Sunday, March 19, 2006
Configuring Authentication and Authorization. (Question #44)
Configure a router with AAA to do the following -
- User with username "user1" should have password "foo1".
- User with username "admin" should have password "foo2".
- User "user1" should be able to issue the "show version" command but not the "show running" command.
- User "admin" should be able to issue both the "show version" command and the "show running" commands.
- When users attempt to log into the router , they should be prompted with the prompt "Enter username now : "
- The password should be prompted as "Enter password now : "
- User "user1" should be able to telnet to 10.10.10.10 but not to 10.10.10.1
- User "admin" should be able to telnet to both 10.10.10.10 and 10.10.10.1
Comments:
<< Home
I am assuming that user1 can have privilege 1 as a default to be able to "show version" and that admin will need privilege 15 in order to have a complete "show run".
I couldn't find a way to modify the "Username:" login prompt so I am assuming that banner is the correct answer.
I didn't find out how to limit telnet to certain destinations based on username.
username user1 password 0 foo1
username admin privilege 15 password 0 foo2
aaa new-model
aaa authentication banner ^CEnter username now:^C
aaa authentication password-prompt "Enter password now:"
aaa authentication login default local
aaa authorization exec default local
!
line con 0
line vty 0 4
line vty 5 15
!
I couldn't find a way to modify the "Username:" login prompt so I am assuming that banner is the correct answer.
I didn't find out how to limit telnet to certain destinations based on username.
username user1 password 0 foo1
username admin privilege 15 password 0 foo2
aaa new-model
aaa authentication banner ^CEnter username now:^C
aaa authentication password-prompt "Enter password now:"
aaa authentication login default local
aaa authorization exec default local
!
line con 0
line vty 0 4
line vty 5 15
!
# posted by 
: Mon Mar 27, 12:37:00 PM 2006
: Mon Mar 27, 12:37:00 PM 2006
Rich, your answer is partially correct. The default is privilege 15 and so you should have explicitly specified a privilege of 1 for user "user1".
To limit telnet to certain destinations based on username, you can associate an access-class to the username in the "username" command with an accompanying ACL.
As for modifying the "Username: " prompt, in the version I am running there is an option with the "aaa authentication" command for "username-prompt". It may have been a later addition to IOS.
To limit telnet to certain destinations based on username, you can associate an access-class to the username in the "username" command with an accompanying ACL.
As for modifying the "Username: " prompt, in the version I am running there is an option with the "aaa authentication" command for "username-prompt". It may have been a later addition to IOS.
I would like to share a list of Cisco exam-related articles and tips, at 100Questions Exam Portal (http://www.100qns.com) . CISCO 640-822 CCENT (100 Questions) is the Cisco Certified Networking Entry Technician exam, and covers the skills required for entry-level network support positions, and is the starting point for many networking careers. CCENT is the first step towards CCNA, and our exam volume prepares you to ace your exam.
CISCO CCNA Exam (100 Questions), or the Cisco Certified Network Associate validates the ability to install, configure, operate and troubleshoot medium-sized routed and switched networks. This includes basic mitigation of security threats, introduction to wireless networking concepts and terminology, and performance-based skills.
The other good thing is that you can test your Cisco knowledge and prepare for the exam via the exam library, which contains free-to-try exam questions. The Cisco reference section could be accessed from the drop-down menu, and because the portal covers several topics, it could be confusing initially due to the enormous amount of data, but if you spend some time navigating the contents you might be well-rewarded!
Post a Comment
CISCO CCNA Exam (100 Questions), or the Cisco Certified Network Associate validates the ability to install, configure, operate and troubleshoot medium-sized routed and switched networks. This includes basic mitigation of security threats, introduction to wireless networking concepts and terminology, and performance-based skills.
The other good thing is that you can test your Cisco knowledge and prepare for the exam via the exam library, which contains free-to-try exam questions. The Cisco reference section could be accessed from the drop-down menu, and because the portal covers several topics, it could be confusing initially due to the enormous amount of data, but if you spend some time navigating the contents you might be well-rewarded!
# posted by : Mon May 26, 06:14:00 AM 2014
: Mon May 26, 06:14:00 AM 2014 << Home
