We are planned to Implement command restrictions for different users in our Cisco Routers, Switches and ASA. For testing purpose, we have already hardened one of our router using privilege level commands. Its working fine, but for that we have to take all the EXEC, Configuration mode commands from that router and segregated it based on user needs. Just now, we got some glance about RBAC which was different from privilege levels. So our Questions are,
What is the difference between Privilege level and RBAC?
Comparing RBAC with Privilege levels, which is best one with respect to security?
Is RBAC supported in Cisco ASA devices?
For RBAC also, we should take note of all the commands and segregate it?
In Configuration Point of view, which is better one?
to partially answer your question, role based cli access is a lot more granular than privilege levels, that is, you can define specific commands you want your users to be able to execute, as opposed to privilege levels, which have a subset of commands that you cannot customize.
It is (obviously) a lot more tedious to set up role based access, but if you really want to control what your users are allowed and have access to, I would prefer that over privilege levels...
To optimize the database description (DBD) packet exchange between two OSPF neighbors, use the compatible rfc5243 in router configuration mode or address family configuration mode for OSPFv3 AF. To disable RFC5243 optimization, use the no form of this com...
We said always that OSPF is a link-state routing protocol.For most engineer stuying CCNA or CCNP, OSPF is misunsdertanding.In reality, OSPF is a link-state routing protocol only within an area (intra-area); but almost a distance-vector routing protocol be...
A brief difference between ISIS and OSPF link state protocolsISIS and OSPF belongs to the same routing protocol family Link State, but if you study the two routing protocols, you will find several differences, in this article you will get the answer about...
The OSPF Type-2 LSA is one of the misunderstanding LSA among all the popular LSAs in OSPF , most people learns that this kind of LSA (Type-2) is generated by DR the Designated Router in a broadcast segment, for example when two or more than two routers ar...
Table of Contents
RADIUS has been the de-facto protocol for Remote Access Authentication for decades. RADIUS/UDP as defined by RFC 2865 has traditionally used MD5 for authentication and integrity. Unfortunately, successful attacks ...