Scribd Logo
Upload

Welcome to Scribd!

  • 19 views

    Soal-05 Instruction Lab Packet Tracer - Authentication, Authorization, and Accounting-TACACS+ and RADIUS Server

    Uploaded by

    Reza Ramadhan
    This document provides instructions for configuring TACACS+ and RADIUS authentication on routers and switches. Key steps include: 1. Configure R1, R2, S1 and S2 as TACACS+ or RADIUS clients on the servers with appropriate secrets and IP addresses. 2. Configure AAA authentication on R1, R2, S1 and S2 to use the TACACS+ or RADIUS servers for login authentication and enable local backup authentication. 3. Create local and server-based usernames and passwords to test the AAA authentication configurations. Verify that authentication works correctly and fails over to local accounts when the server is unavailable.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Soal-05 Instruction Lab Packet Tracer - Authentication, Authorization, and Accounting-TACACS+ and RADIUS Server

    Uploaded by

    Reza Ramadhan
    19 views5 pages
    This document provides instructions for configuring TACACS+ and RADIUS authentication on routers and switches. Key steps include: 1. Configure R1, R2, S1 and S2 as TACACS+ or RADIUS clients on the servers with appropriate secrets and IP addresses. 2. Configure AAA authentication on R1, R2, S1 and S2 to use the TACACS+ or RADIUS servers for login authentication and enable local backup authentication. 3. Create local and server-based usernames and passwords to test the AAA authentication configurations. Verify that authentication works correctly and fails over to local accounts when the server is unavailable.

    Original Description:

    Original Title

    Soal-05 Instruction Lab Packet Tracer- Authentication, Authorization, And Accounting-TACACS+ and RADIUS Server

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides instructions for configuring TACACS+ and RADIUS authentication on routers and switches. Key steps include: 1. Configure R1, R2, S1 and S2 as TACACS+ or RADIUS clients on the servers with appropriate secrets and IP addresses. 2. Configure AAA authentication on R1, R2, S1 and S2 to use the TACACS+ or RADIUS servers for login authentication and enable local backup authentication. 3. Create local and server-based usernames and passwords to test the AAA authentication configurations. Verify that authentication works correctly and fails over to local accounts when the server is unavailable.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    19 views5 pages

    Soal-05 Instruction Lab Packet Tracer - Authentication, Authorization, and Accounting-TACACS+ and RADIUS Server

    Uploaded by

    Reza Ramadhan
    This document provides instructions for configuring TACACS+ and RADIUS authentication on routers and switches. Key steps include: 1. Configure R1, R2, S1 and S2 as TACACS+ or RADIUS clients on the servers with appropriate secrets and IP addresses. 2. Configure AAA authentication on R1, R2, S1 and S2 to use the TACACS+ or RADIUS servers for login authentication and enable local backup authentication. 3. Create local and server-based usernames and passwords to test the AAA authentication configurations. Verify that authentication works correctly and fails over to local accounts when the server is unavailable.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    05.

    LAB-PACKET-TRACER: Authentication, Authorization, and


    Accounting (TACACS+ and RADIUS Server)
    TOPOLOGY

    ADDRESSING TABLE

    Addressing Table

    Device Interface VLAN-ID IPv4 Subnet Mask Default


    Address Gateway
    R1 Gi0/0/0 N/A 10.0.1.1 255.255.255.248 N/A
    R2 Gi0/0/0 N/A 10.0.1.2 255.255.255.248 N/A
    R2 Gi0/0/1 N/A 10.0.5.1 255.255.255.248 N/A

    R3 Gi0/0/0 N/A 10.0.5.2 255.255.255.248 N/A


    SW1 Gig1/0/1 VLAN Member N/A N/A N/A
    (91,92,93)
    Gig1/0/2 91 N/A N/A N/A
    Gig1/0/3 92 N/A N/A N/A
    Gig1/0/4 93 N/A N/A N/A

