Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
26 views12 pages

Net-461 - Lab Part 04

Uploaded by

mrksa8000
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
26 views12 pages

Net-461 - Lab Part 04

Uploaded by

mrksa8000
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 12

LAB MANUAL

LAB EXPERIMENT – 03: Configuration of AAA Authentication on Network Routers

CONFIGURE AUTHENTICATION, AUTHORIZATION, ACCOUNTING


(AAA) ON NETWORK ROUTERS.

PERFORMANCE OBJECTIVES

Upon completion of this laboratory exercises, the student will be able to:

 Configure a local user account on R1 and configure authenticate on the console and VTY
lines using local AAA.
 Verify local AAA authentication from the R1 console and the PC-A client.
 Configure server-based AAA authentication using TACACS+.
 Verify server-based AAA authentication from the PC-B client.
 Configure server-based AAA authentication using RADIUS.
 Verify server-based AAA authentication from the PC-C client.

TOOLS & EQUIPMENT

 PC running windows 7 or higher, having MS Office, Cisco Packet Tracer 7 or above.

MATERIALS (if needed)

 None.

RESOURCES (if needed)

 None.

SAFETY WARNING / CAUTION (if required)

 No any.

Computer Network II
LAB MANUAL
LAB EXPERIMENT –03: Configuration of AAA Authentication on Cisco Routers

Configure AAA Authentication on Cisco Routers


A simple explanation about AAA is: AUTHENTICATION tells who is allowed,
AUTHORIZATION tells what he can do, and ACCOUNTING tells what he did.

Basic Required Configurations

 The network topology shows routers R0, R1 and R2. Currently, all administrative
security is based on knowledge of the enable secret password. Your task is to
configure and test local and server-based AAA.
 You will create a local user account and configure local AAA on router R0 to test the
console and VTY logins.
o User account: Admin1 and password admin1pa55
 You will configure router R1 to support server-based authentication using the
RADIUS protocol. The RADIUS server should be configured with the following:
o Client: R1 using the keyword RDS
o User account: admin1 and password adminrds
 Finally, you will then configure router R2 to support server-based authentication
using the TACACS+ protocol. The TACACS+ server should be configured with the
following:
o Client: R2 using the keyword TAC
o User account: admin2 and password admintac
 All routers should be configured with the following password:
o Enable password: ciscopass

Note:
The console and VTY lines have not been pre-configured. IOS version 15.3 uses
SCRYPT as a secure encryption hashing algorithm; always use the most secure option
available on your equipment.

4 YANBU UNIVERSITY COLLEGE


LAB MANUAL
LAB EXPERIMENT – 03: Configuration of AAA Authentication on Network Routers

TASK-1: Design the following network

Step 1: Use the following network diagram to design the required network.

Network Topology

Addressing Table

Default
Device Interface IP Address Subnet Mask Switch Port
Gateway
G0/0 10.10.10.1 255.255.255.0 N/A N/A
R0 G0/1 192.168.2.2 255.255.255.0 N/A N/A

G0/0 192.168.1.1 255.255.255.0 N/A G0/1


G0/1 192.168.2.1 255.255.255.0 N/A N/A
R1
G0/2 192.168.3.1 255.255.255.0 N/A N/A

G0/0 172.16.1.1 255.255.255.0 N/A G0/1


R2 G0/1 192.168.3.2 255.255.255.0 N/A N/A

TACACS+ Server NIC 172.16.1.2 255.255.255.0 172.16.1.1 F0/1

RADIUS Server NIC 192.168.1.2 255.255.255.0 192.168.1.1 F0/1

PC-0 NIC 10.10.10.2 255.255.255.0 10.10.10.1 N/A


PC-1 NIC 192.168.1.3 255.255.255.0 192.168.1.1 F0/2
PC-2 NIC 172.16.1.3 255.255.255.0 172.16.1.1 F0/2

Computer Network II
LAB MANUAL
LAB EXPERIMENT –03: Configuration of AAA Authentication on Cisco Routers

Step 2: Dynamic Routing for all Routers.

 Configuration for Router R0:

 Configuration for Router R1:

 Configuration for Router R2:

Step 3: Test connectivity between devices.

 Ping from PC-0 to PC-1.


 Ping from PC-0 to PC-2.
 Ping from PC-1 to PC-2.
 Ping RADIUS to TACACS.

