Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Setting up CBAC

Posted on 2006-07-01
2
239 Views
Last Modified: 2006-11-18
Hi,

       I am haivng trouble setting up CBAC. I practing setting up CBAC because I am going to have to implement it at work in a few days. I am try to monitor a ssh connection. Here is the situation. I currently have an access list applied to Rtra interface s0/0 allowing ssh into RtrA and denys everything else. I want to setup CBAC to monitor the sessions which are established to Rtra using ssh. Below is diagram of my network. If you need the configs for the routers please let me know.
 
 
                                                5.0.2.0/24
       10.1.1.0/24-----------E0/0RtrBS0/0---------S0/0RtrAE0/0-------80.1.1.0/24
 
     
            Thank You,
            Victor
 
0
Comment
Question by:vreyesii
2 Comments
 
LVL 15

Accepted Solution

by:
Frabble earned 500 total points
ID: 17038031
Assuming the access list is correct, you configure an inspect policy with "audit-trail on" for the service you wish to track. For example

ip inspect name WAN-IN ssh audit-trail on

and apply it to the interface ...

interface S0/0
  ip inspect WAN-IN in

You would normally send the information to a syslog server, but to have this appear in the router logs, set up date and time stamping:

service timestamps log datetime msec localtime show-timezone

You also have to set the logging level to 6:

logging buffered 51200 informational

To view:

show logging

For more detail, check out:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/ftrafwl/scfcbac.htm
0
 

Author Comment

by:vreyesii
ID: 17053804
Thanks for the help.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
2 routers, one cable modem 10 105
BGP routing on Windows 2016 7 93
BGP Code 12 54
ACL deny / Permit 10 22
This article is a guide to configure bridging on Cisco Routers.  This is something I never knew was possible until after making a few phone calls to Cisco.  Using bridging saved our company money by not requiring us to purchase a new switch.  Bridgi…
The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question