Case Study
Continuing with the case study for The Future Corporation, the system administrator now needs to continue the configuration of the DallasR1 router shown in Figure 3-14.
Scenario
Complete the following configuration tasks on the DallasR1 router:
Identify the TACACS+ server whose IP address is 142.16.18.200 using a preshared key of future123key.
To make it easier to track logging events and to make debug output more useable, set up the router to time-stamp logging and debug entries using local time. Record debug times to the millisecond.
Set up accounting to record all start and stop times for EXEC processes and network processes on the ACS server.
Figure 3-14 The Future Corporation
Solutions
The following commands will accomplish the required configuration:
Identify the TACACS+ server whose IP address is 142.16.18.200 using a preshared key of future123key:
To make it easier to track logging events and to make debug output more useable, set up the router to time-stamp logging and debug entries using local time. Record debug times to the millisecond.
Set up accounting to record all start and stop times for EXEC processes and network processes on the ACS server:
DallasR1(config)# tacacs-server host 142.16.18.200 DallasR1(config)# tacacs-server key future123key
DallasR1(config)# service timestamps debug datetime localtime msec DallasR1(config)# service timestamps log datetime localtime
DallasR1(config)# aaa accounting exec start-stop tacacs+ DallasR1(config)# aaa accounting network start-stop tacacs+
Once these commands have been entered, the configuration for router DallasR1 (excluding interface entries) looks like Example 3-5.
Example 3-5 DallasR1 Final Configuration
version 12.2 service timestamps debug datetime localtime msec service timestamps log datetime localtime service password-encryption ! hostname DallasR1 ! aaa new-model aaa authentication login default group tacacs+ local aaa authentication login console-in group tacacs+ enable aaa accounting exec start-stop tacacs+ aaa accounting network start-stop tacacs+ enable secret 5 $1$ES4r$tA1rlg0beW/Kvk6jGIj2f. enable secret level 2 5 $1$mCGe$.1fTlJ.fcR8NHqa0AMR2F/ enable password 7 09611E1C171113171C ! username aaadmin password 7 1531035C147F3F752B38 ! access-list 88 permit 192.168.44.121 access-list 88 permit 192.168.44.122 access-list 88 permit 192.168.64.123 access-list 88 permit 142.16.18.121 access-list 88 permit 142.16.18.122 access-list 88 permit 142.16.18.123 snmp-server community ROSNMP ro snmp-server community RWSNMP rw 88 tacacs-server host 142.16.18.200 tacacs-server key future123key privilege exec level 2 ping ! banner motd # WARNING: You are connected to $(hostname) on The Future Corporation network. Unauthorized access and use of this network will be vigorously prosecuted. # ! line con 0 login authentication console-in exec-timeout 4 20 line aux 0 login password 7 112A115507471F5D0721 exec-timeout 4 20 line vty 0 4 login password 7 05280E5F31195A581A0E ! end