[c-nsp] Is there any Cisco router that can..
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Mon Feb 13 02:54:13 EST 2006
Mohsen A. Momeni <mailto:m.alimomeni at gmail.com> wrote on Monday,
February 13, 2006 8:30 AM:
> Hi,
>> I don't know. Which Firewall are you using?
> The firewall can be programmed to have the functionality, but just
> have the IP address to query the router to get the username form it? I
> think there maybe tables in routers to keep User/IP of each
> connection. Firewall needs to get this information from router. Is it
> possible or is there any configuration in router that let the firewall
> query these informations?
well, there is, for example, the CISCO-AAA-SESSION-MIB you can query via
SNMP. The MIB contains the active sessions on the NAS including the IP
address, but the FW will likely have to query the complete MIB tree
(casnActiveTable, 1.3.6.1.4.1.9.9.150.1.1.3) and extract the
information it needs... I don't know if there is a simple MIB which can
be queried using the IP address as key.
The session information could also be available on your AAA server (if
it maintains a session database).
I think you need to check with your firewall vendor how to achieve this.
oli
More information about the cisco-nsp
mailing list