Chapter 8 - Configuring Ethernet Switching Flashcards
What command moves you into global configuration mode?
configure terminal
What command enables a password when a user tries to enable mode?
enable secret {password}
What commands enable a login and password for console 0?
#configure terminal #line console 0 #password {password} #login
What commands enable a login and password?
username {username} password {password}
Interface sub-command login local
What’s another way to authenticate users other than using the local username and passwords on a switch?
Using a AAA server - authentication, authorization, and accounting
What protocols are normally used between a Cisco device and a AAA server to secure the traffic?
RADIUS or TACACS+
What are the 4 steps to enabling SSH on a switch?
Step 1.) Configure the vty lines to use usernames (using login local command) or a AAA server
Step 2.) If using local logins, configure the usernames and passwords
Step 3.) Configure the switch to use a matched public and private key pair to use for encryption.
Step 4.) Optional - Enable SSH v2
What two commands configure the switch to use a matched public and private key pair for encryption?
#ip domain-name {name} #crypto key generate rsa
What global command enables SSH v2?
ip ssh version 2
What 2 commands give some information about the status of SSH on the switch?
#show ip ssh #show ssh
What command lists information about each SSH client currently connected into the switch?
show ssh
Which command enables or disables SSH or telnet on the vty lines?
transport input vty subcommand
Valid commands are transport input {all | none | telnet | ssh}
What global configuration command will encrypt the passwords in the running configuration file?
service password-encryption
Once the service password-encryption command is entered and then if the no service password-encryption is entered, how does it treat the passwords in the config file?
Once the no service password-encryption file is entered, the current passwords in the file are unchanged. However, any new changes will show the passwords in clear text.
Switches can protect the enable mode requiring that a user enter a password. What is the old and new command for enabling this password?
The older one is:
#enable password {password}
The newer one is:
#enable secret {password}
If both enable commands are configured, which one does the switch use or prefer?
enable secret command
If only one enable command is configured, what password does the switch require?
The password used in the enable command that was configured.
If neither enable command was used, what password is required?
Console users are allowed into enable mode without a password prompt while others are rejected.
How is the encryption that the enable secret command uses different than the service password-encryption command?
The enable secret command uses MD5 or Message Digest 5 hash versus the weaker encryption that the enable secret command uses.
What command is preferred to hide the password for a username?
username secret {password}