Device Management / Security Flashcards Preview

My ICND2 > Device Management / Security > Flashcards

Flashcards in Device Management / Security Deck (12)
Loading flashcards...
1
Q

What is TACACS+ commonly used for?

A

Controlling administrator access or network devices. It’s not commonly used for end user access. That’s what RADIUS is for.

2
Q

What is Cisco’s AAA server called?

A

ISE - Identity Services Engine

3
Q

What is the difference between a:

  1. SNMP Manager
  2. SNMP Agent
A
  • *SNMP Manager** is the server that gathers the data
  • *SNMP Agent** runs on the device that is monitored/managed.
4
Q

Data Variables on SNMP managed devices are organized in:

A

MIBs - Management Information Base

5
Q

What direction can SNMP information flow?

A

Gets - Server asked device for data
Traps - Device pushes data to server

6
Q

Difference between:

  1. SNMPv2c
  2. SNMPv3
A

SNMPv3 supports strong authentication and encryption

7
Q

Config steps for SNMPv2:

A

R1(config)# snmp-server community public ro
R1(config)# snmp-server community private rw

R1(config)# snmp-server host 10.0.0.100 pulbic
R1(config)# snmp-server enable trap config (or some other type of message)

8
Q

What are the 3 SNMPv3 security levels?

A
  1. NoAuthnoPriv - No authentication password. the username functions as the community string
  2. AuthNoPriv - password authentication is used. authentication is encrypticed but device data traffic is not
  3. AuthPriv - Passwords authentication is used. All communications are encrypted.
9
Q

Config steps for SNMPv3:

A

R1(config)# snmp-server group USERGROUP v3 priv <- this will provide full read only access to this device to those users

Then need to configure users to a group:

R1(config)# snmp-server user USERNAME USERGROUP v3 auth md5 AuthenticationPASSWORD priv aes 256 EncryptionPASSWORD

10
Q

What are the default permissions when SNMPv3 is configured on a device?

A
  • Read All
  • Write Nothing
  • No trap notifications
11
Q

Steps to configure a span port on a switch

A

SW1(config)# monitor session 1 source vlan 1 both or
SW1(config)# monitor session 1 source interface fast 0/1 rx

SW1(config)# monitor session 1 destination interfast fast 0/2

12
Q

Command to view active span monitoring sessions?

A

SW1# show monitor