From: Scott Morris (swm@emanon.com)
Date: Fri Dec 30 2005 - 12:49:47 GMT-3
There are a number of new features that can be found by cruising through
things. Obviously if you are searching this for the first time in the
middle of your lab, things may get a little hairy on time management! Prior
to the lab, you should be at least vaguely familiar with the layout of the
CD. Know generally where to find things, and be comfortable with the master
indices as well.
Otherwise, this should be an exercise in logic of narrowing things down.
1. How do we set up parameters for logins?
a. Under the VTY ports (use ? Here, or look at system management
and terminal services on the CD)
b. Under the username command (the ? Should be sufficient)
c. Under an AAA process (use ? Or the DocCD under Security
configuration)
2. Look at the rest of the requirements for your lab. I'm going to assume
that other information indicates you should use AAA (the "local user" part
helped here). The username command allows you to set a limit to the number
of simultaneous logins a user can have, but nothing about the number of
failed attempts.
3. So we've narrowed that down to an AAA thing. Now, quite simply, go use
"aaa ?" and you'll see a list of stuff. Most options don't help, but your
concern has to do with authentication, so "aaa authentication ?" next.
There's a really cool option there called attempts! "aaa authentication
attempts ?" gives one parameter. "aaa authentication attempts login 4"
would be a good starting point. But all this does is kill the session at
hand, it doesn't lock anything out.
4. The "locked out" part causes pause. For how long? Forever? There are
options in the ACS server we can do to trigger an account to he locked out
forever, but not in the local user database. With 12.3, there are some new
global commands that can give a time period. "login ?" should help you with
this, and you'll find the "login block-for" command that may help as well.
That actually locks out ALL logins for 'x' # of seconds. This is designed
to prevent dictionary-based access attacks on your router, it's not really
designed to punish individual users. This is actually a 12.3(T)4 command,
which means it will not be on most routers in your lab (running 12.3
mainline). The one(s) running 12.4 mainline code will have that command
available.
5. It may be good to ask the proctor for more clarification on that (or
re-read the surrounding requirements in that section).
So run through the logic of what the surrounding point on your scenario are
(this typically gives context), and start using the ? To help. The DocCD
can come second, but you should have had plenty of experience with it ahead
of time! If you are blindly searching for things, you'll waste lots of
time. If you have structure to your search and you know the layout, that
will help!
Searching the new features is often a pain in the ass! You can go up to the
next level (12.4) or search the New Features section of the 12.3 docs
specifically. Again, vague familiarity from searching through things before
you get to your lab adds to your experience level!
HTH,
Scott
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Anthony Sequeira
Sent: Thursday, December 29, 2005 8:41 PM
To: Cisco certification
Subject: Strategy Discussion: Finding a New Feature on the DOC-CD
Hope all in the group are well......here is a strategy question I need to
pose.....
Let's say you are in the exam and you come across a task that you believe
must be one of the new features of 12.3 or 12.4 because you are VERY
familiar with the 12.2 documentation and you just know that this task cannot
be accomplished with ANYTHING in there. Here is a bad example - but an
example nonetheless:
9.0 Security
9.1 You want to configure it so that a local user account BIGLOSER password
BADPASSWORD will be locked out of the router should this user attempt to log
in more than four times with a bad username or password.
My question is - what is a good strategy for searching the new feature
documentation for this feature?
It seems like there is a sea of New Features links in both 12.3 and 12.4that
you would need to look through to find the document that goes with this new
feature!
Can someone shed some light on the correct approach here? Perhaps my example
can be used to demonstrate the logic of the search for the right link?
Thanks in advance!
This archive was generated by hypermail 2.1.4 : Mon Jan 09 2006 - 07:07:52 GMT-3