https://en.wikipedia.org/wiki/Calculus
Saturday 26 September 2015
1. line vty 0 15
2. login authentication
3. username admin pri 15 admin
4. aaa authentication login default local
5. aaa authorization exec default local
6. aaa new-model
Problems of AAA if without using / assigning command's point 5: any user that successfully login into a router will be placed into user mode (>) not into priviliged exec mode(#).
2. login authentication
3. username admin pri 15 admin
4. aaa authentication login default local
5. aaa authorization exec default local
6. aaa new-model
Problems of AAA if without using / assigning command's point 5: any user that successfully login into a router will be placed into user mode (>) not into priviliged exec mode(#).
Friday 25 September 2015
Every user on the same privilege level can access/execute same set of command.
By default every command in cisco is assigned level 1 dan 15.
Level 0 ada tapi jarang digunakan. Level 0 includes following five commands:
Contoh misi:
Kamu mau membatasi perintah yang tersedia untuk user yang terhubung ke suatu port hanya ke Telnet. Kamu bisa melakukan dengan ini:
1. Mengkonfigurasi port itu ke privilege level 0
2. Menurunkan level privilige perintah Telnet ke level 0
1. Configuring a username privilege
By default every command in cisco is assigned level 1 dan 15.
Level 0 ada tapi jarang digunakan. Level 0 includes following five commands:
- disable
- enable
- exit
- help
- logout
Contoh misi:
Kamu mau membatasi perintah yang tersedia untuk user yang terhubung ke suatu port hanya ke Telnet. Kamu bisa melakukan dengan ini:
1. Mengkonfigurasi port itu ke privilege level 0
2. Menurunkan level privilige perintah Telnet ke level 0
1. Configuring a username privilege
Thursday 24 September 2015
Studi tentang Exec modes
Exec modes ada 2:
1. User exec mode
2. Privillege exec mode
Tiap mode exec bisa di proteksi:
Proteksi user exec mode username dan password.
Proteksi privillege exec mode itu enable secret/ enable password.
Tingkat privillege / privillege level
Tingkat privilege ada: 1 - 15.
User exec mode default privillege level 1
Default privilege level privillege exec mode 15.
Commands
Tiap command memiliki level privillege.
Privillege mode include all user exec mode
You can move command to any privilege level
Human is privilege level 1. God is privilege level 15.
1. User exec mode
2. Privillege exec mode
Tiap mode exec bisa di proteksi:
Proteksi user exec mode username dan password.
Proteksi privillege exec mode itu enable secret/ enable password.
Tingkat privillege / privillege level
Tingkat privilege ada: 1 - 15.
User exec mode default privillege level 1
Default privilege level privillege exec mode 15.
Commands
Tiap command memiliki level privillege.
Privillege mode include all user exec mode
You can move command to any privilege level
Human is privilege level 1. God is privilege level 15.
Wednesday 23 September 2015
Debug type
- Event
- for example: debug ip dhcp server events
- Packet
- for example: debug ip dhcp server packet
Study tentang TACACS+
Fakta
1. Kamu bisa melakukan AAA dengan TACACS+ atau RADIUS.2. Jika kamu melakukan AAA dengan TACACS+ konfigurasi ada di 2 sisi. Di sisi raspberry pi sebagai tacacs+ server dan di sisi router sebagai tacacs+ client.
3. Tacacs tidak bisa di running jika konfigurasi (di file /etc/tacacs+) masih syntax error
4. Sebelum belajar tacacs ada baiknya belajar username secret local database(database di dalam router) disini.
5. Tacacs dan local database berbeda cara pandang so be aware.
1. Di sisi Raspberry Pi:
1. $ sudo apt-get install tacacs+2. $ sudo nano /etc/tacacs+/tacacs_plus.conf
3. Tambah user profile:
user = cisco {
default service = permit
login = cleartext class
}
4. exit keluar dari line
5. $ service tacacs_plus restart; every time configuration has change, restart.
2. Di sisi router
1. aaa new-model2. aaa authentication login group tacacs+ enable
3. tacacs server host 192.168.1.2 key testing123
4. test aaa group tacacs+ cisco class legacy
Viewing
Note that: after you assign aaa authori
pi@raspberrypi /var/log $ sudo tail -f /var/log/tac_plus.acct
Wed Sep 23 17:38:53 2015 192.168.1.1 cisco tty8 192.168.1.16 start task_id=203 timezone=UTC service=shell start_time=1443029265
Wed Sep 23 17:39:23 2015 192.168.1.1 cisco tty8 192.168.1.16 stop task_id=203 timezone=UTC service=shell start_time=1443029265 disc-cause=1 disc-cause-ext=9 pre-session-time=4 elapsed_time=31stop_time=1443029296
Wed Sep 23 17:39:36 2015 192.168.1.1 cisco tty8 192.168.1.16 start task_id=204 timezone=UTC service=shell start_time=1443029309
Ayo buat user yang tidak memilki permit
user = aloha {
login = cleartext butbut
}
User ini dipastikan tidak bisa memasukan username dan password.
Ayo kemudian tambahkan command cmd
Troubleshooting script steps:
1. Pertama cek apakah user tersebut masuk kedalam sebuah/suatu group?
2. Cek
Subscribe to:
Posts (Atom)