SlideShare a Scribd company logo

Ccna sv2 instructor_ppt_ch3

Download as PPTX, PDF
S
SalmenHAJJI1

CCNA security chapitre 3

Internet
1 of 54
CCNA Security v2.0 Chapter 3: Authentication, Authorization, and Accounting
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 2 3.0 Introduction 3.1 Purpose of the AAA 3.2 Local AAA Authentication 3.3 Server-Based AAA 3.4 Server-Based AAA Authentication 3.5 Server-Based Authorization and Accounting 3.6 Summary
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 3 Upon completion of this section, you should be able to: • Explain why AAA is critical to network security. • Describe the characteristics of AAA.
Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 4
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 5 Telnet is Vulnerable to Brute-Force Attacks
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 6 SSH and Local Database Method
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 8
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 9 Local AAA Authentication Server-Based AAA Authentication
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 10 AAA Authorization
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 11 Types of accounting information: • Network • Connection • EXEC • System • Command • Resource AAA Accounting
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 12 Upon completion of this section, you should be able to: • Configure AAA authentication, using the CLI, to validate users against a local database. • Troubleshoot AAA authentication that validates users against a local database.
Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 13
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 14 1. Add usernames and passwords to the local router database for users that need administrative access to the router. 2. Enable AAA globally on the router. 3. Configure AAA parameters on the router. 4. Confirm and troubleshoot the AAA configuration.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 16 Example Local AAA Authentication
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 17 Show Unique ID of a Session Display Locked Out Users Command Syntax
Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 18
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 19 Debug Local AAA Authentication
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 20 Understanding Debug Output
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 21 Upon completion of this section, you should be able to: • Describe the benefits of server-based AAA. • Compare the TACACS+ and RADIUS authentication protocols.
Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 22
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 23 Server-based authentication: 1. User establishes a connection with the router. 2. Router prompts the user for a username and password. 3. Router passes the username and password to the Cisco Secure ACS (server or engine) 4. The Cisco Secure ACS authenticates the user. Local authentication: 1. User establishes a connection with the router. 2. Router prompts the user for a username and password, authentication the user using a local database.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 25
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 27 TACACS+ Authentication Process
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 28 RADIUS Authentication Process
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 29 Cisco Secure ACS
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 31 Upon completion of this section, you should be able to: • Configure server-based AAA authentication, using the CLI, on Cisco routers. • Troubleshoot server-based AAA authentication.
Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 32
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 33 1. Enable AAA. 2. Specify the IP address of the ACS server. 3. Configure the secret key. 4. Configure authentication to use either the RADIUS or TACACS+ server.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 34 Server-Based AAA Reference Topology Configure a AAA TACACS+ Server
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 35 Configure a AAA RADIUS Server
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 36 Configure Server-Based AAA Authentication Command Syntax
Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 37
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 38 Troubleshooting Server-Based AAA Authentication
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 39 Troubleshooting RADIUS Troubleshooting TACACS+
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 40 AAA Server-Based Authentication Failure AAA Server-Based Authentication Success
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 41 Upon completion of this section, you should be able to: • Configure server-based AAA authorization. • Configure server-based AAA accounting. • Explain the functions of 802.1x components.
Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 42
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 43 Authentication vs. Authorization • Authentication ensures a device or end-user is legitimate • Authorization allows or disallows authenticated users access to certain areas and programs on the network. TACACS+ vs. RADIUS • TACACS+ separates authentication from authorization • RADIUS does not separate authentication from authorization
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 44 Example AAA Authorization Authorization Method Lists Command Syntax
Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 45
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 47 Example AAA Accounting Accounting Method Lists Command Syntax
Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 48
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 49 802.1X Message Exchange 802.1X Roles
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 50 Command Syntax for dot1x port-control
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 52 Chapter Objectives: • Explain how AAA is used to secure a network. • Implement AAA authentication that validates users against a local database. • Implement server-based AAA authentication using TACACS+ and RADIUS protocols. • Configure server-based AAA authorization and accounting.
Thank you.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 54 • Remember, there are helpful tutorials and user guides available via your NetSpace home page. (https://www.netacad.com) • These resources cover a variety of topics including navigation, assessments, and assignments. • A screenshot has been provided here highlighting the tutorials related to activating exams, managing assessments, and creating quizzes. 1 2

Recommended

Ccna sv2 instructor_ppt_ch2
Ccna sv2 instructor_ppt_ch2Ccna sv2 instructor_ppt_ch2
Ccna sv2 instructor_ppt_ch2SalmenHAJJI1
 
Ccna sv2 instructor_ppt_ch6
Ccna sv2 instructor_ppt_ch6Ccna sv2 instructor_ppt_ch6
Ccna sv2 instructor_ppt_ch6SalmenHAJJI1
 
