Security Configuration Guide, Cisco IOS XE Gibraltar 16.11 ...
Security Configuration Guide, Cisco IOS XE Gibraltar 16.11.x (Catalyst
9500 Switches)
First Published: 2019-03-29
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL:
go trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any
other company. (1721R)
? 2019
Cisco Systems, Inc. All rights reserved.
CONTENTS
Short Description
CHAPTER 1
?
Controlling Switch Access with Passwords and Privilege Levels
1
Restrictions for Controlling Switch Access with Passwords and Privileges 1
Restrictions and Guidelines for Reversible Password Types 1
Restrictions and Guidelines for Irreversible Password Types 1
Information About Controlling Switch Access with Passwords and Privileges 2
Preventing Unauthorized Access 2
Default Password and Privilege Level Configuration 3
Additional Password Security 3
Password Recovery 3
Terminal Line Telnet Configuration 4
Username and Password Pairs 4
Privilege Levels 4
AES Password Encryption and Master Encryption Keys 5
How to Configure Switch Access with Passwords and Privileges 5
Setting or Changing a Static Enable Password 5
Protecting Enable and Enable Secret Passwords with Encryption 6
Disabling Password Recovery 9
Setting a Telnet Password for a Terminal Line 10
Configuring Username and Password Pairs 11
Setting the Privilege Level for a Command 12
Changing the Default Privilege Level for Lines 13
Logging in to and Exiting a Privilege Level 14
Configuring an Encrypted Preshared Key 15
Monitoring Switch Access with Passwords and Privileges 16
Security Configuration Guide, Cisco IOS XE Gibraltar 16.11.x (Catalyst 9500 Switches)
iii
Contents
Configuration Examples for Switch Access with Passwords and Privilege Levels 16
Example: Setting or Changing a Static Enable Password 16
Example: Protecting Enable and Enable Secret Passwords with Encryption 16
Example: Setting a Telnet Password for a Terminal Line 17
Example: Setting the Privilege Level for a Command 17
Example: Configuring an Encrypted Preshared Key 17
Feature History for Controlling Switch Access with Passwords and Privileges 17
CHAPTER 2
Configuring Login Block
19
Information About Login Enhancements-Login Block 19
Login Enhancements-Login Block Overview 19
Protecting Against Denial of Service and Dictionary Login Attacks 19
Delays Between Successive Login Attempts 20
Login Shutdown If DoS Attacks Are Suspected 20
How to Configure Login Enhancements-Login Block 20
Configuring Login Parameters 20
Verifying Login Parameters 22
Configuration Examples for Login Enhancements-Login Block 24
Example: Configuring Login Parameters
24
Feature History for Login Enhancements-Login Block 24
CHAPTER 3
Configuring Authentication 25
Prerequisites for Configuring Authentication 25
Restrictions for Configuring Authentication 25
Information About Authentication 25
Named Method Lists for Authentication 25
Method Lists and Server Groups 26
Login Authentication Using AAA 27
Login Authentication Using Enable Password 27
Login Authentication Using Kerberos 27
Login Authentication Using Line Password 27
Login Authentication Using Local Password 28
Login Authentication Using Group RADIUS 28
Login Authentication Using Group TACACS 28
Security Configuration Guide, Cisco IOS XE Gibraltar 16.11.x (Catalyst 9500 Switches)
iv
Contents
Login Authentication Using Group Name 28
PPP Authentication Using AAA 29
PPP Authentication Using Kerberos 29
PPP Authentication Using Local Password 29
PPP Authentication Using Group RADIUS 29
PPP Authentication Using Group TACACS 30
PPP Authentication Using Group Name 30
AAA Scalability for PPP Requests 31
ARAP Authentication Using AAA 31
ARAP Authentication Allowing Authorized Guest Logins 31
ARAP Authentication Allowing Guest Logins 31
ARAP Authentication Using Line Password 32
ARAP Authentication Using Local Password 32
ARAP Authentication Using Group RADIUS 32
ARAP Authentication Using Group TACACS 32
ARAP Authentication Using a Group Name 32
NASI Authentication Using AAA 33
NASI Authentication Using Enable Password 33
NASI Authentication Using Group RADIUS 33
NASI Authentication Using Group TACACS 33
NASI Authentication Using Line Password 34
NASI Authentication Using Local Password 34
NASI Authentication Using Group Name 34
Specifying the Amount of Time for Login Input 34
Password Protection at the Privileged Level 35
Changing the Text Displayed at the Password Prompt 35
Double Authentication of PPP Sessions 35
How Double Authentication Works 36
Accessing the User Profile After Double Authentication 36
CHAP or PAP Authentication 37
Enabling PPP Encapsulation 38
Enabling PAP or CHAP 38
Inbound and Outbound Authentication 39
Enabling Outbound PAP Authentication 39
Security Configuration Guide, Cisco IOS XE Gibraltar 16.11.x (Catalyst 9500 Switches)
v
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- user s guide wf 4630 wf 4640
- eight channel web enabled thermocouple input module
- verizon card configuration siemens
- security configuration guide cisco ios xe gibraltar 16 11
- digi wr routers user guide digi international
- cli guide cisco 300 switches for release 1 3
- cisco cli sg550xg 2 1 0 x cisco
- command reference for x510 series switches running
- manageengine servicedesk plus msp admin guide
Related searches
- security classification guide army
- security classification guide dod
- a security classification guide scg is
- sap dms configuration guide pdf
- dod security classification guide handbook
- security classification guide training
- what information do security classification guide scg
- free security study guide download
- security study guide 501
- cisco ios router images download
- cisco ios free download
- update cisco ios switch