RE: CISCO Catalyst



To create a user:

Router> enable
Router# conf t
Router(config)# username MYUSER password MYPASSWORD (optionally specify
privilege level)

To log commands issued, you need a TACACS+ or RADIUS server and need to
enable aaa accounting:

Router(config)# aaa new-model
Router(config)# aaa accounting commands 0 MYACCTLIST
Router(config)# aaa accounting commands 15 MYACCTLIST
Router(config)# aaa accounting exec MYACCTLIST
Router(config)# aaa accounting config-commands MYACCTLIST (you may not
have this option)
Router(config)# line vty 0 15
Router(config)# accounting commands 0 MYACCTLIST
Router(config)# accounting commands 15 MYACCTLIST
Router(config)# accounting exec MYACCTLIST
Router(config)# accounting config-commands MYACCTLIST
Router(config)# radius-server host 123.123.123.123 key RADIUSPASSWORD

To specify password options:

Router(config)# security authentication failure rate 3
Router(config)# security password min-length 8

Keep in mind, based on your IOS level, you may or may not have the same
commands/syntax that I do. Just issue a '?' if you get stuck and use
the context-sensitive help.

Hope this helps!

Aaron T. Rohyans
IT Coordinator
IDC-USA
arohyans@xxxxxxxxxxx


-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of pepsdiaz@xxxxxxxxx
Sent: Wednesday, January 23, 2008 4:27 AM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: CISCO Catalyst


Dear all,

I need to audit a CISCO Catalyst 6509 and 2950. I would like to know, if
you can set up several users in order log their activities on it and how
to do that.
Besides, I would like to know if you can set up password protection
measures like:
- Change password periodically.
- Lenght of password
- Historical of password

Can you set up more than one user role or just the administrator?

Thanks in advance to everybody.




______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________