote: > I'm configuring TACACS+ with AS5300, but I can not understand the > meaning of TACACS+ or RADIUS Key, is it the enable secret password on > the AS5300? No, radius uses a key that you enter to provide for the encrypt/decrpt of the auth/acct packets. You enter the same key on both machines. On the TACACS+ box you will say that AS5300 host a.b.c.d has key 12345. Then on the AS5300 with IP a.b.c.d you will say it contacts the TACACS+ box e.f.g.h with key 12345. Andrew --- http://www.andrewsworld.net/ ICQ: 2895251 Cisco Certified Network Associate "Learn from the mistakes of others. You won't live long enough to make all of them yourself." Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59003&t=58977 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Tacacs Server for Switches [7:57074]
There is a much improved version of the Cisco TACACS daemon on http://www.gazi.edu.tr/tacacs/ which is what everyone I know of is running... YMMV Oliver mike greenberg sagte: > If you are good with unix/linux, download the freeware source code from > cisco website and use it. It's free. I use freeRadius running on > linux which works great. > "[EMAIL PROTECTED]" wrote:Any sugestion for free Tacacs server ? > > Thanks > Do you Yahoo!? > U2 on LAUNCH - Exclusive medley & videos from Greatest Hits CD > Nondisclosure violations to [EMAIL PROTECTED] -- Oliver Hensel telematis Netzwerke GmbH mailto:[EMAIL PROTECTED] Siemensstrasse 23, D-76275 Ettlingen Tel: +49 (0) 7243/5050-557, Fax: 5050-592 visit us: http://telematis.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57172&t=57074 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Tacacs Server for Switches [7:57074]
If you are good with unix/linux, download the freeware source code from cisco website and use it. It's free. I use freeRadius running on linux which works great. "[EMAIL PROTECTED]" wrote:Any sugestion for free Tacacs server ? Thanks Do you Yahoo!? U2 on LAUNCH - Exclusive medley & videos from Greatest Hits CD Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=57081&t=57074 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TACACS/RADIUS on CISCO Router [7:53621]
Michael, For security reasons, I'd really not recommend using a router for a tacacs or radius server. If someone cracks the routers security, they have access to all usernames and password. Personally, I'd use a simple linux machine for radius authentication. Even an LDAP authentication would be more secure than using the router for authentication. Just my 2 cents. Nate -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Dain Deutschman Sent: Sunday, September 22, 2002 9:42 PM To: [EMAIL PROTECTED] Subject: Re: TACACS/RADIUS on CISCO Router [7:53621] just using a local username database ""exchange"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hey, > > is there a possibility to set up a router acting > as a radius or tacacs server with local authentication without > external server ? > > Please let me know > > best regards > > Michael Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53891&t=53621 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: TACACS/RADIUS on CISCO Router [7:53621]
just using a local username database ""exchange"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hey, > > is there a possibility to set up a router acting > as a radius or tacacs server with local authentication > without external server ? > > Please let me know > > best regards > > Michael Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53889&t=53621 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TACACS+ [7:53721]
Mike, I guess your reading comprehension skills are on par with your tact. The original post was in regards to SSH and TACACS, and my reply to that post was to point out the functional difference between SSH or Telnet access and TACACS. The conversion between the client and router is encrypted via the SSH session, but the TACACS server is providing AAA. The same as it would with a telnet session; however, the telnet session wouldn't provide encrypt between the client and the router. Philip -Original Message- From: mike greenberg [mailto:[EMAIL PROTECTED]] Sent: Friday, September 20, 2002 3:53 PM To: [EMAIL PROTECTED] Subject: RE: TACACS+ [7:53721] Now I know why EDS stock is taking a beating When you use TACACS+, you basically offload the authentication, authorization and accounting to the TACACS+ server (running on your Linux box). If you don't want people to connect to your routers via telnet, set the vty line on your routers to accept only SSH. You can still log onto the routers with SSH and use the account on your TACACS+ server (if you configure the router properly). I have a sample TACACS+ configuration. Contact me off-line if you are interested. The configuration of TACACS+ has nothing to do with either telnet or ssh "Blair, Philip S" wrote:Your passwords are encrypted with SSH between the client and router, between the router and tacacs server your tacacs key is used. I use tac_plus with clients that use a combination of SSH and telnet. Some routers require SSH some basic telnet is allowed. I have no special configurations within tac_plus to accommodate the two access methods. Philip -Original Message- From: Erich Kuehn [mailto:[EMAIL PROTECTED]] Sent: Friday, September 20, 2002 12:16 PM To: [EMAIL PROTECTED] Subject: TACACS+ [7:53721] Im trying to setup tacacs+ for aaa on my routers. I have downloaded and installed tacplus from cisco on a linux box (RH7.3). Im looking for some examples of config files for the tac_plus executable. Currently we use SSH and local logins for authentication, I would like to continue to use SSH to get into my boxes. From the config files I have seen Im unsure as to how I would continue to use SSH as the passwords are all encrypted. Thanks Erich Do you Yahoo!? New DSL Internet Access from SBC & Yahoo! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53748&t=53721 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TACACS+ [7:53721]
Now I know why EDS stock is taking a beating When you use TACACS+, you basically offload the authentication, authorization and accounting to the TACACS+ server (running on your Linux box). If you don't want people to connect to your routers via telnet, set the vty line on your routers to accept only SSH. You can still log onto the routers with SSH and use the account on your TACACS+ server (if you configure the router properly). I have a sample TACACS+ configuration. Contact me off-line if you are interested. The configuration of TACACS+ has nothing to do with either telnet or ssh "Blair, Philip S" wrote:Your passwords are encrypted with SSH between the client and router, between the router and tacacs server your tacacs key is used. I use tac_plus with clients that use a combination of SSH and telnet. Some routers require SSH some basic telnet is allowed. I have no special configurations within tac_plus to accommodate the two access methods. Philip -Original Message- From: Erich Kuehn [mailto:[EMAIL PROTECTED]] Sent: Friday, September 20, 2002 12:16 PM To: [EMAIL PROTECTED] Subject: TACACS+ [7:53721] Im trying to setup tacacs+ for aaa on my routers. I have downloaded and installed tacplus from cisco on a linux box (RH7.3). Im looking for some examples of config files for the tac_plus executable. Currently we use SSH and local logins for authentication, I would like to continue to use SSH to get into my boxes. From the config files I have seen Im unsure as to how I would continue to use SSH as the passwords are all encrypted. Thanks Erich Do you Yahoo!? New DSL Internet Access from SBC & Yahoo! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53741&t=53721 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TACACS+ [7:53721]
Your passwords are encrypted with SSH between the client and router, between the router and tacacs server your tacacs key is used. I use tac_plus with clients that use a combination of SSH and telnet. Some routers require SSH some basic telnet is allowed. I have no special configurations within tac_plus to accommodate the two access methods. Philip -Original Message- From: Erich Kuehn [mailto:[EMAIL PROTECTED]] Sent: Friday, September 20, 2002 12:16 PM To: [EMAIL PROTECTED] Subject: TACACS+ [7:53721] Im trying to setup tacacs+ for aaa on my routers. I have downloaded and installed tacplus from cisco on a linux box (RH7.3). Im looking for some examples of config files for the tac_plus executable. Currently we use SSH and local logins for authentication, I would like to continue to use SSH to get into my boxes. From the config files I have seen Im unsure as to how I would continue to use SSH as the passwords are all encrypted. Thanks Erich Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53734&t=53721 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: TACACS/RADIUS on CISCO Router [7:53621]
I'm not an expert on this, but it seems to me that if you don't have a local database or an external server, you don't have any user names to authenticate against. I think you'll need something else. ""exchange"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hey, > > is there a possibility to set up a router acting > as a radius or tacacs server with local authentication > without external server ? > > Please let me know > > best regards > > Michael Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53644&t=53621 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: TACACS - Radius password authentication [7:47897]
You mind sharing your public key so I can encrypt the super secret search engine. :) ""Roberts, Larry"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Normally you would have a TACACS/RADIUS server ( Cisco's ACS comes to mind ) > and a TACACS/RADUS client ( Router/WAP also come to mind) > In order for those two devices to communicate you must specify a password > that is "shared" between them. This is used to assure that the > Devices in question are who they say they are. > For example on a router you would specify the TACACS server IP and the > TACACS password. If either of these are incorrect then the router in this > case would not be able to authenticate off of the device. > On a WAP you would specify the radius server name/IP the port is using ( > 1645 or 1812 ) and the password. > > I would imagine, but Im to lazy to look up :) that this password is used to > encrypt the data between the client and server for both protocols. > TACACS+ is Cisco proprietary ( notice the + ) while standard TACACS and > radius are open standards. > > Here is a rather old document that talks about how the radius password is > used. I can't vouch for its technical accuracy, but > It was a good read no the less. > http://skoda.sockpuppet.org/tqbf/radius-security.html > > I also used my top secret search engine and found plenty of other great > references as well. Here is a link to it: > > www.google.com > > :) > > Thanks > > Larry > > > -Original Message- > From: Morgan Hansen [mailto:[EMAIL PROTECTED]] > Sent: Monday, July 01, 2002 6:09 PM > To: [EMAIL PROTECTED] > Subject: TACACS - Radius password authentication [7:47897] > > > Hi all:-) > > Hmm.. Im wondering... > > What in gods name are TACACS and Radius passwords? I understand I can use > them as password authentication, but?? Im sitting here up to my ears with > Wave books and the latest Odom 640-607 book and cant find anything on the > subject?? > > Anyone? > > Best, > Morgan Hansen > mailto:[EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=47913&t=47897 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TACACS - Radius password authentication [7:47897]
Normally you would have a TACACS/RADIUS server ( Cisco's ACS comes to mind ) and a TACACS/RADUS client ( Router/WAP also come to mind) In order for those two devices to communicate you must specify a password that is "shared" between them. This is used to assure that the Devices in question are who they say they are. For example on a router you would specify the TACACS server IP and the TACACS password. If either of these are incorrect then the router in this case would not be able to authenticate off of the device. On a WAP you would specify the radius server name/IP the port is using ( 1645 or 1812 ) and the password. I would imagine, but Im to lazy to look up :) that this password is used to encrypt the data between the client and server for both protocols. TACACS+ is Cisco proprietary ( notice the + ) while standard TACACS and radius are open standards. Here is a rather old document that talks about how the radius password is used. I can't vouch for its technical accuracy, but It was a good read no the less. http://skoda.sockpuppet.org/tqbf/radius-security.html I also used my top secret search engine and found plenty of other great references as well. Here is a link to it: www.google.com :) Thanks Larry -Original Message- From: Morgan Hansen [mailto:[EMAIL PROTECTED]] Sent: Monday, July 01, 2002 6:09 PM To: [EMAIL PROTECTED] Subject: TACACS - Radius password authentication [7:47897] Hi all:-) Hmm.. Im wondering... What in gods name are TACACS and Radius passwords? I understand I can use them as password authentication, but?? Im sitting here up to my ears with Wave books and the latest Odom 640-607 book and cant find anything on the subject?? Anyone? Best, Morgan Hansen mailto:[EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=47910&t=47897 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TACACS - Radius password authentication [7:47897]
Not that we mind helping you, but there is a great wealth of knowledge with a good search engine at cisco.com. They are types of servers that can run AAA applications. Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Morgan Hansen Sent: Monday, July 01, 2002 5:09 PM To: [EMAIL PROTECTED] Subject: TACACS - Radius password authentication [7:47897] Hi all:-) Hmm.. Im wondering... What in gods name are TACACS and Radius passwords? I understand I can use them as password authentication, but?? Im sitting here up to my ears with Wave books and the latest Odom 640-607 book and cant find anything on the subject?? Anyone? Best, Morgan Hansen mailto:[EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=47899&t=47897 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Tacacs Question [7:45390]
Try global config command, ip tacacs source-interface -Keyur Shah- CCIE# 4799 (Security; Routing and Switching) CISSP,ccsa,css1,scsa,scna,mct,mcse,cni,mcne Hello Computers "Say Hello to Your Future!" http://www.hellocomputers.com Toll-Free: 1.877.794.3556 -Original Message- From: Richard Tufaro [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 29, 2002 1:29 PM To: [EMAIL PROTECTED] Subject: Tacacs Question [7:45390] When configuring Cisco ACS server with a router across the WAN connected by frame-relay, is there a way to tell the router to send the IP-originating interface as the ethernet controller? Much like when setting up syslog across a Frame WAN using: logging source-INTERFACE. Any ideas? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=45431&t=45390 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Tacacs Question [7:45390]
If I'm not mistaken, this would be a "ip tacacs source-interface fast3/0". My only $0.02 would be, wouldn't a loopback interface be more appropriate since A) It doesn't go down and B) would be a lot easier for either ACL'ing or firewalling since you'd have a separate subnet allocated for lo0's? Feel free to put me in my place as this is all new to me, but if you are, please do explain why I'm wrong. Steve - Original Message - From: "Richard Tufaro" To: Sent: Wednesday, May 29, 2002 4:28 PM Subject: Tacacs Question [7:45390] > When configuring Cisco ACS server with a router across the WAN connected by > frame-relay, is there a way to tell the router to send the IP-originating > interface as the ethernet controller? Much like when setting up syslog > across a Frame WAN using: logging source-INTERFACE. Any ideas? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=45401&t=45390 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TACACS+ [7:41103]
I have read the documentation for ACS v2.6 I went to IOS commands (under group) in the IOS Commands sections I am getting error message whenever I enter something in the "command" and "argument" window. (for example: configure terminal gives me the error "exec terminal:incorrect format" Any idea? Pierre-Alex Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=41103&t=41103 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TACACS+ [7:39297]
Yes, ACS supports TACACS+ or Radius on the front-end and many different user databases such as NT domain on the back-end. Yes, PIX is a TACACS+ client. Yes, the protocol is TACACS+ between PIX and ACS. You could call the PIX a NAS, but typically NAS refers to some sort of dial-in device, so calling the PIX a NAS might confuse some people. -Kent -Original Message- From: John Green [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 28, 2002 9:21 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: TACACS+ [7:39297] is the Cisco Secure ACS server a TACAS+ server ? ie the pix is acting as a tacas+ client to the ACS server ? is that correct ? if yes, then the protocol for user authentication and later access-control between the pix and ACS server called as TACAS+ protocol ? is this correct ? lastly if pix is our permiter firewall and set for aaa, then can we say that the pix is also a NAS, network access server ? would that be correct to say, atleast in this scenario where users connect to pix to say access a web server behind or protected by the pix. > ""Kent Hundley"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > IMO, the best way to study TACACS+ is to download > the free TACACS+ server > > from Cisco, install it on Linux and play around > with it. You'll learn > much > > more about how TACACS+ works by implementing it > and trying different > things > > than any WP (it helps a lot if you have a router > to work with as well). > If > > your goal is to learn CiscoSecure ACS, download an > eval copy of that and > > install it on Windows and play around. Either > way, you'll learn quite a > bit > > about AAA and Cisco. > > > > Regards, > > Kent > > > > -Original Message- > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of > > [EMAIL PROTECTED] > > Sent: Saturday, March 23, 2002 8:00 AM > > To: [EMAIL PROTECTED] > > Subject: TACACS+ [7:39297] > > > > > > I have read the white paper on this. Does anyone > know of a good study > > source on this topic other than the white paper > itself? > > > > Thanks [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Movies - coverage of the 74th Academy Awards. http://movies.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=39810&t=39297 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TACACS+ [7:39297]
is the Cisco Secure ACS server a TACAS+ server ? ie the pix is acting as a tacas+ client to the ACS server ? is that correct ? if yes, then the protocol for user authentication and later access-control between the pix and ACS server called as TACAS+ protocol ? is this correct ? lastly if pix is our permiter firewall and set for aaa, then can we say that the pix is also a NAS, network access server ? would that be correct to say, atleast in this scenario where users connect to pix to say access a web server behind or protected by the pix. > ""Kent Hundley"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > IMO, the best way to study TACACS+ is to download > the free TACACS+ server > > from Cisco, install it on Linux and play around > with it. You'll learn > much > > more about how TACACS+ works by implementing it > and trying different > things > > than any WP (it helps a lot if you have a router > to work with as well). > If > > your goal is to learn CiscoSecure ACS, download an > eval copy of that and > > install it on Windows and play around. Either > way, you'll learn quite a > bit > > about AAA and Cisco. > > > > Regards, > > Kent > > > > -Original Message- > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of > > [EMAIL PROTECTED] > > Sent: Saturday, March 23, 2002 8:00 AM > > To: [EMAIL PROTECTED] > > Subject: TACACS+ [7:39297] > > > > > > I have read the white paper on this. Does anyone > know of a good study > > source on this topic other than the white paper > itself? > > > > Thanks [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Movies - coverage of the 74th Academy Awards. http://movies.yahoo.com/ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=39783&t=39297 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: TACACS+ [7:39297]
Cool. thanks! -- RFC 1149 Compliant. Get in my head: http://sar.dynu.com ""Kent Hundley"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > The download still works fine for me from ftp-eng.cisco.com/pub/tacacs. > (anonymous login) > > ftp> get tac_plus.F4.0.4.alpha.tar.Z > local: tac_plus.F4.0.4.alpha.tar.Z remote: tac_plus.F4.0.4.alpha.tar.Z > 200 PORT command successful. > 150 Opening BINARY mode data connection for tac_plus.F4.0.4.alpha.tar.Z > (193771 bytes). > 226 Transfer complete. > 193771 bytes received in 1.64 secs (1.2e+02 Kbytes/sec) > ftp> bye > > -Kent > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Steven A. Ridder > Sent: Saturday, March 23, 2002 10:08 AM > To: [EMAIL PROTECTED] > Subject: Re: TACACS+ [7:39297] > > > I think cisco stopped the DL of the free tacacs server a while ago. > > -- > > RFC 1149 Compliant. > Get in my head: > http://sar.dynu.com > > > ""Kent Hundley"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > IMO, the best way to study TACACS+ is to download the free TACACS+ server > > from Cisco, install it on Linux and play around with it. You'll learn > much > > more about how TACACS+ works by implementing it and trying different > things > > than any WP (it helps a lot if you have a router to work with as well). > If > > your goal is to learn CiscoSecure ACS, download an eval copy of that and > > install it on Windows and play around. Either way, you'll learn quite a > bit > > about AAA and Cisco. > > > > Regards, > > Kent > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > [EMAIL PROTECTED] > > Sent: Saturday, March 23, 2002 8:00 AM > > To: [EMAIL PROTECTED] > > Subject: TACACS+ [7:39297] > > > > > > I have read the white paper on this. Does anyone know of a good study > > source on this topic other than the white paper itself? > > > > Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=39309&t=39297 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TACACS+ [7:39297]
The download still works fine for me from ftp-eng.cisco.com/pub/tacacs. (anonymous login) ftp> get tac_plus.F4.0.4.alpha.tar.Z local: tac_plus.F4.0.4.alpha.tar.Z remote: tac_plus.F4.0.4.alpha.tar.Z 200 PORT command successful. 150 Opening BINARY mode data connection for tac_plus.F4.0.4.alpha.tar.Z (193771 bytes). 226 Transfer complete. 193771 bytes received in 1.64 secs (1.2e+02 Kbytes/sec) ftp> bye -Kent -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Steven A. Ridder Sent: Saturday, March 23, 2002 10:08 AM To: [EMAIL PROTECTED] Subject: Re: TACACS+ [7:39297] I think cisco stopped the DL of the free tacacs server a while ago. -- RFC 1149 Compliant. Get in my head: http://sar.dynu.com ""Kent Hundley"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > IMO, the best way to study TACACS+ is to download the free TACACS+ server > from Cisco, install it on Linux and play around with it. You'll learn much > more about how TACACS+ works by implementing it and trying different things > than any WP (it helps a lot if you have a router to work with as well). If > your goal is to learn CiscoSecure ACS, download an eval copy of that and > install it on Windows and play around. Either way, you'll learn quite a bit > about AAA and Cisco. > > Regards, > Kent > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > [EMAIL PROTECTED] > Sent: Saturday, March 23, 2002 8:00 AM > To: [EMAIL PROTECTED] > Subject: TACACS+ [7:39297] > > > I have read the white paper on this. Does anyone know of a good study > source on this topic other than the white paper itself? > > Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=39307&t=39297 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TACACS+ [7:39297]
Come by my site.. I have a few different flavors of TACACS+ for downloading along with docs and white papers. I have a link to the TACACS stuff in the news columm. MikeS www.packetattack.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=39305&t=39297 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TACACS+ [7:39297]
Then take that same server and turn it into your dhcp/dns server and start
the creep into the enterprise :)
>>> "Kent Hundley" 03/23/02 12:53PM >>>
IMO, the best way to study TACACS+ is to download the free TACACS+ server
from Cisco, install it on Linux and play around with it. You'll learn much
more about how TACACS+ works by implementing it and trying different things
than any WP (it helps a lot if you have a router to work with as well). If
your goal is to learn CiscoSecure ACS, download an eval copy of that and
install it on Windows and play around. Either way, you'll learn quite a bit
about AAA and Cisco.
