Security | 935To delete a TACACS+ server host, use the no tacacs-server host {hostname | ip-address} command.Command AuthorizationThe AAA command authorization feature configures FTOS to send each configuration command to aTACACS server for authorization before it is added to the running configuration.By default, the AAA authorization commands configure the system to check both EXEC mode andCONFIGURATION mode commands. Use the command no aaa authorization config-commands to enableonly EXEC mode command checking.If rejected by the AAA server, the command is not added to the running config, and messages similar toMessage 1 are displayed.Protection from TCP Tiny and Overlapping FragmentAttacksTiny and overlapping fragment attack is a class of attack where configured ACL entries—denying TCPport-specific traffic—can be bypassed, and traffic can be sent to its destination although denied by theACL. RFC 1858 and 3128 proposes a countermeasure to the problem. This countermeasure is configuredinto the line cards and enabled by default.SCP and SSHSecure Shell (SSH) is a protocol for secure remote login and other secure network services over aninsecure network. FTOS is compatible with SSH versions 1.5 and 2, both the client and server modes. SSHsessions are encrypted and use authentication.Message 1 Configuration Command Rejection04:07:48: %RPM0-P:CP %SEC-3-SEC_AUTHORIZATION_FAIL: Authorization failure Commandauthorization failed for user (denyall) on vty0 ( 10.11.9.209 )freebsd2# telnet 2200:2200:2200:2200:2200::2202Trying 2200:2200:2200:2200:2200::2202...Connected to 2200:2200:2200:2200:2200::2202.Escape character is '^]'.Login: adminPassword:FTOS#FTOS#