3.6.1.2 Packet Tracer – Configure AAA Authentication on Cisco Routers Answers PDF

Title 3.6.1.2 Packet Tracer – Configure AAA Authentication on Cisco Routers Answers
Author Amuel Wilson
Course Network security
Institution Algonquin College
Pages 8
File Size 295.5 KB
File Type PDF
Total Downloads 30
Total Views 161
Preview
CLICK TO PREVIEW PDF
Summary

Packet Tracer – Configure AAA Authentication on Cisco Routers Lab...

Description

Packet Tracer – Configure AAA Authentication on Cisco Routers Topology

Addressing Table

Objectives •Configur eal ocaluseraccountonR1andconfi gur eaut hent i c at eont heconsol eandv t yl i nes usi ngl ocal AAA. •Ver i f yl ocalAAAaut hent i cat i onf r om t heR1c onsol eandt hePCAcl i ent . •Configur eser v er basedAAAaut hent i cat i onusi ngTACACS+. •Ver i f yser ver basedAAAaut hent i c at i onf r om t hePCBcl i ent . •Configur eser v er basedAAAaut hent i cat i onusi ngRADI US. •Ver i f yser ver basedAAAaut hent i c at i onf r om t hePCCcl i ent . Background / Scenario Thenet wor kt opol ogyshowsr out er sR1,R2andR3.Cur r ent l y ,al l admi ni st r at i vesecur i t yi s basedonknowl edgeoft heenabl esec r etpasswor d.Yourt aski st oconfigur eandt es tl ocaland s er ver basedAAAsol ut i ons. Youwi l lcr eat eal ocaluseraccountandconfi gur el ocal AAAonr out erR1t ot estt hecons ol e andv t yl ogi ns. •Useraccount :Admin1 andpass wor dadmin1pa55 Youwi l lt henconfigur er out erR2t osuppor ts er ver basedaut hent i cat i onusi ngt heTACACS+ pr ot ocol .TheTACACS+ser verhasbeenpr econfi gur edwi t ht hef ol l owi ng: •Cl i ent :R2 us i ngt hekeywor dtacacspa55 •Useraccount :Admin2 andpass wor dadmin2pa55 Fi nal l y ,youwi l l confi gur er out erR3t osuppor tser ver bas edaut hent i cat i onusi ngt heRADI US pr ot ocol .TheRADI USs er verhasbeenpr econfi gur edwi t ht hef ol l owi ng:

•Cl i ent :R3 us i ngt hekeywor dradiuspa55 •Useraccount :Admin3 andpass wor dadmin3pa55 Ther out er shav eal sobeenpr econfi gur edwi t ht hef ol l owi ng: •Enabl esecr etpas swor d:ciscoenpa55 •OSPFr out i ngpr ot ocolwi t hMD5aut hent i cat i onusi ngpasswor d:MD5pa55 Note:Theconsol eandvt yl i neshavenotbeenpr econfi gur ed. Note:I OSv er si on15. 3usesSCRYPTasasecur eenc r ypt i onhas hi ngal gor i t hm;however ,t he I OSver si ont hati scur r ent l ysuppor t edi nPacketTr acerusesMD5.Al waysuset hemostsecur e opt i onavai l abl eonyourequi pment . Part 1: Configure Local AAA Authentication for Console Access on R1 Step 1: Test connectivity. •Pi ngf r om PC-A t oPC-B. •Pi ngf r om PC-A t oPC-C. •Pi ngf r om PC-B t oPC-C. Step 2: Configure a local username on R1. Confi gur eauser nameofAdmin1 wi t hasecr etpass wor dofadmin1pa55. R1(config)# username Admin1 secret admin1pa55 Step 3: Configure local AAA authentication for console access on R1. Enabl eAAAonR1andconfigur eAAAaut hent i c at i onf ort heconsol el ogi nt ouset hel ocal dat abase. R1(config)# aaa new-model R1(config)# aaa authentication login default local Step 4: Configure the line console to use the defined AAA authentication method. Enabl eAAAonR1 andconfigur eAAAaut hent i cat i onf ort heconsol el ogi nt ouset hedef aul t met hodl i st . R1(config)# line console 0 R1(config-line)# login authentication default Step 5: Verify the AAA authentication method. Ver i f yt heuserEXECl ogi nusi ngt hel ocaldat abase. R1(config-line)# end %SYS-5-CONFIG_I: Configured from console by console R1# exit

R1 con0 is now available Press RETURN to get started.

