Security Configuration Guide, Cisco IOS XE Gibraltar 16.11 ...

Security Configuration Guide, Cisco IOS XE Gibraltar 16.11.x (Catalyst

9500 Switches)

First Published: 2019-03-29

Americas Headquarters

Cisco Systems, Inc.

170 West Tasman Drive

San Jose, CA 95134-1706

USA



Tel: 408 526-4000

800 553-NETS (6387)

Fax: 408 527-0883

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL:

go trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any

other company. (1721R)

? 2019

Cisco Systems, Inc. All rights reserved.

CONTENTS

Short Description

CHAPTER 1

?

Controlling Switch Access with Passwords and Privilege Levels

1

Restrictions for Controlling Switch Access with Passwords and Privileges 1

Restrictions and Guidelines for Reversible Password Types 1

Restrictions and Guidelines for Irreversible Password Types 1

Information About Controlling Switch Access with Passwords and Privileges 2

Preventing Unauthorized Access 2

Default Password and Privilege Level Configuration 3

Additional Password Security 3

Password Recovery 3

Terminal Line Telnet Configuration 4

Username and Password Pairs 4

Privilege Levels 4

AES Password Encryption and Master Encryption Keys 5

How to Configure Switch Access with Passwords and Privileges 5

Setting or Changing a Static Enable Password 5

Protecting Enable and Enable Secret Passwords with Encryption 6

Disabling Password Recovery 9

Setting a Telnet Password for a Terminal Line 10

Configuring Username and Password Pairs 11

Setting the Privilege Level for a Command 12

Changing the Default Privilege Level for Lines 13

Logging in to and Exiting a Privilege Level 14

Configuring an Encrypted Preshared Key 15

Monitoring Switch Access with Passwords and Privileges 16

Security Configuration Guide, Cisco IOS XE Gibraltar 16.11.x (Catalyst 9500 Switches)

iii

Contents

Configuration Examples for Switch Access with Passwords and Privilege Levels 16

Example: Setting or Changing a Static Enable Password 16

Example: Protecting Enable and Enable Secret Passwords with Encryption 16

Example: Setting a Telnet Password for a Terminal Line 17

Example: Setting the Privilege Level for a Command 17

Example: Configuring an Encrypted Preshared Key 17

Feature History for Controlling Switch Access with Passwords and Privileges 17

CHAPTER 2

Configuring Login Block

19

Information About Login Enhancements-Login Block 19

Login Enhancements-Login Block Overview 19

Protecting Against Denial of Service and Dictionary Login Attacks 19

Delays Between Successive Login Attempts 20

Login Shutdown If DoS Attacks Are Suspected 20

How to Configure Login Enhancements-Login Block 20

Configuring Login Parameters 20

Verifying Login Parameters 22

Configuration Examples for Login Enhancements-Login Block 24

Example: Configuring Login Parameters

24

Feature History for Login Enhancements-Login Block 24

CHAPTER 3

Configuring Authentication 25

Prerequisites for Configuring Authentication 25

Restrictions for Configuring Authentication 25

Information About Authentication 25

Named Method Lists for Authentication 25

Method Lists and Server Groups 26

Login Authentication Using AAA 27

Login Authentication Using Enable Password 27

Login Authentication Using Kerberos 27

Login Authentication Using Line Password 27

Login Authentication Using Local Password 28

Login Authentication Using Group RADIUS 28

Login Authentication Using Group TACACS 28

Security Configuration Guide, Cisco IOS XE Gibraltar 16.11.x (Catalyst 9500 Switches)

iv

Contents

Login Authentication Using Group Name 28

PPP Authentication Using AAA 29

PPP Authentication Using Kerberos 29

PPP Authentication Using Local Password 29

PPP Authentication Using Group RADIUS 29

PPP Authentication Using Group TACACS 30

PPP Authentication Using Group Name 30

AAA Scalability for PPP Requests 31

ARAP Authentication Using AAA 31

ARAP Authentication Allowing Authorized Guest Logins 31

ARAP Authentication Allowing Guest Logins 31

ARAP Authentication Using Line Password 32

ARAP Authentication Using Local Password 32

ARAP Authentication Using Group RADIUS 32

ARAP Authentication Using Group TACACS 32

ARAP Authentication Using a Group Name 32

NASI Authentication Using AAA 33

NASI Authentication Using Enable Password 33

NASI Authentication Using Group RADIUS 33

NASI Authentication Using Group TACACS 33

NASI Authentication Using Line Password 34

NASI Authentication Using Local Password 34

NASI Authentication Using Group Name 34

Specifying the Amount of Time for Login Input 34

Password Protection at the Privileged Level 35

Changing the Text Displayed at the Password Prompt 35

Double Authentication of PPP Sessions 35

How Double Authentication Works 36

Accessing the User Profile After Double Authentication 36

CHAP or PAP Authentication 37

Enabling PPP Encapsulation 38

Enabling PAP or CHAP 38

Inbound and Outbound Authentication 39

Enabling Outbound PAP Authentication 39

Security Configuration Guide, Cisco IOS XE Gibraltar 16.11.x (Catalyst 9500 Switches)

v

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download

To fulfill the demand for quickly locating and searching documents.

It is intelligent file search solution for home and business.

Literature Lottery

Related download
Related searches

    ©2024 5y1.org, Inc. All rights reserved.