Not a network engineer wants to spend countless hours of your time to maintain hundreds of local user accounts on a Cisco device. This question is to see for many, many years ago, resolving with the AAA level. Aaa you can Configuring the opposite it is a Cisco router, or switch device to a centralized user authentication, database authentication. Cisco sales known as the Cisco access servers, typically used for more then 50 nodes in the network to provide centralized authentication, authorization, and accounting services solutions for network equipment.
Please note that the content found in the lab is not part of the CCNA (640-802) exam objectives, however the material could be found new CCNA security certification (exam: 840-553--Institute for non-aligned). The laboratory was created to provide you with a basic understanding of the AAA grade, typically used in the production network authentication, authorization, and accounting.
Lab Prerequisites:
- If you are using GNS3, loaded free CCNA Binder GNS3 topology and R1.
- Establish a console session with the Router 1.
- Before completing the laboratory 3-3, try this lab.
- Create a local user account with 15-level permissions and passwords.
Lab Instruction:
Step 1. First of all, you need to configure a TACACS server host address and key, this key keygoeshere by performing a TACACS server host x.x.x.x is shown below;
Router con0 is now available
Press RETURN to get started.
Router>enable
Router#configure terminal
Router(config)#tacacs-server host 10.1.1.20 key Password!
Step 2. Now configure AAA-level login authentication list named CONSOLE_AUTH, for the first time to a TACACS server back to the local user database authentication and fault tolerance in the event of a server failure. As shown in the previous Lab 3-2 AuthType is local. AAA login authentication AuthType below the list in order from first to last in the grammar. To configure the list to a TACACS server to verify, before adding group TACACS + local
To complete the 2nd goal; to a TACACS server for authentication, and then cut to a local database server fails, perform laboratory 3-2; Append the login TACACS authentication CONSOLE_AUTH and local groups to it, as shown below;
Router(config)#line con 0
Router(config-line)#login authentication CONSOLE_AUTH group tacacs local
You will not be able to verify the actual authentication TACACS server, because there are no TACACS server in this lab. You can download a trial copy of Cisco ACS and build server to authenticate Cisco equipment, but this is within the scope of the CCNA security and CCNA. For verification purposes using a 15-level permissions are prerequisites for configuring native database user name and password.
Router con0 is now available
Press RETURN to get started.
User Access Verification
Username: john
Password:
Router>
0 comments:
Post a Comment