************ AUTHORIZED ACCESS ONLY ************* UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED.

User Access Verification

Username: Admin1 Password: admin1pa55 R1> Part 2: Configure Local AAA Authentication for vty Lines on R1 Step 1: Configure domain name and crypto key for use with SSH. a.Useccnasecur i t y . com ast hedomai nnameonR1. R1(config)# ip domain-name ccnasecurity.com b.Cr eat eanRSAcr ypt okeyusi ng1024bi t s. R1(config)# crypto key generate rsa

Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes.

How many bits in the modulus [512]: 1024 % Generating 1024 bit RSA keys, keys will be non-exportable...[OK] Step 2: Configure a named list AAA authentication method for the vty lines on R1. Confi gur eanamedl i stcal l edSSH-LOGIN t oaut hent i cat el ogi nsusi ngl ocalAAA. R1(config)# aaa authentication login SSH-LOGIN local Step 3: Configure the vty lines to use the defined AAA authentication method.

Confi gur et hevt yl i nest ouset henamedAAAmet hodandonl yal l owSSHf orr emot eaccess. R1(config)# line vty 0 4 R1(config-line)# login authentication SSH-LOGIN R1(config-line)# transport input ssh R1(config-line)# end Step 4: Verify the AAA authentication method. Ver i f yt heSSHconfigur at i onSSHt oR1 f r om t hecommandpr omptofPC-A. . PC> ssh –l Admin1 192.168.1.1 Open Password: admin1pa55 Part 3: Configure Server-Based AAA Authentication Using TACACS+ on R2 Step 1: Configure a backup local database entry called Admin. Forbackuppur pos es,confi gur eal oc aluser nameofAdmin2 andasecr etpasswor d ofadmin2pa55. R2(config)# username Admin2 secret admin2pa55 Step 2: Verify the TACACS+ Server configuration. Cl i ckt heTACACS+Ser ver .Ont heSer vi cest ab,cl i ckAAA.Not i cet hatt her ei saNet wor k c onfi gur at i onent r yf orR2 andaUserSet upent r yf orAdmin2. Step 3: Configure the TACACS+ server specifics on R2. Confi gur et heAAATACACSser verI Paddr es sandsecr etkeyonR2. Note:Thecommandstacacs-server host andtacacs-server key ar edepr ecat ed. Cur r ent l y ,PacketTr acerdoesnotsuppor tt henewcommandtacacs server. R2(config)# tacacs-server host 192.168.2.2 R2(config)# tacacs-server key tacacspa55 Step 4: Configure AAA login authentication for console access on R2. Enabl eAAAonR2 andconfigur eal ll ogi nst oaut hent i cat eusi ngt heAAATACACS+ser ver .I fi t i snotav ai l abl e,t henus et hel ocaldat abase. R2(config)# aaa new-model R2(config)# aaa authentication login default group tacacs+ local Step 5: Configure the line console to use the defined AAA authentication method. Confi gur eAAAaut hent i cat i onf orconsol el ogi nt ouset hedef aul tAAAaut hent i cat i onmet hod.

R2(config)# line console 0 R2(config-line)# login authentication default Step 6: Verify the AAA authentication method. Ver i f yt heuserEXECl ogi nusi ngt heAAATACACS+ser v er . R2(config-line)# end %SYS-5-CONFIG_I: Configured from console by console R2# exit

R2 con0 is now available Press RETURN to get started.

