You are previewing Network Warrior, 2nd Edition.

Network Warrior, 2nd Edition

Cover of Network Warrior, 2nd Edition by Gary A. Donahue Published by O'Reilly Media, Inc.
  1. Network Warrior
    1. Preface
      1. Who Should Read This Book
      2. Conventions Used in This Book
      3. Using Code Examples
      4. We’d Like to Hear from You
      5. Safari® Books Online
      6. Acknowledgments
    2. 1. What Is a Network?
    3. 2. Hubs and Switches
      1. Hubs
      2. Switches
    4. 3. Autonegotiation
      1. What Is Autonegotiation?
      2. How Autonegotiation Works
      3. When Autonegotiation Fails
      4. Autonegotiation Best Practices
      5. Configuring Autonegotiation
    5. 4. VLANs
      1. Connecting VLANs
      2. Configuring VLANs
    6. 5. Trunking
      1. How Trunks Work
      2. Configuring Trunks
    7. 6. VLAN Trunking Protocol
      1. VTP Pruning
      2. Dangers of VTP
      3. Configuring VTP
    8. 7. Link Aggregation
      1. EtherChannel
      2. Cross-Stack EtherChannel
      3. Multichassis EtherChannel (MEC)
      4. Virtual Port Channel
    9. 8. Spanning Tree
      1. Broadcast Storms
      2. MAC Address Table Instability
      3. Preventing Loops with Spanning Tree
      4. Managing Spanning Tree
      5. Additional Spanning Tree Features
      6. Common Spanning Tree Problems
      7. Designing to Prevent Spanning Tree Problems
    10. 9. Routing and Routers
      1. Routing Tables
      2. Route Types
      3. The IP Routing Table
      4. Virtual Routing and Forwarding
    11. 10. Routing Protocols
      1. Communication Between Routers
      2. Metrics and Protocol Types
      3. Administrative Distance
      4. Specific Routing Protocols
    12. 11. Redistribution
      1. Redistributing into RIP
      2. Redistributing into EIGRP
      3. Redistributing into OSPF
      4. Mutual Redistribution
      5. Redistribution Loops
      6. Limiting Redistribution
    13. 12. Tunnels
      1. GRE Tunnels
      2. GRE Tunnels and Routing Protocols
      3. GRE and Access Lists
    14. 13. First Hop Redundancy
      1. HSRP
      2. HSRP Interface Tracking
      3. When HSRP Isn’t Enough
      4. Nexus and HSRP
      5. GLBP
    15. 14. Route Maps
      1. Building a Route Map
      2. Policy Routing Example
    16. 15. Switching Algorithms in Cisco Routers
      1. Process Switching
      2. Interrupt Context Switching
      3. Configuring and Managing Switching Paths
    17. 16. Multilayer Switches
      1. Configuring SVIs
      2. Multilayer Switch Models
    18. 17. Cisco 6500 Multilayer Switches
      1. Architecture
      2. CatOS Versus IOS
      3. Installing VSS
    19. 18. Cisco Nexus
      1. Nexus Hardware
      2. NX-OS
      3. Nexus Iconography
      4. Nexus Design Features
    20. 19. Catalyst 3750 Features
      1. Stacking
      2. Interface Ranges
      3. Macros
      4. Flex Links
      5. Storm Control
      6. Port Security
      7. SPAN
      8. Voice VLAN
      9. QoS
    21. 20. Telecom Nomenclature
      1. Telecom Glossary
    22. 21. T1
      1. Understanding T1 Duplex
      2. Types of T1
      3. Encoding
      4. Framing
      5. Performance Monitoring
      6. Alarms
      7. Troubleshooting T1s
      8. Configuring T1s
    23. 22. DS3
      1. Framing
      2. Line Coding
      3. Configuring DS3s
    24. 23. Frame Relay
      1. Ordering Frame Relay Service
      2. Frame Relay Network Design
      3. Oversubscription
      4. Local Management Interface
      5. Configuring Frame Relay
      6. Troubleshooting Frame Relay
    25. 24. MPLS
    26. 25. Access Lists
      1. Designing Access Lists
      2. ACLs in Multilayer Switches
      3. Reflexive Access Lists
    27. 26. Authentication in Cisco Devices
