PT Activity: Configure AAA Authentication on Cisco Routers

Similar documents
PT Activity: Configuring a Zone-Based Policy Firewall (ZPF)

Packet Tracer - Configure Cisco Routers for Syslog, NTP, and SSH Operations (Instructor Version)

CCNA Security 1.0 Student Packet Tracer Manual

Lab - Examining Telnet and SSH in Wireshark

Teacher s Reference Manual

Lab 7 Configuring Basic Router Settings with IOS CLI

Lab Using the CLI to Gather Network Device Information Topology

CCNA Security Instructor Packet Tracer Manual

Lab AAA Authorization and Accounting

Lab Configuring and Verifying Extended ACLs Topology

Lab 5.6b Configuring AAA and RADIUS

4(b): Assign the IP address on the Serial interface of Router. Console Cable

Packet Tracer - Configure and Verify a Site-to-Site IPsec VPN Using CLI

Examples of Cisco APE Scenarios

Lab 1.3.2: Review of Concepts from Exploration 1 - Challenge

Chapter 8: Lab B: Configuring a Remote Access VPN Server and Client

Device Interface IP Address Subnet Mask Default Gateway

Configuring Local Authentication

Lab Correcting RIPv2 Routing Problems

ICND1. Switch Configuration Lab. All configurations have been set to factory defaults for these labs

Lab Securing Network Devices

Lab 1. CLI Navigation. Scenario. Initial Configuration for R1

Lab Establishing and Verifying a Telnet Connection Instructor Version 2500

Ch6 Packet Tracer Skills Integration Challenge Topology Diagram

8.9.2 Lab: Configure an Ethernet NIC to use DHCP in Windows Vista

Lab Configuring Switch Security Features Topology

Lab Troubleshooting Basic PPP with Authentication Topology

Lab Configuring and Verifying Standard IPv4 ACLs Topology

6.5.1: Packet Tracer Skills Integration Challenge Activity Topology Diagram

Laboration 1 Examine the Topology and Basic Troubleshooting Commands

Lab Configuring 802.1Q Trunk-Based Inter-VLAN Routing (Instructor Version Optional Lab)

Lab - Securing Administrative Access Using AAA and RADIUS

Chapter 10 Configure AnyConnect Remote Access SSL VPN Using ASDM

Configuring Local Authentication and Authorization

This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and

Lab Configuring Basic RIPv2 (Solution)

Persistent Data Transfer Procedure

Telnet, Console and AUX Port Passwords on Cisco Routers Configuration Example

Lab - Building a Switch and Router Network

Skills Assessment Student Training

Lab Troubleshooting VTP Configuration

Lab 5.6.2: Challenge RIP Configuration

Configuring Cisco Prime NAM

Lab Managing Router Configuration Files with Terminal Emulation Software

Lab Configuring an ISR with SDM Express

Lecture (06) Design and Configuration LAN Practicing, working on CISCO equipment. By: Dr. Ahmed ElShafee

Lab - Configuring Basic DHCPv4 on a Router (Solution)

Configuring TACACS+ Finding Feature Information. Prerequisites for TACACS+

Lab : Challenge OSPF Configuration Lab. Topology Diagram. Addressing Table. Default Gateway. Device Interface IP Address Subnet Mask

Packet Tracer - Connect a Router to a LAN (Instructor Version)

Lab Configuring 802.1Q Trunk-Based Inter-VLAN Routing Topology

Send document comments to

Chapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM

Chapter 10 Configure Clientless Remote Access SSL VPNs Using ASDM

Lab Configuring Per-Interface Inter-VLAN Routing (Solution)

Lab Router Configuration Using Setup Instructor Version 2500

PT Activity 5.6.1: Packet Tracer Skills Integration Challenge Topology Diagram

Lab Configuring Per-Interface Inter-VLAN Routing (Instructor Version)

Configuring Basic AAA on an Access Server

Configuring Secure Shell (SSH)

TELECOMMUNICATION MANAGEMENT AND NETWORKS

Lab 9.6.3: EIGRP Troubleshooting Lab

CCNA2 Chapter 1 Practice

Lab Configuring and Verifying Standard IPv4 ACLs (Instructor Version Optional Lab)

