203实验指导AAA.docx
- 文档编号:28226320
- 上传时间:2023-07-09
- 格式:DOCX
- 页数:19
- 大小:398.17KB
203实验指导AAA.docx
《203实验指导AAA.docx》由会员分享,可在线阅读,更多相关《203实验指导AAA.docx(19页珍藏版)》请在冰豆网上搜索。
203实验指导AAA
实验指导(AAA)
一、实验任务
二、实验步骤
1.预配:
-------------------------
R1:
hostnameR1
interfacee0/0
noshutdown
duplexfull
ipaddress10.1.1.105255.255.255.0
interfaces1/1
noshutdown
clockrate128000
ipaddress10.12.12.1255.255.255.0
enablepasswordcisco
-------------------------
R2:
hostnameR2
interfaces1/0
noshutdown
clockrate128000
ipaddress10.12.12.2255.255.255.0
-------------------------
PC:
IP地址配置为10.1.1.XX(XX为计算机的编号),测试和R1的连通性
2.安装ACS,做基本配置(AAA上):
如下配置,配置ACS的工作IP:
如下配置,添加AAA的客户端(R1):
如下配置,按“restart”按钮重启服务:
如下配置,添加用户admin和user1:
3.配置认证(R1上):
aaanew-model
aaaauthenticationloginMYLOGINgrouptacacs+
tacacs-serverhost10.1.1.5
tacacs-serverkeycisco
linevty04
loginauthenticationMYLOGIN
R1#testaaagrouptacacs+admincisconew-code
TryingtoauthenticatewithServergrouptacacs+
Sendingpassword
Usersuccessfullyauthenticated
测试:
在R2上telnet10.12.12.1
R2#telnet10.12.12.1
Trying10.12.12.1...Open
Username:
admin
Password:
4.配置授权(R1上):
aaaauthorizationconfig-commands
aaaauthorizationexecMYEXECgrouptacacs+
aaaauthorizationcommands15MYCOMM15grouptacacs+
linevty04
authorizationcommands15MYCOMM15
authorizationexecMYEXEC
测试:
在R2上telnet10.12.12.1,看是否能配置rip路由协议?
能配置EIGRP路由协议?
5.配置审计(R1上):
aaaaccountingexecMYEXECstart-stopgrouptacacs+
aaaaccountingcommands15MYCOMM15start-stopgrouptacacs+
linevty04
accountingcommands15MYCOMM15
accountingexecMYEXEC
三、完整配置
-----------------------------R1------------------------
!
version12.4
servicetimestampsdebugdatetimemsec
servicetimestampslogdatetimemsec
noservicepassword-encryption
!
hostnameR1
!
boot-start-marker
boot-end-marker
!
enablepasswordcisco
!
aaanew-model
!
!
aaaauthenticationloginMYLOGINgrouptacacs+
aaaauthorizationconfig-commands
aaaauthorizationexecMYEXECgrouptacacs+
aaaauthorizationcommands15MYCOMM15grouptacacs+
aaaaccountingexecMYEXECstart-stopgrouptacacs+
aaaaccountingcommands15MYCOMM15start-stopgrouptacacs+
!
aaasession-idcommon
memory-sizeiomem5
!
!
ipcef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interfaceEthernet0/0
ipaddress10.1.1.150255.255.255.0
full-duplex
!
interfaceEthernet0/1
noipaddress
shutdown
half-duplex
!
interfaceEthernet0/2
noipaddress
shutdown
half-duplex
!
interfaceEthernet0/3
noipaddress
shutdown
half-duplex
!
interfaceSerial1/0
noipaddress
shutdown
serialrestart-delay0
!
interfaceSerial1/1
ipaddress10.12.12.1255.255.255.0
serialrestart-delay0
clockrate128000
!
interfaceSerial1/2
noipaddress
shutdown
serialrestart-delay0
!
interfaceSerial1/3
noipaddress
shutdown
serialrestart-delay0
!
routerrip
network10.0.0.0
!
iphttpserver
noiphttpsecure-server
!
!
!
!
tacacs-serverhost10.1.1.50
tacacs-serverkeycisco
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
linecon0
lineaux0
linevty04
authorizationcommands15MYCOMM15
authorizationexecMYEXEC
accountingcommands15MYCOMM15
accountingexecMYEXEC
loginauthenticationMYLOGIN
!
!
End
-----------------------------R2------------------------
!
version12.4
servicetimestampsdebugdatetimemsec
servicetimestampslogdatetimemsec
noservicepassword-encryption
!
hostnameR2
!
boot-start-marker
boot-end-marker
!
!
noaaanew-model
memory-sizeiomem5
!
!
ipcef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interfaceEthernet0/0
noipaddress
shutdown
half-duplex
!
interfaceEthernet0/1
noipaddress
shutdown
half-duplex
!
interfaceEthernet0/2
noipaddress
shutdown
half-duplex
!
interfaceEthernet0/3
noipaddress
shutdown
half-duplex
!
interfaceSerial1/0
ipaddress10.12.12.2255.255.255.0
serialrestart-delay0
clockrate128000
!
interfaceSerial1/1
noipaddress
shutdown
serialrestart-delay0
!
interfaceSerial1/2
noipaddress
shutdown
serialrestart-delay0
!
interfaceSerial1/3
noipaddress
shutdown
serialrestart-delay0
!
iphttpserver
noiphttpsecure-server
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
linecon0
lineaux0
linevty04
!
!
End
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- 203 实验 指导 AAA