Configuring Basic Password Authentication in Cisco
Last Updated :
01 Nov, 2022
The Access Control Passwords are generally used to restrict access to a certain network server along with its services for a specified group of users (hosts). The Authentication, Authorization, and Accounting (AAA) network services provide the framework or platform through which one can set up Access Control over their router or network server along with its services.
Authentication:
Authentication is a way of identifying a specific user or a specific group of users before giving access or permitting access to the network and its services. This local authentication is frequently used to administer security functions.
The process of Authentication includes each user having its own set of credentials to gain access to a particular network or its services. These credentials when entered are then compared to those entries stored in AAA Server’s Database and if the credentials match, then only the user is granted access based on the privilege level.
Configuration of Basic Local Password Authentication:
Procedure
|
Commands
|
Description
|
| Step 1 |
enable |
This command is used to enter the privileged EXEC mode. |
| Step 2 |
configure terminal |
This command is used to enter the Global Configuration Mode. |
| Step 3 |
aaa new-model |
This command is used to enable Authentication, Authorization, Accounting (AAA) globally on the device.
(Without this command other AAA commands cannot be executed). |
| Step 4 |
aaa authentication login default local |
This command creates a default local authentication list in the database. |
| Step 5 |
line <aux|vty|console> <line-number> <ending-line-number> |
This command is used to enter the Line configuration mode (auxiliary, or console) for the lines to which the created authentication list should be applied. |
| Step 6 |
login authentication default |
This command is used to apply the created authentication list to the line or set of lines. |
| Step 7 |
exit |
This command is used to exit the Global Configuration Mode. |
| Step 8 |
username <name> password <password> |
This command creates a user-id for which ypou will be able to log in, locally.
(The admin has to make this entry for every user who wants to access the network according to their privilege level). |
Router> enable
Router# configure terminal
Router(config)# aaa new-model
Router(config)# aaa authentication login default local
Router(config)# line vty 0 4
Router(config-line)# login authentication default
Router(config-line)# exit
Router(config)#username admin password Cisco@123
Step 1: Basic IP configuration on both Routers:
Step 2: Configuration Local Authentication on R1:
Step 3: Verifying Authentication:
As you can see, Authentication has been set on the initial console login for the user we have previously created.
Step 4: Verifying Authentication using telnet from R2:
As you can see, Authentication has also been set for a telnet service on R1 when it is accessed from R2, and it requires the credentials from the user to gain access to that particular service.
Share your thoughts in the comments
Please Login to comment...