Implementing authentication using local services

In this section, we going to take look at implementing authentication on the Cisco IOS router. This feature will enable the router to act as an authentication server with all of the user accounts that are created and stored on the device itself:

Whenever a user tries to log in, the router will query the local database to validate if the username and password combination exists and is accurate. If yes, this proves to the router that the user has validated their identity and is who they say they are.

The following are the steps to enable AAA using local services:

  1. Enable AAA on the routers. On the CLI, use the following command. This command enables AAA and unlocks all other subcommands:
Router enable
Router # configure terminal
Router(config) # aaa new-model
  1. Enable the username and password. The next step after you enable AAA is to create a username and password. The username and password can either be in the form of plain text or in encrypted form:
Router (config)# username ccnasecurity password cisco
  1. The preceding command shows how to enable plain text. The following command shows how to create an encrypted password instead of plain text. This uses a MD5 hashing method for encryption:
Router (config)# username ccnasecurity secret cisco
  1. Configure the device to use the local database:
Router (config) # aaa authentication login default local
  1. This command creates a method list so that you can use the local authentication database. The preceding command can be explained as follows:
    • aaa: Enables the AAA feature on the router:
Router(config)# aaa ?
accounting Accounting configurations parameters.
authentication Authentication configurations parameters.
authorization Authorization configurations parameters.
!! Output Omitted !!
    • authentication: Specifies the set of configurations for authentication, authorization, or accounting:
Router(config)# aaa authentication ?
enable Set authentication list for enable.
login Set authentication lists for logins.
!! Output Omitted !!
    • login: Prompts the username and password while trying to log in via console, TTY, VTY, and auxiliary. This command is only used for administration access:
Router(config)# aaa authentication login ?
 WORD Named authentication list (max 31 characters, longer will be rejected).
 default The default authentication list.
    • default: To make the router use the default method list:
Router(config)# aaa authentication login default ?
 enable Use enable password for authentication.
 group Use Server-group
 line Use line password for authentication.
 local Use local username authentication.
 none NO authentication.
    • local: This tells the router to use the local database as a reference:
Router(config)# aaa authentication login default local
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.223.21.5