Configure two user accounts with encrypted passwords and enable AAA authentication on router R1. Configure authentication methods for login and enable passwords. Apply an authentication list to virtual terminal lines and verify AAA configuration and sessions.
Configure two user accounts with encrypted passwords and enable AAA authentication on router R1. Configure authentication methods for login and enable passwords. Apply an authentication list to virtual terminal lines and verify AAA configuration and sessions.
Configure two user accounts with encrypted passwords and enable AAA authentication on router R1. Configure authentication methods for login and enable passwords. Apply an authentication list to virtual terminal lines and verify AAA configuration and sessions.
Configure router R1 using the following instructions:
Configure a JR-ADMIN account with a type 9 (scrypt) encrypted password
Str0ngpa55w0rd and an ADMIN account with a type 9 encrypted password Str0ng5rPa55w0rd. Enable AAA on the router. Configure the default authentication list with a primary method as local case- sensitive login with the enable secret as backup. Configure a second authentication list named SSH-LOGIN that has only one method, local case-sensitive login. Configure accounts to be locked out after a maximum of 3 unsuccessful attempts. Apply the SSH-LOGIN list to the virtual terminal lines. Use the end command to exit configuration mode. Use the show command to view the current AAA sessions on R1. R1(config)# username JR-ADMIN algorithm-type scrypt secret Str0ngPa55w0rd R1(config)# username ADMIN algorithm-type scrypt secret Str0ng5rPa55w0rd R1(config)# aaa new-model R1(config)# aaa authentication login default local-case enable R1(config)# aaa authentication login SSH-LOGIN local-case R1(config)# aaa local authentication attempts max-fail 3 R1(config)# line vty 0 4 R1(config-line)# login authentication SSH-LOGIN R1(config-line)# end R1# show aaa sessions Total sessions since last reload: 8 Session Id: 7 Unique Id: 20 User Name: ADMIN IP Address: 192.168.1.3 Idle Time: 0 CT Call Handle: 0 Use the debug command to view AAA authentication messages. R1# debug aaa authentication AAA authentication debugging is on R1# *Mar 2 23:50:21.107: AAA: parse name=tty0 idb type=-1 tty=-1 *Mar 2 23:50:21.107: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=0 channel=0 *Mar 2 23:50:21.107: AAA/MEMORY: create_user (0x313B9460) user='ADMIN' ruser='NULL' ds0=0 port='tty0' rem_addr='async' authen_type=ASCII service=ENABLE priv=15 initial_task_id='0', vrf= (id=0) *Mar 2 23:50:21.107: AAA/AUTHEN/START (3217833468): port='tty0' list='' action=LOGIN service=ENABLE *Mar 2 23:50:21.107: AAA/AUTHEN/START (3217833468): console enable - default to enable password (if any) *Mar 2 23:50:21.107: AAA/AUTHEN/START (3217833468): Method=ENABLE *Mar 2 23:50:21.107: AAA/AUTHEN (3217833468): status = GETPASS *Mar 2 23:50:28.075: AAA/AUTHEN/CONT (3217833468): continue_login (user='(undef)') *Mar 2 23:50:28.075: AAA/AUTHEN (3217833468): status = GETPASS *Mar 2 23:50:28.075: AAA/AUTHEN/CONT (3217833468): Method=ENABLE *Mar 2 23:50:28.303: AAA/AUTHEN (3217833468): status = PASS *Mar 2 23:50:28.303: AAA/MEMORY: free_user (0x313B9460) user='NULL' ruser='NULL' port='tty0' rem_addr='async' authen_type=ASCII service=ENABLE priv=15 vrf= (id=0) You successfully configured and verified local AAA authentication.
(Methods in Enzymology 183) Abelson J.N., Simon M.I., Doolittle R.F. (Eds.) - Molecular Evolution - Computer Analysis of Protein and Nucleic Acid Sequences-Academic Press (1990)