Order Now

Expert answer:Networking and Packet Tracer v 6.2 help needed for

Uncategorized

Answer & Explanation:I need help with a lab in Networking and Packet Tracer v 6.2 if is possible.Hi there will you be able to help me with my lab in networking ? I need the configuration file also afterwards on Packet Tracer v 6.2 ? Is that okay ?Lab3_AAA-RADIUS_Student.doc
lab3_aaa_radius_student.doc

Unformatted Attachment Preview

Chapter 3 Lab A: Securing Administrative Access Using AAA and
RADIUS
Topology
Note: ISR G2 devices have Gigabit Ethernet interfaces instead of Fast Ethernet Interfaces.
All contents are Copyright © 1992–2012 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 1 of 18
IP Addressing Table
Device
R1
Interface
FA0/1
IP Address
192.168.1.1
Subnet Mask
255.255.255.0
Default Gateway
N/A
Switch Port
S1 FA0/5
S0/0/0 (DCE)
10.1.1.1
255.255.255.252
N/A
N/A
S0/0/0
10.1.1.2
255.255.255.252
N/A
N/A
S0/0/1 (DCE)
10.2.2.2
255.255.255.252
N/A
N/A
FA0/1
192.168.3.1
255.255.255.0
N/A
S3 FA0/5
S0/0/1
10.2.2.1
255.255.255.252
N/A
N/A
PC-A
NIC
192.168.1.3
255.255.255.0
192.168.1.1
S1 FA0/6
PC-C
NIC
192.168.3.3
255.255.255.0
192.168.3.1
S3 FA0/18
R2
R3
Objectives
Part 1: Basic Network Device Configuration

Configure basic settings such as host name, interface IP addresses, and access passwords.

Configure static routing.
Part 2: Configure Local Authentication

Configure a local database user and local access for the console, vty, and aux lines.

Test the configuration.
Part 3: Configure Local Authentication Using AAA

Configure the local user database using Cisco IOS.

Configure AAA local authentication using Cisco IOS.

Test the configuration.
Part 4: Configure Centralized Authentication Using AAA and RADIUS

Install a RADIUS server on a computer.

Configure users on the RADIUS server.

Use Cisco IOS to configure AAA services on a router to access the RADIUS server for authentication.

Test the AAA RADIUS configuration.
Background
The most basic form of router access security is to create passwords for the console, vty, and aux lines. A
user is prompted for only a password when accessing the router. Configuring a privileged EXEC mode enable
secret password further improves security, but still only a basic password is required for each mode of
access.
In addition to basic passwords, specific usernames or accounts with varying privilege levels can be defined in
the local router database that can apply to the router as a whole. When the console, vty, or aux lines are
configured to refer to this local database, the user is prompted for a username and a password when using
any of these lines to access the router.
Additional control over the login process can be achieved using authentication, authorization, and accounting
(AAA). For basic authentication, AAA can be configured to access the local database for user logins, and
fallback procedures can also be defined. However, this approach is not very scalable because it must be
configured on every router. To take full advantage of AAA and achieve maximum scalability, AAA is used in
All contents are Copyright © 1992–2012 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 18
conjunction with an external TACACS+ or RADIUS server database. When a user attempts to log in, the
router references the external server database to verify that the user is logging in with a valid username and
password.
In this lab, you build a multi-router network and configure the routers and hosts. You will then use CLI
commands to configure routers with basic local authentication by means of AAA. You will install RADIUS
software on an external computer and use AAA to authenticate users with the RADIUS server.
Note: The router commands and output in this lab are from a Cisco 1841 with Cisco IOS Release 12.4(20)T
(Advance IP image). Other routers and Cisco IOS versions can be used. See the Router Interface Summary
table at the end of the lab to determine which interface identifiers to use based on the equipment in the lab.
Depending on the router model and Cisco IOS version, the commands available and output produced might
vary from what is shown in this lab.
Note: Make sure that the routers and switches have been erased and have no startup configurations.
Required Resources

3 routers (Cisco 1841 with Cisco IOS Release 12.4(20)T1 or comparable)

2 switches (Cisco 2960 or comparable)

