Professional Documents
Culture Documents
Lab Solution
Task 1: Install Cisco Secure ACS 4.1 for Windows
This task is procedural. Follow the procedure in the lab task step-by-step to achieve the desired solution.
Q5: What is the status of the Cisco Secure service, level of detail for logging, and frequency of new file generation? A5: Cisco Secure is currently running, the level of log file detail is low, new log file when size is greater than 10,240 KB. Q6: What log targets are enabled? A6: All except Passed Authentications and VoIP Accounting. Q7: What is the purpose of the password validation option? A7: Password validation option enables control of password length, reuse, and character space when users change their password. Q8: What is the purpose of the Cisco Secure Replication Setup? A8: Cisco Secure Replication Setup enables control of database replication components, scheduling, and partners. Q9: Where can the ACS user and group databases be backed up? A9: A local or networked directory; however, the default destination is C:\Program Files\CiscoSecure ACS v4.1\CSAuth\System Backups. Q10: What components can be backed up and restored? A10: Users, groups, and the Cisco Secure ACS System Configuration. Q11: What are the two ways a system administrator can be notified of logged events? A11: Events can be logged to the Microsoft Windows NT/2000 event log, or an email notification of the event can be sent to the system administrator. Q12: Why are user-defined fields useful? A12: You can specify unique information that will be displayed for each user, such as location or department, and reflect this information in the accounting logs. Q13: What is the purpose of selecting advanced options? A13: You can configure the advanced features that will appear in the user interface. You can only select applicable features, reducing the complexity of the Cisco Secure ACS windows displayed. Q14: What administrator accounts are configured by default? A14: No administrator accounts are configured by default. Q15: What is the purpose of the administrator control configuration section? A15: You can add, delete, and control administrator accounts using a web browser. You can control administrator passwords, privileges, systems configuration, reports, and activity. Q16: Which two options are available if a user is not found in the ACS database? Which of the two options is the default? A16: It depends on what configuration was created during the installation. In the setup described in this task the options are Fail the attempt (which is the default) and Check external databases. Q17: Which external databases can be checked for the unknown user?
2 Configuring Cisco Secure ACS and AAA Lab Solutions 2007, NIL Data Communications
A17: The Windows database, or any configured supported external database (for example, generic LDAP, CRYPTOCard, or ODBC). Q18: What can you select in the External User Database Configuration section? A18: You can select the external user database you want to use for authentication. Q19: What appears in the Administration Audit.csv file? A19: A record of all administration actions.
Task 4: Configure the Router to Authenticate Network Administrators against the Cisco Secure Database
The following commands need to be entered on the Switch.
enable secret ciscosecret aaa new-model tacacs-server host 10.1.2.2 key vErYrAnDoM user localadmin password localadmin aaa authentication login VTY group tacacs+ local line con 0 login authentication VTY line vty 0 4 login authentication VTY aaa authentication login default enable Configuration 1: Login authentication using a remote AAA server