Академический Документы
Профессиональный Документы
Культура Документы
Lab Topology
The topology diagram below represents the NetMap in the Simulator.
Command Summary
Command Description
aaa authentication login {default | enables Authentication, Authorization, and Accounting (AAA)
list-name} method1 [method2…] login
aaa authorization exec method1 configures exec authorization to use methods from the list
[method2…]
aaa new-model enables the AAA model
authorization exec [default | list- enables AAA authorization to determine whether a user can
name] access privileged EXEC mode
configure terminal enters global configuration mode from privileged EXEC mode
enable enters privileged EXEC mode
encapsulation dot1q vlan-id sets the encapsulation method of the interface for 802.1Q VLAN
trunking; also specifies the VLAN ID for which the frames should
be tagged
IP Addresses
Device Interface IP Address Subnet Mask Default Gateway
Router1 FastEthernet 1/0.1 10.1.0.1 255.255.255.0 -
FastEthernet 1/0.10 10.10.0.1 255.255.255.0 -
FastEthernet 1/0.20 10.20.0.1 255.255.255.0 -
FastEthernet 1/0.99 10.99.0.1 255.255.255.0 -
Switch1 VLAN 99 10.99.0.2 255.255.255.0 10.99.0.1
Switch2 VLAN 99 10.99.0.3 255.255.255.0 10.99.0.1
Lab Tasks
Task 1: Configure the Management VLAN
This task involves moving device management from the default VLAN to a dedicated Management VLAN.
1. On Router1, display a brief summary of interface status and configuration and observe the current IP
configuration.
3. On Router1, configure the new subinterface to use 802.1Q encapsulation and to use VLAN ID 99.
4. On Router1, configure the FastEthernet 0/1.99 interface with the appropriate IP address; refer to the
IP Addresses table.
5. On Router1, display a brief summary of the interface status and configuration and verify your
configuration.
13. On PC1, ping Router1 (10.99.0.1), Switch1 (10.99.0.2), and Switch2 (10.99.0.3). The pings should
be successful.
4. On Router1, configure PC1 (10.10.0.2) to be the trap receiver and to use a community string of
snmp_logs.
5. On Router1, verify that SNMP is enabled for the correct community string.
7. On Router1, verify that SNMP is configured with the correct contact address.
8. On Router1, verify that SNMP is enabled for the trap receiver with the correct community string.
2. On Router1, configure the TACACS+ host address for the server to be TACACSServer (10.1.0.3).
4. On Router1, create a login authentication method that authenticates against TACACSServer first
and uses the local user database as a backup. Use aaa_authentication as the authentication list
name.
5. On Router1, create an exec authorization method that authorizes exec sessions against
TACACSServer first and uses the local user database as a backup. Use aaa_author as the
authorization list name.
4 Boson NetSim Lab Manual
6. On Router1, create a backup user account with user name admin, privilege 15, and password
boson.
7. On Router1, configure the first five VTY lines to use the AAA authentication method aaa_author.
8. From PC1, telnet to Router1’s FastEthernet 1/0.99 interface (10.99.0.1). The TACACS+ user name
is cisco, and the password is ciscopass.
2. On Switch2, configure SNMPv2 for read-only access using a community string Boson, a contact
address of snmp@boson.com, a location of S1_SNMP, and a trap receiver to be PC1 (10.10.0.2)
with a community string of snmp_logs.
b. Configure the TACACS+ host address for the server to be TACACSServer (10.1.0.3).
d. Create a login authentication method that authenticates against TACACSServer first and uses
the local user database as a backup. Use aaa_authentication as the authentication list name.
e. Create an exec authorization method that authorizes exec sessions against TACACSServer
first and uses the local user database as a backup. Use aaa_author as the authorization list
name.
f. Create a backup user account with user name admin, privilege 15, and password boson.
g. Configure all 16 VTY lines to use the AAA authentication method aaa_author.
b. Configure the TACACS+ host address for the server to be TACACSServer (10.1.0.3).
d. Create a login authentication method that authenticates against TACACSServer first and uses
the local user database as a backup. Use aaa_authentication as the authentication list name.
e. Create an exec authorization method that authorizes exec sessions against TACACSServer
first and uses the local user database as a backup. Use aaa_author as the authorization list
name.
f. Create a backup user account with user name admin, privilege 15, and password boson.
g. Configure all 16 VTY lines to use the AAA authentication method aaa_author.
3. From PC1, telnet to Switch1 (10.99.0.2). The TACACS+ user name is cisco, and the password is
ciscopass.
4. From PC1, telnet to Switch2 (10.99.0.3). The TACACS+ user name is cisco, and the password is
ciscopass.
Once you have completed this lab, be sure to check your work by using the grading function.
You can do so by clicking the Grade Lab icon ( ) in the toolbar or by pressing Ctrl+G.
