12-31-2008 09:37 AM - edited 03-10-2019 04:15 PM
The sh run on the router displays 'no aaa new-model'. SSH has been activated with users authenticating with local data base. Why is the router showing 'no aaa new-model'?
How can we secure a server on the LAN using AAA?
Solved! Go to Solution.
12-31-2008 09:52 AM
You can use SSH and the local user database w/o AAA, it isn't required.
How can we secure a server on the LAN using AAA?
Can you explain this further?
12-31-2008 10:11 AM
IP source routing allows the sender of an IP packet to control the route that packet will take to reach the destination endpoint. By default, IP source routing is disabled on the routers and should only be enabled if your network needs call for it.
routing updates can not send back to port that update was received from?
That's called split-horizon
12-31-2008 09:52 AM
You can use SSH and the local user database w/o AAA, it isn't required.
How can we secure a server on the LAN using AAA?
Can you explain this further?
12-31-2008 10:04 AM
On another note, could you explain what 'no ip source-route' refers to? Is the above to prevent routing loops, routing updates can not send back to port that update was received from?
12-31-2008 10:11 AM
IP source routing allows the sender of an IP packet to control the route that packet will take to reach the destination endpoint. By default, IP source routing is disabled on the routers and should only be enabled if your network needs call for it.
routing updates can not send back to port that update was received from?
That's called split-horizon
12-31-2008 10:33 AM
Here are some commands that you might want to enter to increase the security and usability of your devices.
no service pad
no service config
no service finger
no ip icmp redirect
no ip bootp server
no ip identd
no ip finger
no ip gratuitous-arps
no ip source-route
service sequence-numbers
service tcp-keepalives-in
service tcp-keepalives-out
no service udp-small-servers
no service tcp-small-servers
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
12-31-2008 10:37 AM
What does ip gratuitous-arps refer to?
12-31-2008 10:40 AM
A Cisco router will send out a gratuitous ARP message when a client connects and negotiates an address over a PPP connection. This transmission occurs even when the client receives the address from a local address pool. By default it's off, but we like to make sure by entering the command.
12-31-2008 10:45 AM
ARP request is a broadcast to local hosts by the router, seeking the MAC address of a host with known IP address. So, when the ARP request goes through a PtP, the action is refered as a gratuitous ARP, Yes?
12-31-2008 10:50 AM
Actually the router sends ARPs on behalf of the device.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide