Lab5-6c.net file for Dynamips:
##################################################
#
# CCNP Version 5.0: Implementing Secure Converged Wide-Area Networks
# Lab 5.6c Configuring AAA Using Local Authentication
# By Happy Peter http://blog.xuite.net/juilin77/happy
#
##################################################
autostart=false
[localhost:7200]
workingdir = /opt/dynamips/dynagen-0.10.1/UTS/CCNP2/Lab5-6c/workingconfig
[[3725]]
# Specify 3725 IOS image on Linux here:
image = /opt/dynamips/images/c3725-ad.bin
ram = 256
idlepc =0x60bf8d58
mmap = true
ghostios = true
confreg = 0x2102
###########################
#
# Define router instances 1
#
###########################
[[Router R1]]
model = 3725
console = 2001
f0/0 = NIO_linux_eth:eth0
Scenario
In this lab, you will configure a local username database with AAA. Host’s job will only be to access R1; most of the configuration will be done on R1.
Basic Configuration:
enable
configure terminal
!
no ip domain lookup
!
line console 0
logging synchronous
exec-timeout 0 0
!
host R1
Step 1: Configure the interface
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip address 192.168.100.214 255.255.255.192
R1(config-if)#no shutdown
R1#ping 192.168.100.213
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.100.213, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/12 ms
Step 2: Configure the Local User Database
R1(config)#username cisco password cisco
Step 3: Implement AAA Services
If you were using an authentication method with a remote server, such as TACACS+ or RADIUS, you would configure a secondary authentication method for fallback if the server is unreachable. Normally, the secondary method would be the local database. In this case, if no usernames are configured in the local database, the router allows all users login access to the device.
R1(config)#aaa new-model
R1(config)#aaa authentication login default local none
Next, create a unique authentication list for Telnet access to the router. This does not have the fallback of no authentication, so if there are no usernames in the local database, Telnet access is disabled.
R1(config)#aaa authentication login Telnet_lines local
R1(config)#line vty 0 4
R1(config-line)#login authentication Telnet_lines
Verify that this authentication list is used by opening a Telnet session from Host to R1.
C:\>telnet 192.168.100.217
User Access Verification
Username: cisco
Password: cisco
R1>
Final Configurations
R1:
hostname R1
!
aaa new-model
!
aaa authentication login default local none
aaa authentication login Telnet_lines local
!
no ip domain lookup
!
username cisco password cisco
!
interface FastEthernet0/0
ip address 192.168.100.214 255.255.255.192
no shutdown
!
line vty 0 4
exec-timeout 0 0
logging synchronous
login authentication Telnet_lines
!
end
Reference:
Cisco Networking Academy
http://www.cisco.com/web/learning/netacad/index.html
CCNP Version 5.0: Implementing Secure Converged Wide-Area Networks
Student Lab Manual
最初發表 / 最後更新: 2008.11.09 / 2018.06.11
0 comments:
張貼留言