    SW2 Gig1/0/1 VLAN Member N/A N/A N/A


    (94,95,96)
    Gig1/0/2 94 N/A N/A N/A
    Gig1/0/3 95 N/A N/A N/A

    Gig1/0/4 96 N/A N/A N/A

    HOST.A Fa0 91 10.1.2.91 255.255.255.0 10.1.2.254


    HOST.B Fa0 92 10.1.3.92 255.255.255.0 10.1.3.254
    HOST.C Fa0 93 10.1.4.93 255.255.255.0 10.1.4.254
    HOST.D Fa0 94 10.2.5.94 255.255.255.0 10.2.5.254
    HOST.E Fa0 95 10.2.6.95 255.255.255.0 10.2.6.254
    HOST.F Fa0 96 10.2.7.95 255.255.255.0 10.2.7.254
    S1 N/A 91 10.1.2.91 255.255.255.0 10.1.2.254
    S2 N/A 94 10.2.5.95 255.255.255.0 10.2.5.254
    vServer.Tacacs+ Fa0 109 10.2.8.248 255.255.255.0 10.2.8.254
    vServer.Radius Fa0 209 10.2.9.249 255.255.255.0 10.2.9.254

    CREDENTIAL AND KEY RADIUS AND TACACS+

    R1 Credential Local Tacacs+ Key


    Username Password ublk3y
    ublr1 ublr1!@#

    R2 Credential Local Radius Key


    Username Password ublr4d1u5
    ublr2 ublr2!@#

    S1 Credential Local Tacacs+ Key


    Username Password ublk3ys1
    ubls1 ubls1!@#

    S2 Credential Local Radius Key


    Username Password ubls4d1u5
    ubls2 ubls2!@#
    Objectives
    Part 1: Add IP P2P (Peer) R1, R2 and R3

    Part 2: Add and configure sub interface R1, R2 and R3

    Part 3: Add and configure OSPF or static Routing R1, R2 and R3

    Part 4: Add configure VLANs Trunk and Access to a Switch

    Part 5: Test Connectivity with PC to each Router

    Configure TACACS and RADIUS as follows:


    Server:
    1) Add R1 as a TACACS client:

     Client Name = R1
     Client IP = 10.0.1.1/29
     Secret = ublk3y
     Type = TACACS

    2) Add R2 as a RADIUS client:

     Client Name = R2
     Client IP = 10.0.1.2/29
     Secret = ublr4d1u5
     Type = RADIUS

    3) Add S1 as a TACACS client:

     Client Name = S1
     Client IP = 10.1.2.91/29
     Secret = ublk3ys1
     Type = TACACS

    4) Add S1 as a RADIUS client:

     Client Name = S2
     Client IP = 10.2.5.95/29
     Secret = ubls4d1u5
     Type = RADIUS

    5) Add user:
     Add username and password to access R1 (via server TACACS+ ) and R2
    (via RADIUS)

    6) Add user:
     Add username and password to access S1 (via server TACACS+ ) and S2 (via
    RADIUS)

    R1:
    a) Configure AAA authentication (for login and enable) using TACACS with server
    10.2.8.248
    b) Use local authentication as a backup with username "ublr1" and password
    "ublr1!@#".
    c) Test that you can login using your own name

    No. TACACS+ CREDENTIAL

    Username Password

    1 ubltacacsa ubltacacsa

    2 ubltacacsb ubltacacsb

    3 ubltacacsc ubltacacsc

    R2:
    a) Configure AAA authentication (for login and enable) using RADIUS with server
    10.2.8.254.
    b) Use local authentication as a backup with username "ublr2" and password "ublr2!@#"
    c) Test that you can login using your own name

    No. RADIUS CREDENTIAL


    Username Password
    1 ublradiusa ublradiusa
    2 ublradiusb ublradiusb
    3 ublradiusc ublradiusc

    S1:

    a) Configure AAA authentication (for login and enable) using TACACS with server
    10.2.8.254.
    b) Use local authentication as a backup with username "ubls1" and password
    "ubls1!@#"
    c) Test that you can login using your own name

    No. RADIUS CREDENTIAL


    Username Password
    1 ublradiussa ublradius5a
    2 ublradiussb ublradius5b
    3 ublradiussc ublradius5c

    S2:

    a) Configure AAA authentication (for login and enable) using RADIUS with server
    10.2.9.249
    b) Use local authentication as a backup with username "ubls1" and password
    "ubls1!@#"
    c) Test that you can login using your own name

    No. RADIUS CREDENTIAL


    Username Password
    1 ublradiussa ublradius5a
    2 ublradiussb ublradius5b
    3 ublradiussc ublradius5c

    Verification:
    1. You should be able to login to all network devices using your own name.
    2. Create another user on the server and verify that the new user can also login
    3. Verify that the local backup user cannot login while the server is reachable
    4. Disable the port on the switch to the server.
    5. Verify that you can login using the local backup account.

    Simulation:
    1. Verify that when you login as your own user, that TACACS and RADIUS messages
    are sent between the router and the server

    You might also like