The syntax for a method list is as follows:
aaa type { default | list-name} method-1 [ method-2 method-3 method-4]
Given the AAA command: aaa authentication login default group radius local
In the above command:
1. AAA type is authentication login
2. The named list is the default one (default).
3. There are two authentication methods (group radius and local).
All users are authenticated using the Radius server (the first method). If the Radius server doesn't respond, then the router's local database is used (the second method). For local authentication, define the username and password: username xxx password yyy
This protocol can collects and manipulate valuable network information from switches, routers, servers, printers, and other network-attached devices.
An SNMP-managed network consists of two components:
Network management station (NMS): the software which runs on the administrative computer. This software gathers SNMP data by requiring the devices on the network to disclose certain information. Devices can also inform the NMS about problems they are experiencing by sending an SNMP alert (called a trap).
Agent: the software which runs on managed devices and reports information via SNMP to the NMS.
SNMP agents use a UDP port 161, while the manager uses a UDP port 162. The current SNMP version is SNMPv3. The prior versions, SNMPv1 and SNMPv2 are considered obsolete.
The following security levels and encryption are available in SNMPv3:
NoAuthNoPriv - Uses only User Name for authentication and no encryption or privacy.
AuthNoPriv - Provides authentication based on the Hashed Message Authentication Code (HMAC)- MD5 or HMAC-SHA algorithms
AuthPriv - Provides authentication based on the HMAC-MD5 or HMAC-SHA algorithms. In addition to authentication, provides DES 56-bit encryption based on the Cipher Block Chaining (CBC)-DES (DES-56) standard.
IPv6 First-Hop Security Features
1. Router Advertisement (RA) Guard: is a feature that analyzes RAs and can filter out unwanted RAs from unauthorized devices.
2. DHCP guard: The DHCPv6 Guard feature blocks reply and advertisement messages that come from unauthorized DHCP servers and relay agents.
3. Binding Table: The binding table is a database that lists IPv6 neighbors that are connected to a device.
4. IPv6 neighbor discovery inspection/snooping: It is a feature that learns and populates the binding table for stateless auto-configuration addresses.
5. Source guard:IPv6 Source Guard is a Layer 2 snooping interface feature for validating the source of IPv6 traffic. If the traffic arriving on an interface is from an unknown source, IPv6 Source Guard can block it.
6. It is likely that the DHCP information available with the client workstation had become obsolete. Issuing "ipconfig" command with /release and /renew commands will enable the client workstation to obtain latest changes to the DHCP server.