Term
| What are the 2 different access modes that AAA can operate in? |
|
Definition
- Character mode - Used on the vty, TTY, AUX, and CON ports, which are generally used to configure a device. - Packet mode - Used on the ASYNC, BRI, PRI, and serial ports, as well as on dialer profiles and dialer rotaries, usually when the user is trying to communicate with a different device. |
|
|
Term
| What layer 4 protocols are used with RADIUS and TACSCS+? |
|
Definition
| RADIUS relies on UDP, whereas TACSCS+ relies on TCP. |
|
|
Term
| How does packet encryption work with RADIUS and TACACS+? |
|
Definition
| TACACS+ allows for encryption of the entire body of the packet while maintaining the standard TACACS+ header. RADIUS encrypts only the password within the access-request packet, leaving the remainder of the packet unencrypted. |
|
|
Term
| How does authentication and authorization differ with TACACS and RADIUS? |
|
Definition
| The biggest difference between TACACS and RADIUS is that TACACS allows for the separation of the authentication and authorization process. With RADIUS, both must be on the same server, since both a combined into a single request. |
|
|
Term
| How does router management work between RADIUS and TACACS+? |
|
Definition
RADIUS does not allow users to control which commands can and cannot be executes on a router. It either allows the user to access the router or not. TACACS+ provide 2 methods: - Specify in the TACACS+ server the commands that are allowable by the user or group. - Relying on privilege levels, query the TACACS+ server to determine whether the user or group is authorized to issue a command. |
|
|
Term
| What command enables AAA on a router? |
|
Definition
|
|
Term
| What command tells the system where to look for a RADIUS server? |
|
Definition
| radius-server host {hostname | ip-address} [auth-port port] [key string] |
|
|
Term
| What command tells the system where to look for a TACACS+ server? |
|
Definition
| tacacs-server host {hostname | ip-address} [key string] |
|
|
Term
| What command is used to specify the TACACS authentication key? |
|
Definition
| tacacs-server key {0 string | 7 string | string} |
|
|
Term
| What command is used to specify the RADIUS server key? |
|
Definition
| radius-server key {0 string | 7 string | string} |
|
|
Term
| What command specifies the AAA authentication methods for use on serial interfaces running PPP? |
|
Definition
| aaa authentication ppp {default | list-name} method1 [method2...] |
|
|
Term
| What are the different method options when specifying the AAA authentication? |
|
Definition
- if-needed - do not authenticate if the user is already authenticated. - krb5 - use Kerberos 5 for authentication - local - use the local database - none - no authentication - radius - use RADIUS authentication - tacacs+ - use TACACS+ authentication |
|
|
Term
| What command sets the parameters that restrict network access for a user? |
|
Definition
| aaa authorization {network | exec | commands levels | reverse-access} {default | list-name} [method1 [method2...]] |
|
|
Term
| What command enables AAA accounting for requested services? |
|
Definition
| aaa accounting {auth-proxy | system | network | exec | connection | commands levels} {default | list-name} [vrf vrf-name] {start-stop | stop-only | none} |
|
|
Term
| What command displays information about AAA authentication events? |
|
Definition
|
|
Term
| What command displays information about AAA authorization events? |
|
Definition
|
|
Term
| What command displays information regarding AAA accounting? |
|
Definition
|
|
Term
| What command displays information regarding RADIUS? |
|
Definition
debug radius [brief | hex]
|
|
|
Term
| What command displays information about TACACS+? |
|
Definition
|
|