Regards,
Kent
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Saturday, March 23, 2002 8:00 AM
To: [EMAIL PROTECTED]
Subject: TACACS+ [7:39297]
I have read the white paper on this. Does anyone know of a good study
source on this topic other than the white paper itself?
Thanks
> Confidentiality Disclaimer
This email and any files transmitted with it may contain confidential and
/or proprietary information in the possession of WellStar Health System,
Inc. ("WellStar") and is intended only for the individual or entity to whom
addressed. This email may contain information that is held to be
privileged, confidential and exempt from disclosure under applicable law. If
the reader of this message is not the intended recipient, you are hereby
notified that any unauthorized access, dissemination, distribution or
copying of any information from this email is strictly prohibited, and may
subject you to criminal and/or civil liability. If you have received this
email in error, please notify the sender by reply email and then delete this
email and its attachments from your computer. Thank you.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=39304&t=39297
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: TACACS+ [7:39297]
I think cisco stopped the DL of the free tacacs server a while ago. -- RFC 1149 Compliant. Get in my head: http://sar.dynu.com ""Kent Hundley"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > IMO, the best way to study TACACS+ is to download the free TACACS+ server > from Cisco, install it on Linux and play around with it. You'll learn much > more about how TACACS+ works by implementing it and trying different things > than any WP (it helps a lot if you have a router to work with as well). If > your goal is to learn CiscoSecure ACS, download an eval copy of that and > install it on Windows and play around. Either way, you'll learn quite a bit > about AAA and Cisco. > > Regards, > Kent > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > [EMAIL PROTECTED] > Sent: Saturday, March 23, 2002 8:00 AM > To: [EMAIL PROTECTED] > Subject: TACACS+ [7:39297] > > > I have read the white paper on this. Does anyone know of a good study > source on this topic other than the white paper itself? > > Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=39302&t=39297 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TACACS+ [7:39297]
IMO, the best way to study TACACS+ is to download the free TACACS+ server from Cisco, install it on Linux and play around with it. You'll learn much more about how TACACS+ works by implementing it and trying different things than any WP (it helps a lot if you have a router to work with as well). If your goal is to learn CiscoSecure ACS, download an eval copy of that and install it on Windows and play around. Either way, you'll learn quite a bit about AAA and Cisco. Regards, Kent -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Saturday, March 23, 2002 8:00 AM To: [EMAIL PROTECTED] Subject: TACACS+ [7:39297] I have read the white paper on this. Does anyone know of a good study source on this topic other than the white paper itself? Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=39300&t=39297 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: TACACS+ [7:39297]
Random characters to block url filter:apfho hfopiqwhj987489-123749 hd7634y 9y98yu*&^&^%*(%^*&^*(& 89yx9823749-8127c4 8977899^*%&^T&*(^&^%&^%*(&^*&(^*(&%^&^$C %^TYBVR%%R http://www.cisco.com/pcgi-bin/Support/PSP/psp_view.pl?p=Internetworking:Taca cs_plus -- RFC 1149 Compliant. Get in my head: http://sar.dynu.com ""Steven A. Ridder"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > cs_plus > > -- > > RFC 1149 Compliant. > Get in my head: > http://sar.dynu.com > > > wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > I have read the white paper on this. Does anyone know of a good study > > source on this topic other than the white paper itself? > > > > Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=39299&t=39297 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: TACACS+ [7:39297]
cs_plus -- RFC 1149 Compliant. Get in my head: http://sar.dynu.com wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I have read the white paper on this. Does anyone know of a good study > source on this topic other than the white paper itself? > > Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=39298&t=39297 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: tacacs+ ports [7:38814]
port 49 both TACACS & TACACS + ""NetEng"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Does anyone know what ports tacacs+ uses? I'm looking for what ports > Authentication uses, which ports Authorization uses, and what port > Accounting uses. If there are any additional ports it uses, I would > appreciate that info as well. I can't seem to find much on tacacs+, does it > use the same ports as radius? TIA Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=38817&t=38814 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TACACS+ Server [7:38324]
You know what if you get you kicks scolding people before helping them, then I rather you not help at all. Keep the Sarcasm to your self! >From: Sean Knox >To: 'Ray Smith' , [EMAIL PROTECTED] >Subject: RE: TACACS+ Server [7:38324] >Date: Fri, 15 Mar 2002 14:40:11 -0800 > >Padding here, padding there, padding everywhere. > >www.cisco.com buddy. Ever used it? Sarcasm aside, this is a topic that you >could have researched yourself with a 5 second search on Cisco or Google. I >found these through google actually: > >TACACS+ Support Page (watch the wrap): >http://www.cisco.com/pcgi-bin/Support/PSP/psp_view.pl?p=Internetworking:Taca >cs_plus > >TACACS+ Technical Tips: >http://www.cisco.com/warp/public/707/index.shtml#tacacs+ > >CiscoSecure ACS v2.3 for Solaris: >http://www.cisco.com/univercd/cc/td/doc/pcat/sqasux.htm > >A funny note, check out that HTML page name in that last link... "SQA SUX" >or just a coincidence? I work in QA, so maybe I'm just seeing things.. :) > >- Sean > > > >-Original Message- >From: Ray Smith [mailto:[EMAIL PROTECTED]] >Sent: Friday, March 15, 2002 11:25 AM >To: [EMAIL PROTECTED] >Subject: Re: TACACS+ Server [7:38324] > > >Solaris buddy. Do you know how to build one? > > >From: Brian > >To: Ray Smith > >CC: [EMAIL PROTECTED] > >Subject: Re: TACACS+ Server [7:38324] > >Date: Thu, 14 Mar 2002 16:52:17 -0800 (PST) > > > >I suspect that depends slightly on the od u want to use? > >BSD, Linux, and Solaris will all run on that, which r u planning to use? > > > > Bri > > > >On Thu, 14 Mar 2002, Ray Smith wrote: > > > > > Does anyone know how to build/setup a TACACS+ Server on a Sparc-5? > > > > > > Ray > > > > > > > > > _ > > > Chat with friends online, try MSN Messenger: http://messenger.msn.com >_ >Send and receive Hotmail on your mobile device: http://mobile.msn.com _ Chat with friends online, try MSN Messenger: http://messenger.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=38573&t=38324 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TACACS+ Server [7:38324]
For the uninitiated, QA = Quality Assurance and SQA is Software Quality Assurance. :) -Sean -Original Message- From: Sean Knox [mailto:[EMAIL PROTECTED]] Sent: Friday, March 15, 2002 2:39 PM To: [EMAIL PROTECTED] Subject: RE: TACACS+ Server [7:38324] Padding here, padding there, padding everywhere. www.cisco.com buddy. Ever used it? Sarcasm aside, this is a topic that you could have researched yourself with a 5 second search on Cisco or Google. I found these through google actually: TACACS+ Support Page (watch the wrap): http://www.cisco.com/pcgi-bin/Support/PSP/psp_view.pl?p=Internetworking:Taca cs_plus TACACS+ Technical Tips: http://www.cisco.com/warp/public/707/index.shtml#tacacs+ CiscoSecure ACS v2.3 for Solaris: http://www.cisco.com/univercd/cc/td/doc/pcat/sqasux.htm A funny note, check out that HTML page name in that last link... "SQA SUX" or just a coincidence? I work in QA, so maybe I'm just seeing things.. :) - Sean -Original Message- From: Ray Smith [mailto:[EMAIL PROTECTED]] Sent: Friday, March 15, 2002 11:25 AM To: [EMAIL PROTECTED] Subject: Re: TACACS+ Server [7:38324] Solaris buddy. Do you know how to build one? >From: Brian >To: Ray Smith >CC: [EMAIL PROTECTED] >Subject: Re: TACACS+ Server [7:38324] >Date: Thu, 14 Mar 2002 16:52:17 -0800 (PST) > >I suspect that depends slightly on the od u want to use? >BSD, Linux, and Solaris will all run on that, which r u planning to use? > > Bri > >On Thu, 14 Mar 2002, Ray Smith wrote: > > > Does anyone know how to build/setup a TACACS+ Server on a Sparc-5? > > > > Ray > > > > > > _ > > Chat with friends online, try MSN Messenger: http://messenger.msn.com _ Send and receive Hotmail on your mobile device: http://mobile.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=38499&t=38324 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TACACS+ Server [7:38324]
Padding here, padding there, padding everywhere. www.cisco.com buddy. Ever used it? Sarcasm aside, this is a topic that you could have researched yourself with a 5 second search on Cisco or Google. I found these through google actually: TACACS+ Support Page (watch the wrap): http://www.cisco.com/pcgi-bin/Support/PSP/psp_view.pl?p=Internetworking:Taca cs_plus TACACS+ Technical Tips: http://www.cisco.com/warp/public/707/index.shtml#tacacs+ CiscoSecure ACS v2.3 for Solaris: http://www.cisco.com/univercd/cc/td/doc/pcat/sqasux.htm A funny note, check out that HTML page name in that last link... "SQA SUX" or just a coincidence? I work in QA, so maybe I'm just seeing things.. :) - Sean -Original Message- From: Ray Smith [mailto:[EMAIL PROTECTED]] Sent: Friday, March 15, 2002 11:25 AM To: [EMAIL PROTECTED] Subject: Re: TACACS+ Server [7:38324] Solaris buddy. Do you know how to build one? >From: Brian >To: Ray Smith >CC: [EMAIL PROTECTED] >Subject: Re: TACACS+ Server [7:38324] >Date: Thu, 14 Mar 2002 16:52:17 -0800 (PST) > >I suspect that depends slightly on the od u want to use? >BSD, Linux, and Solaris will all run on that, which r u planning to use? > > Bri > >On Thu, 14 Mar 2002, Ray Smith wrote: > > > Does anyone know how to build/setup a TACACS+ Server on a Sparc-5? > > > > Ray > > > > > > _ > > Chat with friends online, try MSN Messenger: http://messenger.msn.com _ Send and receive Hotmail on your mobile device: http://mobile.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=38483&t=38324 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: TACACS+ Server [7:38324]
a copmputer? I think most of the list has put together a machine or two.
>>> "Ray Smith" 03/15/02 02:25PM >>>
Solaris buddy. Do you know how to build one?
>From: Brian
>To: Ray Smith
>CC: [EMAIL PROTECTED]
>Subject: Re: TACACS+ Server [7:38324]
>Date: Thu, 14 Mar 2002 16:52:17 -0800 (PST)
>
>I suspect that depends slightly on the od u want to use?
>BSD, Linux, and Solaris will all run on that, which r u planning to use?
>
> Bri
>
>On Thu, 14 Mar 2002, Ray Smith wrote:
>
> > Does anyone know how to build/setup a TACACS+ Server on a Sparc-5?
