Solved

Setting up CBAC

Posted on 2006-07-01
2
234 Views
Last Modified: 2006-11-18
Hi,

       I am haivng trouble setting up CBAC. I practing setting up CBAC because I am going to have to implement it at work in a few days. I am try to monitor a ssh connection. Here is the situation. I currently have an access list applied to Rtra interface s0/0 allowing ssh into RtrA and denys everything else. I want to setup CBAC to monitor the sessions which are established to Rtra using ssh. Below is diagram of my network. If you need the configs for the routers please let me know.
 
 
                                                5.0.2.0/24
       10.1.1.0/24-----------E0/0RtrBS0/0---------S0/0RtrAE0/0-------80.1.1.0/24
 
     
            Thank You,
            Victor
 
0
Comment
Question by:vreyesii
2 Comments
 
LVL 15

Accepted Solution

by:
Frabble earned 500 total points
Comment Utility
Assuming the access list is correct, you configure an inspect policy with "audit-trail on" for the service you wish to track. For example

ip inspect name WAN-IN ssh audit-trail on

and apply it to the interface ...

interface S0/0
  ip inspect WAN-IN in

You would normally send the information to a syslog server, but to have this appear in the router logs, set up date and time stamping:

service timestamps log datetime msec localtime show-timezone

You also have to set the logging level to 6:

logging buffered 51200 informational

To view:

show logging

For more detail, check out:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/ftrafwl/scfcbac.htm
0
 

Author Comment

by:vreyesii
Comment Utility
Thanks for the help.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

It happens many times that access list (ACL) have to be applied to outgoing router interface in order to limit some traffic.This article is about how to test ACL from the router which is not very intuitive for everyone. Below scenario shows simple s…
Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now