The flashcards below were created by user
on FreezingBlue Flashcards.
- Uses UDP
- Combines authentication and authorization
- Intended for user access control
- Encrypts only the password in the access-request packet, form the client to the server. The remainder of the packet is unecrypted
- Encrypts the entire body of the packet but leaves a standard TACACS+ header. Within the header is a field that indicates whether the body is encrypted or not
- Provides two methods to control the authorization of router commands on a per-user or per-group basis and is suitable for device management
- Uses TCP
- Seperates authentication, authorization, and accounting
Which AAA protocol is recommended for controlling Cisco devices and why?
TACACS+ is the right one, because of per-command control (command authorization) access to the device. RADIUS is not suitable due to one-time transfer of authorization information at initial authentication only.
Why a security tool like Cisco Access Control Server is a essential especially in a large enterprise network?
In large networks, many devices require a lot of network administrators with verying levels of access, Cisco Secure ACS allows a centralized database where administrator accounts can be managed at single location.
When configuring AAA, why is a method list used? Give an example.
- In the example, where AAA Server failed, authentication goes by locally configured user-ID/password
- Example: AAA authentication login mymethod group tacacs+ local enable
List the steps to configure Cisco's routers to support AAA. Identify those steps that are optional and those that are required.
- Enable AAA - aaa new-model
- Create local user account - username localadmin password cisco
- Identify the AAA Server Host IP and secret key password
- Specify to use loopback interface as source for TACACS+ - ip tacacs+ source-interface loopback 0
- Specify Authentication(Required) - Refer to 5.
- Authorization/Accounting as optional