> >
> > Ray
> >
> >
> > _
> > Chat with friends online, try MSN Messenger: http://messenger.msn.com
_
Send and receive Hotmail on your mobile device: http://mobile.msn.com
>>>>>>>>>>>>> Confidentiality Disclaimer <<<<<<<<<<<<<<<<
This email and any files transmitted with it may contain confidential and
/or proprietary information in the possession of WellStar Health System,
Inc. ("WellStar") and is intended only for the individual or entity to whom
addressed. This email may contain information that is held to be
privileged, confidential and exempt from disclosure under applicable law. If
the reader of this message is not the intended recipient, you are hereby
notified that any unauthorized access, dissemination, distribution or
copying of any information from this email is strictly prohibited, and may
subject you to criminal and/or civil liability. If you have received this
email in error, please notify the sender by reply email and then delete this
email and its attachments from your computer. Thank you.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=38479&t=38324
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: TACACS+ Server [7:38324]
Solaris buddy. Do you know how to build one? >From: Brian >To: Ray Smith >CC: [EMAIL PROTECTED] >Subject: Re: TACACS+ Server [7:38324] >Date: Thu, 14 Mar 2002 16:52:17 -0800 (PST) > >I suspect that depends slightly on the od u want to use? >BSD, Linux, and Solaris will all run on that, which r u planning to use? > > Bri > >On Thu, 14 Mar 2002, Ray Smith wrote: > > > Does anyone know how to build/setup a TACACS+ Server on a Sparc-5? > > > > Ray > > > > > > _ > > Chat with friends online, try MSN Messenger: http://messenger.msn.com _ Send and receive Hotmail on your mobile device: http://mobile.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=38447&t=38324 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: TACACS+ Server [7:38324]
I'm betting slowaris, since it's a sparc-5 ""Brian"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I suspect that depends slightly on the od u want to use? > BSD, Linux, and Solaris will all run on that, which r u planning to use? > > Bri > > On Thu, 14 Mar 2002, Ray Smith wrote: > > > Does anyone know how to build/setup a TACACS+ Server on a Sparc-5? > > > > Ray > > > > > > _ > > Chat with friends online, try MSN Messenger: http://messenger.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=38338&t=38324 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: TACACS+ Server [7:38324]
I suspect that depends slightly on the od u want to use? BSD, Linux, and Solaris will all run on that, which r u planning to use? Bri On Thu, 14 Mar 2002, Ray Smith wrote: > Does anyone know how to build/setup a TACACS+ Server on a Sparc-5? > > Ray > > > _ > Chat with friends online, try MSN Messenger: http://messenger.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=38326&t=38324 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Tacacs Problem: Router Lockout [7:35223]
Try TeraTerm. Very versatile. The break key is Alt+B. http://download.cnet.com/downloads/1,10150,0-10001-103-0-1-7,00.html?tag=src h&qt=tera+term&cn=&ca=10001 After you break into rommon, change the config-reg to 0x2142 (confreg 0x2142) >confreg 0x2142 >reset - System will reload and bypass startup-config Copy start run and remove your AAA configs Change your config-reg back to 0x2102 wr m -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Farooq Ali Sent: Tuesday, February 12, 2002 12:10 PM To: [EMAIL PROTECTED] Subject: Tacacs Problem: Router Lockout [7:35223] Hi All: I would appreciate if some one can help me in the right direction: scenario: Trying to install Tacacs on a Win2k server, copied the config for the NAS from the install window of TACACS. It has the command to TACACS all lines, vtys,con,aux,telnet. Then the TACACS install is not complete and now cannot log into the router. Telnet, Aux and con all require Username and Password. Read the documentation and found out that authorization should have been only on PPP or vty lines, not console, so a 3600 router sits locked up. Its a non production test router . Any ideas on how to reset the router Have tried the password Recovery procedure, but not sure , if am able to send the correct" break" signal, but trying to do the "break" signal isnt working. Has anyone done this beforeThanks in advance. -- ___ Win a ski trip! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35260&t=35223 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Tacacs Problem: Router Lockout [7:35223]
I got myself into a similar situation, with a 3600 also =) What I found however, was that when I would console in, it would ask for user/pass, and upon waiting 30 seconds or so, it prompted me with "password:" and entering the enable password I got in. But, a common thing that happens when configuring TACACS is you need to add "enable" or "none" at the end of the AAA line so that if you lose connectivity to the TACACS server you can still get in via telnet. Here is what I *used* to have in the config: aaa authentication login default tacacs+ But when the TACACS server went down (which has only happened once) we couldn't get into the routers via telnet. So now the config reads: aaa authentication login default tacacs+ enable So when TACACS is unreachable, it will fail over and prompt you for the enable pass. If you're using AAA for authorization, then it's extremely important to add "none" after "tacacs" otherwise you could lose ALL control without TACACS Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35244&t=35223 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Tacacs Problem: Router Lockout [7:35223]
The last URL didn't show up for some reason in my email. Here it is again http://www.cisco.com/warp/public/701/61.html#how-to If the above URL didn't show up try this onehttp://www.cisco.com/warp/public/701/61.html#how-to just copy the URL from one or if that one didn't work try this one cisco.com/warp/public/701/61.html#how-to HTH Scott -Original Message- From: Scott Nawalaniec [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 12, 2002 1:03 PM To: [EMAIL PROTECTED] Subject: RE: Tacacs Problem: Router Lockout [7:35223] Webpage for common terminal programs and break sequence numbers Scott -Original Message- From: s vermill [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 12, 2002 12:21 PM To: [EMAIL PROTECTED] Subject: RE: Tacacs Problem: Router Lockout [7:35223] Try several different break sequences such as CNTL-F6-BREAK. I think there is a website out there somewhere that lists different possible break sequences for various platforms. I think CNTL-F6-BREAK works with Hyperterminal as bundled with W2K. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35236&t=35223 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Tacacs Problem: Router Lockout [7:35223]
I believe that your problem isn't that you aren't doing the correct sequence, but I think that if you are trying to send the break from win nt/2000 it doesn't work unless you know how to set it. You do need a machine that sends the break key. Farooq Ali wrote: >Hi All: > >I would appreciate if some one can help me in the right direction: >scenario: > >Trying to install Tacacs on a Win2k server, copied the config for the NAS >from the install window of TACACS. It has the command to TACACS all >lines, vtys,con,aux,telnet. Then the TACACS install is not complete and >now cannot log into the router. Telnet, Aux and con all require Username >and Password. Read the documentation and found out that authorization >should have been only on PPP or vty lines, not console, so a 3600 router >sits locked up. Its a non production test router . Any ideas on how to > >reset the router > >Have tried the password Recovery procedure, but not sure , if am able to >send the correct" break" signal, but trying to do the "break" signal isnt >working. Has anyone done this beforeThanks in advance. > >-- > >___ > >Win a ski trip! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35233&t=35223 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Tacacs Problem: Router Lockout [7:35223]
For windows and HyperTerminal the command is ctrl + break. Sometimes the default version the comes with windows is buggy, so then you need to get another program or download the updated version that comes with windows called HyperTerminal Private Edition on www.hillgrave.com. The updated version is pretty good. Steve ""Scott Nawalaniec"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Webpage for common terminal programs and break sequence numbers > > Scott > -Original Message- > From: s vermill [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, February 12, 2002 12:21 PM > To: [EMAIL PROTECTED] > Subject: RE: Tacacs Problem: Router Lockout [7:35223] > > > Try several different break sequences such as CNTL-F6-BREAK. I think there > is a website out there somewhere that lists different possible break > sequences for various platforms. I think CNTL-F6-BREAK works with > Hyperterminal as bundled with W2K. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35231&t=35223 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Tacacs Problem: Router Lockout [7:35223]
Webpage for common terminal programs and break sequence numbers Scott -Original Message- From: s vermill [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 12, 2002 12:21 PM To: [EMAIL PROTECTED] Subject: RE: Tacacs Problem: Router Lockout [7:35223] Try several different break sequences such as CNTL-F6-BREAK. I think there is a website out there somewhere that lists different possible break sequences for various platforms. I think CNTL-F6-BREAK works with Hyperterminal as bundled with W2K. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35230&t=35223 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Tacacs Problem: Router Lockout [7:35223]
Try several different break sequences such as CNTL-F6-BREAK. I think there is a website out there somewhere that lists different possible break sequences for various platforms. I think CNTL-F6-BREAK works with Hyperterminal as bundled with W2K. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35226&t=35223 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Tacacs Problem: Router Lockout [7:35223]
You can't sent a break with Hyperteminal(Windows) download the terminalpprgram from Cisco for Example, you will be able to sent a break then Farooq Ali schrieb: Hi All: I would appreciate if some one can help me in the right direction: scenario: Trying to install Tacacs on a Win2k server, copied the config for the NAS >from the install window of TACACS. It has the command to TACACS all lines, vtys,con,aux,telnet. Then the TACACS install is not complete and now cannot log into the router. Telnet, Aux and con all require Username and Password. Read the documentation and found out that authorization should have been only on PPP or vty lines, not console, so a 3600 router sits locked up. Its a non production test router . Any ideas on how to reset the router Have tried the password Recovery procedure, but not sure , if am able to send the correct" break" signal, but trying to do the "break" signal isnt working. Has anyone done this beforeThanks in advance. -- ___ Win a ski trip! [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35224&t=35223 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TACACS+ Auth redundancy? [7:35043]
Hi, You can use multiple 'radius-server host' or 'tacacs-server host' commands to specify multiple hosts. The software searches for hosts in the order you specify them. Example: radius-server host RADIUS1 radius-server host RADIUS2 If RADIUS1 is down, RADIUS2 will be contacted. The same for TACACS: tacacs-server host TACACS1 tacacs-server host TACACS2 If TACACS1 is down, TACACS2 will be contacted. Of course if RADIUS1 or TACACS1 reject the request, RADIUS2 or TACACS2 will not be contacted. Regards, Georg Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35073&t=35043 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TACACS+ Auth redundancy? [7:35043]
Sure. AFAIK, you can simply specify more than one TACACS server in your config and it should attempt to contact each server in the order you enter them. Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=35064&t=35043 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Tacacs+ software [7:32699]
I have a few different ones available for downloading along with some docs and white papers www.packetattack.com/downloads.html MikeS Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=32730&t=32699 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Tacacs+ software [7:32700]
Found one. This one was submitted, but I couldn't get to it. Before. http://www.gazi.edu.tr/tacacs/index.php >>> Richard Tufaro 01/21 11:25 AM >>> Where would one, go about getting the freeware UNIX version of Tacacs+? Cisco http://www.cisco.com/warp/public/480/tacplus.shtml, points me to a place where i can't connect to it. Anyone have any independent sites that they know of, that are severing it up? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=32700&t=32700 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TACACS+ [7:30963]
Hello Edward, In case you use Cisco equipment, there is the line configuration command "absolute-timeout" . 3640_DialUp#conf t Enter configuration commands, one per line. End with CNTL/Z. 3640_DialUp(config)#line 97 126 3640_DialUp(config-line)#absolute-timeout ? Absolute timeout interval in minutes I think this will solve your problem... Best regards Dvass Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=31140&t=30963 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: tacacs+ and pix [7:27141]
there is only privileged and unprivileged mode. no levels. ""ipguru1"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I tried looking this up but all I find is how to setup tacacs+ on the > pix. I would like to have priv. levels on the pix? Is this possible? > > thanks > bk Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27144&t=27141 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TACACS Config [7:26811]
The "default" is the name of the group you are using.. so you would have in the router config the following line ! aaa authentication login DEFAULT(group name) tacacs+ enable(allows you to use enable password if the tacacs fails) ! MikeS Ken Diliberto wrote: > > Thanks, Mike. > > Any time I use the "default" keyword, the daemon refuses to > load giving an "expected string" error. > > It's good practice, though. I've almost locked myself out of > the switch. As long as I'm too lazy to cycle the power, I'll > hack at it until I get it right. :-) > > Thanks. > > Ken > > >>> "Mike Sweeney" 11/20/01 09:03AM >>> > The info is out there.. do a google search on TACACS > CONFIGURATION. > > [snip] > > --sample config for tac_plus.cfg --- > [snip] > > default authentication = file /etc/shadow > [snip] > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=26970&t=26811 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TACACS Config [7:26811]
Thanks, Mike. Any time I use the "default" keyword, the daemon refuses to load giving an "expected string" error. It's good practice, though. I've almost locked myself out of the switch. As long as I'm too lazy to cycle the power, I'll hack at it until I get it right. :-) Thanks. Ken >>> "Mike Sweeney" 11/20/01 09:03AM >>> The info is out there.. do a google search on TACACS CONFIGURATION. [snip] --sample config for tac_plus.cfg --- [snip] default authentication = file /etc/shadow [snip] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=26867&t=26811 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TACACS Config [7:26811]
The info is out there.. do a google search on TACACS CONFIGURATION.
I have pasted a simple script here for you to start with. Feel free to drop
by my web site for other info and downloads for TACACS+. www.packetattack.com
MikeS
- ios config --
hostname Router
!
aaa new-model
aaa authentication password-prompt promptPW
aaa authentication username-prompt usernameID
aaa authentication login default tacacs+ enable
enable password cisco
!
tacacs-server host xxx.xxx.xxx
tacacs-server key keygoeshere
!
--sample config for tac_plus.cfg ---
(original sample found at http://www.cdcentre.demon.co.uk/network/index.htm)
/etc/tacacs/tac_plus.cfg
key = keygoeshere
# Use /etc/shadow file to do authentication
default authentication = file /etc/shadow
# Where is the accounting records to go
accounting file = /var/log/tac_acc.log
#All services are alowed..
user = default {
default service = permit
}
user = testuser {
default service = permit
login = file /etc/shadow
}
user = script {
login = cleartext passwd
cmd = show {
permit "ip bgp summary"
permit "version"
permit "running-config"
permit "processes cpu"
permit "ip ospf neighbor"
permit "interface*"
permit "ip interface*"
}
cmd = terminal {
permit length
}
}
Ken Diliberto wrote:
>
> Would anyone happen to have a TACACS config file for the free
> TACACS server from Cisco? I'm trying to figure out how to
> configure it to allow a user to login with a priv_lvl of 15.
>
> I guess I'll also need IOS configurations, won't I.
>
> One of these days I'll be able to get what I want from CCO...
>
> Thanks.
>
> Ken
>
>
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=26849&t=26811
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Re: Tacacs [7:17110]
See this is what I am talking about here is a snipit from that page. __ Download xtacacsd v4.1 for Cisco terminal servers. Does Skey, PH databases, accounting and more _ Note: this software is not being developed any more because of the advent of better protocols such as radius and tac_plus. _ So why don't you just roll that one out since you're busy, then when a bug locks everybody out don't call them for support. You'll be researching how to do a lot of good old fashion console work without the boss finding out. - Original Message - From: "Ramesh K" To: Sent: Monday, August 27, 2001 2:14 AM Subject: Re: Re: Tacacs [7:17110] > Hi stephen, > > You can use tacacs if you want to authenticate > the users accessing your routers .You can get the log also.You can download > the same from www.navya.com > I don't have idea about kerboros ... > In my setup tacacs is working fine > > thanks > ramesh > > On Fri, 24 Aug 2001 Stephen Skinner wrote : > >Hello, > > > >i don`t mean to be rude but i think the reason the > >gentleman replyed the > >way he did was because way you posed your question was > >to say > > > >" i`m to busy ...you lot do it for me" > > > >now i personal believe that that is not the case and > >you were simply asking > >(as i do all the time) for some assistance in this > >subject matter. > > > >unfortunatly i don`t have an answer to your question > >but also require info > >on tacacs+so please don`t be afraid to pass on what > >you may learn > > > > > >Kindest Regards > > > > > >steve > > > > > >>From: "khramov" > >>Reply-To: "khramov" > >>To: [EMAIL PROTECTED] > >>Subject: Re: Tacacs [7:17110] > >>Date: Fri, 24 Aug 2001 10:58:12 -0400 > >> > >>As far as I know this is Cisco newsgroup and it should > >be used for > >>technical > >>discussions > >>not for personal insults. If you think that you are > >smarter than me or > >>have > >>better work > >>habits that is fine, I am not going to argue with > >that. Otherwise I would > >>be asking > >>questions. > >> > >>Donald B Johnson jr wrote: > >> > >> > After someone gives you an answer, are you going to > >have time to > >>research > >>if > >> > it is a good solution for you or are you going to > >just implement it. > >> > It sure must warm the cockles of your supervisors > >heart if he could see > >>you > >> > now. > >> > actually the only two things that would make me to > >busy that I couldn't > >> > research an access solution would be; > >> > A raging blaze > >> > A Seinfeld rerun > >> > don > >> > > >> > - Original Message - > >> > From: "khramov" > >> > To: > >> > Sent: Friday, August 24, 2001 6:17 AM > >> > Subject: Tacacs [7:17110] > >> > > >> > > Hi, > >> > > Just like everyone else sometimes I do not have > >enough time to do the > >> > > research myself and I post questions here. Here > >is what I am trying > >>to > >> > > do: I am trying to set up some sort of security > >server on my network > >>to > >> > > > >> > > authorize user access on routers and switches. > >First of all what > >>should > >> > > > >> > > I use Tacacs (extended or +), Radius, Kerberos, > >which one seem to work > >> > > better. Second where can I buy/download the > >software or can I just > >> > > configure a router as a Tacacs server. Just give > >me some ideas on > >>this. > >> > > > >> > > Thanks a lot, > >> > > alex > >- > >_ > >Get your FREE download of MSN Explorer at > >http://explorer.msn.com/intl.asp > >110 > >-- > >FAQ, list archives, and subscription info: > >http://www.groupstudy.com/list/cisco.html > >Report misconduct and Nondisclosure violations to > >[EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17454&t=17110 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Re: Tacacs [7:17110]
