Filter
Top Products
Next, you must specify a routing protocol: in this case, Enhanced Interior Gateway Routing Protocol
(EIGRP). To do so, use the following command:
router eigrp 2
The last step is to apply the configured access list. Use the distribute−list command to interface g0/0 to filter
outbound traffic from network 192.129.0.0:
distribute−list 2 out g0/0
Security at the Access Layer
The Access layer has very few policies to apply. The switches at this layer should rely on port−level security
and passwords required on the network interfaces. The Access layer policy controls physical access to the
components of the network. Physical access involves the following:
Configuring users and passwords on the physical devices•
Limiting Telnet access•
Limiting access to network switches by implementing privilege levels•
Configuring banner messages•
Securing physical devices•
Implementing port security•
Managing VLANs•
Configuring Passwords
Passwords can be configured on every access method to a Cisco Catalyst switch, by the VTY line, console,
Web access, and auxiliary (AUX) ports.
Limiting Telnet Access
VTY access can be secured with a password—but when a careless administrator walks away from a
logged−in Telnet session, the door is open with full access to the entire network. This situation allows anyone
to access the open Telnet session and bring the network to its knees.
To lower the chances for this type of vulnerability, you may want to configure a time−out condition and apply
it to unused VTY sessions. Cisco IOS calculates unused sessions in seconds or minutes, depending on the IOS
version. Should the session not receive a character input from the administrator’s session for the configured
amount of time, the session is closed, and the administrator using the session is logged out.
Implementing Privilege Levels
Privilege levels can be assigned to limit switch users’ abilities to perform certain commands or types of
commands. You can configure two types of levels in the IOS: user levels and privilege levels. A user level
allows a user to perform a subset of commands that does not allow for configuration changes or debug
functions. A privilege level, on the other hand, allows the user to use all the available commands, including
configuration change commands.
You can assign a user 16 different levels, from level 0 to level 15. Level 1 is set to User EXEC mode by
default. This level gives the user very limited access, primarily to show commands. Level 15 defaults to the
Privileged EXEC mode, which gives the user full access to all configuration commands in the IOS (including
the debug command).
261