Authentication Flashcards
802.1X
This is a standards-based authentication method for wired and wireless connections
MAC Authentication Bypass(MAB)
for devices that lack 802.1x capability
Web Authentication
for guest access
Authentication
determine whether the user can access the network
Authorization
controls what actions a user can perform
Accounting
tracks user actions
Posture assessment
allows you to validate and maintain endpoint security capabilities.
ISE CAN DO
AAA, Posture, and Guest Management
Device administration
controlling access to who can log in to a network device console, telnet session, secure shell (SSH) session, or other method is one form of AAA that you should be aware of
Network access
securing network access can provide the identity of the device or user before permitting the entity to communicate with the network
Cisco Secure Access Control Server
has a capability to provide command sets, which are listing of commands that are permitted or denied to be run by an authenticated user.
RADIUS
used between the network access device (NAD) and the authentication server.
TACACS+
uses TCP port 49
Difference between RADIUS and TACACS+
TACACS+ is able to separate authentication, authorization, and accounting as separate and independent functions
TACACS+ encrypt the entire payload
TACACS+ Authentication Messages
- START- This packet is used to begin the authentication request between the AAA client and the AAA server
REPLY - Message sent from the AAA server to the AAA client
CONTINUE - Message from the AAA client used to respond to the AAA server requests for username and password