Hi stephen, You can use tacacs if you want to authenticate the users accessing your routers .You can get the log also.You can download the same from www.navya.com I don't have idea about kerboros ... In my setup tacacs is working fine thanks ramesh On Fri, 24 Aug 2001 Stephen Skinner wrote : >Hello, > >i don`t mean to be rude but i think the reason the >gentleman replyed the >way he did was because way you posed your question was >to say > >" i`m to busy ...you lot do it for me" > >now i personal believe that that is not the case and >you were simply asking >(as i do all the time) for some assistance in this >subject matter. > >unfortunatly i don`t have an answer to your question >but also require info >on tacacs+so please don`t be afraid to pass on what >you may learn > > >Kindest Regards > > >steve > > >>From: "khramov" >>Reply-To: "khramov" >>To: [EMAIL PROTECTED] >>Subject: Re: Tacacs [7:17110] >>Date: Fri, 24 Aug 2001 10:58:12 -0400 >> >>As far as I know this is Cisco newsgroup and it should >be used for >>technical >>discussions >>not for personal insults. If you think that you are >smarter than me or >>have >>better work >>habits that is fine, I am not going to argue with >that. Otherwise I would >>be asking >>questions. >> >>Donald B Johnson jr wrote: >> >> > After someone gives you an answer, are you going to >have time to >>research >>if >> > it is a good solution for you or are you going to >just implement it. >> > It sure must warm the cockles of your supervisors >heart if he could see >>you >> > now. >> > actually the only two things that would make me to >busy that I couldn't >> > research an access solution would be; >> > A raging blaze >> > A Seinfeld rerun >> > don >> > >> > - Original Message - >> > From: "khramov" >> > To: >> > Sent: Friday, August 24, 2001 6:17 AM >> > Subject: Tacacs [7:17110] >> > >> > > Hi, >> > > Just like everyone else sometimes I do not have >enough time to do the >> > > research myself and I post questions here. Here >is what I am trying >>to >> > > do: I am trying to set up some sort of security >server on my network >>to >> > > >> > > authorize user access on routers and switches. >First of all what >>should >> > > >> > > I use Tacacs (extended or +), Radius, Kerberos, >which one seem to work >> > > better. Second where can I buy/download the >software or can I just >> > > configure a router as a Tacacs server. Just give >me some ideas on >>this. >> > > >> > > Thanks a lot, >> > > alex >- >_ >Get your FREE download of MSN Explorer at >http://explorer.msn.com/intl.asp >110 >-- >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to >[EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17369&t=17110 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Tacacs [7:17110]
No that is not it Steve, my therapist says if I'm good all week I can have a relapse or two on friday. P>) - Original Message - From: "Stephen Skinner" To: Sent: Friday, August 24, 2001 9:00 AM Subject: Re: Tacacs [7:17110] > Hello, > > i don`t mean to be rude but i think the reason the gentleman replyed the > way he did was because way you posed your question was to say > > " i`m to busy ...you lot do it for me" > > now i personal believe that that is not the case and you were simply asking > (as i do all the time) for some assistance in this subject matter. > > unfortunatly i don`t have an answer to your question but also require info > on tacacs+so please don`t be afraid to pass on what you may learn > > > Kindest Regards > > > steve > > > >From: "khramov" > >Reply-To: "khramov" > >To: [EMAIL PROTECTED] > >Subject: Re: Tacacs [7:17110] > >Date: Fri, 24 Aug 2001 10:58:12 -0400 > > > >As far as I know this is Cisco newsgroup and it should be used for > >technical > >discussions > >not for personal insults. If you think that you are smarter than me or > >have > >better work > >habits that is fine, I am not going to argue with that. Otherwise I would > >be asking > >questions. > > > >Donald B Johnson jr wrote: > > > > > After someone gives you an answer, are you going to have time to > >research > >if > > > it is a good solution for you or are you going to just implement it. > > > It sure must warm the cockles of your supervisors heart if he could see > >you > > > now. > > > actually the only two things that would make me to busy that I couldn't > > > research an access solution would be; > > > A raging blaze > > > A Seinfeld rerun > > > don > > > > > > - Original Message - > > > From: "khramov" > > > To: > > > Sent: Friday, August 24, 2001 6:17 AM > > > Subject: Tacacs [7:17110] > > > > > > > Hi, > > > > Just like everyone else sometimes I do not have enough time to do the > > > > research myself and I post questions here. Here is what I am trying > >to > > > > do: I am trying to set up some sort of security server on my network > >to > > > > > > > > authorize user access on routers and switches. First of all what > >should > > > > > > > > I use Tacacs (extended or +), Radius, Kerberos, which one seem to work > > > > better. Second where can I buy/download the software or can I just > > > > configure a router as a Tacacs server. Just give me some ideas on > >this. > > > > > > > > Thanks a lot, > > > > alex > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17161&t=17110 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Tacacs [7:17110]
Hello, i don`t mean to be rude but i think the reason the gentleman replyed the way he did was because way you posed your question was to say " i`m to busy ...you lot do it for me" now i personal believe that that is not the case and you were simply asking (as i do all the time) for some assistance in this subject matter. unfortunatly i don`t have an answer to your question but also require info on tacacs+so please don`t be afraid to pass on what you may learn Kindest Regards steve >From: "khramov" >Reply-To: "khramov" >To: [EMAIL PROTECTED] >Subject: Re: Tacacs [7:17110] >Date: Fri, 24 Aug 2001 10:58:12 -0400 > >As far as I know this is Cisco newsgroup and it should be used for >technical >discussions >not for personal insults. If you think that you are smarter than me or >have >better work >habits that is fine, I am not going to argue with that. Otherwise I would >be asking >questions. > >Donald B Johnson jr wrote: > > > After someone gives you an answer, are you going to have time to >research >if > > it is a good solution for you or are you going to just implement it. > > It sure must warm the cockles of your supervisors heart if he could see >you > > now. > > actually the only two things that would make me to busy that I couldn't > > research an access solution would be; > > A raging blaze > > A Seinfeld rerun > > don > > > > - Original Message - > > From: "khramov" > > To: > > Sent: Friday, August 24, 2001 6:17 AM > > Subject: Tacacs [7:17110] > > > > > Hi, > > > Just like everyone else sometimes I do not have enough time to do the > > > research myself and I post questions here. Here is what I am trying >to > > > do: I am trying to set up some sort of security server on my network >to > > > > > > authorize user access on routers and switches. First of all what >should > > > > > > I use Tacacs (extended or +), Radius, Kerberos, which one seem to work > > > better. Second where can I buy/download the software or can I just > > > configure a router as a Tacacs server. Just give me some ideas on >this. > > > > > > Thanks a lot, > > > alex _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17140&t=17110 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Tacacs [7:17110]
If you are familiar with Unix, contact me off-line and I will assist you with installing and configuring TACACS on Unix platform. I can also help you with configuring routers and switches as well. >From: "khramov" >Reply-To: "khramov" >To: [EMAIL PROTECTED] >Subject: Re: Tacacs [7:17110] >Date: Fri, 24 Aug 2001 10:58:12 -0400 > >As far as I know this is Cisco newsgroup and it should be used for technical >discussions >not for personal insults. If you think that you are smarter than me or have >better work >habits that is fine, I am not going to argue with that. Otherwise I would >be asking >questions. > >Donald B Johnson jr wrote: > > > After someone gives you an answer, are you going to have time to research >if > > it is a good solution for you or are you going to just implement it. > > It sure must warm the cockles of your supervisors heart if he could see you > > now. > > actually the only two things that would make me to busy that I couldn't > > research an access solution would be; > > A raging blaze > > A Seinfeld rerun > > don > > > > - Original Message - > > From: "khramov" > > To: > > Sent: Friday, August 24, 2001 6:17 AM > > Subject: Tacacs [7:17110] > > > > > Hi, > > > Just like everyone else sometimes I do not have enough time to do the > > > research myself and I post questions here. Here is what I am trying to > > > do: I am trying to set up some sort of security server on my network to > > > > > > authorize user access on routers and switches. First of all what should > > > > > > I use Tacacs (extended or +), Radius, Kerberos, which one seem to work > > > better. Second where can I buy/download the software or can I just > > > configure a router as a Tacacs server. Just give me some ideas on this. > > > > > > Thanks a lot, misconduct and Nondisclosure violations to [EMAIL PROTECTED] Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17136&t=17110 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Tacacs [7:17110]
As far as I know this is Cisco newsgroup and it should be used for technical discussions not for personal insults. If you think that you are smarter than me or have better work habits that is fine, I am not going to argue with that. Otherwise I would be asking questions. Donald B Johnson jr wrote: > After someone gives you an answer, are you going to have time to research if > it is a good solution for you or are you going to just implement it. > It sure must warm the cockles of your supervisors heart if he could see you > now. > actually the only two things that would make me to busy that I couldn't > research an access solution would be; > A raging blaze > A Seinfeld rerun > don > > - Original Message - > From: "khramov" > To: > Sent: Friday, August 24, 2001 6:17 AM > Subject: Tacacs [7:17110] > > > Hi, > > Just like everyone else sometimes I do not have enough time to do the > > research myself and I post questions here. Here is what I am trying to > > do: I am trying to set up some sort of security server on my network to > > > > authorize user access on routers and switches. First of all what should > > > > I use Tacacs (extended or +), Radius, Kerberos, which one seem to work > > better. Second where can I buy/download the software or can I just > > configure a router as a Tacacs server. Just give me some ideas on this. > > > > Thanks a lot, > > alex Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17126&t=17110 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Tacacs [7:17110]
After someone gives you an answer, are you going to have time to research if it is a good solution for you or are you going to just implement it. It sure must warm the cockles of your supervisors heart if he could see you now. actually the only two things that would make me to busy that I couldn't research an access solution would be; A raging blaze A Seinfeld rerun don - Original Message - From: "khramov" To: Sent: Friday, August 24, 2001 6:17 AM Subject: Tacacs [7:17110] > Hi, > Just like everyone else sometimes I do not have enough time to do the > research myself and I post questions here. Here is what I am trying to > do: I am trying to set up some sort of security server on my network to > > authorize user access on routers and switches. First of all what should > > I use Tacacs (extended or +), Radius, Kerberos, which one seem to work > better. Second where can I buy/download the software or can I just > configure a router as a Tacacs server. Just give me some ideas on this. > > Thanks a lot, > alex Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=17119&t=17110 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT, was RE: Tacacs+ for home Use? and Passed CCIE written [7:14539]
Carroll, Thank you so much for the detailed reply. Would you recommend any books? (I've read "Using UNIX" -QUE-. I have installed and played with FreeBSD a little bit. I have no exposure to production UNIX environment.) Thanks, Marc >From: Carroll Kong >To: "data com" >CC: [EMAIL PROTECTED] >Subject: Re: OT, was RE: Tacacs+ for home Use? and Passed CCIE written >[7:14428] >Date: Wed, 01 Aug 2001 13:03:42 -0500 > >At 03:16 PM 8/1/01 +, data com wrote: >>Carroll, >> >>I got CCNP and CCDP but I am pretty new to UNIX system. >>I want to lean UNIX with a focus on networking part for the following >>reasons. >>-integrate UNIX system to the internetwork >>-use UNIX for device management using scripts >> >>Now, what flavour of UNIX do you recommend to learn as a start? I suppose >>there is a flavour which contains many commands that also work on other >>systems, and also a flavour that is most commonly used. >> >>Thank you in advance, >>Marc > >I suggest FreeBSD, but any Unix can be leveraged as a basic learning tool >to learn other Unices. If you really understand the concepts and theory of >how unix systems are designed, you can easily adopt other unices. > >The problem with the "universal flavor" is that all unices for the most >part have their roots within two types of unix systems. BSD and >SysV. Most commercial unices will be very SysVish. This means their init >scripts are usually different, and the layout is going to be different than >a BSD like machine. The freeware OSes tend to be very BSDish. > >Unfortunately, this puts you in a bind. There really is no "one unix to >rule them all". :( Even if you do pick a BSDish like userland like >FreeBSD, some binaries are different than say Redhad Linux. Things like >"route print" would not work in FreeBSD, but "netstat -rn" would work in >FreeBSD and in Solaris x86! > >In BSDish (and open source) terms, Linux distributions are probably the >most used. However, they seem to do a lot of nasty non-standard things >like Microsoft. Namely, their GNU route and GNU netstat are drastically >different. Plus, their /bin/sh is NOT shell script but rather >BASH! ARGH! I feel FreeBSD is far cleaner. > >In SysV (and commercial) terms, Solaris has definitely become a king. If >you want to get good with SPARC hardware, buy a Sun Blade. (not suggested >unless you REALLY want to be a Sun head) If you just want to learn >Solaris, you are in luck as Solaris x86 is available for free I >believe. (I bought my copy for ~$80bucks?). Solaris x86 will most >definitely be less forgiving on the hardware support. > >I feel any BSD, Linux, or Solaris are great starters. Just pick one, and >get really good with it. The others will be easily acquired if you run >into them. Learn any of them well enough, and you can easily do the two >things you mentioned. >-integrate UNIX system to the internetwork >-use UNIX for device management using scripts > >Good luck! > > > >-Carroll Kong > _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=14539&t=14539 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT, was RE: Tacacs+ for home Use? and Passed CCIE [7:14417]
""Jonathan V Hays"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Great! Unfortunately my Linux box has an Intel AL440LX motherboard and I > can't find any > place in the BIOS to disable the keyboard (or "halt on error, except > keyboard" which is > another popular BIOS option). Disabling the keyboard is simply not possible > on EVERY x86 > clone. Jonathan There is another way to do this. If you are handy with a soldering iron there is a loopback cable that you can build that fools the BIOS into thinking that there is a keyboard attached (maybe you can buy this in a Radio Shack store). If you are interested e-mail me off-line and I will try to dig out the pinout for you HTH George Yiannibas MCSE CCNA Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=14533&t=14417 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT, was RE: Tacacs+ for home Use? and Passed CCIE written [7:14525]
At 03:16 PM 8/1/01 +, data com wrote: >Carroll, > >I got CCNP and CCDP but I am pretty new to UNIX system. >I want to lean UNIX with a focus on networking part for the following reasons. >-integrate UNIX system to the internetwork >-use UNIX for device management using scripts > >Now, what flavour of UNIX do you recommend to learn as a start? I suppose >there is a flavour which contains many commands that also work on other >systems, and also a flavour that is most commonly used. > >Thank you in advance, >Marc I suggest FreeBSD, but any Unix can be leveraged as a basic learning tool to learn other Unices. If you really understand the concepts and theory of how unix systems are designed, you can easily adopt other unices. The problem with the "universal flavor" is that all unices for the most part have their roots within two types of unix systems. BSD and SysV. Most commercial unices will be very SysVish. This means their init scripts are usually different, and the layout is going to be different than a BSD like machine. The freeware OSes tend to be very BSDish. Unfortunately, this puts you in a bind. There really is no "one unix to rule them all". :( Even if you do pick a BSDish like userland like FreeBSD, some binaries are different than say Redhad Linux. Things like "route print" would not work in FreeBSD, but "netstat -rn" would work in FreeBSD and in Solaris x86! In BSDish (and open source) terms, Linux distributions are probably the most used. However, they seem to do a lot of nasty non-standard things like Microsoft. Namely, their GNU route and GNU netstat are drastically different. Plus, their /bin/sh is NOT shell script but rather BASH! ARGH! I feel FreeBSD is far cleaner. In SysV (and commercial) terms, Solaris has definitely become a king. If you want to get good with SPARC hardware, buy a Sun Blade. (not suggested unless you REALLY want to be a Sun head) If you just want to learn Solaris, you are in luck as Solaris x86 is available for free I believe. (I bought my copy for ~$80bucks?). Solaris x86 will most definitely be less forgiving on the hardware support. I feel any BSD, Linux, or Solaris are great starters. Just pick one, and get really good with it. The others will be easily acquired if you run into them. Learn any of them well enough, and you can easily do the two things you mentioned. -integrate UNIX system to the internetwork -use UNIX for device management using scripts Good luck! -Carroll Kong Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=14525&t=14525 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT, was RE: Tacacs+ for home Use? and Passed CCIE written [7:14503]
