I believe this is a real question from the exam ;) Wondering how many points they would give for it. Not a brainy task at all.
From: [email protected] [mailto:[email protected]] On Behalf Of Fawad Khan Sent: Wednesday, August 08, 2012 6:12 PM To: Krishna Nagam Cc: ccie_security Subject: Re: [OSL | CCIE_Security] AAA Krishna Is this part of any work book or a real life question? If you are preparing using IPexpert's volume 1 then you will your answer very well explained there. Regards, On Wednesday, August 8, 2012, Krishna Nagam wrote: Hi All, can anybody help me to solve this problem This section contains command authorization. In order to prevent you from getting locked out of the router, do not enable command authorization until after you have verified that authentication is working properly to Cisco Secure ACS. Here are the requirements for R2:- 1) Configure R2 for AAA server using TACACS+ protocol with the Cisco Secure ACS server and a shared-secret key of cisco 123 2) The console port connection must not require authentication or authorization (with the exception of the enable password to get into enable mode). Configure this task explicitly 3) telnet connections 1 and 3 through 5 should only prompt for password (exec and enable) and no username. Additionally, there must be no command authorization configured on these connections. 4) Telnet connections 2 must be configured for authentication and command authorization for level 15 commands. Additionally, users logging in on this connection must be automatically placed into enable mode. 5) You may not use any "default" methods, configure only named method lists. Here are the requirements for the Cisco Secure ACS 1) Configure two groups with on following 2) Admin: users in this group have full access to the router 3) NetOps: users in this group may only create or delete static routes 4) Configure two users, one in each group with which you can test 5) User1: (with a password of user1) should be place in the Admin group 6) User2 (with a password of users2) should be placed in the NetOps group The command authorization configuration must be done using command authorization sets. Regards krishna -- FNK
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