2. On Router1, issue the following command to create interface FastEthernet 1/0.99 to be used as the
management VLAN:
3. On Router1, issue the following command to configure the interface FastEthernet 1/0.99 to use
802.1Q encapsulation 99:
Router1(config-subif)#encapsulation dot1q 99
4. On Router1, issue the following command to configure interface FastEthernet 1/0.99 with the
appropriate IP address:
7. On Switch1, issue the following commands to configure interface VLAN 99 with the appropriate IP
address:
Switch1(config-vlan)#interface vlan 99
Switch1(config-if)#ip address 10.99.0.2 255.255.255.0
Switch1#show running-config
Building configuration...
Current configuration : 1457 bytes
!
Version 15.b
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch1
!
<output omitted>
!
interface Vlan0099
ip address 10.99.0.2 255.255.255.0
no ip route-cache
!
vlan 10 name VLAN0010
vlan 20 name VLAN0020
vlan 99 name Management
!
ip default-gateway 10.99.0.1
!
<output omitted>
10. On Switch2, issue the following commands to configure interface VLAN 99 with the appropriate IP
address:
Switch2(config)#interface vlan 99
Switch2(config-if)#ip address 10.99.0.3 255.255.255.0
11. On Switch2, issue the following command to configure the appropriate default gateway:
Switch2#show running-config
Building configuration...
Current configuration : 1263 bytes
!
Version 15.b
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch2
!
<output omitted>
!
interface Vlan0099
ip address 10.99.0.3 255.255.255.0
no ip route-cache
!
vlan 10 name VLAN0010
vlan 20 name VLAN0020
vlan 99 name Management
!
ip default-gateway 10.99.0.1
!
<output omitted>
13. On PC1, pings to Router1 (10.99.0.1), Switch1 (10.99.0.2), and Switch2 (10.99.0.3) should be
successful.
C:>ping 10.99.0.1
C:>ping 10.99.0.2
C:>ping 10.99.0.3
5. On Router1, issue the following command to verify that SNMP is enabled for the correct community
string:
6. On Router1, issue the following command to verify that SNMP is configured with the correct location:
7. On Router1, issue the following command to verify that SNMP is configured with the correct contact
address:
8. On Router1, issue the following command to verify that SNMP is enabled for the trap receiver with
the correct community string:
Router1(config)#aaa new-model
2. On Router1, issue the following command to configure the TACACS+ host address for the server to
be TACACSServer (10.1.0.3):
4. On Router1, issue the following command to create a login authentication method that
authenticates against TACACSServer first and uses the local user database as a backup. Use
aaa_authentication as the authentication list name:
5. On Router1, issue the following command to create an exec authorization method that authorizes
exec sessions against TACACSServer first and uses the local user database as a backup. Use
aaa_author as the authorization list name:
6. On Router1, issue the following command to create a backup user account with user name admin,
privilege 15, and password boson:
7. On Router1, issue the following command to configure the first five VTY lines to use the AAA
authentication method aaa_author:
Router1(config)#line vty 0 4
Router1(config-line)#login authentication aaa_authentication
Router1(config-line)#authorization exec aaa_author
8. From PC1, a telnet to Router1’s FastEthernet 1/0.99 interface (10.99.0.1) should be successful:
C:>telnet 10.99.0.1
Username: cisco
Password: ciscopass
Router1>exit
3. On Switch1 and Switch2, issue the appropriate show commands to verify the previous SNMP
configuration. The following is sample output from Switch1:
Switch1(config)#aaa new-model
Switch1(config)#tacacs-server host 10.1.0.3
Switch1(config)#tacacs-server key boson
Switch1(config)#aaa authentication login aaa_authentication group tacacs+ local
Switch1(config)#aaa authorization exec aaa_author group tacacs+ local
Switch1(config)#username admin privilege 15 password boson
Switch1(config)#line vty 0 15
Switch1(config-line)#login authentication aaa_authentication
Switch1(config-line)#authorization exec aaa_author
Switch2(config)#aaa new-model
Switch2(config)#tacacs-server host 10.1.0.3
Switch2(config)#tacacs-server key boson
Switch2(config)#aaa authentication login aaa_authentication group tacacs+ local
Switch2(config)#aaa authorization exec aaa_author group tacacs+ local
Switch2(config)#username admin privilege 15 password boson
Switch2(config)#line vty 0 15
Switch2(config-line)#login authentication aaa_authentication
Switch2(config-line)#authorization exec aaa_author
C:>telnet 10.99.0.2
Username: cisco
Password: ciscopass
Switch1>exit
C:>telnet 10.99.0.3
Username: cisco
Password: ciscopass
Switch2>exit
Copyright © 1996–2017 Boson Software, LLC. All rights reserved. NetSim software and documentation are protected by copyright law.