ITNE2006 VIT - Securing Administrative Access Using AAA and RADIUS

Verified

Added on 2023/06/13

AI Summary

This document provides a detailed solution to a lab assignment focused on securing administrative access using AAA and RADIUS. The solution covers configuring basic device settings, including hostnames, interface IP addresses, and access passwords, as well as static routing. It demonstrates the configuration of local authentication, including creating local user accounts and setting up access for console, VTY, and AUX lines. Furthermore, the solution details the implementation of AAA local authentication using Cisco IOS and centralized authentication using AAA and RADIUS, including RADIUS server installation and user configuration. Debugging messages and command outputs are included to illustrate the configuration and troubleshooting steps.

Network Topology

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Task 1: Configure Basic Device Settings
Router R1
Router R3

Router R2
Router R1 – Set Clock Rate
Router R2 – Set Clock Rate

Router R3 – Set Clock Rate
Show IP Interface (R1)
Show IP Route (R1)

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Show IP Interface (R2)
Show IP Route (R2)
Show IP Interface (R3)

Show IP Route (R3)
Step 8e)
Before encryption,
Mode Password
Console ciscoconpass
Telnet (vty) ciscovtypass
AUX ciscoauxpass
After encryption,

We could not able to view the con, aux and vty password in running configuration, because we
configured as service password-encryption. It is used to prevent the unauthorized user to view the
password in the running router
Part 2: Configure Local Authentication
Step 1a
The following command is used to create the local user account with type 9 hashing algorithm
username user01 privilege 9 secret user01pass
Step 1b
No, I am not able to view the user’s password. It shows as
Step 1c
What is the difference between logging in at the console now and previously?
Now, it asks the username and then password for the user
Previously, it asks the console password to enter

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Step 1d
We should enter the enable secret password. So we should use enable command after login the user
Step 3e
Telnet to R1 from R2
First we should enter vty password (ciscovtypass) and then enter enable password (cisco12345)
After enable the login local in vty mode, we try to login R1 from R2
It asks the username and password

While connected to R1 via Telnet, access privileged EXEC mode with the enable command.
What password did you use?
cisco12345
Part 3: Configure Local Authentication using AAA on R3
Step 1b
We could not able to view the user’s password
Task2 – Step2
We can able to login using Admin01
Task2 – Step2d. Attempt to log in to the console as baduser with any password. Were you able to log
in? Explain.
Not able to login as baduser
If no user accounts are configured in the local database, which users are permitted to access the device?
Previous configuration command is,
aaa authentication login default local-case none
Here none means no authentication requires if no user accounts found

Task2 – Step3c. Log in as Admin01 with a password of Admin01pass. Were you able to login? Explain
Yes, Username and password are found in the database
Task2 – Step3e. Attempt to log in as baduser with any password. Were you able to login? Explain
No, No user name (baduser) found in the database. Another one, we did not configure login-local as none
in VTY mode
If you login from R2 using valid user (Admin01), the debug message in R3
If enter baduser to login from telnet mode

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

If enter baduser to login from enable mode, debug messages are,
What message was displayed on the Telnet client screen?
%Authentication failed message will be displayed