! ! " ! !" # $ ! % &' & %& & (& ) *& & &(+ ') ,') ,' (& -%%$ & ,(& - '/ *& + '- % ), -+&' ,' ')0,( , (& 23+ &( % 45 $ - '/ *& + &( % $,- /(&& , & ,-') $ *& &(+ ') ,') ,' , * % &' & $,- ), ', /(&& * *& &(+ , * % &' & (,+ %$ (& -(' *& -'- &) + &( % 21 * (,, , $+&' , *& % & , -( * & ,( -%% (& -') ! 23 45 + $ ! ! 23$ 45 + $ # 23 45 # ! !$ ! " 275 ! $ # ! ! ! ! & & & (& %$ - *,( 8&) ,9& $,- * %% ', : , $ ' 1*,%& ,( ' ( + &( % ; +,) $ *& , (&; (&9&( & ,+ %& ,( (&9&( & &+.%& %% ,( '$ ,( ,' , *& , (&; ,( (&' %& & ) ( - & &%% ,( (& & )&( 9& 1,(< , *& + &( % $ ! $ + ! " $ ! ! ! $ ! + % + + ! ! $ ! % % ! ! ! % - ! ! = # % ! ! + # ! # ! $ $ - $ ! &# # ! " ! ! ! ! % % % + ( ( / =( = > =),) % + &) ( /* ( (& ( &) ( /* ! ),) ( ?@ @@A=7B ! - / > ! ) ) ( @?@ @@A=AC7? ) ( @@A A@C@ ) % +&( , (( ' $ %% + &( % (& (,9 )&) * %% -% , ') - % &( ) % + %% (( ' & & (& &) ,( + % &) ' %-) '/ *,- % + ,' *, & , +&( * ' % $ '& ,( ( -% ( -( , & ') ',' ' ( '/&+&' ,( ( '/ (,+ ,-( & , )& % '/ - /& ,( ( )& ( & ' ', &9&' * %% ,' &D-&' % ,( ,( %, ,( ) + /& &9&' , ,( ) + /& ! , ,( - % &( & % %& ,( '$ ') (& & % ' )&' % ) + /& ' %-) '/ *,- % + ,' %, (, ,) ( '/ ,- , *& - & ,( ' % $ , - & * + '- % - % &( * 9& &&' )9 &) , *& , % $ , - * > > ! $ # !$ ! = : ! 7? 6 = ! ! ! , " ! # ! = ! ! : > ! ! 7? * + ! 6 > ! ! E ! ! ! 6 ! ! ! ! # $ ! ! ! ! 6 ! ! : F F+ F+ F ! 6 ! + E ! " " ! ! ! ! ! " ! 2- G 7BH7 ( ! ' " ( ' ( ) / ! + - ! / " ! , - > ! ) & ' < I -' #! % " " ; & 0 ( " ; ! - ' ( !1 " % , ! & ' "9 ) ! , * + ( " & ! % ! ) % " " @CCC +/ ! " ) ! % " ) / " " " )= " - ! ! ■ ■ ■ "# $% "& " %& % ' ' " ' ( ( ' && && " ) * ( +, ' ' && ( + && " ' '& " ' ( ( ( ' & + ( % &( + & && && ' ) ! "# " $ ' ( " " ' & + ' ( ( ' ' ( ( / ' &' & && ) % & && ( ( && " ' 3" + && - ! " ( " ( " ( " " ( % % % ( % + ! & - && ' ' ' & ( + && " ( % )8 " ( % " ( " ( % : " ( % ; + && + && &7 & & ) % & ' && ( && ' / ! " " ( % ' ( % + " ( " ( % + ; < < && / ' ' && / && ( ( ( ( ( ! # % = % "& = " " " " %& % )> % % ' "& > & " " ) : & ? " "6 "1 & " & & & ( " ( ) ? & % & " & ( % "= " @ & %( A' ; $ ! %( + B( && " & = & ) && @ 3@ @ @ *C " & ) < % "D "D " "1 % > ) && '( " "# ! % "@ % & +6 "2 A = : ! & "# : ! A - A - A = A = 3@ @ A < 9; + A - : ! * C " < 5EF && : = A 9; 5EF A - : A - + A - && C " C " A - A - 3@ C " B3 B ! & ! 3@ C " B3 B & "# : ! A - )" C " @ @ @ < 9; A - & "& : : + && + : && A - : 5EF A - ! & ! ■ ! ■ ! ■ !! ■ ■ " ■ # ■ $ !! / % # $ # '& % % % & C # 'EF # # ' # # * !"% % $ & % # '& % % # %& $ ! % + > ! "" ) ) % ! ! ' '& % $ # '& % % * "" ' * " ! & ! & % 9 " ! % ! & @22 B= ;! % % & & % ! " ! % & C # 'EF ' # ' # ' # ' # / # ' # / # ' # ' # ' # # "! $ # & " $ ' @ " " "" ' '& ' ' * #! #& % $ ! " " ! ( " ' ' % % & @22 % % ! " ' ! & % & % ! ' 9 % ( % % $ " % & + " % $ & C &$ % + % $ # 'EF # # " % %& $ % $ ! + # $ & "" )' '& H * ! " , % " !