Krishna Is this part of any work book or a real life question? If you are preparing using IPexpert's volume 1 then you will your answer very well explained there. Regards,
On Wednesday, August 8, 2012, Krishna Nagam wrote: > Hi All, > > > can anybody help me to solve this problem > > > > This section contains command authorization. In order to prevent you from > getting locked out of the router, do not enable command authorization until > after you have verified that authentication is working properly to Cisco > Secure ACS. > > > > Here are the requirements for R2:- > > 1) Configure R2 for AAA server using TACACS+ protocol with the Cisco > Secure ACS server and a shared-secret key of cisco 123 > > 2) The console port connection must not require authentication or > authorization (with the exception of the enable password to get into enable > mode). Configure this task explicitly > > 3) telnet connections 1 and 3 through 5 should only prompt for > password (exec and enable) and no username. Additionally, there must be no > command authorization configured on these connections. > > 4) Telnet connections 2 must be configured for authentication and > command authorization for level 15 commands. Additionally, users logging in > on this connection must be automatically placed into enable mode. > > 5) You may not use any “default” methods, configure only named > method lists. > > > > Here are the requirements for the Cisco Secure ACS > > 1) Configure two groups with on following > > 2) Admin: users in this group have full access to the router > > 3) NetOps: users in this group may only create or delete static > routes > > 4) Configure two users, one in each group with which you can test > > 5) User1: (with a password of user1) should be place in the Admin > group > > 6) User2 (with a password of users2) should be placed in the NetOps > group > > The command authorization configuration must be done using command > authorization sets. > > > > Regards > > krishna > -- FNK
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
