Security Basics mailing list archives

RE: CISCO Catalyst

From: "Aaron T. Rohyans" <arohyans () idc-usa com>
Date: Wed, 23 Jan 2008 11:05:42 -0500

To create a user:

Router> enable
Router# conf t
Router(config)# username MYUSER password MYPASSWORD (optionally specify
privilege level)

To log commands issued, you need a TACACS+ or RADIUS server and need to
enable aaa accounting:

Router(config)# aaa new-model
Router(config)# aaa accounting commands 0 MYACCTLIST
Router(config)# aaa accounting commands 15 MYACCTLIST
Router(config)# aaa accounting exec MYACCTLIST
Router(config)# aaa accounting config-commands MYACCTLIST (you may not
have this option)
Router(config)# line vty 0 15
Router(config)# accounting commands 0 MYACCTLIST
Router(config)# accounting commands 15 MYACCTLIST
Router(config)# accounting exec MYACCTLIST
Router(config)# accounting config-commands MYACCTLIST
Router(config)# radius-server host 123.123.123.123 key RADIUSPASSWORD

To specify password options:

Router(config)# security authentication failure rate 3
Router(config)# security password min-length 8

Keep in mind, based on your IOS level, you may or may not have the same
commands/syntax that I do.  Just issue a '?' if you get stuck and use
the context-sensitive help.

Hope this helps!

Aaron T. Rohyans
IT Coordinator
IDC-USA
arohyans () idc-usa com


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of pepsdiaz () gmail com
Sent: Wednesday, January 23, 2008 4:27 AM
To: security-basics () securityfocus com
Subject: CISCO Catalyst


Dear all,

I need to audit a CISCO Catalyst 6509 and 2950. I would like to know, if
you can set up several users in order log their activities on it and how
to do that.
Besides, I would like to know if you can set up password protection
measures like:
 - Change password periodically.
 - Lenght of password
 - Historical of password

Can you set up more than one user role or just the administrator?

Thanks in advance to everybody.




______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

Current thread:

CISCO Catalyst pepsdiaz (Jan 23)
- RE: CISCO Catalyst Worrell, Brian (Jan 23)
  - Re: CISCO Catalyst Leif Hardison (Jan 23)
- Re: CISCO Catalyst Andrea Gatta (Jan 23)
- RE: CISCO Catalyst Erik Soosalu (Jan 23)
- Re: CISCO Catalyst Gou, S.TOKIDA (Jan 23)
- Re: CISCO Catalyst a42n8k9 dejazzd.com (Jan 23)
- RE: CISCO Catalyst Aaron T. Rohyans (Jan 23)
- R: CISCO Catalyst Vega - Brunello Ivan (Jan 23)
  - RE: CISCO Catalyst Worrell, Brian (Jan 23)
  - Re: R: CISCO Catalyst Jens Link (Jan 23)
    - RE: R: CISCO Catalyst Erik Soosalu (Jan 23)
- Re: CISCO Catalyst brian . bevers (Jan 23)