Chapter 8 Flashcards
The standard terminal-emulation application layer protocol in the TCP/IP protocol stack. It is used for remote terminal connection, enabling users to log in to remote systems and use resources as if they were connected to a local system and is defined in RFC 854.
Telnet
A TCP/IP application layer protocol that supports terminal emulation between a client and server, using dynamic key exchange and encryption to keep the communications private.
Secure Shell (SSH)
A username (with matching password), configured on a router or switch. It is considered local because it exists on the router or switch, and not on a remote server.
Local username
_____ confirms the identity of the user or device.
_____ determines what the user or device is allowed to do.
_____ records information about access attempts, including inappropriate requests.
Authentication, Authorization, Accounting (AAA)
A server that holds security information and provides services related to user login, particularly authentication (is the user who they say they are), authorization (once authenticated, what do we allow the user to do), and accounting (tracking the user).
AAA server
A part of the Cisco IOS CLI in which the user can use the most powerful and potentially disruptive commands on a router or switch, including the ability to then reach configuration mode and reconfigure the router.
Enable mode
On an IP host, the IP address of some router to which the host sends packets when the packet’s destination address is on a subnet other than the local subnet.
Default gateway
A configuration concept inside Cisco switches, used as an interface between IOS running on the switch and a VLAN supported inside the switch, so that the switch can assign an IP address and send IP packets into that VLAN.
VLAN interface
In a Cisco router or switch, the function by which IOS keeps a list of commands that the user has used in this login session, both in EXEC mode and configuration mode. The user can then recall these commands for easier repeating or making small edits and issuing similar commands.
History buffer
An application layer protocol used throughout the Internet for translating host names into their associated IP addresses.
Domain name system (DNS)
The process by which an IP host discovers the IP address associated with a hostname, often involving sending a DNS request to a DNS server, with the server supplying the IP address used by a host with the listed hostname.
Name resolution
A message generated by any computer, but including Cisco routers and switches, for which the device OS wants to notify the owner or administrator of the device about some event.
Log message
The configuration and processes that control and change the choices made by the switch’s data plane.
Control plane
The work a switch does to forward frames generated by the devices connected to the switch.
Data plane
The _____ plane deals with managing the device itself, rather than controlling what the device is doing.
management
The first option to secure access to user mode is to uses a simple shared password with no username. Console users must supply the _____ password, as configured in console line configuration mode. Telnet users must supply the _____ password, also called the vty password, so called because the configuration sits in vty line configuration mode.
console;
Telnet
What command tells IOS to enable the use of a simple shared password (with no username) on this line (console or vty), so that the switch asks the user for a password
login
What command defines the actual password used on the console or vty
password
What command is used to configure the enable password?
enable secret
Use the _____ command to enter console configuration mode.
line con 0
Use the _____ command to enter vty configuration mode for all 16 vty lines (numbered 0 through 15).
line vty 0 15
Use the _____ (name) _____ (password) global configuration command to add one or more username/password pairs on the local switch.
username;
secret
Use the _____ subcommand to remove any existing simple shared passwords, just for good housekeeping of the configuration file.
no password
What server does Cisco switches use to hold the usernames/passwords. It allows users to do self service and forced maintenance on their passwords.
AAA (Authentication, authorization, and accounting)
The SSH server uses the fully qualified domain name (_____) of the switch as input to create an encryption key.
FQND
What command generates the SSH encryption keys?
crypto key generate rsa
To control which protocols a switch supports on its vty line, what command is used?
transport input
What protocol does a switch use to dynamically learn its IPv4 settings.
Dynamic Host Configuration Protocol (DHCP)