Lab Troubleshooting RIP

Configuring a Terminal/Comm Server

Lab 2.8.2: Challenge Static Route Configuration

Lab - Configuring a Switch Management Address

Lab Command Line Fundamentals Instructor Version 2500

TACACS Device Access Control with Cisco Active Network Abstraction

Configuring Authentication, Authorization, and Accounting

NETWORK LAB 2 Configuring Switch Desktop

Chapter 10 - Configure ASA Basic Settings and Firewall using ASDM

Lab - Troubleshooting Standard IPv4 ACL Configuration and Placement Topology

Configuration Example: TACACS Administrator Access to Converged Access Wireless LAN Controllers

Lab Troubleshooting IP Address Issues Instructor Version 2500

CCNA Semester 2 labs. Labs for chapters 2 10

Troubleshooting Network analysis Software communication tests and development Education. Protocols used for communication (10 seconds capture)

Laboration 2 Troubleshooting Switching and First-Hop Redundancy

Take Assessment - CCNA 607 Certification Practice Exam - CCNA 4 WAN Technologies Version 3.1

Lab 6: Access Lists. Device Interface IP Address Subnet Mask Gateway/Clock Rate Fa 0/ R1

TACACS+ on an Aironet Access Point for Login Authentication Configuration Example

Chapter 3 Lab 3-1, Assembling Maintenance and Troubleshooting Tools

Skills Assessment Student Practice

Packet Tracer - Using Traceroute to Discover the Network (Instructor Version)

Lab : OSPF Troubleshooting Lab

Configuring and Testing Your Network

Retake - Skills Assessment Student Training (Answer Key)

Device Interface IP Address Subnet Mask R1 G0/ N/A

Lab Troubleshooting Using traceroute Instructor Version 2500

Lab Configuring IPv4 Static and Default Routes (Solution)

Checklists for Configuring the Gateway

Lab - Troubleshooting VLAN Configurations (Instructor Version Optional Lab)

Configuring Authorization

Lab Capturing and Analyzing Network Traffic

KIM DONNERBORG / RTS. Cisco Lab Øvelse Af Kim Donnerborg / RTS. Side 0 af 8

Prerequisites for Controlling Switch Access with Terminal Access Controller Access Control System Plus (TACACS+)

This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and

Configuring Lock-and-Key Security (Dynamic Access Lists)

Lab 9.6.2: Challenge EIGRP Configuration Lab

Transcription:

PT Activity: Configure AAA Authentication on Cisco Routers Instructor Version Topology Diagram Addressing Table Device Interface IP Address Subnet Mask R1 Fa0/0 192.168.1.1 255.255.255.0 S0/0/0 10.1.1.2 255.255.255.252 S0/0/0 10.1.1.1 255.255.255.252 R2 Fa0/0 192.168.2.1 255.255.255.0 S0/0/1 10.2.2.1 255.255.255.252 R3 S0/0/1 10.2.2.2 255.255.255.252 Fa0/0 192.168.3.1 255.255.255.0 TACACS+ Server NIC 192.168.2.2 255.255.255.0 RADIUS Server NIC 192.168.3.2 255.255.255.0 PC-A NIC 192.168.1.3 255.255.255.0 PC-B NIC 192.168.2.3 255.255.255.0 PC-C NIC 192.168.3.3 255.255.255.0 All contents are Copyright 1992 2012 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 5

Learning Objectives Configure a local user account on R1 and authenticate on the console and VTY lines using local AAA. Verify local AAA authentication from the R1 console and the PC-A client. Configure a server-based AAA authentication using TACACS+. Verify server-based AAA authentication from PC-B client. Configure a server-based AAA authentication using RADIUS. Verify server-based AAA authentication from PC-C client. Introduction The network topology shows routers R1, R2 and R3. Currently all administrative security is based on knowledge of the enable secret password. Your task is to configure and test local and server-based AAA solutions. You will create a local user account and configure local AAA on router R1 to test the console and VTY logins. User account: Admin1 and password admin1pa55 You will then configure router R2 to support server-based authentication using the TACACS+ protocol. The TACACS+ server has been pre-configured with the following: Client: R2 using the keyword tacacspa55 User account: Admin2 and password admin2pa55 Finally, you will configure router R3 to support server-based authentication using the RADIUS protocol. The RADIUS server has been pre-configured with the following: Client: R3 using the keyword radiuspa55 User account: Admin3 and password admin3pa55 The routers have also been pre-configured with the following: Enable secret password: ciscoenpa55 RIP version 2 Note: The console and VTY lines have not been pre-configured. Task 1: Configure Local AAA Authentication for Console Access on R1 Test connectivity. Ping from PC-A to PC-B. Ping from PC-A to PC-C. Ping from PC-B to PC-C. Configure a local username on R1. Configure a username of Admin1 and secret password of admin1pa55. R1(config)# username Admin1 secret admin1pa55 Step 3. Configure local AAA authentication for console access on R1. Enable AAA on R1 and configure AAA authentication for console login to use the local database. R1(config)# aaa new-model R1(config)# aaa authentication login default local All contents are Copyright 1992 2012 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 2 of 5

