You are on page 1of 4

SNRS

Configuring Cisco Secure ACS and AAA Lab Solutions

Lab Solution
Task 1: Install Cisco Secure ACS 4.1 for Windows
This task is procedural. Follow the procedure in the lab task step-by-step to achieve the desired solution.

Task 2: Take a Tour of the Cisco Secure ACS User Interface


This task is procedural. Follow the procedure in the lab task step-by-step to achieve the desired solution. Q1: What is the full release version and build number? A1: The release and build number is 4.1(1) Build 23. Q2: How many users are configured? A2: None at this point. Q3: What group is shown in the Group scroll list? A3: The Default Group. Q4: How many users are in the group? A4: None. No users are configured at this point.

Q5: What is the status of the Cisco Secure service, level of detail for logging, and frequency of new file generation? A5: Cisco Secure is currently running, the level of log file detail is low, new log file when size is greater than 10,240 KB. Q6: What log targets are enabled? A6: All except Passed Authentications and VoIP Accounting. Q7: What is the purpose of the password validation option? A7: Password validation option enables control of password length, reuse, and character space when users change their password. Q8: What is the purpose of the Cisco Secure Replication Setup? A8: Cisco Secure Replication Setup enables control of database replication components, scheduling, and partners. Q9: Where can the ACS user and group databases be backed up? A9: A local or networked directory; however, the default destination is C:\Program Files\CiscoSecure ACS v4.1\CSAuth\System Backups. Q10: What components can be backed up and restored? A10: Users, groups, and the Cisco Secure ACS System Configuration. Q11: What are the two ways a system administrator can be notified of logged events? A11: Events can be logged to the Microsoft Windows NT/2000 event log, or an email notification of the event can be sent to the system administrator. Q12: Why are user-defined fields useful? A12: You can specify unique information that will be displayed for each user, such as location or department, and reflect this information in the accounting logs. Q13: What is the purpose of selecting advanced options? A13: You can configure the advanced features that will appear in the user interface. You can only select applicable features, reducing the complexity of the Cisco Secure ACS windows displayed. Q14: What administrator accounts are configured by default? A14: No administrator accounts are configured by default. Q15: What is the purpose of the administrator control configuration section? A15: You can add, delete, and control administrator accounts using a web browser. You can control administrator passwords, privileges, systems configuration, reports, and activity. Q16: Which two options are available if a user is not found in the ACS database? Which of the two options is the default? A16: It depends on what configuration was created during the installation. In the setup described in this task the options are Fail the attempt (which is the default) and Check external databases. Q17: Which external databases can be checked for the unknown user?
2 Configuring Cisco Secure ACS and AAA Lab Solutions 2007, NIL Data Communications

A17: The Windows database, or any configured supported external database (for example, generic LDAP, CRYPTOCard, or ODBC). Q18: What can you select in the External User Database Configuration section? A18: You can select the external user database you want to use for authentication. Q19: What appears in the Administration Audit.csv file? A19: A record of all administration actions.

Task 3: Configure the Cisco Secure ACS Database for Authentication


This task is procedural. Follow the procedure in the lab task step-by-step to achieve the desired solution. Q20: What is the main difference between the parameters in the user and group setups? A20: Group setup parameters apply to all users assigned to the group. User setup parameters only apply to a particular user. User parameters override group parameters.

Task 4: Configure the Router to Authenticate Network Administrators against the Cisco Secure Database
The following commands need to be entered on the Switch.
enable secret ciscosecret aaa new-model tacacs-server host 10.1.2.2 key vErYrAnDoM user localadmin password localadmin aaa authentication login VTY group tacacs+ local line con 0 login authentication VTY line vty 0 4 login authentication VTY aaa authentication login default enable Configuration 1: Login authentication using a remote AAA server

Task 5: Configure Separate Per-User Enable Passwords


This task is procedural for the AAA Server. Follow the procedure in the lab task step-by-step to achieve the desired solution. The following commands need to be entered on the Switch.
aaa authentication enable default group tacacs+ enable Configuration 2: Configuration of enable authentication using the AAA server, and local enable passwords as the fallback method

2007, NIL Data Communications

Configuring Cisco Secure ACS and AAA Lab Solutions

Task 6: Configure 802.1x


This task is procedural for the AAA Server. Follow the procedure step-by-step to achieve the desired solution. The following commands need to be entered on the Switch.
radius-server host 10.1.2.2 key vErYrAnDoM aaa authentication dot1x default group radius aaa authorization network default group radius dot1x system-auth-control interface FastEthernet0/22 switchport access vlan 60 dot1x port-control auto dot1x reauthentication dot1x guest-vlan 30 dot1x auth-fail vlan 30 dot1x auth-fail max-attempts 2 dot1x timeout tx-period 3 dot1x timeout supp-timeout 3 Configuration 3: Configuration of 802.1x on the Switch

Configuring Cisco Secure ACS and AAA Lab Solutions

2007, NIL Data Communications

You might also like