6 YANBU UNIVERSITY COLLEGE


LAB MANUAL
LAB EXPERIMENT – 03: Configuration of AAA Authentication on Network Routers

TASK-2: Configure Local AAA Authentication

Part 1: Configure AAA Authentication on Router 0.

Step 1: Configure security login on R0.

Step 2: Configure a local username on R0.

 Configure a username of Admin1 with a secret password of admin1pa55.

Step 3: Configure local AAA authentication for console and VTY access on R0.

 Enable AAA on R0

 Configure AAA authentication to use the local database.

 Configure AAA authentication for the console login to use the local database.

 Configure AAA authentication for the VTY login to use the local database.

Computer Network II
LAB MANUAL
LAB EXPERIMENT –03: Configuration of AAA Authentication on Cisco Routers

Step 4: Verify the AAA authentication method.

Part 2: Configure AAA Authentication RADIUS Server.


 Go to RADIUS Server and from Services tab click on AAA.
 Make server On
 Client Name: R1
 Client IP: 192.168.1.1
 Server Type: Radius
 Secret (Key): RDS
 User Setup Name: admin1
 Password for User Setup: adminrds

8 YANBU UNIVERSITY COLLEGE


LAB MANUAL
LAB EXPERIMENT – 03: Configuration of AAA Authentication on Network Routers

Part 3: Configure Server-Based AAA Authentication Using RADIUS on


Router R1.

Step 1: Configure security login on R1.

Step 2: Configure a local username on R1.

Step 3: Configure local AAA authentication for console and VTY access on R1.

 Enable AAA on R1.

 Configure AAA authentication to use RADIUS Server.

Computer Network II
LAB MANUAL
LAB EXPERIMENT –03: Configuration of AAA Authentication on Cisco Routers

 Configure AAA authentication login to use the default group Radius local.

 Configure AAA authentication for the console login to use the default authentication.

Note:

 This command is used to restrict users form accessing the router after three failed attempts.

R1 (config)# aaa login authentication attempts max-fail 3

 This command is used to make passwords case sensitive.

R1 (config)# aaa authentication login default local case

10 YANBU UNIVERSITY COLLEGE


LAB MANUAL
LAB EXPERIMENT – 03: Configuration of AAA Authentication on Network Routers

Part 4: Configure AAA Authentication TACACS Server.


 Go to TACACS Server and from Services tab click on AAA.
 Make server On
 Client Name: R2
 Client IP: 172.16.1.1
 Server Type: Tacacs
 Secret (Key): TAC
 User Setup Name: admin1
 Password for User Setup: admintac

Part 5: Configure Server-Based AAA Authentication Using TACACS+ on


Router R2

Step 1: Configure security login on R2.

Computer Network II
LAB MANUAL
LAB EXPERIMENT –03: Configuration of AAA Authentication on Cisco Routers

Step 2: Configure a local username on R2.

 Configure AAA authentication to use TACACS Server.

 Enable AAA on R2

 Configure AAA authentication login to use the default group TACACS local.

 Configure AAA authentication for the console login and VTY to use the default
authentication.

Part 6: Steps to Check Results (Mark with  if Correct):


Step 1: Login to each router and access the privilege mode.

 Check the following on Router R0:


 Login User: admin1
 Password: admin1pa55
 Enable password: ciscopass

 Check the following on Router R1:


 Login User: admin1
 Password: adminrds
 Enable password: ciscopass

 Check the following on Router R2:


 Login User: admin1
 Password: admintac
 Enable password: ciscopass

12 YANBU UNIVERSITY COLLEGE


LAB MANUAL
LAB EXPERIMENT – 03: Configuration of AAA Authentication on Network Routers

Step 2: Disable AAA services.

 On Router R1 and R2 check the following:


 Login User: admin1
 Password: admin1pa55
 Enable password: ciscopass

Step 3: Enable AAA services.

 On Router R1 and R2 check the following:


 Login User: admin1
 Password: admin1pa55
 Enable password: ciscopass

FINAL CHECKLIST (if applicable)

1. Clean your equipment, materials, and work benches before you leave
2. Return all equipment and materials to their proper storage area

Computer Network II
LAB MANUAL
LAB EXPERIMENT –03: Configuration of AAA Authentication on Cisco Routers

3. Submit your lab report on time

14 YANBU UNIVERSITY COLLEGE

You might also like