Config Basic Switch Management Flashcards

1
Q

4 Ways of configuring the switch for security

A
  1. Securing user mode and privileged mode with simple passwords
  2. Securing user mode access with local usernames
  3. Securing user mode access with external authentication servers
  4. securing remote access with SSH
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Default setting of switch

A

Allows full access from the console but no access via Telnet or SSH

Using default settings, a console user can move into user mode and then privileged mode with no passwords required

However, default settings prevent remote users from accessing even user mode

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Configuring telnet and ssh password (Login Local - Multiple)

A
enable
config t
username russ password montecito
username cindy password belgium
line vty 0 1
login local
no password
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Protecting enable mode

A

config t

enable secret

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Configuring telnet and ssh password (Single)

A
enable
config t
line vty 0 15
password hope
login
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Configuring console password

A
enable
config t
line console 0
password love
login
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Cleaning up password

A

no password

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Better security & faster password changes

A

Authentication, Authorization & Accounting (AAA) server.

These servers hold the usernames/passwords. Server allow users to do self-service and forced maintenance to their passwords

When using a AAA server for authentication, the switch simply sends a message to the AAA server asking whether the username and password are allowed, the AAA server replies

AAA servers - RADIUS or TACACS+

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Disadvantage of Telnet

A

All data in the Telnet session flows as clear text

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Config SSH (Creating encryption key)

A

hostname sw1
ip domain-name example.com
crypto key generate rsa

Optionally:

  1. can dictate modulus: 1024
  2. ip ssh version 2
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Changing protocol that a switch use

A
  1. transport input ssh - Support ssh
  2. transport input none - Support neither
  3. transport input telnet - Support telnet
  4. transport input all - Support telnet and ssh
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Securing User Mode Access

A
enable
config t
hostname sw1
ip domain-name example.com
crypto key generate rsa
ip ssh version 2 (optional)
transport ssh all (optional

username sam password cook
line vty 0 15
login local
exit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Default transport config

A

tranport input none

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

ssh command

A
  1. show ip ssh - Lists status information about the SSH server itself
  2. show ssh - Lists information about each ssh client currently connected into the switch
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Host & Switch IP setting for user access

A

Switch contain NIC

NIC uses concept of Switch Virtual Interface (SVI), whereby each vlan has its own ip address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Considerations when config vlan interfaces

A
  1. Never use a VLAN interface for which there are no physical ports assigned to the same VLAN, (VLAN will not reach an up/up state, switch will not be able to communicate)
  2. Hosts only communicate within their subnet in the VLAN and not outside (A vlan can have multiple subnet)
  3. Sending of Data Packets
    - To send IP packets to hosts in the same subnet, send them directly
    - To send IP packets to hosts in a different subnet, send them to the local router; that is, the default gateway

4.

17
Q

Configuring IPv4 on a switch command

A
  1. interface vlan 1
  2. ip address
  3. no shutdown
  4. ip default-gateway
  5. (optional) ip name-server