************ AUTHORIZED ACCESS ONLY ************* UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED.

User Access Verification

Username: Admin2 Password: admin2pa55 R2> Part 4: Configure Server-Based AAA Authentication Using RADIUS on R3 Step 1: Configure a backup local database entry called Admin. Forbackuppur pos es,confi gur eal oc aluser nameofAdmin3 andasecr etpasswor d ofadmin3pa55. R3(config)# username Admin3 secret admin3pa55 Step 2: Verify the RADIUS Server configuration. Cl i ckt heRADI USSer v er .Ont heSer vi cest ab,cl i ckAAA.Not i cet hatt her ei saNet wor k c onfi gur at i onent r yf orR3 andaUserSet upent r yf orAdmin3. Step 3: Configure the RADIUS server specifics on R3. Confi gur et heAAARADI USser v erI Paddr es sandsecr etk eyonR3. Note:Thecommandsradius-server host andradius-server key ar edepr ecat ed. Cur r ent l yPack etTr acerdoesnotsuppor tt henewcommandradius server.

R3(config)# radius-server host 192.168.3.2 R3(config)# radius-server key radiuspa55 Step 4: Configure AAA login authentication for console access on R3. Enabl eAAAonR3 andconfigur eal ll ogi nst oaut hent i cat eusi ngt heAAARADI USser v er .I fi ti s notav ai l abl e,t henuset hel ocaldat abas e. R3(config)# aaa new-model R3(config)# aaa authentication login default group radius local Step 5: Configure the line console to use the defined AAA authentication method. Confi gur eAAAaut hent i cat i onf orconsol el ogi nt ouset hedef aul tAAAaut hent i cat i onmet hod. R3(config)# line console 0 R3(config-line)# login authentication default Step 6: Verify the AAA authentication method. Ver i f yt heuserEXECl ogi nusi ngt heAAARADI USs er v er . R3(config-line)# end %SYS-5-CONFIG_I: Configured from console by console R3# exit

R3 con0 is now available Press RETURN to get started.

************ AUTHORIZED ACCESS ONLY ************* UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED.

User Access Verification

Username: Admin3 Password: admin3pa55 R3> Step 7: Check results. Yourcompl et i onper c ent ages houl dbe100%.Cl i ckCheck Results t oseef eedbackand v er i ficat i onofwhi chr equi r edcomponent shav ebeencompl et ed.

Scripts for R1 Scripts for R2 Scripts for R3 !!!Part 1 config t username Admin1 secret admin1pa55 aaa new-model aaa authentication login default local line console 0 login authentication default !!!Part 2 ip domain-name ccnasecurity.com crypto key generate rsa 1024 aaa authentication login SSH-LOGIN local line vty 0 4 login authentication SSH-LOGIN transport input ssh...

Similar Free PDFs
3.6.1.2 Packet Tracer – Configure AAA Authentication on Cisco Routers Answers
  • 8 Pages
3.6.1.2 Packet Tracer - Configure AAA Authentication on Cisco Routers
  • 7 Pages
3.6.1.2 Packet Tracer - Configure AAA Authentication on Cisco Routers
  • 4 Pages
Configure AAA Authentication on Cisco Routers
  • 4 Pages
2.6.1.3 Packet Tracer – Configure Cisco Routers for Syslog, NTP, and SSH Operations Answers
  • 8 Pages
PACKET TRACER CISCO
  • 19 Pages
Ebook Cisco Packet Tracer
  • 77 Pages
CISCO PACKET TRACER 10.4.4
  • 15 Pages
laboratorio cisco packet tracer
  • 15 Pages
LAB 4 on cisco packet tracer
  • 12 Pages
1.3.6 Packet Tracer - Configure SSH
  • 2 Pages
2.6.1.3 Packet Tracer - Configure Cisco Routers for Syslog, NTP, and SSH Operations Instructor
  • 7 Pages
Practical 12 Configure network topology using cisco packet tracer.
  • 5 Pages
Tutorial Cisco Packet Tracer Lengkap
  • 70 Pages
TUGAS PRAKTIKUM CISCO PACKET TRACER
  • 9 Pages
Cisco Packet Tracer 8.0.1 FAQ
  • 5 Pages
Popular Institutions