Foundation Summary

The Foundation Summary is a collection of tables that provides a convenient review of many key concepts in this chapter. If you are already comfortable with the topics in this chapter, this summary can help you recall a few details. If you just read this chapter, this review should help solidify some key facts. If you are doing your final preparation before the exam, these tables and figures are a convenient way to review the day before the exam.

Table 17-2. AAA Configuration Commands
Task	Command Syntax
Enable AAA on a switch	aaa new-model
Use local authentication	username username password password
Define individual authentication servers	radius-server host {hostname \| ip-address} [key string] tacacs-server host {hostname \| ip-address} [key string]
Define a group of authentication servers	aaa group server {radius \| tacacs+} group-name server ip-address
Define a list of authentication methods to try	aaa authentication login {default \| list-name} method1 [method2 ...]
Apply an authentication method list to a line	login authentication {default \| list-name}
Define a list of authorization methods to try	aaa authorization {commands \| config-commands \| configuration \| exec \| network \| reverse-access} {default \| list-name} method1 [method2 ...]
Apply an authorization method list to a line	authorization {commands level \| exec \| reverse-access} {default \| list-name}
Define a list of accounting methods to try	aaa accounting {system \| exec \| commands level} {default \| list-name} {start-stop \| stop-only \| wait-start \| none} method1 [method2...]
Apply an accounting method list to a line	accounting {commands level \| connection \| exec} {default \| list-name}

Table 17-3. Port Security Configuration Commands
Task	Command Syntax
Enable port security on an interface	switchport port-security
Set the maximum number of learned addresses	switchport port-security maximum max-addr
Define a static MAC address	switchport port-security mac-address mac-addr
Define an action to take	switchport port-security violation {shutdown \| restrict \| protect}

Table 17-4. Port-Based Authentication Configuration Commands
Task	Command Syntax
Define a method list for 802.1x	aaa authentication dot1x {default \| list-name} method1 [method2 ...]
Globally enable 802.1x	dot1x system-auth-control
Define the 802.1x behavior on a port	dot1x port-control {force-authorized \| force-unauthorized \| auto}
Support more than one host on a port	dot1x multi-hosts

Table 17-5. DHCP Snooping Configuration Commands
Task	Command Syntax
Globally enable DHCP snooping	ip dhcp snooping
Define a trusted interface	ip dhcp snooping trust
Limit the interface DHCP packet rate	ip dhcp snooping limit rate rate

Table 17-6. Dynamic ARP Inspection Configuration Commands
Task	Command Syntax
Enable DAI on a VLAN	ip arp inspection vlan vlan-range
Define a trusted interface	ip arp inspection trust
Define a static ARP inspection binding	arp access-list acl-name permit ip host sender-ip mac host sender-mac [log]
Apply static ARP inspection bindings	ip arp inspection filter arp-acl-name vlan vlan-range [static]
Validate addresses within ARP replies	ip arp inspection validate {[src-mac] [dst-mac] [ip]}

Table 17-2. AAA Configuration Commands

Table 17-3. Port Security Configuration Commands

Table 17-4. Port-Based Authentication Configuration Commands

Table 17-5. DHCP Snooping Configuration Commands

Table 17-6. Dynamic ARP Inspection Configuration Commands