Archive | Cisco Network Security Little Black Book RSS feed for this section

Configuring Dynamic Access Lists

20 Mar

Configuring Dynamic Access Lists
Dynamic access lists permit or deny traffic based on user credentials that are passed to the Lock and Key router for user authentication. To be permitted access to a host behind a router configured for Lock and Key security, a user must first telnet to the router and pass an authentication phase. [...]

Configuring Commented Access Lists

20 Mar

Configuring Commented Access Lists
When you use named access lists, you are able to provide a small description of the access list within the name, as shown in Listing 7.15 and Listing 7.16. Sometimes, though, the name of an access list does not provide enough information about what the access list does or what function each [...]

Configuring Named Access Lists

20 Mar

Configuring Named Access Lists
Because of the numeric limitations of numbered standard and extended access lists, in IOS release 11.2, Cisco included a feature known as named access lists, which extend the numeric limit of numbered access lists. To configure a named access list, follow these steps:
1.Use the following configuration command to define a named access [...]

Configuring Extended TCP Access Lists

20 Mar

Configuring Extended TCP Access Lists
In the preceding section, you learned how to configure IP−specific access lists. The Cisco IOS also gives security administrators the ability to configure extended access lists using more specific protocol−dependent options for filtering packets; for example, you can configure TCP access lists. The steps for configuring extended TCP access lists are [...]

Configuring AAA Support

20 Mar

Configuring AAA Support
Cisco Catalyst switches support the use of the AAA architecture that was discussed in Chapter 2. Catalyst switches allow for the configuration of any combination of these authentication methods to control access to the switch:
-Local authentication—Uses the locally configured login and enable passwords to authenticate login attempts.
-RADIUS authentication—Uses the AAA server to authenticate [...]