CCNP Enterprise Core (350-401)
-
Authentication, Authorisation, and Accounting (AAA)
AAA is a framework that is for enabling a set of three independent security functions Authentication Enables a user to be identified and verified prior to being granted access Authorisation Defines the privileges and restrictions to be enforced on an authenticated user Accounting Provides the ability to track and log user access, including user identities,…
-
Absolute Timeout
The command absolute-timeout <minutes> under line configuration mode terminates an EXEC session after the specified period has expired, even if the connection is being used (not idle) It is recommended to be used with the command logout-warning <notice-in-seconds> to display a warning to users about a connection timeout that is away to occur.
-
EXEC Timeout
By default an idle EXEC session terminated after 10 minutes of inactivity The command exec-timeout <minutes> <seconds> under line configuration mode can be used to tweak this value Using the command exec-timeout 0 0 and no exec-timeout disables the EXEC timeout, but this is not recommended.
-
Auxiliary (AUX) Port
Some Cisco devices have an auxiliary port available for remote administration through a dial-up modem connection. In most cases this is not required, and the AUX port should be disabled with the command no exec under line aux 0
-
Establishing VTY Access via SSH
Telnet is a popular but insecure method of accessing IOS devices. Telnet sessions are sent in plain text and can make it easy to sniff and capture confidential session information. SSH can provide encryption and strong authentication as an alternative, it is available in two versions SSH Version 1 Improvement over telnet in its handling…
-
Control Access to VTY Lines with Transport Input
Protocols that can access the VTY lines can be restricted with the command transport input All protocols can be permitted with the command transport input all or individual protocols can be permitted by listing them ! Permit telnet and SSH only transport input telnet ssh
-
Control Access to VTY Lines with ACL
Access to VTY lines can be controlled with an access control list. To apply a standard or extended access control list to a VTY line, use the command access-class <ACL Number or Name> in under configuration mode for that line for an inbound access list, or access-class <ACL Number or Name> out for an outbound…
-
User Privilege Levels and Roled Based Access Control
The Cisco IOS CLI has three privilege levels by default: Level 0 Level 0 provides the disable, enable, exit, help, and logout commands Level 1 Level 1 is known as User EXEC mode. It is not possible to make configuration changes in this mode and the command configure terminal is not available. Level 15 Known…
-
Configuring Line Local Username and Password Authentication
Two commands are required to enable username and password authentication on Cisco devices, the username command in global configuration mode and the command login local on the line configuration username george secret bananas123 line con 0 login local
-
Line Local Authentication
To enable password authentication on a line, the following two commands are required: password and login To configure password authentication on the console, use the following commands: line con 0 password P4ssw0rd! login