Step 4. Enable AAA on R1 and configure AAA authentication for console login to use the default method list. R1(config)# line console 0 R1(config-line)# login authentication default Verify the user EXEC login using the local database. R1(config-line)# end R1# exit R1 con0 is now available Username: Admin1 Password: admin1pa55 R1> Task 2: Configure Local AAA Authentication for VTY Lines on R1 Configure a named list AAA authentication method for VTY lines on R1. Configure a named list called TELNET-LOGIN to authenticate logins using local AAA. R1(config)# aaa authentication login TELNET-LOGIN local Configure the VTY lines to use the defined AAA authentication method. Configure the VTY lines to use the named AAA method. Step 3. R1(config)# line vty 0 4 R1(config-line)# login authentication TELNET-LOGIN R1(config-line)# end Verify the Telnet configuration. From the command prompt of PC-A, Telnet to R1. PC> telnet 192.168.1.1 Username: Admin1 Password: admin1pa55 R1> All contents are Copyright 1992 2012 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 3 of 5

Task 3: Configure Server-Based AAA Authentication Using TACACS+ on R2 Configure a backup local database entry called Admin. For backup purposes, configure a local username of Admin and secret password of adminpa55. R2(config)# username Admin secret adminpa55 Verify the TACACS+ Server configuration. Select the TACACS+ Server. From the Config tab, click on AAA and notice that there is a Network configuration entry for R2 and a User Setup entry for Admin2. Step 3. Configure the TACACS+ server specifics on R2. Configure the AAA TACACS server IP address and secret key on R2. R2(config)# tacacs-server host 192.168.2.2 R2(config)# tacacs-server key tacacspa55 Step 4. Configure AAA login authentication for console access on R2. Enable AAA on R2 and configure all logins to authenticate using the AAA TACACS+ server and if not available, then use the local database. R2(config)# aaa new-model R2(config)# aaa authentication login default group tacacs+ local Configure AAA authentication for console login to use the default AAA authentication method. Step 6. R2(config)# line console 0 R2(config-line)# login authentication default Verify the user EXEC login using the AAA TACACS+ server. R2(config-line)# end R2# exit R2 con0 is now available Username: Admin2 Password: admin2pa55 R2> All contents are Copyright 1992 2012 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 4 of 5

Task 4: Configure Server-Based AAA Authentication Using RADIUS on R3 Configure a backup local database entry called Admin. For backup purposes, configure a local username of Admin and secret password of adminpa55. R3(config)# username Admin secret adminpa55 Verify the RADIUS Server configuration. Select the RADIUS Server. From the Config tab, click on AAA and notice that there is a Network configuration entry for R3 and a User Setup entry for Admin3. Step 3. Configure the RADIUS server specifics on R3. Configure the AAA RADIUS server IP address and secret key on R3. R3(config)# radius-server host 192.168.3.2 R3(config)# radius-server key radiuspa55 Step 4. Configure AAA login authentication for console access on R3. Enable AAA on R3 and configure all logins to authenticate using the AAA RADIUS server and if not available, then use the local database. R3(config)# aaa new-model R3(config)# aaa authentication login default group radius local Configure AAA authentication for console login to use the default AAA authentication method. Step 6. R3(config)# line console 0 R3(config-line)# login authentication default Verify the user EXEC login using the AAA RADIUS server. R3(config-line)# end R3# exit R3 con0 is now available Step 7. Username: Admin3 Password: admin3pa55 R3> Check results. Your completion percentage should be 100%. Click Check Results to see feedback and verification of which required components have been completed. All contents are Copyright 1992 2012 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 5 of 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback