Cisco Catalyst 6880-X Specifications download pdf (Page 29)

Access Layer April 2014

Step 8: Enable Simple Network Management Protocol (SNMP) in order to allow the network infrastructure

devices to be managed by a Network Management System (NMS), and then configure SNMPv2c both for a

read-only and a read-write community string.

snmp-server community [SNMP RO name] RO

snmp-server community [SNMP RW name] RW

Step 9: If your network operational support is centralized, you can increase network security by using an access

list to limit the networks that can access your device. In this example, only devices on the 10.4.48.0/24 network

will be able to access the device via SSH or SNMP.

access-list 55 permit 10.4.48.0 0.0.0.255

line vty 0 15

access-class 55 in

snmp-server community [SNMP RO name] RO 55

snmp-server community [SNMP RW name] RW 55

The Cisco Catalyst 3650 and 3850 Series Switches have an additional keyword to be added to the access-

class, which allows console access from other switch members to not be affected.

line vty 0 15

access-class 55 in vrf-also

If you configure an access-list on the vty interface, you may lose the ability to use SSH

to log in from one device to the next for hop-by-hop troubleshooting.

Caution

Step 10: Configure local login and password.

The local login account and password provide basic device access authentication to view platform operation.

The enable password secures access to the device configuration mode. By enabling password encryption, you

prevent the use of plain text passwords when viewing configuration files. The aaa new-model command enables

new access control commands and functions, and causes the local username and password on the router to be

used in the absence of other AAA statements.

username admin password [password]

enable secret [secret password]

service password-encryption

aaa new-model

By default, https access to the switch uses the enable password for authentication.

Step 11: If you want to reduce operational tasks per device, configure centralized user authentication by using

the TACACS+ protocol to authenticate management logins on the infrastructure devices to the authentication,

authorization and accounting (AAA) server.

As networks scale in the number of devices to maintain, there is an operational burden to maintain local user

accounts on every device. A centralized AAA service reduces operational tasks per device and provides an audit

log of user access for security compliance and root cause analysis. When AAA is enabled for access control, all

management access to the network infrastructure devices (SSH and HTTPS) is controlled by AAA.

1 2 ... 24 25 26 27 28 29 30 31 32 33 34 ... 110 111

No comments

Cisco Catalyst 6880-X Specifications Page 29