Name: Dhruv Darji ID No.: XIEIT181962 Subject: Advance Security Lab Roll No.: 07
Name: Dhruv Darji ID No.: XIEIT181962 Subject: Advance Security Lab Roll No.: 07
Name: Dhruv Darji ID No.: XIEIT181962 Subject: Advance Security Lab Roll No.: 07
: XIEIT181962
Subject: Advance Security Lab Roll No.: 07
Experiment No.8
Aim: Configure AAA Authentication for RADIUS and TACACS+ using packet tracer
Theory:
The network topology shows routers R1, R2 and R3. Currently, all administrative security is
based on knowledge of the enable secret password. Your task is to configure and test local
and server-based AAA solutions.
Addressing Table
You will create a local user account and configure local AAA on router R1 to test the console
and vty logins.
• User account: Admin1 and password admin1pa55
You will then configure router R2 to support server-based authentication using the
TACACS+ protocol. The TACACS+ server has been pre-configured with the following:
• Client: R2 using the keyword tacacspa55
• User account: Admin2 and password admin2pa55
Finally, you will configure router R3 to support server-based authentication using the
RADIUS protocol. The RADIUS server has been pre-configured with the following:
• Client: R3 using the keyword radiuspa55
• User account: Admin3 and password admin3pa55
The routers have also been pre-configured with the following:
• Enable secret password: ciscoenpa55
• OSPF routing protocol with MD5 authentication using password: MD5pa55
Note: The console and vty lines have not been pre-configured.
Note: IOS version 15.3 uses SCRYPT as a secure encryption hashing algorithm; however,
the IOS version that is currently supported in Packet Tracer uses MD5. Always use the most
secure option available on your equipment.
Name: Dhruv Darji ID No.: XIEIT181962
Subject: Advance Security Lab Roll No.: 07
Topology
Step 4: Configure the line console to use the defined AAA authentication method.
Enable AAA on R1 and configure AAA authentication for the console login to use the
default method list.
R1(config-line)# end
R1# exit
Username: Admin1
Password: admin1pa55
R1>
Step 1: Configure domain name and crypto key for use with SSH.
a. Use ccnasecurity.com as the domain name on R1.
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
Name: Dhruv Darji ID No.: XIEIT181962
Subject: Advance Security Lab Roll No.: 07
Step 2: Configure a named list AAA authentication method for the vty lines on R1.
Configure a named list called SSH-LOGIN to authenticate logins using local AAA.
Step 3: Configure the vty lines to use the defined AAA authentication method.
Configure the vty lines to use the named AAA method and only allow SSH for remote
access.
R1(config-line)# end
Open
Password: admin1pa55
Step 5: Configure the line console to use the defined AAA authentication method.
Configure AAA authentication for console login to use the default AAA authentication
method.
R2(config-line)# end
R2# exit
Username: Admin2
Password: admin2pa55
R2>
Step 5: Configure the line console to use the defined AAA authentication method.
Configure AAA authentication for console login to use the default AAA authentication
method.
R3(config-line)# end
R3# exit
Username: Admin3
Password: admin3pa55
R3>
Scripts for R1
Scripts for R2
Scripts for R3
!!!Part 1
config t
aaa new-model
line console 0
!!!Part 2
ip domain-name ccnasecurity.com
1024
Name: Dhruv Darji ID No.: XIEIT181962
Subject: Advance Security Lab Roll No.: 07
line vty 0 4
Conclusion: AAA Authentication for RADIUS and TACACS+ using packet tracer was done
successfully.