Setting up CBAC


       I am haivng trouble setting up CBAC. I practing setting up CBAC because I am going to have to implement it at work in a few days. I am try to monitor a ssh connection. Here is the situation. I currently have an access list applied to Rtra interface s0/0 allowing ssh into RtrA and denys everything else. I want to setup CBAC to monitor the sessions which are established to Rtra using ssh. Below is diagram of my network. If you need the configs for the routers please let me know.
            Thank You,
Who is Participating?
FrabbleConnect With a Mentor Commented:
Assuming the access list is correct, you configure an inspect policy with "audit-trail on" for the service you wish to track. For example

ip inspect name WAN-IN ssh audit-trail on

and apply it to the interface ...

interface S0/0
  ip inspect WAN-IN in

You would normally send the information to a syslog server, but to have this appear in the router logs, set up date and time stamping:

service timestamps log datetime msec localtime show-timezone

You also have to set the logging level to 6:

logging buffered 51200 informational

To view:

show logging

For more detail, check out:
vreyesiiAuthor Commented:
Thanks for the help.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.