Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ch. 7 Network Management CIS 187 Multilayer Switched Networks CCNP version 7 Rick Graziani Spring 2016.

Published byBenjamin Chandler Modified over 6 years ago

Similar presentations

Presentation on theme: "Ch. 7 Network Management CIS 187 Multilayer Switched Networks CCNP version 7 Rick Graziani Spring 2016."— Presentation transcript:

1 Ch. 7 Network Management CIS 187 Multilayer Switched Networks CCNP version 7 Rick Graziani Spring 2016

2 Authentication, Authorization & Accounting
It is strongly recommended that network and administrative access security in the Cisco environment is based on a modular architecture that has three functional components: authentication, authorization accounting also known as AAA Using a Cisco AAA architecture enables consistent, systematic and scalable access security Rick Graziani

3 The Three Components of AAA
Authentication – “Who are you?” Process of identifying a user before that user is allowed access to a protected resource. A user presents valid credentials, which are then compared with security information in a user database. In addition, authentication may offer other services depending on the security protocol selected, such as: an additional challenge and response, messaging support, or encryption. Rick Graziani

4 The Three Components of AAA
Authorization – “What is this user allowed to do?” After the user gains access to the network, authorization is performed. Control the level of access users have. Define which privileged EXEC commands are available to the user Control remote access (allowing the user to use protocols such as Point-to-Point Protocol [PPP] or Serial Line Internet Protocol [SLIP]). User capabilities are defined by a set of attribute-value (AV) pairs, which are associated with the user or the user’s group. These pairs may be stored locally on the device or on centralized TACACS+/RADIUS server(s). Rick Graziani

5 The Three Components of AAA
Accounting – “What have the users been doing on the network?” Accounting is performed after authentication. Accounting enables you to collect information about the user activity and resource consumption. Log user logins Commands executed by the user, session durations, bytes transferred The network device sends this information in the form of attribute-value pairs to the accounting server. Therefore, user activity information from all devices in your network is located in one central place. Authentication can be valid without authorization and accounting. Authorization and accounting… …however, cannot be performed without the authentication. Rick Graziani

6 Advantage to using AAA Increased flexibility and control of access configuration: Beyond IOS passwords, AAA offers additional authorization flexibility on a per-command or per-interface level, which is unavailable with local credentials. Scalability: Storing usernames and passwords in a local database on a device may be an appropriate solution for a small network with a small number of users. Larger networks, managing a large number of users on multiple devices becomes highly impractical and error-prone, with a lot of administrative burden. Single username by a number of network administrators results in the inability to track activities back to a single user. AAA model is the only solution that scales well. Standardized authentication methods: AAA supports the RADIUS protocol, which is an industry open standard. Multiple backup systems: You may specify multiple servers when configuring authentication options on the method list. In case of a server failure, the AAA engine on the device will continue to query the next server from the server group. To achieve high network availability, the following network components are required: Reliable, fault-tolerant network devices— Hardware and software reliability to automatically identify and overcome failures. Device and link redundancy— Entire devices may be redundant or modules within devices may be redundant. Links may also be redundant. Resilient network technologies— Intelligence that ensures fast recovery around any device or link failure. Optimized network design— Well-defined network topologies and configurations designed to ensure that there is no single point of failure. Best practices— Documented procedures for deploying and maintaining a robust e-commerce network infrastructure. Change control— Better control over changes made to network devices and maintenance of documentation regarding those changes.

7 Authentication Options
Generally speaking, authentication is based on: Something the user knows (username and password) Something the user has (digital certificate issued by certification authority) Something the user is (biometrical scanners which can identify him by his fingerprint or eye retina) To achieve high network availability, the following network components are required: Reliable, fault-tolerant network devices— Hardware and software reliability to automatically identify and overcome failures. Device and link redundancy— Entire devices may be redundant or modules within devices may be redundant. Links may also be redundant. Resilient network technologies— Intelligence that ensures fast recovery around any device or link failure. Optimized network design— Well-defined network topologies and configurations designed to ensure that there is no single point of failure. Best practices— Documented procedures for deploying and maintaining a robust e-commerce network infrastructure. Change control— Better control over changes made to network devices and maintenance of documentation regarding those changes.

8 Authentication Options
The authentication database may be stored either locally on a network device or on a centralized server. It is best practice to have multiple methods of authentication in case the primary authentication is down or unreachable. If the primary is down and no backup authentication method exists, you cannot access the network device in question. To achieve high network availability, the following network components are required: Reliable, fault-tolerant network devices— Hardware and software reliability to automatically identify and overcome failures. Device and link redundancy— Entire devices may be redundant or modules within devices may be redundant. Links may also be redundant. Resilient network technologies— Intelligence that ensures fast recovery around any device or link failure. Optimized network design— Well-defined network topologies and configurations designed to ensure that there is no single point of failure. Best practices— Documented procedures for deploying and maintaining a robust e-commerce network infrastructure. Change control— Better control over changes made to network devices and maintenance of documentation regarding those changes.

9 AAA Protocols: RADIUS and TACACS+
The best-known and best-used types of AAA protocols are TACACS+ RADIUS TACACS+ and RADIUS have different features that make them suitable for different situations RADIUS is maintained by a standard that was created by the IETF TACACS+ is a proprietary Cisco Systems technology that encrypts data Protocol: TACACS+ runs over TCP RADIUS runs over UDP TACACS+ can control the authorization level of users; RADIUS cannot. Because TACACS+ separates authentication and authorization, it is possible to use TACACS+ for authorization and accounting, while using a different method for authentication, such as Kerberos Rick Graziani

10 RADIUS Features Radius is an IETF standard protocol - RFC 2865
Uses UDP on standard port numbers (1812 and 1813; CSACS uses 1645 and 1646 by default) Rick Graziani

11 RADIUS and TACACS+ Overview
RADIUS and TACACS+ use the client/server model Step 1 - a user or machine sends a request to a networking device such as a router that acts as a network access server when running AAA. Step 2 and 3 - The network access server then communicates with the server exchanging RADIUS or TACACS+ messages. Step 4 - If authentication is successful… Step 5 - the user is granted access to a protected resource, such as a device CLI, network, and so on. Cisco implements the AAA server functionality in the Cisco Secure Access Control Server (ACS) and Identity Services Engine (ISE) To achieve high network availability, the following network components are required: Reliable, fault-tolerant network devices— Hardware and software reliability to automatically identify and overcome failures. Device and link redundancy— Entire devices may be redundant or modules within devices may be redundant. Links may also be redundant. Resilient network technologies— Intelligence that ensures fast recovery around any device or link failure. Optimized network design— Well-defined network topologies and configurations designed to ensure that there is no single point of failure. Best practices— Documented procedures for deploying and maintaining a robust e-commerce network infrastructure. Change control— Better control over changes made to network devices and maintenance of documentation regarding those changes.

12 TACACS+ Attributes and Features
The TACACS+ protocol is much more flexible than the RADIUS communication. TACACS+ uses TCP on well-known port number 49 TACACS+ establishes a dedicated TCP session for every AAA action Cisco Secure ACS can use one persistent TCP session for all actions Rick Graziani

13 To achieve high network availability, the following network components are required:
Reliable, fault-tolerant network devices— Hardware and software reliability to automatically identify and overcome failures. Device and link redundancy— Entire devices may be redundant or modules within devices may be redundant. Links may also be redundant. Resilient network technologies— Intelligence that ensures fast recovery around any device or link failure. Optimized network design— Well-defined network topologies and configurations designed to ensure that there is no single point of failure. Best practices— Documented procedures for deploying and maintaining a robust e-commerce network infrastructure. Change control— Better control over changes made to network devices and maintenance of documentation regarding those changes.

14 RADIUS Authentication and Authorization
The example shows how RADIUS exchange starts once the NAS is in possession of the username and password The ACS can reply with Access-Accept message, or Access-Reject if authentication is not successful

15 RADIUS Messages There are four types of messages involved in a RADIUS authentication exchange: Access-Request: Contains AV pairs for the username, password (this is the only information that is encrypted by RADIUS), and additional information such as the NAS port Access-Challenge: Necessary for challenge-based authentication methods such as Challenge Handshake Authentication Protocol (CHAP), Microsoft CHAP (MS-CHAP), and Extensible Authentication Protocol-Message Digest 5 (EAP-MD5) Access-Accept: The positive answer if the user information is valid Access-Reject: Sent as a negative reply if the user information is invalid

16 RADIUS Authentication Process
RADIUS authentication process between the NAS and RADIUS server starts when a client sends a login request in the form of an Access-Request packet. This packet contains: username encrypted password NAS IP address NAS port number To achieve high network availability, the following network components are required: Reliable, fault-tolerant network devices— Hardware and software reliability to automatically identify and overcome failures. Device and link redundancy— Entire devices may be redundant or modules within devices may be redundant. Links may also be redundant. Resilient network technologies— Intelligence that ensures fast recovery around any device or link failure. Optimized network design— Well-defined network topologies and configurations designed to ensure that there is no single point of failure. Best practices— Documented procedures for deploying and maintaining a robust e-commerce network infrastructure. Change control— Better control over changes made to network devices and maintenance of documentation regarding those changes.

17 RADIUS Authentication Process
When the RADIUS server receives the query…. It first compares the shared secret key sent in the request packet with the value configured on the server. If shared secrets are not identical, the server silently drops the packet. Only authorized clients can communicate with the server. If shared secrets are identical… The packet is further processed… Comparing the username and password inside the packet with those found in the database. To achieve high network availability, the following network components are required: Reliable, fault-tolerant network devices— Hardware and software reliability to automatically identify and overcome failures. Device and link redundancy— Entire devices may be redundant or modules within devices may be redundant. Links may also be redundant. Resilient network technologies— Intelligence that ensures fast recovery around any device or link failure. Optimized network design— Well-defined network topologies and configurations designed to ensure that there is no single point of failure. Best practices— Documented procedures for deploying and maintaining a robust e-commerce network infrastructure. Change control— Better control over changes made to network devices and maintenance of documentation regarding those changes.

18 RADIUS Authentication Process
If a match is found, the server returns an Access-Accept packet… With a list of attributes to be used with this session in the form of AV pairs (IP address, access control list [ACL] for NAS). If a match is not found, however, the RADIUS server returns an Access-Reject packet. It is important to notice that authentication and authorization phases are combined in a single Access-Request packet, unlike TACACS+. To achieve high network availability, the following network components are required: Reliable, fault-tolerant network devices— Hardware and software reliability to automatically identify and overcome failures. Device and link redundancy— Entire devices may be redundant or modules within devices may be redundant. Links may also be redundant. Resilient network technologies— Intelligence that ensures fast recovery around any device or link failure. Optimized network design— Well-defined network topologies and configurations designed to ensure that there is no single point of failure. Best practices— Documented procedures for deploying and maintaining a robust e-commerce network infrastructure. Change control— Better control over changes made to network devices and maintenance of documentation regarding those changes.

19 RADIUS Authentication Process
During the authentication and authorization phase, an optional Access-Challenge message may be requested by the RADIUS server … The purpose of collecting additional data (PIN, token card, and so on), further verifying the client’s identity. The accounting phase is realized separately after the authentication and authorization phases, using Accounting-Request and Accounting-Response messages. To achieve high network availability, the following network components are required: Reliable, fault-tolerant network devices— Hardware and software reliability to automatically identify and overcome failures. Device and link redundancy— Entire devices may be redundant or modules within devices may be redundant. Links may also be redundant. Resilient network technologies— Intelligence that ensures fast recovery around any device or link failure. Optimized network design— Well-defined network topologies and configurations designed to ensure that there is no single point of failure. Best practices— Documented procedures for deploying and maintaining a robust e-commerce network infrastructure. Change control— Better control over changes made to network devices and maintenance of documentation regarding those changes.

