AAA Flashcards

1
Q

What are the 6 AAA Accounting types?

A

Network Accounting

Connection Accounting

EXEC Accounting

System Accounting

Command Accounting

Resource Accounting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which portion of AAA looks at what a user has access to?

A

authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which command creates a login authentication method named “login” that will primarily use RADIUS and fail over to the local user database?

A

aaa authentication radius local

eg:

aaa authentication login login radius loca

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which AAA Authorization type includes PPP, SLIP, and ARAP connections?

A

network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which authentication service is needed to configure 802.1x?

A

RADIUS with EAP Extension

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

username cisco password cisco
!
aaa new-model
!
radius-server host 10.1.1.50 auth-port 1812 key C1sc0123
aaa authentication login default group radius local line
aaa authentication login NO_AUTH none
!
line vty 0 15
login authentication default
password linepass
line console 0
login authentication NO_AUTH
!
Which login credentials are required when connecting to the console port in this output?

A

none required

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

sername cisco password cisco
!
aaa new-model
!
radius-server host 10.1.1.50 auth-port 1812 key C1sc0123
aaa authentication login default group radius local line
aaa authentication loging NO_AUTH none
!
line vty 0 15
login authentication default
password linepass
line console 0
login authentication NO_AUTH

When a network administrator is attempting an SSH connection to the device, in which order does the device check the login credentials?

A

RADIUS server, local username, line password

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What does AAA stand for?

A

Authentication, Authorization, Accounting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is *Authentication*?

A

Authentication verifies the credentials of the client.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is *Authorization*?

A

Authorization determines the privileges of authenticated clients.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is *Accounting*?

A

Accounting is a gathering of statistics and is typically a separate process aside from Authentication/Authorization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is *TACACS+*?

A

TACACS+ is a Cisco Proprietary protocol that enables AAA. Uses TCP port 49 for communication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is *RADIUS*?

A

RADIUS is an IETF Standard protocol that enables AAA. Uses UDP port 1812 and 1813.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is local privilege authorization fallback?

A

Generally, when setting up AAA authentication, you can also set up backup protocols in case the primary fails. In this scenario, you will want to enable local as your backup.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What configuration command enables AAA?

A

Sw1(config)# aaa new-model
Sw1(config)# aaa authentication login default group <radius></radius>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What configuration command sets up tacacs/radius?

A

Sw1(config)# tacacs-server host <ip-addr> key <key><br></br>Sw1(config)# radius-server host <ip-addr> key <key></key></ip-addr></key></ip-addr>

17
Q

What configuration commands sets up dot1x aaa authentication with radius?

A
  • Sw1(config)# dot1x system-auth-control (enables dot1x globally)
  • Sw1(config)# aaa new-model
  • Sw1(config)# aaa authentication dot1x default group radius
  • Sw1(config-if)# switchport mode access (switchport must be access)
  • Sw1(config-if)# dot1x port-control <auto></auto>
18
Q

What configuration command sets up a local fallback for AAA Authentication?

A

Sw1(config)# aaa authentication login default group <radius> *local*</radius>