PC-A: Windows XP, Vista or Windows 7 RADIUS server software available

Serial and Ethernet cables as shown in the topology

Rollover cables to configure the routers via the console
Part 1: Basic Network Device Configuration
In Part 1 of this lab, you set up the network topology and configure basic settings, such as the interface IP
addresses, static routing, device access, and passwords.
All steps should be performed on routers R1 and R3. Only steps 1, 2, 3 and 6 need to be performed on R2.
The procedure for R1 is shown here as an example.
Step 1: Cable the network as shown in the topology.
Attach the devices shown in the topology diagram, and cable as necessary.
Step 2: Configure basic settings for each router.
Configure host names as shown in the topology.
Configure the interface IP addresses as shown in the IP addressing table.
Configure a clock rate for the routers with a DCE serial cable attached to their serial interface.
R1(config)# interface S0/0/0
R1(config-if)# clock rate 64000
To prevent the router from attempting to translate incorrectly entered commands as though they were host
names, disable DNS lookup.
R1(config)# no ip domain-lookup
Step 3: Configure static routing on the routers.
a. Configure a static default route from R1 to R2 and from R3 to R2.
Configure a static route from R2 to the R1 LAN and from R2 to the R3 LAN.
All contents are Copyright © 1992–2012 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 3 of 18
Step 4: Configure PC host IP settings.
Configure a static IP address, subnet mask, and default gateway for PC-A and PC-C, as shown in the IP
addressing table.
Step 5: Verify connectivity between PC-A and R3.
a. Ping from R1 to R3.
Were the ping results successful? _____
If the pings are not successful, troubleshoot the basic device configurations before continuing.
b. Ping from PC-A on the R1 LAN to PC-C on the R3 LAN.
Were the ping results successful? _____
If the pings are not successful, troubleshoot the basic device configurations before continuing.
Note: If you can ping from PC-A to PC-C, you have demonstrated that static routing is configured and
functioning correctly. If you cannot ping but the device interfaces are up and IP addresses are correct,
use the show run and show ip route commands to help identify routing protocol-related problems.
Step 6: Save the basic running configuration for each router.
Use the Transfer > Capture text option in HyperTerminal or some other method to capture the running
configs for each router. Save the three files so that they can be used to restore configs later in the lab.
Step 7: Configure and encrypt passwords on R1 and R3.
Note: Passwords in this task are set to a minimum of 10 characters but are relatively simple for the
benefit of performing the lab. More complex passwords are recommended in a production network.
For this step, configure the same settings for R1 and R3. Router R1 is shown here as an example.
a. Configure a minimum password length.
Use the security passwords command to set a minimum password length of 10 characters.
R1(config)# security passwords min-length 10
b. Configure the enable secret password on both routers.
R1(config)# enable secret cisco12345
c.
Configure the basic console, auxiliary port, and vty lines.
d. Configure a console password and enable login for router R1. For additional security, the exectimeout command causes the line to log out after 5 minutes of inactivity. The logging
synchronous command prevents console messages from interrupting command entry.
Note: To avoid repetitive logins during this lab, the exec timeout can be set to 0 0, which prevents it
from expiring. However, this is not considered a good security practice.
R1(config)# line
R1(config-line)#
R1(config-line)#
R1(config-line)#
R1(config-line)#
console 0
password ciscoconpass
exec-timeout 5 0
login
logging synchronous
e. Configure a password for the aux port for router R1.
R1(config)# line
R1(config-line)#
R1(config-line)#
R1(config-line)#
aux 0
password ciscoauxpass
exec-timeout 5 0
login
All contents are Copyright © 1992–2012 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 4 of 18
f.
Configure the password on the vty lines for router R1.
R1(config)# line
R1(config-line)#
R1(config-line)#
R1(config-line)#
vty 0 4
password ciscovtypass
exec-timeout 5 0
login
g. Encrypt the console, aux, and vty passwords.
R1(config)# service password-encryption
h. Issue the show run command. Can you read the console, aux, and vty passwords? Why or why
not? ____________________________________________________________________________
Step 8: Configure a login warning banner on routers R1 and R3.
a. Configure a warning to unauthorized users using a message-of-the-day (MOTD) banner with the
banner motd command. When a user connects to the router, the MOTD banner appears before the
login prompt. In this example, the dollar sign ($) is used to start and end the message.
R1(config)# banner motd $Unauthorized access strictly prohibited and
prosecuted to the full extent of the law$
R1(config)# exit
b. Issue the show run command. What does the $ convert to in the output?
________________________________________________________________________________
c.
Exit privileged EXEC mode by using the disable or exit command and press Enter to get started.
Does the MOTD banner look like what you expected? ______
Note: If it does not, just re-create it using the banner motd command.
Step 9: Save the basic configurations.
Save the running configuration to the startup configuration from the privileged EXEC prompt.
R1# copy running-config startup-config
Part 2: Configure Local Authentication
In Part 2 of this lab, you configure a local username and password and change the access for the console, aux,
and vty lines to reference the router’s local database for valid usernames and passwords. Perform all steps on R1
and R3. The procedure for R1 is shown here.
Step 1: Configure the local user database.
a. Create a local user account with MD5 hashing to encrypt the password.
R1(config)# username user01 secret user01pass
b. Exit global configuration mode and display the running configuration. Can you read the user’s
password? ____________________________________________________________________
Step 2: Configure local authentication for the console line and login.
a. Set the console line to use the locally defined login usernames and passwords.
R1(config)# line console 0
R1(config-line)# login local
b. Exit to the initial router screen that displays:
R1 con0 is now available. Press RETURN to get started.
All contents are Copyright © 1992–2012 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 5 of 18
c.
Log in using the user01 account and password previously defined.
d. What is the difference between logging in at the console now and previously?
________________________________________________________________________________
e. After logging in, issue the show run command. Were you able to issue the command? Why or why
not? ____________________________________________________________________________
f.
Enter privileged EXEC mode using the enable command. Were you prompted for a password? Why
or why not? ______________________________________________________________________
Step 3: Test the new account by logging in from a Telnet session.
a. From PC-A, establish a Telnet session with R1.
PC-A> telnet 192.168.1.1
b. Were you prompted for a user account? Why or why not?
________________________________________________________________________________
c.
What password did you use to login? __________________________________________________
d. Set the vty lines to use the locally defined login accounts.
R1(config)# line vty 0 4
R1(config-line)# login local
e. From PC-A, telnet R1 to R1 again.