20 TACACS+ Authentication
The example shows how TACACS+ exchange starts before the user is prompted for username and password. The prompt text can be supplied by the TACACS+ server.

21 TACACS+ Network Authorization
The example shows the process of network authorization that starts after successful authentication.

22 TACACS+ Authentication Process
TACACS+ communication between the NAS and the TACACS+ server starts with a TCP communication, unlike RADIUS (which uses UDP). Next, the NAS contacts the TACACS+ server to obtain a username prompt, which is then displayed to the user. The username entered by the user is forwarded to the server. The server prompts the user again, this time for a password. The password is then sent to the server, where it is validated against the database (local or remote). To achieve high network availability, the following network components are required: Reliable, fault-tolerant network devices— Hardware and software reliability to automatically identify and overcome failures. Device and link redundancy— Entire devices may be redundant or modules within devices may be redundant. Links may also be redundant. Resilient network technologies— Intelligence that ensures fast recovery around any device or link failure. Optimized network design— Well-defined network topologies and configurations designed to ensure that there is no single point of failure. Best practices— Documented procedures for deploying and maintaining a robust e-commerce network infrastructure. Change control— Better control over changes made to network devices and maintenance of documentation regarding those changes.

23 TACACS+ Authentication Process
If a match is found, the TACACS+ server sends an ACCEPT message to the client, and the authorization phase may begin (if configured on the NAS). If a match is not found, however, the server responds with a REJECT message, and any further access is denied. Recall from earlier discussions that TACACS+ separates all its functions.. To achieve high network availability, the following network components are required: Reliable, fault-tolerant network devices— Hardware and software reliability to automatically identify and overcome failures. Device and link redundancy— Entire devices may be redundant or modules within devices may be redundant. Links may also be redundant. Resilient network technologies— Intelligence that ensures fast recovery around any device or link failure. Optimized network design— Well-defined network topologies and configurations designed to ensure that there is no single point of failure. Best practices— Documented procedures for deploying and maintaining a robust e-commerce network infrastructure. Change control— Better control over changes made to network devices and maintenance of documentation regarding those changes.

24 Configuring AAA Switch(config)# aaa new-model Switch(config)# username User123 secret Secretpwd Globally enable AAA to allow the use of all AAA elements. This step is a prerequisite for all other AAA commands. AAA supports a variety of authentication options. For example, you can use external authentication servers such as RADIUS or TACACS+, or you may specify a local database. Despite these options, it is best practice to configure a local username, to serve as a backup, should all external servers fail. NOTE: The aaa new-model command immediately applies local authentication to all lines and interfaces (except console line con 0). To avoid being locked out of the router, it is a best practice to define a local username and password before starting the AAA configuration.

25 Configuring RADIUS for Console and vty
Switch(config)# radius server configuration-name Switch(config-radius-server)# address ipv4 hostname [auth-port integer] [acct-port integer] Switch(config-radius-server)# key string Switch(config)# aaa group server radius group-name Switch(config-sg-radius)# server name configuration-name

26 Configuring RADIUS for Console and vty
Switch(config)# radius server myRadius Switch(config-radius-server)# address ipv Switch(config-radius-server)# key cisco456 Switch(config)# aaa group server radius Mygroup2 Switch(config-sg-radius)# server name myRadius Switch(config)# aaa authentication login radius_list group Mygroup2 local Switch(config)# line vty 0 Switch(config-line)# login authentication radius_list Configuration-name is just a text identifier for the server in question. In the subconfiguration, IP address is specified. The next step is to add the RADIUS server to a server group. You can add multiple RADIUS servers to a group, as long as they were previously defined using the radius server command.

27 Configuring RADIUS for Console and vty
Switch(config)# radius server myRadius Switch(config-radius-server)# address ipv Switch(config-radius-server)# key cisco456 Switch(config)# aaa group server radius Mygroup2 Switch(config-sg-radius)# server name myRadius Switch(config)# aaa authentication login radius_list group Mygroup2 local Switch(config)# line vty 0 Switch(config-line)# login authentication radius_list Configure login authentication using a named method list radius_list, server group Mygroup2 as primary authentication option local user database as a backup Final step is to apply this method list to the vty0 line.

28 Configuring TACACS+ for Console and vty
Switch(config)# tacacs server myTacacs Switch(config-server-tacacs)# address ipv Switch(config-server-tacacs)# key cisco123 Switch(config)# aaa group server tacacs+ Mygroup1 Switch(config-sg-tacacs+)# server name myTacacs Switch(config)# aaa authentication login default group Mygroup1 local Switch(config)# aaa authorization exec default group Mygroup1 local The default method list is automatically applied to all interfaces except those that have a named method list explicitly defined.

29 However, the user is allowed access with no authentication.
The commands create a method list that first tries to contact a TACACS+ server. If neither server can be contacted, AAA tries to use the enable password. This attempt may return an error because no enable password is configured on RTA. However, the user is allowed access with no authentication. Rick Graziani

30 AAA Authorization Switch(config)# aaa authorization authorization-type list-name method-list Switch(config)# line line-type line-number Switch(config)# authorization {arap | commands level | exec | reverse-access} list-name AAA authorization goes beyond authentication to control what actions, commands, and so on a user is allowed to perform. Step 1. Define a named list of authorization methods. Step 2. Apply that list to one or more interfaces (except for the default method list). Step 3. The first listed method is used. If it fails to respond, the second one is used, and so on until all listed methods are exhausted. Once the method list is exhausted, a failure message is logged. To achieve high network availability, the following network components are required: Reliable, fault-tolerant network devices— Hardware and software reliability to automatically identify and overcome failures. Device and link redundancy— Entire devices may be redundant or modules within devices may be redundant. Links may also be redundant. Resilient network technologies— Intelligence that ensures fast recovery around any device or link failure. Optimized network design— Well-defined network topologies and configurations designed to ensure that there is no single point of failure. Best practices— Documented procedures for deploying and maintaining a robust e-commerce network infrastructure. Change control— Better control over changes made to network devices and maintenance of documentation regarding those changes.

31 AAA Accounting witch(config)# aaa accounting accounting-type list-name {start-stop | stop-only | none} method-list Switch(config)# interface interface-type interface-number Switch(config-if)# ppp accounting list-name AAA accounting feature enables you to track the services that users are accessing and the amount of network resources that they are consuming. Step 1. You must first define a named list of accounting methods. Step 2. Apply that list to one or more interfaces (except for the default method list). Step 3. The first listed method is used; if it fails to respond, the second one is used, and so on. Step 4. The first listed method is used; if it fails to respond, the second one is used, and so on. To achieve high network availability, the following network components are required: Reliable, fault-tolerant network devices— Hardware and software reliability to automatically identify and overcome failures. Device and link redundancy— Entire devices may be redundant or modules within devices may be redundant. Links may also be redundant. Resilient network technologies— Intelligence that ensures fast recovery around any device or link failure. Optimized network design— Well-defined network topologies and configurations designed to ensure that there is no single point of failure. Best practices— Documented procedures for deploying and maintaining a robust e-commerce network infrastructure. Change control— Better control over changes made to network devices and maintenance of documentation regarding those changes.

32 TACACS+ Reports and Activity
Rick Graziani

33 Configuring AAA authorization

34 Configuring AAA authorization
Router(config)#aaa authorization type {default | list-name} [method1 [...[method4]] AAA authorization limits the services available to a user. When AAA authorization is enabled, the router uses information retrieved from the user's profile to configure the session. This profile is located either in the local user database or on the security server. Once this authorization is done, the user will be granted access to a requested service only if the information in the user profile will allow it. Rick Graziani

35 Configuring AAA authorization
Rick Graziani

36 Configuring AAA authorization
Before AAA authorization can be configured, the following tasks must be performed: Enable AAA using the aaa new-model command. Configure AAA authentication. Authorization generally takes place after authentication and it relies on authentication to work properly. Configure the router as a TACACS+ or a RADIUS client, if necessary. Configure the local username/password database, if necessary. Use the username command to define the rights associated with specific use Rick Graziani

