Network Device Management and Security Flashcards
What prevents rogue DHCP servers?
DHCP snooping
What prevents ARP attacks?
DAI (Dynamic ARP inspection)
What protects network resources and provides user mobility?
Identity-based networking
What is DHCP snooping?
Layer 2 firewall
How are interfaces configured for DHCP snooping?
trusted and untrusted
Which interface is configured as the trusted interface?
the one closest to the DHCP server
What does DHCP build when DHCP snooping is enabled?
binding database
What does DAI intercept?
All ARP requests
What does DAI verify?
Each intercepted packet for a valid IP to MAC binding
What does an Identity based network verify?
The users when they connect
What is the IEEE standard for Identity based networking?
802.1x
What are the three roles defined by 802.1x?
Client
Authenticator
Authentication server
The switch that controls physical access to the network
Authenticator
The server that authenticates each client that connects to a switch before making any service available in the network.
Authentication server
Manages all users and administrative access that you need for the entire network
AAA Server
What are the two most popular methods to create external AAA servers?
RADIUS
TACACS +
What method provides authentication and authorization in 1 process?
RADIUS
Cisco proprietary mechanism that separates AAA services
TACACS +
What authentication method uses UDP?
RADIUS
What authentication method uses TCP?
TACACS +
What command enables AAA services?
aaa new-model
To avoid being locked out of the router, what must you do first?
define a local username and password
What command configures SRV1 as a RADIUS server with the name myRadiusRV1?
What command configures “radiusPassword” as a shared key?
radius server myRadiusSRV1
key radiusPassword
On R1, what command would add this newly created RADIUS server to the group?
aaa group server radius MyRadiusGroup
server name myRadiusSRV1
What command immediately applies local authentication to all lines and interfaces (except the console line0)?
aaa new-model
What would be the command to configure the local user admin that has a password of Cisco123?
username admin password Cisco123