444
Chapter 11
Access Policies
Router(config)#ip http authentication ?
enable Use enable passwords
local Use local username and passwords
tacacs Use tacacs to authorize user
Router(config)#ip http authentication local
Router(config)#
User tlammle can now use a network browser to log in and manage a Cisco
device.
Password security for HTTP access is similar to password security for
console and Telnet access. The following commands can be used for login
authentication:
enable
Indicates that the enable password should be used. This is the
default if nothing is specified.
local
Indicates that the local user database is used for authentication.
tacacs
Indicates that a tacacs server is used for authentication.
Access Layer Policy
T
he access layer is where users gain access to the internetwork. If you
want total security, you can unplug their workstations from the switch, but
that's not usually possible. You need to both allow users to gain access to
corporate services and secure your internetwork. Not an easy task. The big-
gest threat is users going into a network closet and just plugging into an
access layer switch. Always lock the closet in which the network equipment
is located.
However, by managing the MAC address table, you can manage port
security on access layer switches, which allows you to protect your internet-
work from a user plugging a device into the switch.
Managing the MAC Address Table
Do you remember how bridges and switches filter a network? They use
MAC (hardware) addresses burned into a host's network interface card
Copyright ©2000 SYBEX , Inc., Alameda, CA
www.sybex.com