Home > Articles > Cisco Certification > CCIE > CCIE Security Practice Labs

CCIE Security Practice Labs

Section 7.0: AAA (7 points)

7.1: AAA on the Router (4 points)

  1. Configure router authentication and authorization on R4 using Tacacs+. Configure two users on ACS, "user1" and "user2." User1 should have privilege level 10 and user2 privilege level 15. Configure such that User1 is able to run the command show running-configuration only, and user2 is able to run all commands.

  2. Configure redundancy such that in the event the TACACS+ server is down, both users are able to log in using the local database and maintaining the same authorization.

  3. When user1 or user2 logs in, they should get the # prompt with their respective privilege level without entering the enable command.

  4. Configure fallback to local in the event the AAA server is down. Do not configure any authentication or authorization for console and auxiliary ports.

7.2: AAA on PIX (3 points)

  1. Users should be able to Telnet to R6 loopback1 from anywhere on the network. Configure username "r6telnet" on ACS with the necessary parameters. Configure authentication and port authorization on PIX to achieve this task.

11. Section 8.0: Advanced Security (10 points) | Next Section Previous Section