Cisco Cookbook by Kevin Dooley, Ian Brown

Many network administrators do only the minimum when it comes to setting up user access to their routers. This is sufficient in networks where there are no serious security issues, and only a small number of people ever want or need to access the router. But, unfortunately, not every administrator can be quite so cavalier.

Most of the recipes in this chapter discuss methods for securing access to routers through important measures such as assigning usernames and passwords, controlling access-line parameters, handling remote access protocols, and affecting privileges of users and commands.

There are several important prerequisites for this discussion. You should understand what VTYs and access lines are. You should also have knowledge of user and command privilege levels. These topics are discussed in Chapters Chapter 4 and Chapter 13 of Cisco IOS In A Nutshell (O’Reilly).

We discuss best practices and provide a number of valuable recommendations in this chapter. We recommend referring to the National Security Agency (NSA) router security documents for more information. This extremely useful set of recommendations covers many different types of systems, including Cisco routers. You can download the Cisco section of this document from http://www.nsa.gov/snac/cisco.

Many examples in this chapter make limited use of Cisco’s advanced authentication methodology called Authentication, Authorization, and Accounting (AAA). In this ...