Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

AAA

The sh run on the router displays 'no aaa new-model'. SSH has been activated with users authenticating with local data base. Why is the router showing 'no aaa new-model'?

How can we secure a server on the LAN using AAA?

2 ACCEPTED SOLUTIONS

Accepted Solutions

Re: AAA

You can use SSH and the local user database w/o AAA, it isn't required.

How can we secure a server on the LAN using AAA?

Can you explain this further?

Re: AAA

IP source routing allows the sender of an IP packet to control the route that packet will take to reach the destination endpoint. By default, IP source routing is disabled on the routers and should only be enabled if your network needs call for it.

routing updates can not send back to port that update was received from?

That's called split-horizon

8 REPLIES

Re: AAA

You can use SSH and the local user database w/o AAA, it isn't required.

How can we secure a server on the LAN using AAA?

Can you explain this further?

New Member

Re: AAA

On another note, could you explain what 'no ip source-route' refers to? Is the above to prevent routing loops, routing updates can not send back to port that update was received from?

Re: AAA

IP source routing allows the sender of an IP packet to control the route that packet will take to reach the destination endpoint. By default, IP source routing is disabled on the routers and should only be enabled if your network needs call for it.

routing updates can not send back to port that update was received from?

That's called split-horizon

Re: AAA

Here are some commands that you might want to enter to increase the security and usability of your devices.

no service pad

no service config

no service finger

no ip icmp redirect

no ip bootp server

no ip identd

no ip finger

no ip gratuitous-arps

no ip source-route

service sequence-numbers

service tcp-keepalives-in

service tcp-keepalives-out

no service udp-small-servers

no service tcp-small-servers

service timestamps debug datetime localtime show-timezone

service timestamps log datetime localtime show-timezone

service password-encryption

New Member

Re: AAA

What does ip gratuitous-arps refer to?

Re: AAA

A Cisco router will send out a gratuitous ARP message when a client connects and negotiates an address over a PPP connection. This transmission occurs even when the client receives the address from a local address pool. By default it's off, but we like to make sure by entering the command.

New Member

Re: AAA

ARP request is a broadcast to local hosts by the router, seeking the MAC address of a host with known IP address. So, when the ARP request goes through a PtP, the action is refered as a gratuitous ARP, Yes?

Re: AAA

Actually the router sends ARPs on behalf of the device.

346
Views
0
Helpful
8
Replies
CreatePlease to create content