Scribd
Upload
37 views1 page

Debugging AAA Authentication

Router R1 has been configured with two user accounts, JR-ADMIN and ADMIN, both using type 9 encrypted passwords. AAA has been enabled with a default authentication list and a secondary SSH-LOGIN list, and accounts are locked after three unsuccessful login attempts. The configuration was verified by checking the current AAA sessions and enabling debugging for authentication messages.

Uploaded by

erojas
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
37 views1 page

Debugging AAA Authentication

Router R1 has been configured with two user accounts, JR-ADMIN and ADMIN, both using type 9 encrypted passwords. AAA has been enabled with a default authentication list and a secondary SSH-LOGIN list, and accounts are locked after three unsuccessful login attempts. The configuration was verified by checking the current AAA sessions and enabling debugging for authentication messages.

Uploaded by

erojas
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 1

Configure router R1 using the following instructions:

Configure a JR-ADMIN account with a type 9 (scrypt) encrypted password


Str0ngpa55w0rd and an ADMIN account with a type 9 encrypted password
Str0ng5rPa55w0rd.
Enable AAA on the router.
Configure the default authentication list with a primary method as local case-
sensitive login with the enable secret as backup.
Configure a second authentication list named SSH-LOGIN that has only one method,
local case-sensitive login.
Configure accounts to be locked out after a maximum of 3 unsuccessful attempts.
Apply the SSH-LOGIN list to the virtual terminal lines.
Use the end command to exit configuration mode.
Use the show command to view the current AAA sessions on R1.
R1(config)# username JR-ADMIN algorithm-type scrypt secret Str0ngPa55w0rd
R1(config)# username ADMIN algorithm-type scrypt secret Str0ng5rPa55w0rd
R1(config)# aaa new-model
R1(config)# aaa authentication login default local-case enable
R1(config)# aaa authentication login SSH-LOGIN local-case
R1(config)# aaa local authentication attempts max-fail 3
R1(config)# line vty 0 4
R1(config-line)# login authentication SSH-LOGIN
R1(config-line)# end
R1# show aaa sessions
Total sessions since last reload: 8
Session Id: 7
Unique Id: 20
User Name: ADMIN
IP Address: 192.168.1.3
Idle Time: 0
CT Call Handle: 0
Use the debug command to view AAA authentication messages.
R1# debug aaa authentication
AAA authentication debugging is on
R1#
*Mar 2 23:50:21.107: AAA: parse name=tty0 idb type=-1 tty=-1
*Mar 2 23:50:21.107: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0 adapter=0
port=0 channel=0
*Mar 2 23:50:21.107: AAA/MEMORY: create_user (0x313B9460) user='ADMIN'
ruser='NULL' ds0=0 port='tty0' rem_addr='async' authen_type=ASCII service=ENABLE
priv=15 initial_task_id='0', vrf= (id=0)
*Mar 2 23:50:21.107: AAA/AUTHEN/START (3217833468): port='tty0' list=''
action=LOGIN service=ENABLE
*Mar 2 23:50:21.107: AAA/AUTHEN/START (3217833468): console enable - default to
enable password (if any)
*Mar 2 23:50:21.107: AAA/AUTHEN/START (3217833468): Method=ENABLE
*Mar 2 23:50:21.107: AAA/AUTHEN (3217833468): status = GETPASS
*Mar 2 23:50:28.075: AAA/AUTHEN/CONT (3217833468): continue_login (user='(undef)')
*Mar 2 23:50:28.075: AAA/AUTHEN (3217833468): status = GETPASS
*Mar 2 23:50:28.075: AAA/AUTHEN/CONT (3217833468): Method=ENABLE
*Mar 2 23:50:28.303: AAA/AUTHEN (3217833468): status = PASS
*Mar 2 23:50:28.303: AAA/MEMORY: free_user (0x313B9460) user='NULL' ruser='NULL'
port='tty0' rem_addr='async' authen_type=ASCII service=ENABLE priv=15 vrf= (id=0)
You successfully configured and verified local AAA authentication.

You might also like