From the Config tab, click on AAAand notice that there is a Network configuration entry for R2 and a User Setup entry for Admin2.
AUTHENTICATED SERVER LIST BACKUP EXEC 16 PASSWORD
R2(config)# username Admin password adminpa55 Step 2. From the command prompt of PC-A, Telnet to R1.Ĭonfigure Server-Based AAA Authentication Using TACACS+ on R2 Configure a backup local database entry called Admin.įor backup purposes, configure a local username of Admin and secret password of adminpa55. PC> telnet 192.168.1.1Ĭonfigure a named list called TELNET-LOGIN to authenticate logins using local AAA.Ĭonfigure the VTY lines to use the named AAA method. R1(config)# line vty 0 4 R1(config-line)# login authentication TELNET-LOGIN R1(config-line)# end Step 3. Configure the VTY lines to use the defined AAA authentication method. R1(config)# aaa authentication login TELNET-LOGIN local Step 2. Configure Local AAA Authentication for VTY Lines on R1 Configure a named list AAA authentication method for VTY lines on R1. Verify the user EXEC login using the local database. R1(config)# line console 0 R1(config-line)# login authentication default Step 5. Configure the line console to use the defined AAA authentication method.Ĭonfigure a username of Admin1 and secret password ofadmin1pa55.Įnable AAA on R1 and configure AAA authentication for console login to use the local database.Įnable AAA on R1 and configure AAA authentication for console login to use the default method list. R1(config)# aaa new-model R1(config)# aaa authentication login default local Step 4. Configure local AAA authentication for console access on R1. R1(config)# username Admin1 password admin1pa55 Step 3. Configure Local AAA Authentication for Console Access on R1 Test connectivity. Note: The console and VTY lines have not been pre-configured. The routers have also been pre-configured with the following: Enable secret password: ciscoenpa55 RIP version 2 The RADIUS server has been pre-configured with the following: Client: R3 using the keyword radiuspa55 User account: Admin3 and password admin3pa55 The TACACS+ server has been pre-configured with the following: Client: R2 using the keyword tacacspa55 User account: Admin2 and password admin2pa55įinally, you will configure router R3 to support server-based authentication using the RADIUS protocol. User account: Admin1 and password admin1pa55 You will then configure router R2 to support server-based authentication using the TACACS+ protocol. You will create a local user account and configure local AAA on router R1 to test the console and VTY logins. Your task is to configure and test local and server-based AAA solutions. Currently all administrative security is based on knowledge of the enable secret password. Introduction The network topology shows routers R1, R2 and R3.
Verify server-based AAA authentication from PC-C client.
Configure a server-based AAA authentication using RADIUS. Verify server-based AAA authentication from PC-B client. Configure a server-based AAA authentication using TACACS+. Verify local AAA authentication from the R1 console and the PC-A client. Learning Objectives Configure a local user account on R1 and authenticate on the console and VTY lines using local AAA. R3 TACACS+ Server RADIUS Server PC-A PC-B PC-C PT Activity: Configure AAA Authentication on Cisco Routers Addressing Table