Ccna sv2 instructor_ppt_ch4
Ccna sv2 instructor_ppt_ch4Ccna sv2 instructor_ppt_ch4
Ccna sv2 instructor_ppt_ch4SalmenHAJJI1
 
Ccna sv2 instructor_ppt_ch1
Ccna sv2 instructor_ppt_ch1Ccna sv2 instructor_ppt_ch1
Ccna sv2 instructor_ppt_ch1SalmenHAJJI1
 
Real-world 802.1X Deployment Challenges
Real-world 802.1X Deployment ChallengesReal-world 802.1X Deployment Challenges
Real-world 802.1X Deployment ChallengesAruba, a Hewlett Packard Enterprise company
 
CCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityCCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityAhmed Habib
 
Aruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User GuideAruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User GuideAruba, a Hewlett Packard Enterprise company
 
CCNA 1 Routing and Switching v5.0 Chapter 3
CCNA 1 Routing and Switching v5.0 Chapter 3CCNA 1 Routing and Switching v5.0 Chapter 3
CCNA 1 Routing and Switching v5.0 Chapter 3Nil Menon
 

Recommended

Ccna sv2 instructor_ppt_ch2
Ccna sv2 instructor_ppt_ch2Ccna sv2 instructor_ppt_ch2
Ccna sv2 instructor_ppt_ch2SalmenHAJJI1
 
Ccna sv2 instructor_ppt_ch6
Ccna sv2 instructor_ppt_ch6Ccna sv2 instructor_ppt_ch6
Ccna sv2 instructor_ppt_ch6SalmenHAJJI1
 
Ccna sv2 instructor_ppt_ch4
Ccna sv2 instructor_ppt_ch4Ccna sv2 instructor_ppt_ch4
Ccna sv2 instructor_ppt_ch4SalmenHAJJI1
 
Ccna sv2 instructor_ppt_ch1
Ccna sv2 instructor_ppt_ch1Ccna sv2 instructor_ppt_ch1
Ccna sv2 instructor_ppt_ch1SalmenHAJJI1
 
Real-world 802.1X Deployment Challenges
Real-world 802.1X Deployment ChallengesReal-world 802.1X Deployment Challenges
Real-world 802.1X Deployment ChallengesAruba, a Hewlett Packard Enterprise company
 
CCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityCCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityAhmed Habib
 
Aruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User GuideAruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User GuideAruba, a Hewlett Packard Enterprise company
 
CCNA 1 Routing and Switching v5.0 Chapter 3
CCNA 1 Routing and Switching v5.0 Chapter 3CCNA 1 Routing and Switching v5.0 Chapter 3
CCNA 1 Routing and Switching v5.0 Chapter 3Nil Menon
 
PIW ISE best practices
PIW ISE best practicesPIW ISE best practices
PIW ISE best practicesSergey Kucherenko
 
ITN_Module_2_Basic_Switch_and_End_Device_Configuration.pdf.pdf
ITN_Module_2_Basic_Switch_and_End_Device_Configuration.pdf.pdfITN_Module_2_Basic_Switch_and_End_Device_Configuration.pdf.pdf
ITN_Module_2_Basic_Switch_and_End_Device_Configuration.pdf.pdfGomzAriez
 
How to configure port security in cisco switch
How to configure port security in cisco switchHow to configure port security in cisco switch
How to configure port security in cisco switchIT Tech
 
CCNA Product Overview.pptx
CCNA Product Overview.pptxCCNA Product Overview.pptx
CCNA Product Overview.pptxKISHOYIANKISH
 
CCNA v6.0 ITN - Chapter 02
CCNA v6.0 ITN - Chapter 02CCNA v6.0 ITN - Chapter 02
CCNA v6.0 ITN - Chapter 02Irsandi Hasan
 
Uygulamalı Ağ Güvenliği Eğitim Notları
Uygulamalı Ağ Güvenliği Eğitim NotlarıUygulamalı Ağ Güvenliği Eğitim Notları
Uygulamalı Ağ Güvenliği Eğitim NotlarıBGA Cyber Security
 
Open ssl certificate (https) for hotspot mikrotik
Open ssl certificate (https) for hotspot mikrotikOpen ssl certificate (https) for hotspot mikrotik
Open ssl certificate (https) for hotspot mikrotikAldi Nor Fahrudin
 
MikroTik Security
MikroTik SecurityMikroTik Security
MikroTik SecurityRofiq Fauzi
 