& % ! & & ! & ! " ! ;% A+ + ) # '& & % " &$ % ! % ! " ' * ■ ■ ■ ■ ;% * %' % " ! % ;% * %' % D - & % ( D 77 77 77 > = J% ( I / I/ / > = I ? %"" I = ( % I / I/ / = ! " ! $ % & /% ( ) # '& & ' ! -/ ) " ' ! ' ( % " % ' *+ + != , - % * !1 % * !7 +" !8 !> ' !@ ' " *+ + /% !" % = ! ! ' 1" , ! % - = ( B= ( ! ! ! '! '! % % % auth-proxy '! % C % '! ! ( " " " '! ! " ! proxyacl#1=permit tcp any any priv-lvl=15 ' ! = !" = /% ( ) % # '& ) ! %+ " ! " Router# configure terminal ! ! Router(config)# aaa new-model != Router(config)# aaa authentication login default group tacacs+ !1 Router(config)# aaa authorization auth-proxy default group tacacs+ !7 ' Router(config)# tacacs-server host 10.0.P.3 Router(config)# tacacs-server key secretkey @ "% !8 Router(config)# no access-list 101 ' ! " ! !> % +++.% ' Router(config)# Router(config)# Router(config)# Router(config)# Router(config)# A ! " - ( access-list access-list access-list access-list access-list 101 101 101 101 101 permit tcp host 10.0.P.3 eq tacacs host 10.0.P.1 permit icmp any any permit tcp 10.0.P.0 0.0.0.255 any eq ftp permit tcp 10.0.P.0 0.0.0.255 any eq www deny ip any any (where P = pod number, and Q = peer pod number) ! !@ # , Router(config)# ip http server Router(config)# ip http authentication aaa /% ( =) # '& &$ % + ! Router(config)# ip auth-proxy name APRULE http auth-cache-time ! Router(config)# interface ethernet 0/0 Router(config-if)# ip auth-proxy APRULE Router(config-if)# end /% ( 1) / % # ) ! ! &$ % ! + "" ' ! " ' % "" Router# show access-list Extended IP access list 101 Extended IP access list 102 ) ! ! ! ' ! " "" "" % Router# show ip inspect sessions != ! "" % ! ' ! " "" Router# show ip auth-proxy configuration Authentication global cache time is _ minutes Authentication Proxy Rule Configuration ! " ! $ % & ' Auth-proxy name http list not specified auth-cache-time _ minutes !1 ! "" % ! ' ! " "" Router# show ip auth-proxy statistics Authentication Proxy Statistics proxied client number _ !7 ! % "" ! ' ! " "" Router# show ip auth-proxy cache " !8 ' "" " ) ! '! C:\> ping 172.30.1.50 Pinging 172.30.1.50 with 32 bytes of data: Reply Reply Reply Reply !> from from from from 172.30.1.50: 172.30.1.50: 172.30.1.50: 172.30.1.50: bytes=32 time=34ms TTL=125 bytes=32 time=34ms TTL=125 bytes=32 time=34ms TTL=125 bytes=32 time=36ms TTL=125 + !! ! '! + ! % 1/ http://172.30.1.50 !