Configuring AAA with TACAS+ and RADIUS done Cisco Packet Tracer

Posted by: | on October 3, 2017

Configuring AAA with TACAS+ and RADIUS done Cisco Packet Tracer

lab CCNA tacacs+ and radius server cisco packet tracer

TACAS+,RADIUS, dhcp and dns server!

Configuring AAA for device management with TACAS+ and RADIUS. It is part of topic of Cisco certification of  Interconnecting Cisco Networking Device part 2(ICND2 200-105, version 3.0)

To enable AAA, you need to configure the aaa new-model command in global configuration. Until this command is enabled, all other AAA commands are hidden.

The aaa new-model command immediately applies local authentication to all lines and interfaces (except console line line con 0).

R1(config)#aaa authentication login default group tacacs+ none
% Invalid input detected — aaa not enabled It is important to enable aaa by entering on global configuration mode aaa new-model firt.

Configuring aaa – Radius
R1(config)#aaa ?
accounting Accounting configurations parameters.
authentication Authentication configurations parameters.
authorization Authorization configurations parameters.
new-model Enable NEW access control commands and functions.(Disables
OLD commands.)
R1(config)#aaa new-model
R1(config)#aaa authentication ?
enable Set authentication lists for enable.
login Set authentication lists for logins.
ppp Set authentication lists for ppp.
R1(config)#aaa authentication login ?
WORD Named authentication list.
default The default authentication list.
R1(config)#aaa authentication login default ?
enable Use enable password for authentication.
group Use Server-group.
local Use local username authentication.
none NO authentication.
R1(config)#aaa authentication login default group ?
radius Use list of all Radius hosts.
tacacs+ Use list of all Tacacs+ hosts.
R1(config)#aaa authentication login default group radius ?
enable Use enable password for authentication.
group Use Server-group.
local Use local username authentication.
none NO authentication.

R1(config)#aaa authentication login default group radius none
R1(config)#

To allow a user authentication, you must configure the username and the password on the AAA server.
Login Authentication
You can use the aaa authentication login command to authenticate users who want exec access into the access server (tty, vty, console and aux), for example:
R1(config)#aaa authentication login telnet_lines group radius
R1(config)#line vty 0 15
R1(config-line)#login ?
authentication authenticate using aaa method list
local Local password checking

R1(config-line)#login authentication ?
WORD authenticate using aaa method list
default authenticate using aaa default list
R1(config-line)#login authentication telnet_lines ?

R1(config-line)#login authentication telnet_lines

AAA: Warning authentication list TelnetLines is not defined for LOGIN
Note: This warning is because the list name is case sensitive, “telnetLines” is different than “TelnetLines”, so you should configure exactly the same name:
R1(config)#aaa authentication login telnet_lines group radius

Configuring the Radius server
R1(config)#radius-server ?
host Specify a Radius server
key Set Radius encryption key
R1(config)#radius-server host 172.16.1.4 ?
auth-port UDP port for RADIUS authentication server (default is 1645)
key per-server encryption key (overrides default)

R1(config)#radius-server host 172.16.1.4 auth-port 1645 key misecretocisco

 

2 TACACS+ Configuration

R2(config)#aaa new-model
R2(config)#aaa authentication login default group tacacs+ none
R2(config)#aaa authentication login telnet_lines group tacacs+
R2(config)#tacacs-server host 172.16.1.3 key ciscosecret

2.1 VTy lines
R2(config)#line vty 0 15
R2(config-line)#login ?
authentication authenticate using aaa method list
local Local password checking

R2(config-line)#login authentication ?
WORD authenticate using aaa method list
default authenticate using aaa default list
R2(config-line)#login authentication telnet_lines ?

R2(config-line)#login authentication telnet_lines

Note:
DHCP&DNS_SERVER(The IP 172.16.1.2) of dhcp server where PC the management(pc_management) is obtain an IP, default gateway and DNS server. It is also the DNS server.
TACACS+ server: 172.16.1.3 and RADIUS server IP´s address is 172.16.1.4.

Testing the configuration of RADIUS and TACACS+
From the pc_management,
telnet R1 or telnet 172.16.1.1
User and password: cisco/cisco
On both cases use “cisco” as password to enter in user privilegie mode

Download the file of the AAA with TACAS+ and RADIUS done Cisco Packet Tracer

[download id=”4308″]

Posted in 200-105 Interconnecting Cisco Networking Devices part 2, CCNA, CCNA R&S, CCNA routing and switching, Certifications, Cisco, Cisco Certified Network Associate v3.0 (200-125), Cisco Lab CCNA, RADIUS, TACAS+ | No Comments »
Tags: , , , , , , , , , , ,


«
»


« Previous Image

Leave a Reply

Your email address will not be published. Required fields are marked *