Shulou(Shulou.com)05/31 Report--

This article introduces you how to achieve Easy and AAA authentication, the content is very detailed, interested friends can use for reference, I hope you can help.

Experiment name: easy and aaa Certification

Purpose: to verify the authentication process of EASY and AAA

Experimental topology diagram:

The main steps of the experiment:

(1) Router 0 (headquarters)

Router > en

Router#config t

Router (config) # aaa new-model

Router (config) # aaa authentication login * * auth group radius local

Router (config) # aaa authorization network * * auth local

Router (config) # radius-server host 10.2.0.2 auth-port 1645 key cisco

Router (config) # tacacs-server host 10.2.0.2 key cisco

Router (config) # crypto isakmp policy 10

Router (config-isakmp) # encr aes 256

Router (config-isakmp) # authentication pre-share

Router (config-isakmp) # group 2

Router (config-isakmp) # ip local pool * * clients 10.1.1.100 10.1.1.180 (* * assigned address pool)

Router (config) # crypto isakmp client configuration group ciscogroup

Router (config-isakmp-group) # key ciscogroup

Router (config-isakmp-group) # pool * * clients

Router (config-isakmp-group) # netmask 255.255.255.0

Router (config-isakmp-group) # crypto ipsec transform-set mytrans esp-3des esp-sha-hmac

Router (config) # crypto dynamic-map mymap 10

Router (config-crypto-map) # set transform-set mytrans

Router (config-crypto-map) # reverse-route (reverse routing)

Router (config-crypto-map) # crypto map mymap client authentication list * * auth

Router (config) # crypto map mymap isakmp authorization list * * auth

Router (config) # crypto map mymap client configuration address respond

Router (config) # crypto map mymap 10 ipsec-isakmp dynamic mymap

Router (config) # int fa0/1

Router (config-if) # ip add 10.3.0.1 255.255.255.0

Router (config-if) # no shut

Router (config-if) # crypto map mymap

Router (config-if) # int fa0/0

Router (config-if) # ip add 10.2.0.1 255.255.255.0

Router (config-if) # no shut

Router (config-if) # int loop1

Router (config-if) # ip add 10.1.1.200 255.255.255.0

Router (config-if) # no shut

Router (config-if) # exit

Router (config) # ip route 10.0.0.0 255.255.255.0 10.3.0.2

Router (config) # hostname R0

(2) Router 1 (Segment)

Router > en

Router#config t

Router (config) # int fa0/0

Router (config-if) # ip add 10.3.0.2 255.255.255.0

Router (config-if) # no shut

Router (config-if) # int fa0/1

Router (config-if) # ip add 10.0.0.1 255.255.255.0

Router (config-if) # no shut

Router (config-if) # exit

Router (config) # ip route 10.2.0.0 255.255.255.0 10.3.0.1

(3) AAA authentication server

Ip address: 10.2.0. 2

Subnet mask: 255.255.255.0

Default gateway: 10.2.0. 1

Then "configure" tab point AAA

Client name: R0 clinet ip: 10.2.0.1 secret:cisco server type:radius

Client name: R0 clinet ip: 10.2.0.1 secret:cisco server type:tacacs

Username: haiyang password:123456789

As shown in the figure

Enter ipconfig / all on pc0 and find that a distributed tunnel ip address is obtained. At ping 10.1.1.200, you can ping, but ping 10.0.0.3 means that the target host is unreachable. Because it is not in a network segment, pc1 reconnects to get a distributed ip address of the same network segment before you can ping.

On how to achieve Easy and AAA certification to share here, I hope that the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.