https://community.cisco.com/t5/network-access-control/aaa/m-p/1118111#M368862 <HTML><HEAD></HEAD><BODY><P>ARP request is a broadcast to local hosts by the router, seeking the MAC address of a host with known IP address. So, when the ARP request goes through a PtP, the action is refered as a gratuitous ARP, Yes?</P></BODY></HTML> Wed, 31 Dec 2008 18:45:14 GMT saidfrh 2008-12-31T18:45:14Z https://community.cisco.com/t5/network-access-control/aaa/m-p/1118104#M368855 <P>The sh run on the router displays 'no aaa new-model'. SSH has been activated with users authenticating with local data base. Why is the router showing 'no aaa new-model'? </P><P>How can we secure a server on the LAN using AAA? </P><P></P> Sun, 10 Mar 2019 23:15:36 GMT https://community.cisco.com/t5/network-access-control/aaa/m-p/1118104#M368855 saidfrh 2019-03-10T23:15:36Z https://community.cisco.com/t5/network-access-control/aaa/m-p/1118105#M368856 <HTML><HEAD></HEAD><BODY><P>You can use SSH and the local user database w/o AAA, it isn't required. </P><P></P><P><B>How can we secure a server on the LAN using AAA? </B></P><P>Can you explain this further?</P></BODY></HTML> Wed, 31 Dec 2008 17:52:51 GMT https://community.cisco.com/t5/network-access-control/aaa/m-p/1118105#M368856 Collin Clark 2008-12-31T17:52:51Z https://community.cisco.com/t5/network-access-control/aaa/m-p/1118106#M368857 <HTML><HEAD></HEAD><BODY><P>On another note, could you explain what 'no ip source-route' refers to? Is the above to prevent routing loops, routing updates can not send back to port that update was received from?</P></BODY></HTML> Wed, 31 Dec 2008 18:04:59 GMT https://community.cisco.com/t5/network-access-control/aaa/m-p/1118106#M368857 saidfrh 2008-12-31T18:04:59Z https://community.cisco.com/t5/network-access-control/aaa/m-p/1118107#M368858 <HTML><HEAD></HEAD><BODY><P>IP source routing allows the sender of an IP packet to control the route that packet will take to reach the destination endpoint. By default, IP source routing is disabled on the routers and should only be enabled if your network needs call for it.</P><P></P><P><B>routing updates can not send back to port that update was received from?</B></P><P>That's called split-horizon</P></BODY></HTML> Wed, 31 Dec 2008 18:11:58 GMT https://community.cisco.com/t5/network-access-control/aaa/m-p/1118107#M368858 Collin Clark 2008-12-31T18:11:58Z https://community.cisco.com/t5/network-access-control/aaa/m-p/1118108#M368859 <HTML><HEAD></HEAD><BODY><P>Here are some commands that you might want to enter to increase the security and usability of your devices.</P><P></P><P></P><P>no service pad</P><P>no service config</P><P>no service finger</P><P>no ip icmp redirect</P><P>no ip bootp server</P><P>no ip identd</P><P>no ip finger</P><P>no ip gratuitous-arps</P><P>no ip source-route</P><P>service sequence-numbers</P><P>service tcp-keepalives-in</P><P>service tcp-keepalives-out</P><P>no service udp-small-servers</P><P>no service tcp-small-servers</P><P>service timestamps debug datetime localtime show-timezone</P><P>service timestamps log datetime localtime show-timezone</P><P>service password-encryption</P><P></P></BODY></HTML> Wed, 31 Dec 2008 18:33:29 GMT https://community.cisco.com/t5/network-access-control/aaa/m-p/1118108#M368859 Collin Clark 2008-12-31T18:33:29Z https://community.cisco.com/t5/network-access-control/aaa/m-p/1118109#M368860 <HTML><HEAD></HEAD><BODY><P>What does ip gratuitous-arps refer to? </P></BODY></HTML> Wed, 31 Dec 2008 18:37:43 GMT https://community.cisco.com/t5/network-access-control/aaa/m-p/1118109#M368860 saidfrh 2008-12-31T18:37:43Z https://community.cisco.com/t5/network-access-control/aaa/m-p/1118110#M368861 <HTML><HEAD></HEAD><BODY><P>A Cisco router will send out a gratuitous ARP message when a client connects and negotiates an address over a PPP connection. This transmission occurs even when the client receives the address from a local address pool. By default it's off, but we like to make sure by entering the command.</P></BODY></HTML> Wed, 31 Dec 2008 18:40:33 GMT https://community.cisco.com/t5/network-access-control/aaa/m-p/1118110#M368861 Collin Clark 2008-12-31T18:40:33Z https://community.cisco.com/t5/network-access-control/aaa/m-p/1118111#M368862 <HTML><HEAD></HEAD><BODY><P>ARP request is a broadcast to local hosts by the router, seeking the MAC address of a host with known IP address. So, when the ARP request goes through a PtP, the action is refered as a gratuitous ARP, Yes?</P></BODY></HTML> Wed, 31 Dec 2008 18:45:14 GMT https://community.cisco.com/t5/network-access-control/aaa/m-p/1118111#M368862 saidfrh 2008-12-31T18:45:14Z https://community.cisco.com/t5/network-access-control/aaa/m-p/1118112#M368863 <HTML><HEAD></HEAD><BODY><P>Actually the router sends ARPs on behalf of the device.</P></BODY></HTML> Wed, 31 Dec 2008 18:50:28 GMT https://community.cisco.com/t5/network-access-control/aaa/m-p/1118112#M368863 Collin Clark 2008-12-31T18:50:28Z