Carroll, I got CCNP and CCDP but I am pretty new to UNIX system. I want to lean UNIX with a focus on networking part for the following reasons. -integrate UNIX system to the internetwork -use UNIX for device management using scripts Now, what flavour of UNIX do you recommend to learn as a start? I suppose there is a flavour which contains many commands that also work on other systems, and also a flavour that is most commonly used. Thank you in advance, Marc At 07:20 PM 7/31/01 -0400, Jonathan Hays wrote: >No keyboard? It depends. > >While it's true that native UNIX workstations (Sun, HP, etc.) will run >"headless", most >Intel x86 boxes I have encountered require you to plug in a keyboard or the >machine >won't boot, regardless of the OS installed. Or is there a way around this I >don't know >about? >--- >Jonathan Ah, good point. Now why would it not care which OS? The bios. Crapola bios which give you very little flexibility (enter most commercial packaged PCs with their crap bios) have this problem. If you get a good Asus Motherboard (actually a LOT of vendors give you this flexibility), their bios have this option called Halt On Error: All Error Change it to "No Errors" Your PC will easy POST without the need for a keyboard after this change. For FreeBSD, you probably want to modify the kernel to "always force on" the keyboard. You can also recompile the kernel to enable a serial console so it works like the bad-boy Unix Workstations. (need a null serial modem cable and you are ready to rock and console :) ) Reason why you want FreeBSD to "always force on" the keyboard. If you do not plug in the keyboard, let the box boot, and then plug the keyboard back in, you cannot type anything in. With "always force on", it will work afterwards. Of course, this is only the case if you really messed up the box (kernel panic, ip misconfiguration, firewall rules that kick you off) and your boss forgot to buy that access console server. Linux also has a serial console capability IIRC. If anyone here learns basic FreeBSD on their own and needs help for doing some of these more advanced features, I will easily lend a hand. -Carroll Kong _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=14503&t=14503 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OT, was RE: Tacacs+ for home Use? and Passed CCIE [7:14417]
Jason is ABSOLUTELY correct! I went into the BIOS specifically the CMOS setup and just under the video card option, there is a halt option. I set it to "halt on: no errors". After that, I unplugged both the keyboard and mouse on my x86 clone. Guess what, the Unix box boot up just fine. On a side note, how did Jason know how to do this? Man, he is good. >From: "Baker, Jason" >To: Sean Young , [EMAIL PROTECTED] >Subject: RE: OT, was RE: Tacacs+ for home Use? and Passed CCIE [7:14417] >Date: Wed, 1 Aug 2001 10:29:18 +1000 > >nothing to do with the operating system on intel boxes. > >If you set your BIOS to stop on all errors if no keyboard is plugged in your >box will not boot whether it is NT or linux. > >If you set BIOS to ignore these errors the system will boot. > > > > > -Original Message- > > From: Sean Young [SMTP:[EMAIL PROTECTED]] > > Sent: Wednesday, 1 August 2001 10:38 am > > To: [EMAIL PROTECTED] > > Subject: Re: OT, was RE: Tacacs+ for home Use? and Passed CCIE > > [7:14417] > > > > I run RedHat 7.1 with kernel 2.4.7 on a Dell Optiplex 700 MHz with no > > keyboard and mouse. Didn't have to do anything unusual like disabling it > > in the BIOS. By the way, I control the Unix/Linux box via Terminal > > server. > > > > >From: "Jonathan Hays" >Reply-To: "Jonathan Hays" >To: > > [EMAIL PROTECTED] >Subject: Re: OT, was RE: Tacacs+ for home Use? and > > Passed CCIE [7:14417] >Date: Tue, 31 Jul 2001 19:51:31 -0400 > >Not > > always possible. > >"Roberts, Timothy" wrote: > > > Disable it in the > > bios. > > > > -Original Message- > > From: Jonathan Hays > > [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, July 31, 2001 4:20 PM > > > > To: [EMAIL PROTECTED] > > Subject: Re: OT, was RE: Tacacs+ for home > > Use? and Passed CCIE written > > [7:14413] > > > > No keyboard? It > > depends. > > > > While it's true that native UNIX workstations (Sun, HP, > > etc.) will run > > "headless", most > > Intel x86 boxes I have > > encountered require you to plug in a keyboard or the > > machine > > > > won't boot, regardless of the OS installed. Or is there a way around this > > I > > don't know > > about? > > --- > > Jonathan > > > > Symon Thurlow > > wrote: > > > > > I agree with Carroll, I have been predominantly MS and > > Novell, but have > > > started to learn Linux. It isn't hard if you have > > a good grounding in > > > Networking/IP/Network OS's. It is just a matter > > of finding/learning the > > > commands. > > > > > > Another beauty of a > > *nix box; you only need two cables for it, power and > > > network. > > Forget screen, keyboard, mouse... > > > > > > Symon > > > > > > > > -Original Message- > > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]]On Behalf Of > > > Carroll Kong > > > Sent: > > 31 July 2001 00:32 > > > To: [EMAIL PROTECTED] > > > Subject: Re: > > Tacacs+ for home Use? and Passed CCIE written today > > > [7:14288] > > > > > > > > At 06:40 PM 7/30/01 -0400, [EMAIL PROTECTED] (Timothy Ouellette) > > wrote: > > > >Hello all. I just passed my CCIE today (very happy). I was > > not as > > > >difficult as I expected (possibly over studied for it, if > > that's > > > >possible). Anyways, I am about to embark on the long > > journey to > > > >complete the CCIE by taking the lab. I have my own home > > lab and I was > > > >wondering if there is a free version of Tacacs+ out > > there? I know > > > >cisco has a Unix version they supply but I don't run > > Unix here at home > > > >(win2k for my lab) and I was wondering if anyone > > could help. Thanks > > > >for your time! > > > > > > > >Tim > > > > > > > > Congratulations on passing the CCIE Written! > > > > > > I guess you > > might be out of luck. Here are some of your options > > > > > > a) > > continue searching for a free version of TACACS+ for Windows. > > > b) > > Buy Cisco Secure ACS. > > > c) Get an old machine and install Linux, > > Solaris x86, FreeBSD, NetBSD, >or > > > OpenBSD and grab tacacs+ from > > > > > http://ww
Re: OT, was RE: Tacacs+ for home Use? and Passed CCIE written [7:14428]
At 07:20 PM 7/31/01 -0400, Jonathan Hays wrote: >No keyboard? It depends. > >While it's true that native UNIX workstations (Sun, HP, etc.) will run >"headless", most >Intel x86 boxes I have encountered require you to plug in a keyboard or the >machine >won't boot, regardless of the OS installed. Or is there a way around this I >don't know >about? >--- >Jonathan Ah, good point. Now why would it not care which OS? The bios. Crapola bios which give you very little flexibility (enter most commercial packaged PCs with their crap bios) have this problem. If you get a good Asus Motherboard (actually a LOT of vendors give you this flexibility), their bios have this option called Halt On Error: All Error Change it to "No Errors" Your PC will easy POST without the need for a keyboard after this change. For FreeBSD, you probably want to modify the kernel to "always force on" the keyboard. You can also recompile the kernel to enable a serial console so it works like the bad-boy Unix Workstations. (need a null serial modem cable and you are ready to rock and console :) ) Reason why you want FreeBSD to "always force on" the keyboard. If you do not plug in the keyboard, let the box boot, and then plug the keyboard back in, you cannot type anything in. With "always force on", it will work afterwards. Of course, this is only the case if you really messed up the box (kernel panic, ip misconfiguration, firewall rules that kick you off) and your boss forgot to buy that access console server. Linux also has a serial console capability IIRC. If anyone here learns basic FreeBSD on their own and needs help for doing some of these more advanced features, I will easily lend a hand. -Carroll Kong Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=14428&t=14428 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT, was RE: Tacacs+ for home Use? and Passed CCIE [7:14417]
Great! Unfortunately my Linux box has an Intel AL440LX motherboard and I can't find any place in the BIOS to disable the keyboard (or "halt on error, except keyboard" which is another popular BIOS option). Disabling the keyboard is simply not possible on EVERY x86 clone. Sean Young wrote: > I run RedHat 7.1 with kernel 2.4.7 on a Dell Optiplex 700 MHz with no > keyboard and mouse. Didn't have to do anything unusual like disabling it > in the BIOS. By the way, I control the Unix/Linux box via Terminal > server. > > >From: "Jonathan Hays" >Reply-To: "Jonathan Hays" >To: > [EMAIL PROTECTED] >Subject: Re: OT, was RE: Tacacs+ for home Use? and > Passed CCIE [7:14417] >Date: Tue, 31 Jul 2001 19:51:31 -0400 > >Not > always possible. > >"Roberts, Timothy" wrote: > > > Disable it in the > bios. > > > > -Original Message- > > From: Jonathan Hays > [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, July 31, 2001 4:20 PM > > > To: [EMAIL PROTECTED] > > Subject: Re: OT, was RE: Tacacs+ for home > Use? and Passed CCIE written > > [7:14413] > > > > No keyboard? It > depends. > > > > While it's true that native UNIX workstations (Sun, HP, > etc.) will run > > "headless", most > > Intel x86 boxes I have > encountered require you to plug in a keyboard or the > > machine > > > won't boot, regardless of the OS installed. Or is there a way around this > I > > don't know > > about? > > --- > > Jonathan > > > > Symon Thurlow > wrote: > > > > > I agree with Carroll, I have been predominantly MS and > Novell, but have > > > started to learn Linux. It isn't hard if you have > a good grounding in > > > Networking/IP/Network OS's. It is just a matter > of finding/learning the > > > commands. > > > > > > Another beauty of a > *nix box; you only need two cables for it, power and > > > network. > Forget screen, keyboard, mouse... > > > > > > Symon > > > > > > > -Original Message- > > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of > > > Carroll Kong > > > Sent: > 31 July 2001 00:32 > > > To: [EMAIL PROTECTED] > > > Subject: Re: > Tacacs+ for home Use? and Passed CCIE written today > > > [7:14288] > > > > > > > At 06:40 PM 7/30/01 -0400, [EMAIL PROTECTED] (Timothy Ouellette) > wrote: > > > >Hello all. I just passed my CCIE today (very happy). I was > not as > > > >difficult as I expected (possibly over studied for it, if > that's > > > >possible). Anyways, I am about to embark on the long > journey to > > > >complete the CCIE by taking the lab. I have my own home > lab and I was > > > >wondering if there is a free version of Tacacs+ out > there? I know > > > >cisco has a Unix version they supply but I don't run > Unix here at home > > > >(win2k for my lab) and I was wondering if anyone > could help. Thanks > > > >for your time! > > > > > > > >Tim > > > > > > > Congratulations on passing the CCIE Written! > > > > > > I guess you > might be out of luck. Here are some of your options > > > > > > a) > continue searching for a free version of TACACS+ for Windows. > > > b) > Buy Cisco Secure ACS. > > > c) Get an old machine and install Linux, > Solaris x86, FreeBSD, NetBSD, >or > > > OpenBSD and grab tacacs+ from > > > > http://www.gazi.edu.tr/tacacs/ > > > d) Port the code yourself from > Unix to Windows. > > > > > > Obviously there is a certain time host > inherent to the last three > > > options. You should certainly weigh out > the costs, as ALL of the options > > > have an inherent cost to it, even > a). Personally, I think learning Unix > > is > > > not so bad (maybe I am > biased after all of these years) and may only take > > > perhaps a week > of your time (if you are a fast learner, one day) if you > > > want to > just get TACACS+ on it. You can consider multi-booting, but then > > > > you will have to take out more time to make sure you do not fry your > > > > machine. I hope you do know a lot about partitioning on x86 > > > > hardware. :) It honestly is not that bad, win2k's bootloader is quite > > > > friendly with booting the unices. On the side, I do not think TACACS+ > is &
RE: OT, was RE: Tacacs+ for home Use? and Passed CCIE [7:14417]
nothing to do with the operating system on intel boxes. If you set your BIOS to stop on all errors if no keyboard is plugged in your box will not boot whether it is NT or linux. If you set BIOS to ignore these errors the system will boot. > -Original Message- > From: Sean Young [SMTP:[EMAIL PROTECTED]] > Sent: Wednesday, 1 August 2001 10:38 am > To: [EMAIL PROTECTED] > Subject: Re: OT, was RE: Tacacs+ for home Use? and Passed CCIE > [7:14417] > > I run RedHat 7.1 with kernel 2.4.7 on a Dell Optiplex 700 MHz with no > keyboard and mouse. Didn't have to do anything unusual like disabling it > in the BIOS. By the way, I control the Unix/Linux box via Terminal > server. > > >From: "Jonathan Hays" >Reply-To: "Jonathan Hays" >To: > [EMAIL PROTECTED] >Subject: Re: OT, was RE: Tacacs+ for home Use? and > Passed CCIE [7:14417] >Date: Tue, 31 Jul 2001 19:51:31 -0400 > >Not > always possible. > >"Roberts, Timothy" wrote: > > > Disable it in the > bios. > > > > -Original Message- > > From: Jonathan Hays > [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, July 31, 2001 4:20 PM > > > To: [EMAIL PROTECTED] > > Subject: Re: OT, was RE: Tacacs+ for home > Use? and Passed CCIE written > > [7:14413] > > > > No keyboard? It > depends. > > > > While it's true that native UNIX workstations (Sun, HP, > etc.) will run > > "headless", most > > Intel x86 boxes I have > encountered require you to plug in a keyboard or the > > machine > > > won't boot, regardless of the OS installed. Or is there a way around this > I > > don't know > > about? > > --- > > Jonathan > > > > Symon Thurlow > wrote: > > > > > I agree with Carroll, I have been predominantly MS and > Novell, but have > > > started to learn Linux. It isn't hard if you have > a good grounding in > > > Networking/IP/Network OS's. It is just a matter > of finding/learning the > > > commands. > > > > > > Another beauty of a > *nix box; you only need two cables for it, power and > > > network. > Forget screen, keyboard, mouse... > > > > > > Symon > > > > > > > -Original Message- > > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of > > > Carroll Kong > > > Sent: > 31 July 2001 00:32 > > > To: [EMAIL PROTECTED] > > > Subject: Re: > Tacacs+ for home Use? and Passed CCIE written today > > > [7:14288] > > > > > > > At 06:40 PM 7/30/01 -0400, [EMAIL PROTECTED] (Timothy Ouellette) > wrote: > > > >Hello all. I just passed my CCIE today (very happy). I was > not as > > > >difficult as I expected (possibly over studied for it, if > that's > > > >possible). Anyways, I am about to embark on the long > journey to > > > >complete the CCIE by taking the lab. I have my own home > lab and I was > > > >wondering if there is a free version of Tacacs+ out > there? I know > > > >cisco has a Unix version they supply but I don't run > Unix here at home > > > >(win2k for my lab) and I was wondering if anyone > could help. Thanks > > > >for your time! > > > > > > > >Tim > > > > > > > Congratulations on passing the CCIE Written! > > > > > > I guess you > might be out of luck. Here are some of your options > > > > > > a) > continue searching for a free version of TACACS+ for Windows. > > > b) > Buy Cisco Secure ACS. > > > c) Get an old machine and install Linux, > Solaris x86, FreeBSD, NetBSD, >or > > > OpenBSD and grab tacacs+ from > > > > http://www.gazi.edu.tr/tacacs/ > > > d) Port the code yourself from > Unix to Windows. > > > > > > Obviously there is a certain time host > inherent to the last three > > > options. You should certainly weigh out > the costs, as ALL of the options > > > have an inherent cost to it, even > a). Personally, I think learning Unix > > is > > > not so bad (maybe I am > biased after all of these years) and may only take > > > perhaps a week > of your time (if you are a fast learner, one day) if you > > > want to > just get TACACS+ on it. You can consider multi-booting, but then > > > > you will have to take out more time to make sure you do not fry your > > > > machine. I hope you do know a lot about partitioning on x86 > >
Re: OT, was RE: Tacacs+ for home Use? and Passed CCIE [7:14417]
I run RedHat 7.1 with kernel 2.4.7 on a Dell Optiplex 700 MHz with no keyboard and mouse. Didn't have to do anything unusual like disabling it in the BIOS. By the way, I control the Unix/Linux box via Terminal server. >From: "Jonathan Hays" >Reply-To: "Jonathan Hays" >To: [EMAIL PROTECTED] >Subject: Re: OT, was RE: Tacacs+ for home Use? and Passed CCIE [7:14417] >Date: Tue, 31 Jul 2001 19:51:31 -0400 > >Not always possible. > >"Roberts, Timothy" wrote: > > > Disable it in the bios. > > > > -Original Message- > > From: Jonathan Hays [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, July 31, 2001 4:20 PM > > To: [EMAIL PROTECTED] > > Subject: Re: OT, was RE: Tacacs+ for home Use? and Passed CCIE written > > [7:14413] > > > > No keyboard? It depends. > > > > While it's true that native UNIX workstations (Sun, HP, etc.) will run > > "headless", most > > Intel x86 boxes I have encountered require you to plug in a keyboard or the > > machine > > won't boot, regardless of the OS installed. Or is there a way around this I > > don't know > > about? > > --- > > Jonathan > > > > Symon Thurlow wrote: > > > > > I agree with Carroll, I have been predominantly MS and Novell, but have > > > started to learn Linux. It isn't hard if you have a good grounding in > > > Networking/IP/Network OS's. It is just a matter of finding/learning the > > > commands. > > > > > > Another beauty of a *nix box; you only need two cables for it, power and > > > network. Forget screen, keyboard, mouse... > > > > > > Symon > > > > > > -Original Message- > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > > Carroll Kong > > > Sent: 31 July 2001 00:32 > > > To: [EMAIL PROTECTED] > > > Subject: Re: Tacacs+ for home Use? and Passed CCIE written today > > > [7:14288] > > > > > > At 06:40 PM 7/30/01 -0400, [EMAIL PROTECTED] (Timothy Ouellette) wrote: > > > >Hello all. I just passed my CCIE today (very happy). I was not as > > > >difficult as I expected (possibly over studied for it, if that's > > > >possible). Anyways, I am about to embark on the long journey to > > > >complete the CCIE by taking the lab. I have my own home lab and I was > > > >wondering if there is a free version of Tacacs+ out there? I know > > > >cisco has a Unix version they supply but I don't run Unix here at home > > > >(win2k for my lab) and I was wondering if anyone could help. Thanks > > > >for your time! > > > > > > > >Tim > > > > > > Congratulations on passing the CCIE Written! > > > > > > I guess you might be out of luck. Here are some of your options > > > > > > a) continue searching for a free version of TACACS+ for Windows. > > > b) Buy Cisco Secure ACS. > > > c) Get an old machine and install Linux, Solaris x86, FreeBSD, NetBSD, >or > > > OpenBSD and grab tacacs+ from > > > http://www.gazi.edu.tr/tacacs/ > > > d) Port the code yourself from Unix to Windows. > > > > > > Obviously there is a certain time host inherent to the last three > > > options. You should certainly weigh out the costs, as ALL of the options > > > have an inherent cost to it, even a). Personally, I think learning Unix > > is > > > not so bad (maybe I am biased after all of these years) and may only take > > > perhaps a week of your time (if you are a fast learner, one day) if you > > > want to just get TACACS+ on it. You can consider multi-booting, but then > > > you will have to take out more time to make sure you do not fry your > > > machine. I hope you do know a lot about partitioning on x86 > > > hardware. :) It honestly is not that bad, win2k's bootloader is quite > > > friendly with booting the unices. On the side, I do not think TACACS+ is > > a > > > requirement for the lab. Not that it is a good reason to not learn > > > TACACS+. Every CCIE should learn that eventually, on at least one > > platform. > > > > > > If you install FreeBSD, you may run into issues compiling the code, I > > > patched it so it can work on it. (not as hard as it sounds, only a small > > > line change). If you choose that route, I can help you patch the code so > > > it will compile on FreeBSD. Good luck! > > > > > > -Carroll Kong >-- >Jonathan Hays > > > > misconduct and Nondisclosure violations to [EMAIL PROTECTED] Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=14420&t=14417 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT, was RE: Tacacs+ for home Use? and Passed CCIE [7:14417]
Not always possible. "Roberts, Timothy" wrote: > Disable it in the bios. > > -Original Message- > From: Jonathan Hays [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, July 31, 2001 4:20 PM > To: [EMAIL PROTECTED] > Subject: Re: OT, was RE: Tacacs+ for home Use? and Passed CCIE written > [7:14413] > > No keyboard? It depends. > > While it's true that native UNIX workstations (Sun, HP, etc.) will run > "headless", most > Intel x86 boxes I have encountered require you to plug in a keyboard or the > machine > won't boot, regardless of the OS installed. Or is there a way around this I > don't know > about? > --- > Jonathan > > Symon Thurlow wrote: > > > I agree with Carroll, I have been predominantly MS and Novell, but have > > started to learn Linux. It isn't hard if you have a good grounding in > > Networking/IP/Network OS's. It is just a matter of finding/learning the > > commands. > > > > Another beauty of a *nix box; you only need two cables for it, power and > > network. Forget screen, keyboard, mouse... > > > > Symon > > > > -----Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > Carroll Kong > > Sent: 31 July 2001 00:32 > > To: [EMAIL PROTECTED] > > Subject: Re: Tacacs+ for home Use? and Passed CCIE written today > > [7:14288] > > > > At 06:40 PM 7/30/01 -0400, [EMAIL PROTECTED] (Timothy Ouellette) wrote: > > >Hello all. I just passed my CCIE today (very happy). I was not as > > >difficult as I expected (possibly over studied for it, if that's > > >possible). Anyways, I am about to embark on the long journey to > > >complete the CCIE by taking the lab. I have my own home lab and I was > > >wondering if there is a free version of Tacacs+ out there? I know > > >cisco has a Unix version they supply but I don't run Unix here at home > > >(win2k for my lab) and I was wondering if anyone could help. Thanks > > >for your time! > > > > > >Tim > > > > Congratulations on passing the CCIE Written! > > > > I guess you might be out of luck. Here are some of your options > > > > a) continue searching for a free version of TACACS+ for Windows. > > b) Buy Cisco Secure ACS. > > c) Get an old machine and install Linux, Solaris x86, FreeBSD, NetBSD, or > > OpenBSD and grab tacacs+ from > > http://www.gazi.edu.tr/tacacs/ > > d) Port the code yourself from Unix to Windows. > > > > Obviously there is a certain time host inherent to the last three > > options. You should certainly weigh out the costs, as ALL of the options > > have an inherent cost to it, even a). Personally, I think learning Unix > is > > not so bad (maybe I am biased after all of these years) and may only take > > perhaps a week of your time (if you are a fast learner, one day) if you > > want to just get TACACS+ on it. You can consider multi-booting, but then > > you will have to take out more time to make sure you do not fry your > > machine. I hope you do know a lot about partitioning on x86 > > hardware. :) It honestly is not that bad, win2k's bootloader is quite > > friendly with booting the unices. On the side, I do not think TACACS+ is > a > > requirement for the lab. Not that it is a good reason to not learn > > TACACS+. Every CCIE should learn that eventually, on at least one > platform. > > > > If you install FreeBSD, you may run into issues compiling the code, I > > patched it so it can work on it. (not as hard as it sounds, only a small > > line change). If you choose that route, I can help you patch the code so > > it will compile on FreeBSD. Good luck! > > > > -Carroll Kong -- Jonathan Hays Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=14417&t=14417 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: OT, was RE: Tacacs+ for home Use? and Passed CCIE written [7:14415]
Disable it in the bios. -Original Message- From: Jonathan Hays [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 31, 2001 4:20 PM To: [EMAIL PROTECTED] Subject: Re: OT, was RE: Tacacs+ for home Use? and Passed CCIE written [7:14413] No keyboard? It depends. While it's true that native UNIX workstations (Sun, HP, etc.) will run "headless", most Intel x86 boxes I have encountered require you to plug in a keyboard or the machine won't boot, regardless of the OS installed. Or is there a way around this I don't know about? --- Jonathan Symon Thurlow wrote: > I agree with Carroll, I have been predominantly MS and Novell, but have > started to learn Linux. It isn't hard if you have a good grounding in > Networking/IP/Network OS's. It is just a matter of finding/learning the > commands. > > Another beauty of a *nix box; you only need two cables for it, power and > network. Forget screen, keyboard, mouse... > > Symon > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Carroll Kong > Sent: 31 July 2001 00:32 > To: [EMAIL PROTECTED] > Subject: Re: Tacacs+ for home Use? and Passed CCIE written today > [7:14288] > > At 06:40 PM 7/30/01 -0400, [EMAIL PROTECTED] (Timothy Ouellette) wrote: > >Hello all. I just passed my CCIE today (very happy). I was not as > >difficult as I expected (possibly over studied for it, if that's > >possible). Anyways, I am about to embark on the long journey to > >complete the CCIE by taking the lab. I have my own home lab and I was > >wondering if there is a free version of Tacacs+ out there? I know > >cisco has a Unix version they supply but I don't run Unix here at home > >(win2k for my lab) and I was wondering if anyone could help. Thanks > >for your time! > > > >Tim > > Congratulations on passing the CCIE Written! > > I guess you might be out of luck. Here are some of your options > > a) continue searching for a free version of TACACS+ for Windows. > b) Buy Cisco Secure ACS. > c) Get an old machine and install Linux, Solaris x86, FreeBSD, NetBSD, or > OpenBSD and grab tacacs+ from > http://www.gazi.edu.tr/tacacs/ > d) Port the code yourself from Unix to Windows. > > Obviously there is a certain time host inherent to the last three > options. You should certainly weigh out the costs, as ALL of the options > have an inherent cost to it, even a). Personally, I think learning Unix is > not so bad (maybe I am biased after all of these years) and may only take > perhaps a week of your time (if you are a fast learner, one day) if you > want to just get TACACS+ on it. You can consider multi-booting, but then > you will have to take out more time to make sure you do not fry your > machine. I hope you do know a lot about partitioning on x86 > hardware. :) It honestly is not that bad, win2k's bootloader is quite > friendly with booting the unices. On the side, I do not think TACACS+ is a > requirement for the lab. Not that it is a good reason to not learn > TACACS+. Every CCIE should learn that eventually, on at least one platform. > > If you install FreeBSD, you may run into issues compiling the code, I > patched it so it can work on it. (not as hard as it sounds, only a small > line change). If you choose that route, I can help you patch the code so > it will compile on FreeBSD. Good luck! > > -Carroll Kong Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=14415&t=14415 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: OT, was RE: Tacacs+ for home Use? and Passed CCIE written [7:14413]
No keyboard? It depends. While it's true that native UNIX workstations (Sun, HP, etc.) will run "headless", most Intel x86 boxes I have encountered require you to plug in a keyboard or the machine won't boot, regardless of the OS installed. Or is there a way around this I don't know about? --- Jonathan Symon Thurlow wrote: > I agree with Carroll, I have been predominantly MS and Novell, but have > started to learn Linux. It isn't hard if you have a good grounding in > Networking/IP/Network OS's. It is just a matter of finding/learning the > commands. > > Another beauty of a *nix box; you only need two cables for it, power and > network. Forget screen, keyboard, mouse... > > Symon > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Carroll Kong > Sent: 31 July 2001 00:32 > To: [EMAIL PROTECTED] > Subject: Re: Tacacs+ for home Use? and Passed CCIE written today > [7:14288] > > At 06:40 PM 7/30/01 -0400, [EMAIL PROTECTED] (Timothy Ouellette) wrote: > >Hello all. I just passed my CCIE today (very happy). I was not as > >difficult as I expected (possibly over studied for it, if that's > >possible). Anyways, I am about to embark on the long journey to > >complete the CCIE by taking the lab. I have my own home lab and I was > >wondering if there is a free version of Tacacs+ out there? I know > >cisco has a Unix version they supply but I don't run Unix here at home > >(win2k for my lab) and I was wondering if anyone could help. Thanks > >for your time! > > > >Tim > > Congratulations on passing the CCIE Written! > > I guess you might be out of luck. Here are some of your options > > a) continue searching for a free version of TACACS+ for Windows. > b) Buy Cisco Secure ACS. > c) Get an old machine and install Linux, Solaris x86, FreeBSD, NetBSD, or > OpenBSD and grab tacacs+ from > http://www.gazi.edu.tr/tacacs/ > d) Port the code yourself from Unix to Windows. > > Obviously there is a certain time host inherent to the last three > options. You should certainly weigh out the costs, as ALL of the options > have an inherent cost to it, even a). Personally, I think learning Unix is > not so bad (maybe I am biased after all of these years) and may only take > perhaps a week of your time (if you are a fast learner, one day) if you > want to just get TACACS+ on it. You can consider multi-booting, but then > you will have to take out more time to make sure you do not fry your > machine. I hope you do know a lot about partitioning on x86 > hardware. :) It honestly is not that bad, win2k's bootloader is quite > friendly with booting the unices. On the side, I do not think TACACS+ is a > requirement for the lab. Not that it is a good reason to not learn > TACACS+. Every CCIE should learn that eventually, on at least one platform. > > If you install FreeBSD, you may run into issues compiling the code, I > patched it so it can work on it. (not as hard as it sounds, only a small > line change). If you choose that route, I can help you patch the code so > it will compile on FreeBSD. Good luck! > > -Carroll Kong Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=14413&t=14413 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT, was RE: Tacacs+ for home Use? and Passed CCIE written [7:14407]
I agree with Carroll, I have been predominantly MS and Novell, but have started to learn Linux. It isn't hard if you have a good grounding in Networking/IP/Network OS's. It is just a matter of finding/learning the commands. Another beauty of a *nix box; you only need two cables for it, power and network. Forget screen, keyboard, mouse... Symon -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Carroll Kong Sent: 31 July 2001 00:32 To: [EMAIL PROTECTED] Subject: Re: Tacacs+ for home Use? and Passed CCIE written today [7:14288] At 06:40 PM 7/30/01 -0400, [EMAIL PROTECTED] (Timothy Ouellette) wrote: >Hello all. I just passed my CCIE today (very happy). I was not as >difficult as I expected (possibly over studied for it, if that's >possible). Anyways, I am about to embark on the long journey to >complete the CCIE by taking the lab. I have my own home lab and I was >wondering if there is a free version of Tacacs+ out there? I know >cisco has a Unix version they supply but I don't run Unix here at home >(win2k for my lab) and I was wondering if anyone could help. Thanks >for your time! > >Tim Congratulations on passing the CCIE Written! I guess you might be out of luck. Here are some of your options a) continue searching for a free version of TACACS+ for Windows. b) Buy Cisco Secure ACS. c) Get an old machine and install Linux, Solaris x86, FreeBSD, NetBSD, or OpenBSD and grab tacacs+ from http://www.gazi.edu.tr/tacacs/ d) Port the code yourself from Unix to Windows. Obviously there is a certain time host inherent to the last three options. You should certainly weigh out the costs, as ALL of the options have an inherent cost to it, even a). Personally, I think learning Unix is not so bad (maybe I am biased after all of these years) and may only take perhaps a week of your time (if you are a fast learner, one day) if you want to just get TACACS+ on it. You can consider multi-booting, but then you will have to take out more time to make sure you do not fry your machine. I hope you do know a lot about partitioning on x86 hardware. :) It honestly is not that bad, win2k's bootloader is quite friendly with booting the unices. On the side, I do not think TACACS+ is a requirement for the lab. Not that it is a good reason to not learn TACACS+. Every CCIE should learn that eventually, on at least one platform. If you install FreeBSD, you may run into issues compiling the code, I patched it so it can work on it. (not as hard as it sounds, only a small line change). If you choose that route, I can help you patch the code so it will compile on FreeBSD. Good luck! -Carroll Kong Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=14407&t=14407 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Tacacs+ for home Use? and Passed CCIE written today [7:14288]
At 06:40 PM 7/30/01 -0400, [EMAIL PROTECTED] (Timothy Ouellette) wrote: >Hello all. I just passed my CCIE today (very happy). I was not as >difficult as I expected (possibly over studied for it, if that's >possible). Anyways, I am about to embark on the long journey to >complete the CCIE by taking the lab. I have my own home lab and I was >wondering if there is a free version of Tacacs+ out there? I know >cisco has a Unix version they supply but I don't run Unix here at home >(win2k for my lab) and I was wondering if anyone could help. Thanks >for your time! > >Tim Congratulations on passing the CCIE Written! I guess you might be out of luck. Here are some of your options a) continue searching for a free version of TACACS+ for Windows. b) Buy Cisco Secure ACS. c) Get an old machine and install Linux, Solaris x86, FreeBSD, NetBSD, or OpenBSD and grab tacacs+ from http://www.gazi.edu.tr/tacacs/ d) Port the code yourself from Unix to Windows. Obviously there is a certain time host inherent to the last three options. You should certainly weigh out the costs, as ALL of the options have an inherent cost to it, even a). Personally, I think learning Unix is not so bad (maybe I am biased after all of these years) and may only take perhaps a week of your time (if you are a fast learner, one day) if you want to just get TACACS+ on it. You can consider multi-booting, but then you will have to take out more time to make sure you do not fry your machine. I hope you do know a lot about partitioning on x86 hardware. :) It honestly is not that bad, win2k's bootloader is quite friendly with booting the unices. On the side, I do not think TACACS+ is a requirement for the lab. Not that it is a good reason to not learn TACACS+. Every CCIE should learn that eventually, on at least one platform. If you install FreeBSD, you may run into issues compiling the code, I patched it so it can work on it. (not as hard as it sounds, only a small line change). If you choose that route, I can help you patch the code so it will compile on FreeBSD. Good luck! -Carroll Kong Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=14288&t=14288 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: TACACS+ and AAA [7:10211]
Cisco's site search for "configuring AAA" ""anthony moore"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Anyone got any good reference or know where to get documentation on > configuring TACACS+, AAA, and Cisco ACS server Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=10506&t=10211 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: TACACS+ and AAA [7:10210]
Went to http:\\ cisco.google.com/cisco Did a search on "AAA configuration" First hit was: http://www.cisco.com/univercd/cc/td/doc/cisintwk/intsolns/aaaisg/c262ap1.htm The best thing to ever happen to CCO was the google search. It has saved my bacon on many occasions. CCO has almost anything you want to know. Finding it was always the bitch !!! Thank God for Google !!! Tony M. #6172 - Original Message - From: anthony moore To: Sent: Wednesday, June 27, 2001 4:22 PM Subject: TACACS+ and AAA [7:10210] > Anyone got any good reference or know where to get documentation on > configuring TACACS+, AAA, and Cisco ACS server Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=10228&t=10210 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Tacacs [7:2602]
