Command Reference to Check Your Memory

This section includes the most important configuration and EXEC commands covered in this chapter. To see how well you have memorized the commands as a side effect of your other studies, cover the left side of the table with a piece of paper, read the descriptions on the right side, and see whether you remember the commands.

Table 4-12 Chapter 4 Configuration Command Reference

Command

Description

aaa new-model

Enables AAA on the router. This is a prerequisite for all other AAA commands.

aaa authentication arap

A global configuration command used by AppleTalk Remote Access Protocol (ARAP) users using RADIUS or TACACS+ to enable an AAA authentication method.

aaa authentication banner

Creates a personalized login banner.

aaa authentication enable default

A global configuration command that enables AAA authentication to determine if a user can access the privileged command level.

aaa authentication fail-message

Creates a message that is displayed when a user login fails.

aaa authentication localoverride

Configures the Cisco IOS software to check the local user database for authentication before attempting another form of authentication.

aaa authentication login {default | listname} group {group-name | radius | tacacs+} [method2 [method3 [method4]]]

A global configuration command that sets AAA authentication at login.

aaa authentication nasi

A global configuration command that specifies AAA authentication for NetWare Access Server Interface (NASI) clients who connect using the access server.

aaa authentication passwordprompt

A global configuration command that changes the text displayed when users are prompted for a password.

aaa authentication ppp

A global configuration command that specifies one or more AAA authentication methods for use on serial interfaces running PPP.

aaa authentication usernameprompt

A global configuration command that changes the text displayed when users are prompted to enter a username.

aaa authentication ppp default local

A global configuration command that specifies a default PPP authentication method list using the local usernamepassword database on the router.

continues continues

Table 4-12 Chapter 4 Configuration Command Reference (Continued)

Command

Description

aaa authentication ppp dial-in local none

A global configuration command that specifies that a PPP authentication method list named dial-in should be used on the initial login attempt, using the local username-password database on the router. If the local username is not defined, no authentication is used.

aaa authorization {network 1 exec 1 commands level 1 reverse-access 1 configuration} {default 1 list-name} methodl [method2. . .]

A global configuration command that may be used to set parameters that restrict administrative EXEC access to the routers or user access to the network.

Table 4-13 Chapter 4 EXEC Command Reference

Command

Description

debug aaa authentication

Displays debugging messages for the authentication functions of AAA

debug aaa authorization

Displays debugging messages for the authorization functions of AAA

debug aaa accounting

Displays debugging messages for the accounting functions of AAA

This page intentionally left blank

This chapter covers the following topics:

Locking down the router: This section discusses various router services that attackers might target. To help you harden the security of a router, this section also describes the AutoSecure feature and Cisco SDM's One-Step Lockdown feature.

Using secure management and reporting:

This section focuses on securing and monitoring router access using syslog, SSH, and SNMPv3 technologies. Also, this section distinguishes between in-band and out-of-band network management and shows you how to use Cisco SDM to configure a variety of management and monitoring features.

0 0

Post a comment