Scribd Logo
Upload

Welcome to Scribd!

  • Debugging AAA Authentication

    Uploaded by

    erojas
    5 views1 page

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    5 views1 page

    Debugging AAA Authentication

    Uploaded by

    erojas

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    Configure router R1 using the following instructions:

    Configure a JR-ADMIN account with a type 9 (scrypt) encrypted password


    Str0ngpa55w0rd and an ADMIN account with a type 9 encrypted password
    Str0ng5rPa55w0rd.
    Enable AAA on the router.
    Configure the default authentication list with a primary method as local case-
    sensitive login with the enable secret as backup.
    Configure a second authentication list named SSH-LOGIN that has only one method,
    local case-sensitive login.
    Configure accounts to be locked out after a maximum of 3 unsuccessful attempts.
    Apply the SSH-LOGIN list to the virtual terminal lines.
    Use the end command to exit configuration mode.
    Use the show command to view the current AAA sessions on R1.
    R1(config)# username JR-ADMIN algorithm-type scrypt secret Str0ngPa55w0rd
    R1(config)# username ADMIN algorithm-type scrypt secret Str0ng5rPa55w0rd
    R1(config)# aaa new-model
    R1(config)# aaa authentication login default local-case enable
    R1(config)# aaa authentication login SSH-LOGIN local-case
    R1(config)# aaa local authentication attempts max-fail 3
    R1(config)# line vty 0 4
    R1(config-line)# login authentication SSH-LOGIN
    R1(config-line)# end
    R1# show aaa sessions
    Total sessions since last reload: 8
    Session Id: 7
    Unique Id: 20
    User Name: ADMIN
    IP Address: 192.168.1.3
    Idle Time: 0
    CT Call Handle: 0
    Use the debug command to view AAA authentication messages.
    R1# debug aaa authentication
    AAA authentication debugging is on
    R1#
    *Mar 2 23:50:21.107: AAA: parse name=tty0 idb type=-1 tty=-1
    *Mar 2 23:50:21.107: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0 adapter=0
    port=0 channel=0
    *Mar 2 23:50:21.107: AAA/MEMORY: create_user (0x313B9460) user='ADMIN'
    ruser='NULL' ds0=0 port='tty0' rem_addr='async' authen_type=ASCII service=ENABLE
    priv=15 initial_task_id='0', vrf= (id=0)
    *Mar 2 23:50:21.107: AAA/AUTHEN/START (3217833468): port='tty0' list=''
    action=LOGIN service=ENABLE
    *Mar 2 23:50:21.107: AAA/AUTHEN/START (3217833468): console enable - default to
    enable password (if any)
    *Mar 2 23:50:21.107: AAA/AUTHEN/START (3217833468): Method=ENABLE
    *Mar 2 23:50:21.107: AAA/AUTHEN (3217833468): status = GETPASS
    *Mar 2 23:50:28.075: AAA/AUTHEN/CONT (3217833468): continue_login (user='(undef)')
    *Mar 2 23:50:28.075: AAA/AUTHEN (3217833468): status = GETPASS
    *Mar 2 23:50:28.075: AAA/AUTHEN/CONT (3217833468): Method=ENABLE
    *Mar 2 23:50:28.303: AAA/AUTHEN (3217833468): status = PASS
    *Mar 2 23:50:28.303: AAA/MEMORY: free_user (0x313B9460) user='NULL' ruser='NULL'
    port='tty0' rem_addr='async' authen_type=ASCII service=ENABLE priv=15 vrf= (id=0)
    You successfully configured and verified local AAA authentication.

    You might also like