03-17-2020 02:44 PM
Hi,
I'm learning about AAA, and i have a hard to correlate with what i have learned at Privileg Level and Role-Based Views . All i can test is in Packet Tracer
1)
Let's take a scenario and assume I will use privilege levels 5, 10 and 15 on my router for 3 employes. We will call them user5, user10, user15 and all of them will have the password "userXpw" where X is the level. I configured the privilege levels ( what can every level do ).
How do i configur local AAA Authentication ? It will be something like this ? :
But if i do this every time i log in into the router, i got at prvilege level 1, dosen't matter what user i use, what am i missing ?
Why when i log with a user that has level 10 i get at level 1 ? I expect to be at privilege level 5 ,10 ,15, depending on what user i use. Also, what effect in this case will have the command (config-line)#privilege level X
Now let's assume the same scenario, but i want server-based AAA. How do i config the router ? Some thing like this ?
But now when i configure the RADIUS server i dont specify a privilege levels. And when i log in into the router, i get at privilege level 1, again. So again, what am i missing ?
Should i make enable passwords for every level and when people log in with their user they would be at level 1 and after that they use "enable X" command ?
That was on privileged level. Now with Role-Based views. Let's assume i configured 3 views for 3 employes : view1, view2, view3
For local base AAA it will be something like this ?
Now kinda makes sense that you log in the router with your credentials and then you log into your view with "enable view X" where X is the name of the view.
And with server-based AAA it will be the same. I would configure 3 users and after they log in into the router, they would log in into the view.
Am I right, am I missing something ?
2)
When i configured the list for authentication, i can configure fallbacks option. For exemple
If the radius server is unreacheable, i can log in with a local user. But when i get at login , how do i know that it asks me for the credentials from the radius server or from local date base ? Do i just try the second one if the first doesn't work ?
3)
With AAA, I see i can configure a authentication list for the enable:
(config)aaa authentication enable default ____ { group / enable / none }
What is the purpouse, how would that look in a plausible scenario, how would i use it ?
Thank you for your time reading this and trying to help me,
Radu
03-19-2020 08:08 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide