Chapter 6 - Configuring Basic Switch Management

Question 1

By default, how secure is each CLI access method? (Console, SSH, Telnet)

Answer 1

By default a user is allowed full access when connected into the console without any password requirement. However Telnet and SSH don’t even allow users to login to user mode without a password. SSH also requires a username unlike Telnet.

Question 2

What is vty?

Answer 2

• Virtual Teletype - Lines that allow you to remotely connect to a device via SSH or Telnet. The command ‘line vty 0 4’ opens up 5 vty lines meaning that 5 users can be connected via Telnet or SSH at a time.
• The lines will be used in order (e.g. if you disable Telnet on line 0 but any other lines have it enabled, you will not be able to login via Telnet as it will attempt to log you in as line 0).

Question 3

What does ‘Enable Password’ do?

Answer 3

Allows the user to set a password for accessing Enable mode

Question 4

How do you create a separate user login?

Answer 4

Enter ‘Username <name> secret <password>'. You then need to tell the access method (console or vty) to use this login method instead of shared passwords by entering the 'login local' command.</password></name>

Question 5

What is AAA and what does it do?

Answer 5

-AAA (Authentication, Authorisation, and Accounting) servers store usernames and passwords for logging into routers/switches.
- Some useful things that an AAA server does is forced password maintenance.
- It also centralises login details so they can be changed for all devices connected to this server at a central location instead of having to login to each device and change the details manually.

Question 6

What process and protocols does AAA use for authentication?

Answer 6

A username and password is supplied by the user, the switch/router then sends a query to the AAA server to confirm if this is valid (Telnet or SSH). The AAA server then responds advising whether the combination is valid (RADIUS or TACACS+).

Question 7

How do you tell the device to generate SSH keys?

Answer 7

First you need to define the hostname of the device and apply a domain name. Once you enter ‘crypto key generate rsa’ it will then generate crypto keys using the hostname and domain name for an FQDN.

Question 8

How do you disable the functionality that causes a device to automatically attempt to resolve a hostname if you mistype a command?

Answer 8

Enter no ip domain-lookup.

Question 9

What does ‘Enable Secret’ do?

Answer 9

This will overwrite Enable Password and it is also encrypted in MD5 as standard.

Question 10

How would you disconnect (suspend) a Telnet session you are currently on to return to the original device?

Answer 10

• You would enter ‘ctrl+shit+6’ at the same time and then press ‘x’.
• or type exit
• or logout

Question 11

How would you see suspended Telnet sessions? How would you then reopen a previously disconnected session?

Answer 11

You would use the ‘show sessions’ command. A * will be listed next to the most recently disconnected session.

You would use the ‘resume’ command to reconnect to a previously disconnected Telnet session. this will just resume the most recently suspended one. You can also use the ‘resume <connection>' to resume a specific connection rather than the most recent.</connection>