Ccna sv2 instructor_ppt_ch8
Ccna sv2 instructor_ppt_ch8Ccna sv2 instructor_ppt_ch8
Ccna sv2 instructor_ppt_ch8Babaa Naya
 
5.5.1.2 packet tracer configure ios intrusion prevention system (ips) using...
5.5.1.2 packet tracer configure ios intrusion prevention system (ips) using...5.5.1.2 packet tracer configure ios intrusion prevention system (ips) using...
5.5.1.2 packet tracer configure ios intrusion prevention system (ips) using...Salem Trabelsi
 
GÜVENLİ YAZILIM GELİŞTİRME EĞİTİMİ İÇERİĞİ
GÜVENLİ YAZILIM GELİŞTİRME EĞİTİMİ İÇERİĞİGÜVENLİ YAZILIM GELİŞTİRME EĞİTİMİ İÇERİĞİ
GÜVENLİ YAZILIM GELİŞTİRME EĞİTİMİ İÇERİĞİBGA Cyber Security
 
CCNA v6.0 ITN - Chapter 03
CCNA v6.0 ITN - Chapter 03CCNA v6.0 ITN - Chapter 03
CCNA v6.0 ITN - Chapter 03Irsandi Hasan
 
ClearPass Overview
ClearPass OverviewClearPass Overview
ClearPass OverviewJoAnna Cheshire
 
Fortinet Icon Library
Fortinet Icon LibraryFortinet Icon Library
Fortinet Icon LibraryFortinet
 
Mikrotik Hotspot With Queue Tree BW Management
Mikrotik Hotspot With Queue Tree BW ManagementMikrotik Hotspot With Queue Tree BW Management
Mikrotik Hotspot With Queue Tree BW Managementgopartheredbuff
 
Onboard Deployment Guide 3.9.6
Onboard Deployment Guide 3.9.6Onboard Deployment Guide 3.9.6
Onboard Deployment Guide 3.9.6Aruba, a Hewlett Packard Enterprise company
 
Layer 7 Firewall on Mikrotik
Layer 7 Firewall on MikrotikLayer 7 Firewall on Mikrotik
Layer 7 Firewall on MikrotikGLC Networks
 
CCNAv5 - S4: Chapter2 Connecting To The Wan
CCNAv5 - S4: Chapter2 Connecting To The WanCCNAv5 - S4: Chapter2 Connecting To The Wan
CCNAv5 - S4: Chapter2 Connecting To The WanVuz Dở Hơi
 
LINUX, WINDOWS VE AĞ SİSTEMLERİ SIZMA TESTLERİ
LINUX, WINDOWS VE AĞ SİSTEMLERİ SIZMA TESTLERİ LINUX, WINDOWS VE AĞ SİSTEMLERİ SIZMA TESTLERİ
LINUX, WINDOWS VE AĞ SİSTEMLERİ SIZMA TESTLERİ BGA Cyber Security
 
ATT&CK Updates- ATT&CK's Open Source
ATT&CK Updates- ATT&CK's Open SourceATT&CK Updates- ATT&CK's Open Source
ATT&CK Updates- ATT&CK's Open SourceMITRE ATT&CK
 
Ccna security v2 instructor_ppt_ch10
Ccna security v2 instructor_ppt_ch10Ccna security v2 instructor_ppt_ch10
Ccna security v2 instructor_ppt_ch10SalmenHAJJI1
 
Ccna sv2 instructor_ppt_ch9
Ccna sv2 instructor_ppt_ch9Ccna sv2 instructor_ppt_ch9
Ccna sv2 instructor_ppt_ch9SalmenHAJJI1
 

More Related Content

What's hot

ITN_Module_2_Basic_Switch_and_End_Device_Configuration.pdf.pdf
ITN_Module_2_Basic_Switch_and_End_Device_Configuration.pdf.pdfITN_Module_2_Basic_Switch_and_End_Device_Configuration.pdf.pdf
ITN_Module_2_Basic_Switch_and_End_Device_Configuration.pdf.pdfGomzAriez
 
How to configure port security in cisco switch
How to configure port security in cisco switchHow to configure port security in cisco switch
How to configure port security in cisco switchIT Tech
 
CCNA Product Overview.pptx
CCNA Product Overview.pptxCCNA Product Overview.pptx
CCNA Product Overview.pptxKISHOYIANKISH
 
CCNA v6.0 ITN - Chapter 02
CCNA v6.0 ITN - Chapter 02CCNA v6.0 ITN - Chapter 02
CCNA v6.0 ITN - Chapter 02Irsandi Hasan
 
Uygulamalı Ağ Güvenliği Eğitim Notları
Uygulamalı Ağ Güvenliği Eğitim NotlarıUygulamalı Ağ Güvenliği Eğitim Notları
Uygulamalı Ağ Güvenliği Eğitim NotlarıBGA Cyber Security
 
Open ssl certificate (https) for hotspot mikrotik
Open ssl certificate (https) for hotspot mikrotikOpen ssl certificate (https) for hotspot mikrotik
Open ssl certificate (https) for hotspot mikrotikAldi Nor Fahrudin
 
MikroTik Security
MikroTik SecurityMikroTik Security
MikroTik SecurityRofiq Fauzi
 
Ccna sv2 instructor_ppt_ch8
Ccna sv2 instructor_ppt_ch8Ccna sv2 instructor_ppt_ch8
Ccna sv2 instructor_ppt_ch8Babaa Naya
 
5.5.1.2 packet tracer configure ios intrusion prevention system (ips) using...
5.5.1.2 packet tracer configure ios intrusion prevention system (ips) using...5.5.1.2 packet tracer configure ios intrusion prevention system (ips) using...
5.5.1.2 packet tracer configure ios intrusion prevention system (ips) using...Salem Trabelsi
 
GÜVENLİ YAZILIM GELİŞTİRME EĞİTİMİ İÇERİĞİ
GÜVENLİ YAZILIM GELİŞTİRME EĞİTİMİ İÇERİĞİGÜVENLİ YAZILIM GELİŞTİRME EĞİTİMİ İÇERİĞİ
GÜVENLİ YAZILIM GELİŞTİRME EĞİTİMİ İÇERİĞİBGA Cyber Security
 
CCNA v6.0 ITN - Chapter 03
CCNA v6.0 ITN - Chapter 03CCNA v6.0 ITN - Chapter 03
CCNA v6.0 ITN - Chapter 03Irsandi Hasan
 
Fortinet Icon Library
Fortinet Icon LibraryFortinet Icon Library
Fortinet Icon LibraryFortinet
 
Mikrotik Hotspot With Queue Tree BW Management
Mikrotik Hotspot With Queue Tree BW ManagementMikrotik Hotspot With Queue Tree BW Management
Mikrotik Hotspot With Queue Tree BW Managementgopartheredbuff
 
Layer 7 Firewall on Mikrotik
Layer 7 Firewall on MikrotikLayer 7 Firewall on Mikrotik
Layer 7 Firewall on MikrotikGLC Networks
 
CCNAv5 - S4: Chapter2 Connecting To The Wan
CCNAv5 - S4: Chapter2 Connecting To The WanCCNAv5 - S4: Chapter2 Connecting To The Wan
CCNAv5 - S4: Chapter2 Connecting To The WanVuz Dở Hơi
 
LINUX, WINDOWS VE AĞ SİSTEMLERİ SIZMA TESTLERİ
LINUX, WINDOWS VE AĞ SİSTEMLERİ SIZMA TESTLERİ LINUX, WINDOWS VE AĞ SİSTEMLERİ SIZMA TESTLERİ
LINUX, WINDOWS VE AĞ SİSTEMLERİ SIZMA TESTLERİ BGA Cyber Security
 
ATT&CK Updates- ATT&CK's Open Source
ATT&CK Updates- ATT&CK's Open SourceATT&CK Updates- ATT&CK's Open Source
ATT&CK Updates- ATT&CK's Open SourceMITRE ATT&CK
 

What's hot (20)

PIW ISE best practices
PIW ISE best practicesPIW ISE best practices
PIW ISE best practices
 
ITN_Module_2_Basic_Switch_and_End_Device_Configuration.pdf.pdf
ITN_Module_2_Basic_Switch_and_End_Device_Configuration.pdf.pdfITN_Module_2_Basic_Switch_and_End_Device_Configuration.pdf.pdf
ITN_Module_2_Basic_Switch_and_End_Device_Configuration.pdf.pdf
 
How to configure port security in cisco switch
How to configure port security in cisco switchHow to configure port security in cisco switch
How to configure port security in cisco switch
 
CCNA Product Overview.pptx
CCNA Product Overview.pptxCCNA Product Overview.pptx
CCNA Product Overview.pptx
 
CCNA v6.0 ITN - Chapter 02
CCNA v6.0 ITN - Chapter 02CCNA v6.0 ITN - Chapter 02
CCNA v6.0 ITN - Chapter 02
 
Uygulamalı Ağ Güvenliği Eğitim Notları
Uygulamalı Ağ Güvenliği Eğitim NotlarıUygulamalı Ağ Güvenliği Eğitim Notları
Uygulamalı Ağ Güvenliği Eğitim Notları
 
Open ssl certificate (https) for hotspot mikrotik
Open ssl certificate (https) for hotspot mikrotikOpen ssl certificate (https) for hotspot mikrotik
Open ssl certificate (https) for hotspot mikrotik
 
MikroTik Security
MikroTik SecurityMikroTik Security
MikroTik Security
 
Ccna sv2 instructor_ppt_ch8
Ccna sv2 instructor_ppt_ch8Ccna sv2 instructor_ppt_ch8
Ccna sv2 instructor_ppt_ch8
 
5.5.1.2 packet tracer configure ios intrusion prevention system (ips) using...
5.5.1.2 packet tracer configure ios intrusion prevention system (ips) using...5.5.1.2 packet tracer configure ios intrusion prevention system (ips) using...
5.5.1.2 packet tracer configure ios intrusion prevention system (ips) using...
 
GÜVENLİ YAZILIM GELİŞTİRME EĞİTİMİ İÇERİĞİ
GÜVENLİ YAZILIM GELİŞTİRME EĞİTİMİ İÇERİĞİGÜVENLİ YAZILIM GELİŞTİRME EĞİTİMİ İÇERİĞİ
GÜVENLİ YAZILIM GELİŞTİRME EĞİTİMİ İÇERİĞİ
 
CCNA v6.0 ITN - Chapter 03
CCNA v6.0 ITN - Chapter 03CCNA v6.0 ITN - Chapter 03
CCNA v6.0 ITN - Chapter 03
 
ClearPass Overview
ClearPass OverviewClearPass Overview
ClearPass Overview
 
Fortinet Icon Library
Fortinet Icon LibraryFortinet Icon Library
Fortinet Icon Library
 
Mikrotik Hotspot With Queue Tree BW Management
Mikrotik Hotspot With Queue Tree BW ManagementMikrotik Hotspot With Queue Tree BW Management
Mikrotik Hotspot With Queue Tree BW Management
 
Onboard Deployment Guide 3.9.6
Onboard Deployment Guide 3.9.6Onboard Deployment Guide 3.9.6
Onboard Deployment Guide 3.9.6
 
Layer 7 Firewall on Mikrotik
Layer 7 Firewall on MikrotikLayer 7 Firewall on Mikrotik
Layer 7 Firewall on Mikrotik
 
CCNAv5 - S4: Chapter2 Connecting To The Wan
CCNAv5 - S4: Chapter2 Connecting To The WanCCNAv5 - S4: Chapter2 Connecting To The Wan
CCNAv5 - S4: Chapter2 Connecting To The Wan
 
LINUX, WINDOWS VE AĞ SİSTEMLERİ SIZMA TESTLERİ
LINUX, WINDOWS VE AĞ SİSTEMLERİ SIZMA TESTLERİ LINUX, WINDOWS VE AĞ SİSTEMLERİ SIZMA TESTLERİ
LINUX, WINDOWS VE AĞ SİSTEMLERİ SIZMA TESTLERİ
 
ATT&CK Updates- ATT&CK's Open Source
ATT&CK Updates- ATT&CK's Open SourceATT&CK Updates- ATT&CK's Open Source
ATT&CK Updates- ATT&CK's Open Source
 

Similar to Ccna sv2 instructor_ppt_ch3

Ccna security v2 instructor_ppt_ch10
Ccna security v2 instructor_ppt_ch10Ccna security v2 instructor_ppt_ch10
Ccna security v2 instructor_ppt_ch10SalmenHAJJI1
 
Ccna sv2 instructor_ppt_ch9
Ccna sv2 instructor_ppt_ch9Ccna sv2 instructor_ppt_ch9
Ccna sv2 instructor_ppt_ch9SalmenHAJJI1
 
012 2 ccna sv2-instructor_ppt_ch9
012 2 ccna sv2-instructor_ppt_ch9012 2 ccna sv2-instructor_ppt_ch9
012 2 ccna sv2-instructor_ppt_ch9Babaa Naya
 
Ccna sv2 instructor_ppt_ch7
Ccna sv2 instructor_ppt_ch7Ccna sv2 instructor_ppt_ch7
Ccna sv2 instructor_ppt_ch7SalmenHAJJI1
 
Ccna sv2 instructor_ppt_ch8
Ccna sv2 instructor_ppt_ch8Ccna sv2 instructor_ppt_ch8
Ccna sv2 instructor_ppt_ch8SalmenHAJJI1
 
5 ip security asa-partb
5 ip security asa-partb5 ip security asa-partb
5 ip security asa-partbSagarR24
 
Ccna sv2 instructor_ppt_ch5
Ccna sv2 instructor_ppt_ch5Ccna sv2 instructor_ppt_ch5
Ccna sv2 instructor_ppt_ch5SalmenHAJJI1
 
5 ip security urpf
5 ip security urpf5 ip security urpf
5 ip security urpfSagarR24
 
Deploying Secure Converged Wired, Wireless Campus
Deploying Secure Converged Wired, Wireless CampusDeploying Secure Converged Wired, Wireless Campus
Deploying Secure Converged Wired, Wireless CampusRassul Ismailov
 
5 ip security aaa
5 ip security aaa5 ip security aaa
5 ip security aaaSagarR24
 
It nv51 instructor_ppt_ch8
It nv51 instructor_ppt_ch8It nv51 instructor_ppt_ch8
It nv51 instructor_ppt_ch8newbie2019
 
5 ip security aaa and acl
5 ip security aaa and acl5 ip security aaa and acl
5 ip security aaa and aclSagarR24
 
Computer Security - CCNA Security - Lecture 2
Computer Security - CCNA Security - Lecture 2Computer Security - CCNA Security - Lecture 2
Computer Security - CCNA Security - Lecture 2Mohamed Loey
 
5 ip security dataplace security
5 ip security dataplace security5 ip security dataplace security
5 ip security dataplace securitySagarR24
 
5 ip security copp-mpp
5 ip security copp-mpp5 ip security copp-mpp
5 ip security copp-mppSagarR24
 
CCNP Switching Chapter 7
CCNP Switching Chapter 7CCNP Switching Chapter 7
CCNP Switching Chapter 7Chaing Ravuth
 
Top 13 best security practices for Azure
Top 13 best security practices for AzureTop 13 best security practices for Azure
Top 13 best security practices for AzureRadu Vunvulea
 
Business Cloud Adoption models in Canada
Business Cloud Adoption models in CanadaBusiness Cloud Adoption models in Canada
Business Cloud Adoption models in CanadaCisco Canada
 

Similar to Ccna sv2 instructor_ppt_ch3 (20)

Ccna security v2 instructor_ppt_ch10
Ccna security v2 instructor_ppt_ch10Ccna security v2 instructor_ppt_ch10
Ccna security v2 instructor_ppt_ch10
 
Ccna sv2 instructor_ppt_ch9
Ccna sv2 instructor_ppt_ch9Ccna sv2 instructor_ppt_ch9
Ccna sv2 instructor_ppt_ch9
 
012 2 ccna sv2-instructor_ppt_ch9
012 2 ccna sv2-instructor_ppt_ch9012 2 ccna sv2-instructor_ppt_ch9
012 2 ccna sv2-instructor_ppt_ch9
 
Ccna sv2 instructor_ppt_ch7
Ccna sv2 instructor_ppt_ch7Ccna sv2 instructor_ppt_ch7
Ccna sv2 instructor_ppt_ch7
 
CCNASv2_InstructorPPT_CH2.pptx
CCNASv2_InstructorPPT_CH2.pptxCCNASv2_InstructorPPT_CH2.pptx
CCNASv2_InstructorPPT_CH2.pptx
 
Ccna sv2 instructor_ppt_ch8
Ccna sv2 instructor_ppt_ch8Ccna sv2 instructor_ppt_ch8
Ccna sv2 instructor_ppt_ch8
 
Brksec 2101 deploying web security
Brksec 2101 deploying web securityBrksec 2101 deploying web security
Brksec 2101 deploying web security
 
5 ip security asa-partb
5 ip security asa-partb5 ip security asa-partb
5 ip security asa-partb
 
Ccna sv2 instructor_ppt_ch5
Ccna sv2 instructor_ppt_ch5Ccna sv2 instructor_ppt_ch5
Ccna sv2 instructor_ppt_ch5
 
5 ip security urpf
5 ip security urpf5 ip security urpf
5 ip security urpf
 
Deploying Secure Converged Wired, Wireless Campus
Deploying Secure Converged Wired, Wireless CampusDeploying Secure Converged Wired, Wireless Campus
Deploying Secure Converged Wired, Wireless Campus
 
5 ip security aaa
5 ip security aaa5 ip security aaa
5 ip security aaa
 
It nv51 instructor_ppt_ch8
It nv51 instructor_ppt_ch8It nv51 instructor_ppt_ch8
It nv51 instructor_ppt_ch8
 
5 ip security aaa and acl
5 ip security aaa and acl5 ip security aaa and acl
5 ip security aaa and acl
 
Computer Security - CCNA Security - Lecture 2
Computer Security - CCNA Security - Lecture 2Computer Security - CCNA Security - Lecture 2
Computer Security - CCNA Security - Lecture 2
 
5 ip security dataplace security
5 ip security dataplace security5 ip security dataplace security
5 ip security dataplace security
 
5 ip security copp-mpp
5 ip security copp-mpp5 ip security copp-mpp
5 ip security copp-mpp
 
CCNP Switching Chapter 7
CCNP Switching Chapter 7CCNP Switching Chapter 7
CCNP Switching Chapter 7
 
Top 13 best security practices for Azure
Top 13 best security practices for AzureTop 13 best security practices for Azure
Top 13 best security practices for Azure
 
Business Cloud Adoption models in Canada
Business Cloud Adoption models in CanadaBusiness Cloud Adoption models in Canada
Business Cloud Adoption models in Canada
 

Recently uploaded

Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts servicesonalikaur4
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一Fs
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts servicevipmodelshub1
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Roomishabajaj13
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一Fs
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Paul Calvano
 
Complet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled PersonComplet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled Personfurqan222004
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一Fs
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Lucknow
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
Denver Web Design brochure for public viewing
Denver Web Design brochure for public viewingDenver Web Design brochure for public viewing
Denver Web Design brochure for public viewingbigorange77
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 

Recently uploaded (20)

Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
 
Complet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled PersonComplet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled Person
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
Denver Web Design brochure for public viewing
Denver Web Design brochure for public viewingDenver Web Design brochure for public viewing
Denver Web Design brochure for public viewing
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 

Ccna sv2 instructor_ppt_ch3

  • 1. CCNA Security v2.0 Chapter 3: Authentication, Authorization, and Accounting
  • 2. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 2 3.0 Introduction 3.1 Purpose of the AAA 3.2 Local AAA Authentication 3.3 Server-Based AAA 3.4 Server-Based AAA Authentication 3.5 Server-Based Authorization and Accounting 3.6 Summary
  • 3. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 3 Upon completion of this section, you should be able to: • Explain why AAA is critical to network security. • Describe the characteristics of AAA.
  • 4. Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 4
  • 5. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 5 Telnet is Vulnerable to Brute-Force Attacks
  • 6. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 6 SSH and Local Database Method
  • 7. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
  • 8. Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 8
  • 9. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 9 Local AAA Authentication Server-Based AAA Authentication
  • 10. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 10 AAA Authorization
  • 11. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 11 Types of accounting information: • Network • Connection • EXEC • System • Command • Resource AAA Accounting
  • 12. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 12 Upon completion of this section, you should be able to: • Configure AAA authentication, using the CLI, to validate users against a local database. • Troubleshoot AAA authentication that validates users against a local database.
  • 13. Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 13
  • 14. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 14 1. Add usernames and passwords to the local router database for users that need administrative access to the router. 2. Enable AAA globally on the router. 3. Configure AAA parameters on the router. 4. Confirm and troubleshoot the AAA configuration.
  • 15. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
  • 16. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 16 Example Local AAA Authentication
  • 17. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 17 Show Unique ID of a Session Display Locked Out Users Command Syntax
  • 18. Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 18
  • 19. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 19 Debug Local AAA Authentication
  • 20. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 20 Understanding Debug Output
  • 21. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 21 Upon completion of this section, you should be able to: • Describe the benefits of server-based AAA. • Compare the TACACS+ and RADIUS authentication protocols.
  • 22. Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 22
  • 23. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 23 Server-based authentication: 1. User establishes a connection with the router. 2. Router prompts the user for a username and password. 3. Router passes the username and password to the Cisco Secure ACS (server or engine) 4. The Cisco Secure ACS authenticates the user. Local authentication: 1. User establishes a connection with the router. 2. Router prompts the user for a username and password, authentication the user using a local database.
  • 24. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
  • 25. Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 25
  • 26. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
  • 27. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 27 TACACS+ Authentication Process
  • 28. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 28 RADIUS Authentication Process
  • 29. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 29 Cisco Secure ACS
  • 30. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
  • 31. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 31 Upon completion of this section, you should be able to: • Configure server-based AAA authentication, using the CLI, on Cisco routers. • Troubleshoot server-based AAA authentication.
  • 32. Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 32
  • 33. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 33 1. Enable AAA. 2. Specify the IP address of the ACS server. 3. Configure the secret key. 4. Configure authentication to use either the RADIUS or TACACS+ server.
  • 34. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 34 Server-Based AAA Reference Topology Configure a AAA TACACS+ Server
  • 35. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 35 Configure a AAA RADIUS Server
  • 36. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 36 Configure Server-Based AAA Authentication Command Syntax
  • 37. Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 37
  • 38. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 38 Troubleshooting Server-Based AAA Authentication
  • 39. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 39 Troubleshooting RADIUS Troubleshooting TACACS+
  • 40. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 40 AAA Server-Based Authentication Failure AAA Server-Based Authentication Success
  • 41. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 41 Upon completion of this section, you should be able to: • Configure server-based AAA authorization. • Configure server-based AAA accounting. • Explain the functions of 802.1x components.
  • 42. Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 42
  • 43. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 43 Authentication vs. Authorization • Authentication ensures a device or end-user is legitimate • Authorization allows or disallows authenticated users access to certain areas and programs on the network. TACACS+ vs. RADIUS • TACACS+ separates authentication from authorization • RADIUS does not separate authentication from authorization
  • 44. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 44 Example AAA Authorization Authorization Method Lists Command Syntax
  • 45. Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 45
  • 46. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
  • 47. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 47 Example AAA Accounting Accounting Method Lists Command Syntax
  • 48. Cisco Public© 2013 Cisco and/or its affiliates. All rights reserved. 48
  • 49. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 49 802.1X Message Exchange 802.1X Roles
  • 50. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 50 Command Syntax for dot1x port-control
  • 51. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
  • 52. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 52 Chapter Objectives: • Explain how AAA is used to secure a network. • Implement AAA authentication that validates users against a local database. • Implement server-based AAA authentication using TACACS+ and RADIUS protocols. • Configure server-based AAA authorization and accounting.
  • 54. © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public 54 • Remember, there are helpful tutorials and user guides available via your NetSpace home page. (https://www.netacad.com) • These resources cover a variety of topics including navigation, assessments, and assignments. • A screenshot has been provided here highlighting the tutorials related to activating exams, managing assessments, and creating quizzes. 1 2

Editor's Notes

  1. 3.1.1.1 Authentication without AAA
  2. 3.1.1.1 Authentication without AAA
  3. 3.1.1.2 AAA Components
  4. 3.1.2.1 Authentication Modes
  5. 3.1.2.2 Authorization
  6. 3.1.2.3 Accounting 3.1.2.4 Activity - Indentify the Characteristics of AAA
  7. 3.2.1.1 Authenticating Administrative Access
  8. 3.2.1.2 Authentication Methods
  9. 3.2.1.3 Default and Named Methods
  10. 3.2.1.4 Fine-Tuning the Authentication Configuration
  11. 3.2.2.1 Debug Options
  12. 3.2.2.2 Debugging AAA Authentication
  13. 3.3.1.1 Comparing Local AAA and Server-Based AAA Implementations
  14. 3.3.1.2 Introducing Cisco Secure Access Control System
  15. 3.3.2.1 Introducing TACACS+ and RADIUS
  16. 3.3.2.2 TACACS+ Authentication
  17. 3.3.2.3 RADIUS Authentication
  18. 3.3.2.4 Integration of TACACS+ and ACS
  19. 3.3.2.5 Integration of AAA with Active Directory 3.3.2.6 Video - Integration of AAA with Identity Service Engine 3.3.2.7 Activity - Identify the AAA Communication Protocol
  20. 3.4.1.1 Steps for Configuring Server-Based AAA Authentication with CLI
  21. 3.4.1.2 Configuring the CLI for TACACS+ Servers
  22. 3.4.1.3 Configuring the CLI for RADIUS Servers
  23. 3.4.1.4 Configure Authentication to Use the AAA Server Syntax Checker - Configure Server-Based AAA Authentication
  24. 3.4.2.1 Monitoring Authentication Traffic
  25. 3.4.2.2 Debugging TACACS+ and RADIUS
  26. 3.4.2.2 Debugging TACACS+ and RADIUS (Cont.) 3.4.2.3 Video Demonstration: Configure a Cisco Router to Access a AAA RADIUS Server
  27. 3.5.1.1 Introduction to Server-Based AAA Authorization
  28. 3.5.1.2 AAA Authorization Configuration with CLI
  29. 3.5.2.1 Introduction to Server-Based AAA Accounting
  30. 3.5.2.2 AAA Accounting Configuration with CLI Syntax Checker - Configure AAA Accounting
  31. 3.5.3.1 Security Using 802.1X Port-Based Authentication
  32. 3.5.3.2 802.1X Port Authorization State
  33. 3.5.3.3 Configuring 802.1X Syntax Checker - Configure 802.1X Port-Authentication on a 2960 Switch 3.6.1.1 Packet Tracer - Configure Authentication on Cisco Routers 3.6.1.2 Lab - Securing Administrative Access Using AAA and RADIUS
  34. 3.6.1.1 Packet Tracer - Configure Authentication on Cisco Routers 3.6.1.2 Lab - Securing Administrative Access Using AAA and RADIUS 3.6.1.3 Summary
  35. https://www.netacad.com