Tingnan ang lahat ng mga set ng pag-aaral

Cisco AAA Authentication

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

What is the command to define a group name that will contain the list of AAA servers to consult?

(config)# *aaa group server* {*radius* | *tacacs+*} <group-name>

What is the command to define a RADIUS server?

(config)# *radius-server host* {<hostname> | <ip-address>} {*auth-port* <port-num> | *acct-port* <port-num>} [*key* <string>]

What is the command to define a TACACS+ server?

(config)# *tacacs-server host* {<hostname> | <ip-address>} {*port* <port-num> [*key* <string>]

What is the command to configure the local username/password combinations that are to be stored locally?

(config)# *username* <name> *password* <password>

While in server group configuration mode, how do you list the servers that you want to belong to this group?

(config-sg-tacacs+)# *server* [<ip-address> | <host-name>] [*auth-port* <port-num> | *acct-port* <port-num>]

When configuring AAA, when should you save the configuration to the startup-config file?

1. After you configure the local usernames/passwords, but before you configure AAA. 2. After you configure AAA and verify that it works properly.

Generally speaking, what are the basic steps to configure AAA authentication on a Cisco device?

1. Enable AAA on the switch (it is disabled by default). 2. Define the sources that are to be used for authentication. 3. Define a list of authentication methods to try. 4. Apply the method list to an interface, VTY line, or AUX port. 5. Test the configuration.

What are the methods used to authenticate a user?

1. Local 2. Line 3. RADIUS 4. TACACS+

What is the default port number for TACACS+?

What is a Network Access Server (NAS)?

A device that allows access to the network or to the Internet.

How does the "RADIUS" method of authentication work?

Each RADIUS server listed in the Cisco device's startup-config file is tried in the order that it was configured.

How does the "TACACS+" method of authentication work?

Each TACACS+ server listed in the Cisco device's startup-config file is tried in the order that it was configured.

How do you define a default list of authentication methods consisting of a named group of servers and local authentication?

Global configuration mode: # *aaa authentication login default group* <group-name> *local*

How do you define a default list of authentication methods consisting of a single server (TACACS+ or RADIUS) and local authentication?

Global configuration mode: # *aaa authentication login default group* {*radius* | *tacacs+*} *local*

How do you define a user defined named list of authentication methods consisting of a single server (TACACS+ or RADIUS) and local authentication?

Global configuration mode: # *aaa authentication login* <list-name> *group* {*radius* | *tacacs+*} *local*

How do you apply an authentication method list to a Cisco device line?

In line configuration mode: # *login authentication* {*default* | <list-name>}

Do you have to use only one method to authenticate a user?

Multiple methods can be listed in the configuration.

Are all of the AAA commands visible before executing "aaa new model" command?

No.

Can RADIUS authorize users to use specific commands?

No. Its all or nothing.

What level of access is the "show running-config" in?

Plain or User EXEC mode.

What level of access is the command "conf t" in?

Privileged EXEC or enable mode.

Why is it important to add local authentication to the list of authentication methods such as RADIUS or TACACS+?

So that a user can login remotely in case the RADIUS/TACACS+ servers are not working. It is to be used as a last ditch fallback method of authenticating.

When user are authenticated, what privilege level are users put by default?

The EXEC level (the ">" prompt)

How does the "line" method of authentication work?

The password configured in the Console or VTY line stanzas of the startup-config is used to login. Usernames cannot be used.

How does the "local" method of authentication work?

The user's login credentials are compared against all of the "username" commands configured in the startup-config of the Cisco device.

Can TACACS+ authorize users to use specific commands?

Yes

What happens if you *remotely* configure AAA without configuring local names/passwords first?

You will get locked out of the device and will only be able to access it via the console port.

What are the Cisco default RADIUS authentication and accounting ports?

auth-port = 1645 acct-port = 1646

What are the default authentication and accounting ports according to the latest RADIUS RFCs?

auth-port = 1812 acct-port = 1813

An AAA server provides what services?

• Authentication verifies that a user. • Authorization authorizes users to do specific things. • Accounting keeps track of what a user did.

What are the types of AAA servers?

• Terminal Access Controller Access Control System Plus (TACACS+). • Remote Authentication Dial-In User Service (RADIUS).

How do you configure a named group of RADIUS servers?

•(config)# *aaa group server radius* <group-name> •(config-sg-tacacs+)# *server* [<ip-address> | <host-name>] [*auth-port* <port-num> | *acct-port* <port-num>]

How do you configure a named group of TACACS+ servers?

•(config)# *aaa group server tacacs+* <group-name> •(config-sg-tacacs+)# *server* <ip-address>

Cisco AAA Authentication

Kaugnay na mga set ng pag-aaral

HESI practice

The Infant, Toddler, and Preschooler

Management 3 integrative managerial issues

BA 335 Social Responsibility Exam Ch 13 - 19

History-Chapters 21, 22, 23, & 24

NUR 213 Final

Chapter 21

Final Exam

Unit 1 Lesson 5

Math

COMMUNITY HEALTH NURSING AND CARE OF THE MOTHER AND CHILD

Nutrition Ch. 16

CH4 Quiz

HIST 302 ch 22

Real Estate Principles - Chapter Five; Encumbrances

APES Chapter 2

Chapter 22

Statistics Capter 3

Acc 212 Ch 17

Accounting Final Exam