Ok, maybe I wasn't clear enough :-) Unfortunately the issue I'm trying to investigate involves Tacacs+ configuration but I don't have access to the Tacacs+ servers - that's "another" group. What is happening is that a user dials in, gets authenticated and then is identified as belonging to a group. Depending on that group, a L2F tunnel gets created to a particular home gateway. You're talking having more than one Tacacs+ server - I know that can be done. My quest is to find some redundancy in how the Tacacs+ server assigns a home gateway. When looking at example code: vpdn-group 1 request dialin l2f ip w.x.y.z domain abc It looks like only one ip address is allowed. A colleague thinks that it is possible to have Tacacs+ choose a home gateway. And that's the question. Our configuration has multiple vpdn-groups and I'm still trying to figure out how a user gets allocated to a particular vpdn-group let alone discover if multiple gateways are possible. (a little difficult since the "other" group doesn't share very well) The end result is to have an automatic failover if the prime gateway goes down that the call will be accepted at the secondary gateway. Sorta like - if this destination is avail, use it - else use this one. Is this clear??? hope so Kevin Wigle > > - Original Message - > > From: "Henry D." > > To: > > Sent: Monday, 30 April, 2001 17:33 > > Subject: Re: Tacacs [7:2602] > > > > > > > I'm not an expert in TACACS but I know you can have more than 1 server > > > specified in the routers. I mainly used it just for authentication, in > > which > > > case there was no problem whatsoever with this setup. If first specified > > > server is not reachable, the other is being used. > > > I don't think there would be an issue if I used authorization/accounting > > > features either. There would simply be no need to try to fall back to > > the > > > main server in case it came up while using the backup server on the > > current > > > session. > > > > > > BTW, what do you mean by "terminating L2F tunnels" ? > > > Do you just authenticate, or you also use the authorization/accounting > > > features on the tunnel ? > > > If so, could you elaborate a bit more on this topic ? > > > > > > > > > ""Kevin Wigle"" wrote in message > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > Dear Group, > > > > > > > > A Tacacs question. > > > > > > > > Is it possible to configure Tacacs+ to use 2 different home gateways? > > > > > > > > Specifically, gate1 to be used to terminate L2F tunnels. > > > > > > > > If that fails, use gate2. > > > > > > > > And, another question if that is possible.. > > > > > > > > When gate1 is reachable again, will the users on gate2 be disconnected > > or > > > > stay > > > > there until they disconnect while "new" connections go to gate1 again? > > > > > > > > tia > > > > > > > > Kevin Wigle > > > > FAQ, list archives, and subscription info: > > > http://www.groupstudy.com/list/cisco.html > > > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html > > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=2746&t=2602 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Tacacs [7:2602]
I'm not an expert in TACACS but I know you can have more than 1 server specified in the routers. I mainly used it just for authentication, in which case there was no problem whatsoever with this setup. If first specified server is not reachable, the other is being used. I don't think there would be an issue if I used authorization/accounting features either. There would simply be no need to try to fall back to the main server in case it came up while using the backup server on the current session. BTW, what do you mean by "terminating L2F tunnels" ? Do you just authenticate, or you also use the authorization/accounting features on the tunnel ? If so, could you elaborate a bit more on this topic ? ""Kevin Wigle"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Dear Group, > > A Tacacs question. > > Is it possible to configure Tacacs+ to use 2 different home gateways? > > Specifically, gate1 to be used to terminate L2F tunnels. > > If that fails, use gate2. > > And, another question if that is possible.. > > When gate1 is reachable again, will the users on gate2 be disconnected or > stay > there until they disconnect while "new" connections go to gate1 again? > > tia > > Kevin Wigle > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=2630&t=2602 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Tacacs Server Example [7:1788]
Rico, I need to know how familiar you are with Unix platform. I run my tacacs server on a linux platform. The setup and configuration is quite simple. Before I go on, I need to know the following the information: 1) How familiar are you with Unix? by that, I mean you don't have to be familiar with Unix, just enough to compile the source code, 2) are you familiar with either vi editor or emacs? 3) are you familiar with compiling the source code? You can find the TACACS+ source code at: http://www.gazi.edu.tr/tacacs/ If you say "YES" to the above questions, then I will be glad to help you. Sean >From: "Washington Rico" >Reply-To: "Washington Rico" >To: [EMAIL PROTECTED] >Subject: Tacacs Server Example [7:1788] >Date: Tue, 24 Apr 2001 20:02:16 -0400 > >If anyone can help me, I need to how to setup a tacacs+ on the unix >side. The router side is fairly simple , but the real trouble is on the >Unix server side. Anyone know where I could go on the internet to get an >good example of a configuration file on the Tacacs+ Daemon > >Need Help > >Many Thank in Advance. >_ >Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. >FAQ, list archives, and subscription info: >http://www.groupstudy.com/list/cisco.html >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ Get your FREE download of MSN Explorer at http://explorer.msn.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1792&t=1788 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Tacacs Server Example [7:1788]
try the list at www.unix.com. Its good too. Sincerely, KEYUR LAVINGIA Network Engineer -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Washington Rico Sent: Tuesday, April 24, 2001 5:02 PM To: [EMAIL PROTECTED] Subject: Tacacs Server Example [7:1788] If anyone can help me, I need to how to setup a tacacs+ on the unix side. The router side is fairly simple , but the real trouble is on the Unix server side. Anyone know where I could go on the internet to get an good example of a configuration file on the Tacacs+ Daemon Need Help Many Thank in Advance. _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=1790&t=1788 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Tacacs and dialup authentication
I probably should have outlined the reason for this type of configuration. The problem I am trying to solve is this - I want to use a remote tacacs server for telnet authentication, but I want to use the local database for ppp authentication (it would be a pain to add all the router names into the tacacs server database). I have removed the tacacs server configuration because I wanted to make the configuration as simple as possible, and just use the local database. The URL that I posted below shows how you would do this for a user->router, but not for router->router. It should be very simple - and I am sure that I am missing something obvious. I have experienced the same problem when routerA has been a 1603 and a 2600 with different IOS versions. The next step is to change RouterB and see what happens. Thanks for your help, keep it coming! > -Original Message- > From: Tony van Ree [SMTP:[EMAIL PROTECTED]] > Sent: Wednesday 28 March 2001 23:56 > To: Radford Dion; [EMAIL PROTECTED] > Subject: Re: Tacacs and dialup authentication > > Hi, > > Where is the TACACS configured. > > I would have thought you would need a reference to TACACS in your AAA > statements and a refernce to the TACACS server address. > > aaa new-model > aaa authentication login default tacacs+ local > aaa authentication login console tacacs+ enable > aaa authentication ppp default if-needed tacacs+ local > aaa authentication ppp routers if-needed local > aaa authorization exec default tacacs+ if-authenticated local > aaa authorization network default tacacs+ local if-authenticated > > ! > OTHER ROUTER STUFF > ! > > tacacs-server host 192.168.0.1 > tacacs-server timeout 10 > tacacs-server key akeyword > > > > Just a thought. It seems you don't say to use TACACS in your AAA > statements. > > Teunis > Hobart, Tasmania > Australia > > > > > On Wednesday, March 28, 2001 at 11:27:08 AM, Radford Dion wrote: > > > Hi Everyone. > > > > I am having trouble trying to work out why I cannot get a router to > connect > > via ISDN to another router when tacacs is configured. I want to use the > > local Tacacs database and I have followed the instructions on the cisco > web > > site > > > http://www.cisco.com/univercd/cc/td/doc/cisintwk/intsolns/aaaisg/c262c2.ht > m. > > I would appreciate any feedback that anyone has. > > > > This is the scenario > > > > RouterA ---> dials into > RouterB > > > > When I remove the aaa configuration parameters from router A it works > fine. > > > > Router A config: > > username RouterB password x > > > > aaa new-model > > aaa authentication enable default enable > > aaa authentication ppp default local > > > > int bri 0/0 > > no ip address > > no ip redirects > > no ip directed-broadcast > > encapsulation ppp > > dialer pool-member 1 > > isdn switch-type basic-net3 > > no fair-queue > > ppp authentication chap > > ! > > interface Dialer1 > > ip address 192.168.0.186 255.255.255.252 > > no ip redirects > > no ip directed-broadcast > > encapsulation ppp > > dialer remote-name RouterB > > dialer pool 1 > > dialer idle-timeout 60 > > dialer string 555 > > dialer hold-queue 10 > > dialer-group 1 > > no fair-queue > > ppp authentication chap > > > > > > Router B config: > > username RouterA password x > > > > aaa new-model > > aaa authentication enable default enable > > aaa authentication ppp default local > > > > int bri 3/1 > > ip address 192.168.0.186 255.255.255.252 > > encapsulation ppp > > dialer idle-timeout 60 > > dialer map ip 192.168.0.186 name RouterA 5554324 > > dialer-group 2 > > ppp authentication chap > > > > This is the debug output - I tried using debug aaa authentication but > there > > was no output from either router. > > > > Debug ppp authentication on Router A: > > *Mar 21 23:30:17: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to > up > > *Mar 21 23:30:17: %DIALER-6-BIND: Interface BR0/0:1 bound to profile Di1 > > *Mar 21 23:30:17: %ISDN-6-CONNECT: Interface BRI0/0:1 is now connected > to > > 555 . > > *Mar 21 23:30:17: BR0/0:1 PPP: Treating connection as a callout > > *Mar 21 23:30:17: BR0/0:1 CHAP: O CHALLENGE id 142 len 31 from "RouterA" > > *Mar 21 23:30:17: BR0/0:1 CHAP: I CHALLENGE id 227 len 31 from "RouterB" > > *Mar 21 23:30:17: BR0/0:1 CHAP: Unable
RE: Tacacs and dialup authentication
This is a valid comment, but when a go into routerA, type 'no aaa new-model', it works, which would eliminate the possibility of a password problem. > -Original Message- > From: Gareth Hinton [SMTP:[EMAIL PROTECTED]] > Sent: Wednesday 28 March 2001 22:43 > To: [EMAIL PROTECTED] > Subject: Re: Tacacs and dialup authentication > > Looked through it for ages. I may be missing something but looks like the > authentication is just failing, possibly due to not using the same > password > on RouterA and RouterB? > > On RouterA > username RouterB password fred > > On RouterB > username RouterA password fred > > Fingers like mine - too big to tyyppe? > > Anyone feel free to correct me if info is garbage. > > Cheers, > > Gareth > > > "Radford Dion" <[EMAIL PROTECTED]> wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi Everyone. > > > > I am having trouble trying to work out why I cannot get a router to > connect > > via ISDN to another router when tacacs is configured. I want to use the > > local Tacacs database and I have followed the instructions on the cisco > web > > site > > > http://www.cisco.com/univercd/cc/td/doc/cisintwk/intsolns/aaaisg/c262c2.ht > m. > > I would appreciate any feedback that anyone has. > > > > This is the scenario > > > > RouterA ---> dials into > RouterB > > > > When I remove the aaa configuration parameters from router A it works > fine. > > > > Router A config: > > username RouterB password x > > > > aaa new-model > > aaa authentication enable default enable > > aaa authentication ppp default local > > > > int bri 0/0 > > no ip address > > no ip redirects > > no ip directed-broadcast > > encapsulation ppp > > dialer pool-member 1 > > isdn switch-type basic-net3 > > no fair-queue > > ppp authentication chap > > ! > > interface Dialer1 > > ip address 192.168.0.186 255.255.255.252 > > no ip redirects > > no ip directed-broadcast > > encapsulation ppp > > dialer remote-name RouterB > > dialer pool 1 > > dialer idle-timeout 60 > > dialer string 555 > > dialer hold-queue 10 > > dialer-group 1 > > no fair-queue > > ppp authentication chap > > > > > > Router B config: > > username RouterA password x > > > > aaa new-model > > aaa authentication enable default enable > > aaa authentication ppp default local > > > > int bri 3/1 > > ip address 192.168.0.186 255.255.255.252 > > encapsulation ppp > > dialer idle-timeout 60 > > dialer map ip 192.168.0.186 name RouterA 5554324 > > dialer-group 2 > > ppp authentication chap > > > > This is the debug output - I tried using debug aaa authentication but > there > > was no output from either router. > > > > Debug ppp authentication on Router A: > > *Mar 21 23:30:17: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to > up > > *Mar 21 23:30:17: %DIALER-6-BIND: Interface BR0/0:1 bound to profile Di1 > > *Mar 21 23:30:17: %ISDN-6-CONNECT: Interface BRI0/0:1 is now connected > to > > 555 . > > *Mar 21 23:30:17: BR0/0:1 PPP: Treating connection as a callout > > *Mar 21 23:30:17: BR0/0:1 CHAP: O CHALLENGE id 142 len 31 from "RouterA" > > *Mar 21 23:30:17: BR0/0:1 CHAP: I CHALLENGE id 227 len 31 from "RouterB" > > *Mar 21 23:30:17: BR0/0:1 CHAP: Unable to authenticate for peer > > *Mar 21 23:30:17: BR0/0:1 PPP: Treating connection as a callout > > *Mar 21 23:30:17: %DIALER-6-UNBIND: Interface BR0/0:1 unbound from > profile > > Di1 > > *Mar 21 23:30:18: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to > down > > *Mar 21 23:30:19: %LINK-3-UPDOWN: Interface BRI0/0:2, changed state to > up > > *Mar 21 23:30:19: %DIALER-6-BIND: Interface BR0/0:2 bound to profile > Di1. > > *Mar 21 23:30:19: BR0/0:2 PPP: Treating connection as a callout > > *Mar 21 23:30:19: BR0/0:2 CHAP: O CHALLENGE id 66 len 31 from "RouterA" > > *Mar 21 23:30:19: BR0/0:2 CHAP: I CHALLENGE id 228 len 31 from "RouterB" > > *Mar 21 23:30:19: BR0/0:2 CHAP: Unable to authenticate for peer > > *Mar 21 23:30:19: BR0/0:2 PPP: Treating connection as a callout > > *Mar 21 23:30:19: %DIALER-6-UNBIND: Interface BR0/0:2 unbound from > profile > > Di1 > > *Mar 21 23:30:20: %LINK-3-UPDOWN: Interface BRI0/0:2, changed state to > down > > *Mar 21 23:30:21: %LINK-3-UPDOWN: Interface
Re: Tacacs and dialup authentication
Hi, Where is the TACACS configured. I would have thought you would need a reference to TACACS in your AAA statements and a refernce to the TACACS server address. aaa new-model aaa authentication login default tacacs+ local aaa authentication login console tacacs+ enable aaa authentication ppp default if-needed tacacs+ local aaa authentication ppp routers if-needed local aaa authorization exec default tacacs+ if-authenticated local aaa authorization network default tacacs+ local if-authenticated ! OTHER ROUTER STUFF ! tacacs-server host 192.168.0.1 tacacs-server timeout 10 tacacs-server key akeyword Just a thought. It seems you don't say to use TACACS in your AAA statements. Teunis Hobart, Tasmania Australia On Wednesday, March 28, 2001 at 11:27:08 AM, Radford Dion wrote: > Hi Everyone. > > I am having trouble trying to work out why I cannot get a router to connect > via ISDN to another router when tacacs is configured. I want to use the > local Tacacs database and I have followed the instructions on the cisco web > site > http://www.cisco.com/univercd/cc/td/doc/cisintwk/intsolns/aaaisg/c262c2.htm. > I would appreciate any feedback that anyone has. > > This is the scenario > > RouterA ---> dials into > RouterB > > When I remove the aaa configuration parameters from router A it works fine. > > Router A config: > username RouterB password x > > aaa new-model > aaa authentication enable default enable > aaa authentication ppp default local > > int bri 0/0 > no ip address > no ip redirects > no ip directed-broadcast > encapsulation ppp > dialer pool-member 1 > isdn switch-type basic-net3 > no fair-queue > ppp authentication chap > ! > interface Dialer1 > ip address 192.168.0.186 255.255.255.252 > no ip redirects > no ip directed-broadcast > encapsulation ppp > dialer remote-name RouterB > dialer pool 1 > dialer idle-timeout 60 > dialer string 555 > dialer hold-queue 10 > dialer-group 1 > no fair-queue > ppp authentication chap > > > Router B config: > username RouterA password x > > aaa new-model > aaa authentication enable default enable > aaa authentication ppp default local > > int bri 3/1 > ip address 192.168.0.186 255.255.255.252 > encapsulation ppp > dialer idle-timeout 60 > dialer map ip 192.168.0.186 name RouterA 5554324 > dialer-group 2 > ppp authentication chap > > This is the debug output - I tried using debug aaa authentication but there > was no output from either router. > > Debug ppp authentication on Router A: > *Mar 21 23:30:17: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to up > *Mar 21 23:30:17: %DIALER-6-BIND: Interface BR0/0:1 bound to profile Di1 > *Mar 21 23:30:17: %ISDN-6-CONNECT: Interface BRI0/0:1 is now connected to > 555 . > *Mar 21 23:30:17: BR0/0:1 PPP: Treating connection as a callout > *Mar 21 23:30:17: BR0/0:1 CHAP: O CHALLENGE id 142 len 31 from "RouterA" > *Mar 21 23:30:17: BR0/0:1 CHAP: I CHALLENGE id 227 len 31 from "RouterB" > *Mar 21 23:30:17: BR0/0:1 CHAP: Unable to authenticate for peer > *Mar 21 23:30:17: BR0/0:1 PPP: Treating connection as a callout > *Mar 21 23:30:17: %DIALER-6-UNBIND: Interface BR0/0:1 unbound from profile > Di1 > *Mar 21 23:30:18: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to down > *Mar 21 23:30:19: %LINK-3-UPDOWN: Interface BRI0/0:2, changed state to up > *Mar 21 23:30:19: %DIALER-6-BIND: Interface BR0/0:2 bound to profile Di1. > *Mar 21 23:30:19: BR0/0:2 PPP: Treating connection as a callout > *Mar 21 23:30:19: BR0/0:2 CHAP: O CHALLENGE id 66 len 31 from "RouterA" > *Mar 21 23:30:19: BR0/0:2 CHAP: I CHALLENGE id 228 len 31 from "RouterB" > *Mar 21 23:30:19: BR0/0:2 CHAP: Unable to authenticate for peer > *Mar 21 23:30:19: BR0/0:2 PPP: Treating connection as a callout > *Mar 21 23:30:19: %DIALER-6-UNBIND: Interface BR0/0:2 unbound from profile > Di1 > *Mar 21 23:30:20: %LINK-3-UPDOWN: Interface BRI0/0:2, changed state to down > *Mar 21 23:30:21: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to up > *Mar 21 23:30:21: %DIALER-6-BIND: Interface BR0/0:1 bound to profile Di1 > *Mar 21 23:30:21: BR0/0:1 PPP: Treating connection as a callout > *Mar 21 23:30:21: BR0/0:1 CHAP: O CHALLENGE id 143 len 31 from "RouterA" > *Mar 21 23:30:21: BR0/0:1 CHAP: I CHALLENGE id 229 len 31 from "RouterB" > ..*Mar 21 23:30:21: BR0/0:1 CHAP: Unable to authenticate for peer > > > Debug ppp authentication on Router B: > *May 14 07:46:25: %LINK-3-UPDOWN: Interface BRI3/1:1, changed state to up > *May 14 07:46:25: BR3/1:1 PPP: Treating connection as a callin > *May 14 07:46:26: BR3/1:1 PPP: Phase is AUTHENTICATING, by both > *May 14 07:46:26: BR3/1:1 CHAP: O CHALLENGE id 217 len 31 from "RouterB" > *May 14 07:46:26: BR3/1:1 CHAP: I CHALLENGE id 136 len 31 from "RouterA" > *May 14 07:46:26: BR3/1:1 CHAP: Waiting for peer to authenticate first > *May 14 07:46:26: %LINK-3-UPDOWN: Interface BRI3/1:1, changed state to down > *May 14 07:46:27: %LINK-3-UPDOW
Re: Tacacs and dialup authentication
