CCNP-ISCW Lab:Configuration of the local AAA

Tips : CCNP include 642-845,642-825,642-812,642-901  exams, ISCW is 642-825 exam, named Implementing Secure Converged Wide Area Networks

If you need CCNP material you can buy it at following links:

CCNP materials, 642-825 exam material and so on.

—————————————————————————————————————————-

Environment: In a router configuration can be realized
Requirements: First of all, a two-user, a general level, a 15
Login authentication define two groups, one for the default, and then another named con, on the line for the console to verify
Default authorization group and then set up to empower the exec, and test to see the corresponding results.

topology-map2

Step 1: Basic configuration
Router (config) # username user password user / / set user name and password
Router (config) # username user1 privilege 15 password user1 / / set of 15
Router (config) # int loop 0
Router (config-if) # ip add 10.1.1.1 255.255.255.0 / / set loopback interface for telnet
Router (config) # line 0
Router (config-line) # password cisco / / set authentication console password
Router (config) # aaa new-model / / Enable AAA
Router (config) # aaa authentication login default local / / login authentication default local
Router (config) # aaa authentication login con line / / called verification con list
Router (config) # aaa authorization exec default local / / default list of authorized
Router (config) # line 0
Router (config-line) # login authentication con / / verify that the list will be loaded into the console port
Router (config-line) # exit
Router (config) # end

Step 2: Verify the configuration

Router # exit / / use the console log

Router con0 is now available

Press RETURN to get started.

User Access Verification

Password: / / for the importation of used con list password

Router> en / / console log defaults to 15
Router #

Router # telnet 10.1.1.1 / / vty login authentication
Trying 10.1.1.1 … Open

User Access Verification

Username: user / / use user User Login
Password:

Router> en / / do not have access privileges
% Error in authentication.

Router # telnet 10.1.1.1
Trying 10.1.1.1 … Open

User Access Verification

Username: user1 / / and the use of 15 users can go directly to user1 privilege model, which is authorized by the role of list
Password:

Router #

Step three: Displays the current configuration

Router # show run
hostname Router
!
username user password 0 user
username user1 privilege 15 password 0 user1
aaa new-model
!
!
aaa authentication login default local
aaa authentication login con line
aaa authorization exec default local
!
interface Loopback0
ip address 10.1.1.1 255.255.255.0

line con 0
exec-timeout 0 0
password cisco
logging synchronous
login authentication con
line aux 0
line vty 0 4
!
end

Tags: ,
Posted 07 May 2009 by admin in IT Technology

Your Comment




70-290 70-441 640-721 640-802 640-822 642-436 Access Control List ACL Add new tag Adobe BGP CCDE CCIE CCIE Lab CCNA CCNA 640-802 CCNP CCNP 642-811 Note CCSP CCVP cisco EIGRP IBM Lotus MCA MCAD MCDBA MCSD MCSE MCSE2003 MCTS Micorsoft Certification MPLS OCP Oracle Oracle Certification ospf Pass4sure QoS RHCE SCJP STP SY0-101 Tiffany VLAN