Scenario:
As part of the security team you are always looking for ways to improve security within the company. You want to get rid of all the local vty/console logins within your network so you decide to setup a radius server. Routers should use the external radius server for authentication from now on…let’s see if you can secure this one!
Goal:
- All IP addresses have been configured for you, look at the topology picture for the IP addresses.
- Configure router Fuzz so users have to be authorized when they want to use the console. Use the (fictional) RADIUS server at IP address 192.168.23.3 for this. When the radius server is unreachable you should use the local username “test” with password “vault” for authentication.
- Username “test” should have privilege level 5.
Topology:
Configuration Files
You need to register to download the GNS3 topology file. (Registration is free!)Once you are logged in you will find the configuration files right here.
Do you want your CCNA or CCNP Certificate?
The How to Master series helps you to understand complex topics like spanning-tree, VLANs, trunks, OSPF, EIGRP, BGP and more.
Written by René Molenaar - CCIE #41726
there is no tutorial video in many parts of security.
please prepare these files.
thank you
Rene hello, let me know when you upload the video with the solution for this lab.
aaa new-model
aaa authentication login default group radius local
aaa authentication enable default group radius
aaa authorization console