1、实验拓扑图和地址表
Addressing Table
地址表
Device |
Interface |
IP Address |
Subnet Mask |
R1 | Fa0/0 | 192.168.1.1 | 255.255.255.0 |
S0/0/0 | 10.1.1.2 | 255.255.255.252 | |
R2 | S0/0/0 | 10.1.1.1 | 255.255.255.252 |
Fa0/0 | 192.168.2.1 | 255.255.255.0 | |
S0/0/1 | 10.2.2.1 | 255.255.255.252 | |
R3 | S0/0/1 | 10.2.2.2 | 255.255.255.252 |
Fa0/0 | 192.168.3.1 | 255.255.255.0 | |
TACACS+ Server | NIC | 192.168.2.2 | 255.255.255.0 |
RADIUS Server | NIC | 192.168.3.2 | 255.255.255.0 |
PCA | NIC | 192.168.1.3 | 255.255.255.0 |
PCB | NIC | 192.168.2.3 | 255.255.255.0 |
PCC | NIC | 192.168.3.3 | 255.255.255.0 |
2、不同网段之间的ping通测试
PCA ping PCB
PCA ping PCC
PCB ping PCC
Learning Objectives
课程目标
- Configure a local user account on R1 and authenticate on the console and VTY lines using localAAA.
- 在路由器R1上配置一个本地用户账号并且利用本地AAA通过console线和VTY连接认证
- Verify local AAA authentication from the R1 console and the PC-Aclient.
- 验证从R1console和PC-A客户机发起的本地AAA验证
- Configure a server-based AAA authentication usingTACACS+.
- 用TACACS+完成服务器上的AAA认证配置
- Verify server-based AAA authentication from PC-Bclient.
- 验证从PC-B发起的基于服务器的AAA认证
- Configure a server-based AAA authentication usingRADIUS.
- 用RADIUS完成基于服务器的AAA验证的配置
- Verify server-based AAA authentication from PC-Cclient.
- 验证从PC-C发起的基于服务器的AAA认证
3、配置路由器且验证登录
一、在R1上配置本地用户账号并利用本地aaa通过console线和VTY连接认证
R1(config)#username admin1 password admin1
R1(config)# aaa new-model
R1(config)#aaa authentication login default local
R1(config)#line console 0
R1(config-line)#login authentication default
R1(config)# aaa authentication login telnet-login local
R1(config)# line vty 0 4
R1(config-line)# login authentication telnet-login
验证aaa认证
二、在R2上的配置并用TACACS+完成服务器AAA
R2(config)#username admin2 password admin2
R2(config)#tacacs-server host 192.168.2.2
R2(config)#tacacs-server key admin2
R2(config)#aaa new-model
R2(config)#aaa authentication login default group tacacs+ local
R2(config)#line console 0
R2(config-line)#login authentication default
三、在R3上的配置并且用RADIUS完成服务器的AAA验证
R3(config)#username admin3 password admin3
R3(config)#tacacs-server host 192.168.3.2
R3(config)#tacacs-server key admin3
R3(config)#aaa new-model
R3(config)#aaa authentication login default group radius local
R3(config)#line console 0
R3(config-line)#login authentication default