Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
20 Cards in this Set
- Front
- Back
What benefits are there to using ACS with 802.1x?
|
accounting and auditing of users on the LAN strong authentication with multiple technologies Flexible policy assignments - VLANs Granular control of supplicants
|
|
What are the maximum number of users for ACS?
|
No theoretical limit, tested with well over 100,000 users
|
|
What is the maximum number of AAA clients supported in ACS?
|
depending on platform, up-to 10,000
|
|
What are some useful debug commands?
|
debug tacacs+ < tacacs info such as unsuccessful logins debug radius < radius client/server info debug aaa authentication debug aaa authorization
|
|
What are MARs in the ACS environment?
|
Machine Access Restrictions - verify the Windows computer has had machine level authentication within a certain period of time, or reduce access
|
|
What are NAFs in the ACS environment?
|
Another way to apply restrictions based on network name, NDG or IP address.
|
|
What are NAPs in the ACS environment?
|
Network Access Profiles - classify requests based on network location, membership in NDG (network device group), protocol type, radius attrib and apply different policies based on NAP
|
|
How do you configure AAA server groups?
|
conf taaa group server radius LOGINSERVER server 10.0.0.14 auth-port 1812 acct-port 1813
|
|
What command is used to set the AAA authentication for a method list?
|
aaa authentication (login, ppp, dot1x, etc) (default, name) METHODLIST admin authentication login group radius local
|
|
What command is used to set the AAA authorization for a method list?
|
aaa authorization (auth-proxy, network, exec, commands LEVEL) (default, name) METHODLIST aaa authorization network default group radius
|
|
What command is used to seth the AAA accounting for a method list?
|
aaa accounting (auth-proxy, system, network, exec, connection, commands LEVEL) (default NAME) [vrf NAME] (start-stop, stop-only, none) [broadcase] group NAME aaa accounting network start-stop group radius
|
|
What are the Cisco ACS Services installed as part of the application?
|
CSAdmin - provides web interface for ACS Server CSAuth - Authentication and Authorization service, also ACS database manager CSDBSync - sync to 3rd party RDMBS CSLog - capture and store logging CSMonitor - detect protocols in use CSTacas and CS Radius - communicate with CSAuth module for authentication
|
|
What port is used to access the ACS Admin page?
|
http 2002
|
|
What is available in the main navigation bar?
|
User Setup Group Setup Shared Profile Components Network Configuration System Configuration Interface Configuration Administrative Control External User DB Posture Validation Network Access Profiles Reports and Activity Online Documentation
|
|
What ports are important for ACS?
|
RADIUS Authen/Author - UDP 1645, 1812Radius Acct - UDP 1646, 1813 TACACS+ - TCP 49 ACS DB Rep, Sync - TCP 2000 User-Change pass app - TCP 2000 Logging - TCP 2001 Admin ACS - tcp 2002
|
|
What tasks are accomplished in the Shared Profile Components section of ACS?
|
create shell command authorization setsconfiguration downloadable ACLs
|
|
What is configured from the Network Configuration section of ACS?
|
AAA clients and groups
|
|
What is configured under Interface Configuration section of ACS?
|
User data config (fields in user list)TACACS+ and RADIUS Settings
|
|
What is used to determine the NAP that a connection is checked against?
|
the AAA client the request is coming from (NDG or IP)Protocol type - AAA client vendor typesRADIUS attribute-value pairs
|
|
What is required in a NAP?
|
Authentication RuesPosture validation rulesAuthorization rules
|