SHIFT

--- Sjoerd Hooft's InFormation Technology ---

User Tools

Site Tools


ciscoaaa
Differences

This shows you the differences between two versions of the page.

Link to this comparison view

ciscoaaa [2013/04/23 20:41] (current)
sjoerd created
Line 1: Line 1:
 += Cisco Authentication =
  
 +This is a page with information about cisco authentication. It is an addon to the [[ciscoradiusad2008]] article.
 +
 +All commands assume you've already logged on to the switch with privilege level 15 access and are already in config mode (conf t).
 +
 +== Basic Cisco Configuration ==
 +
 +To successfully configure the switch start with the administration of the switch, so configure the hostname, domain name and the nameserver:
 +<​code>​
 +hostname switch04
 +ip domain-name company.local
 +ip name-server 10.10.10.53
 +</​code>​
 +
 += Local user =
 +
 +Create a local user with privilege 15. This user will be the fallback when RADIUS authentication fails.
 +<​code>​
 +username <​user>​ priv 15 password <​password>​
 +</​code>​
 +
 +== Authentication Configuration ==
 +
 +Configure AAA security services (authentication,​ authorization,​ and accounting) on the switch to support the RADIUS security protocol
 +<​code>​
 +aaa new-model
 +</​code>​
 +\\
 +Configure the authentication methods
 +<​code>​
 +aaa authentication login default group radius local
 +aaa authorization exec default group radius local
 +</​code>​
 +
 +== line VTY
 +
 +Configure the default authentication method for all virtual terminal sessions (vty):
 +<​code>​
 +line vty 0 15
 +(config-line)#​ login authentication default
 +end
 +</​code>​
 +
 +== Banner ==
 +
 +Set a banner stating that all actions, logins etc. will be logged:
 +<​code>​
 +aaa authentication banner #
 +***************************************************************************
 +NOTICE TO USERS
 +This computer system is the private property of getshifting.com,​ whether
 +individual, corporate or government. It is for authorized use only.
 +Users (authorized or unauthorized) have no explicit or implicit
 +expectation of privacy.
 +Any or all uses of this system and all files on this system may be
 +intercepted,​ monitored, recorded, copied, audited, inspected, and
 +disclosed to your employer, to authorized site, government, and law
 +enforcement personnel, as well as authorized officials of government
 +agencies, both domestic and foreign.
 +By using this system, the user consents to such interception,​ monitoring,
 +recording, copying, auditing, inspection, and disclosure at the
 +discretion of such personnel or officials. Unauthorized or improper use
 +of this system may result in civil and criminal penalties and
 +administrative or disciplinary action, as appropriate. By continuing to
 +use this system you indicate your awareness of and consent to these terms
 +and conditions of use. LOG OFF IMMEDIATELY if you do not agree to the
 +conditions stated in this warning.
 +****************************************************************************
 +#
 +</​code>​
 +
 += Passwords In Config =
 +If the passwords in the running config show as plain text issue this command to show them encrypted:
 +<​code>​
 +service password-encryption
 +</​code>​
 +
 += Check and Close =
 +Now check the configuration,​ and only write the configuration to the cisco device if you can login successfully and everything is correct. To do so:
 +<​code>​
 +write
 +exit
 +</​code>​
 +
 += Sources =
 +http://​www.cisco.com/​en/​US/​tech/​tk59/​technologies_tech_note09186a0080093c81.shtml
 +
 +{{tag>​network security cisco}}
ciscoaaa.txt ยท Last modified: 2013/04/23 20:41 by sjoerd