37 The aaa authorization reverse-access command configures authorization for reverse Telnet sessions.
Users attempting to reverse Telnet from the router must be authorized to issue the command first by a TACACS+ server. Rick Graziani

38 The aaa authorization exec command configures authorization for EXEC sessions.
The router will contact a TACACS+ server to determine if users are permitted to start an EXEC shell when they log in. Rick Graziani

39 IOS command privilege levels
The aaa authorization command can also be used to control exactly which commands a user is allowed to enter on the router. Users can only enter commands at or beneath their privilege level. All IOS router commands are assigned a privilege level from 0 to 15. There are three privilege levels on the router by default. Routers use privilege levels even when AAA is not configured. When a user opens an EXEC session using the console or a VTY, the user can issue any command in privilege level 1 and/or privilege level 0 by default. privilege level 1 – user mode privilege level 15 – priviledged (enable) mode Once the user authenticates using the enable command and enable password, that user has privilege level 15. Rick Graziani

40 IOS command privilege levels
Levels 2 to 14 are not used in a default configuration. However, commands that are normally at level 15 can be moved down to any level between 2 and 14. Commands that are normally at level 1 can be moved up to one of those levels. This security model involves some administration on the router. To determine the privilege level as a logged in user, the show privilege command is used. The commands that are available at a particular privilege level for the Cisco IOS Software Release being used can be determined. Enter a “?” at the command line when logged in at that privilege level to show those commands. Note: Instead of assigning privilege levels, command authorization can be done if the authentication server supports TACACS+. The RADIUS protocol does not support command authorization. Rick Graziani

41 Configuring command authorization
The privilege command can be used to configure precisely which commands belong to which privilege levels, including user-defined levels. The commands entered on RTA move the snmp-server commands from privilege level 15, the default, to privilege level 7. The ping command is moved up from privilege level 1 to privilege level 7 Rick Graziani

42 Configuring command authorization
Once privilege levels have been defined, the aaa authorization command can be used to give access to commands by privilege level. The user who logs in with level 7 privileges can ping and do snmp-server configuration in configuration mode. Other configuration commands are not available. The security server or the local username/password database can determine a user’s privilege level. Rick Graziani

43 Configuring command authorization
Router(config)#username name privilege level password password RTA(config)#username flannery privilege 7 password letmein The above configuration shows the username command used to create a user named “flannery” with a privilege level of 7. When this user logs in, access to commands will only be given in privilege level 7 and below. Rick Graziani

44 Configuring AAA accounting

45 Configuring AAA accounting
Method lists for accounting define the way accounting will be performed and the sequence in which these methods are performed. Rick Graziani

46 Configuring AAA accounting
Accounting method lists are specific to the type of accounting being requested. AAA supports the follow six different types of accounting. Network accounting provides information for all PPP, SLIP, or ARAP sessions, including packet and byte counts. EXEC accounting provides information about user EXEC terminal sessions of the network access server. Command accounting generates accounting records for all EXEC mode commands, including global configuration commands, associated with a specific privilege level. Connection accounting provides information about all outbound connections made from the network access server, such as Telnet, local-area transport (LAT), TN3270, packet assembler/disassembler (PAD), and rlogin. System accounting provides information about system-level events. Resource accounting provides "start" and "stop" records for calls that have passed user authentication, and provides "stop" records for calls that fail to authenticate. Rick Graziani

47 Configuring AAA accounting
Rick Graziani

48 Configuring AAA accounting
After specifying a named or default list, the accounting record type must be specified. The following are the four accounting record types: none start-stop stop-only wait-start For minimal accounting, use the stop-only keyword. This keyword instructs the specified method, RADIUS or TACACS+, to send a stop record accounting notice at the end of the requested user process. For more accounting information, use the start-stop keyword to send a start accounting notice at the beginning of the requested event and a stop accounting notice at the end of the event. Wait-start sends both a start and a stop accounting record to the accounting server. However, if the wait-start keyword is used, the requested user service does not begin until the start accounting record is acknowledged. A stop accounting record is also sent. To stop all accounting activities on this line or interface, use the none keyword. Rick Graziani

