Authentication, authorization and accounting
(AAA). The main elements of security are
AAA. These allows for enhanced security for who
is allowed to log into a network, and what they
are allowed to do, and logs the things that they
have done. Typically this security is applied at
the edge of a network, using a nework access server
(NAS). This server contains a database of users
and their associated passwords, and any other configuration.
On routers there are three main security protocols:
TACACS+, RADIUS and Kerberos. On a router, AAA is
enabled with:
1
Go into the privileged mode
by typing enable.
2
Configure the device using by typing config
t.
3
Then:
(config)#
aaa new-model
4
For TACACS+, the IP address of the TACACS+
server is specified with:
(config)#
tacacs-server host 192.168.0.10
5
Next the encryption key is specified with:
(config)#
tacacs-server key mypass
6
For RADIUS, the IP address of the RADIUS
server is specified with:
(config)#
radius-server host 192.168.0.10
7
Next the encryption key is specified with:
(config)#
radius-server key mypass
8
Go back to the user executive
mode with the command exit
9
Show the main system configuration with
show
running-config.
OSPF and EIGRP. EIGRP is an enhanced
version of IGRP, and OSPF is typically used to determine
routes on exterior routes. To setup them up:
Debug information. The debug command
can be used to investigate the operation of the
router.
1
Go into the privileged mode
by typing enable.
2
Then:
# debug ?
3
For example to display the options to debug
IP:
# debug
ip ?
4
and to debug RIP:
# debug
ip rip
5
To show debug information
# show
debug
5
To reset a debug, use undebug:
# undebug
ip rip
Viewing files. The main commands
to view files are dir (to list a directory), pwd
(to show the current directory), cd (change directory),
copy (copy a file), erase (erase a file), and delete
(delete a file).
1
Go into the privileged mode
by typing enable.
2
Then:
# dir
# pwd
Testing. The system can be tested
using the test command.
1
Go into the privileged mode
by typing enable.
2
Then to test the LEDs:
# test leds
3
To test the default boot parameters:
# test ifs defaults
ENABLING AND DISABLING CDP. CDP
(Cisco Discovery Protocol) allows ports to discover
the parameters of their neighhours. It is
1
Go into interface mode for
E0.
2
To enable the CDP command
the command used is cdp enable (it
is enabled by default). To disable it, use
the command no cdp enable.
3
Go back to the Exec mode,
and show that the no cdp enable
statement has been added to E0.
4
The parameters used for
CDP are shown with show cdp.
5
Show the CDP status on
each port with show cdp interface.
6
Show the CDP traffic
is show cdp traffic.
7
Show the CDP information
of switch's neighbours with show cdp
neighbors.
8
For general CDP configuration,
go to Config Exec mode and use cdp
?.
9
Use the cdp holdtime
20 command to set the hold timer
to 20.
10
Use the cdp timer
30 command to set the timer to 30.
11
Show the running-configuration
to check that the commands have been added.
[