This post is solution or answer Packet Tracer Activity Chapter 3 Network Security. The title for this packet tracer activity is Configure AAA Authentication on Cisco Routers. As the title stated, this packet tracer activity regarding configuration AAA Authentication. You will learn how to configure AAA authentication using local or server based TACACS+ and RADIUS. I will guide step by step to get 100% for this packet tracer activity. At the same time, you can learn steps necessary to configure AAA authentication for Cisco routers.
Take note that i will skip any task which do not get mark. Usually it’s a verify task such as ping and etc.
Task 1: Configure Local AAA Authentication for Console Access on R1
Configure a local username on R1.
R1(config)#username Admin1 secret admin1pa55
Configure local AAA authentication for console access on R1.
R1(config)#aaa new-model
R1(config)#aaa authentication login default local
Configure the line console to use the defined AAA authentication method.
R1(config)#line console 0
R1(config-line)#login authentication default
Task 2: Configure Local AAA Authentication for VTY Lines on R1
Configure a named list AAA authentication method for VTY lines on R1.
R1(config)#aaa authentication login TELNET-LOGIN local
Configure the VTY lines to use the defined AAA authentication method.
R1(config)#line vty 0 4
R1(config-line)#login authentication TELNET-LOGIN
Task 3: Configure Server-Based AAA Authentication Using TACACS+ on R2
Configure a backup local database entry called Admin.
R2(config)#username Admin secret adminpa55
Configure the TACACS+ server specifics on R2.
R2(config)#tacacs-server host 192.168.2.2
R2(config)#tacacs-server key tacacspa55
This configuration specify the server ip address and the key which use at the tacacs+ server.
Configure AAA login authentication for console access on R2.
R2(config)#aaa new-model
R2(config)#aaa authentication login default group tacacs+ local
This configuration will allow local database login if the tacacs+ server is down or unable to connect for some reasons.
Configure the line console to use the defined AAA authentication method.
R2(config)#line con 0
R2(config-line)#login authentication default
Task 4: Configure Server-Based AAA Authentication Using RADIUS on R3
Configure a backup local database entry called Admin.
R3(config)#username Admin secret adminpa55
Configure the RADIUS server specifics on R3.
R3(config)#radius-server host 192.168.3.2
R3(config)#radius-server key radiuspa55
Configure AAA login authentication for console access on R3
R3(config)#aaa new-model
R3(config)#aaa authentication login default group radius local
Configure the line console to use the defined AAA authentication method.
R3(config)#line con 0
R3(config-line)#login authentication default
That’s all. It’s very simple. I don’t find any confusing part in this packet tracer activity. You should be able to get 100% in short time.
If you interested to try this packet tracer activity, download it here.
If you want the solution or answer for this Packet Tracer Activity, you can download it here
Thank You.
this was PERFECT 100 % correct and got through the PT quick! great reference !
Thank u very much!!!…It helped me a lot, because I was a little confused with some statements in the activity. 100% Helpful!
It didn’t get me 100% I had to use password instead of secret but thank you!
Muchas graciassssssss!! salio perfecto.
Hi!
I´m trying to get inside R1 but it keeps asking me for password, does anyone know why? It is supposed to not have any password as far as I can see..
password to start off is ciscoenpa55 , i had the same issue until i asked a friend lol. and idk whats wrong now but i cant get passed 85% because it says the usernames are wrong
try to use the username Admin1 instead (admin1)
ciscoenpa55
R1
R1(config)#username Admin1 secret admin1pa55
R1(config)#aaa new-model
R1(config)#aaa authentication login default local
R1(config)#line console 0
R1(config-line)#login authentication default
R1(config)#aaa authentication login TELNET-LOGIN local
R1(config)#line vty 0 4
R1(config-line)#login authentication TELNET-LOGIN
R2
R2(config)#username Admin2 secret admin2pa55
R2(config)#tacacs-server host 192.168.2.2
R2(config)#tacacs-server key tacacspa55
R2(config)#aaa new-model
R2(config)#aaa authentication login default group tacacs+ local
R2(config)#line con 0
R2(config-line)#login authentication default
R3
R3(config)#username Admin3 secret admin3pa55
R3(config)#radius-server host 192.168.3.2
R3(config)#radius-server key radiuspa55
R3(config)#aaa new-model
R3(config)#aaa authentication login default group radius local
R3(config)#line con 0
R3(config-line)#login authentication default
47% 2017.