Looked through it for ages. I may be missing something but looks like the authentication is just failing, possibly due to not using the same password on RouterA and RouterB? On RouterA username RouterB password fred On RouterB username RouterA password fred Fingers like mine - too big to tyyppe? Anyone feel free to correct me if info is garbage. Cheers, Gareth "Radford Dion" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Hi Everyone. > > I am having trouble trying to work out why I cannot get a router to connect > via ISDN to another router when tacacs is configured. I want to use the > local Tacacs database and I have followed the instructions on the cisco web > site > http://www.cisco.com/univercd/cc/td/doc/cisintwk/intsolns/aaaisg/c262c2.htm. > I would appreciate any feedback that anyone has. > > This is the scenario > > RouterA ---> dials into > RouterB > > When I remove the aaa configuration parameters from router A it works fine. > > Router A config: > username RouterB password x > > aaa new-model > aaa authentication enable default enable > aaa authentication ppp default local > > int bri 0/0 > no ip address > no ip redirects > no ip directed-broadcast > encapsulation ppp > dialer pool-member 1 > isdn switch-type basic-net3 > no fair-queue > ppp authentication chap > ! > interface Dialer1 > ip address 192.168.0.186 255.255.255.252 > no ip redirects > no ip directed-broadcast > encapsulation ppp > dialer remote-name RouterB > dialer pool 1 > dialer idle-timeout 60 > dialer string 555 > dialer hold-queue 10 > dialer-group 1 > no fair-queue > ppp authentication chap > > > Router B config: > username RouterA password x > > aaa new-model > aaa authentication enable default enable > aaa authentication ppp default local > > int bri 3/1 > ip address 192.168.0.186 255.255.255.252 > encapsulation ppp > dialer idle-timeout 60 > dialer map ip 192.168.0.186 name RouterA 5554324 > dialer-group 2 > ppp authentication chap > > This is the debug output - I tried using debug aaa authentication but there > was no output from either router. > > Debug ppp authentication on Router A: > *Mar 21 23:30:17: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to up > *Mar 21 23:30:17: %DIALER-6-BIND: Interface BR0/0:1 bound to profile Di1 > *Mar 21 23:30:17: %ISDN-6-CONNECT: Interface BRI0/0:1 is now connected to > 555 . > *Mar 21 23:30:17: BR0/0:1 PPP: Treating connection as a callout > *Mar 21 23:30:17: BR0/0:1 CHAP: O CHALLENGE id 142 len 31 from "RouterA" > *Mar 21 23:30:17: BR0/0:1 CHAP: I CHALLENGE id 227 len 31 from "RouterB" > *Mar 21 23:30:17: BR0/0:1 CHAP: Unable to authenticate for peer > *Mar 21 23:30:17: BR0/0:1 PPP: Treating connection as a callout > *Mar 21 23:30:17: %DIALER-6-UNBIND: Interface BR0/0:1 unbound from profile > Di1 > *Mar 21 23:30:18: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to down > *Mar 21 23:30:19: %LINK-3-UPDOWN: Interface BRI0/0:2, changed state to up > *Mar 21 23:30:19: %DIALER-6-BIND: Interface BR0/0:2 bound to profile Di1. > *Mar 21 23:30:19: BR0/0:2 PPP: Treating connection as a callout > *Mar 21 23:30:19: BR0/0:2 CHAP: O CHALLENGE id 66 len 31 from "RouterA" > *Mar 21 23:30:19: BR0/0:2 CHAP: I CHALLENGE id 228 len 31 from "RouterB" > *Mar 21 23:30:19: BR0/0:2 CHAP: Unable to authenticate for peer > *Mar 21 23:30:19: BR0/0:2 PPP: Treating connection as a callout > *Mar 21 23:30:19: %DIALER-6-UNBIND: Interface BR0/0:2 unbound from profile > Di1 > *Mar 21 23:30:20: %LINK-3-UPDOWN: Interface BRI0/0:2, changed state to down > *Mar 21 23:30:21: %LINK-3-UPDOWN: Interface BRI0/0:1, changed state to up > *Mar 21 23:30:21: %DIALER-6-BIND: Interface BR0/0:1 bound to profile Di1 > *Mar 21 23:30:21: BR0/0:1 PPP: Treating connection as a callout > *Mar 21 23:30:21: BR0/0:1 CHAP: O CHALLENGE id 143 len 31 from "RouterA" > *Mar 21 23:30:21: BR0/0:1 CHAP: I CHALLENGE id 229 len 31 from "RouterB" > .*Mar 21 23:30:21: BR0/0:1 CHAP: Unable to authenticate for peer > > > Debug ppp authentication on Router B: > *May 14 07:46:25: %LINK-3-UPDOWN: Interface BRI3/1:1, changed state to up > *May 14 07:46:25: BR3/1:1 PPP: Treating connection as a callin > *May 14 07:46:26: BR3/1:1 PPP: Phase is AUTHENTICATING, by both > *May 14 07:46:26: BR3/1:1 CHAP: O CHALLENGE id 217 len 31 from "RouterB" > *May 14 07:46:26: BR3/1:1 CHAP: I CHALLENGE id 136 len 31 from "RouterA" > *May 14 07:46:26: BR3/1:1 CHAP: Waiting for peer to authenticate first > *May 14 07:46:26: %LINK-3-UPDOWN: Interface BRI3/1:1, changed state to down > *May 14 07:46:27: %LINK-3-UPDOWN: Interface BRI3/1:1, changed state to up > *May 14 07:46:27: BR3/1:1 PPP: Treating connection as a callin > *May 14 07:46:28: BR3/1:1 PPP: Phase is AUTHENTICATING, by both > *May 14 07:46:28: BR3/1:1 CHAP: O CHALLENGE id 218 len 31 from "RouterB" > *May 14 07:46:28: BR3/1:1 CHAP: I CHALLENGE id 62 len 31 from "RouterA" > *May 14 07:46:28: BR3/1:1 CHAP: Waiting for
Re: Tacacs+ Trouble
J, First, you need to know what configuration file is being used. If you don't know, use "ps -ef | grep tac". (it might be ps -aux, I always get my solaris and linux mixed up) Once you know what the config file is, you need to understand the syntax. If the tacacs version your using is the standard Cisco freeware, there should be a text file called users_guide in the directory where the file was unzipped. This will tell you just about everything you need to know to interpret the config file. If you can't find the users_guide file, just download a current tacacs tar file from the Cisco ftp site at ftp-eng.cisco.com/pub/tacacs and you can find it there. HTH, Kent On 4 Mar 2001, at 21:20, joshandlaura wrote: > Hello everyone, > > I have a question regarding TACACS+. I have a server up and > running > already but I've been having trouble administering the box > (adding/deleting users, changing passwords, etc...it's a Dell PC > w/128m and Red Hat 7.0. It runs like a champ but I would like some > better understanding on how TACACS+ server is built up, because our > Network Engineer was "let go" I inherited the box. I have tried to > find some strait-forward answers/configs on the web but haven't seen > anything remotely directional. I can give more info if anyone would > like to take a shot at it... > > > J. Way > Network Technician, CCNA > > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html Report misconduct and > Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Tacacs+ Trouble
The question was: How is a properly built TACACS+ box put together, preferably w/Red Hat 7.0? I would just like some tips. Sorry, I probalbly should have put it in a more question-like form. J. Way "Andy" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > I imagine just asking the question would get better results. > > andy > > On Sun, 4 Mar 2001, joshandlaura wrote: > > > Hello everyone, > > > > I have a question regarding TACACS+. I have a server up and running > > already but I've been having trouble administering the box (adding/deleting > > users, changing passwords, etc...it's a Dell PC w/128m and Red Hat 7.0. > > It runs like a champ but I would like some better understanding on how > > TACACS+ server is built up, because our Network Engineer was "let go" I > > inherited the box. I have tried to find some strait-forward answers/configs > > on the web but haven't seen anything remotely directional. I can give more > > info if anyone would like to take a shot at it... > > > > > > J. Way > > Network Technician, CCNA > > > > > > _ > > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Tacacs+ Trouble
I imagine just asking the question would get better results. andy On Sun, 4 Mar 2001, joshandlaura wrote: > Hello everyone, > > I have a question regarding TACACS+. I have a server up and running > already but I've been having trouble administering the box (adding/deleting > users, changing passwords, etc...it's a Dell PC w/128m and Red Hat 7.0. > It runs like a champ but I would like some better understanding on how > TACACS+ server is built up, because our Network Engineer was "let go" I > inherited the box. I have tried to find some strait-forward answers/configs > on the web but haven't seen anything remotely directional. I can give more > info if anyone would like to take a shot at it... > > > J. Way > Network Technician, CCNA > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: TACACS+ Server for Solaris WHERE?????
Robert, You can also install cisco secure for unix...cisco gives a 60 day evaluation key...all you have to do is get a new key every 60 days...this lets you do TACACS+ and RADIUS..it has a gui and a command line Randy Feliz Senior Network Engineer CCIE# 4331(R/S, ISP Dial) - Original Message - From: <[EMAIL PROTECTED]> To: 'Ccielab' (E-mail) <[EMAIL PROTECTED]>; Cisco@Groupstudy. Com (E-mail) <[EMAIL PROTECTED]>; McCallum, Robert <[EMAIL PROTECTED]> Sent: Thursday, March 01, 2001 8:57 AM Subject: Re: TACACS+ Server for Solaris WHERE? > Robert, > > Funny you should ask, I just downloaded and installed a copy of > the free cisco tacacs server a few days ago. You can pick it up at > ftp-eng.cisco.com/pub/tacacs. > > Be aware that this is an unsupported product with no warranties, > although it does come with a decent user guide. You cannot get > assistance from Cisco on this code, but you do have the source so > if your a code hacker you can pretty much do whatever you want. > It runs fine on my sparc5 with sol8. > > Good luck, > Kent > > On 1 Mar 2001, at 13:29, McCallum, Robert wrote: > > > Hello, > > > > Can anyone let me know where I can fine a copy (free or otherwise) for > > a sun solaris server. Much appreciated. > > > > Robert McCallum > > 10 days till first born is due, 6 months till CCIE lab > > due.Which will be worse > > > > _ > > FAQ, list archives, and subscription info: > > http://www.groupstudy.com/list/cisco.html Report misconduct and > > Nondisclosure violations to [EMAIL PROTECTED] > > > ___ > To unsubscribe from the CCIELAB list, send a message to > [EMAIL PROTECTED] with the body containing: > unsubscribe ccielab _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: TACACS+ Server for Solaris WHERE?????
Robert, Funny you should ask, I just downloaded and installed a copy of the free cisco tacacs server a few days ago. You can pick it up at ftp-eng.cisco.com/pub/tacacs. Be aware that this is an unsupported product with no warranties, although it does come with a decent user guide. You cannot get assistance from Cisco on this code, but you do have the source so if your a code hacker you can pretty much do whatever you want. It runs fine on my sparc5 with sol8. Good luck, Kent On 1 Mar 2001, at 13:29, McCallum, Robert wrote: > Hello, > > Can anyone let me know where I can fine a copy (free or otherwise) for > a sun solaris server. Much appreciated. > > Robert McCallum > 10 days till first born is due, 6 months till CCIE lab > due.Which will be worse > > _ > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html Report misconduct and > Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: TACACS+ Server for Solaris WHERE?????
I'd try http://www.sun.com or http://www.cnet.com or http://www.computershopper.com Isn't the Internet a wonderful place?! -Original Message- From: McCallum, Robert [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 01, 2001 06:29 To: 'Ccielab' (E-mail); Cisco@Groupstudy. Com (E-mail) Subject: TACACS+ Server for Solaris WHERE? Hello, Can anyone let me know where I can fine a copy (free or otherwise) for a sun solaris server. Much appreciated. Robert McCallum 10 days till first born is due, 6 months till CCIE lab due.Which will be worse _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Tacacs and Security question
Dear Greg, Please check it out http://cisco.com/warp/public/707/index.shtml Kindest Regards Muhammad Zahid Greg wrote: > I am studying for the Written exam and I have heard that there are quite a > few security questions that involve Tacacs and radius and when I went to > Cisco's web site and did a search I didnt find alot of information on Tacacs > and Radius. I am looking for information on the workings of Tacacs not the > configuration. Am I doing the wrong kind of search? or does someone else > have a better place to look? > > Thanks, > > Greg Lovato > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Tacacs and Security question
Hi Here is an excellent link that has the comparison of TACACS+ and RADIUS, which would be a good thing to know. http://www.cisco.com/univercd/cc/td/doc/cisintwk/intsolns/aaaisg/c262c1.htm HTH -- John Hardman CCNP MCSE+I ""Greg"" <[EMAIL PROTECTED]> wrote in message 955t43$hhf$[EMAIL PROTECTED]">news:955t43$hhf$[EMAIL PROTECTED]... > I am studying for the Written exam and I have heard that there are quite a > few security questions that involve Tacacs and radius and when I went to > Cisco's web site and did a search I didnt find alot of information on Tacacs > and Radius. I am looking for information on the workings of Tacacs not the > configuration. Am I doing the wrong kind of search? or does someone else > have a better place to look? > > Thanks, > > Greg Lovato > > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Tacacs+/Radius
The Radius server for NT is on the free option pack CD for nt4.0 the Radius server is called Internet Authentication Service (IAS) or some such name. It can only be loaded on NT 4 Server not workstation. I have been using it for remote dial up along with a Shiva Netmodem, for about 3 years and haven't had any problems after the installation. This is a limited function version. The real version comes with,I think?, Site Server. The main difference is you can only use the default nt domain for users, with the full version you can select different domains for user selection. -Original Message- From: Study Cisco [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 30, 2001 3:27 AM To: Piatnitchi Cristian; 'Kevin Wigle'; cisco Cc: [EMAIL PROTECTED] Subject: RE: Tacacs+/Radius Hi all I am also looking for same. There was one free copy ditributed by Microsoft on technet CDs. If some one knows in which month they have distributed the same. Regards. __ Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Tacacs+/Radius
Hi all I am also looking for same. There was one free copy ditributed by Microsoft on technet CDs. If some one knows in which month they have distributed the same. Regards. __ Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Tacacs+/Radius
Hi Kevin CHeck the cisco ftp site I found there the free TACACS+ server a few weeks ago. If the memory helps me there is a free version for Solaris. You have to compile it. Use Copernic to find the exact address. Search free TACACS Crisitan -Original Message- From: Kevin Wigle [mailto:[EMAIL PROTECTED]] Sent: Monday, January 29, 2001 5:49 PM To: cisco Subject: Tacacs+/Radius and further on things tacacs.. Our lab tech is really an anti-NT type of guy. He doesn't want any production servers using NT. And he also would prefer Radius over Tacacs+. Does anyone have a source of freeware Radius for unix? His preferred platform is Solaris. again, tia Kevin Wigle _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Tacacs+/Radius
On Jun 21, 5:24am, "Kevin Wigle" wrote: } } Our lab tech is really an anti-NT type of guy. He doesn't want any } production servers using NT. My type of guy... } And he also would prefer Radius over Tacacs+. Does anyone have a source of } freeware Radius for unix? His preferred platform is Solaris. See: http://www.miquels.cistron.nl/radius and http://www.freeradius.org/ . }-- End of excerpt from "Kevin Wigle" _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Tacacs+/Radius
thanks! We have done that already and yes "vi" was used. :-) Looks good so far. Its providing all that the lab guy wants - which is a good thing. Kevin Wigle - Original Message - From: "peter whittle" <[EMAIL PROTECTED]> Newsgroups: groupstudy.cisco To: <[EMAIL PROTECTED]> Sent: Monday, January 29, 2001 3:28 PM Subject: Re: Tacacs+/Radius > Kevin, > > Ascend (Now Lucent) use to have the sources for the generic Livingston > Radius server on their web site under the support area. You might also > try a search on RADIUS or Livingston on your favourite search engine. > > You will need to compile them using gnu C. When I last played with them > ( a few years back) the sources were meant to be an example of a RADIUS > server. They handle the RADIUS protocol including accounting but are > implemented using a flat text file instead of a database. On a Sparc 20 > it would cope reasonably with c. 3 or 400 users. > > If you want an example to play with then get the sources and have a go. > You could always add database calls to access the user records and > support more users. > > The other draw back is the standard freebie sources did not include a > form entry system to verify and to populate the database. User record > entry tool was called 'vi' and a comma in the wrong place and it didn't > work! > > If you want a production platform with decent performance user record > validation then you will have to pay for a commercial one. > > Hope that that helps. > > Peter > > Kevin Wigle wrote: > > > and further on things tacacs.. > > > > Our lab tech is really an anti-NT type of guy. He doesn't want any > > production servers using NT. > > > > And he also would prefer Radius over Tacacs+. Does anyone have a source of > > freeware Radius for unix? His preferred platform is Solaris. > > > > again, tia > > > > Kevin Wigle > > > > _ > > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Tacacs+/Radius
Kevin, Ascend (Now Lucent) use to have the sources for the generic Livingston Radius server on their web site under the support area. You might also try a search on RADIUS or Livingston on your favourite search engine. You will need to compile them using gnu C. When I last played with them ( a few years back) the sources were meant to be an example of a RADIUS server. They handle the RADIUS protocol including accounting but are implemented using a flat text file instead of a database. On a Sparc 20 it would cope reasonably with c. 3 or 400 users. If you want an example to play with then get the sources and have a go. You could always add database calls to access the user records and support more users. The other draw back is the standard freebie sources did not include a form entry system to verify and to populate the database. User record entry tool was called 'vi' and a comma in the wrong place and it didn't work! If you want a production platform with decent performance user record validation then you will have to pay for a commercial one. Hope that that helps. Peter Kevin Wigle wrote: > and further on things tacacs.. > > Our lab tech is really an anti-NT type of guy. He doesn't want any > production servers using NT. > > And he also would prefer Radius over Tacacs+. Does anyone have a source of > freeware Radius for unix? His preferred platform is Solaris. > > again, tia > > Kevin Wigle > > _ > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Tacacs+/Radius
Yeah, I'm looking to purchase the NFR (Not for Resale) kit and I think it's in there so I can evaluate it. My anti-NT guy thinks that at one time there was a freebie Tacacs or Radius server from Cisco. Can anyone confirm that? He seems to remember that code was provided that you would compile. He also says that it could have been more than a few years ago.. Kevin Wigle - Original Message - From: "Kevin Welch" <[EMAIL PROTECTED]> To: "Kevin Wigle" <[EMAIL PROTECTED]>; "cisco" <[EMAIL PROTECTED]> Sent: Monday, January 29, 2001 12:17 PM Subject: Re: Tacacs+/Radius > Cisco does sell a TACACS+ server for solaris. I agree with your anti-NT > type... if its NT and its in production someone is going to get called > afterhours. > > -- Kevin > - Original Message - > From: "Kevin Wigle" <[EMAIL PROTECTED]> > To: "cisco" <[EMAIL PROTECTED]> > Sent: Monday, January 29, 2001 7:48 AM > Subject: Tacacs+/Radius > > > > and further on things tacacs.. > > > > Our lab tech is really an anti-NT type of guy. He doesn't want any > > production servers using NT. > > > > And he also would prefer Radius over Tacacs+. Does anyone have a source > of > > freeware Radius for unix? His preferred platform is Solaris. > > > > again, tia > > > > Kevin Wigle > > > > _ > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
