Setting up security services on Router

Unanswered Question
Aug 25th, 2007
User Badges:

Can I do these things


1) Setup TACACS+ Server on a router?

2) Setup RADIUS Server on a router?

3) Setup NTP server on a router?

4) Setup Syslog server on a router?

5) Setup SNMP server on a router?


I just need a yes or no answer to all of the above.

Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Richard Burts Sun, 08/26/2007 - 18:24
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Paul


If I take your questions literally then these would be the answers:

1) no you can not set up a router as a TACACS+ server. The router can be a TACACS client but not a server.

2) no you can not set up a router as a RADIUS server. The router can be a RADIUS client but not a server.

3) Yes you can set up a router as an NTP server. To function effectively the router must learn NTP time from some source with reliable authoritative time information. The router can then act as a server for other devices.

4) No you can not set up a router as a syslog server. The router can send syslog to a server but is not a server itself.

5) No you can not set up a router as an SNMP server. The router can send SNMP to a server but is not a server itself.


HTH


Rick

Joe Clarke Sun, 08/26/2007 - 18:59
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Technically, the router is the SNMP server. The router is the agent, and the host is the client. A router can send notifications (e.g. traps) to a host manager, but the majority of the traffic flows from manager to agent. IOS can also be made into an SNMP manager (i.e. client) by configuring "snmp-server manager".

2pparish Sun, 08/26/2007 - 19:39
User Badges:

I thought in most cases a router would be a SNMP client.


I had no idea you could configure a router as an agent, but that is good news, I want to try the snmp-server manager command. Not sure how to poll the clients now, but maybe someone else could help with this.


Thanks :)

Joe Clarke Sun, 08/26/2007 - 19:47
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

In SNMP, the agent is the server and the manager is the client. Most of the time, a router is an agent only. Once the manager is configure, the following command will allow you to poll other managers:


snmp get v1 COMMUNITY IP oid OID


For example:


snmp get v1 public 10.1.1.1 oid system.1.0

2pparish Mon, 08/27/2007 - 07:24
User Badges:

Wouldn't a router be configured as a client, with maybe a server running the SNMP agent somewhere else on the network?


So I guess you could have multiple agents without clients if you chose to do so. The agents could poll each other. This seems like it defeats the purpose of the client-agent model.


Thanks

Joe Clarke Mon, 08/27/2007 - 08:11
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Typically, the router is never configured as a client (manager). In fact, the snmp get command in IOS is a hidden command. The manager functionality is used by other internal subsystems of IOS (e.g. DOCSIS).


The recommended approach is to let the router be the agent, and a host (UNIX, Windows, etc.) be the manager.

Actions

This Discussion