PC-A> telnet 192.168.1.1
f.
Were you prompted for a user account? Why or why not? __________________________________
g. Log in as user01 with a password of user01pass.
h. While connected to R1 via Telnet, access privileged EXEC mode with the enable command.
i.
What password did you use? _________________________________________________________
j.
For added security, set the aux port to use the locally defined login accounts.
R1(config)# line aux 0
R1(config-line)# login local
k.
End the Telnet session with the exit command.
Step 4: Save the configuration on R1.
a. Save the running configuration to the startup configuration from the privileged EXEC prompt.
R1# copy running-config startup-config
b. Use HyperTerminal or another means to save the R1 running configuration from Parts 1 and 2 of this
lab and edit it so that it can be used to restore the R1 config later in the lab.
Note: Remove all occurrences of “- – More – -.” Remove any commands that are not related to the items
you configured in Parts 1 and 2 of the lab, such as the Cisco IOS version number, no service pad, and so
on. Many commands are entered automatically by the Cisco IOS software. Also replace the encrypted
passwords with the correct ones specified previously.
Step 5: Perform steps 1 through 4 on R3 and save the configuration.
a. Save the running configuration to the startup configuration from the privileged EXEC prompt.
R3# copy running-config startup-config
b. Use HyperTerminal or another means to save the R3 running configuration from Parts 1 and 2 of this
lab and edit it so that it can be used to restore the R3 config later in the lab.
All contents are Copyright © 1992–2012 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 6 of 18
Part 3: Configure Local Authentication Using AAA on R3
Task 1: Configure the Local User Database Using Cisco IOS
Step 1: Configure the local user database.
a. Create a local user account with MD5 hashing to encrypt the password.
R3(config)# username Admin01 privilege 15 secret Admin01pass
b. Exit global configuration mode and display the running configuration. Can you read the user’s
password? _______________________________________________________________________
Task 2: Configure AAA Local Authentication Using Cisco IOS
Step 1: Enable AAA services.
a. On R3, enable services with the global configuration command aaa new-model. Because you are
implementing local authentication, use local authentication as the first method, and no authentication
as the secondary method.
If you were using an authentication method with a remote server, such as TACACS+ or RADIUS, you
would configure a secondary authentication method for fallback if the server is unreachable.
Normally, the secondary method is the local database. In this case, if no usernames are configured in
the local database, the router allows all users login access to the device.
b. Enable AAA services.
R3(config)# aaa new-model
Step 2: Implement AAA services for console access using the local database.
a. Create the default login authentication list by issuing the aaa authentication login default
method1[method2][method3] command with a method list using the local and none keywords.
R3(config)# aaa authentication login default local none
Note: If you do not set up a default login authentication list, you could get locked out of the router and
be forced to use the password recovery procedure for your specific router.
b. Exit to the initial router screen that displays: R3 con0 is now available, Press RETURN to get
started.
c.
Log in to the console as Admin01 with a password of Admin01pass. Remember that passwords are
case-sensitive. Were you able to log in? Why or why not?
_______________________________________________________________________________
Note: If your session with the console port of the router times out, you might have to log in using the
default authentication list.
d. Exit to the initial router screen that displays: R3 con0 is now available, Press RETURN to
get started.
e. Attempt to log in to the console as baduser with any password. Were you able to log in? Why or why
not? ____________________________________________________________________________
f.
If no user accounts are configured in the local database, which users are permitted to access the
device? _________________________________________________________________________
All contents are Copyright © 1992–2012 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 7 of 18
Step 3: Create a AAA authentication profile for Telnet using the local database.
a. Create a unique authentication list for Telnet access to the router. This does not have the fallback of
no authentication, so if there are no usernames in the local database, Telnet access is disabled. To
create an authentication profile that is not the default, specify a list name of TELNET_LINES and
apply it to the vty lines.
R3(config)# aaa authentication login TELNET_LINES local
R3(config)# line vty 0 4
R3(config-line)# login authentication TELNET_LINES
b. Verify that this authentication profile is used by opening a Telnet session from PC-C to R3.
PC-C> telnet 192.168.3.1
Trying 192.168.3.1 … Open
c.
Log in as Admin01 with a password of Admin01pass. Were you able to login? Why or why not?
________________________________________________________________________________
d. Exit the Telnet session with the exit command, and Telnet to R3 again.
e. Attempt to log in as baduser with any password. Were you able to login? Why or why not?
________________________________________________________________________________
________________________________________________________________________________
Task 3: Observe AAA Authentication Using Cisco IOS Debug
In this task, you use the debug command to observe successful and unsuccessful authentication attempts.
Step 1: Verify that the system clock and debug time stamps are configured correctly.
a. From the R3 user or privileged EXEC mode prompt, use the show clock command to determine
what the current time is for the router. If the time and date are incorrect, set the time from privileged
EXEC mode with the command clock set HH:MM:SS DD month YYYY. An example is provided
here for R3.
R3# clock set 14:15:00 26 December 2008
b. Verify that detailed time-stamp information is available for your debug output using the show run
command. This command displays all lines in the running config that include the text “timestamps”.
R3# show run | include timestamps
service timestamps debug datetime msec
service timestamps log datetime msec
c.
If the service timestamps debug command is not present, enter it in global config mode.
R3(config)# service timestamps debug datetime msec
R3(config)# exit
d. Save the running configuration to the startup configuration from the privileged EXEC prompt.
R3# copy running-config startup-config
Step 2: Use debug to verify user access.
a. Activate debugging for AAA authentication.
R3# debug aaa authentication
AAA Authentication debugging is on
b. Start a Telnet session from PC-C to R3.
All contents are Copyright © 1992–2012 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 8 of 18
c.
Log in with username Admin01 and password Admin01pass. Observe the AAA authentication
events in the console session window. Debug messages similar to the following should be displayed.
R3#
Dec 26 14:36:42.323: AAA/BIND(000000A5): Bind i/f
Dec 26 14:36:42.323: AAA/AUTHEN/LOGIN (000000A5): Pick method list
‘default’
d. From the Telnet window, enter privileged EXEC mode. Use the enable secret password of
cisco12345. Debug messages similar to the following should be displayed. In the third entry, note the
username (Admin01), virtual port number (tty194), and remote Telnet client addres …
Purchase answer to see full
attachment

