Video 3 (Securing Infrastructure)

Enable Secret

enable secret level 15 0 cisco123

enable secret level 4 0 level4pass
Username & Priviledge Levels

username admin privilege 15 secret 0 cisco123

username user1 privilege 4 secret 0 user1pass
Locking down Access Methods

aaa local authentication attempts max-fail 3

login block-for 300 attempts 10 within 60
AAA is the acronyme for (Authentication-Authorization-Accounting)

aaa new-model
aaa authentication login default local
aaa authorization exec default local
Line console 0

password cisco 123

login / login local
Line vty 0 15

password cisco123
login / login local
Line aux 0

password cisco123
login / login local
The sequential commands:

enable secret level 15 0 cisco123

username admin privilege 15 secret 0 cisco123
username user1 privilege 4 secret 0 user1pass
Sequential command to set up CCP
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa authentication login CON-AUTHEN group tacacs+ enable
aaa authorization exec CON-AUTHOR none

show and other commands:

show run debug aaa authentication

show ip int brief debug aaa authorization
show privilege do clear aaa local user lockout all
show alias
show aaa local user lockout
show ssh

Note & Tips

Create alias => (config) alias exec c config t

Min password length => security min-length 8
Number of password failure => aaa local authentication attempts max-fail 3
login block-for 300 attempts 10 within 60 (block for 300 seconds the account if 10 attempts fail
within 60 sec)

Technology (http https) ssh:

ip domain name mycomoany.com

crypto key generate rsa modulus 1024
ip http server
Sequential command to set up ssh
ip http secure-server
ip authentication local
line vty 0 4
transport input ssh