      1. Basic (Non-AAA) Authentication
      2. AAA Authentication
    28. 27. Basic Firewall Theory
      1. Best Practices
      2. The DMZ
      3. Alternate Designs
    29. 28. ASA Firewall Configuration
      1. Contexts
      2. Interfaces and Security Levels
      3. Names
      4. Object Groups
      5. Inspects
      6. Managing Contexts
      7. Failover
      8. NAT
      9. Miscellaneous
      10. Troubleshooting
    30. 29. Wireless
      1. Wireless Standards
      2. Security
      3. Configuring a WAP
      4. Troubleshooting
    31. 30. VoIP
      1. How VoIP Works
      2. Small-Office VoIP Example
      3. Troubleshooting
    32. 31. Introduction to QoS
      1. Types of QoS
      2. QoS Mechanics
      3. Common QoS Misconceptions
    33. 32. Designing QoS
      1. LLQ Scenario
      2. Configuring the Routers
      3. Traffic-Shaping Scenarios
    34. 33. The Congested Network
      1. Determining Whether the Network Is Congested
      2. Resolving the Problem
    35. 34. The Converged Network
      1. Configuration
      2. Monitoring QoS
      3. Troubleshooting a Converged Network
    36. 35. Designing Networks
      1. Documentation
      2. Naming Conventions for Devices
      3. Network Designs
    37. 36. IP Design
      1. Public Versus Private IP Space
      2. VLSM
      3. CIDR
      4. Allocating IP Network Space
      5. Allocating IP Subnets
      6. IP Subnetting Made Easy
    38. 37. IPv6
      1. Addressing
      2. Simple Router Configuration
    39. 38. Network Time Protocol
      1. What Is Accurate Time?
      2. NTP Design
      3. Configuring NTP
    40. 39. Failures
      1. Human Error
      2. Multiple Component Failure
      3. Disaster Chains
      4. No Failover Testing
      5. Troubleshooting
    41. 40. GAD’s Maxims
      1. Maxim #1
      2. Maxim #2
      3. Maxim #3
    42. 41. Avoiding Frustration
      1. Why Everything Is Messed Up
      2. How to Sell Your Ideas to Management
      3. When to Upgrade and Why
      4. Why Change Control Is Your Friend
      5. How Not to Be a Computer Jerk
    43. Index
    44. About the Author
    45. Colophon
O'Reilly logo

Chapter 26. Authentication in Cisco Devices

Authentication refers to the process of verifying a user’s identity. When a router challenges you for a login username and password, this is an example of authentication.

Authentication in Cisco devices is divided into two major types: normal and AAA (Authentication, Authorization, and Auditing).

Basic (Non-AAA) Authentication

Non-AAA authentication is the basic authentication capability built into a router or other network device’s operating system. Non-AAA authentication does not require access to an external server. It is very simple to set up and maintain, but lacks flexibility and scalability. Using locally defined usernames as an example, each username needs to be configured locally in the router. Imagine a scenario where a single user might connect to any of a number of devices, such as at an ISP. The user configurations would have to be maintained across all devices, and the ISP might have tens of thousands of users. With each user needing a line of configuration in the router, the configuration for the router would be hundreds of pages long.

Normal authentication is good for small-scale authentication needs or as a backup to AAA.

Line Passwords

Lines are logical or physical interfaces on a router that are used for management of the router. The console and aux port on a router are lines, as are the logical VTY interfaces used for Telnet and SSH. Configuring a password on a line is a simple matter of adding it with the password command: ...

The best content for your career. Discover unlimited learning on demand for around $1/day.