Summary

 

The administrative and management tools discussed in this chapter, which are summarized in the following list, are the final pieces of basic IOS configuration that are necessary to configure the ZIP network. In the next chapter, you can see complete configurations for all Cisco IOS devices on the network.

  • Access control of network devices through authentication, authorization, and accounting procedures (AAA) generally is advised. Two access control protocols commonly used with the Cisco IOS are RADIUS and TACACS+.

  • Cisco IOS devices have the capability to log messages about system activity. Messages are classed into eight levels of severity, and you can stipulate the minimum level of severity of the message to be logged, as well as the location to which the logged messages are sent.

  • Network management applications can collect information about and change the behavior of network devices. SNMP is the standard network management protocol.

  • For optimal use of SNMP, use different community strings for RO and RW access, and use an access list to limit the number of hosts that can query your IOS devices via SNMP. Also, configure your SNMP agent to send Traps about all technologies that are active in the device.

  • The system clock for a Cisco IOS device can be set manually, by the NTP, or by the SNTP.

Table 7-2. Summary of Configuration Commands for Administration and Management
Command Description
aaa accounting Enables accounting on a specific client.
aaa authentication Enables authentication on a specific client.
aaa authorization Enables authorization on a specific client.
aaa new-model Enables all AAA services in the Cisco IOS.
aaa server- group Defines the AAA server group.
access-class access-list in Line subcommand. Specifies an access list for inbound terminal line access.
access-class access-list out Line subcommand. Specifies an access list for outbound terminal line access.
calendar set Manually sets the date on the system clock.
clock calendar-valid Makes the calendar date and time together a valid source of time for other IOS functions.
clock set Manually sets the time on the system clock.
clock summer-time recurring Sets the daylight saving time zone.
clock timezone Manually sets the time zone for the IOS device.
crypto key generate rsa Generates the RSA key pair used for the encryption of the session between an SSH server and client. Enables the SSH server on all virtual terminal lines.
crypto key zeroize rsa Removes the RSA key pair used for the encryption of the session between an SSH server and client. Disables the SSH server on all virtual terminal lines.
ip ssh Enables the SSH server.
ip tcp intercept list access-list Specifies an IP extended access list that defines the TCP connections relevant to the TCP intercept feature.
ip tcp intercept mode {intercept watch} Sets the TCP intercept mode to intercept or watch connections.
ip tcp intercept watch-timeout seconds Specifies the number of seconds before resetting a TCP session that is watched and not established.
ip verify unicast reverse- path An interface subcommand for enabling unicast RPF.
line console 0 A major command for configuration of console line parameters.
line vty start end A major command for configuration of virtual terminal lines numbered from start to end.
logging buffered size Specifies the size, in bytes, of the internal device buffer.
logging location level Specifies the logging of messages at and more severe than the indicated level to the specified location.
ntp access-group Limits the type of NTP associations an IOS device can have to the types defined in an IP access list.
ntp broadcast Configures an interface to broadcast NTP messages to a given LAN segment.
ntp broadcast client Configures an interface to listen to NTP broadcasts.
ntp peer Configures a peer association between two NTP-configured devices.
ntp server Configures a server association between an IOS device and an NTP-configured device.
ntp update-calendar Periodically synchronizes the calendar of a 7000-series router to the NTP calendar.
password password Specifies the line subcommand password.
radius-server host Specifies the RADIUS server with which an IOS client communicates.
radius-server key Configures a secret string for communication encryption between a RADIUS server and the Cisco IOS.
server AAA server subcommand. Defines IP addresses of servers in the AAA server group.
service password-encryption Configures the IOS device to encrypt all passwords in EXEC command output.
service timestamps type Configures the IOS device to add timestamps to log and debug messages.
snmp-server community Configures a community string for security purposes on an SNMP agent.
snmp-server contact Configures a text string to give as the contact of the IOS device.
snmp-server host Specifies the IP address and community string of the manager to which Traps should be sent.
snmp-server location Configures a text string to give as the location of the IOS device.
sntp broadcast client Configures the SNTP process on a router to listen to NTP broadcasts.
sntp server Configures SNTP to request and accept packets from configured servers.
tacacs-server host Configures the TACACS+ server with which an IOS client communicates.
tacacs-server key Configures a secret string for communication encryption between a TACACS+ server and the Cisco IOS.
Table 7-3. Summary of EXEC Commands for Administration and Management
Command Description
show clock Displays the current date and time as known by the system clock.
show calendar Displays the current date and time as known by the system calendar on Cisco 7000 series routers.
show crypto key mypubkey rsa Displays the RSA public key used by SSH for encryption.
show ip ssh Displays the current SSH sessions on the device.
show logging Describes the current logging status of the device.
show ntp associations Displays the current NTP associations and their current states.
show ntp status Displays the current status of NTP on the IOS device.
show snmp Shows SNMP statistics for the SNMP agent on the IOS device.
show sntp Displays the status of SNTP on the IOS device.
show tcp intercept connections Displays the current incomplete and established TCP sessions.
show tcp intercept statistics Displays statistics for the TCP intercept feature.


Cisco Router Configuration
Cisco Router Configuration (2nd Edition)
ISBN: 1578702410
EAN: 2147483647
Year: 1999
Pages: 116

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net