Home > Articles > Cisco > CCNP Security

  • Print
  • + Share This
This chapter is from the book

Case Study

Continuing with the case study for The Future Corporation, the system administrator now needs to continue the configuration of the DallasR1 router shown in Figure 3-14.

Scenario

Complete the following configuration tasks on the DallasR1 router:

  1. Identify the TACACS+ server whose IP address is 142.16.18.200 using a preshared key of future123key.

  2. To make it easier to track logging events and to make debug output more useable, set up the router to time-stamp logging and debug entries using local time. Record debug times to the millisecond.

  3. Set up accounting to record all start and stop times for EXEC processes and network processes on the ACS server.

Figure 14Figure 3-14 The Future Corporation

Solutions

The following commands will accomplish the required configuration:

  1. Identify the TACACS+ server whose IP address is 142.16.18.200 using a preshared key of future123key:

  2. DallasR1(config)# tacacs-server host 142.16.18.200
    DallasR1(config)# tacacs-server key future123key
  3. To make it easier to track logging events and to make debug output more useable, set up the router to time-stamp logging and debug entries using local time. Record debug times to the millisecond.

  4. DallasR1(config)# service timestamps debug datetime localtime msec
    DallasR1(config)# service timestamps log datetime localtime
  5. Set up accounting to record all start and stop times for EXEC processes and network processes on the ACS server:

  6. DallasR1(config)# aaa accounting exec start-stop tacacs+
    DallasR1(config)# aaa accounting network start-stop tacacs+

    Once these commands have been entered, the configuration for router DallasR1 (excluding interface entries) looks like Example 3-5.

Example 3-5 DallasR1 Final Configuration

version 12.2
service timestamps debug datetime localtime msec
service timestamps log datetime localtime
service password-encryption
!
hostname DallasR1
!
aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication login console-in group tacacs+ enable
aaa accounting exec start-stop tacacs+
aaa accounting network start-stop tacacs+
enable secret 5 $1$ES4r$tA1rlg0beW/Kvk6jGIj2f.
enable secret level 2 5 $1$mCGe$.1fTlJ.fcR8NHqa0AMR2F/
enable password 7 09611E1C171113171C
!
username aaadmin password 7 1531035C147F3F752B38
!
access-list 88 permit 192.168.44.121
access-list 88 permit 192.168.44.122
access-list 88 permit 192.168.64.123
access-list 88 permit 142.16.18.121
access-list 88 permit 142.16.18.122
access-list 88 permit 142.16.18.123
snmp-server community ROSNMP ro
snmp-server community RWSNMP rw 88
tacacs-server host 142.16.18.200
tacacs-server key future123key
privilege exec level 2 ping
!
banner motd #
WARNING: You are connected to $(hostname) on The Future Corporation network. Unauthorized access and use of this network will be vigorously prosecuted. #
!
line con 0
 login authentication console-in
 exec-timeout 4 20
line aux 0
 login
 password 7 112A115507471F5D0721
 exec-timeout 4 20
line vty 0 4
 login
 password 7 05280E5F31195A581A0E
!
end
  • + Share This
  • 🔖 Save To Your Account