Command Authorization; Protection From Tcp Tiny And Overlapping Fragment Attacks - Dell Force10 MXL Blade Configuration Manual
Configuration guide for the mxl 10/40gbe switch io module
Hide thumbs
Also See for Force10 MXL Blade:
- Reference manual (732 pages) ,
- Deployment manual (89 pages) ,
- Getting started manual (38 pages)
Table of Contents
Advertisement
To delete a TACACS+ server host, use the
freebsd2# telnet 2200:2200:2200:2200:2200::2202
Trying 2200:2200:2200:2200:2200::2202...
Connected to 2200:2200:2200:2200:2200::2202.
Escape character is '^]'.
Login: admin
Password:
FTOS#
FTOS#
Command Authorization
The AAA command authorization feature configures FTOS to send each configuration command to a
TACACS server for authorization before it is added to the running configuration.
By default, the AAA authorization commands configure the system to check both the EXEC mode and
CONFIGURATION mode commands. To enable only EXEC mode command checking, use the
authorization config-commands
If rejected by the AAA server, the command is not added to the running config, and messages similar to
Message 1
are displayed.
Message 1 Configuration Command Rejection
04:07:48: %RPM0-P:CP %SEC-3-SEC_AUTHORIZATION_FAIL: Authorization failure
authorization failed for user (denyall) on vty0 ( 10.11.9.209 )
Protection from TCP Tiny and Overlapping Fragment
Attacks
Tiny and overlapping fragment attack is a class of attack where configured ACL entries—denying TCP
port-specific traffic—can be bypassed, and traffic can be sent to its destination although denied by the
ACL. RFC 1858 and 3128 proposes a countermeasure to the problem. This countermeasure is configured
into the stack units and enabled by default.
no tacacs-server host
command.
{
|
} command.
hostname
ip-address
Command
no aaa
Security | 493
- Quick Links:
- Accessing the Command Line
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
