Ip access group deny in exit ip inspect name remember

Info icon This preview shows pages 109–122. Sign up to view the full content.

View Full Document Right Arrow Icon
Ip access-group DENY in Exit Ip inspect name REMEMBER TCP Ip inspect name REMEMBER UDP Ip inspect name REMEMBER ICMP Int fa0/4 Ip inspect REMEMBER out Show ip inspect interfaces
Image of page 109

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Cont’ Show ip inspection sessions ZBF:traffic trying to be routed between the zones you created is denied by default. Identify zones(add interface) Identify traffic(class maps):identify protocol and application layer. Identify the action(policy maps):inspect(remember) ,allow/pass,drop Identify the zones involved(zone pair) Specify the policy to use to use on the zone pair(service poliy)
Image of page 110
17-10 Zone Based Firewall Implementation Another GUI for router is cisco security manager .it is like CCP Any traffic between zone is not allowed Self zone is the router itself By default from self zone to self zone and from self zone to other zone is allowed,to lock use zone pair
Image of page 111

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Cont.’
Image of page 112
18 - AAA Authentication , authorization and accounting Used for RBAC and centralized management RBAC: role base access control include separation of duties Centralized management :in this case we can used ISE ,ACS, RADIUS and TACACS RADIUS:for user authentication TACACS:to verify who that user is and to accounting
Image of page 113

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Cont’ Set up Enable AAA new model Set up method lists for AAA Apply the method lists for AAA Aaa new-model Username bob1 privilege 15 secret cisco123 Aaa authentication login M-LOGIN group tacacs+ local
Image of page 114
Cont’ Aaa authorization exec M-EXEC group tacacs+ local Aaa authorization commands 1 M-LVL-1 group tacacus+ local(authorization for level 1) Aaa authorization commands 15 M-LVL-15 group tacacus+ local(authorization for level 15) Aaa authorization config- commands(authorization for configuration command)
Image of page 115

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Cont’ Aaa accounting exec M-ACCT-EXEC start-stop group tacacs+ Aaa accounting comands 1 M-1-ACCT start-stop group tacacs+(accounting for level 1) Aaa accounting comands 15 M-15-ACCT start- stop group tacacs+(accounting for level 15) In RADICUS only pass is encrypted all session including username not encrypted TACACS+: every thing is encrypted
Image of page 116
Cont’ Tacacs-server host 192.168.1.55 Tacacs-server key cisco123 Do test aaa group tacacs+ bob1 cisco123 legacy Line vty 0 15 Login authentication M-LOGIN Authorization exec M-EXEC Accounting exec M-ACCT-EXEC Authorization commands 1 M-LVL-1 Accounting commands 1 M-1-ACCT Authorization commands 15 M-LVL-15 Accounting commands 15 M-15-ACCT
Image of page 117

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Cont’ Debug tacacs Ssh –l teddy –v 2 10.25.0.204 Undebug all Debug aaa accounting Conf t Show ssh To see ssh version we used
Image of page 118
18-3 Fortifying the Local Router Check CCNA security ppt 27-3 Fortifying the Local Router Check CCNP Security ppt 10-3 Fortifying the Local Router
Image of page 119

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
18-04 AAA RADIUS and TACACS
Image of page 120
Cont’ 1812 the current standard port for authentication 1813 the current standard port for accounting 1645 old new port for authentication
Image of page 121

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 122
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern