1646 old port for accounting cisco acs cisco access

Info icon This preview shows pages 121–131. Sign up to view the full content.

View Full Document Right Arrow Icon
1646 old port for accounting Cisco ACS (cisco access control server):this device include both RADIUS and TACACS TACACS:It check every command that the admin is writing and also separated check for authentication and authorization RADIUS: authentication and authorization send together for checking RADIUS Is doing better job in accounting than TACACS TACACS for local user ….. RADIUS for remote user
Image of page 121

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Cont’ Default : it is Logging method list one it applied ,applied to all the point we are login Username admin privilege 15 secret cisco1 Username teddy privilege 1 secret teddy1 Enable secret cisco1 Aaa new-model Tacacs-server host 192.168.3.1 Tacacs-server key cisco123 Aaa authentication login default group tacacs+ local Aaa authentication login free-bird none(custom method list none:no authentication )
Image of page 122
Cont’ Line console 0 Login authentication free-bird Exit Aaa authorization commands 1 TAC1 group tacacs+ local Aaa authorization commands 15 TAC15 group tacacs+ local
Image of page 123

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Cont’ Aaa authorization config-command(by default if you enter into configuration mode there is no authorization but if you this command it will continue on configuration mode) Aaa accounting commands 1 TAC-act1 start- stop group tacacs+ Aaa accounting commands 15 TAC-act15 start- stop group tacacs+
Image of page 124
Cont’ Line vty 0 4 Authorization commands 1 TAC1 Authorization commands 15 TAC15 accounting commands 1 TAC-act1 accounting commands 15 TAC-act15 Exit Exit Debug aaa authentication telnet 10.25.0.123 Default:if we use this it applies on ever login place Custom(group):we can applies on specific login Do debug aaa authentication
Image of page 125

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Cont’ Debug tacacs telnet ip address of the router Test aaa group tacacs+ testadmin cisco legacy Debug aaa authentication Debug aaa authorization Debug aaa accounting telnet ip address of the router
Image of page 126
Cont’ Enable secret cisco Aaa new-model Aaa authentication login default De debug aaa authentication Do telent ip of the router
Image of page 127

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
19 - Best Practices Management interfaces, protocols and timeouts Disable unused ports:AUX,switch , etc Control plane policing/ control plane protection Banner warning messages Remove inactive TCP sessions to/from router Date/time stamps on log and debug messages Auto archive of configs to central server Secure bootset for config and ios image Authentication for routing protocols and FHRP No source routing, no options allowed Disable unused services
Image of page 128
Cont’ Control-plane host Management-interface gig1/0 allow ssh https snmp Exit Do show control-plane host features Timeouts on VTY sesstions Line vty 0 15 Exec-timeout 10 exit
Image of page 129

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Cont’ Disable AUX port Line aux 0 No exec No transport in No transport out Exit TCP base session ether going to or from the router and the other
Image of page 130
Image of page 131
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern