Router security

Configuring Cisco Router For SDM
Create user account on router
(confing)#username kamal secret cisco
(config)#username kamal privilage 15
Enable HTTP/HTTPS servers
(config)#ip http secure-server
(config)#ip http authentication local (local means use local database for user name and password)
Configuring vty lines
(config)#line vty 0 4
(config-line)#privilage level 15
(config-line)#login local (local means use local database for user name and password)

Configuring a router For AAA:
R1(config)#user name kamal password dell
R1(config)#aaa new-model
R1(config)#aaa authentication login login_rules local
R1(config)#line vty 0 4
R1(config-line)# login authentication login_rules
 Now jump on router R2 and try to telnet R1 and provide the username and password we configure on R1.there are no. of options under username kamal ? to assign different attributes to this user when telnet to R1.
Configuring Views for different access levels:
R1(config)#aaa new-model
R1#enable view (must have enable password set)(it is the root view until name is not assign)
R1(config-view)#parser view showmode
R1(config-view)#secret cisco
R1(config-view)#commands exec include show ip interface
R1(config-view)#commands exec include ping
R1(config)#parser view helpdesk
R1(config-view)#secret cisco
R1(config-view)#commands exec include show
R1(config-view)#commands exec include configure
R1(config-view)#commands configure  include all interface

Now enabling the view :
R1#enable view helpdesk
password:
R1#? will show u only those commands which are allowed in view helpdesk.
to go back to root view type enable view and hit enter