- #Which of the following is a key function in the cisco ios (internetwork operating system)? how to#
- #Which of the following is a key function in the cisco ios (internetwork operating system)? plus#
The problem with this situation was that the company hired many contractors, who came and went on a weekly basis. When I walked through the company's door, authentication/authorization was not centralized it was localized on each router. I once dealt with a client that had 1,300 routers in its network. The following sections discuss and compare TACACS+ and RADIUS Kerberos is not discussed in this book.
Of these three, TACACS+ and RADIUS are the more common. Remote Authentication Dial-In User Service (RADIUS)
#Which of the following is a key function in the cisco ios (internetwork operating system)? plus#
Terminal Access Controller Access Control System Plus (TACACS+) In most situations, three security protocols are used: This protocol is used to exchange AAA messages. If you decide to use an AAA server to centralize your AAA security policies, you need to use a security protocol between your router and the AAA server. Centralizing AAA provides these benefits: Many products are available on the market, including the Cisco Secure Access Control Server (ACS). If you want to centralize your AAA implementation, you use one or more AAA security servers. To enable it, use the following command:Īs you can see, enabling AAA is a very simple process however, this is only the first step in configuring AAA on your router. Optionally, configure accounting to keep track of what and when events occur on the router.īy default, AAA is disabled on your Cisco router. Optionally, configure authorization to restrict what the user can do on the router. Define the method or methods you will use to perform authentication. Configure the parameters for an external AAA server, if used. To configure AAA, you need to perform the following steps: Step 1. This book focuses on only the router configuration (configuring an AAA security server is beyond the scope of this book). You need to configure many things to implement AAA. Note that other solutions exist, such as those that I discussed in Chapter 3, but AAA is the preferred one. One restriction of the accounting component is that it requires an external AAA security server to store the actual accounting records.ĪAA is the recommended Cisco solution for implementing access control. The accounting of AAA keeps a log of these events. This can be as simple as keeping track of who logs into a router and any status changes on the router (such as an interface going down or the router being reloaded), or something as complex as keeping track of each command that a user executes on a router. With AAA authorization, you can enforce this restriction.ĪAA's accounting component is responsible for keeping a record of events of authentication and authorization actions.
For example, you might want a network administrator to have privileged EXEC access, but want him to use only the debug command. When authentication for a user successfully has completed, AAA's authorization is used to restrict what actions a user can perform or what services a user can access. As you will see later in the chapter, you can use many methods to perform authentication on your router. For example, you could specify two authentication methods: use an external security server, and, if this is not available, use the local username database on the router. With AAA authentication, you define one or more authentication methods that the router should use when authenticating a user. This can include login access, as well as other types of access, such as PPP network access. The authentication component of AAA is responsible for providing a method to identify (authenticate) users.
#Which of the following is a key function in the cisco ios (internetwork operating system)? how to#
The following sections cover the functions of AAA, as well as how to enable it.
AAA provides a cohesive framework to control who can access a router, what services they can use on a router, and what they can do on a router.