Setting up security services on Router

Unanswered Question
Aug 25th, 2007

Can I do these things

1) Setup TACACS+ Server on a router?

2) Setup RADIUS Server on a router?

3) Setup NTP server on a router?

4) Setup Syslog server on a router?

5) Setup SNMP server on a router?

I just need a yes or no answer to all of the above.

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Richard Burts Sun, 08/26/2007 - 18:24

Paul

If I take your questions literally then these would be the answers:

1) no you can not set up a router as a TACACS+ server. The router can be a TACACS client but not a server.

2) no you can not set up a router as a RADIUS server. The router can be a RADIUS client but not a server.

3) Yes you can set up a router as an NTP server. To function effectively the router must learn NTP time from some source with reliable authoritative time information. The router can then act as a server for other devices.

4) No you can not set up a router as a syslog server. The router can send syslog to a server but is not a server itself.

5) No you can not set up a router as an SNMP server. The router can send SNMP to a server but is not a server itself.

HTH

Rick

Joe Clarke Sun, 08/26/2007 - 18:59

Technically, the router is the SNMP server. The router is the agent, and the host is the client. A router can send notifications (e.g. traps) to a host manager, but the majority of the traffic flows from manager to agent. IOS can also be made into an SNMP manager (i.e. client) by configuring "snmp-server manager".

2pparish Sun, 08/26/2007 - 19:39

I thought in most cases a router would be a SNMP client.

I had no idea you could configure a router as an agent, but that is good news, I want to try the snmp-server manager command. Not sure how to poll the clients now, but maybe someone else could help with this.

Thanks :)

Joe Clarke Sun, 08/26/2007 - 19:47

In SNMP, the agent is the server and the manager is the client. Most of the time, a router is an agent only. Once the manager is configure, the following command will allow you to poll other managers:

snmp get v1 COMMUNITY IP oid OID

For example:

snmp get v1 public 10.1.1.1 oid system.1.0

2pparish Mon, 08/27/2007 - 07:24

Wouldn't a router be configured as a client, with maybe a server running the SNMP agent somewhere else on the network?

So I guess you could have multiple agents without clients if you chose to do so. The agents could poll each other. This seems like it defeats the purpose of the client-agent model.

Thanks

Joe Clarke Mon, 08/27/2007 - 08:11

Typically, the router is never configured as a client (manager). In fact, the snmp get command in IOS is a hidden command. The manager functionality is used by other internal subsystems of IOS (e.g. DOCSIS).

The recommended approach is to let the router be the agent, and a host (UNIX, Windows, etc.) be the manager.

Actions

This Discussion