@ + !! " " Username: aaauser Password: aaapass ! ! ! "" " ' % ! ' "" Router# show access-list Extended IP access list 101 Extended IP access list 102 On your router, use the show ip inspect sessions command to see CBAC sessions: Router# show ip inspect sessions ' ! " ! ! ! % "" ! ' ! " "" Router# show ip auth-proxy statistics Authentication Proxy Statistics proxied client number _ ! ! % "" ! ' ! " "" Router# show ip auth-proxy cache ! " ! $ % & '' & % "" % & # /$ # %& %"" %& $ $ # "" ' &!! -/ % % ! + ! " ) -5 * # # % %& $ %"" &$ % $ &'$ %& $ % % ! + $ 3// % $ " ' %"" %"" %# & ' == '( ! " ! ! # ! " ! ! $ % % & " ' ! " ( ! ! $ monitor> interface [num] ' $ monitor> address [IP_address] ' ! ) *$ monitor> gateway [IP_address] + $ monitor> ping [server_addres] , $ monitor> server [IP_address] , $ monitor> file [name] ' $ monitor> tftp # ! " $ # ! # $00 " ! " ## - /! 0 ! ! *$ " " " ! )##.* ) 0 ! ! " " $ C:\> rawrite RaWrite 1.2 – Write disk file to a floppy diskette ! Enter the source file name: pixXXX.bin (where XXX=version number) Enter the destination drive: a: Please insert a formatted diskette into drive A: and press –ENTER- : Number of sectors per track for this disk is 18 Writing image to drive A: Press ^C to abort Track: 78 Head: Sector: 16 Done C:\> % ! ! % & ! 3! " " "1 ! ! # & " ! " $ ## ) $00 ! /! " " ! 0 0 ! ## - % " ! /! " - " " ## ) $00 ! *$ ! ! *$ 0 ! " " ! ! ! " " $ C:\> rawrite RaWrite 1.2 – Write disk file to a floppy diskette Enter the source file name: bhXXX.bin (where XXX=version number) Enter the destination drive: a: Please insert a formatted diskette into drive A: and press –ENTER- : Number of sectors per track for this disk is 18 Writing image to drive A: Press ^C to abort Track: 78 Head: Sector: 16 Done C:\> % ! & ! % " % ! 3! " ! ! ( ! $ boothelper> interface [num] ' $ boothelper> address [IP_address] ' ! ) *$ boothelper> gateway [IP_address] ! ! " # $ % % % & + $ boothelper> ping [server_addres] , $ boothelper> server [IP_address] , $ boothelper> file [name] ' "$ boothelper> tftp ! % ! ' % & " 6! & "1 ! " ! ! " # ! " ! " # /! & ## ) $00 " & % "# $ ! /! " " ! 0 0 ! ## - ! *$ " " " ! ! " ! ( $ ! " C:\> rawrite RaWrite 1.2 – Write disk file to a floppy diskette Enter the source file name: npXXX.bin (where XXX=version number) Enter the destination drive: a: Please insert a formatted diskette into drive A: and press –ENTER- : Number of sectors per track for this disk is 18 Writing image to drive A: Press ^C to abort Track: 78 Head: Sector: 16 Done C:\> % ! & ! 3! "7 ( " Do you wish to erase the passwords? [yn] y Passwords have been erased ! % " ! " # /! "# $ ## ) $00 ! ! ! /! " " 0 0 ! ## ! ! *$ " " " # $ % % % % % ! 3! ! " % ! ! % % & " ' ! $ monitor> interface [num] ' $ monitor> address [IP_address] ' ! ) $ monitor> gateway [IP_address] + $ monitor> ping [server_addres] , $ monitor> server [IP_address] , $ monitor> file [name] ' $ monitor> tftp ( " Do you wish to erase the passwords? [yn] y Passwords have been erased ! ( % " !