Config Basic Switch Management Flashcards
4 Ways of configuring the switch for security
- Securing user mode and privileged mode with simple passwords
- Securing user mode access with local usernames
- Securing user mode access with external authentication servers
- securing remote access with SSH
Default setting of switch
Allows full access from the console but no access via Telnet or SSH
Using default settings, a console user can move into user mode and then privileged mode with no passwords required
However, default settings prevent remote users from accessing even user mode
Configuring telnet and ssh password (Login Local - Multiple)
enable config t username russ password montecito username cindy password belgium line vty 0 1 login local no password
Protecting enable mode
config t
enable secret
Configuring telnet and ssh password (Single)
enable config t line vty 0 15 password hope login
Configuring console password
enable config t line console 0 password love login
Cleaning up password
no password
Better security & faster password changes
Authentication, Authorization & Accounting (AAA) server.
These servers hold the usernames/passwords. Server allow users to do self-service and forced maintenance to their passwords
When using a AAA server for authentication, the switch simply sends a message to the AAA server asking whether the username and password are allowed, the AAA server replies
AAA servers - RADIUS or TACACS+
Disadvantage of Telnet
All data in the Telnet session flows as clear text
Config SSH (Creating encryption key)
hostname sw1
ip domain-name example.com
crypto key generate rsa
Optionally:
- can dictate modulus: 1024
- ip ssh version 2
Changing protocol that a switch use
- transport input ssh - Support ssh
- transport input none - Support neither
- transport input telnet - Support telnet
- transport input all - Support telnet and ssh
Securing User Mode Access
enable config t hostname sw1 ip domain-name example.com crypto key generate rsa ip ssh version 2 (optional) transport ssh all (optional
username sam password cook
line vty 0 15
login local
exit
Default transport config
tranport input none
ssh command
- show ip ssh - Lists status information about the SSH server itself
- show ssh - Lists information about each ssh client currently connected into the switch
Host & Switch IP setting for user access
Switch contain NIC
NIC uses concept of Switch Virtual Interface (SVI), whereby each vlan has its own ip address