How it works

  1. Paste your instructions in the instructions box. You can also attach an instructions file
  2. Select the writer category, deadline, education level and review the instructions 
  3. Make a payment for the order to be assignment to a writer
  4.  Download the paper after the writer uploads it 

Will the writer plagiarize my essay?

You will get a plagiarism-free paper and you can get an originality report upon request.

Is this service safe?

All the personal information is confidential and we have 100% safe payment methods. We also guarantee good grades

Continue to order Get a quote
Place your order
(550 words)

Approximate price: $22

Recent Comments

No comments to show.

Calculate the price of your order

550 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
$26
The price is based on these factors:
Academic level
Number of pages
Urgency
Basic features
  • Free title page and bibliography
  • Unlimited revisions
  • Plagiarism-free guarantee
  • Money-back guarantee
  • 24/7 support
On-demand options
  • Writer’s samples
  • Part-by-part delivery
  • Overnight delivery
  • Copies of used sources
  • Expert Proofreading
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Our guarantees

Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.

Money-back guarantee

You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.

Read more

Zero-plagiarism guarantee

Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.

Read more

Free-revision policy

Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.

Read more

Privacy policy

Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.

Read more

Fair-cooperation guarantee

By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.

Read more

Order your essay today and save 20% with the discount code ESSAYHELP

Get a plagiarism free paper now