:Local Authentication

Using the database to allow users connection with a router

2/4/2013 ABMA ABMA

This document contains a very brief lesson about commands in terms of activating AAA, which stands for Authentication, Authorization, and Accounting.

Page|1

Local Authentication: We already know we need to enable VTY for managerial control or remote control of our network devices, routers and switches, and also secure the console line because it represents the local connection. In this exercise, we will briefly introduce you to the concept of local authentication, or local database. What is AAA? stands for uthentication, uthori!ation, and ccounting. It is highly advanced level of security that can be activated at the router and switch level. Its main purpose is adding more security to the device and instead of only asking for a password, the local database will be demanding the provision of usernames as well" That is of course to gain access to the user mode. #lease take a look at the following diagram to see the different levels at the

router and switch levels$ Note: Activating the AAA new-model command on a router or switch requires carefulness because when you misconfigure or forget the local database usersnames or passwords, you basically locked your self out and can't gain access to your device. So please keep that in mind. Our Diagram: %ur diagram will be so simply and composed of$ a router a switch a #& please check the diagram below$ %ur network will be$ '().'*+.'.,-). router I# address$ '().'*+.'.'-). /witch V0 1 ' I# address$ '().'*+.'.)-). #& I# address$ '().'*+.'.',-).

We will be signing those I# addresses now first$ Router Interface Fa0/0 configuration:

Configuring the S itch !LAN " an# setting the comman# i$ #efault%gate a& also:

Defining the I' A##ress for the 'C:

(na)ling Secret $ass or# an# also* creating a ne username an# its o n $ass or# at the router le+el: It is important to set the enable secret first and after that, we will create a new username and call it cisco and define it with a password called cisco too. 0ets do that now$

We nee# no

to acti+ate AAA mo#el:

We nee# to let the router ,no e are a)out to use its local #ata)ase for authentication- an# that is through the follo ing comman#:

we have already information the router about the local authentication, lets make sure it is applied on our console line and also VTY lines$

0ogin authentication default is basically informing the router about the aaa new2model and when a session is initiated on the local console or through vty, you will be prompted to insert a username and its password to gain authentication to the user mode at the router level" lets try that from a pc$

We are immediately prompted to insert the username and then, its password. /o what happens after insert the username and its password3

It is working perfectly. This is the end of the lesson for today, the second part will be about checking the usernames and passwords from a server called 4adius or another called Tacacs5.