CCIE Security Practice Labs

Section 7.0: AAA

7.1. AAA on the Router

Configure R7 router management with TACACS+ using the AAA server, as shown in Figure 7-1.

Configure PIX translation and ACL accordingly:

pixfirewall(config)# show static
static (inside,outside) 175.1.2.3 172.16.1.3 netmask 255.255.255.255 0 0

pixfirewall(config)# show access-list
access-list 101 permit tcp host 171.7.5.1 host 175.1.2.3 eq tacacs
  (hitcnt=81)

Hidden issue: There is ingress ACL on the R5 ATM link. You need to allow TCP/49 from R7 to the AAA server:

r5#show access-lists 101 Extended IP access list 101 permit udp host 171.7.5.1 eq ntp host 179.7.2.2 eq ntp (1 match) deny ip any 179.7.2.0 0.0.0.7 (18 matches) deny icmp any 175.1.2.0 0.0.0.255 echo-reply (10 matches) permit icmp any any (30 matches) ...

Get CCIE Security Practice Labs now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

CCIE Security Practice Labs by Fahim Hussain Yusuf Bhaiji

Section 7.0: AAA

7.1. AAA on the Router

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly