2.8 Network Device Management Access

Question 1

What is Telnet used for in network device management?

Answer 1

For remote Command Line Interface access.

(CLI)

Telnet transmits data in plaintext, which poses a security risk as usernames, passwords, and commands can be intercepted.

Question 2

Define:

SSH (Secure Shell)

Answer 2

A secure protocol for remote CLI access.

SSH encrypts communication, making it more secure than Telnet, which transmits data in plaintext.

Question 3

What are the key differences between SSH and Telnet?

Answer 3

• SSH encrypts data; Telnet does not.
• SSH is more secure than Telnet.
• SSH uses port 22; Telnet uses port 23.

SSH is the preferred protocol for secure remote device management.

Question 4

True or False:

A network device can only be managed via one protocol at a time.

Answer 4

False

Devices can support multiple management protocols, but it is best practice to disable insecure ones like Telnet in favor of more secure options like SSH.

Question 5

Fill in the blank:

The default port used by Telnet for remote access is ________.

Answer 5

23

Telnet uses port 23 by default to facilitate remote access. It operates in plaintext, meaning all traffic, including credentials, can be intercepted without encryption.

Question 6

List the process of configuring SSH on a Cisco device.

Answer 6

1. Set a domain name
2. Generate RSA keys
3. Enable the SSH server
4. Configure user authentication

SSH configuration ensures secure access and prevents unauthorized remote login.

Question 7

What is the primary security risk associated with using Telnet?

Answer 7

It sends all data, including usernames and passwords, as clear-text data.

Telnet is generally considered insecure and should be replaced by more secure protocols like SSH, which encrypts communication to protect sensitive data from unauthorized access.

Question 8

What method is used to access the graphical interface of a WLC?

Answer 8

HTTP/HTTPS

HTTP and HTTPS protocols are used for web-based access to the WLC’s graphical user interface, with HTTPS providing encryption.

Question 9

True or False:

HTTP is considered secure for remote management of network devices.

Answer 9

False

HTTP sends data in plaintext, while HTTPS provides encrypted, secure communication for web-based device management.

Question 10

Why is encryption important for protocols like SSH and HTTPS?

Answer 10

It secures data from unauthorized interception.

Without encryption, sensitive information such as passwords and configuration details can be exposed.

Question 11

What is the primary function of TACACS+?

(Terminal Access Controller Access-Control System Plus)

Answer 11

It is used for authentication, authorization, and accounting.

TACACS+ provides centralized control over device access.

Question 12

What is the primary function of RADIUS?

Answer 12

It is used for network access authentication and authorization.

RADIUS (Remote Authentication Dial-In User Service) is widely used for managing access to network devices, but it combines authentication and authorization, unlike TACACS+.

Question 13

List the benefits of using TACACS+ over RADIUS.

Answer 13

1. Granular control.
2. Encryption of the entire payload.
3. Separate authentication, authorization, and accounting.

TACACS+ provides more security and flexibility compared to RADIUS, which is simpler but less secure.

Question 14

True or False:

RADIUS provides more detailed logging than TACACS+.

Answer 14

False

TACACS+ offers more detailed accounting logs, whereas RADIUS provides basic authentication and accounting logs.

Question 15

List the steps to configure RADIUS authentication on a network device.

Answer 15

1. Define the RADIUS server IP.
2. Set a shared secret.
3. Configure RADIUS settings.
4. Test authentication.

RADIUS enables centralized user authentication and authorization for network access.

Question 16

Fill in the blank:

A console port provides ______, out-of-band access.

Answer 16

local

The console port is typically used for initial configuration or troubleshooting when network access is unavailable.

Question 17

Define:

What is a cloud-managed device?

Answer 17

A device managed via a cloud-based platform.

Cloud management centralizes control and enables remote configuration, offering scalability and flexibility across distributed networks.

Question 18

What are the two modes of operation in the CLI?

Answer 18

User EXEC mode and Privileged (Enable) mode

User EXEC mode allows basic commands, while Privileged mode allows powerful commands.

Question 19

Fill in the blank:

To switch from User EXEC mode to Privileged mode, enter the command ________.

Answer 19

enable

The “enable” command switches you to Privileged mode, where you can execute configuration commands.

Question 20

Fill in the blank:

The command used to reboot a Cisco switch from the CLI is ________.

Answer 20

reload

The “reload” command is executed in Privileged mode and is typically used to apply changes or reboot the device for recovery.

Question 21

What does the command ‘enable secret <password>‘ do?

Answer 21

Defines the password required to access Privileged mode.

The “enable secret” command sets an encrypted password for Privileged mode, offering more security than the “enable password.”

Question 22

True or False:

The WebUI allows direct configuration and CLI access for verification.

Answer 22

True

The WebUI provides a graphical interface for configuring network devices and can allow CLI access for advanced settings.

Question 23

What tool can be used to assist with command recall in the CLI?

Answer 23

? (question mark)

The ”?” command provides context-sensitive help, listing valid commands or options in the current CLI mode.

Question 24

How does pressing the Tab key assist in command entry?

Answer 24

It completes the rest of the command.

The Tab key is a time-saving feature that auto-completes commands or parameters once enough characters have been typed.