Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

CCNP-SWITCHING 300-115 Mohamed Samir YouTube

CCNP-SWITCHING 300-115
Mohamed Samir YouTube channel
Double CCIEs #27042(R/S&SP)
Mohamed Samir
© 2015 Mohamed Samir YouTube channel
All rights reserved.
www.mohamedsamir.com
Part VII: Securing
Switched Networks
Mohamed Samir
© 2015 Mohamed Samir YouTube channel
All rights reserved.
www.mohamedsamir.com
Managing Switch
Users
Mohamed Samir
© 2015 Mohamed Samir YouTube channel
All rights reserved.
www.mohamedsamir.com
AAA
•
•
•
•
•
•
•
Authentication: Who is the user?
Authorization: What is the user allowed to do?
Accounting: What did the user do?
AAA functions that are centralized, standardized, resilient, and flexible.
Cisco switches can use the following two protocols to communicate with AAA
servers:
TACACS+: A Cisco proprietary secure and encrypted over TCP port 49
RADIUS: A standards-based uses UDP ports 1812 and 1813 (accounting), but is not
completely encrypted
Mohamed Samir
© 2015 Mohamed Samir YouTube channel
All rights reserved.
www.mohamedsamir.com
Configuring Authentication
•
•
•
•
•
•
•
•
•
Switch(config)# aaa new-model
Switch(config)# username lastresort password MySecretP@ssw0rd
Switch(config)# tacacs-server host 192.168.10.10 key t@c@csk3y
Switch(config)# tacacs-server host 192.168.10.11 key t@c@csk3y
Switch(config)# aaa group server tacacs+ myauthservers
Switch(config-sg)# server 192.168.10.10
Switch(config-sg)# server 192.168.10.11
Switch(config-sg)# exit
Switch(config)# aaa authentication login myauth group myauthservers
local
• Switch(config)# line vty 0 15
• Switch(config-line)# login authentication myauth
Mohamed Samir
© 2015 Mohamed Samir YouTube channel
All rights reserved.
www.mohamedsamir.com
Configuring Authorization
• Switch(config)# aaa authorization {commands | config-commands|
configuration | exec | network | reverse-access} {default |list-name}
method1 [method2 ...]
• For specific line
• Switch(config-line)# authorization {commands level | exec | reverseaccess} {default | list-name}
• For all line
• Switch(config)# aaa authorization exec default group myauthservers
none
Mohamed Samir
© 2015 Mohamed Samir YouTube channel
All rights reserved.
www.mohamedsamir.com
Configuring Accounting
• Switch(config)# aaa accounting {system | exec | commands level} {default
• | list-name} {start-stop | stop-only | wait-start | none} method1
[method2
• For specific line
• Switch(config-line)# accounting {commands level | connection | exec}
{default | list-name}
Mohamed Samir
© 2015 Mohamed Samir YouTube channel
All rights reserved.
www.mohamedsamir.com
Any questions ?
Mohamed Samir
© 2015 Mohamed Samir YouTube channel
All rights reserved.
www.mohamedsamir.com
Thank you
for your
time ! 
‫شكرا‬
‫جزاكم هللا خير‬
Mohamed Samir
© 2015 Mohamed Samir YouTube channel
All rights reserved.
www.mohamedsamir.com
Related documents
CCNP-SWITCHING 300-115 Mohamed Samir YouTube
CCNP-SWITCHING 300-115 Mohamed Samir YouTube
switchport port-security
switchport port-security
index_Ny2013_0604a1-13p1
index_Ny2013_0604a1-13p1
SNMP agent
SNMP agent
index_Ns0812
index_Ns0812
C.V Details - Assiut University
C.V Details - Assiut University
index_life_0901_91-110
index_life_0901_91-110
Switch block
Switch block
index_Am100114a1-31p1
index_Am100114a1-31p1
مقترح مختصر لسيرة ذاتية
مقترح مختصر لسيرة ذاتية
Download