Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1036
Views
0
Helpful
6
Replies

Setting up security services on Router

2pparish
Level 1
Level 1

‎08-25-2007 05:44 PM

Can I do these things

1) Setup TACACS+ Server on a router?

2) Setup RADIUS Server on a router?

3) Setup NTP server on a router?

4) Setup Syslog server on a router?

5) Setup SNMP server on a router?

I just need a yes or no answer to all of the above.

Thanks

Labels:
0 Helpful
6 Replies 6

Richard Burts
Hall of Fame
Hall of Fame

‎08-26-2007 06:24 PM

Paul

If I take your questions literally then these would be the answers:

1) no you can not set up a router as a TACACS+ server. The router can be a TACACS client but not a server.

2) no you can not set up a router as a RADIUS server. The router can be a RADIUS client but not a server.

3) Yes you can set up a router as an NTP server. To function effectively the router must learn NTP time from some source with reliable authoritative time information. The router can then act as a server for other devices.

4) No you can not set up a router as a syslog server. The router can send syslog to a server but is not a server itself.

5) No you can not set up a router as an SNMP server. The router can send SNMP to a server but is not a server itself.

HTH

Rick

HTH

Rick
0 Helpful

Joe Clarke
Cisco Employee
Cisco Employee
In response to Richard Burts

‎08-26-2007 06:59 PM

Technically, the router is the SNMP server. The router is the agent, and the host is the client. A router can send notifications (e.g. traps) to a host manager, but the majority of the traffic flows from manager to agent. IOS can also be made into an SNMP manager (i.e. client) by configuring "snmp-server manager".

0 Helpful

2pparish
Level 1
Level 1
In response to Joe Clarke

‎08-26-2007 07:39 PM

I thought in most cases a router would be a SNMP client.

I had no idea you could configure a router as an agent, but that is good news, I want to try the snmp-server manager command. Not sure how to poll the clients now, but maybe someone else could help with this.

Thanks :)

0 Helpful

Joe Clarke
Cisco Employee
Cisco Employee
In response to 2pparish

‎08-26-2007 07:47 PM

In SNMP, the agent is the server and the manager is the client. Most of the time, a router is an agent only. Once the manager is configure, the following command will allow you to poll other managers:

snmp get v1 COMMUNITY IP oid OID

For example:

snmp get v1 public 10.1.1.1 oid system.1.0

0 Helpful

2pparish
Level 1
Level 1
In response to Joe Clarke

‎08-27-2007 07:24 AM

Wouldn't a router be configured as a client, with maybe a server running the SNMP agent somewhere else on the network?

So I guess you could have multiple agents without clients if you chose to do so. The agents could poll each other. This seems like it defeats the purpose of the client-agent model.

Thanks

0 Helpful

Joe Clarke
Cisco Employee
Cisco Employee
In response to 2pparish

‎08-27-2007 08:11 AM

Typically, the router is never configured as a client (manager). In fact, the snmp get command in IOS is a hidden command. The manager functionality is used by other internal subsystems of IOS (e.g. DOCSIS).

The recommended approach is to let the router be the agent, and a host (UNIX, Windows, etc.) be the manager.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents