Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
SECUR AAA and Cisco 2500 series router?
- Thread starter CCNA2
- Start date
- Thread starter
- #3
No, it means that you need to go to the Cisco site and find out what was the earliest version that supported AAA. The 2500s can do it, I'm running it on a couple of 2511s and using a free Linux TACACS+ server for the authentication.
Here is the config I'm using:
!
version 12.2
service nagle
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
no service dhcp
!
hostname packetattack-ts
!
logging buffered 16384 debugging
aaa new-model
aaa authentication login default group tacacs+ enable
aaa authentication login old_way none
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
::snip::
This is the version that I'm running:
packetattack-ts uptime is 19 weeks, 12 hours, 14 minutes
System returned to ROM by power-on
System restarted at 19:08:04 pst Thu Jul 31 2003
System image file is "flash:c2500-io-l.122-17a.bin"
MikeS
Find me at
"Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots."
Sun Tzu
Here is the config I'm using:
!
version 12.2
service nagle
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
no service dhcp
!
hostname packetattack-ts
!
logging buffered 16384 debugging
aaa new-model
aaa authentication login default group tacacs+ enable
aaa authentication login old_way none
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
::snip::
This is the version that I'm running:
packetattack-ts uptime is 19 weeks, 12 hours, 14 minutes
System returned to ROM by power-on
System restarted at 19:08:04 pst Thu Jul 31 2003
System image file is "flash:c2500-io-l.122-17a.bin"
MikeS
Find me at
"Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots."
Sun Tzu
- Thread starter
- #5
- Thread starter
- #7
Will this one do?
It only has 8meg of Flash.. you need 16. But then flash is pretty cheap on ebay these days.
Here is an example of a cheap router with everything you need.
Nope.. not mine nor do I know this person.. just the first sample I found.
MikeS
Find me at
"Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots."
Sun Tzu
Here is an example of a cheap router with everything you need.
Nope.. not mine nor do I know this person.. just the first sample I found.
MikeS
Find me at
"Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots."
Sun Tzu
- Thread starter
- #9
That one looks good and cheap 
. I noticed that it has an ISDN interface. I came to think of how I can use it for testing AAA. I suppose the remote user needs to log in via the ISDN or serial ports. How can I test this, when I have no ISDN equipment. Can I somehow connect a PC to one of the serial WAN interfaces? Or do I need to buy a router with an asynch. line instead and dial in via my PC's modem?
What are Boot ROM upgrades? Is that needed?
I looked on the Cisco website and couldn't find a download link for the newest IOS version, is it not publicly available?
Sorry for having so many questions. What can I say, I need answers
Thanks
Thomas
. I noticed that it has an ISDN interface. I came to think of how I can use it for testing AAA. I suppose the remote user needs to log in via the ISDN or serial ports. How can I test this, when I have no ISDN equipment. Can I somehow connect a PC to one of the serial WAN interfaces? Or do I need to buy a router with an asynch. line instead and dial in via my PC's modem?What are Boot ROM upgrades? Is that needed?
I looked on the Cisco website and couldn't find a download link for the newest IOS version, is it not publicly available?
Sorry for having so many questions. What can I say, I need answers
Thanks
Thomas
To get the new code, you need an account with Cisco. This normally revolves around having equipment on some type of contract.
Boot ROM upgrades are normally free pluys shipping. They offer better and enhanced ways of booting and running the router without the IOS for diags and upgrades.
To play with ISDN, you will need a couple of ISDN lines (big bucks) or an ISDN simulator ( not so big bucks but big enough)
Honestly you can fake ISDN with the AUX port going back to back on a pair of routers.
MikeS
Find me at
"Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots."
Sun Tzu
Boot ROM upgrades are normally free pluys shipping. They offer better and enhanced ways of booting and running the router without the IOS for diags and upgrades.
To play with ISDN, you will need a couple of ISDN lines (big bucks) or an ISDN simulator ( not so big bucks but big enough)
Honestly you can fake ISDN with the AUX port going back to back on a pair of routers.
MikeS
Find me at
"Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots."
Sun Tzu
- Thread starter
- #11
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Helpful tip
- Locked
- Question