Command Reference to Check Your Memory

This section includes the most important configuration and EXEC commands covered in this chapter. To see how well you have memorized the commands as a side effect of your other studies, cover the left side of the table with a piece of paper, read the descriptions on the right side, and see whether you remember the commands.

Table 3-13 Chapter 3 Configuration Command Reference

Command

Description

enable secret password

A global configuration mode command that configures a router's enable secret password

password password

A line configuration mode command that configures a password for a line (such as a con, aux, or vty line)

login

A line configuration mode command that configures a line to require a login

service password-encryption

A global configuration mode command that encrypts plaintext passwords in a router's configuration

exec-timeout minutes [seconds]

A line configuration mode command that specifies an inactivity period before logging out a user

security authentication failure rate number_of_failed_at tempts log

A global configuration mode command used to specify the maximum number of failed attempts (in the range of 2 to 1024) before introducing a 15-second delay; also generates a log message if the specified threshold is exceeded

privilege mode {level level command 1 reset command}

A global configuration mode command used to associate a command (issued in a specific mode) with a specified privilege level, in the range 0 to 15 (although custom privilege levels are in the range 1 to 14), or to reset a command to its default level

aaa new-model

A global configuration mode command used to enable authentication, authorization, and accounting (AAA)

parser view view_name

A global configuration mode command used to create a new view

secret 0 password

A view configuration mode command used to set the password required to invoke the view

commands parser_mode {include 1 include-exclusive 1 exclude} [all] [interface interface_identifier 1 command]

A view configuration mode command that allows an administrator to specify a command (or interface) available to a particular view

continues continues

Table 3-13 Chapter 3 Configuration Command Reference (Continued)

Command

Description

secure boot-image

A global configuration mode command used to enable image resilience

secure boot-config

A global configuration mode command that archives the running configuration of a router to persistent storage

login block-for seconds attempts attempts within seconds

A global configuration mode command that specifies the number of failed login attempts (within a specified time period) that trigger a quiet period, during which login attempts will be blocked

login quiet-mode access-class {acl-name 1 acl-number}

A global configuration mode command that specifies an ACL that identifies exemptions from the previously described quiet period

login delay seconds

A global configuration mode command that specifies a minimum period of time that must pass between login attempts

login on-failure log

[every login_attempts]

A global configuration mode command that creates log messages for failed login attempts

login on-success log [every login_attempts]

A global configuration mode command that creates log messages for successful login attempts

banner motd delimiter message_body delimiter

A global configuration mode command that configures a message to be displayed when a user administratively connects to a router

ip http server

A global configuration mode command that enables an HTTP server on a router

ip http secure-server

A global configuration mode command that enables a secure HTTP (HTTPS) server on a router

ip http authentication local

A global configuration mode command that configures a local authentication method for accessing the HTTPS server

username name privilege 15 secret 0

password

A global configuration mode command that configures a username and password to be used for authentication local to the router

Table 3-14 Chapter 3 EXEC Command Reference

Command

Description

enable view

Enables the root view, which is represented by the set of commands available to an administrator logged in with a privilege level of 15

enable view view_name

Switches to the specific view (after the required credentials are provided)

show secure bootset

Used to verify that Cisco IOS Resilient Configuration is enabled and that the files in the bootset have been secured

show login

Can be used to verify that enhanced support for virtual logins is configured and to view the login parameters

This chapter covers the following topics:

Configuring AAA using the local user database: This section discusses the components of AAA, as well as the steps necessary to successfully configure AAA using the local user database.

Configuring AAA using Cisco Secure ACS:

This section discusses the role of Cisco Secure ACS in configuring AAA, including a discussion of working with both RADIUS and TACACS+.

0 0

Post a comment