49 RTA is configured with the aaa accounting network command.
This command enables accounting for network services, such as PPP, SLIP, and ARAP sessions. RTA will send accounting information for PPP sessions to a TACACS+ server. The format of the output stored on the server varies depending on the TACACS+ or RADIUS implementation. Rick Graziani

50 Ch. 7 Network Management CIS 187 Multilayer Switched Networks CCNP version 7 Rick Graziani Spring 2016

Download ppt "Ch. 7 Network Management CIS 187 Multilayer Switched Networks CCNP version 7 Rick Graziani Spring 2016."

Similar presentations

Authentication.

Authentication.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
Chapter 9: Access Control Lists

Chapter 9: Access Control Lists
Rick Graziani PPP authentication protocols 1. Link establishment - (LCPs) 2. Authentication - Optional (LCPs) 3. Link quality determination.

Rick Graziani PPP authentication protocols 1. Link establishment - (LCPs) 2. Authentication - Optional (LCPs) 3. Link quality determination.
Point-to-Point Protocol

Point-to-Point Protocol
CCNA2 Module 4. Discovering and Connecting to Neighbors Enable and disable CDP Use the show cdp neighbors command Determine which neighboring devices.

CCNA2 Module 4. Discovering and Connecting to Neighbors Enable and disable CDP Use the show cdp neighbors command Determine which neighboring devices.
1 Semester 2 Module 4 Learning about Other Devices Yuda college of business James Chen

1 Semester 2 Module 4 Learning about Other Devices Yuda college of business James Chen
Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.

Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.
© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 3 – Authentication, Authorization and Accounting.

© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 3 – Authentication, Authorization and Accounting.
Semester 4 - Chapter 4 – PPP WAN connections are controlled by protocols In a LAN environment, in order to move data between any two nodes or routers two.

Semester 4 - Chapter 4 – PPP WAN connections are controlled by protocols In a LAN environment, in order to move data between any two nodes or routers two.
(Remote Access Security) AAA. 2 Authentication User named flannery dials into an access server that is configured with CHAP. The access server will.

(Remote Access Security) AAA. 2 Authentication User named "flannery" dials into an access server that is configured with CHAP. The access server will.
PPP (Point to Point protocol).  On WAN connection, the protocol depends on the WAN technology and communicating equipment:  Examples:  HDLC –  The.

PPP (Point to Point protocol).  On WAN connection, the protocol depends on the WAN technology and communicating equipment:  Examples:  HDLC –  The.
CCNA 2 v3.1 Module 2.

CCNA 2 v3.1 Module 2.
Chapter 18 RADIUS. RADIUS  Remote Authentication Dial-In User Service  Protocol used for communication between NAS and AAA server  Supports authentication,

Chapter 18 RADIUS. RADIUS  Remote Authentication Dial-In User Service  Protocol used for communication between NAS and AAA server  Supports authentication,
S6C12 - AAA AAA Facts. AAA Defined Authentication, Authorization, and Accounting Central Management of AAA –Information in a single, centralized, secure.

S6C12 - AAA AAA Facts. AAA Defined Authentication, Authorization, and Accounting Central Management of AAA –Information in a single, centralized, secure.
Chapter 17 TACACS+.

Chapter 17 TACACS+.
Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.

Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.
Implementing RADIUS AAA Phil & Rick. Content Terms and Concepts Access Control What is AAA? Benefits of AAA What is RADIUS? Microsoft IAS Overview Installation.

Implementing RADIUS AAA Phil & Rick. Content Terms and Concepts Access Control What is AAA? Benefits of AAA What is RADIUS? Microsoft IAS Overview Installation.
1 Semester 2 Module 2 Introduction to Routers Yuda college of business James Chen

1 Semester 2 Module 2 Introduction to Routers Yuda college of business James Chen

Similar presentations

Ads by Google