AAA Exec Authorization


As part of the security team you are always looking for ways to improve security within the company. You want to get rid of all the local vty/console logins within your network so you decide to setup a radius server. Routers should use the external radius server for authentication from now on…let’s see if you can secure this one!


  • All IP addresses have been configured for you, look at the topology picture for the IP addresses.
  • Configure router Fuzz so users have to be authorized when they want to use the console. Use the (fictional) RADIUS server at IP address for this. When the radius server is unreachable you should use the local username “test” with password “vault” for authentication.
  • Username “test” should have privilege level 5.


AAA Exec Authorization

Configuration Files

You need to register to download the GNS3 topology file. (Registration is free!)

Once you are logged in you will find the configuration files right here.

Opt In Image
Do you want your CCNA or CCNP Certificate?

The How to Master series helps you to understand complex topics like spanning-tree, VLANs, trunks, OSPF, EIGRP, BGP and more.

Written by René Molenaar - CCIE #41726

You May Also Like

About the Author: Rene Molenaar

René - CCIE #41726 is the creator of where he shares CCNA, CCNP and CCIE R&S labs. He also blogs about networking on


  1. there is no tutorial video in many parts of security.

    please prepare these files.

    thank you

  2. Rene hello, let me know when you upload the video with the solution for this lab.

  3. aaa new-model
    aaa authentication login default group radius local
    aaa authentication enable default group radius
    aaa authorization console

Comments are closed.