out-of-band management using WAC-AM-1 card

Unanswered Question
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
miwitte Fri, 01/25/2008 - 13:03

This is what we use. We have a ACS server that hands out our dialback number per user or if it can't contact the TACACS server it will use the local username/password. Works like a champ. It will give you a 192.168.51.x address you telnet to 192.168.51.1. We also have 2 octopus cable to reverse telent to other devices.

aaa group server tacacs+ TACACSServers

server 10.x.x.x !

aaa authentication login default local-case

aaa authentication login RemoteAdmin group TACACSServers local-case

aaa authentication enable default enable group TACACSServers

aaa authentication ppp RemoteAdmin group TACACSServers local

aaa authentication dot1x default group RadiusServers

aaa authorization config-commands

aaa authorization exec RemoteAdmin group TACACSServers local

aaa authorization commands 1 RemoteAdmin group TACACSServers local

aaa authorization commands 15 RemoteAdmin group TACACSServers local

aaa authorization network RemoteAdmin group TACACSServers local

aaa accounting exec default start-stop group TACACSServers

aaa accounting exec RemoteAdmin start-stop group TACACSServers

aaa accounting commands 1 default stop-only group TACACSServers

aaa accounting commands 1 RemoteAdmin stop-only group TACACSServers

aaa accounting commands 15 default stop-only group TACACSServers

aaa accounting commands 15 RemoteAdmin stop-only group TACACSServers

aaa accounting network default start-stop group tacacs+

aaa accounting network RemoteAdmin start-stop group TACACSServers

aaa accounting connection default start-stop group TACACSServers

aaa accounting connection RemoteAdmin start-stop group TACACSServers

aaa accounting system default start-stop group TACACSServers

ip dhcp excluded-address 192.168.51.1

ip dhcp pool RemoteAdmin

network 192.168.51.0 255.255.255.0

ip host CON1 2033 223.223.223.1

ip host CON2 2034 223.223.223.1

ip host CON3 2035 223.223.223.1

ip host CON4 2036 223.223.223.1

ip host CON5 2037 223.223.223.1

ip host CON6 2038 223.223.223.1

ip host CON7 2039 223.223.223.1

ip host CON8 2040 223.223.223.1

username mikedesk callback-dialstring 1xxxxxxxxxx password 7 blah

interface Loopback192

ip address 192.168.51.1 255.255.255.0

!

interface Loopback223

ip address 223.223.223.1 255.255.255.255

!

!

interface Async1

ip unnumbered Loopback192

no ip redirects

no ip unreachables

no ip proxy-arp

encapsulation ppp

dialer in-band

dialer callback-secure

dialer-group 1

async mode dedicated

peer default ip address dhcp-pool RemoteAdmin

ppp callback accept

ppp authentication chap callin RemoteAdmin

ppp authorization RemoteAdmin

ip tacacs source-interface FastEthernet0/0

!

!

ip radius source-interface FastEthernet0/0

!

dialer-list 1 protocol ip permit

tacacs-server host 10.x.x.x port 49 key xxx

tacacs-server directed-request

tacacs-server key xxx

line 1

exec-timeout 5 0

modem InOut

modem autoconfigure discovery

transport input telnet

transport output telnet

autoselect ppp

stopbits 1

speed 115200

flowcontrol hardware

line 33 48

transport input telnet

line aux 0

line vty 0 4

password xxx

authorization commands 1 RemoteAdmin

authorization commands 15 RemoteAdmin

authorization exec RemoteAdmin

accounting connection RemoteAdmin

accounting commands 1 RemoteAdmin

accounting commands 15 RemoteAdmin

accounting exec RemoteAdmin

logging synchronous

login authentication RemoteAdmin

transport input telnet

line vty 5 15

authorization commands 1 RemoteAdmin

authorization commands 15 RemoteAdmin

authorization exec RemoteAdmin

accounting connection RemoteAdmin

accounting commands 1 RemoteAdmin

accounting commands 15 RemoteAdmin

accounting exec RemoteAdmin

logging synchronous

login authentication RemoteAdmin

transport input telnet

Actions

This Discussion