Free CCNA Labs Packet Tracer Assessment: Implementing Tacacs+ and Radius

Free CCNA Labs Packet Tracer Assessment: Implementing Tacacs+ and Radius

Free CCNA Labs Packet Tracer Assessment: Implementing Tacacs+ and Radius FreeLabFriday

Free Lab Guide: http://bit.ly/2WUgsUX
Free Packet Tracer Lab File – assessment: http://bit.ly/2JthT9D
Free Packet Tracer Lab File – answers: http://bit.ly/2VS242Y
Playlist: http://bit.ly/2DjEhxm

Connect with Brian:
Twitter: https://twitter.com/65Briangallagh
LinkedIn: https://www.linkedin.com/in/bgallagh/

Connect with David:
Twitter: https://twitter.com/davidbombal
Instagram: https://www.instagram.com/davidbombal/
LinkedIn: https://www.linkedin.com/in/davidbombal/

#CCNA #CCENT #FreeLabFriday

Tacacs+ and Radius Implementation

In this smaller scale topology, you are going to implement both TACACS+ and RADIUS protocols. All devices are in the same network – no routing is required in this scenario. You will, however, need to configure the basic parameters for connectivity to the AAA server as well as configuring the device hostnames. Once the basic settings are configured, you should test connectivity to the AAA server prior to enabling AAA services (remember that enabling AAA changes the default login for all access except the console).

Configure TACACS+ and RADIUS as follows:

Server:
1) Add R1 as a TACACS client:
– Hostname = R1
– Client Name = R1
– Client IP = 10.1.1.254
– Secret = cisco
– Type = TACACS

2) Add R2 as a RADIUS client:
– Hostname = R2
– Client Name = R2
– Client IP = 10.1.1.253
– Secret = cisco
– Type = RADIUS

3) Add S1 as a TACACS client:
– Client Name = S1
– Client IP = 10.1.1.252
– Secret = cisco
– Type = TACACS

4) Add users:
– Usernames: ccna, ccnp and ccie
– Password = (All) cisco

R1:
1. Configure aaa authentication (for login and enable) using TACACS with server 10.1.1.250.
2. Use local authentication as a backup with username “backup” and password “cisco”
3. Ensure that the console has a created method list so that no authentication is required for the console to access the user prompt. Any method used should use the name CONSOLE for the list.
4. Test that you can login using your configured usernames.

R2:
1. Configure aaa authentication (for login and enable) using RADIUS with server 10.1.1.250.
2. Use local authentication as a backup with username “backup” and password “cisco”
3. Ensure that the console has a created method list so that no authentication is required for the console to access the user prompt. Any method used should use the name CONSOLE for the list.
4. Test that you can login using your configured usernames.

S1
1. Configure aaa authentication (for login and enable) using TACACS with server 10.1.1.250.
2. Use local authentication as a backup with username “backup” and password “cisco”
5. Ensure that the console has a created method list so that no authentication is required for the console to access the user prompt. Any method used should use the name CONSOLE for the list.
3. Test that you can login using your created usernames.

Verification:
1. PC1 and PC2 should be able to login (telnet) to all network devices using your configured usernames.
2. Verify that the local backup user cannot login while the server is reachable
3. Disable the port on the switch to the server.
4. Verify that you can login using the local backup account.
5. Enable the switch port and verify that the backup user can now no longer login,but you can login with your configured usernames.
6. PC3 and PC4 should not be prompted for a login to the user prompt when accessing the direct console connection, only when the move to privilege exec mode.

Task 2: Configure RADIUS

Step 1
Branch_2#conf t
Branch_2(config)#aaa new-model

Step 2
Create a backup user account.
Although not technically a part of AAA configuration, we want to ensure a backup user account exists in the
event the AAA servers become unreachable, so that we can still log in to the router.
Branch_2(config)# username ccna privilege 15 secret cisco

Step 3
Configure a RADIUS server.
Branch_2(config)# radius server MyRadiusServer
Branch_2(config-radius-server)# address ipv4 172.16.4.100
Branch_2(config-radius-server)# key RadiusPassword
Branch_2(config-radius-server)#exit

Step 4
Associate the RADIUS server with a server group.
Branch_2(config)# aaa group server radius MyRadiusGroup
Branch_2(config-sg-radius)# server name MyRadiusServer
Branch_2(config)#exit

Step 5
Configure login authentication to use this RADIUS groups with a fallback to local authentication. The default group will be applied to all interfaces/lines unless a specific method has been applied to a line or interface.
Branch_2(config)# aaa authentication login default group MyRadiusGroup local

Ensure all configurations are saved prior to logging out of the network devices.

You will be able to Check Results for your score and use this as possible hints and tips as
to what to check to get the 100% score. Good luck everyone!

Get more at http://davidbombal.com

subscribe