Configuring the Switch

I created an IOSvL2 switch, connected the AAA container and did a ping test as per a previous exercise.

# Switch 10

en
conf t
host Switch10
aaa new-model
int vlan 1
 ip address 192.168.0.10 255.255.255.0
 no shut
no ip domain-lookup
exit

I create an IOSvL2 switch and connect the AAA container.

I do a ping test as per previous exercises.

Now I need to configure the switch for AAA.

I will create a local account as a way in if the AAA server is down. I am adding no security so you can follow what I did. Use your own initials instead of JOR!!

# Switch 10

en
conf t
aaa new-model
username JOR password Passw0rd
username JOR privilege 15
enable password cisco
aaa authentication login default local
end

If I log out now and log back in again, I needed to use the username JOR and the password Passw0rd, and then use the password cisco to enable privilege mode.

Test it.

Next, I configure a AAA group called CP90x

# Switch 10

conf t
aaa group server tacacs+ CP90x
server name AAA1
end

This will generate an error because we have not yet defined AAA1.

# Switch 10

conf t
tacacs server AAA1
address ipv4 192.168.0.2
key gns3
end

I have a group called CP90x, associated with a server AAA1, which has an IP address of 192.168.0.2.

I configure telnet for testing.

# Switch 10

conf t
line vty 0 4
 transport input all
end

I can set up login using both AAA and local as a backup.

# Switch 10

conf t
aaa authentication login default group CP90x local
end