couple of questions

Hi all

I'm currently reading the official Cisco security book, and have encountered a few problems on chapter 4 configuring AAA (well chapter 3 as well)

I now have the basics of configuring Authentication ok, its the Autorisation and Acounting
that is getting to me, how much of this stuff do we really need to know. And if anyone could actually point me to link where it is explained a bit better would be a great help.
I also have the lab book but it does not seem to mention or show any configurations for authorisation or accounting at all.

also i have configured role-based command-line interface views but why bother as when you initially log on the normal view (privilege level 1) has more commands so why would i want to enable a view.
let me clarify that, say i create a view called helpdesk and limit it to what i only want the helpdesk to be able to see, i give this view a password but when they log on to the router before they enable my restricted view "helpdesk" they already have more commands available to them so why would they want to enable a certain view.Not unless you are able to restrict the default view but the book or lab manual dont seem to cover this or maybe i have missed it.

any help welcome
thanks stephen

Find more posts tagged with

Comments

hodgey87

Stephen,

I was in pretty much the same position as you, I wanted to know about configuring all of AAA, but it looks like you just need to know configure the authorization part for the CCNA:Security and the rest follows on the CCSP track. I still learnt the theory on all 3 parts though. I you want a real in depth look into AAA you may want to look at one of the CCSP books but i dont know to much about those.

I have the same question about those views they dont really make sense to me at the minute, I assume you can maybe issue a certain view i.e. your helpdesk one if someone logs in with a certain username and password but im not too sure.

topstar

hi hodgey87

Ever have one of them days were nothing goes right. Well that where I'm at now, I usually find just messing around with the routers (and banging my head of the wall a few times helps a lot). I think your right about only really needing to know about the authentication part and having an understanding about the other two.

The book appears to be typical for Cisco, usually making it appear harder than it needs to be. Can't wait till Todd Lammle's book comes out later this year. As for the view methods If anyone can clarify that issue for us it would be a great help.

thanks for the reply
stephen

JavonR

topstar wrote: »

also i have configured role-based command-line interface views but why bother as when you initially log on the normal view (privilege level 1) has more commands so why would i want to enable a view.
let me clarify that, say i create a view called helpdesk and limit it to what i only want the helpdesk to be able to see, i give this view a password but when they log on to the router before they enable my restricted view "helpdesk" they already have more commands available to them so why would they want to enable a certain view.Not unless you are able to restrict the default view but the book or lab manual dont seem to cover this or maybe i have missed it.

You can assign views to specific users like this:

username test view helpdesk secret cisco

when the user "test" now logs in, it should **** them into the helpdesk view you created. Hope that helps.

hodgey87

topstar wrote: »

hi hodgey87

Ever have one of them days were nothing goes right. Well that where I'm at now, I usually find just messing around with the routers (and banging my head of the wall a few times helps a lot). I think your right about only really needing to know about the authentication part and having an understanding about the other two.

The book appears to be typical for Cisco, usually making it appear harder than it needs to be. Can't wait till Todd Lammle's book comes out later this year. As for the view methods If anyone can clarify that issue for us it would be a great help.

thanks for the reply
stephen

Yeh i have had many of those days

It hasnt been to bad with this security stuff so far, but the CCNA i had many of them. I usually just mess around with the routers aswell, its always good practice for troubleshooting. Im not to keen on the ciscopress book to be honest. I find the cbtnuggets fantastic Jeremy covers just enough for this exam. Im definately glad i got these.

Thanks for clarifying that JavonR i thought it was something along those lines

topstar

Thank's for making that clear Javonr, the book only explains how to create them not really how to use them. Must now see if i can find some decent info about aaa

Thanks
stephen

_________________________
Are you going to bark all day little doggie, or are you going to bite?